[Openswan Users] Routing Problem?
Bert Olsson
bso at bertolsson.com
Thu Jun 26 12:28:14 EDT 2008
I am trying to establish a VPN connection using openswan
from an RHEL5 box. The VPN connection seems to come up
just fine, but when I look at ping packets going to the
remote subnet, the packets are going over the default
interface (i.e., they are not ESP packets over VPN).
How does it know how to use the VPN connection for the
remote subnet? Is there supposed to be a network device
for VPN (like ipsec0)? I'm clearly missing something, but
cannot figure it out.
Thanks for any help.
Bert Olsson
ipsec --barf output:
ruglyweb1.mn2.visi.com
Thu Jun 26 11:16:47 CDT 2008
+ _________________________ version
+ ipsec --version
Linux Openswan U2.6.14/K2.6.18-92.el5 (netkey)
See `ipsec --copyright' for copyright information.
+ _________________________ /proc/version
+ cat /proc/version
Linux version 2.6.18-92.el5 (brewbuilder at hs20-bc2-3.build.redhat.com)
(gcc version 4.1.2 20071124 (Red Hat 4.1.2-41)) #1 SMP Tue Apr 29
13:16:12 EDT 2008
+ _________________________ /proc/net/ipsec_eroute
+ test -r /proc/net/ipsec_eroute
+ _________________________ netstat-rn
+ netstat -nr
+ head -n 100
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt
Iface
192.168.234.236 0.0.0.0 255.255.255.255 UH 0 0 0
ppp0
209.98.198.0 0.0.0.0 255.255.254.0 U 0 0 0
eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0
eth0
0.0.0.0 209.98.199.254 0.0.0.0 UG 0 0 0
eth0
+ _________________________ /proc/net/ipsec_spi
+ test -r /proc/net/ipsec_spi
+ _________________________ /proc/net/ipsec_spigrp
+ test -r /proc/net/ipsec_spigrp
+ _________________________ /proc/net/ipsec_tncfg
+ test -r /proc/net/ipsec_tncfg
+ _________________________ /proc/net/pfkey
+ test -r /proc/net/pfkey
+ cat /proc/net/pfkey
sk RefCnt Rmem Wmem User Inode
+ _________________________ ip-xfrm-state
+ ip xfrm state
+ _________________________ ip-xfrm-policy
+ ip xfrm policy
src 209.98.199.133/32 dst 192.4.223.0/32
dir out priority 2080
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src ::/0 dst ::/0
dir in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0
src ::/0 dst ::/0
dir out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0
+ _________________________ /proc/crypto
+ test -r /proc/crypto
+ cat /proc/crypto
name : tnepres
driver : tnepres-generic
module : serpent
priority : 0
type : cipher
blocksize : 16
min keysize : 0
max keysize : 32
name : serpent
driver : serpent-generic
module : serpent
priority : 0
type : cipher
blocksize : 16
min keysize : 0
max keysize : 32
name : blowfish
driver : blowfish-generic
module : blowfish
priority : 0
type : cipher
blocksize : 8
min keysize : 4
max keysize : 56
name : twofish
driver : twofish-generic
module : twofish
priority : 0
type : cipher
blocksize : 16
min keysize : 16
max keysize : 32
name : md5
driver : md5-generic
module : md5
priority : 0
type : digest
blocksize : 64
digestsize : 16
name : sha256
driver : sha256-generic
module : sha256
priority : 0
type : digest
blocksize : 64
digestsize : 32
name : sha512
driver : sha512-generic
module : sha512
priority : 0
type : digest
blocksize : 128
digestsize : 64
name : sha384
driver : sha384-generic
module : sha512
priority : 0
type : digest
blocksize : 96
digestsize : 48
name : des3_ede
driver : des3_ede-generic
module : des
priority : 0
type : cipher
blocksize : 8
min keysize : 24
max keysize : 24
name : des
driver : des-generic
module : des
priority : 0
type : cipher
blocksize : 8
min keysize : 8
max keysize : 8
name : aes
driver : aes-generic
module : aes_generic
priority : 100
type : cipher
blocksize : 16
min keysize : 16
max keysize : 32
name : aes
driver : aes-i586
module : aes_i586
priority : 200
type : cipher
blocksize : 16
min keysize : 16
max keysize : 32
name : deflate
driver : deflate-generic
module : deflate
priority : 0
type : compression
name : crc32c
driver : crc32c-generic
module : kernel
priority : 0
type : digest
blocksize : 32
digestsize : 4
name : sha1
driver : sha1-generic
module : kernel
priority : 0
type : digest
blocksize : 64
digestsize : 20
+ __________________________/proc/sys/net/core/xfrm-star
/usr/libexec/ipsec/barf: line 191:
__________________________/proc/sys/net/core/xfrm-star: No such file or
directory
+ for i in '/proc/sys/net/core/xfrm_*'
+ echo -n '/proc/sys/net/core/xfrm_acq_expires: '
/proc/sys/net/core/xfrm_acq_expires: +
cat /proc/sys/net/core/xfrm_acq_expires
30
+ for i in '/proc/sys/net/core/xfrm_*'
+ echo -n '/proc/sys/net/core/xfrm_aevent_etime: '
/proc/sys/net/core/xfrm_aevent_etime: +
cat /proc/sys/net/core/xfrm_aevent_etime
10
+ for i in '/proc/sys/net/core/xfrm_*'
+ echo -n '/proc/sys/net/core/xfrm_aevent_rseqth: '
/proc/sys/net/core/xfrm_aevent_rseqth: +
cat /proc/sys/net/core/xfrm_aevent_rseqth
2
+ for i in '/proc/sys/net/core/xfrm_*'
+ echo -n '/proc/sys/net/core/xfrm_larval_drop: '
/proc/sys/net/core/xfrm_larval_drop: +
cat /proc/sys/net/core/xfrm_larval_drop
0
+ _________________________ /proc/sys/net/ipsec-star
+ test -d /proc/sys/net/ipsec
+ _________________________ ipsec/status
+ ipsec auto --status
000 using kernel interface: netkey
000 interface lo/lo ::1
000 interface lo/lo 127.0.0.1
000 interface lo/lo 127.0.0.1
000 interface eth0/eth0 209.98.199.133
000 interface eth0/eth0 209.98.199.133
000 interface ppp0/ppp0 192.168.234.235
000 interface ppp0/ppp0 192.168.234.235
000 %myid = (none)
000 debug none
000
000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64,
keysizemax=64
000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192,
keysizemax=192
000 algorithm ESP encrypt: id=6, name=ESP_CAST, ivlen=8, keysizemin=40,
keysizemax=128
000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8,
keysizemin=40, keysizemax=448
000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0,
keysizemax=0
000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128,
keysizemax=256
000 algorithm ESP encrypt: id=13, name=ESP_AES_CTR, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=14, name=ESP_AES_CCM_A, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=15, name=ESP_AES_CCM_B, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=16, name=ESP_AES_CCM_C, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=18, name=ESP_AES_GCM_A, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=19, name=ESP_AES_GCM_B, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=20, name=ESP_AES_GCM_C, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5,
keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1,
keysizemin=160, keysizemax=160
000 algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256,
keysizemin=256, keysizemax=256
000 algorithm ESP auth attr: id=8, name=AUTH_ALGORITHM_HMAC_RIPEMD,
keysizemin=160, keysizemax=160
000 algorithm ESP auth attr: id=9, name=AUTH_ALGORITHM_AES_CBC,
keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=251, name=(null), keysizemin=0,
keysizemax=0
000
000 algorithm IKE encrypt: id=0, name=(null), blocksize=16,
keydeflen=131
000 algorithm IKE encrypt: id=3, name=OAKLEY_BLOWFISH_CBC, blocksize=8,
keydeflen=128
000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8,
keydeflen=192
000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16,
keydeflen=128
000 algorithm IKE encrypt: id=65004, name=OAKLEY_SERPENT_CBC,
blocksize=16, keydeflen=128
000 algorithm IKE encrypt: id=65005, name=OAKLEY_TWOFISH_CBC,
blocksize=16, keydeflen=128
000 algorithm IKE encrypt: id=65289, name=OAKLEY_TWOFISH_CBC_SSH,
blocksize=16, keydeflen=128
000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20
000 algorithm IKE hash: id=4, name=OAKLEY_SHA2_256, hashsize=32
000 algorithm IKE hash: id=6, name=OAKLEY_SHA2_512, hashsize=64
000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
000
000 stats db_ops: {curr_cnt, total_cnt, maxsz} :context={0,4,36}
trans={0,4,1080} attrs={0,4,1440}
000
000 "mgi":
209.98.199.133<209.98.199.133>[+S=C]---209.98.199.254...205.132.5.170<205.132.5.170>[+S=C]===192.4.223.0/32; prospective erouted; eroute owner: #0
000 "mgi": myip=unset; hisip=unset;
000 "mgi": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s;
rekey_fuzz: 100%; keyingtries: 3
000 "mgi": policy: PSK+ENCRYPT+TUNNEL+UP+IKEv2ALLOW+lKOD+rKOD; prio:
32,32; interface: eth0;
000 "mgi": newest ISAKMP SA: #1; newest IPsec SA: #0;
000 "mgi": IKE algorithms wanted: 3DES_CBC(5)_000-MD5(1)-MODP1536(5),
3DES_CBC(5)_000-MD5(1)-MODP1024(2); flags=-strict
000 "mgi": IKE algorithms found: 3DES_CBC(5)_192-MD5(1)_128-5,
3DES_CBC(5)_192-MD5(1)_128-2,
000 "mgi": IKE algorithm newest: 3DES_CBC_192-MD5-MODP1024
000 "mgi": ESP algorithms wanted: 3DES(3)_000-MD5(1); flags=-strict
000 "mgi": ESP algorithms loaded: 3DES(3)_192-MD5(1)_128
000
000 #1: "mgi":500 STATE_MAIN_I4 (ISAKMP SA established);
EVENT_SA_REPLACE in 2336s; newest ISAKMP; lastdpd=-1s(seq in:0 out:0);
idle; import:admin initiate
000
+ _________________________ ifconfig-a
+ ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:11:43:D5:43:3E
inet addr:209.98.199.133 Bcast:209.98.199.255
Mask:255.255.254.0
inet6 addr: fe80::211:43ff:fed5:433e/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:17371193 errors:2301 dropped:0 overruns:0
frame:2253
TX packets:701407 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1792861040 (1.6 GiB) TX bytes:189380366 (180.6 MiB)
Interrupt:193
eth1 Link encap:Ethernet HWaddr 00:11:43:D5:43:3F
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Interrupt:201
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:76975 errors:0 dropped:0 overruns:0 frame:0
TX packets:76975 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:7056980 (6.7 MiB) TX bytes:7056980 (6.7 MiB)
ppp0 Link encap:Point-to-Point Protocol
inet addr:192.168.234.235 P-t-P:192.168.234.236
Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:305064 errors:0 dropped:0 overruns:0 frame:0
TX packets:305080 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:20898395 (19.9 MiB) TX bytes:12206414 (11.6 MiB)
sit0 Link encap:IPv6-in-IPv4
NOARP MTU:1480 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
+ _________________________ ip-addr-list
+ ip addr list
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
qlen 1000
link/ether 00:11:43:d5:43:3e brd ff:ff:ff:ff:ff:ff
inet 209.98.199.133/23 brd 209.98.199.255 scope global eth0
inet6 fe80::211:43ff:fed5:433e/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 1000
link/ether 00:11:43:d5:43:3f brd ff:ff:ff:ff:ff:ff
4: sit0: <NOARP> mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0
6: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc
pfifo_fast qlen 3
link/ppp
inet 192.168.234.235 peer 192.168.234.236/32 scope global ppp0
+ _________________________ ip-route-list
+ ip route list
192.168.234.236 dev ppp0 proto kernel scope link src 192.168.234.235
209.98.198.0/23 dev eth0 proto kernel scope link src 209.98.199.133
169.254.0.0/16 dev eth0 scope link
default via 209.98.199.254 dev eth0
+ _________________________ ip-rule-list
+ ip rule list
0: from all lookup 255
32766: from all lookup main
32767: from all lookup default
+ _________________________ ipsec_verify
+ ipsec verify --nocolour
Checking your system to see if IPsec got installed and started
correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.6.14/K2.6.18-92.el5 (netkey)
Checking for IPsec support in kernel [OK]
NETKEY detected, testing for disabled ICMP send_redirects [FAILED]
Please disable /proc/sys/net/ipv4/conf/*/send_redirects
or NETKEY will cause the sending of bogus ICMP redirects!
NETKEY detected, testing for disabled ICMP accept_redirects [FAILED]
Please disable /proc/sys/net/ipv4/conf/*/accept_redirects
or NETKEY will accept bogus ICMP redirects!
Checking for RSA private key (/etc/ipsec.secrets) [OK]
Checking that pluto is running [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking NAT and MASQUERADEing [OK]
Checking for 'ip' command [OK]
Checking for 'iptables' command [OK]
Opportunistic Encryption Support [DISABLED]
+ _________________________ mii-tool
+ '[' -x /sbin/mii-tool ']'
+ /sbin/mii-tool -v
eth0: 100 Mbit, full duplex, link ok
product info: vendor 00:08:18, model 22 rev 2
basic mode: 100 Mbit, full duplex
basic status: link ok
capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
advertising: 100baseTx-FD flow-control
eth1: no link
product info: vendor 00:08:18, model 22 rev 2
basic mode: autonegotiation enabled
basic status: no link
capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
flow-control
+ _________________________ ipsec/directory
+ ipsec --directory
/usr/libexec/ipsec
+ _________________________ hostname/fqdn
+ hostname --fqdn
ruglyweb1.mn2.visi.com
+ _________________________ hostname/ipaddress
+ hostname --ip-address
209.98.199.133
+ _________________________ uptime
+ uptime
11:16:47 up 33 days, 23:48, 2 users, load average: 0.00, 0.00, 0.00
+ _________________________ ps
+ ps alxwf
+ egrep -i 'ppid|pluto|ipsec|klips'
F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME
COMMAND
0 0 9778 6324 25 0 4488 1108 wait S+ pts/0 0:00 |
\_ /bin/sh /usr/libexec/ipsec/barf
0 0 9857 9778 25 0 1832 484 pipe_w S+ pts/0 0:00 |
\_ egrep -i ppid|pluto|ipsec|klips
1 0 9539 1 25 0 2448 416 wait S pts/0
0:00 /bin/sh /usr/libexec/ipsec/_plutorun --debug --uniqueids no
--force_busy no --nocrsend no --strictcrlpolicy --nat_traversal yes
--keep_alive --protostack netkey --force_keepalive
--disable_port_floating --virtual_private --crlcheckinterval 0
--ocspuri --nhelpers --dump --opts --stderrlog --wait no --pre
--post --log daemon.error --plutorestartoncrash false
--pid /var/run/pluto/pluto.pid
1 0 9540 9539 25 0 2448 540 wait S pts/0 0:00
\_ /bin/sh /usr/libexec/ipsec/_plutorun --debug --uniqueids no
--force_busy no --nocrsend no --strictcrlpolicy --nat_traversal yes
--keep_alive --protostack netkey --force_keepalive
--disable_port_floating --virtual_private --crlcheckinterval 0
--ocspuri --nhelpers --dump --opts --stderrlog --wait no --pre
--post --log daemon.error --plutorestartoncrash false
--pid /var/run/pluto/pluto.pid
4 0 9542 9540 15 0 3104 1456 - S pts/0 0:00 |
\_ /usr/libexec/ipsec/pluto --nofork --secretsfile /etc/ipsec.secrets
--use-netkey --nat_traversal
1 0 9554 9542 26 10 3104 724 - SN pts/0 0:00 |
\_ pluto helper #
0
0 0 9567 9542 25 0 1592 288 - S pts/0 0:00 |
\_ _pluto_adns
0 0 9544 9539 25 0 2444 1032 pipe_w S pts/0 0:00
\_ /bin/sh /usr/libexec/ipsec/_plutoload --wait no --post
0 0 9541 1 23 0 1652 492 pipe_w S pts/0 0:00
logger -s -p daemon.error -t ipsec__plutorun
+ _________________________ ipsec/showdefaults
+ ipsec showdefaults
ipsec showdefaults: cannot find defaults file
`/var/run/pluto/ipsec.info'
+ _________________________ ipsec/conf
+ ipsec _include /etc/ipsec.conf
+ ipsec _keycensor
#< /etc/ipsec.conf 1
# /etc/ipsec.conf - Openswan IPsec configuration file
#
# Manual: ipsec.conf.5
#
# Please place your own config files in /etc/ipsec.d/ ending in .conf
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
# Debug-logging controls: "none" for (almost) none, "all" for lots.
# klipsdebug=none
# plutodebug="control parsing"
# For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
protostack=netkey
nat_traversal=yes
#< /etc/ipsec.d/mgi.conf 1
conn mgi
authby=secret
left=209.98.199.133
leftnexthop=209.98.199.254
right=205.132.5.170
rightsubnet=192.4.223.0/32
auto=start
pfs=no
keyexchange=ike
ike=3des-md5
esp=3des-md5
#< /etc/ipsec.d/no_oe.conf 1
# 'include' this file to disable Opportunistic Encryption.
# See /usr/share/doc/openswan/policygroups.html for details.
#
# RCSID $Id: no_oe.conf.in,v 1.2 2004/10/03 19:33:10 paul Exp $
conn block
auto=ignore
conn private
auto=ignore
conn private-or-clear
auto=ignore
conn clear-or-private
auto=ignore
conn clear
auto=ignore
conn packetdefault
auto=ignore
#> /etc/ipsec.conf 19
+ _________________________ ipsec/secrets
+ ipsec _include /etc/ipsec.secrets
+ ipsec _secretcensor
#< /etc/ipsec.secrets 1
#< /etc/ipsec.d/mgi.secrets 1
209.98.199.133 205.132.5.170 : PSK "[sums to 750a...]"
#> /etc/ipsec.secrets 2
+ _________________________ ipsec/listall
+ ipsec auto --listall
000
000 List of Public Keys:
000
000 List of Pre-shared secrets (from /etc/ipsec.secrets)
000 1: PSK 205.132.5.170 209.98.199.133
+ '[' /etc/ipsec.d/policies ']'
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/block
+ base=block
+ _________________________ ipsec/policies/block
+ cat /etc/ipsec.d/policies/block
# This file defines the set of CIDRs (network/mask-length) to which
# communication should never be allowed.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: block.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/clear
+ base=clear
+ _________________________ ipsec/policies/clear
+ cat /etc/ipsec.d/policies/clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be in the clear.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# root name servers should be in the clear
192.58.128.30/32
198.41.0.4/32
192.228.79.201/32
192.33.4.12/32
128.8.10.90/32
192.203.230.10/32
192.5.5.241/32
192.112.36.4/32
128.63.2.53/32
192.36.148.17/32
193.0.14.129/32
199.7.83.42/32
202.12.27.33/32
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/clear-or-private
+ base=clear-or-private
+ _________________________ ipsec/policies/clear-or-private
+ cat /etc/ipsec.d/policies/clear-or-private
# This file defines the set of CIDRs (network/mask-length) to which
# we will communicate in the clear, or, if the other side initiates
IPSEC,
# using encryption. This behaviour is also called "Opportunistic
Responder".
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: clear-or-private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/private
+ base=private
+ _________________________ ipsec/policies/private
+ cat /etc/ipsec.d/policies/private
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be private (i.e. encrypted).
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/private-or-clear
+ base=private-or-clear
+ _________________________ ipsec/policies/private-or-clear
+ cat /etc/ipsec.d/policies/private-or-clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should be private, if possible, but in the clear
otherwise.
#
# If the target has a TXT (later IPSECKEY) record that specifies
# authentication material, we will require private (i.e. encrypted)
# communications. If no such record is found, communications will be
# in the clear.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: private-or-clear.in,v 1.5 2003/02/17 02:22:15 mcr Exp $
#
0.0.0.0/0
+ _________________________ ipsec/ls-libdir
+ ls -l /usr/libexec/ipsec
total 2272
-rwxr-xr-x 1 root root 5996 Jun 6 14:41 _copyright
-rwxr-xr-x 1 root root 2379 Jun 6 14:41 _include
-rwxr-xr-x 1 root root 1475 Jun 6 14:41 _keycensor
-rwxr-xr-x 1 root root 10028 Jun 6 14:41 _pluto_adns
-rwxr-xr-x 1 root root 2632 Jun 6 14:41 _plutoload
-rwxr-xr-x 1 root root 7602 Jun 6 14:41 _plutorun
-rwxr-xr-x 1 root root 13746 Jun 6 14:41 _realsetup
-rwxr-xr-x 1 root root 1975 Jun 6 14:41 _secretcensor
-rwxr-xr-x 1 root root 9752 Jun 6 14:41 _startklips
-rwxr-xr-x 1 root root 9752 Jun 6 14:41 _startklips.old
-rwxr-xr-x 1 root root 4988 Jun 6 14:41 _startnetkey
-rwxr-xr-x 1 root root 4949 Jun 6 14:41 _updown
-rwxr-xr-x 1 root root 14030 Jun 6 14:41 _updown.klips
-rwxr-xr-x 1 root root 14030 Jun 6 14:41 _updown.klips.old
-rwxr-xr-x 1 root root 13739 Jun 6 14:41 _updown.mast
-rwxr-xr-x 1 root root 13739 Jun 6 14:41 _updown.mast.old
-rwxr-xr-x 1 root root 8337 Jun 6 14:41 _updown.netkey
-rwxr-xr-x 1 root root 183808 Jun 6 14:41 addconn
-rwxr-xr-x 1 root root 6129 Jun 6 14:41 auto
-rwxr-xr-x 1 root root 10758 Jun 6 14:41 barf
-rwxr-xr-x 1 root root 90028 Jun 6 14:41 eroute
-rwxr-xr-x 1 root root 20072 Jun 6 14:41 ikeping
-rwxr-xr-x 1 root root 69744 Jun 6 14:41 klipsdebug
-rwxr-xr-x 1 root root 1836 Jun 6 14:41 livetest
-rwxr-xr-x 1 root root 2591 Jun 6 14:41 look
-rwxr-xr-x 1 root root 1921 Jun 6 14:41 newhostkey
-rwxr-xr-x 1 root root 60780 Jun 6 14:41 pf_key
-rwxr-xr-x 1 root root 982244 Jun 6 14:41 pluto
-rwxr-xr-x 1 root root 10176 Jun 6 14:41 ranbits
-rwxr-xr-x 1 root root 20532 Jun 6 14:41 rsasigkey
-rwxr-xr-x 1 root root 766 Jun 6 14:41 secrets
lrwxrwxrwx 1 root root 30 Jun 26 10:24 setup
-> ../../../etc/rc.d/init.d/ipsec
-rwxr-xr-x 1 root root 1054 Jun 6 14:41 showdefaults
-rwxr-xr-x 1 root root 219660 Jun 6 14:41 showhostkey
-rwxr-xr-x 1 root root 22684 Jun 6 14:41 showpolicy
-rwxr-xr-x 1 root root 148008 Jun 6 14:41 spi
-rwxr-xr-x 1 root root 77276 Jun 6 14:41 spigrp
-rwxr-xr-x 1 root root 69384 Jun 6 14:41 tncfg
-rwxr-xr-x 1 root root 12526 Jun 6 14:41 verify
-rwxr-xr-x 1 root root 50568 Jun 6 14:41 whack
+ _________________________ ipsec/ls-execdir
+ ls -l /usr/libexec/ipsec
total 2272
-rwxr-xr-x 1 root root 5996 Jun 6 14:41 _copyright
-rwxr-xr-x 1 root root 2379 Jun 6 14:41 _include
-rwxr-xr-x 1 root root 1475 Jun 6 14:41 _keycensor
-rwxr-xr-x 1 root root 10028 Jun 6 14:41 _pluto_adns
-rwxr-xr-x 1 root root 2632 Jun 6 14:41 _plutoload
-rwxr-xr-x 1 root root 7602 Jun 6 14:41 _plutorun
-rwxr-xr-x 1 root root 13746 Jun 6 14:41 _realsetup
-rwxr-xr-x 1 root root 1975 Jun 6 14:41 _secretcensor
-rwxr-xr-x 1 root root 9752 Jun 6 14:41 _startklips
-rwxr-xr-x 1 root root 9752 Jun 6 14:41 _startklips.old
-rwxr-xr-x 1 root root 4988 Jun 6 14:41 _startnetkey
-rwxr-xr-x 1 root root 4949 Jun 6 14:41 _updown
-rwxr-xr-x 1 root root 14030 Jun 6 14:41 _updown.klips
-rwxr-xr-x 1 root root 14030 Jun 6 14:41 _updown.klips.old
-rwxr-xr-x 1 root root 13739 Jun 6 14:41 _updown.mast
-rwxr-xr-x 1 root root 13739 Jun 6 14:41 _updown.mast.old
-rwxr-xr-x 1 root root 8337 Jun 6 14:41 _updown.netkey
-rwxr-xr-x 1 root root 183808 Jun 6 14:41 addconn
-rwxr-xr-x 1 root root 6129 Jun 6 14:41 auto
-rwxr-xr-x 1 root root 10758 Jun 6 14:41 barf
-rwxr-xr-x 1 root root 90028 Jun 6 14:41 eroute
-rwxr-xr-x 1 root root 20072 Jun 6 14:41 ikeping
-rwxr-xr-x 1 root root 69744 Jun 6 14:41 klipsdebug
-rwxr-xr-x 1 root root 1836 Jun 6 14:41 livetest
-rwxr-xr-x 1 root root 2591 Jun 6 14:41 look
-rwxr-xr-x 1 root root 1921 Jun 6 14:41 newhostkey
-rwxr-xr-x 1 root root 60780 Jun 6 14:41 pf_key
-rwxr-xr-x 1 root root 982244 Jun 6 14:41 pluto
-rwxr-xr-x 1 root root 10176 Jun 6 14:41 ranbits
-rwxr-xr-x 1 root root 20532 Jun 6 14:41 rsasigkey
-rwxr-xr-x 1 root root 766 Jun 6 14:41 secrets
lrwxrwxrwx 1 root root 30 Jun 26 10:24 setup
-> ../../../etc/rc.d/init.d/ipsec
-rwxr-xr-x 1 root root 1054 Jun 6 14:41 showdefaults
-rwxr-xr-x 1 root root 219660 Jun 6 14:41 showhostkey
-rwxr-xr-x 1 root root 22684 Jun 6 14:41 showpolicy
-rwxr-xr-x 1 root root 148008 Jun 6 14:41 spi
-rwxr-xr-x 1 root root 77276 Jun 6 14:41 spigrp
-rwxr-xr-x 1 root root 69384 Jun 6 14:41 tncfg
-rwxr-xr-x 1 root root 12526 Jun 6 14:41 verify
-rwxr-xr-x 1 root root 50568 Jun 6 14:41 whack
+ _________________________ /proc/net/dev
+ cat /proc/net/dev
Inter-| Receive |
Transmit
face |bytes packets errs drop fifo frame compressed multicast|bytes
packets errs drop fifo colls carrier compressed
lo: 7056980 76975 0 0 0 0 0 0
7056980 76975 0 0 0 0 0 0
eth0:1792861040 17371193 2301 0 0 2253 0 1527933
189380366 701407 0 0 0 0 0 0
eth1: 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0
sit0: 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0
ppp0:20898395 305064 0 0 0 0 0 0
12206414 305080 0 0 0 0 0 0
+ _________________________ /proc/net/route
+ cat /proc/net/route
Iface Destination Gateway Flags RefCnt Use Metric Mask MTU Window
IRTT
ppp0 ECEAA8C0 00000000 0005 0 0 0 FFFFFFFF 0 0
0
eth0 00C662D1 00000000 0001 0 0 0 00FEFFFF 0 0
0
eth0 0000FEA9 00000000 0001 0 0 0 0000FFFF 0 0
0
eth0 00000000 FEC762D1 0003 0 0 0 00000000 0 0
0
+ _________________________ /proc/sys/net/ipv4/ip_no_pmtu_disc
+ cat /proc/sys/net/ipv4/ip_no_pmtu_disc
0
+ _________________________ /proc/sys/net/ipv4/ip_forward
+ cat /proc/sys/net/ipv4/ip_forward
1
+ _________________________ /proc/sys/net/ipv4/tcp_ecn
+ cat /proc/sys/net/ipv4/tcp_ecn
0
+ _________________________ /proc/sys/net/ipv4/conf/star-rp_filter
+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/rp_filter default/rp_filter eth0/rp_filter lo/rp_filter
ppp0/rp_filter
all/rp_filter:0
default/rp_filter:1
eth0/rp_filter:1
lo/rp_filter:0
ppp0/rp_filter:1
+ _________________________ /proc/sys/net/ipv4/conf/star-star-redirects
+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/accept_redirects all/secure_redirects all/send_redirects
default/accept_redirects default/secure_redirects default/send_redirects
eth0/accept_redirects eth0/secure_redirects eth0/send_redirects
lo/accept_redirects lo/secure_redirects lo/send_redirects
ppp0/accept_redirects ppp0/secure_redirects ppp0/send_redirects
all/accept_redirects:0
all/secure_redirects:1
all/send_redirects:1
default/accept_redirects:1
default/secure_redirects:1
default/send_redirects:1
eth0/accept_redirects:1
eth0/secure_redirects:1
eth0/send_redirects:1
lo/accept_redirects:1
lo/secure_redirects:1
lo/send_redirects:1
ppp0/accept_redirects:1
ppp0/secure_redirects:1
ppp0/send_redirects:1
+ _________________________ /proc/sys/net/ipv4/tcp_window_scaling
+ cat /proc/sys/net/ipv4/tcp_window_scaling
1
+ _________________________ /proc/sys/net/ipv4/tcp_adv_win_scale
+ cat /proc/sys/net/ipv4/tcp_adv_win_scale
2
+ _________________________ uname-a
+ uname -a
Linux ruglyweb1.mn2.visi.com 2.6.18-92.el5 #1 SMP Tue Apr 29 13:16:12
EDT 2008 i686 i686 i386 GNU/Linux
+ _________________________ config-built-with
+ test -r /proc/config_built_with
+ _________________________ distro-release
+ for distro
in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/redhat-release
+ cat /etc/redhat-release
Red Hat Enterprise Linux Server release 5.2 (Tikanga)
+ for distro
in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/debian-release
+ for distro
in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/SuSE-release
+ for distro
in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/mandrake-release
+ for distro
in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/mandriva-release
+ for distro
in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/gentoo-release
+ _________________________ /proc/net/ipsec_version
+ test -r /proc/net/ipsec_version
+ test -r /proc/net/pfkey
++ uname -r
+ echo 'NETKEY (2.6.18-92.el5) support detected '
NETKEY (2.6.18-92.el5) support detected
+ _________________________ iptables
+ test -r /sbin/iptables
+ iptables -L -v -n
Chain INPUT (policy ACCEPT 5159K packets, 474M bytes)
pkts bytes target prot opt in out source
destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
Chain OUTPUT (policy ACCEPT 370K packets, 42M bytes)
pkts bytes target prot opt in out source
destination
+ _________________________ iptables-nat
+ iptables -t nat -L -v -n
Chain PREROUTING (policy ACCEPT 794K packets, 68M bytes)
pkts bytes target prot opt in out source
destination
Chain POSTROUTING (policy ACCEPT 3157 packets, 268K bytes)
pkts bytes target prot opt in out source
destination
Chain OUTPUT (policy ACCEPT 3157 packets, 268K bytes)
pkts bytes target prot opt in out source
destination
+ _________________________ iptables-mangle
+ iptables -t mangle -L -v -n
Chain PREROUTING (policy ACCEPT 5617K packets, 494M bytes)
pkts bytes target prot opt in out source
destination
Chain INPUT (policy ACCEPT 5159K packets, 474M bytes)
pkts bytes target prot opt in out source
destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
Chain OUTPUT (policy ACCEPT 370K packets, 42M bytes)
pkts bytes target prot opt in out source
destination
Chain POSTROUTING (policy ACCEPT 370K packets, 42M bytes)
pkts bytes target prot opt in out source
destination
+ _________________________ /proc/modules
+ test -f /proc/modules
+ cat /proc/modules
ipcomp6 11977 0 - Live 0xf8c2f000
ipcomp 11465 0 - Live 0xf8c14000
ah6 10433 0 - Live 0xf8bf0000
ah4 10305 0 - Live 0xf8bec000
esp6 12225 0 - Live 0xf8b88000
esp4 12353 0 - Live 0xf8bc2000
xfrm4_tunnel 6593 0 - Live 0xf8bba000
xfrm4_mode_tunnel 6849 0 - Live 0xf8bb7000
xfrm4_mode_transport 6209 0 - Live 0xf8bb1000
xfrm6_mode_transport 6337 0 - Live 0xf8bae000
xfrm6_mode_tunnel 6721 0 - Live 0xf8bab000
af_key 40785 0 - Live 0xf8bd9000
xfrm6_tunnel 11233 1 ipcomp6, Live 0xf8b93000
iptable_mangle 6849 0 - Live 0xf8be4000
iptable_nat 11205 0 - Live 0xf8c64000
ip_nat 20973 1 iptable_nat, Live 0xf8c7a000
ip_conntrack 53025 2 iptable_nat,ip_nat, Live 0xf8c84000
nfnetlink 10713 2 ip_nat,ip_conntrack, Live 0xf8c4c000
iptable_filter 7105 0 - Live 0xf8bc7000
ip_tables 17029 3 iptable_mangle,iptable_nat,iptable_filter, Live
0xf8c6d000
xt_tcpudp 7105 0 - Live 0xf8c6a000
ipt_REJECT 9537 0 - Live 0xf8c50000
x_tables 17349 4 iptable_nat,ip_tables,xt_tcpudp,ipt_REJECT, Live
0xf8c5e000
ccm 13505 0 - Live 0xf8c39000
serpent 29249 0 - Live 0xf8c55000
blowfish 12609 0 - Live 0xf8c34000
twofish 46017 0 - Live 0xf8c3f000
ecb 7617 0 - Live 0xf8c2c000
xcbc 9921 0 - Live 0xf8c28000
crypto_hash 6337 1 xcbc, Live 0xf8c1f000
cbc 8257 0 - Live 0xf8c1b000
crypto_blkcipher 17601 3 ccm,ecb,cbc, Live 0xf8c22000
md5 8129 0 - Live 0xf8c18000
sha256 15297 0 - Live 0xf8be7000
sha512 13121 0 - Live 0xf8c0f000
des 20417 0 - Live 0xf8bf4000
aes_generic 31745 0 - Live 0xf8c06000
aes_i586 37057 0 - Live 0xf8bfb000
xfrm6_esp 9537 1 esp6, Live 0xf8bd5000
xfrm4_esp 9793 1 esp4, Live 0xf8bca000
aead 11841 3 esp6,esp4,ccm, Live 0xf8af1000
crypto_algapi 21185 6 ccm,ecb,xcbc,cbc,crypto_blkcipher,aead, Live
0xf8bce000
tunnel4 7365 1 xfrm4_tunnel, Live 0xf8bb4000
tunnel6 7365 1 xfrm6_tunnel, Live 0xf8b85000
deflate 7873 0 - Live 0xf891d000
zlib_deflate 21977 1 deflate, Live 0xf8b8c000
mptctl 31301 1 - Live 0xf8aad000
mptbase 75109 1 mptctl, Live 0xf8b97000
ipmi_devintf 13129 2 - Live 0xf8aec000
ipmi_si 42317 1 - Live 0xf8b67000
ipmi_msghandler 39153 2 ipmi_devintf,ipmi_si, Live 0xf8b74000
dell_rbu 11533 0 - Live 0xf89a5000
autofs4 24517 2 - Live 0xf8ae5000
hidp 23105 2 - Live 0xf8ace000
rfcomm 42457 0 - Live 0xf8b5b000
l2cap 29505 8 hidp,rfcomm, Live 0xf8ac5000
bluetooth 53797 5 hidp,rfcomm,l2cap, Live 0xf8ad6000
ppp_async 15169 1 - Live 0xf8ac0000
ppp_generic 30037 5 ppp_async, Live 0xf8ab7000
slhc 10561 1 ppp_generic, Live 0xf8aa9000
crc_ccitt 6337 1 ppp_async, Live 0xf8965000
sunrpc 144893 1 - Live 0xf8b36000
ipv6 258273 46
ipcomp6,ah6,esp6,xfrm6_mode_transport,xfrm6_tunnel,xfrm6_esp,tunnel6,
Live 0xf8af5000
xfrm_nalgo 13765 7 ah6,ah4,esp6,esp4,xfrm6_esp,xfrm4_esp,ipv6, Live
0xf895c000
crypto_api 11969 9
ah6,ah4,esp6,esp4,ccm,crypto_blkcipher,aead,crypto_algapi,xfrm_nalgo,
Live 0xf89a1000
dm_multipath 22089 0 - Live 0xf89a9000
video 21193 0 - Live 0xf8994000
sbs 18533 0 - Live 0xf899b000
backlight 10049 1 video, Live 0xf8990000
i2c_ec 9025 1 sbs, Live 0xf898c000
button 10705 0 - Live 0xf8961000
battery 13637 0 - Live 0xf88ed000
asus_acpi 19288 0 - Live 0xf8986000
ac 9157 0 - Live 0xf88fc000
parport_pc 29157 0 - Live 0xf897d000
lp 15849 0 - Live 0xf8845000
parport 37513 2 parport_pc,lp, Live 0xf8972000
sg 36189 0 - Live 0xf8968000
floppy 57125 0 - Live 0xf8931000
pcspkr 7105 0 - Live 0xf88ea000
ide_cd 40033 0 - Live 0xf8951000
scb2_flash 8525 0 - Live 0xf88b4000
mtdcore 9989 1 scb2_flash, Live 0xf88e6000
cdrom 36705 1 ide_cd, Live 0xf88f2000
chipreg 7361 1 scb2_flash, Live 0xf8881000
i2c_piix4 12237 0 - Live 0xf88e2000
tg3 107717 0 - Live 0xf8901000
serio_raw 10693 0 - Live 0xf884a000
i2c_core 23745 2 i2c_ec,i2c_piix4, Live 0xf88db000
dm_snapshot 21477 0 - Live 0xf88ad000
dm_zero 6209 0 - Live 0xf881f000
dm_mirror 29125 0 - Live 0xf88a4000
dm_mod 61405 13 dm_multipath,dm_snapshot,dm_zero,dm_mirror, Live
0xf88cb000
aacraid 63813 4 - Live 0xf88ba000
sd_mod 24897 3 - Live 0xf883d000
scsi_mod 134605 4 mptctl,sg,aacraid,sd_mod, Live 0xf885f000
ext3 123593 4 - Live 0xf8884000
jbd 56553 1 ext3, Live 0xf8850000
uhci_hcd 25421 0 - Live 0xf8835000
ohci_hcd 23261 0 - Live 0xf882e000
ehci_hcd 33357 0 - Live 0xf8824000
+ _________________________ /proc/meminfo
+ cat /proc/meminfo
MemTotal: 1035180 kB
MemFree: 294500 kB
Buffers: 311512 kB
Cached: 293976 kB
SwapCached: 1464 kB
Active: 503956 kB
Inactive: 186884 kB
HighTotal: 130944 kB
HighFree: 244 kB
LowTotal: 904236 kB
LowFree: 294256 kB
SwapTotal: 2031608 kB
SwapFree: 2027952 kB
Dirty: 16 kB
Writeback: 0 kB
AnonPages: 84284 kB
Mapped: 25956 kB
Slab: 38928 kB
PageTables: 2756 kB
NFS_Unstable: 0 kB
Bounce: 0 kB
CommitLimit: 2549196 kB
Committed_AS: 594588 kB
VmallocTotal: 114680 kB
VmallocUsed: 4628 kB
VmallocChunk: 109932 kB
HugePages_Total: 0
HugePages_Free: 0
HugePages_Rsvd: 0
Hugepagesize: 4096 kB
+ _________________________ /proc/net/ipsec-ls
+ test -f /proc/net/ipsec_version
+ _________________________ usr/src/linux/.config
+ test -f /proc/config.gz
++ uname -r
+ test -f /lib/modules/2.6.18-92.el5/build/.config
++ uname -r
+ egrep 'CONFIG_IPSEC|CONFIG_KLIPS|CONFIG_NET_KEY|CONFIG_INET|CONFIG_IP|
CONFIG_HW_RANDOM|CONFIG_CRYPTO_DEV|_XFRM'
+ cat /lib/modules/2.6.18-92.el5/build/.config
CONFIG_XFRM=y
CONFIG_XFRM_NALGO=m
CONFIG_XFRM_USER=y
CONFIG_NET_KEY=m
CONFIG_INET=y
CONFIG_IP_MULTICAST=y
CONFIG_IP_ADVANCED_ROUTER=y
# CONFIG_IP_FIB_TRIE is not set
CONFIG_IP_FIB_HASH=y
CONFIG_IP_MULTIPLE_TABLES=y
CONFIG_IP_ROUTE_FWMARK=y
CONFIG_IP_ROUTE_MULTIPATH=y
# CONFIG_IP_ROUTE_MULTIPATH_CACHED is not set
CONFIG_IP_ROUTE_VERBOSE=y
# CONFIG_IP_PNP is not set
CONFIG_IP_MROUTE=y
CONFIG_IP_PIMSM_V1=y
CONFIG_IP_PIMSM_V2=y
CONFIG_INET_AH=m
CONFIG_INET_ESP=m
CONFIG_INET_IPCOMP=m
CONFIG_INET_XFRM_TUNNEL=m
CONFIG_INET_TUNNEL=m
CONFIG_INET_XFRM_MODE_TRANSPORT=m
CONFIG_INET_XFRM_MODE_TUNNEL=m
CONFIG_INET_DIAG=m
CONFIG_INET_TCP_DIAG=m
CONFIG_IP_VS=m
# CONFIG_IP_VS_DEBUG is not set
CONFIG_IP_VS_TAB_BITS=12
CONFIG_IP_VS_PROTO_TCP=y
CONFIG_IP_VS_PROTO_UDP=y
CONFIG_IP_VS_PROTO_ESP=y
CONFIG_IP_VS_PROTO_AH=y
CONFIG_IP_VS_RR=m
CONFIG_IP_VS_WRR=m
CONFIG_IP_VS_LC=m
CONFIG_IP_VS_WLC=m
CONFIG_IP_VS_LBLC=m
CONFIG_IP_VS_LBLCR=m
CONFIG_IP_VS_DH=m
CONFIG_IP_VS_SH=m
CONFIG_IP_VS_SED=m
CONFIG_IP_VS_NQ=m
CONFIG_IP_VS_FTP=m
CONFIG_IPV6=m
CONFIG_IPV6_PRIVACY=y
CONFIG_IPV6_ROUTER_PREF=y
CONFIG_IPV6_ROUTE_INFO=y
CONFIG_IPV6_OPTIMISTIC_DAD=y
CONFIG_INET6_AH=m
CONFIG_INET6_ESP=m
CONFIG_INET6_IPCOMP=m
CONFIG_INET6_XFRM_TUNNEL=m
CONFIG_INET6_TUNNEL=m
CONFIG_INET6_XFRM_MODE_TRANSPORT=m
CONFIG_INET6_XFRM_MODE_TUNNEL=m
CONFIG_IPV6_TUNNEL=m
# CONFIG_IPV6_SUBTREES is not set
CONFIG_IPV6_MULTIPLE_TABLES=y
CONFIG_IPV6_ROUTE_FWMARK=y
CONFIG_IP_NF_CONNTRACK=m
CONFIG_IP_NF_CT_ACCT=y
CONFIG_IP_NF_CONNTRACK_MARK=y
CONFIG_IP_NF_CONNTRACK_SECMARK=y
CONFIG_IP_NF_CONNTRACK_EVENTS=y
CONFIG_IP_NF_CONNTRACK_NETLINK=m
CONFIG_IP_NF_CT_PROTO_SCTP=m
CONFIG_IP_NF_FTP=m
CONFIG_IP_NF_IRC=m
CONFIG_IP_NF_NETBIOS_NS=m
CONFIG_IP_NF_TFTP=m
CONFIG_IP_NF_AMANDA=m
CONFIG_IP_NF_PPTP=m
CONFIG_IP_NF_H323=m
CONFIG_IP_NF_SIP=m
CONFIG_IP_NF_QUEUE=m
CONFIG_IP_NF_IPTABLES=m
CONFIG_IP_NF_MATCH_IPRANGE=m
CONFIG_IP_NF_MATCH_TOS=m
CONFIG_IP_NF_MATCH_RECENT=m
CONFIG_IP_NF_MATCH_ECN=m
CONFIG_IP_NF_MATCH_DSCP=m
CONFIG_IP_NF_MATCH_AH=m
CONFIG_IP_NF_MATCH_TTL=m
CONFIG_IP_NF_MATCH_OWNER=m
CONFIG_IP_NF_MATCH_ADDRTYPE=m
CONFIG_IP_NF_MATCH_HASHLIMIT=m
CONFIG_IP_NF_FILTER=m
CONFIG_IP_NF_TARGET_REJECT=m
CONFIG_IP_NF_TARGET_LOG=m
CONFIG_IP_NF_TARGET_ULOG=m
CONFIG_IP_NF_TARGET_TCPMSS=m
CONFIG_IP_NF_NAT=m
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=m
CONFIG_IP_NF_TARGET_REDIRECT=m
CONFIG_IP_NF_TARGET_NETMAP=m
CONFIG_IP_NF_TARGET_SAME=m
CONFIG_IP_NF_NAT_SNMP_BASIC=m
CONFIG_IP_NF_NAT_IRC=m
CONFIG_IP_NF_NAT_FTP=m
CONFIG_IP_NF_NAT_TFTP=m
CONFIG_IP_NF_NAT_AMANDA=m
CONFIG_IP_NF_NAT_PPTP=m
CONFIG_IP_NF_NAT_H323=m
CONFIG_IP_NF_NAT_SIP=m
CONFIG_IP_NF_MANGLE=m
CONFIG_IP_NF_TARGET_TOS=m
CONFIG_IP_NF_TARGET_ECN=m
CONFIG_IP_NF_TARGET_DSCP=m
CONFIG_IP_NF_TARGET_TTL=m
CONFIG_IP_NF_TARGET_CLUSTERIP=m
CONFIG_IP_NF_RAW=m
CONFIG_IP_NF_ARPTABLES=m
CONFIG_IP_NF_ARPFILTER=m
CONFIG_IP_NF_ARP_MANGLE=m
CONFIG_IP6_NF_QUEUE=m
CONFIG_IP6_NF_IPTABLES=m
CONFIG_IP6_NF_MATCH_RT=m
CONFIG_IP6_NF_MATCH_OPTS=m
CONFIG_IP6_NF_MATCH_FRAG=m
CONFIG_IP6_NF_MATCH_HL=m
CONFIG_IP6_NF_MATCH_OWNER=m
CONFIG_IP6_NF_MATCH_IPV6HEADER=m
CONFIG_IP6_NF_MATCH_AH=m
CONFIG_IP6_NF_MATCH_EUI64=m
CONFIG_IP6_NF_FILTER=m
CONFIG_IP6_NF_TARGET_LOG=m
CONFIG_IP6_NF_TARGET_REJECT=m
CONFIG_IP6_NF_MANGLE=m
CONFIG_IP6_NF_TARGET_HL=m
CONFIG_IP6_NF_RAW=m
CONFIG_IP_DCCP=m
CONFIG_INET_DCCP_DIAG=m
CONFIG_IP_DCCP_ACKVEC=y
CONFIG_IP_DCCP_CCID2=m
CONFIG_IP_DCCP_CCID3=m
CONFIG_IP_DCCP_TFRC_LIB=m
# CONFIG_IP_DCCP_DEBUG is not set
CONFIG_IP_SCTP=m
# CONFIG_IPX is not set
CONFIG_IPW2100=m
CONFIG_IPW2100_MONITOR=y
# CONFIG_IPW2100_DEBUG is not set
CONFIG_IPW2200=m
CONFIG_IPW2200_MONITOR=y
CONFIG_IPW2200_RADIOTAP=y
CONFIG_IPW2200_PROMISCUOUS=y
CONFIG_IPW2200_QOS=y
# CONFIG_IPW2200_DEBUG is not set
CONFIG_IPPP_FILTER=y
CONFIG_IPMI_HANDLER=m
CONFIG_IPMI_PANIC_EVENT=y
CONFIG_IPMI_PANIC_STRING=y
CONFIG_IPMI_DEVICE_INTERFACE=m
CONFIG_IPMI_SI=m
CONFIG_IPMI_WATCHDOG=m
CONFIG_IPMI_POWEROFF=m
CONFIG_HW_RANDOM=y
CONFIG_HW_RANDOM_INTEL=m
CONFIG_HW_RANDOM_AMD=m
CONFIG_HW_RANDOM_GEODE=m
CONFIG_HW_RANDOM_VIA=m
CONFIG_SECURITY_NETWORK_XFRM=y
CONFIG_CRYPTO_DEV_PADLOCK=m
CONFIG_CRYPTO_DEV_PADLOCK_AES=y
+ _________________________ etc/syslog.conf
+ _________________________ etc/syslog-ng/syslog-ng.conf
+ cat /etc/syslog-ng/syslog-ng.conf
cat: /etc/syslog-ng/syslog-ng.conf: No such file or directory
+ cat /etc/syslog.conf
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* -/var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg *
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log
+ _________________________ etc/resolv.conf
+ cat /etc/resolv.conf
nameserver 209.98.98.98
nameserver 208.42.42.42
+ _________________________ lib/modules-ls
+ ls -ltr /lib/modules
total 16
drwxr-xr-x 6 root root 4096 May 23 03:56 2.6.18-8.el5
drwxr-xr-x 6 root root 4096 May 23 04:47 2.6.18-92.el5
+ _________________________ /proc/ksyms-netif_rx
+ test -r /proc/ksyms
+ test -r /proc/kallsyms
+ egrep netif_rx /proc/kallsyms
c05adf9f T __netif_rx_schedule
c05aece6 T netif_rx
c05b0090 T netif_rx_ni
c05aece6 U netif_rx [xfrm6_esp]
c05aece6 U netif_rx [xfrm4_esp]
c05aece6 U netif_rx [ppp_generic]
c05aece6 U netif_rx [ipv6]
c05adf9f U __netif_rx_schedule [tg3]
+ _________________________ lib/modules-netif_rx
+ modulegoo kernel/net/ipv4/ipip.o netif_rx
+ set +x
2.6.18-8.el5:
2.6.18-92.el5:
+ _________________________ kern.debug
+ test -f /var/log/kern.debug
+ _________________________ klog
+ sed -n '424,$p' /var/log/messages
+ egrep -i 'ipsec|klips|pluto'
+ case "$1" in
+ cat
Jun 26 11:09:12 ruglyweb1 ipsec_setup: Starting Openswan IPsec
U2.6.14/K2.6.18-92.el5...
Jun 26 11:09:12 ruglyweb1 ipsec_setup:
Jun 26 11:09:12 ruglyweb1 ipsec_setup:
Jun 26 11:09:12 ruglyweb1 ipsec__plutorun: 002 added connection
description "mgi"
Jun 26 11:09:12 ruglyweb1 ipsec__plutorun: 000 "mgi": request to add a
prospective erouted policy with netkey kernel --- experimental
Jun 26 11:09:12 ruglyweb1 ipsec__plutorun: 104 "mgi" #1: STATE_MAIN_I1:
initiate
+ _________________________ plog
+ sed -n '40890,$p' /var/log/secure
+ egrep -i pluto
+ case "$1" in
+ cat
Jun 26 11:09:12 ruglyweb1 ipsec__plutorun: Starting Pluto subsystem...
Jun 26 11:09:12 ruglyweb1 pluto[9542]: Starting Pluto (Openswan Version
2.6.14; Vendor ID OEoSJUweaqAX) pid:9542
Jun 26 11:09:12 ruglyweb1 pluto[9542]: Setting NAT-Traversal port-4500
floating to on
Jun 26 11:09:12 ruglyweb1 pluto[9542]: port floating activation
criteria nat_t=1/port_float=1
Jun 26 11:09:12 ruglyweb1 pluto[9542]: including NAT-Traversal patch
(Version 0.6c)
Jun 26 11:09:12 ruglyweb1 pluto[9542]: using /dev/urandom as source of
random entropy
Jun 26 11:09:12 ruglyweb1 pluto[9542]: ike_alg_register_enc():
Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
Jun 26 11:09:12 ruglyweb1 pluto[9542]: ike_alg_register_enc():
Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
Jun 26 11:09:12 ruglyweb1 pluto[9542]: ike_alg_register_enc():
Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
Jun 26 11:09:12 ruglyweb1 pluto[9542]: ike_alg_register_enc():
Activating OAKLEY_AES_CBC: Ok (ret=0)
Jun 26 11:09:12 ruglyweb1 pluto[9542]: ike_alg_register_enc():
Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
Jun 26 11:09:12 ruglyweb1 pluto[9542]: ike_alg_register_hash():
Activating OAKLEY_SHA2_512: Ok (ret=0)
Jun 26 11:09:12 ruglyweb1 pluto[9542]: ike_alg_register_hash():
Activating OAKLEY_SHA2_256: Ok (ret=0)
Jun 26 11:09:12 ruglyweb1 pluto[9542]: starting up 1 cryptographic
helpers
Jun 26 11:09:12 ruglyweb1 pluto[9554]: using /dev/urandom as source of
random entropy
Jun 26 11:09:12 ruglyweb1 pluto[9542]: started helper pid=9554 (fd:7)
Jun 26 11:09:12 ruglyweb1 pluto[9542]: Using Linux 2.6 IPsec interface
code on 2.6.18-92.el5 (experimental code)
Jun 26 11:09:12 ruglyweb1 pluto[9542]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jun 26 11:09:12 ruglyweb1 pluto[9542]: ike_alg_register_enc():
Activating <NULL>: Ok (ret=0)
Jun 26 11:09:12 ruglyweb1 pluto[9542]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jun 26 11:09:12 ruglyweb1 pluto[9542]: ike_alg_add(): ERROR: Algorithm
already exists
Jun 26 11:09:12 ruglyweb1 pluto[9542]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jun 26 11:09:12 ruglyweb1 pluto[9542]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jun 26 11:09:12 ruglyweb1 pluto[9542]: ike_alg_add(): ERROR: Algorithm
already exists
Jun 26 11:09:12 ruglyweb1 pluto[9542]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jun 26 11:09:12 ruglyweb1 pluto[9542]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jun 26 11:09:12 ruglyweb1 pluto[9542]: ike_alg_add(): ERROR: Algorithm
already exists
Jun 26 11:09:12 ruglyweb1 pluto[9542]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jun 26 11:09:12 ruglyweb1 pluto[9542]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jun 26 11:09:12 ruglyweb1 pluto[9542]: ike_alg_add(): ERROR: Algorithm
already exists
Jun 26 11:09:12 ruglyweb1 pluto[9542]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jun 26 11:09:12 ruglyweb1 pluto[9542]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jun 26 11:09:12 ruglyweb1 pluto[9542]: ike_alg_add(): ERROR: Algorithm
already exists
Jun 26 11:09:12 ruglyweb1 pluto[9542]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jun 26 11:09:12 ruglyweb1 pluto[9542]: Could not change to directory
'/etc/ipsec.d/cacerts': /
Jun 26 11:09:12 ruglyweb1 pluto[9542]: Could not change to directory
'/etc/ipsec.d/aacerts': /
Jun 26 11:09:12 ruglyweb1 pluto[9542]: Could not change to directory
'/etc/ipsec.d/ocspcerts': /
Jun 26 11:09:12 ruglyweb1 pluto[9542]: Could not change to directory
'/etc/ipsec.d/crls'
Jun 26 11:09:12 ruglyweb1 pluto[9542]: Changing back to directory '/'
failed - (2 No such file or directory)
Jun 26 11:09:12 ruglyweb1 pluto[9542]: Changing back to directory '/'
failed - (2 No such file or directory)
Jun 26 11:09:12 ruglyweb1 pluto[9542]: added connection description
"mgi"
Jun 26 11:09:12 ruglyweb1 pluto[9542]: listening for IKE messages
Jun 26 11:09:12 ruglyweb1 pluto[9542]: adding interface ppp0/ppp0
192.168.234.235:500
Jun 26 11:09:12 ruglyweb1 pluto[9542]: adding interface ppp0/ppp0
192.168.234.235:4500
Jun 26 11:09:12 ruglyweb1 pluto[9542]: adding interface eth0/eth0
209.98.199.133:500
Jun 26 11:09:12 ruglyweb1 pluto[9542]: adding interface eth0/eth0
209.98.199.133:4500
Jun 26 11:09:12 ruglyweb1 pluto[9542]: adding interface lo/lo
127.0.0.1:500
Jun 26 11:09:12 ruglyweb1 pluto[9542]: adding interface lo/lo
127.0.0.1:4500
Jun 26 11:09:12 ruglyweb1 pluto[9542]: adding interface lo/lo ::1:500
Jun 26 11:09:12 ruglyweb1 pluto[9542]: loading secrets from
"/etc/ipsec.secrets"
Jun 26 11:09:12 ruglyweb1 pluto[9542]: loading secrets from
"/etc/ipsec.d/mgi.secrets"
Jun 26 11:09:12 ruglyweb1 pluto[9542]: "mgi": request to add a
prospective erouted policy with netkey kernel --- experimental
Jun 26 11:09:12 ruglyweb1 pluto[9542]: "mgi" #1: initiating Main Mode
Jun 26 11:09:12 ruglyweb1 pluto[9542]: "mgi" #1: received Vendor ID
payload [draft-ietf-ipsec-nat-t-ike-03] method set to=108
Jun 26 11:09:12 ruglyweb1 pluto[9542]: "mgi" #1: enabling possible
NAT-traversal with method draft-ietf-ipsec-nat-t-ike-05
Jun 26 11:09:12 ruglyweb1 pluto[9542]: "mgi" #1: transition from state
STATE_MAIN_I1 to state STATE_MAIN_I2
Jun 26 11:09:12 ruglyweb1 pluto[9542]: "mgi" #1: STATE_MAIN_I2: sent
MI2, expecting MR2
Jun 26 11:09:12 ruglyweb1 pluto[9542]: "mgi" #1: received Vendor ID
payload [Cisco-Unity]
Jun 26 11:09:12 ruglyweb1 pluto[9542]: "mgi" #1: received Vendor ID
payload [Dead Peer Detection]
Jun 26 11:09:12 ruglyweb1 pluto[9542]: "mgi" #1: ignoring unknown Vendor
ID payload [0f90614df2b50cfd9ef5c2e0ff2413ed]
Jun 26 11:09:12 ruglyweb1 pluto[9542]: "mgi" #1: received Vendor ID
payload [XAUTH]
Jun 26 11:09:12 ruglyweb1 pluto[9542]: "mgi" #1: NAT-Traversal: Result
using draft-ietf-ipsec-nat-t-ike-02/03: no NAT detected
Jun 26 11:09:12 ruglyweb1 pluto[9542]: "mgi" #1: transition from state
STATE_MAIN_I2 to state STATE_MAIN_I3
Jun 26 11:09:12 ruglyweb1 pluto[9542]: "mgi" #1: STATE_MAIN_I3: sent
MI3, expecting MR3
Jun 26 11:09:12 ruglyweb1 pluto[9542]: "mgi" #1: Main mode peer ID is
ID_IPV4_ADDR: '205.132.5.170'
Jun 26 11:09:12 ruglyweb1 pluto[9542]: "mgi" #1: transition from state
STATE_MAIN_I3 to state STATE_MAIN_I4
Jun 26 11:09:12 ruglyweb1 pluto[9542]: "mgi" #1: STATE_MAIN_I4: ISAKMP
SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192
prf=oakley_md5 group=modp1024}
Jun 26 11:09:12 ruglyweb1 pluto[9542]: "mgi" #1: alloc_bytes1() was
mistakenly asked to malloc 0 bytes for st_skey_ar in duplicate_state,
please report to dev at openswan.org
Jun 26 11:09:12 ruglyweb1 pluto[9542]: "mgi" #1: alloc_bytes1() was
mistakenly asked to malloc 0 bytes for st_skey_er in duplicate_state,
please report to dev at openswan.org
Jun 26 11:09:12 ruglyweb1 pluto[9542]: "mgi" #1: alloc_bytes1() was
mistakenly asked to malloc 0 bytes for st_skey_pi in duplicate_state,
please report to dev at openswan.org
Jun 26 11:09:12 ruglyweb1 pluto[9542]: "mgi" #1: alloc_bytes1() was
mistakenly asked to malloc 0 bytes for st_skey_pr in duplicate_state,
please report to dev at openswan.org
Jun 26 11:09:12 ruglyweb1 pluto[9542]: "mgi" #2: initiating Quick Mode
PSK+ENCRYPT+TUNNEL+UP+IKEv2ALLOW {using isakmp#1 msgid:144edaad
proposal=3DES(3)_192-MD5(1)_128 pfsgroup=no-pfs}
Jun 26 11:09:12 ruglyweb1 pluto[9542]: "mgi" #1: ignoring informational
payload, type NO_PROPOSAL_CHOSEN msgid=00000000
Jun 26 11:09:12 ruglyweb1 pluto[9542]: "mgi" #1: received and ignored
informational message
Jun 26 11:10:22 ruglyweb1 pluto[9542]: "mgi" #2: max number of
retransmissions (2) reached STATE_QUICK_I1. No acceptable response to
our first Quick Mode message: perhaps peer likes no proposal
Jun 26 11:10:22 ruglyweb1 pluto[9542]: "mgi" #2: starting keying attempt
2 of at most 3
Jun 26 11:10:22 ruglyweb1 pluto[9542]: "mgi" #2: alloc_bytes1() was
mistakenly asked to malloc 0 bytes for st_skey_ar in duplicate_state,
please report to dev at openswan.org
Jun 26 11:10:22 ruglyweb1 pluto[9542]: "mgi" #2: alloc_bytes1() was
mistakenly asked to malloc 0 bytes for st_skey_er in duplicate_state,
please report to dev at openswan.org
Jun 26 11:10:22 ruglyweb1 pluto[9542]: "mgi" #2: alloc_bytes1() was
mistakenly asked to malloc 0 bytes for st_skey_pi in duplicate_state,
please report to dev at openswan.org
Jun 26 11:10:22 ruglyweb1 pluto[9542]: "mgi" #2: alloc_bytes1() was
mistakenly asked to malloc 0 bytes for st_skey_pr in duplicate_state,
please report to dev at openswan.org
Jun 26 11:10:22 ruglyweb1 pluto[9542]: "mgi" #3: initiating Quick Mode
PSK+ENCRYPT+TUNNEL+UP+IKEv2ALLOW to replace #2 {using isakmp#1
msgid:ec8b14cc proposal=3DES(3)_192-MD5(1)_128 pfsgroup=no-pfs}
Jun 26 11:10:22 ruglyweb1 pluto[9542]: "mgi" #1: ignoring informational
payload, type NO_PROPOSAL_CHOSEN msgid=00000000
Jun 26 11:10:22 ruglyweb1 pluto[9542]: "mgi" #1: received and ignored
informational message
Jun 26 11:11:32 ruglyweb1 pluto[9542]: "mgi" #3: max number of
retransmissions (2) reached STATE_QUICK_I1. No acceptable response to
our first Quick Mode message: perhaps peer likes no proposal
Jun 26 11:11:32 ruglyweb1 pluto[9542]: "mgi" #3: starting keying attempt
3 of at most 3
Jun 26 11:11:32 ruglyweb1 pluto[9542]: "mgi" #3: alloc_bytes1() was
mistakenly asked to malloc 0 bytes for st_skey_ar in duplicate_state,
please report to dev at openswan.org
Jun 26 11:11:32 ruglyweb1 pluto[9542]: "mgi" #3: alloc_bytes1() was
mistakenly asked to malloc 0 bytes for st_skey_er in duplicate_state,
please report to dev at openswan.org
Jun 26 11:11:32 ruglyweb1 pluto[9542]: "mgi" #3: alloc_bytes1() was
mistakenly asked to malloc 0 bytes for st_skey_pi in duplicate_state,
please report to dev at openswan.org
Jun 26 11:11:32 ruglyweb1 pluto[9542]: "mgi" #3: alloc_bytes1() was
mistakenly asked to malloc 0 bytes for st_skey_pr in duplicate_state,
please report to dev at openswan.org
Jun 26 11:11:32 ruglyweb1 pluto[9542]: "mgi" #4: initiating Quick Mode
PSK+ENCRYPT+TUNNEL+UP+IKEv2ALLOW to replace #3 {using isakmp#1
msgid:dc18ab8c proposal=3DES(3)_192-MD5(1)_128 pfsgroup=no-pfs}
Jun 26 11:11:32 ruglyweb1 pluto[9542]: "mgi" #1: ignoring informational
payload, type NO_PROPOSAL_CHOSEN msgid=00000000
Jun 26 11:11:32 ruglyweb1 pluto[9542]: "mgi" #1: received and ignored
informational message
Jun 26 11:12:42 ruglyweb1 pluto[9542]: "mgi" #4: max number of
retransmissions (2) reached STATE_QUICK_I1. No acceptable response to
our first Quick Mode message: perhaps peer likes no proposal
+ _________________________ date
+ date
Thu Jun 26 11:16:47 CDT 2008
More information about the Users
mailing list