[Openswan Users] FATAL ERROR: Failed to bind bcast socket in init_netlink().
Andrew Johnstone
andrew at ajohnstone.com
Wed Nov 7 16:49:30 EST 2007
Hi,
I keep getting the following error, can anyone help me fix this?
Plutorun started on Wed Nov 7 21:47:18 GMT 2007
Starting Pluto (Openswan Version openswan-2.4.9-31.el4
PLUTO_SENDS_VENDORID PLUTO_USES_KEYRR; Vendor ID OEa\134LNewa~Br)
Setting NAT-Traversal port-4500 floating to on
port floating activation criteria nat_t=1/port_fload=1
including NAT-Traversal patch (Version 0.6c)
| opening /dev/urandom
| inserting event EVENT_REINIT_SECRET, timeout in 3600 seconds
| inserting event EVENT_PENDING_PHASE2, timeout in 120 seconds
ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
starting up 3 cryptographic helpers
| opening /dev/urandom
started helper pid=31315 (fd:5)
! helper 0 waiting on fd: 6
| opening /dev/urandom
started helper pid=31317 (fd:6)
| opening /dev/urandom
started helper pid=31319 (fd:7)
| process 31311 listening for PF_KEY_V2 on file descriptor 8
Using NETKEY IPsec interface code on 2.6.16.53-070731a
! helper 1 waiting on fd: 7
! helper 2 waiting on fd: 8
FATAL ERROR: Failed to bind bcast socket in init_netlink() -
Perhaps kernel has no CONFIG_XFRM_USER support. Errno 2: No such file
or directory
I keep finding reference to XFRM_USER, but I have no idea what this
is or how to repair, can someone point me in the right direction?
I've attached ipsec barf if that helps.
Thanks
Andrew
----
s15272210.onlinehome-server.info
Wed Nov 7 21:50:12 GMT 2007
+ _________________________ version
+ ipsec --version
Linux Openswan U2.4.9/K2.6.16.53-070731a (netkey)
See `ipsec --copyright' for copyright information.
+ _________________________ /proc/version
+ cat /proc/version
Linux version 2.6.16.53-070731a (root at buildd-amd64) (gcc version 3.3.5
(Debian 1:3.3.5-13)) #1 SMP Tue Jul 31 10:46:54 CEST 2007
+ _________________________ /proc/net/ipsec_eroute
+ test -r /proc/net/ipsec_eroute
+ _________________________ netstat-rn
+ netstat -nr
+ head -n 100
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window
irtt Iface
10.255.255.1 0.0.0.0 255.255.255.255 UH 0 0
0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0
0 eth0
0.0.0.0 10.255.255.1 0.0.0.0 UG 0 0
0 eth0
+ _________________________ /proc/net/ipsec_spi
+ test -r /proc/net/ipsec_spi
+ _________________________ /proc/net/ipsec_spigrp
+ test -r /proc/net/ipsec_spigrp
+ _________________________ /proc/net/ipsec_tncfg
+ test -r /proc/net/ipsec_tncfg
+ _________________________ /proc/net/pfkey
+ test -r /proc/net/pfkey
+ cat /proc/net/pfkey
sk RefCnt Rmem Wmem User Inode
+ _________________________ ip-xfrm-state
+ ip xfrm state
Cannot send dump request: Connection refused
+ _________________________ ip-xfrm-policy
+ ip xfrm policy
Cannot send dump request: Connection refused
+ _________________________ /proc/sys/net/ipsec-star
+ test -d /proc/sys/net/ipsec
+ _________________________ ipsec/status
+ ipsec auto --status
whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
+ _________________________ ifconfig-a
+ ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:E0:81:49:BE:32
inet addr:87.106.135.51 Bcast:87.106.135.51 Mask:
255.255.255.255
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3111437 errors:0 dropped:0 overruns:0 frame:0
TX packets:2877243 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2012722165 (1.8 GiB) TX bytes:208777683 (199.1 MiB)
Base address:0xdc00 Memory:ff680000-ff6a0000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:4 errors:0 dropped:0 overruns:0 frame:0
TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:336 (336.0 b) TX bytes:336 (336.0 b)
+ _________________________ ip-addr-list
+ ip addr list
1: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:e0:81:49:be:32 brd ff:ff:ff:ff:ff:ff
inet 87.106.135.51/32 brd 87.106.135.51 scope global eth0
2: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
+ _________________________ ip-route-list
+ ip route list
10.255.255.1 dev eth0 scope link
169.254.0.0/16 dev eth0 scope link
default via 10.255.255.1 dev eth0
+ _________________________ ip-rule-list
+ ip rule list
+ _________________________ ipsec_verify
+ ipsec verify --nocolour
Checking your system to see if IPsec got installed and started
correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.4.9/K2.6.16.53-070731a (netkey)
Checking for IPsec support in kernel [OK]
NETKEY detected, testing for disabled ICMP send_redirects [OK]
NETKEY detected, testing for disabled ICMP accept_redirects [OK]
Checking for RSA private key (/etc/ipsec.d/hostkey.secrets) [OK]
Checking that pluto is running [FAILED]
whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
Checking for 'ip' command [OK]
Checking for 'iptables' command [OK]
Opportunistic Encryption Support
[DISABLED]
+ _________________________ mii-tool
+ '[' -x /sbin/mii-tool ']'
+ /sbin/mii-tool -v
eth0: negotiated 100baseTx-FD, link ok
product info: vendor 00:aa:00, model 56 rev 0
basic mode: autonegotiation enabled
basic status: autonegotiation complete, link ok
capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-
control
link partner: 100baseT4 100baseTx-FD 100baseTx-HD 10baseT-FD
10baseT-HD
+ _________________________ ipsec/directory
+ ipsec --directory
/usr/local/lib/ipsec
+ _________________________ hostname/fqdn
+ hostname --fqdn
s15272210.onlinehome-server.info
+ _________________________ hostname/ipaddress
+ hostname --ip-address
87.106.135.51
+ _________________________ uptime
+ uptime
21:50:12 up 8:10, 1 user, load average: 0.22, 0.10, 0.09
+ _________________________ ps
+ ps alxwf
+ egrep -i 'ppid|pluto|ipsec|klips'
F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME
COMMAND
0 0 6830 5911 22 0 65824 1272 wait S+ pts/0
0:00 \_ /bin/sh /usr/local/libexec/ipsec/barf
0 0 6928 6830 18 0 5992 592 pipe_w S+ pts/0
0:00 | \_ egrep -i ppid|pluto|ipsec|klips
0 0 6831 5911 18 0 58836 568 pipe_w S+ pts/0
0:00 \_ tee ipsec.barf
1 0 6553 1 17 0 10752 484 wait S pts/0 0:00 /
bin/sh /usr/lib/ipsec/_plutorun --re --debug all --uniqueids yes --
nocrsend --strictcrlpolicy --nat_traversal yes --keep_alive --
protostack auto --force_keepalive --disable_port_floating --
virtual_private --crlcheckinterval 0 --ocspuri --nhelpers --dump --
opts --stderrlog /var/tmp/pluto.log --wait no --pre --post --log
daemon.error --pid /var/run/pluto/pluto.pid
1 0 6700 1 17 0 10748 480 wait S pts/0 0:00 /
bin/sh /usr/lib/ipsec/_plutorun --re --debug all --uniqueids yes --
nocrsend --strictcrlpolicy --nat_traversal yes --keep_alive --
protostack auto --force_keepalive --disable_port_floating --
virtual_private --crlcheckinterval 0 --ocspuri --nhelpers --dump --
opts --stderrlog /var/tmp/pluto.log --wait no --pre --post --log
daemon.error --pid /var/run/pluto/pluto.pid
1 0 6860 1 17 0 10752 484 wait S pts/0 0:00 /
bin/sh /usr/lib/ipsec/_plutorun --re --debug all --uniqueids yes --
nocrsend --strictcrlpolicy --nat_traversal yes --keep_alive --
protostack auto --force_keepalive --disable_port_floating --
virtual_private --crlcheckinterval 0 --ocspuri --nhelpers --dump --
opts --stderrlog /var/tmp/pluto.log --wait no --pre --post --log
daemon.error --pid /var/run/pluto/pluto.pid
+ _________________________ ipsec/showdefaults
+ ipsec showdefaults
routephys=eth0
routevirt=ipsec0
routeaddr=87.106.135.51
routenexthop=10.255.255.1
+ _________________________ ipsec/conf
+ ipsec _include /etc/ipsec.conf
+ ipsec _keycensor
#< /etc/ipsec.conf 1
# /etc/ipsec.conf - Openswan IPsec configuration file
#
# Manual: ipsec.conf.5
#
# Please place your own config files in /etc/ipsec.d/ ending in .conf
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
# Debug-logging controls: "none" for (almost) none, "all"
for lots.
# klipsdebug=none
# plutodebug="control parsing"
plutodebug="all"
plutostderrlog=/var/tmp/pluto.log
nat_traversal=yes
#< /etc/ipsec.d/no_oe.conf 1
# 'include' this file to disable Opportunistic Encryption.
# See /usr/share/doc/openswan/policygroups.html for details.
#
# RCSID $Id: no_oe.conf.in,v 1.2 2004/10/03 19:33:10 paul Exp $
conn block
auto=ignore
conn private
auto=ignore
conn private-or-clear
auto=ignore
conn clear-or-private
auto=ignore
conn clear
auto=ignore
conn packetdefault
auto=ignore
#> /etc/ipsec.conf 19
+ _________________________ ipsec/secrets
+ ipsec _include /etc/ipsec.secrets
+ ipsec _secretcensor
#< /etc/ipsec.secrets 1
#< /etc/ipsec.d/comstock.secrets 1
: PSK "[sums to db9b...]"
#< /etc/ipsec.d/hostkey.secrets 1
: RSA {
# RSA 2192 bits s15272210.onlinehome-server.info Wed Nov
7 11:33:14 2007
# for signatures only, UNSAFE FOR ENCRYPTION
#pubkey=[keyid AQNvMg0zc]
Modulus: [...]
PublicExponent: [...]
# everything after this point is secret
PrivateExponent: [...]
Prime1: [...]
Prime2: [...]
Exponent1: [...]
Exponent2: [...]
Coefficient: [...]
}
# do not change the indenting of that "[sums to 7d9d...]"
#> /etc/ipsec.secrets 2
+ _________________________ ipsec/listall
+ ipsec auto --listall
whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
+ '[' /etc/ipsec.d/policies ']'
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/block
+ base=block
+ _________________________ ipsec/policies/block
+ cat /etc/ipsec.d/policies/block
# This file defines the set of CIDRs (network/mask-length) to which
# communication should never be allowed.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: block.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/clear
+ base=clear
+ _________________________ ipsec/policies/clear
+ cat /etc/ipsec.d/policies/clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be in the clear.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: clear.in,v 1.4.30.3 2006/11/21 19:49:51 paul Exp $
#
#
# Michael's idea: Always have ROOT NAMESERVERS in the clear.
# It will make OE work much better on machines running caching
# resolvers.
#
# Based on: http://www.internic.net/zones/named.root
# This file holds the information on root name servers needed to
# last update: Jan 29, 2004
# related version of root zone: 2004012900
198.41.0.4/32
192.228.79.201/32
192.33.4.12/32
128.8.10.90/32
192.203.230.10/32
192.5.5.241/32
192.112.36.4/32
128.63.2.53/32
192.36.148.17/32
192.58.128.30/32
193.0.14.129/32
198.32.64.12/32
202.12.27.33/32
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/clear-or-private
+ base=clear-or-private
+ _________________________ ipsec/policies/clear-or-private
+ cat /etc/ipsec.d/policies/clear-or-private
# This file defines the set of CIDRs (network/mask-length) to which
# we will communicate in the clear, or, if the other side initiates
IPSEC,
# using encryption. This behaviour is also called "Opportunistic
Responder".
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: clear-or-private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/private
+ base=private
+ _________________________ ipsec/policies/private
+ cat /etc/ipsec.d/policies/private
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be private (i.e. encrypted).
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/private-or-clear
+ base=private-or-clear
+ _________________________ ipsec/policies/private-or-clear
+ cat /etc/ipsec.d/policies/private-or-clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should be private, if possible, but in the clear
otherwise.
#
# If the target has a TXT (later IPSECKEY) record that specifies
# authentication material, we will require private (i.e. encrypted)
# communications. If no such record is found, communications will be
# in the clear.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: private-or-clear.in,v 1.5 2003/02/17 02:22:15 mcr Exp $
#
0.0.0.0/0
+ _________________________ ipsec/ls-libdir
+ ls -l /usr/local/lib/ipsec
total 240
-rwxr-xr-x 1 root root 15848 Nov 7 15:40 _confread
-rwxr-xr-x 1 root root 15848 Nov 7 15:38 _confread.old
-rwxr-xr-x 1 root root 16894 Nov 7 15:40 _copyright
-rwxr-xr-x 1 root root 16894 Nov 7 15:38 _copyright.old
-rwxr-xr-x 1 root root 2379 Nov 7 15:40 _include
-rwxr-xr-x 1 root root 2379 Nov 7 15:38 _include.old
-rwxr-xr-x 1 root root 1475 Nov 7 15:40 _keycensor
-rwxr-xr-x 1 root root 1475 Nov 7 15:38 _keycensor.old
-rwxr-xr-x 1 root root 3586 Nov 7 15:40 _plutoload
-rwxr-xr-x 1 root root 3586 Nov 7 15:38 _plutoload.old
-rwxr-xr-x 1 root root 8069 Nov 7 15:40 _plutorun
-rwxr-xr-x 1 root root 8069 Nov 7 15:38 _plutorun.old
-rwxr-xr-x 1 root root 12480 Nov 7 15:40 _realsetup
-rwxr-xr-x 1 root root 12480 Nov 7 15:38 _realsetup.old
-rwxr-xr-x 1 root root 1975 Nov 7 15:40 _secretcensor
-rwxr-xr-x 1 root root 1975 Nov 7 15:38 _secretcensor.old
-rwxr-xr-x 1 root root 11027 Nov 7 15:40 _startklips
-rwxr-xr-x 1 root root 11027 Nov 7 15:38 _startklips.old
-rwxr-xr-x 1 root root 13918 Nov 7 15:40 _updown
-rwxr-xr-x 1 root root 13918 Nov 7 15:38 _updown.old
-rwxr-xr-x 1 root root 15746 Nov 7 15:40 _updown_x509
-rwxr-xr-x 1 root root 15746 Nov 7 15:38 _updown_x509.old
+ _________________________ ipsec/ls-execdir
+ ls -l /usr/local/libexec/ipsec
total 7656
-rwxr-xr-x 1 root root 33358 Nov 7 15:40 _pluto_adns
-rwxr-xr-x 1 root root 33358 Nov 7 15:38 _pluto_adns.old
-rwxr-xr-x 1 root root 18891 Nov 7 15:40 auto
-rwxr-xr-x 1 root root 18891 Nov 7 15:38 auto.old
-rwxr-xr-x 1 root root 11367 Nov 7 15:40 barf
-rwxr-xr-x 1 root root 11367 Nov 7 15:38 barf.old
-rwxr-xr-x 1 root root 816 Nov 7 15:40 calcgoo
-rwxr-xr-x 1 root root 816 Nov 7 15:38 calcgoo.old
-rwxr-xr-x 1 root root 238336 Nov 7 15:41 eroute
-rwxr-xr-x 1 root root 238336 Nov 7 15:40 eroute.old
-rwxr-xr-x 1 root root 77025 Nov 7 15:40 ikeping
-rwxr-xr-x 1 root root 77025 Nov 7 15:38 ikeping.old
-rwxr-xr-x 1 root root 153623 Nov 7 15:41 klipsdebug
-rwxr-xr-x 1 root root 153623 Nov 7 15:40 klipsdebug.old
-rwxr-xr-x 1 root root 1836 Nov 7 15:40 livetest
-rwxr-xr-x 1 root root 1836 Nov 7 15:38 livetest.old
-rwxr-xr-x 1 root root 2604 Nov 7 15:40 look
-rwxr-xr-x 1 root root 2604 Nov 7 15:38 look.old
-rwxr-xr-x 1 root root 7094 Nov 7 15:40 mailkey
-rwxr-xr-x 1 root root 7094 Nov 7 15:38 mailkey.old
-rwxr-xr-x 1 root root 16015 Nov 7 15:40 manual
-rwxr-xr-x 1 root root 16015 Nov 7 15:38 manual.old
-rwxr-xr-x 1 root root 1951 Nov 7 15:40 newhostkey
-rwxr-xr-x 1 root root 1951 Nov 7 15:38 newhostkey.old
-rwxr-xr-x 1 root root 130457 Nov 7 15:41 pf_key
-rwxr-xr-x 1 root root 130457 Nov 7 15:40 pf_key.old
-rwxr-xr-x 1 root root 2251641 Nov 7 15:40 pluto
-rwxr-xr-x 1 root root 2251641 Nov 7 15:38 pluto.old
-rwxr-xr-x 1 root root 28450 Nov 7 15:40 ranbits
-rwxr-xr-x 1 root root 28450 Nov 7 15:38 ranbits.old
-rwxr-xr-x 1 root root 66797 Nov 7 15:40 rsasigkey
-rwxr-xr-x 1 root root 66797 Nov 7 15:38 rsasigkey.old
-rwxr-xr-x 1 root root 766 Nov 7 15:40 secrets
-rwxr-xr-x 1 root root 766 Nov 7 15:38 secrets.old
lrwxrwxrwx 1 root root 22 Nov 7 15:40 setup -> /etc/rc.d/init.d/
ipsec
-rwxr-xr-x 1 root root 1054 Nov 7 15:40 showdefaults
-rwxr-xr-x 1 root root 1054 Nov 7 15:38 showdefaults.old
-rwxr-xr-x 1 root root 4845 Nov 7 15:40 showhostkey
-rwxr-xr-x 1 root root 4845 Nov 7 15:38 showhostkey.old
-rwxr-xr-x 1 root root 391768 Nov 7 15:41 spi
-rwxr-xr-x 1 root root 391768 Nov 7 15:40 spi.old
-rwxr-xr-x 1 root root 191690 Nov 7 15:41 spigrp
-rwxr-xr-x 1 root root 191690 Nov 7 15:40 spigrp.old
-rwxr-xr-x 1 root root 34512 Nov 7 15:41 tncfg
-rwxr-xr-x 1 root root 34512 Nov 7 15:40 tncfg.old
-rwxr-xr-x 1 root root 13530 Nov 7 15:40 verify
-rwxr-xr-x 1 root root 13530 Nov 7 15:38 verify.old
-rwxr-xr-x 1 root root 195302 Nov 7 15:40 whack
-rwxr-xr-x 1 root root 195302 Nov 7 15:38 whack.old
+ _________________________ ipsec/updowns
++ ls /usr/local/libexec/ipsec
++ egrep updown
+ _________________________ /proc/net/dev
+ cat /proc/net/dev
Inter-| Receive |
Transmit
face |bytes packets errs drop fifo frame compressed multicast|
bytes packets errs drop fifo colls carrier compressed
eth0:2012722165 3111437 0 0 0 0 0 0
208777683 2877243 0 0 0 0 0 0
lo: 336 4 0 0 0 0 0
0 336 4 0 0 0 0 0 0
+ _________________________ /proc/net/route
+ cat /proc/net/route
Iface Destination Gateway Flags RefCnt Use
Metric Mask MTU Window IRTT
eth0 01FFFF0A 00000000 0005 0 0
0 FFFFFFFF 0 0 0
eth0 0000FEA9 00000000 0001 0 0
0 0000FFFF 0 0 0
eth0 00000000 01FFFF0A 0003 0 0
0 00000000 0 0 0
+ _________________________ /proc/sys/net/ipv4/ip_forward
+ cat /proc/sys/net/ipv4/ip_forward
0
+ _________________________ /proc/sys/net/ipv4/tcp_ecn
+ cat /proc/sys/net/ipv4/tcp_ecn
0
+ _________________________ /proc/sys/net/ipv4/conf/star-rp_filter
+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/rp_filter default/rp_filter eth0/rp_filter lo/rp_filter
all/rp_filter:0
default/rp_filter:1
eth0/rp_filter:1
lo/rp_filter:0
+ _________________________ /proc/sys/net/ipv4/conf/star-rp_filter
+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/rp_filter default/rp_filter eth0/rp_filter lo/rp_filter
all/rp_filter:0
default/rp_filter:1
eth0/rp_filter:1
lo/rp_filter:0
+ _________________________ /proc/sys/net/ipv4/conf/star-star-redirects
+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/accept_redirects all/secure_redirects all/
send_redirects default/accept_redirects default/secure_redirects
default/send_redirects eth0/accept_redirects eth0/secure_redirects
eth0/send_redirects lo/accept_redirects lo/secure_redirects lo/
send_redirects
all/accept_redirects:0
all/secure_redirects:1
all/send_redirects:0
default/accept_redirects:0
default/secure_redirects:1
default/send_redirects:0
eth0/accept_redirects:0
eth0/secure_redirects:1
eth0/send_redirects:0
lo/accept_redirects:0
lo/secure_redirects:1
lo/send_redirects:0
+ _________________________ /proc/sys/net/ipv4/tcp_window_scaling
+ cat /proc/sys/net/ipv4/tcp_window_scaling
1
+ _________________________ /proc/sys/net/ipv4/tcp_adv_win_scale
+ cat /proc/sys/net/ipv4/tcp_adv_win_scale
2
+ _________________________ uname-a
+ uname -a
Linux s15272210.onlinehome-server.info 2.6.16.53-070731a #1 SMP Tue
Jul 31 10:46:54 CEST 2007 x86_64 x86_64 x86_64 GNU/Linux
+ _________________________ config-built-with
+ test -r /proc/config_built_with
+ _________________________ distro-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-
release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/redhat-release
+ cat /etc/redhat-release
Fedora Core release 6 (Zod)
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-
release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/debian-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-
release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/SuSE-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-
release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/mandrake-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-
release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/mandriva-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-
release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/gentoo-release
+ _________________________ /proc/net/ipsec_version
+ test -r /proc/net/ipsec_version
+ test -r /proc/net/pfkey
++ uname -r
+ echo 'NETKEY (2.6.16.53-070731a) support detected '
NETKEY (2.6.16.53-070731a) support detected
+ _________________________ ipfwadm
+ test -r /sbin/ipfwadm
+ 'no old-style linux 1.x/2.0 ipfwadm firewall support'
/usr/local/libexec/ipsec/barf: line 305: no old-style linux 1.x/2.0
ipfwadm firewall support: No such file or directory
+ _________________________ ipchains
+ test -r /sbin/ipchains
+ echo 'no old-style linux 2.0 ipchains firewall support'
no old-style linux 2.0 ipchains firewall support
+ _________________________ iptables
+ test -r /sbin/iptables
+ iptables -L -v -n
Chain INPUT (policy ACCEPT 2339K packets, 1467M bytes)
pkts bytes target prot opt in out source
destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
Chain OUTPUT (policy ACCEPT 2161K packets, 118M bytes)
pkts bytes target prot opt in out source
destination
+ _________________________ iptables-nat
+ iptables -t nat -L -v -n
Chain PREROUTING (policy ACCEPT 1595 packets, 155K bytes)
pkts bytes target prot opt in out source
destination
Chain POSTROUTING (policy ACCEPT 39 packets, 2592 bytes)
pkts bytes target prot opt in out source
destination
Chain OUTPUT (policy ACCEPT 39 packets, 2592 bytes)
pkts bytes target prot opt in out source
destination
+ _________________________ iptables-mangle
+ iptables -t mangle -L -v -n
Chain PREROUTING (policy ACCEPT 2339K packets, 1467M bytes)
pkts bytes target prot opt in out source
destination
Chain INPUT (policy ACCEPT 2339K packets, 1467M bytes)
pkts bytes target prot opt in out source
destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
Chain OUTPUT (policy ACCEPT 2161K packets, 118M bytes)
pkts bytes target prot opt in out source
destination
Chain POSTROUTING (policy ACCEPT 2161K packets, 118M bytes)
pkts bytes target prot opt in out source
destination
+ _________________________ /proc/modules
+ test -f /proc/modules
+ cat /proc/modules
+ _________________________ /proc/meminfo
+ cat /proc/meminfo
MemTotal: 8240456 kB
MemFree: 3208664 kB
Buffers: 18808 kB
Cached: 4532976 kB
SwapCached: 0 kB
Active: 2868100 kB
Inactive: 1913676 kB
HighTotal: 0 kB
HighFree: 0 kB
LowTotal: 8240456 kB
LowFree: 3208664 kB
SwapTotal: 1953784 kB
SwapFree: 1953784 kB
Dirty: 388 kB
Writeback: 0 kB
Mapped: 249668 kB
Slab: 224412 kB
CommitLimit: 6074012 kB
Committed_AS: 908592 kB
PageTables: 10968 kB
VmallocTotal: 34359738367 kB
VmallocUsed: 1652 kB
VmallocChunk: 34359736707 kB
+ _________________________ /proc/net/ipsec-ls
+ test -f /proc/net/ipsec_version
+ _________________________ usr/src/linux/.config
+ test -f /proc/config.gz
+ zcat /proc/config.gz
+ egrep 'CONFIG_IPSEC|CONFIG_KLIPS|CONFIG_NET_KEY|CONFIG_INET|
CONFIG_IP|CONFIG_HW_RANDOM|CONFIG_CRYPTO_DEV|_XFRM'
CONFIG_XFRM=y
# CONFIG_XFRM_USER is not set
CONFIG_NET_KEY=y
CONFIG_INET=y
# CONFIG_IP_MULTICAST is not set
# CONFIG_IP_ADVANCED_ROUTER is not set
CONFIG_IP_FIB_HASH=y
# CONFIG_IP_PNP is not set
# CONFIG_INET_AH is not set
# CONFIG_INET_ESP is not set
# CONFIG_INET_IPCOMP is not set
# CONFIG_INET_TUNNEL is not set
CONFIG_INET_DIAG=y
CONFIG_INET_TCP_DIAG=y
# CONFIG_IP_VS is not set
# CONFIG_IPV6 is not set
CONFIG_IP_NF_CONNTRACK=y
CONFIG_IP_NF_CT_ACCT=y
CONFIG_IP_NF_CONNTRACK_MARK=y
CONFIG_IP_NF_CONNTRACK_EVENTS=y
CONFIG_IP_NF_CT_PROTO_SCTP=y
CONFIG_IP_NF_FTP=y
CONFIG_IP_NF_IRC=y
CONFIG_IP_NF_NETBIOS_NS=y
CONFIG_IP_NF_TFTP=y
CONFIG_IP_NF_AMANDA=y
CONFIG_IP_NF_PPTP=y
CONFIG_IP_NF_QUEUE=y
CONFIG_IP_NF_IPTABLES=y
CONFIG_IP_NF_MATCH_IPRANGE=y
CONFIG_IP_NF_MATCH_MULTIPORT=y
CONFIG_IP_NF_MATCH_TOS=y
CONFIG_IP_NF_MATCH_RECENT=y
CONFIG_IP_NF_MATCH_ECN=y
CONFIG_IP_NF_MATCH_DSCP=y
CONFIG_IP_NF_MATCH_AH_ESP=y
CONFIG_IP_NF_MATCH_TTL=y
CONFIG_IP_NF_MATCH_OWNER=y
CONFIG_IP_NF_MATCH_ADDRTYPE=y
CONFIG_IP_NF_MATCH_HASHLIMIT=y
CONFIG_IP_NF_MATCH_POLICY=y
CONFIG_IP_NF_FILTER=y
CONFIG_IP_NF_TARGET_REJECT=y
CONFIG_IP_NF_TARGET_LOG=y
# CONFIG_IP_NF_TARGET_ULOG is not set
CONFIG_IP_NF_TARGET_TCPMSS=y
CONFIG_IP_NF_NAT=y
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=y
CONFIG_IP_NF_TARGET_REDIRECT=y
CONFIG_IP_NF_TARGET_NETMAP=y
# CONFIG_IP_NF_TARGET_SAME is not set
# CONFIG_IP_NF_NAT_SNMP_BASIC is not set
CONFIG_IP_NF_NAT_IRC=y
CONFIG_IP_NF_NAT_FTP=y
CONFIG_IP_NF_NAT_TFTP=y
CONFIG_IP_NF_NAT_AMANDA=y
CONFIG_IP_NF_NAT_PPTP=y
CONFIG_IP_NF_MANGLE=y
CONFIG_IP_NF_TARGET_TOS=y
CONFIG_IP_NF_TARGET_ECN=y
CONFIG_IP_NF_TARGET_DSCP=y
CONFIG_IP_NF_TARGET_TTL=y
# CONFIG_IP_NF_TARGET_CLUSTERIP is not set
# CONFIG_IP_NF_RAW is not set
CONFIG_IP_NF_ARPTABLES=y
CONFIG_IP_NF_ARPFILTER=y
CONFIG_IP_NF_ARP_MANGLE=y
# CONFIG_IP_DCCP is not set
# CONFIG_IP_SCTP is not set
# CONFIG_IPX is not set
# CONFIG_IPMI_HANDLER is not set
CONFIG_HW_RANDOM=y
+ _________________________ etc/syslog.conf
+ cat /etc/syslog.conf
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/
messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* -/usr/local/psa/var/
log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg *
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/
boot.log
+ _________________________ etc/syslog-ng/syslog-ng.conf
+ cat /etc/syslog-ng/syslog-ng.conf
cat: /etc/syslog-ng/syslog-ng.conf: No such file or directory
+ _________________________ etc/resolv.conf
+ cat /etc/resolv.conf
; generated by /sbin/dhclient-script
search onlinehome-server.info
nameserver 87.106.135.251
nameserver 195.20.224.99
nameserver 195.20.224.234
+ _________________________ lib/modules-ls
+ ls -ltr /lib/modules
total 16
drwxr-xr-x 3 root root 4096 Dec 16 2006 2.6.16.27-061216a
drwxr-xr-x 6 root root 4096 Apr 26 2007 2.6.20-1.2944.fc6
drwxr-xr-x 3 root root 4096 Jul 31 12:33 2.6.16.53-070731a
drwxr-xr-x 6 root root 4096 Sep 23 16:13 2.6.22.5-49.fc6
+ _________________________ /proc/ksyms-netif_rx
+ test -r /proc/ksyms
+ test -r /proc/kallsyms
+ egrep netif_rx /proc/kallsyms
ffffffff804264f0 T netif_rx
ffffffff80426660 T netif_rx_ni
+ _________________________ lib/modules-netif_rx
+ modulegoo kernel/net/ipv4/ipip.o netif_rx
+ set +x
2.6.16.27-061216a:
2.6.16.53-070731a:
2.6.20-1.2944.fc6:
2.6.22.5-49.fc6:
+ _________________________ kern.debug
+ test -f /var/log/kern.debug
+ _________________________ klog
+ sed -n '14867,$p' /var/log/messages
+ egrep -i 'ipsec|klips|pluto'
+ case "$1" in
+ cat
Nov 7 15:39:09 s15272210 ipsec_setup: Starting Openswan IPsec U2.4.9/
K2.6.16.53-070731a...
Nov 7 15:39:09 s15272210 ipsec__plutorun: whack: Pluto is not running
(no "/var/run/pluto/pluto.ctl")
Nov 7 15:39:09 s15272210 ipsec__plutorun: !pluto failure!: exited
with error status 1
Nov 7 15:39:09 s15272210 ipsec__plutorun: restarting IPsec after
pause...
Nov 7 15:39:11 s15272210 ipsec_setup: Openswan IPsec apparently
already running, start aborted
Nov 7 15:39:19 s15272210 ipsec_setup: ...Openswan IPsec stopped
Nov 7 15:39:19 s15272210 ipsec_setup: Stopping Openswan IPsec...
Nov 7 15:39:19 s15272210 ipsec_setup: NETKEY on eth0
87.106.135.51/255.255.255.255 broadcast 87.106.135.51
Nov 7 15:39:19 s15272210 ipsec_setup: ...Openswan IPsec started
Nov 7 15:39:19 s15272210 ipsec_setup: Restarting Openswan IPsec
U2.4.9/K2.6.16.53-070731a...
Nov 7 15:39:19 s15272210 ipsec__plutorun: whack: Pluto is not running
(no "/var/run/pluto/pluto.ctl")
Nov 7 15:39:19 s15272210 ipsec__plutorun: !pluto failure!: exited
with error status 1
Nov 7 15:39:19 s15272210 ipsec__plutorun: restarting IPsec after
pause...
Nov 7 15:39:30 s15272210 ipsec_setup: ...Openswan IPsec stopped
Nov 7 15:39:30 s15272210 ipsec_setup: Stopping Openswan IPsec...
Nov 7 15:39:30 s15272210 ipsec_setup: NETKEY on eth0
87.106.135.51/255.255.255.255 broadcast 87.106.135.51
Nov 7 15:39:30 s15272210 ipsec_setup: ...Openswan IPsec started
Nov 7 15:39:30 s15272210 ipsec_setup: Restarting Openswan IPsec
U2.4.9/K2.6.16.53-070731a...
Nov 7 15:39:30 s15272210 ipsec__plutorun: whack: Pluto is not running
(no "/var/run/pluto/pluto.ctl")
Nov 7 15:39:30 s15272210 ipsec__plutorun: !pluto failure!: exited
with error status 1
Nov 7 15:39:30 s15272210 ipsec__plutorun: restarting IPsec after
pause...
Nov 7 15:39:40 s15272210 ipsec_setup: ...Openswan IPsec stopped
Nov 7 15:39:40 s15272210 ipsec_setup: Stopping Openswan IPsec...
Nov 7 15:39:40 s15272210 ipsec_setup: NETKEY on eth0
87.106.135.51/255.255.255.255 broadcast 87.106.135.51
Nov 7 15:39:40 s15272210 ipsec_setup: ...Openswan IPsec started
Nov 7 15:39:40 s15272210 ipsec_setup: Restarting Openswan IPsec
U2.4.9/K2.6.16.53-070731a...
Nov 7 15:39:40 s15272210 ipsec__plutorun: whack: Pluto is not running
(no "/var/run/pluto/pluto.ctl")
Nov 7 15:39:40 s15272210 ipsec__plutorun: !pluto failure!: exited
with error status 1
Nov 7 15:39:40 s15272210 ipsec__plutorun: restarting IPsec after
pause...
Nov 7 15:39:50 s15272210 ipsec_setup: ...Openswan IPsec stopped
Nov 7 15:39:50 s15272210 ipsec_setup: Stopping Openswan IPsec...
Nov 7 15:39:50 s15272210 ipsec_setup: NETKEY on eth0
87.106.135.51/255.255.255.255 broadcast 87.106.135.51
Nov 7 15:39:50 s15272210 ipsec_setup: ...Openswan IPsec started
Nov 7 15:39:50 s15272210 ipsec_setup: Restarting Openswan IPsec
U2.4.9/K2.6.16.53-070731a...
Nov 7 15:39:50 s15272210 ipsec__plutorun: whack: Pluto is not running
(no "/var/run/pluto/pluto.ctl")
Nov 7 15:39:50 s15272210 ipsec__plutorun: !pluto failure!: exited
with error status 1
Nov 7 15:39:50 s15272210 ipsec__plutorun: restarting IPsec after
pause...
Nov 7 15:40:00 s15272210 ipsec_setup: ...Openswan IPsec stopped
Nov 7 15:40:00 s15272210 ipsec_setup: Stopping Openswan IPsec...
Nov 7 15:40:01 s15272210 ipsec_setup: NETKEY on eth0
87.106.135.51/255.255.255.255 broadcast 87.106.135.51
Nov 7 15:40:01 s15272210 ipsec_setup: ...Openswan IPsec started
Nov 7 15:40:01 s15272210 ipsec_setup: Restarting Openswan IPsec
U2.4.9/K2.6.16.53-070731a...
Nov 7 15:40:01 s15272210 ipsec__plutorun: whack: Pluto is not running
(no "/var/run/pluto/pluto.ctl")
Nov 7 15:40:01 s15272210 ipsec__plutorun: !pluto failure!: exited
with error status 1
Nov 7 15:40:01 s15272210 ipsec__plutorun: restarting IPsec after
pause...
Nov 7 15:40:11 s15272210 ipsec_setup: ...Openswan IPsec stopped
Nov 7 15:40:11 s15272210 ipsec_setup: Stopping Openswan IPsec...
Nov 7 15:40:11 s15272210 ipsec_setup: NETKEY on eth0
87.106.135.51/255.255.255.255 broadcast 87.106.135.51
Nov 7 15:40:11 s15272210 ipsec_setup: ...Openswan IPsec started
Nov 7 15:40:11 s15272210 ipsec_setup: Restarting Openswan IPsec
U2.4.9/K2.6.16.53-070731a...
Nov 7 15:40:11 s15272210 ipsec__plutorun: whack: Pluto is not running
(no "/var/run/pluto/pluto.ctl")
Nov 7 15:40:11 s15272210 ipsec__plutorun: !pluto failure!: exited
with error status 1
Nov 7 15:40:11 s15272210 ipsec__plutorun: restarting IPsec after
pause...
Nov 7 15:40:21 s15272210 ipsec_setup: ...Openswan IPsec stopped
Nov 7 15:40:21 s15272210 ipsec_setup: Stopping Openswan IPsec...
Nov 7 15:40:21 s15272210 ipsec_setup: NETKEY on eth0
87.106.135.51/255.255.255.255 broadcast 87.106.135.51
Nov 7 15:40:21 s15272210 ipsec_setup: ...Openswan IPsec started
Nov 7 15:40:21 s15272210 ipsec_setup: Restarting Openswan IPsec
U2.4.9/K2.6.16.53-070731a...
Nov 7 15:40:21 s15272210 ipsec__plutorun: whack: Pluto is not running
(no "/var/run/pluto/pluto.ctl")
Nov 7 15:40:21 s15272210 ipsec__plutorun: !pluto failure!: exited
with error status 1
Nov 7 15:40:21 s15272210 ipsec__plutorun: restarting IPsec after
pause...
Nov 7 15:40:31 s15272210 ipsec_setup: ...Openswan IPsec stopped
Nov 7 15:40:31 s15272210 ipsec_setup: Stopping Openswan IPsec...
Nov 7 15:40:31 s15272210 ipsec_setup: NETKEY on eth0
87.106.135.51/255.255.255.255 broadcast 87.106.135.51
Nov 7 15:40:32 s15272210 ipsec_setup: ...Openswan IPsec started
Nov 7 15:40:32 s15272210 ipsec_setup: Restarting Openswan IPsec
U2.4.9/K2.6.16.53-070731a...
Nov 7 15:40:32 s15272210 ipsec__plutorun: whack: Pluto is not running
(no "/var/run/pluto/pluto.ctl")
Nov 7 15:40:32 s15272210 ipsec__plutorun: !pluto failure!: exited
with error status 1
Nov 7 15:40:32 s15272210 ipsec__plutorun: restarting IPsec after
pause...
Nov 7 15:40:42 s15272210 ipsec_setup: ...Openswan IPsec stopped
Nov 7 15:40:42 s15272210 ipsec_setup: Stopping Openswan IPsec...
Nov 7 15:40:42 s15272210 ipsec_setup: NETKEY on eth0
87.106.135.51/255.255.255.255 broadcast 87.106.135.51
Nov 7 15:40:42 s15272210 ipsec_setup: ...Openswan IPsec started
Nov 7 15:40:42 s15272210 ipsec_setup: Restarting Openswan IPsec
U2.4.9/K2.6.16.53-070731a...
Nov 7 15:40:42 s15272210 ipsec__plutorun: whack: Pluto is not running
(no "/var/run/pluto/pluto.ctl")
Nov 7 15:40:42 s15272210 ipsec__plutorun: !pluto failure!: exited
with error status 1
Nov 7 15:40:42 s15272210 ipsec__plutorun: restarting IPsec after
pause...
Nov 7 15:40:52 s15272210 ipsec_setup: ...Openswan IPsec stopped
Nov 7 15:40:52 s15272210 ipsec_setup: Stopping Openswan IPsec...
....
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20071107/d3c251a8/attachment-0001.html
More information about the Users
mailing list