[Openswan Users] Ipsec VPN from windows machines

Agent Smith news8080 at yahoo.com
Thu Apr 3 10:39:48 EDT 2008


here you go..

################# general info

Script started on Thu 03 Apr 2008 10:18:42 AM EDT
root at med-idxgtw:~\[root at med-idxgtw ~]# ipsec --version
Linux Openswan U2.4.12/K2.6.24.1 (netkey)
See `ipsec --copyright' for copyright information.
root at med-idxgtw:~\[root at med-idxgtw ~]# uname -a
Linux med-idxgtw 2.6.24.1 #1 Wed Apr 2 17:52:00 EDT
2008 i686 i686 i386 GNU/Linux
root at med-idxgtw:~\[root at med-idxgtw ~]# cat
/etc/redhat-release 
CentOS release 4.6 (Final)
root at med-idxgtw:~\[root at med-idxgtw ~]# 
root at med-idxgtw:~\[root at med-idxgtw ~]# 
root at med-idxgtw:~\[root at med-idxgtw ~]# 
root at med-idxgtw:~\[root at med-idxgtw ~]# grep -i xfrm
/usr/src/linux-2.6.24.1/.config
CONFIG_XFRM=y
CONFIG_XFRM_USER=y
# CONFIG_XFRM_SUB_POLICY is not set
# CONFIG_XFRM_MIGRATE is not set
CONFIG_INET_XFRM_TUNNEL=m
CONFIG_INET_XFRM_MODE_TRANSPORT=y
CONFIG_INET_XFRM_MODE_TUNNEL=y
CONFIG_INET_XFRM_MODE_BEET=y
CONFIG_INET6_XFRM_TUNNEL=m
CONFIG_INET6_XFRM_MODE_TRANSPORT=m
CONFIG_INET6_XFRM_MODE_TUNNEL=m
CONFIG_INET6_XFRM_MODE_BEET=m
# CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION is not set
# CONFIG_SECURITY_NETWORK_XFRM is not set
root at med-idxgtw:~\[root at med-idxgtw ~]# 
root at med-idxgtw:~\[root at med-idxgtw ~]# 
######################## service ipsec restarted

root at med-idxgtw:~\[root at med-idxgtw ~]# tail -f
/var/log/secure
Apr  3 10:18:23 med-idxgtw pluto[6901]: added
connection description "CERT"
Apr  3 10:18:23 med-idxgtw pluto[6901]: listening for
IKE messages
Apr  3 10:18:23 med-idxgtw pluto[6901]: adding
interface eth0/eth0 146.9.osw.box:500
Apr  3 10:18:23 med-idxgtw pluto[6901]: adding
interface eth0/eth0 146.9.osw.box:4500
Apr  3 10:18:23 med-idxgtw pluto[6901]: adding
interface lo/lo 127.0.0.1:500
Apr  3 10:18:23 med-idxgtw pluto[6901]: adding
interface lo/lo 127.0.0.1:4500
Apr  3 10:18:23 med-idxgtw pluto[6901]: adding
interface lo/lo ::1:500
Apr  3 10:18:23 med-idxgtw pluto[6901]: loading
secrets from "/etc/ipsec.secrets"
Apr  3 10:18:23 med-idxgtw pluto[6901]:   loaded
private key file '/etc/ipsec.d/private/servercert.key'
(561 bytes)
Apr  3 10:18:23 med-idxgtw pluto[6901]: "CERT": cannot
initiate connection without knowing peer IP address
(kind=CK_TEMPLATE)

####################### first connection.

Apr  3 10:20:18 med-idxgtw pluto[6901]: packet from
146.9.nat.router:500: ignoring Vendor ID payload [MS
NT5 ISAKMPOAKLEY 00000004]
Apr  3 10:20:18 med-idxgtw pluto[6901]: packet from
146.9.nat.router:500: ignoring Vendor ID payload
[FRAGMENTATION]
Apr  3 10:20:18 med-idxgtw pluto[6901]: packet from
146.9.nat.router:500: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 
Apr  3 10:20:18 med-idxgtw pluto[6901]: packet from
146.9.nat.router:500: ignoring Vendor ID payload
[Vid-Initial-Contact]
Apr  3 10:20:18 med-idxgtw pluto[6901]: "CERT"[1]
146.9.nat.router #1: responding to Main Mode from
unknown peer 146.9.nat.router
Apr  3 10:20:18 med-idxgtw pluto[6901]: "CERT"[1]
146.9.nat.router #1: transition from state
STATE_MAIN_R0 to state STATE_MAIN_R1
Apr  3 10:20:18 med-idxgtw pluto[6901]: "CERT"[1]
146.9.nat.router #1: STATE_MAIN_R1: sent MR1,
expecting MI2
Apr  3 10:20:18 med-idxgtw pluto[6901]: "CERT"[1]
146.9.nat.router #1: NAT-Traversal: Result using
draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed
Apr  3 10:20:18 med-idxgtw pluto[6901]: "CERT"[1]
146.9.nat.router #1: transition from state
STATE_MAIN_R1 to state STATE_MAIN_R2
Apr  3 10:20:18 med-idxgtw pluto[6901]: "CERT"[1]
146.9.nat.router #1: STATE_MAIN_R2: sent MR2,
expecting MI3
Apr  3 10:20:18 med-idxgtw pluto[6901]: "CERT"[1]
146.9.nat.router #1: Main mode peer ID is
ID_DER_ASN1_DN: 'C=US, ST=Michigan, L=Detroit, O=Wayne
State University, OU=MSIS, CN=userauth,
E=userauth at med.wayne.edu'
Apr  3 10:20:18 med-idxgtw pluto[6901]: "CERT"[1]
146.9.nat.router #1: switched from "CERT" to "CERT"
Apr  3 10:20:18 med-idxgtw pluto[6901]: "CERT"[2]
146.9.nat.router #1: deleting connection "CERT"
instance with peer 146.9.nat.router
{isakmp=#0/ipsec=#0}
Apr  3 10:20:18 med-idxgtw pluto[6901]: "CERT"[2]
146.9.nat.router #1: I am sending my cert
Apr  3 10:20:18 med-idxgtw pluto[6901]: "CERT"[2]
146.9.nat.router #1: transition from state
STATE_MAIN_R2 to state STATE_MAIN_R3
Apr  3 10:20:18 med-idxgtw pluto[6901]: "CERT"[2]
146.9.nat.router #1: STATE_MAIN_R3: sent MR3, ISAKMP
SA established {auth=OAKLEY_RSA_SIG
cipher=oakley_3des_cbc_192 prf=oakley_sha
group=modp1024}
Apr  3 10:20:18 med-idxgtw pluto[6901]: "CERT"[2]
146.9.nat.router #2: responding to Quick Mode
{msgid:375418e1}
Apr  3 10:20:18 med-idxgtw pluto[6901]: "CERT"[2]
146.9.nat.router #2: transition from state
STATE_QUICK_R0 to state STATE_QUICK_R1
Apr  3 10:20:18 med-idxgtw pluto[6901]: "CERT"[2]
146.9.nat.router #2: STATE_QUICK_R1: sent QR1, inbound
IPsec SA installed, expecting QI2
Apr  3 10:20:18 med-idxgtw pluto[6901]: "CERT"[2]
146.9.nat.router #2: transition from state
STATE_QUICK_R1 to state STATE_QUICK_R2
Apr  3 10:20:18 med-idxgtw pluto[6901]: "CERT"[2]
146.9.nat.router #2: STATE_QUICK_R2: IPsec SA
established {ESP=>0xa23e7f96 <0xd7dec272
xfrm=3DES_0-HMAC_SHA1 NATD=146.9.nat.router:4500
DPD=none}

########### ip -s x s  (after first connection)

root at med-idxgtw:~\[root at med-idxgtw ~]# 
root at med-idxgtw:~\[root at med-idxgtw ~]# 
root at med-idxgtw:~\[root at med-idxgtw ~]# ip -s x s
src 146.9.osw.box dst 146.9.nat.router
	proto ipv6-crypt spi 0xa23e7f96(2722004886) reqid
16393(0x00004009) mode transport
	replay-window 32 seq 0x00000000 
	auth hmac(sha1)
0x2707d9d3974bcec81e5eb5b41e3949f93c962fcd (160 bits)
	enc cbc(des3_ede)
0x8af1852fa7eab334554cd3275fb352fa178ce0376d6f66ae
(192 bits)
	encap (not implemented yet!)
	sel src 0.0.0.0/0 dst 0.0.0.0/0 uid 0
	lifetime config:
	  limit: soft (INF)(bytes), hard (INF)(bytes)
	  limit: soft (INF)(packets), hard (INF)(packets)
	  expire add: soft 0(sec), hard 0(sec)
	  expire use: soft 0(sec), hard 0(sec)
	lifetime current:
	  724(bytes), 9(packets)
	  add 2008-04-03 10:20:18 use 2008-04-03 10:20:21
	stats:
	  replay-window 0 replay 0 failed 0
src 146.9.nat.router dst 146.9.osw.box
	proto ipv6-crypt spi 0xd7dec272(3621700210) reqid
16393(0x00004009) mode transport
	replay-window 32 seq 0x00000000 
	auth hmac(sha1)
0x6a0cd0a958c5d8a344be2f01a58ae7673aacef3c (160 bits)
	enc cbc(des3_ede)
0x70f413fc0356dd17d66e75e14aa51708815868ab9c2377f3
(192 bits)
	encap (not implemented yet!)
	sel src 0.0.0.0/0 dst 0.0.0.0/0 uid 0
	lifetime config:
	  limit: soft (INF)(bytes), hard (INF)(bytes)
	  limit: soft (INF)(packets), hard (INF)(packets)
	  expire add: soft 0(sec), hard 0(sec)
	  expire use: soft 0(sec), hard 0(sec)
	lifetime current:
	  251(bytes), 9(packets)
	  add 2008-04-03 10:20:18 use 2008-04-03 10:20:18
	stats:
	  replay-window 0 replay 0 failed 0

################### ip -s x p (after first connection)
root at med-idxgtw:~\[root at med-idxgtw ~]# ip -s x p
src 146.9.nat.router/32 dst 146.9.osw.box/32 uid 0
	dir in action allow index 504 priority 2080 share any
flags 0x00000000
	lifetime config:
	  limit: soft (INF)(bytes), hard (INF)(bytes)
	  limit: soft (INF)(packets), hard (INF)(packets)
	  expire add: soft 0(sec), hard 0(sec)
	  expire use: soft 0(sec), hard 0(sec)
	lifetime current:
	  0(bytes), 0(packets)
	  add 2008-04-03 10:20:18 use 2008-04-03 10:20:21
	tmpl	src 0.0.0.0 dst 0.0.0.0
		proto ipv6-crypt spi 0x00000000(0) reqid
16393(0x00004009) mode transport
		level required share any algo-mask:enc=32, auth=32,
comp=32
src 146.9.osw.box/32 dst 0.0.0.0/32 uid 0
	dir out action allow index 497 priority 2080 share
any flags 0x00000000
	lifetime config:
	  limit: soft (INF)(bytes), hard (INF)(bytes)
	  limit: soft (INF)(packets), hard (INF)(packets)
	  expire add: soft 0(sec), hard 0(sec)
	  expire use: soft 0(sec), hard 0(sec)
	lifetime current:
	  0(bytes), 0(packets)
	  add 2008-04-03 10:18:23 use -
	tmpl	src 0.0.0.0 dst 0.0.0.0
		proto ipv6-crypt spi 0x00000000(0) reqid
0(0x00000000) mode transport
		level required share any algo-mask:enc=32, auth=32,
comp=32
src 146.9.osw.box/32 dst 146.9.nat.router/32 uid 0
	dir out action allow index 513 priority 2080 share
any flags 0x00000000
	lifetime config:
	  limit: soft (INF)(bytes), hard (INF)(bytes)
	  limit: soft (INF)(packets), hard (INF)(packets)
	  expire add: soft 0(sec), hard 0(sec)
	  expire use: soft 0(sec), hard 0(sec)
	lifetime current:
	  0(bytes), 0(packets)
	  add 2008-04-03 10:20:18 use 2008-04-03 10:20:21
	tmpl	src 0.0.0.0 dst 0.0.0.0
		proto ipv6-crypt spi 0x00000000(0) reqid
16393(0x00004009) mode transport
		level required share any algo-mask:enc=32, auth=32,
comp=32
src ::/0 dst ::/0 uid 0
	dir in action allow index 483 priority 0 share any
flags 0x00000000
	lifetime config:
	  limit: soft (INF)(bytes), hard (INF)(bytes)
	  limit: soft (INF)(packets), hard (INF)(packets)
	  expire add: soft 0(sec), hard 0(sec)
	  expire use: soft 0(sec), hard 0(sec)
	lifetime current:
	  0(bytes), 0(packets)
	  add 2008-04-03 10:18:23 use -
src 0.0.0.0/0 dst 0.0.0.0/0 uid 0
	dir in action allow index 467 priority 0 share any
flags 0x00000000
	lifetime config:
	  limit: soft (INF)(bytes), hard (INF)(bytes)
	  limit: soft (INF)(packets), hard (INF)(packets)
	  expire add: soft 0(sec), hard 0(sec)
	  expire use: soft 0(sec), hard 0(sec)
	lifetime current:
	  0(bytes), 0(packets)
	  add 2008-04-03 10:18:23 use -
src 0.0.0.0/0 dst 0.0.0.0/0 uid 0
	dir in action allow index 451 priority 0 share any
flags 0x00000000
	lifetime config:
	  limit: soft (INF)(bytes), hard (INF)(bytes)
	  limit: soft (INF)(packets), hard (INF)(packets)
	  expire add: soft 0(sec), hard 0(sec)
	  expire use: soft 0(sec), hard 0(sec)
	lifetime current:
	  0(bytes), 0(packets)
	  add 2008-04-03 10:18:23 use -
src 0.0.0.0/0 dst 0.0.0.0/0 uid 0
	dir in action allow index 435 priority 0 share any
flags 0x00000000
	lifetime config:
	  limit: soft (INF)(bytes), hard (INF)(bytes)
	  limit: soft (INF)(packets), hard (INF)(packets)
	  expire add: soft 0(sec), hard 0(sec)
	  expire use: soft 0(sec), hard 0(sec)
	lifetime current:
	  0(bytes), 0(packets)
	  add 2008-04-03 10:18:23 use 2008-04-03 10:20:39
src 0.0.0.0/0 dst 0.0.0.0/0 uid 0
	dir in action allow index 419 priority 0 share any
flags 0x00000000
	lifetime config:
	  limit: soft (INF)(bytes), hard (INF)(bytes)
	  limit: soft (INF)(packets), hard (INF)(packets)
	  expire add: soft 0(sec), hard 0(sec)
	  expire use: soft 0(sec), hard 0(sec)
	lifetime current:
	  0(bytes), 0(packets)
	  add 2008-04-03 10:18:23 use 2008-04-03 10:20:18
src ::/0 dst ::/0 uid 0
	dir out action allow index 492 priority 0 share any
flags 0x00000000
	lifetime config:
	  limit: soft (INF)(bytes), hard (INF)(bytes)
	  limit: soft (INF)(packets), hard (INF)(packets)
	  expire add: soft 0(sec), hard 0(sec)
	  expire use: soft 0(sec), hard 0(sec)
	lifetime current:
	  0(bytes), 0(packets)
	  add 2008-04-03 10:18:23 use -
src 0.0.0.0/0 dst 0.0.0.0/0 uid 0
	dir out action allow index 476 priority 0 share any
flags 0x00000000
	lifetime config:
	  limit: soft (INF)(bytes), hard (INF)(bytes)
	  limit: soft (INF)(packets), hard (INF)(packets)
	  expire add: soft 0(sec), hard 0(sec)
	  expire use: soft 0(sec), hard 0(sec)
	lifetime current:
	  0(bytes), 0(packets)
	  add 2008-04-03 10:18:23 use -
src 0.0.0.0/0 dst 0.0.0.0/0 uid 0
	dir out action allow index 460 priority 0 share any
flags 0x00000000
	lifetime config:
	  limit: soft (INF)(bytes), hard (INF)(bytes)
	  limit: soft (INF)(packets), hard (INF)(packets)
	  expire add: soft 0(sec), hard 0(sec)
	  expire use: soft 0(sec), hard 0(sec)
	lifetime current:
	  0(bytes), 0(packets)
	  add 2008-04-03 10:18:23 use -
src 0.0.0.0/0 dst 0.0.0.0/0 uid 0
	dir out action allow index 444 priority 0 share any
flags 0x00000000
	lifetime config:
	  limit: soft (INF)(bytes), hard (INF)(bytes)
	  limit: soft (INF)(packets), hard (INF)(packets)
	  expire add: soft 0(sec), hard 0(sec)
	  expire use: soft 0(sec), hard 0(sec)
	lifetime current:
	  0(bytes), 0(packets)
	  add 2008-04-03 10:18:23 use 2008-04-03 10:20:18
src 0.0.0.0/0 dst 0.0.0.0/0 uid 0
	dir out action allow index 428 priority 0 share any
flags 0x00000000
	lifetime config:
	  limit: soft (INF)(bytes), hard (INF)(bytes)
	  limit: soft (INF)(packets), hard (INF)(packets)
	  expire add: soft 0(sec), hard 0(sec)
	  expire use: soft 0(sec), hard 0(sec)
	lifetime current:
	  0(bytes), 0(packets)
	  add 2008-04-03 10:18:23 use 2008-04-03 10:20:18
root at med-idxgtw:~\[root at med-idxgtw ~]# 
root at med-idxgtw:~\[root at med-idxgtw ~]# 
###################################### resume
/var/log/secure
############################## first client has
connected now trying the second client

Apr  3 10:21:17 med-idxgtw pluto[6901]: packet from
146.9.nat.router:3: ignoring Vendor ID payload [MS NT5
ISAKMPOAKLEY 00000004]
Apr  3 10:21:17 med-idxgtw pluto[6901]: packet from
146.9.nat.router:3: ignoring Vendor ID payload
[FRAGMENTATION]
Apr  3 10:21:17 med-idxgtw pluto[6901]: packet from
146.9.nat.router:3: received Vendor ID payload
[draft-ietf-ipsec-nat-t-ike-02_n] method set to=106 
Apr  3 10:21:17 med-idxgtw pluto[6901]: packet from
146.9.nat.router:3: ignoring Vendor ID payload
[Vid-Initial-Contact]
Apr  3 10:21:17 med-idxgtw pluto[6901]: "CERT"[2]
146.9.nat.router #3: responding to Main Mode from
unknown peer 146.9.nat.router
Apr  3 10:21:17 med-idxgtw pluto[6901]: "CERT"[2]
146.9.nat.router #3: transition from state
STATE_MAIN_R0 to state STATE_MAIN_R1
Apr  3 10:21:17 med-idxgtw pluto[6901]: "CERT"[2]
146.9.nat.router #3: STATE_MAIN_R1: sent MR1,
expecting MI2
Apr  3 10:21:17 med-idxgtw pluto[6901]: "CERT"[2]
146.9.nat.router #3: NAT-Traversal: Result using
draft-ietf-ipsec-nat-t-ike-02/03: peer is NATed
Apr  3 10:21:17 med-idxgtw pluto[6901]: "CERT"[2]
146.9.nat.router #3: transition from state
STATE_MAIN_R1 to state STATE_MAIN_R2
Apr  3 10:21:17 med-idxgtw pluto[6901]: "CERT"[2]
146.9.nat.router #3: STATE_MAIN_R2: sent MR2,
expecting MI3
Apr  3 10:21:17 med-idxgtw pluto[6901]: "CERT"[2]
146.9.nat.router #3: Main mode peer ID is
ID_DER_ASN1_DN: 'C=US, ST=Michigan, L=Detroit, O=Wayne
State University, OU=MSIS, CN=userauth2,
E=userauth2 at med.wayne.edu'
Apr  3 10:21:17 med-idxgtw pluto[6901]: "CERT"[2]
146.9.nat.router #3: switched from "CERT" to "CERT"
Apr  3 10:21:17 med-idxgtw pluto[6901]: "CERT"[3]
146.9.nat.router #3: I am sending my cert
Apr  3 10:21:17 med-idxgtw pluto[6901]: "CERT"[3]
146.9.nat.router #3: transition from state
STATE_MAIN_R2 to state STATE_MAIN_R3
Apr  3 10:21:17 med-idxgtw pluto[6901]: "CERT"[3]
146.9.nat.router #3: STATE_MAIN_R3: sent MR3, ISAKMP
SA established {auth=OAKLEY_RSA_SIG
cipher=oakley_3des_cbc_192 prf=oakley_sha
group=modp1024}
Apr  3 10:21:17 med-idxgtw pluto[6901]: "CERT"[3]
146.9.nat.router #3: Virtual IP 146.9.nat.router/32 is
already used by 'C=US, ST=Michigan, L=Detroit, O=Wayne
State University, OU=MSIS, CN=userauth,
E=userauth at med.wayne.edu'
Apr  3 10:21:17 med-idxgtw pluto[6901]: "CERT"[3]
146.9.nat.router #3: Your ID is 'C=US, ST=Michigan,
L=Detroit, O=Wayne State University, OU=MSIS,
CN=userauth2, E=userauth2 at med.wayne.edu'
Apr  3 10:21:17 med-idxgtw pluto[6901]: "CERT"[3]
146.9.nat.router #3: Virtual IP 146.9.nat.router/32 is
already used by 'C=US, ST=Michigan, L=Detroit, O=Wayne
State University, OU=MSIS, CN=userauth,
E=userauth at med.wayne.edu'
Apr  3 10:21:17 med-idxgtw pluto[6901]: "CERT"[3]
146.9.nat.router #3: Your ID is 'C=US, ST=Michigan,
L=Detroit, O=Wayne State University, OU=MSIS,
CN=userauth2, E=userauth2 at med.wayne.edu'
Apr  3 10:21:17 med-idxgtw pluto[6901]: "CERT"[3]
146.9.nat.router #3: cannot respond to IPsec SA
request because no connection is known for
146.9.osw.box[C=US, ST=Michigan, L=Detroit, O=Wayne
State University, OU=MSIS, CN=servercert,
E=servercert at med.wayne.edu]...146.9.nat.router[C=US,
ST=Michigan, L=Detroit, O=Wayne State University,
OU=MSIS, CN=userauth2, E=userauth2 at med.wayne.edu]
Apr  3 10:21:17 med-idxgtw pluto[6901]: "CERT"[3]
146.9.nat.router #3: sending encrypted notification
INVALID_ID_INFORMATION to 146.9.nat.router:1026
Apr  3 10:21:18 med-idxgtw pluto[6901]: "CERT"[3]
146.9.nat.router #3: Quick Mode I1 message is
unacceptable because it uses a previously used Message
ID 0x8873f1fc (perhaps this is a duplicated packet)
Apr  3 10:21:18 med-idxgtw pluto[6901]: "CERT"[3]
146.9.nat.router #3: sending encrypted notification
INVALID_MESSAGE_ID to 146.9.nat.router:1026
###############################  ip command after
second client failed

root at med-idxgtw ~]# ip -s x s
src 146.9.osw.box dst 146.9.nat.router
	proto ipv6-crypt spi 0xa23e7f96(2722004886) reqid
16393(0x00004009) mode transport
	replay-window 32 seq 0x00000000 
	auth hmac(sha1)
0x2707d9d3974bcec81e5eb5b41e3949f93c962fcd (160 bits)
	enc cbc(des3_ede)
0x8af1852fa7eab334554cd3275fb352fa178ce0376d6f66ae
(192 bits)
	encap (not implemented yet!)
	sel src 0.0.0.0/0 dst 0.0.0.0/0 uid 0
	lifetime config:
	  limit: soft (INF)(bytes), hard (INF)(bytes)
	  limit: soft (INF)(packets), hard (INF)(packets)
	  expire add: soft 0(sec), hard 0(sec)
	  expire use: soft 0(sec), hard 0(sec)
	lifetime current:
	  858(bytes), 13(packets)
	  add 2008-04-03 10:20:18 use 2008-04-03 10:20:21
	stats:
	  replay-window 0 replay 0 failed 0
src 146.9.nat.router dst 146.9.osw.box
	proto ipv6-crypt spi 0xd7dec272(3621700210) reqid
16393(0x00004009) mode transport
	replay-window 32 seq 0x00000000 
	auth hmac(sha1)
0x6a0cd0a958c5d8a344be2f01a58ae7673aacef3c (160 bits)
	enc cbc(des3_ede)
0x70f413fc0356dd17d66e75e14aa51708815868ab9c2377f3
(192 bits)
	encap (not implemented yet!)
	sel src 0.0.0.0/0 dst 0.0.0.0/0 uid 0
	lifetime config:
	  limit: soft (INF)(bytes), hard (INF)(bytes)
	  limit: soft (INF)(packets), hard (INF)(packets)
	  expire add: soft 0(sec), hard 0(sec)
	  expire use: soft 0(sec), hard 0(sec)
	lifetime current:
	  291(bytes), 11(packets)
	  add 2008-04-03 10:20:18 use 2008-04-03 10:20:18
	stats:
	  replay-window 0 replay 0 failed 0

root at med-idxgtw:~\[root at med-idxgtw ~]# ip -s x p
src 146.9.nat.router/32 dst 146.9.osw.box/32 uid 0
	dir in action allow index 504 priority 2080 share any
flags 0x00000000
	lifetime config:
	  limit: soft (INF)(bytes), hard (INF)(bytes)
	  limit: soft (INF)(packets), hard (INF)(packets)
	  expire add: soft 0(sec), hard 0(sec)
	  expire use: soft 0(sec), hard 0(sec)
	lifetime current:
	  0(bytes), 0(packets)
	  add 2008-04-03 10:20:18 use 2008-04-03 10:20:41
	tmpl	src 0.0.0.0 dst 0.0.0.0
		proto ipv6-crypt spi 0x00000000(0) reqid
16393(0x00004009) mode transport
		level required share any algo-mask:enc=32, auth=32,
comp=32
src 146.9.osw.box/32 dst 0.0.0.0/32 uid 0
	dir out action allow index 497 priority 2080 share
any flags 0x00000000
	lifetime config:
	  limit: soft (INF)(bytes), hard (INF)(bytes)
	  limit: soft (INF)(packets), hard (INF)(packets)
	  expire add: soft 0(sec), hard 0(sec)
	  expire use: soft 0(sec), hard 0(sec)
	lifetime current:
	  0(bytes), 0(packets)
	  add 2008-04-03 10:18:23 use -
	tmpl	src 0.0.0.0 dst 0.0.0.0
		proto ipv6-crypt spi 0x00000000(0) reqid
0(0x00000000) mode transport
		level required share any algo-mask:enc=32, auth=32,
comp=32
src 146.9.osw.box/32 dst 146.9.nat.router/32 uid 0
	dir out action allow index 513 priority 2080 share
any flags 0x00000000
	lifetime config:
	  limit: soft (INF)(bytes), hard (INF)(bytes)
	  limit: soft (INF)(packets), hard (INF)(packets)
	  expire add: soft 0(sec), hard 0(sec)
	  expire use: soft 0(sec), hard 0(sec)
	lifetime current:
	  0(bytes), 0(packets)
	  add 2008-04-03 10:20:18 use 2008-04-03 10:20:21
	tmpl	src 0.0.0.0 dst 0.0.0.0
		proto ipv6-crypt spi 0x00000000(0) reqid
16393(0x00004009) mode transport
		level required share any algo-mask:enc=32, auth=32,
comp=32
src ::/0 dst ::/0 uid 0
	dir in action allow index 483 priority 0 share any
flags 0x00000000
	lifetime config:
	  limit: soft (INF)(bytes), hard (INF)(bytes)
	  limit: soft (INF)(packets), hard (INF)(packets)
	  expire add: soft 0(sec), hard 0(sec)
	  expire use: soft 0(sec), hard 0(sec)
	lifetime current:
	  0(bytes), 0(packets)
	  add 2008-04-03 10:18:23 use -
src 0.0.0.0/0 dst 0.0.0.0/0 uid 0
	dir in action allow index 467 priority 0 share any
flags 0x00000000
	lifetime config:
	  limit: soft (INF)(bytes), hard (INF)(bytes)
	  limit: soft (INF)(packets), hard (INF)(packets)
	  expire add: soft 0(sec), hard 0(sec)
	  expire use: soft 0(sec), hard 0(sec)
	lifetime current:
	  0(bytes), 0(packets)
	  add 2008-04-03 10:18:23 use -
src 0.0.0.0/0 dst 0.0.0.0/0 uid 0
	dir in action allow index 451 priority 0 share any
flags 0x00000000
	lifetime config:
	  limit: soft (INF)(bytes), hard (INF)(bytes)
	  limit: soft (INF)(packets), hard (INF)(packets)
	  expire add: soft 0(sec), hard 0(sec)
	  expire use: soft 0(sec), hard 0(sec)
	lifetime current:
	  0(bytes), 0(packets)
	  add 2008-04-03 10:18:23 use -
src 0.0.0.0/0 dst 0.0.0.0/0 uid 0
	dir in action allow index 435 priority 0 share any
flags 0x00000000
	lifetime config:
	  limit: soft (INF)(bytes), hard (INF)(bytes)
	  limit: soft (INF)(packets), hard (INF)(packets)
	  expire add: soft 0(sec), hard 0(sec)
	  expire use: soft 0(sec), hard 0(sec)
	lifetime current:
	  0(bytes), 0(packets)
	  add 2008-04-03 10:18:23 use 2008-04-03 10:21:25
src 0.0.0.0/0 dst 0.0.0.0/0 uid 0
	dir in action allow index 419 priority 0 share any
flags 0x00000000
	lifetime config:
	  limit: soft (INF)(bytes), hard (INF)(bytes)
	  limit: soft (INF)(packets), hard (INF)(packets)
	  expire add: soft 0(sec), hard 0(sec)
	  expire use: soft 0(sec), hard 0(sec)
	lifetime current:
	  0(bytes), 0(packets)
	  add 2008-04-03 10:18:23 use 2008-04-03 10:21:17
src ::/0 dst ::/0 uid 0
	dir out action allow index 492 priority 0 share any
flags 0x00000000
	lifetime config:
	  limit: soft (INF)(bytes), hard (INF)(bytes)
	  limit: soft (INF)(packets), hard (INF)(packets)
	  expire add: soft 0(sec), hard 0(sec)
	  expire use: soft 0(sec), hard 0(sec)
	lifetime current:
	  0(bytes), 0(packets)
	  add 2008-04-03 10:18:23 use -
src 0.0.0.0/0 dst 0.0.0.0/0 uid 0
	dir out action allow index 476 priority 0 share any
flags 0x00000000
	lifetime config:
	  limit: soft (INF)(bytes), hard (INF)(bytes)
	  limit: soft (INF)(packets), hard (INF)(packets)
	  expire add: soft 0(sec), hard 0(sec)
	  expire use: soft 0(sec), hard 0(sec)
	lifetime current:
	  0(bytes), 0(packets)
	  add 2008-04-03 10:18:23 use -
src 0.0.0.0/0 dst 0.0.0.0/0 uid 0
	dir out action allow index 460 priority 0 share any
flags 0x00000000
	lifetime config:
	  limit: soft (INF)(bytes), hard (INF)(bytes)
	  limit: soft (INF)(packets), hard (INF)(packets)
	  expire add: soft 0(sec), hard 0(sec)
	  expire use: soft 0(sec), hard 0(sec)
	lifetime current:
	  0(bytes), 0(packets)
	  add 2008-04-03 10:18:23 use -
src 0.0.0.0/0 dst 0.0.0.0/0 uid 0
	dir out action allow index 444 priority 0 share any
flags 0x00000000
	lifetime config:
	  limit: soft (INF)(bytes), hard (INF)(bytes)
	  limit: soft (INF)(packets), hard (INF)(packets)
	  expire add: soft 0(sec), hard 0(sec)
	  expire use: soft 0(sec), hard 0(sec)
	lifetime current:
	  0(bytes), 0(packets)
	  add 2008-04-03 10:18:23 use 2008-04-03 10:21:25
src 0.0.0.0/0 dst 0.0.0.0/0 uid 0
	dir out action allow index 428 priority 0 share any
flags 0x00000000
	lifetime config:
	  limit: soft (INF)(bytes), hard (INF)(bytes)
	  limit: soft (INF)(packets), hard (INF)(packets)
	  expire add: soft 0(sec), hard 0(sec)
	  expire use: soft 0(sec), hard 0(sec)
	lifetime current:
	  0(bytes), 0(packets)
	  add 2008-04-03 10:18:23 use 2008-04-03 10:21:17
root at med-idxgtw:~\[root at med-idxgtw ~]# 
root at med-idxgtw:~\[root at med-idxgtw ~]# exit

Script done on Thu 03 Apr 2008 10:21:28 AM EDT



--- Marco Berizzi <pupilla at hotmail.com> wrote:

> Agent Smith wrote:
> > both of them are IP address of the OSW box.
> 
> this doesn't make sense
> 
> > Apr  2 22:42:03 med-idxgtw pluto[5735]: "CERT"[3]
> > 146.9.x.x #3: Virtual IP 146.9.x.x/32 is already
> used
> > by 'C=US, ST=Michigan, L=Detroit, O=Wayne State
> > University, OU=MSIS, CN=userauth,
> > E=userauth at med.wayne.edu'
> >
> > I only get this when the second client connects,
> the
> > first one works,
> 
> could you post the output of ip -s x s and ip -s x p
> when the first working client is connected?
> 
> > what I did is this,
> >
> > 1. install linux
> > 2. get 2.6.24.4 kernel and install it (no openswan
> > patch just make sure xfrm is enabled; reboot.
> > 3. get openswan-2.4.12 and do make programs;make
> > install
> > 4. reboot and connect
> 
> all fine here
> 
> 
> 



      ____________________________________________________________________________________
You rock. That's why Blockbuster's offering you one month of Blockbuster Total Access, No Cost.  
http://tc.deals.yahoo.com/tc/blockbuster/text5.com


More information about the Users mailing list