[Openswan Users] Feb 7 12:54:11 u15320172 pluto[5141]: FATAL ERROR: Failed to bind bcast socket in init_netlink() - Perhaps kernel was not compiled with CONFIG_XFRM. Errno 2: No such file or directory
Jose Estuardo Avila
tachu at yuku.com
Sat Feb 7 16:15:34 EST 2009
I installed openswan from a distro package for centos 5.2 installed
all dependencies and configured a connection when i restart ipsec and
do ipsec veriry i get errors on pluto saying its not running.
ipsec verify:
Version check and ipsec on-path [OK]
Linux Openswan U2.6.14/K2.6.27.4rootserver-20081028a (netkey)
Checking for IPsec support in kernel [OK]
NETKEY detected, testing for disabled ICMP send_redirects [OK]
NETKEY detected, testing for disabled ICMP accept_redirects [OK]
Checking for RSA private key (/etc/ipsec.secrets) [OK]
Checking that pluto is running [FAILED]
whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
Two or more interfaces found, checking IP forwarding [FAILED]
whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
Checking for 'ip' command [OK]
Checking for 'iptables' command [OK]
when i check secure.log i get the following
Feb 7 12:54:11 u15320172 ipsec__plutorun: Starting Pluto subsystem...
Feb 7 12:54:11 u15320172 pluto[5141]: Starting Pluto (Openswan
Version 2.6.14; Vendor ID OEoSJUweaqAX) pid:5141
Feb 7 12:54:11 u15320172 pluto[5141]: Setting NAT-Traversal port-4500
floating to on
Feb 7 12:54:11 u15320172 pluto[5141]: port floating activation
criteria nat_t=1/port_float=1
Feb 7 12:54:11 u15320172 pluto[5141]: including NAT-Traversal
patch (Version 0.6c)
Feb 7 12:54:11 u15320172 pluto[5141]: | opening /dev/urandom
Feb 7 12:54:11 u15320172 pluto[5141]: using /dev/urandom as source of
random entropy
Feb 7 12:54:11 u15320172 pluto[5141]: | inserting event
EVENT_REINIT_SECRET, timeout in 3600 seconds
Feb 7 12:54:11 u15320172 pluto[5141]: | inserting event
EVENT_PENDING_PHASE2, timeout in 120 seconds
Feb 7 12:54:11 u15320172 pluto[5141]: ike_alg_register_enc():
Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
Feb 7 12:54:11 u15320172 pluto[5141]: ike_alg_register_enc():
Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
Feb 7 12:54:11 u15320172 pluto[5141]: ike_alg_register_enc():
Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
Feb 7 12:54:11 u15320172 pluto[5141]: ike_alg_register_enc():
Activating OAKLEY_AES_CBC: Ok (ret=0)
Feb 7 12:54:11 u15320172 pluto[5141]: ike_alg_register_enc():
Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
Feb 7 12:54:11 u15320172 pluto[5141]: ike_alg_register_hash():
Activating OAKLEY_SHA2_512: Ok (ret=0)
Feb 7 12:54:11 u15320172 pluto[5141]: ike_alg_register_hash():
Activating OAKLEY_SHA2_256: Ok (ret=0)
Feb 7 12:54:11 u15320172 pluto[5141]: starting up 3 cryptographic
helpers
Feb 7 12:54:11 u15320172 pluto[5149]: | opening /dev/urandom
Feb 7 12:54:11 u15320172 pluto[5141]: started helper pid=5149 (fd:7)
Feb 7 12:54:11 u15320172 pluto[5149]: using /dev/urandom as source of
random entropy
Feb 7 12:54:11 u15320172 pluto[5141]: started helper pid=5151 (fd:8)
Feb 7 12:54:11 u15320172 pluto[5151]: | opening /dev/urandom
Feb 7 12:54:11 u15320172 pluto[5149]: ! helper 0 waiting on fd: 8
Feb 7 12:54:11 u15320172 pluto[5141]: started helper pid=5152 (fd:9)
Feb 7 12:54:11 u15320172 pluto[5152]: | opening /dev/urandom
Feb 7 12:54:11 u15320172 pluto[5151]: using /dev/urandom as source of
random entropy
Feb 7 12:54:11 u15320172 pluto[5141]: Using Linux 2.6 IPsec interface
code on 2.6.27.4rootserver-20081028a (experimental code)
Feb 7 12:54:11 u15320172 pluto[5152]: using /dev/urandom as source of
random entropy
Feb 7 12:54:11 u15320172 pluto[5151]: ! helper 1 waiting on fd: 9
Feb 7 12:54:11 u15320172 pluto[5152]: ! helper 2 waiting on fd: 10
Feb 7 12:54:11 u15320172 pluto[5141]: FATAL ERROR: Failed to bind
bcast socket in init_netlink() - Perhaps kernel was not compiled with
CONFIG_XFRM. Errno 2: No such file or directory
ipsec barf
[root at u15320172 ~]# ipsec -barf
/usr/sbin/ipsec: unknown IPsec command `-barf' (`ipsec --help' for list)
[root at u15320172 ~]# ipsec barf
u15320172.onlinehome-server.com
Sat Feb 7 15:17:51 CST 2009
+ _________________________ version
+ ipsec --version
Linux Openswan U2.6.14/K2.6.27.4rootserver-20081028a (netkey)
See `ipsec --copyright' for copyright information.
+ _________________________ /proc/version
+ cat /proc/version
Linux version 2.6.27.4rootserver-20081028a (root at rpmbuildd-amd64) (gcc
version 4.1.2 20071124 (Red Hat 4.1.2-42)) #1 SMP Tue Oct 28 06:03:38
EDT 2008
+ _________________________ /proc/net/ipsec_eroute
+ test -r /proc/net/ipsec_eroute
+ _________________________ netstat-rn
+ netstat -nr
+ head -n 100
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window
irtt Iface
10.255.255.1 0.0.0.0 255.255.255.255 UH 0 0
0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0
0 eth0
0.0.0.0 10.255.255.1 0.0.0.0 UG 0 0
0 eth0
+ _________________________ /proc/net/ipsec_spi
+ test -r /proc/net/ipsec_spi
+ _________________________ /proc/net/ipsec_spigrp
+ test -r /proc/net/ipsec_spigrp
+ _________________________ /proc/net/ipsec_tncfg
+ test -r /proc/net/ipsec_tncfg
+ _________________________ /proc/net/pfkey
+ test -r /proc/net/pfkey
+ cat /proc/net/pfkey
sk RefCnt Rmem Wmem User Inode
+ _________________________ ip-xfrm-state
+ ip xfrm state
Cannot send dump request: Connection refused
+ _________________________ ip-xfrm-policy
+ ip xfrm policy
Cannot send dump request: Connection refused
+ _________________________ /proc/crypto
+ test -r /proc/crypto
+ cat /proc/crypto
name : lzo
driver : lzo-generic
module : kernel
priority : 0
refcnt : 1
type : compression
name : crc32c
driver : crc32c-generic
module : kernel
priority : 100
refcnt : 1
type : ahash
async : no
blocksize : 1
digestsize : 4
name : crc32c
driver : crc32c-generic
module : kernel
priority : 0
refcnt : 1
type : digest
blocksize : 1
digestsize : 4
name : deflate
driver : deflate-generic
module : kernel
priority : 0
refcnt : 1
type : compression
name : aes
driver : aes-generic
module : kernel
priority : 100
refcnt : 1
type : cipher
blocksize : 16
min keysize : 16
max keysize : 32
name : blowfish
driver : blowfish-generic
module : kernel
priority : 0
refcnt : 1
type : cipher
blocksize : 8
min keysize : 4
max keysize : 56
name : des3_ede
driver : des3_ede-generic
module : kernel
priority : 0
refcnt : 1
type : cipher
blocksize : 8
min keysize : 24
max keysize : 24
name : des
driver : des-generic
module : kernel
priority : 0
refcnt : 1
type : cipher
blocksize : 8
min keysize : 8
max keysize : 8
name : sha512
driver : sha512-generic
module : kernel
priority : 0
refcnt : 1
type : digest
blocksize : 128
digestsize : 64
name : sha384
driver : sha384-generic
module : kernel
priority : 0
refcnt : 1
type : digest
blocksize : 128
digestsize : 48
name : sha256
driver : sha256-generic
module : kernel
priority : 0
refcnt : 1
type : digest
blocksize : 64
digestsize : 32
name : sha224
driver : sha224-generic
module : kernel
priority : 0
refcnt : 1
type : digest
blocksize : 64
digestsize : 28
name : sha1
driver : sha1-generic
module : kernel
priority : 0
refcnt : 1
type : digest
blocksize : 64
digestsize : 20
name : md5
driver : md5-generic
module : kernel
priority : 0
refcnt : 1
type : digest
blocksize : 64
digestsize : 16
name : aes
driver : aes-asm
module : kernel
priority : 200
refcnt : 1
type : cipher
blocksize : 16
min keysize : 16
max keysize : 32
+ __________________________/proc/sys/net/core/xfrm-star
/usr/libexec/ipsec/barf: line 191: __________________________/proc/sys/
net/core/xfrm-star: No such file or directory
+ for i in '/proc/sys/net/core/xfrm_*'
+ echo -n '/proc/sys/net/core/xfrm_acq_expires: '
/proc/sys/net/core/xfrm_acq_expires: + cat /proc/sys/net/core/
xfrm_acq_expires
30
+ for i in '/proc/sys/net/core/xfrm_*'
+ echo -n '/proc/sys/net/core/xfrm_aevent_etime: '
/proc/sys/net/core/xfrm_aevent_etime: + cat /proc/sys/net/core/
xfrm_aevent_etime
10
+ for i in '/proc/sys/net/core/xfrm_*'
+ echo -n '/proc/sys/net/core/xfrm_aevent_rseqth: '
/proc/sys/net/core/xfrm_aevent_rseqth: + cat /proc/sys/net/core/
xfrm_aevent_rseqth
2
+ for i in '/proc/sys/net/core/xfrm_*'
+ echo -n '/proc/sys/net/core/xfrm_larval_drop: '
/proc/sys/net/core/xfrm_larval_drop: + cat /proc/sys/net/core/
xfrm_larval_drop
0
+ _________________________ /proc/sys/net/ipsec-star
+ test -d /proc/sys/net/ipsec
+ _________________________ ipsec/status
+ ipsec auto --status
whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
+ _________________________ ifconfig-a
+ ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:19:99:30:F3:C0
inet addr:74.208.148.115 Bcast:74.208.148.115 Mask:
255.255.255.255
inet6 addr: fe80::219:99ff:fe30:f3c0/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3458 errors:0 dropped:0 overruns:0 frame:0
TX packets:1937 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:398833 (389.4 KiB) TX bytes:517868 (505.7 KiB)
Interrupt:20
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
sit0 Link encap:IPv6-in-IPv4
NOARP MTU:1480 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
+ _________________________ ip-addr-list
+ ip addr list
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
qlen 1000
link/ether 00:19:99:30:f3:c0 brd ff:ff:ff:ff:ff:ff
inet 74.208.148.115/32 brd 74.208.148.115 scope global eth0
inet6 fe80::219:99ff:fe30:f3c0/64 scope link
valid_lft forever preferred_lft forever
3: sit0: <NOARP> mtu 1480 qdisc noop
link/sit 0.0.0.0 brd 0.0.0.0
+ _________________________ ip-route-list
+ ip route list
10.255.255.1 dev eth0 scope link
169.254.0.0/16 dev eth0 scope link
default via 10.255.255.1 dev eth0
+ _________________________ ip-rule-list
+ ip rule list
+ _________________________ ipsec_verify
+ ipsec verify --nocolour
Checking your system to see if IPsec got installed and started
correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.6.14/K2.6.27.4rootserver-20081028a (netkey)
Checking for IPsec support in kernel [OK]
NETKEY detected, testing for disabled ICMP send_redirects [OK]
NETKEY detected, testing for disabled ICMP accept_redirects [OK]
Checking for RSA private key (/etc/ipsec.secrets) [OK]
Checking that pluto is running [FAILED]
whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
Two or more interfaces found, checking IP forwarding [FAILED]
whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
Checking for 'ip' command [OK]
Checking for 'iptables' command [OK]
Opportunistic Encryption DNS checks:
Looking for TXT in forward dns zone: u15320172.onlinehome-
server.com [MISSING]
Does the machine have at least one non-private address? [OK]
Looking for TXT in reverse dns zone: 115.148.208.74.in-addr.arpa.
[MISSING]
+ _________________________ mii-tool
+ '[' -x /sbin/mii-tool ']'
+ /sbin/mii-tool -v
eth0: negotiated 100baseTx-FD, link ok
product info: vendor 00:50:ef, model 14 rev 0
basic mode: autonegotiation enabled
basic status: autonegotiation complete, link ok
capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-
control
link partner: 100baseT4 100baseTx-FD 100baseTx-HD 10baseT-FD
10baseT-HD
+ _________________________ ipsec/directory
+ ipsec --directory
/usr/libexec/ipsec
+ _________________________ hostname/fqdn
+ hostname --fqdn
u15320172.onlinehome-server.com
+ _________________________ hostname/ipaddress
+ hostname --ip-address
74.208.148.115
+ _________________________ uptime
+ uptime
15:17:53 up 2:45, 1 user, load average: 0.00, 0.01, 0.00
+ _________________________ ps
+ ps alxwf
+ egrep -i 'ppid|pluto|ipsec|klips'
F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME
COMMAND
0 0 5851 5785 20 0 63788 1284 wait S+ pts/0
0:00 \_ /bin/sh /usr/libexec/ipsec/barf
0 0 5947 5851 20 0 6000 600 pipe_w S+ pts/0
0:00 \_ egrep -i ppid|pluto|ipsec|klips
+ _________________________ ipsec/showdefaults
+ ipsec showdefaults
ipsec showdefaults: cannot find defaults file `/var/run/pluto/
ipsec.info'
+ _________________________ ipsec/conf
+ ipsec _include /etc/ipsec.conf
+ ipsec _keycensor
#< /etc/ipsec.conf 1
# /etc/ipsec.conf - Openswan IPsec configuration file
#
# Manual: ipsec.conf.5
#
# Please place your own config files in /etc/ipsec.d/ ending in .conf
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
# Debug-logging controls: "none" for (almost) none, "all" for lots.
# klipsdebug=none
plutodebug="control parsing"
# For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
protostack=netkey
nat_traversal=yes
#< /etc/ipsec.d/tigo.conf 1
conn tigo
authby=secret
left=74.208.148.115
leftsubnet=10.66.77.0/24
leftnexthop=%defaultroute # correct in many situations
right=200.85.31.65 # Public Internet IP address of
rightsubnet=172.12.58.0/16 # Subnet protected by the RIGHT
VPN device
ike=3des-sha1,modp1024
phase2=esp
phase2alg=3des-sha1
#> /etc/ipsec.conf 19
+ _________________________ ipsec/secrets
+ ipsec _include /etc/ipsec.secrets
+ ipsec _secretcensor
#< /etc/ipsec.secrets 1
#< /etc/ipsec.d/tigo.secrets 1
74.208.148.115 200.85.31.65: PSK "[sums to 19fe...]"
#> /etc/ipsec.secrets 2
+ _________________________ ipsec/listall
+ ipsec auto --listall
whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
+ '[' /etc/ipsec.d/policies ']'
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/block
+ base=block
+ _________________________ ipsec/policies/block
+ cat /etc/ipsec.d/policies/block
# This file defines the set of CIDRs (network/mask-length) to which
# communication should never be allowed.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: block.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/clear
+ base=clear
+ _________________________ ipsec/policies/clear
+ cat /etc/ipsec.d/policies/clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be in the clear.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# root name servers should be in the clear
192.58.128.30/32
198.41.0.4/32
192.228.79.201/32
192.33.4.12/32
128.8.10.90/32
192.203.230.10/32
192.5.5.241/32
192.112.36.4/32
128.63.2.53/32
192.36.148.17/32
193.0.14.129/32
199.7.83.42/32
202.12.27.33/32
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/clear-or-private
+ base=clear-or-private
+ _________________________ ipsec/policies/clear-or-private
+ cat /etc/ipsec.d/policies/clear-or-private
# This file defines the set of CIDRs (network/mask-length) to which
# we will communicate in the clear, or, if the other side initiates
IPSEC,
# using encryption. This behaviour is also called "Opportunistic
Responder".
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: clear-or-private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/private
+ base=private
+ _________________________ ipsec/policies/private
+ cat /etc/ipsec.d/policies/private
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be private (i.e. encrypted).
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/private-or-clear
+ base=private-or-clear
+ _________________________ ipsec/policies/private-or-clear
+ cat /etc/ipsec.d/policies/private-or-clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should be private, if possible, but in the clear
otherwise.
#
# If the target has a TXT (later IPSECKEY) record that specifies
# authentication material, we will require private (i.e. encrypted)
# communications. If no such record is found, communications will be
# in the clear.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: private-or-clear.in,v 1.5 2003/02/17 02:22:15 mcr Exp $
#
0.0.0.0/0
+ _________________________ ipsec/ls-libdir
+ ls -l /usr/libexec/ipsec
total 2288
-rwxr-xr-x 1 root root 7576 Jun 21 2008 _copyright
-rwxr-xr-x 1 root root 2379 Jun 21 2008 _include
-rwxr-xr-x 1 root root 1475 Jun 21 2008 _keycensor
-rwxr-xr-x 1 root root 11640 Jun 21 2008 _pluto_adns
-rwxr-xr-x 1 root root 2632 Jun 21 2008 _plutoload
-rwxr-xr-x 1 root root 7602 Jun 21 2008 _plutorun
-rwxr-xr-x 1 root root 13746 Jun 21 2008 _realsetup
-rwxr-xr-x 1 root root 1975 Jun 21 2008 _secretcensor
-rwxr-xr-x 1 root root 9752 Jun 21 2008 _startklips
-rwxr-xr-x 1 root root 9752 Jun 21 2008 _startklips.old
-rwxr-xr-x 1 root root 4988 Jun 21 2008 _startnetkey
-rwxr-xr-x 1 root root 4949 Jun 21 2008 _updown
-rwxr-xr-x 1 root root 14030 Jun 21 2008 _updown.klips
-rwxr-xr-x 1 root root 14030 Jun 21 2008 _updown.klips.old
-rwxr-xr-x 1 root root 13739 Jun 21 2008 _updown.mast
-rwxr-xr-x 1 root root 13739 Jun 21 2008 _updown.mast.old
-rwxr-xr-x 1 root root 8337 Jun 21 2008 _updown.netkey
-rwxr-xr-x 1 root root 207240 Jun 21 2008 addconn
-rwxr-xr-x 1 root root 6129 Jun 21 2008 auto
-rwxr-xr-x 1 root root 10758 Jun 21 2008 barf
-rwxr-xr-x 1 root root 91752 Jun 21 2008 eroute
-rwxr-xr-x 1 root root 22136 Jun 21 2008 ikeping
-rwxr-xr-x 1 root root 69096 Jun 21 2008 klipsdebug
-rwxr-xr-x 1 root root 1836 Jun 21 2008 livetest
-rwxr-xr-x 1 root root 2591 Jun 21 2008 look
-rwxr-xr-x 1 root root 1921 Jun 21 2008 newhostkey
-rwxr-xr-x 1 root root 62536 Jun 21 2008 pf_key
-rwxr-xr-x 1 root root 957672 Jun 21 2008 pluto
-rwxr-xr-x 1 root root 11304 Jun 21 2008 ranbits
-rwxr-xr-x 1 root root 24200 Jun 21 2008 rsasigkey
-rwxr-xr-x 1 root root 766 Jun 21 2008 secrets
lrwxrwxrwx 1 root root 30 Feb 7 11:27 setup -> ../../../etc/rc.d/
init.d/ipsec
-rwxr-xr-x 1 root root 1054 Jun 21 2008 showdefaults
-rwxr-xr-x 1 root root 232792 Jun 21 2008 showhostkey
-rwxr-xr-x 1 root root 24136 Jun 21 2008 showpolicy
-rwxr-xr-x 1 root root 164032 Jun 21 2008 spi
-rwxr-xr-x 1 root root 79064 Jun 21 2008 spigrp
-rwxr-xr-x 1 root root 75136 Jun 21 2008 tncfg
-rwxr-xr-x 1 root root 12526 Jun 21 2008 verify
-rwxr-xr-x 1 root root 57528 Jun 21 2008 whack
+ _________________________ ipsec/ls-execdir
+ ls -l /usr/libexec/ipsec
total 2288
-rwxr-xr-x 1 root root 7576 Jun 21 2008 _copyright
-rwxr-xr-x 1 root root 2379 Jun 21 2008 _include
-rwxr-xr-x 1 root root 1475 Jun 21 2008 _keycensor
-rwxr-xr-x 1 root root 11640 Jun 21 2008 _pluto_adns
-rwxr-xr-x 1 root root 2632 Jun 21 2008 _plutoload
-rwxr-xr-x 1 root root 7602 Jun 21 2008 _plutorun
-rwxr-xr-x 1 root root 13746 Jun 21 2008 _realsetup
-rwxr-xr-x 1 root root 1975 Jun 21 2008 _secretcensor
-rwxr-xr-x 1 root root 9752 Jun 21 2008 _startklips
-rwxr-xr-x 1 root root 9752 Jun 21 2008 _startklips.old
-rwxr-xr-x 1 root root 4988 Jun 21 2008 _startnetkey
-rwxr-xr-x 1 root root 4949 Jun 21 2008 _updown
-rwxr-xr-x 1 root root 14030 Jun 21 2008 _updown.klips
-rwxr-xr-x 1 root root 14030 Jun 21 2008 _updown.klips.old
-rwxr-xr-x 1 root root 13739 Jun 21 2008 _updown.mast
-rwxr-xr-x 1 root root 13739 Jun 21 2008 _updown.mast.old
-rwxr-xr-x 1 root root 8337 Jun 21 2008 _updown.netkey
-rwxr-xr-x 1 root root 207240 Jun 21 2008 addconn
-rwxr-xr-x 1 root root 6129 Jun 21 2008 auto
-rwxr-xr-x 1 root root 10758 Jun 21 2008 barf
-rwxr-xr-x 1 root root 91752 Jun 21 2008 eroute
-rwxr-xr-x 1 root root 22136 Jun 21 2008 ikeping
-rwxr-xr-x 1 root root 69096 Jun 21 2008 klipsdebug
-rwxr-xr-x 1 root root 1836 Jun 21 2008 livetest
-rwxr-xr-x 1 root root 2591 Jun 21 2008 look
-rwxr-xr-x 1 root root 1921 Jun 21 2008 newhostkey
-rwxr-xr-x 1 root root 62536 Jun 21 2008 pf_key
-rwxr-xr-x 1 root root 957672 Jun 21 2008 pluto
-rwxr-xr-x 1 root root 11304 Jun 21 2008 ranbits
-rwxr-xr-x 1 root root 24200 Jun 21 2008 rsasigkey
-rwxr-xr-x 1 root root 766 Jun 21 2008 secrets
lrwxrwxrwx 1 root root 30 Feb 7 11:27 setup -> ../../../etc/rc.d/
init.d/ipsec
-rwxr-xr-x 1 root root 1054 Jun 21 2008 showdefaults
-rwxr-xr-x 1 root root 232792 Jun 21 2008 showhostkey
-rwxr-xr-x 1 root root 24136 Jun 21 2008 showpolicy
-rwxr-xr-x 1 root root 164032 Jun 21 2008 spi
-rwxr-xr-x 1 root root 79064 Jun 21 2008 spigrp
-rwxr-xr-x 1 root root 75136 Jun 21 2008 tncfg
-rwxr-xr-x 1 root root 12526 Jun 21 2008 verify
-rwxr-xr-x 1 root root 57528 Jun 21 2008 whack
+ _________________________ /proc/net/dev
+ cat /proc/net/dev
Inter-| Receive |
Transmit
face |bytes packets errs drop fifo frame compressed multicast|
bytes packets errs drop fifo colls carrier compressed
lo: 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0
eth0: 399743 3471 0 0 0 0 0 475
532539 1954 0 0 0 0 0 0
sit0: 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0 0
+ _________________________ /proc/net/route
+ cat /proc/net/route
Iface Destination Gateway Flags RefCnt Use Metric Mask MTU Window IRTT
eth0 01FFFF0A 00000000 0005 0 0 0 FFFFFFFF 0 0 0
eth0 0000FEA9 00000000 0001 0 0 0 0000FFFF 0 0 0
eth0 00000000 01FFFF0A 0003 0 0 0 00000000 0 0 0
+ _________________________ /proc/sys/net/ipv4/ip_no_pmtu_disc
+ cat /proc/sys/net/ipv4/ip_no_pmtu_disc
0
+ _________________________ /proc/sys/net/ipv4/ip_forward
+ cat /proc/sys/net/ipv4/ip_forward
0
+ _________________________ /proc/sys/net/ipv4/tcp_ecn
+ cat /proc/sys/net/ipv4/tcp_ecn
0
+ _________________________ /proc/sys/net/ipv4/conf/star-rp_filter
+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/rp_filter default/rp_filter eth0/rp_filter lo/
rp_filter sit0/rp_filter
all/rp_filter:0
default/rp_filter:1
eth0/rp_filter:1
lo/rp_filter:1
sit0/rp_filter:1
+ _________________________ /proc/sys/net/ipv4/conf/star-star-redirects
+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/accept_redirects all/secure_redirects all/
send_redirects default/accept_redirects default/secure_redirects
default/send_redirects eth0/accept_redirects eth0/secure_redirects
eth0/send_redirects lo/accept_redirects lo/secure_redirects lo/
send_redirects sit0/accept_redirects sit0/secure_redirects sit0/
send_redirects
all/accept_redirects:0
all/secure_redirects:1
all/send_redirects:1
default/accept_redirects:0
default/secure_redirects:1
default/send_redirects:0
eth0/accept_redirects:0
eth0/secure_redirects:1
eth0/send_redirects:0
lo/accept_redirects:0
lo/secure_redirects:1
lo/send_redirects:0
sit0/accept_redirects:0
sit0/secure_redirects:1
sit0/send_redirects:0
+ _________________________ /proc/sys/net/ipv4/tcp_window_scaling
+ cat /proc/sys/net/ipv4/tcp_window_scaling
1
+ _________________________ /proc/sys/net/ipv4/tcp_adv_win_scale
+ cat /proc/sys/net/ipv4/tcp_adv_win_scale
2
+ _________________________ uname-a
+ uname -a
Linux u15320172.onlinehome-server.com 2.6.27.4rootserver-20081028a #1
SMP Tue Oct 28 06:03:38 EDT 2008 x86_64 x86_64 x86_64 GNU/Linux
+ _________________________ config-built-with
+ test -r /proc/config_built_with
+ _________________________ distro-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-
release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/redhat-release
+ cat /etc/redhat-release
CentOS release 5.2 (Final)
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-
release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/debian-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-
release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/SuSE-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-
release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/mandrake-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-
release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/mandriva-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-
release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/gentoo-release
+ _________________________ /proc/net/ipsec_version
+ test -r /proc/net/ipsec_version
+ test -r /proc/net/pfkey
++ uname -r
+ echo 'NETKEY (2.6.27.4rootserver-20081028a) support detected '
NETKEY (2.6.27.4rootserver-20081028a) support detected
+ _________________________ iptables
+ test -r /sbin/iptables
+ iptables -L -v -n
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
2750 223K ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
1 100 REJECT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:!0x17/0x02 reject-with tcp-reset
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0 state INVALID
0 0 ACCEPT all -- lo * 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT tcp -- * * 64.131.90.38
0.0.0.0/0 tcp dpt:5224
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:8443
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:8880
12 696 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:443
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:21
3 192 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:22
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:587
1 48 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:25
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:465
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:110
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:995
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:143
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:993
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:106
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:3306
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:5432
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:9008
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:9080
0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:137
0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:138
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:139
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:445
0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:1194
0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp dpt:53
0 0 ACCEPT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp dpt:53
32 1152 ACCEPT icmp -- * * 0.0.0.0/0
0.0.0.0/0 icmp type 8 code 0
112 37545 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 REJECT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:!0x17/0x02 reject-with tcp-reset
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0 state INVALID
0 0 ACCEPT all -- lo lo 0.0.0.0/0
0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
1690 485K ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
0 0 REJECT tcp -- * * 0.0.0.0/0
0.0.0.0/0 tcp flags:!0x17/0x02 reject-with tcp-reset
0 0 DROP all -- * * 0.0.0.0/0
0.0.0.0/0 state INVALID
0 0 ACCEPT all -- * lo 0.0.0.0/0
0.0.0.0/0
1 60 ACCEPT tcp -- * * 0.0.0.0/0
64.131.90.38 tcp dpt:5224
139 13075 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0
+ _________________________ iptables-nat
+ iptables -t nat -L -v -n
Chain PREROUTING (policy ACCEPT 82 packets, 13350 bytes)
pkts bytes target prot opt in out source
destination
Chain POSTROUTING (policy ACCEPT 130 packets, 10427 bytes)
pkts bytes target prot opt in out source
destination
Chain OUTPUT (policy ACCEPT 129 packets, 10387 bytes)
pkts bytes target prot opt in out source
destination
+ _________________________ iptables-mangle
+ iptables -t mangle -L -v -n
Chain PREROUTING (policy ACCEPT 2914 packets, 263K bytes)
pkts bytes target prot opt in out source
destination
Chain INPUT (policy ACCEPT 2911 packets, 262K bytes)
pkts bytes target prot opt in out source
destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
Chain OUTPUT (policy ACCEPT 1830 packets, 498K bytes)
pkts bytes target prot opt in out source
destination
Chain POSTROUTING (policy ACCEPT 1842 packets, 501K bytes)
pkts bytes target prot opt in out source
destination
+ _________________________ /proc/modules
+ test -f /proc/modules
+ cat /proc/modules
+ _________________________ /proc/meminfo
+ cat /proc/meminfo
MemTotal: 4027572 kB
MemFree: 3721120 kB
Buffers: 3544 kB
Cached: 149104 kB
SwapCached: 0 kB
Active: 183216 kB
Inactive: 67100 kB
SwapTotal: 1959920 kB
SwapFree: 1959920 kB
Dirty: 0 kB
Writeback: 0 kB
AnonPages: 97684 kB
Mapped: 20332 kB
Slab: 22872 kB
SReclaimable: 11668 kB
SUnreclaim: 11204 kB
PageTables: 8536 kB
NFS_Unstable: 0 kB
Bounce: 0 kB
WritebackTmp: 0 kB
CommitLimit: 3973704 kB
Committed_AS: 422236 kB
VmallocTotal: 34359738367 kB
VmallocUsed: 18604 kB
VmallocChunk: 34359718639 kB
DirectMap4k: 9536 kB
DirectMap2M: 4151296 kB
+ _________________________ /proc/net/ipsec-ls
+ test -f /proc/net/ipsec_version
+ _________________________ usr/src/linux/.config
+ test -f /proc/config.gz
+ zcat /proc/config.gz
+ egrep 'CONFIG_IPSEC|CONFIG_KLIPS|CONFIG_NET_KEY|CONFIG_INET|
CONFIG_IP|CONFIG_HW_RANDOM|CONFIG_CRYPTO_DEV|_XFRM'
# CONFIG_IPC_NS is not set
CONFIG_XFRM=y
# CONFIG_XFRM_USER is not set
# CONFIG_XFRM_SUB_POLICY is not set
# CONFIG_XFRM_MIGRATE is not set
# CONFIG_XFRM_STATISTICS is not set
CONFIG_XFRM_IPCOMP=y
CONFIG_NET_KEY=y
# CONFIG_NET_KEY_MIGRATE is not set
CONFIG_INET=y
# CONFIG_IP_MULTICAST is not set
# CONFIG_IP_ADVANCED_ROUTER is not set
CONFIG_IP_FIB_HASH=y
# CONFIG_IP_PNP is not set
# CONFIG_INET_AH is not set
# CONFIG_INET_ESP is not set
# CONFIG_INET_IPCOMP is not set
# CONFIG_INET_XFRM_TUNNEL is not set
CONFIG_INET_TUNNEL=y
CONFIG_INET_XFRM_MODE_TRANSPORT=y
CONFIG_INET_XFRM_MODE_TUNNEL=y
CONFIG_INET_XFRM_MODE_BEET=y
# CONFIG_INET_LRO is not set
CONFIG_INET_DIAG=y
CONFIG_INET_TCP_DIAG=y
# CONFIG_IP_VS is not set
CONFIG_IPV6=y
CONFIG_IPV6_PRIVACY=y
# CONFIG_IPV6_ROUTER_PREF is not set
# CONFIG_IPV6_OPTIMISTIC_DAD is not set
CONFIG_INET6_AH=y
CONFIG_INET6_ESP=y
CONFIG_INET6_IPCOMP=y
# CONFIG_IPV6_MIP6 is not set
CONFIG_INET6_XFRM_TUNNEL=y
CONFIG_INET6_TUNNEL=y
CONFIG_INET6_XFRM_MODE_TRANSPORT=y
CONFIG_INET6_XFRM_MODE_TUNNEL=y
CONFIG_INET6_XFRM_MODE_BEET=y
# CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION is not set
CONFIG_IPV6_SIT=y
CONFIG_IPV6_NDISC_NODETYPE=y
# CONFIG_IPV6_TUNNEL is not set
CONFIG_IPV6_MULTIPLE_TABLES=y
CONFIG_IPV6_SUBTREES=y
# CONFIG_IPV6_MROUTE is not set
CONFIG_IP_NF_QUEUE=y
CONFIG_IP_NF_IPTABLES=y
CONFIG_IP_NF_MATCH_RECENT=y
CONFIG_IP_NF_MATCH_ECN=y
CONFIG_IP_NF_MATCH_AH=y
CONFIG_IP_NF_MATCH_TTL=y
CONFIG_IP_NF_MATCH_ADDRTYPE=y
CONFIG_IP_NF_FILTER=y
CONFIG_IP_NF_TARGET_REJECT=y
CONFIG_IP_NF_TARGET_LOG=y
CONFIG_IP_NF_TARGET_ULOG=y
CONFIG_IP_NF_TARGET_MASQUERADE=y
CONFIG_IP_NF_TARGET_REDIRECT=y
CONFIG_IP_NF_TARGET_NETMAP=y
CONFIG_IP_NF_MANGLE=y
CONFIG_IP_NF_TARGET_ECN=y
CONFIG_IP_NF_TARGET_TTL=y
CONFIG_IP_NF_TARGET_CLUSTERIP=y
CONFIG_IP_NF_RAW=y
CONFIG_IP_NF_SECURITY=y
CONFIG_IP_NF_ARPTABLES=y
CONFIG_IP_NF_ARPFILTER=y
CONFIG_IP_NF_ARP_MANGLE=y
CONFIG_IP6_NF_QUEUE=y
CONFIG_IP6_NF_IPTABLES=y
CONFIG_IP6_NF_MATCH_RT=y
CONFIG_IP6_NF_MATCH_OPTS=y
CONFIG_IP6_NF_MATCH_FRAG=y
CONFIG_IP6_NF_MATCH_HL=y
CONFIG_IP6_NF_MATCH_IPV6HEADER=y
CONFIG_IP6_NF_MATCH_AH=y
CONFIG_IP6_NF_MATCH_MH=y
CONFIG_IP6_NF_MATCH_EUI64=y
CONFIG_IP6_NF_FILTER=y
CONFIG_IP6_NF_TARGET_LOG=y
CONFIG_IP6_NF_TARGET_REJECT=y
CONFIG_IP6_NF_MANGLE=y
CONFIG_IP6_NF_TARGET_HL=y
CONFIG_IP6_NF_RAW=y
CONFIG_IP6_NF_SECURITY=y
# CONFIG_IP_DCCP is not set
# CONFIG_IP_SCTP is not set
# CONFIG_IPX is not set
# CONFIG_IP1000 is not set
# CONFIG_IPMI_HANDLER is not set
CONFIG_HW_RANDOM=y
CONFIG_HW_RANDOM_INTEL=y
CONFIG_HW_RANDOM_AMD=y
# CONFIG_HW_RANDOM_VIRTIO is not set
+ _________________________ etc/syslog.conf
+ _________________________ etc/syslog-ng/syslog-ng.conf
+ cat /etc/syslog-ng/syslog-ng.conf
cat: /etc/syslog-ng/syslog-ng.conf: No such file or directory
+ cat /etc/syslog.conf
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* -/usr/local/psa/var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages
*.emerg *
# Save news errors of level crit and higher in a special file.
uucp,news.crit /var/log/spooler
# Save boot messages also to boot.log
local7.* /var/log/boot.log
+ _________________________ etc/resolv.conf
+ cat /etc/resolv.conf
; generated by /sbin/dhclient-script
search onlinehome-server.com
nameserver 74.208.148.251
nameserver 195.20.224.99
nameserver 195.20.224.234
+ _________________________ lib/modules-ls
+ ls -ltr /lib/modules
total 8
drwxr-xr-x 3 root root 4096 Oct 30 05:46 2.6.26.7rootserver-20081028a
drwxr-xr-x 3 root root 4096 Oct 30 05:46 2.6.27.4rootserver-20081028a
+ _________________________ /proc/ksyms-netif_rx
+ test -r /proc/ksyms
+ test -r /proc/kallsyms
+ egrep netif_rx /proc/kallsyms
ffffffff805b74e6 T netif_rx
ffffffff805b7674 T netif_rx_ni
+ _________________________ lib/modules-netif_rx
+ modulegoo kernel/net/ipv4/ipip.o netif_rx
+ set +x
2.6.26.7rootserver-20081028a:
2.6.27.4rootserver-20081028a:
+ _________________________ kern.debug
+ test -f /var/log/kern.debug
+ _________________________ klog
+ sed -n '38598,$p' /var/log/messages
+ egrep -i 'ipsec|klips|pluto'
+ case "$1" in
+ cat
Feb 7 12:54:11 u15320172 ipsec_setup: Starting Openswan IPsec U2.6.14/
K2.6.27.4rootserver-20081028a...
Feb 7 12:54:11 u15320172 ipsec_setup:
Feb 7 12:54:11 u15320172 ipsec_setup:
Feb 7 12:54:11 u15320172 ipsec__plutorun: whack: Pluto is not running
(no "/var/run/pluto/pluto.ctl")
+ _________________________ plog
+ sed -n '111860,$p' /var/log/secure
+ egrep -i pluto
+ case "$1" in
+ cat
Feb 7 12:54:11 u15320172 ipsec__plutorun: Starting Pluto subsystem...
Feb 7 12:54:11 u15320172 pluto[5141]: Starting Pluto (Openswan
Version 2.6.14; Vendor ID OEoSJUweaqAX) pid:5141
Feb 7 12:54:11 u15320172 pluto[5141]: Setting NAT-Traversal port-4500
floating to on
Feb 7 12:54:11 u15320172 pluto[5141]: port floating activation
criteria nat_t=1/port_float=1
Feb 7 12:54:11 u15320172 pluto[5141]: including NAT-Traversal
patch (Version 0.6c)
Feb 7 12:54:11 u15320172 pluto[5141]: | opening /dev/urandom
Feb 7 12:54:11 u15320172 pluto[5141]: using /dev/urandom as source of
random entropy
Feb 7 12:54:11 u15320172 pluto[5141]: | inserting event
EVENT_REINIT_SECRET, timeout in 3600 seconds
Feb 7 12:54:11 u15320172 pluto[5141]: | inserting event
EVENT_PENDING_PHASE2, timeout in 120 seconds
Feb 7 12:54:11 u15320172 pluto[5141]: ike_alg_register_enc():
Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
Feb 7 12:54:11 u15320172 pluto[5141]: ike_alg_register_enc():
Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
Feb 7 12:54:11 u15320172 pluto[5141]: ike_alg_register_enc():
Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
Feb 7 12:54:11 u15320172 pluto[5141]: ike_alg_register_enc():
Activating OAKLEY_AES_CBC: Ok (ret=0)
Feb 7 12:54:11 u15320172 pluto[5141]: ike_alg_register_enc():
Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
Feb 7 12:54:11 u15320172 pluto[5141]: ike_alg_register_hash():
Activating OAKLEY_SHA2_512: Ok (ret=0)
Feb 7 12:54:11 u15320172 pluto[5141]: ike_alg_register_hash():
Activating OAKLEY_SHA2_256: Ok (ret=0)
Feb 7 12:54:11 u15320172 pluto[5141]: starting up 3 cryptographic
helpers
Feb 7 12:54:11 u15320172 pluto[5149]: | opening /dev/urandom
Feb 7 12:54:11 u15320172 pluto[5141]: started helper pid=5149 (fd:7)
Feb 7 12:54:11 u15320172 pluto[5149]: using /dev/urandom as source of
random entropy
Feb 7 12:54:11 u15320172 pluto[5141]: started helper pid=5151 (fd:8)
Feb 7 12:54:11 u15320172 pluto[5151]: | opening /dev/urandom
Feb 7 12:54:11 u15320172 pluto[5149]: ! helper 0 waiting on fd: 8
Feb 7 12:54:11 u15320172 pluto[5141]: started helper pid=5152 (fd:9)
Feb 7 12:54:11 u15320172 pluto[5152]: | opening /dev/urandom
Feb 7 12:54:11 u15320172 pluto[5151]: using /dev/urandom as source of
random entropy
Feb 7 12:54:11 u15320172 pluto[5141]: Using Linux 2.6 IPsec interface
code on 2.6.27.4rootserver-20081028a (experimental code)
Feb 7 12:54:11 u15320172 pluto[5152]: using /dev/urandom as source of
random entropy
Feb 7 12:54:11 u15320172 pluto[5151]: ! helper 1 waiting on fd: 9
Feb 7 12:54:11 u15320172 pluto[5152]: ! helper 2 waiting on fd: 10
Feb 7 12:54:11 u15320172 pluto[5141]: FATAL ERROR: Failed to bind
bcast socket in init_netlink() - Perhaps kernel was not compiled with
CONFIG_XFRM. Errno 2: No such file or directory
+ _________________________ date
+ date
Sat Feb 7 15:17:53 CST 2009
[root at u15320172 ~]#
More information about the Users
mailing list