[Openswan Users] OpenSWAN to SonicWALL problems
Chris Garrigues
chris_garrigues at steeprockinc.com
Thu Jan 22 08:42:27 EST 2009
Hi folks.
We have a SonicWALL NSA 4500 and I've been setting up our Linux based
users up using OpenSWAN. The Linux uses are running various versions of
Linux and OpenSWAN. Most are working fine, but I've attached a barf
file from one who isn't. I can't figure this one out and any assistance
would be much appreciated.
Chris
localhost.localdomain
Wed Jan 21 09:12:34 EST 2009
+ _________________________ version
+ ipsec --version
Linux Openswan U2.6.14/K2.6.27.5-41.fc9.i686 (netkey)
See `ipsec --copyright' for copyright information.
+ _________________________ /proc/version
+ cat /proc/version
Linux version 2.6.27.5-41.fc9.i686 (mockbuild@) (gcc version 4.3.0
20080428 (Red Hat 4.3.0-8) (GCC) ) #1 SMP Thu Nov 13 20:52:14 EST 2008
+ _________________________ /proc/net/ipsec_eroute
+ test -r /proc/net/ipsec_eroute
+ _________________________ netstat-rn
+ netstat -nr
+ head -n 100
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt
Iface
192.168.15.0 0.0.0.0 255.255.255.0 U 0 0 0
eth0
0.0.0.0 192.168.15.1 0.0.0.0 UG 0 0 0
eth0
+ _________________________ /proc/net/ipsec_spi
+ test -r /proc/net/ipsec_spi
+ _________________________ /proc/net/ipsec_spigrp
+ test -r /proc/net/ipsec_spigrp
+ _________________________ /proc/net/ipsec_tncfg
+ test -r /proc/net/ipsec_tncfg
+ _________________________ /proc/net/pfkey
+ test -r /proc/net/pfkey
+ cat /proc/net/pfkey
sk RefCnt Rmem Wmem User Inode
+ _________________________ ip-xfrm-state
+ ip xfrm state
+ _________________________ ip-xfrm-policy
+ ip xfrm policy
+ _________________________ /proc/crypto
+ test -r /proc/crypto
+ cat /proc/crypto
name : deflate
driver : deflate-generic
module : deflate
priority : 0
refcnt : 1
type : compression
name : rfc3686(ctr(aes))
driver : rfc3686(ctr(aes-asm))
module : ctr
priority : 200
refcnt : 1
type : blkcipher
blocksize : 1
min keysize : 20
max keysize : 36
ivsize : 8
geniv : seqiv
name : ctr(aes)
driver : ctr(aes-asm)
module : ctr
priority : 200
refcnt : 1
type : blkcipher
blocksize : 1
min keysize : 16
max keysize : 32
ivsize : 16
geniv : <default>
name : cbc(twofish)
driver : cbc(twofish-generic)
module : cbc
priority : 100
refcnt : 1
type : blkcipher
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 16
geniv : <default>
name : cbc(camellia)
driver : cbc(camellia-generic)
module : cbc
priority : 100
refcnt : 1
type : blkcipher
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 16
geniv : <default>
name : camellia
driver : camellia-generic
module : camellia
priority : 100
refcnt : 1
type : cipher
blocksize : 16
min keysize : 16
max keysize : 32
name : cbc(serpent)
driver : cbc(serpent-generic)
module : cbc
priority : 0
refcnt : 1
type : blkcipher
blocksize : 16
min keysize : 0
max keysize : 32
ivsize : 16
geniv : <default>
name : cbc(aes)
driver : cbc(aes-asm)
module : cbc
priority : 200
refcnt : 1
type : blkcipher
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 16
geniv : <default>
name : cbc(blowfish)
driver : cbc(blowfish-generic)
module : cbc
priority : 0
refcnt : 1
type : blkcipher
blocksize : 8
min keysize : 4
max keysize : 56
ivsize : 8
geniv : <default>
name : cbc(des3_ede)
driver : cbc(des3_ede-generic)
module : cbc
priority : 0
refcnt : 1
type : blkcipher
blocksize : 8
min keysize : 24
max keysize : 24
ivsize : 8
geniv : <default>
name : cbc(des)
driver : cbc(des-generic)
module : cbc
priority : 0
refcnt : 1
type : blkcipher
blocksize : 8
min keysize : 8
max keysize : 8
ivsize : 8
geniv : <default>
name : xcbc(aes)
driver : xcbc(aes-asm)
module : xcbc
priority : 200
refcnt : 1
type : hash
blocksize : 16
digestsize : 16
name : hmac(rmd160)
driver : hmac(rmd160)
module : kernel
priority : 0
refcnt : 1
type : hash
blocksize : 64
digestsize : 20
name : rmd160
driver : rmd160
module : rmd160
priority : 0
refcnt : 1
type : digest
blocksize : 64
digestsize : 20
name : hmac(sha256)
driver : hmac(sha256-generic)
module : kernel
priority : 0
refcnt : 1
type : hash
blocksize : 64
digestsize : 32
name : hmac(sha1)
driver : hmac(sha1-generic)
module : kernel
priority : 0
refcnt : 1
type : hash
blocksize : 64
digestsize : 20
name : hmac(md5)
driver : hmac(md5-generic)
module : kernel
priority : 0
refcnt : 1
type : hash
blocksize : 64
digestsize : 16
name : compress_null
driver : compress_null-generic
module : crypto_null
priority : 0
refcnt : 1
type : compression
name : digest_null
driver : digest_null-generic
module : crypto_null
priority : 0
refcnt : 1
type : digest
blocksize : 1
digestsize : 0
name : ecb(cipher_null)
driver : ecb-cipher_null
module : crypto_null
priority : 100
refcnt : 1
type : blkcipher
blocksize : 1
min keysize : 0
max keysize : 0
ivsize : 0
geniv : <default>
name : cipher_null
driver : cipher_null-generic
module : crypto_null
priority : 0
refcnt : 1
type : cipher
blocksize : 1
min keysize : 0
max keysize : 0
name : tnepres
driver : tnepres-generic
module : serpent
priority : 0
refcnt : 1
type : cipher
blocksize : 16
min keysize : 0
max keysize : 32
name : serpent
driver : serpent-generic
module : serpent
priority : 0
refcnt : 1
type : cipher
blocksize : 16
min keysize : 0
max keysize : 32
name : blowfish
driver : blowfish-generic
module : blowfish
priority : 0
refcnt : 1
type : cipher
blocksize : 8
min keysize : 4
max keysize : 56
name : twofish
driver : twofish-generic
module : twofish
priority : 100
refcnt : 1
type : cipher
blocksize : 16
min keysize : 16
max keysize : 32
name : sha256
driver : sha256-generic
module : sha256_generic
priority : 0
refcnt : 1
type : digest
blocksize : 64
digestsize : 32
name : sha224
driver : sha224-generic
module : sha256_generic
priority : 0
refcnt : 1
type : digest
blocksize : 64
digestsize : 28
name : sha512
driver : sha512-generic
module : sha512_generic
priority : 0
refcnt : 1
type : digest
blocksize : 128
digestsize : 64
name : sha384
driver : sha384-generic
module : sha512_generic
priority : 0
refcnt : 1
type : digest
blocksize : 128
digestsize : 48
name : des3_ede
driver : des3_ede-generic
module : des_generic
priority : 0
refcnt : 1
type : cipher
blocksize : 8
min keysize : 24
max keysize : 24
name : des
driver : des-generic
module : des_generic
priority : 0
refcnt : 1
type : cipher
blocksize : 8
min keysize : 8
max keysize : 8
name : aes
driver : aes-asm
module : aes_i586
priority : 200
refcnt : 1
type : cipher
blocksize : 16
min keysize : 16
max keysize : 32
name : aes
driver : aes-generic
module : aes_generic
priority : 100
refcnt : 1
type : cipher
blocksize : 16
min keysize : 16
max keysize : 32
name : sha1
driver : sha1-generic
module : kernel
priority : 0
refcnt : 1
type : digest
blocksize : 64
digestsize : 20
name : md5
driver : md5-generic
module : kernel
priority : 0
refcnt : 1
type : digest
blocksize : 64
digestsize : 16
+ __________________________/proc/sys/net/core/xfrm-star
/usr/libexec/ipsec/barf: line 191:
__________________________/proc/sys/net/core/xfrm-star: No such file or
directory
+ for i in '/proc/sys/net/core/xfrm_*'
+ echo -n '/proc/sys/net/core/xfrm_acq_expires: '
/proc/sys/net/core/xfrm_acq_expires: + cat
/proc/sys/net/core/xfrm_acq_expires
30
+ for i in '/proc/sys/net/core/xfrm_*'
+ echo -n '/proc/sys/net/core/xfrm_aevent_etime: '
/proc/sys/net/core/xfrm_aevent_etime: + cat
/proc/sys/net/core/xfrm_aevent_etime
10
+ for i in '/proc/sys/net/core/xfrm_*'
+ echo -n '/proc/sys/net/core/xfrm_aevent_rseqth: '
/proc/sys/net/core/xfrm_aevent_rseqth: + cat
/proc/sys/net/core/xfrm_aevent_rseqth
2
+ for i in '/proc/sys/net/core/xfrm_*'
+ echo -n '/proc/sys/net/core/xfrm_larval_drop: '
/proc/sys/net/core/xfrm_larval_drop: + cat
/proc/sys/net/core/xfrm_larval_drop
0
+ _________________________ /proc/sys/net/ipsec-star
+ test -d /proc/sys/net/ipsec
+ _________________________ ipsec/status
+ ipsec auto --status
000 using kernel interface: netkey
000 %myid = (none)
000 debug none
000
000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64,
keysizemax=64
000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192,
keysizemax=192
000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8,
keysizemin=40, keysizemax=448
000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0,
keysizemax=0
000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128,
keysizemax=256
000 algorithm ESP encrypt: id=13, name=ESP_AES_CTR, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=14, name=ESP_AES_CCM_A, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=15, name=ESP_AES_CCM_B, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=16, name=ESP_AES_CCM_C, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=18, name=ESP_AES_GCM_A, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=19, name=ESP_AES_GCM_B, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=20, name=ESP_AES_GCM_C, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=22, name=ESP_CAMELLIA, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5,
keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1,
keysizemin=160, keysizemax=160
000 algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256,
keysizemin=256, keysizemax=256
000 algorithm ESP auth attr: id=8, name=AUTH_ALGORITHM_HMAC_RIPEMD,
keysizemin=160, keysizemax=160
000 algorithm ESP auth attr: id=9, name=AUTH_ALGORITHM_AES_CBC,
keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=251, name=(null), keysizemin=0, keysizemax=0
000
000 algorithm IKE encrypt: id=0, name=(null), blocksize=16, keydeflen=131
000 algorithm IKE encrypt: id=3, name=OAKLEY_BLOWFISH_CBC, blocksize=8,
keydeflen=128
000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8,
keydeflen=192
000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16,
keydeflen=128
000 algorithm IKE encrypt: id=65004, name=OAKLEY_SERPENT_CBC,
blocksize=16, keydeflen=128
000 algorithm IKE encrypt: id=65005, name=OAKLEY_TWOFISH_CBC,
blocksize=16, keydeflen=128
000 algorithm IKE encrypt: id=65289, name=OAKLEY_TWOFISH_CBC_SSH,
blocksize=16, keydeflen=128
000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20
000 algorithm IKE hash: id=4, name=OAKLEY_SHA2_256, hashsize=32
000 algorithm IKE hash: id=6, name=OAKLEY_SHA2_512, hashsize=64
000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
000
000 stats db_ops: {curr_cnt, total_cnt, maxsz} :context={0,0,0}
trans={0,0,0} attrs={0,0,0}
000
000 "vo":
192.168.10.0/24===67.220.126.196<67.220.126.196>[@vo,+S=C]...0.0.0.0---%any[@jingluo,+S=C]===192.168.200.56/32;
unrouted; eroute owner: #0
000 "vo": myip=unset; hisip=192.168.200.56;
000 "vo": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s;
rekey_fuzz: 100%; keyingtries: 0
000 "vo": policy: PSK+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW+lKOD+rKOD; prio:
24,32; interface: ;
000 "vo": newest ISAKMP SA: #0; newest IPsec SA: #0;
000 "vo": IKE algorithms wanted: AES_CBC(7)_256-SHA1(2)-MODP1536(5),
AES_CBC(7)_256-SHA1(2)-MODP1024(2); flags=-strict
000 "vo": IKE algorithms found: AES_CBC(7)_256-SHA1(2)_160-5,
AES_CBC(7)_256-SHA1(2)_160-2,
000 "vo": ESP algorithms wanted: AES(12)_256-SHA1(2); flags=-strict
000 "vo": ESP algorithms loaded: AES(12)_256-SHA1(2)_160
000 "vodmz":
192.168.8.0/24===67.220.126.196<67.220.126.196>[@vo,+S=C]...0.0.0.0---%any[@jingluo,+S=C]===192.168.200.56/32;
unrouted; eroute owner: #0
000 "vodmz": myip=unset; hisip=192.168.200.56;
000 "vodmz": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s;
rekey_fuzz: 100%; keyingtries: 0
000 "vodmz": policy: PSK+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW+lKOD+rKOD;
prio: 24,32; interface: ;
000 "vodmz": newest ISAKMP SA: #0; newest IPsec SA: #0;
000 "vodmz": IKE algorithms wanted:
AES_CBC(7)_256-SHA1(2)-MODP1536(5), AES_CBC(7)_256-SHA1(2)-MODP1024(2);
flags=-strict
000 "vodmz": IKE algorithms found: AES_CBC(7)_256-SHA1(2)_160-5,
AES_CBC(7)_256-SHA1(2)_160-2,
000 "vodmz": ESP algorithms wanted: AES(12)_256-SHA1(2); flags=-strict
000 "vodmz": ESP algorithms loaded: AES(12)_256-SHA1(2)_160
000
000
+ _________________________ ifconfig-a
+ ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:1A:A0:49:D6:F0
inet addr:192.168.15.3 Bcast:192.168.15.255 Mask:255.255.255.0
inet6 addr: fe80::21a:a0ff:fe49:d6f0/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:280 errors:0 dropped:0 overruns:0 frame:0
TX packets:293 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:232070 (226.6 KiB) TX bytes:59972 (58.5 KiB)
Interrupt:16
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:7774 errors:0 dropped:0 overruns:0 frame:0
TX packets:7774 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:388860 (379.7 KiB) TX bytes:388860 (379.7 KiB)
pan0 Link encap:Ethernet HWaddr 42:44:14:66:91:88
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
+ _________________________ ip-addr-list
+ ip addr list
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UP qlen 1000
link/ether 00:1a:a0:49:d6:f0 brd ff:ff:ff:ff:ff:ff
inet 192.168.15.3/24 brd 192.168.15.255 scope global eth0
inet6 fe80::21a:a0ff:fe49:d6f0/64 scope link
valid_lft forever preferred_lft forever
3: pan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN
link/ether 42:44:14:66:91:88 brd ff:ff:ff:ff:ff:ff
+ _________________________ ip-route-list
+ ip route list
192.168.15.0/24 dev eth0 proto kernel scope link src 192.168.15.3
default via 192.168.15.1 dev eth0 proto static
+ _________________________ ip-rule-list
+ ip rule list
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
+ _________________________ ipsec_verify
+ ipsec verify --nocolour
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.6.14/K2.6.27.5-41.fc9.i686 (netkey)
Checking for IPsec support in kernel [OK]
NETKEY detected, testing for disabled ICMP send_redirects [FAILED]
Please disable /proc/sys/net/ipv4/conf/*/send_redirects
or NETKEY will cause the sending of bogus ICMP redirects!
NETKEY detected, testing for disabled ICMP accept_redirects [FAILED]
Please disable /proc/sys/net/ipv4/conf/*/accept_redirects
or NETKEY will accept bogus ICMP redirects!
Checking for RSA private key (/etc/ipsec.secrets) [OK]
Checking that pluto is running [OK]
Pluto not listening on port udp 500. Check interfaces defintion in
ipsec.conf.Two or more interfaces found, checking IP forwarding
[FAILED]
Checking for 'ip' command [OK]
Checking for 'iptables' command [OK]
Opportunistic Encryption DNS checks:
Looking for TXT in forward dns zone: localhost.localdomain [MISSING]
Does the machine have at least one non-private address? [FAILED]
+ _________________________ mii-tool
+ '[' -x /sbin/mii-tool ']'
+ /sbin/mii-tool -v
eth0: negotiated 100baseTx-FD, link ok
product info: vendor 00:50:ef, model 14 rev 0
basic mode: autonegotiation enabled
basic status: autonegotiation complete, link ok
capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
link partner: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
+ _________________________ ipsec/directory
+ ipsec --directory
/usr/libexec/ipsec
+ _________________________ hostname/fqdn
+ hostname --fqdn
localhost.localdomain
+ _________________________ hostname/ipaddress
+ hostname --ip-address
127.0.0.1
+ _________________________ uptime
+ uptime
09:12:55 up 13 min, 2 users, load average: 0.18, 0.27, 0.19
+ _________________________ ps
+ ps alxwf
+ egrep -i 'ppid|pluto|ipsec|klips'
F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME COMMAND
4 0 4865 3471 20 0 5668 1136 wait S+ pts/1
0:00 \_ /bin/sh /usr/libexec/ipsec/barf
0 0 4984 4865 20 0 2044 504 pipe_w S+ pts/1
0:00 \_ egrep -i ppid|pluto|ipsec|klips
1 0 4642 1 20 0 2668 412 wait S pts/1 0:00
/bin/sh /usr/libexec/ipsec/_plutorun --debug --uniqueids no
--force_busy no --nocrsend no --strictcrlpolicy --nat_traversal yes
--keep_alive --protostack netkey --force_keepalive
--disable_port_floating --virtual_private --crlcheckinterval 0
--ocspuri --nhelpers --dump --opts --stderrlog --wait no --pre
--post --log daemon.error --plutorestartoncrash false --pid
/var/run/pluto/pluto.pid
1 0 4646 4642 20 0 2668 544 wait S pts/1 0:00 \_
/bin/sh /usr/libexec/ipsec/_plutorun --debug --uniqueids no
--force_busy no --nocrsend no --strictcrlpolicy --nat_traversal yes
--keep_alive --protostack netkey --force_keepalive
--disable_port_floating --virtual_private --crlcheckinterval 0
--ocspuri --nhelpers --dump --opts --stderrlog --wait no --pre
--post --log daemon.error --plutorestartoncrash false --pid
/var/run/pluto/pluto.pid
4 0 4647 4646 20 0 3260 1156 select S pts/1 0:00
| \_ /usr/libexec/ipsec/pluto --nofork --secretsfile
/etc/ipsec.secrets --use-netkey --nat_traversal
1 0 4648 4647 30 10 3268 580 unix_s SN pts/1 0:00
| \_ pluto helper #
0
0 0 4685 4647 20 0 1756 296 select S pts/1 0:00
| \_ _pluto_adns
4 0 4651 4642 20 0 2668 964 pipe_w S pts/1 0:00 \_
/bin/sh /usr/libexec/ipsec/_plutoload --wait no --post
4 0 4643 1 20 0 1808 504 pipe_w S pts/1 0:00
logger -s -p daemon.error -t ipsec__plutorun
+ _________________________ ipsec/showdefaults
+ ipsec showdefaults
ipsec showdefaults: cannot find defaults file `/var/run/pluto/ipsec.info'
+ _________________________ ipsec/conf
+ ipsec _include /etc/ipsec.conf
+ ipsec _keycensor
#< /etc/ipsec.conf 1
# /etc/ipsec.conf - Openswan IPsec configuration file
#
# Manual: ipsec.conf.5
#
# Please place your own config files in /etc/ipsec.d/ ending in .conf
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
# Debug-logging controls: "none" for (almost) none, "all" for lots.
# klipsdebug=none
# plutodebug="control parsing"
# For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
protostack=netkey
nat_traversal=yes
#< /etc/ipsec.d/ipsec.conf 1
conn vo
also=vocommon
rightsubnet=192.168.10.0/24
auto=start
conn vodmz
also=vocommon
rightsubnet=192.168.8.0/24
auto=start
conn vocommon
type=tunnel
left=%defaultroute
leftid=@jingluo
leftsourceip=192.168.200.56
leftsubnet=192.168.200.56/32
rightid=@vo
right=67.220.126.196
keyingtries=0
pfs=yes
authby=secret
auth=esp
ike=aes256-sha1
esp=aes256-sha1
keyexchange=ike
#> /etc/ipsec.conf 19
+ _________________________ ipsec/secrets
+ ipsec _include /etc/ipsec.secrets
+ ipsec _secretcensor
#< /etc/ipsec.secrets 1
#< /etc/ipsec.d/ipsec.secrets 1
@jingluo @vo : PSK "[sums to 3db3...]"
#> /etc/ipsec.secrets 2
+ _________________________ ipsec/listall
+ ipsec auto --listall
000
000 List of Public Keys:
000
000 List of Pre-shared secrets (from /etc/ipsec.secrets)
+ '[' /etc/ipsec.d/policies ']'
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/block
+ base=block
+ _________________________ ipsec/policies/block
+ cat /etc/ipsec.d/policies/block
# This file defines the set of CIDRs (network/mask-length) to which
# communication should never be allowed.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: block.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/clear
+ base=clear
+ _________________________ ipsec/policies/clear
+ cat /etc/ipsec.d/policies/clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be in the clear.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# root name servers should be in the clear
192.58.128.30/32
198.41.0.4/32
192.228.79.201/32
192.33.4.12/32
128.8.10.90/32
192.203.230.10/32
192.5.5.241/32
192.112.36.4/32
128.63.2.53/32
192.36.148.17/32
193.0.14.129/32
199.7.83.42/32
202.12.27.33/32
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/clear-or-private
+ base=clear-or-private
+ _________________________ ipsec/policies/clear-or-private
+ cat /etc/ipsec.d/policies/clear-or-private
# This file defines the set of CIDRs (network/mask-length) to which
# we will communicate in the clear, or, if the other side initiates IPSEC,
# using encryption. This behaviour is also called "Opportunistic
Responder".
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: clear-or-private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/private
+ base=private
+ _________________________ ipsec/policies/private
+ cat /etc/ipsec.d/policies/private
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be private (i.e. encrypted).
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/private-or-clear
+ base=private-or-clear
+ _________________________ ipsec/policies/private-or-clear
+ cat /etc/ipsec.d/policies/private-or-clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should be private, if possible, but in the clear otherwise.
#
# If the target has a TXT (later IPSECKEY) record that specifies
# authentication material, we will require private (i.e. encrypted)
# communications. If no such record is found, communications will be
# in the clear.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: private-or-clear.in,v 1.5 2003/02/17 02:22:15 mcr Exp $
#
0.0.0.0/0
+ _________________________ ipsec/ls-libdir
+ ls -l /usr/libexec/ipsec
total 2256
-rwxr-xr-x 1 root root 6056 Jun 6 2008 _copyright
-rwxr-xr-x 1 root root 2379 Jun 6 2008 _include
-rwxr-xr-x 1 root root 1475 Jun 6 2008 _keycensor
-rwxr-xr-x 1 root root 10088 Jun 6 2008 _pluto_adns
-rwxr-xr-x 1 root root 2632 Jun 6 2008 _plutoload
-rwxr-xr-x 1 root root 7602 Jun 6 2008 _plutorun
-rwxr-xr-x 1 root root 13746 Jun 6 2008 _realsetup
-rwxr-xr-x 1 root root 1975 Jun 6 2008 _secretcensor
-rwxr-xr-x 1 root root 9752 Jun 6 2008 _startklips
-rwxr-xr-x 1 root root 9752 Jun 6 2008 _startklips.old
-rwxr-xr-x 1 root root 4988 Jun 6 2008 _startnetkey
-rwxr-xr-x 1 root root 4949 Jun 6 2008 _updown
-rwxr-xr-x 1 root root 14030 Jun 6 2008 _updown.klips
-rwxr-xr-x 1 root root 14030 Jun 6 2008 _updown.klips.old
-rwxr-xr-x 1 root root 13739 Jun 6 2008 _updown.mast
-rwxr-xr-x 1 root root 13739 Jun 6 2008 _updown.mast.old
-rwxr-xr-x 1 root root 8337 Jun 6 2008 _updown.netkey
-rwxr-xr-x 1 root root 188348 Jun 6 2008 addconn
-rwxr-xr-x 1 root root 6129 Jun 6 2008 auto
-rwxr-xr-x 1 root root 10758 Jun 6 2008 barf
-rwxr-xr-x 1 root root 90088 Jun 6 2008 eroute
-rwxr-xr-x 1 root root 20708 Jun 6 2008 ikeping
-rwxr-xr-x 1 root root 69804 Jun 6 2008 klipsdebug
-rwxr-xr-x 1 root root 1836 Jun 6 2008 livetest
-rwxr-xr-x 1 root root 2591 Jun 6 2008 look
-rwxr-xr-x 1 root root 1921 Jun 6 2008 newhostkey
-rwxr-xr-x 1 root root 60840 Jun 6 2008 pf_key
-rwxr-xr-x 1 root root 957728 Jun 6 2008 pluto
-rwxr-xr-x 1 root root 10236 Jun 6 2008 ranbits
-rwxr-xr-x 1 root root 20176 Jun 6 2008 rsasigkey
-rwxr-xr-x 1 root root 766 Jun 6 2008 secrets
lrwxrwxrwx 1 root root 30 Jan 20 09:30 setup ->
../../../etc/rc.d/init.d/ipsec
-rwxr-xr-x 1 root root 1054 Jun 6 2008 showdefaults
-rwxr-xr-x 1 root root 219368 Jun 6 2008 showhostkey
-rwxr-xr-x 1 root root 22744 Jun 6 2008 showpolicy
-rwxr-xr-x 1 root root 148388 Jun 6 2008 spi
-rwxr-xr-x 1 root root 77336 Jun 6 2008 spigrp
-rwxr-xr-x 1 root root 69700 Jun 6 2008 tncfg
-rwxr-xr-x 1 root root 12526 Jun 6 2008 verify
-rwxr-xr-x 1 root root 50340 Jun 6 2008 whack
+ _________________________ ipsec/ls-execdir
+ ls -l /usr/libexec/ipsec
total 2256
-rwxr-xr-x 1 root root 6056 Jun 6 2008 _copyright
-rwxr-xr-x 1 root root 2379 Jun 6 2008 _include
-rwxr-xr-x 1 root root 1475 Jun 6 2008 _keycensor
-rwxr-xr-x 1 root root 10088 Jun 6 2008 _pluto_adns
-rwxr-xr-x 1 root root 2632 Jun 6 2008 _plutoload
-rwxr-xr-x 1 root root 7602 Jun 6 2008 _plutorun
-rwxr-xr-x 1 root root 13746 Jun 6 2008 _realsetup
-rwxr-xr-x 1 root root 1975 Jun 6 2008 _secretcensor
-rwxr-xr-x 1 root root 9752 Jun 6 2008 _startklips
-rwxr-xr-x 1 root root 9752 Jun 6 2008 _startklips.old
-rwxr-xr-x 1 root root 4988 Jun 6 2008 _startnetkey
-rwxr-xr-x 1 root root 4949 Jun 6 2008 _updown
-rwxr-xr-x 1 root root 14030 Jun 6 2008 _updown.klips
-rwxr-xr-x 1 root root 14030 Jun 6 2008 _updown.klips.old
-rwxr-xr-x 1 root root 13739 Jun 6 2008 _updown.mast
-rwxr-xr-x 1 root root 13739 Jun 6 2008 _updown.mast.old
-rwxr-xr-x 1 root root 8337 Jun 6 2008 _updown.netkey
-rwxr-xr-x 1 root root 188348 Jun 6 2008 addconn
-rwxr-xr-x 1 root root 6129 Jun 6 2008 auto
-rwxr-xr-x 1 root root 10758 Jun 6 2008 barf
-rwxr-xr-x 1 root root 90088 Jun 6 2008 eroute
-rwxr-xr-x 1 root root 20708 Jun 6 2008 ikeping
-rwxr-xr-x 1 root root 69804 Jun 6 2008 klipsdebug
-rwxr-xr-x 1 root root 1836 Jun 6 2008 livetest
-rwxr-xr-x 1 root root 2591 Jun 6 2008 look
-rwxr-xr-x 1 root root 1921 Jun 6 2008 newhostkey
-rwxr-xr-x 1 root root 60840 Jun 6 2008 pf_key
-rwxr-xr-x 1 root root 957728 Jun 6 2008 pluto
-rwxr-xr-x 1 root root 10236 Jun 6 2008 ranbits
-rwxr-xr-x 1 root root 20176 Jun 6 2008 rsasigkey
-rwxr-xr-x 1 root root 766 Jun 6 2008 secrets
lrwxrwxrwx 1 root root 30 Jan 20 09:30 setup ->
../../../etc/rc.d/init.d/ipsec
-rwxr-xr-x 1 root root 1054 Jun 6 2008 showdefaults
-rwxr-xr-x 1 root root 219368 Jun 6 2008 showhostkey
-rwxr-xr-x 1 root root 22744 Jun 6 2008 showpolicy
-rwxr-xr-x 1 root root 148388 Jun 6 2008 spi
-rwxr-xr-x 1 root root 77336 Jun 6 2008 spigrp
-rwxr-xr-x 1 root root 69700 Jun 6 2008 tncfg
-rwxr-xr-x 1 root root 12526 Jun 6 2008 verify
-rwxr-xr-x 1 root root 50340 Jun 6 2008 whack
+ _________________________ /proc/net/dev
+ cat /proc/net/dev
Inter-| Receive | Transmit
face |bytes packets errs drop fifo frame compressed
multicast|bytes packets errs drop fifo colls carrier compressed
lo: 388860 7774 0 0 0 0 0 0
388860 7774 0 0 0 0 0 0
eth0: 232513 283 0 0 0 0 0 0
60510 300 0 0 0 0 0 0
pan0: 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0
+ _________________________ /proc/net/route
+ cat /proc/net/route
Iface Destination Gateway Flags RefCnt Use Metric
Mask MTU Window
IRTT
eth0 000FA8C0 00000000 0001 0 0 0 00FFFFFF 0
0
0
eth0 00000000 010FA8C0 0003 0 0 0 00000000 0
0
0
+ _________________________ /proc/sys/net/ipv4/ip_no_pmtu_disc
+ cat /proc/sys/net/ipv4/ip_no_pmtu_disc
0
+ _________________________ /proc/sys/net/ipv4/ip_forward
+ cat /proc/sys/net/ipv4/ip_forward
0
+ _________________________ /proc/sys/net/ipv4/tcp_ecn
+ cat /proc/sys/net/ipv4/tcp_ecn
0
+ _________________________ /proc/sys/net/ipv4/conf/star-rp_filter
+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/rp_filter default/rp_filter eth0/rp_filter lo/rp_filter
pan0/rp_filter
all/rp_filter:0
default/rp_filter:1
eth0/rp_filter:1
lo/rp_filter:1
pan0/rp_filter:1
+ _________________________ /proc/sys/net/ipv4/conf/star-star-redirects
+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/accept_redirects all/secure_redirects all/send_redirects
default/accept_redirects default/secure_redirects default/send_redirects
eth0/accept_redirects eth0/secure_redirects eth0/send_redirects
lo/accept_redirects lo/secure_redirects lo/send_redirects
pan0/accept_redirects pan0/secure_redirects pan0/send_redirects
all/accept_redirects:1
all/secure_redirects:1
all/send_redirects:1
default/accept_redirects:1
default/secure_redirects:1
default/send_redirects:1
eth0/accept_redirects:1
eth0/secure_redirects:1
eth0/send_redirects:1
lo/accept_redirects:1
lo/secure_redirects:1
lo/send_redirects:1
pan0/accept_redirects:1
pan0/secure_redirects:1
pan0/send_redirects:1
+ _________________________ /proc/sys/net/ipv4/tcp_window_scaling
+ cat /proc/sys/net/ipv4/tcp_window_scaling
1
+ _________________________ /proc/sys/net/ipv4/tcp_adv_win_scale
+ cat /proc/sys/net/ipv4/tcp_adv_win_scale
2
+ _________________________ uname-a
+ uname -a
Linux localhost.localdomain 2.6.27.5-41.fc9.i686 #1 SMP Thu Nov 13
20:52:14 EST 2008 i686 i686 i386 GNU/Linux
+ _________________________ config-built-with
+ test -r /proc/config_built_with
+ _________________________ distro-release
+ for distro in /etc/redhat-release /etc/debian-release
/etc/SuSE-release /etc/mandrake-release /etc/mandriva-release
/etc/gentoo-release
+ test -f /etc/redhat-release
+ cat /etc/redhat-release
Fedora release 9 (Sulphur)
+ for distro in /etc/redhat-release /etc/debian-release
/etc/SuSE-release /etc/mandrake-release /etc/mandriva-release
/etc/gentoo-release
+ test -f /etc/debian-release
+ for distro in /etc/redhat-release /etc/debian-release
/etc/SuSE-release /etc/mandrake-release /etc/mandriva-release
/etc/gentoo-release
+ test -f /etc/SuSE-release
+ for distro in /etc/redhat-release /etc/debian-release
/etc/SuSE-release /etc/mandrake-release /etc/mandriva-release
/etc/gentoo-release
+ test -f /etc/mandrake-release
+ for distro in /etc/redhat-release /etc/debian-release
/etc/SuSE-release /etc/mandrake-release /etc/mandriva-release
/etc/gentoo-release
+ test -f /etc/mandriva-release
+ for distro in /etc/redhat-release /etc/debian-release
/etc/SuSE-release /etc/mandrake-release /etc/mandriva-release
/etc/gentoo-release
+ test -f /etc/gentoo-release
+ _________________________ /proc/net/ipsec_version
+ test -r /proc/net/ipsec_version
+ test -r /proc/net/pfkey
++ uname -r
+ echo 'NETKEY (2.6.27.5-41.fc9.i686) support detected '
NETKEY (2.6.27.5-41.fc9.i686) support detected
+ _________________________ iptables
+ test -r /sbin/iptables
+ iptables -L -v -n
+ _________________________ iptables-nat
+ iptables -t nat -L -v -n
+ _________________________ iptables-mangle
+ iptables -t mangle -L -v -n
+ _________________________ /proc/modules
+ test -f /proc/modules
+ cat /proc/modules
iptable_mangle 6656 0 - Live 0xfad5d000
iptable_nat 8712 0 - Live 0xfad7a000
nf_nat 17944 1 iptable_nat, Live 0xfad81000
ipcomp6 6912 0 - Live 0xfacdb000
ipcomp 6656 0 - Live 0xfac54000
ah6 9216 0 - Live 0xfad76000
ah4 8320 0 - Live 0xfacd3000
esp6 9472 0 - Live 0xfaccf000
esp4 9472 0 - Live 0xfaccb000
xfrm4_mode_beet 6400 0 - Live 0xfacbc000
xfrm4_tunnel 6272 0 - Live 0xfacb9000
xfrm4_mode_tunnel 6272 0 - Live 0xfacb6000
xfrm4_mode_transport 5760 0 - Live 0xfacb3000
xfrm6_mode_transport 5760 0 - Live 0xfac86000
xfrm6_mode_ro 5632 0 - Live 0xfac83000
xfrm6_mode_beet 6144 0 - Live 0xfac80000
xfrm6_mode_tunnel 6144 0 - Live 0xfac7d000
af_key 30356 0 - Live 0xfac66000
nls_utf8 5632 1 - Live 0xfad73000
deflate 6528 0 - Live 0xfad60000
zlib_deflate 21224 1 deflate, Live 0xfad6c000
ctr 7936 0 - Live 0xfad34000
camellia 22144 0 - Live 0xfad65000
bridge 43668 0 - Live 0xfad47000
stp 6148 1 bridge, Live 0xfad37000
bnep 14848 2 - Live 0xfad2a000
rfcomm 33936 4 - Live 0xfad53000
rmd160 14720 0 - Live 0xfad2f000
l2cap 21504 16 bnep,rfcomm, Live 0xfad18000
bluetooth 48608 5 bnep,rfcomm,l2cap, Live 0xfad3a000
crypto_null 6784 0 - Live 0xfad0f000
ccm 11776 0 - Live 0xfad26000
serpent 22912 0 - Live 0xfad1f000
blowfish 12032 0 - Live 0xfacf7000
twofish 10880 0 - Live 0xfad0b000
twofish_common 17024 1 twofish, Live 0xfad12000
ecb 6528 0 - Live 0xfad08000
xcbc 8200 0 - Live 0xfad04000
cbc 7168 0 - Live 0xfacfb000
crypto_blkcipher 18052 5 ctr,crypto_null,ccm,ecb,cbc, Live 0xfacfe000
sha256_generic 16128 0 - Live 0xfacee000
sha512_generic 11904 0 - Live 0xfacf3000
des_generic 20352 0 - Live 0xfacde000
aes_i586 11648 0 - Live 0xfacbf000
aes_generic 31144 1 aes_i586, Live 0xface5000
xfrm_ipcomp 8584 2 ipcomp6,ipcomp, Live 0xfacd7000
aead 9600 3 esp6,esp4,ccm, Live 0xfacc3000
tunnel4 6792 1 xfrm4_tunnel, Live 0xfac51000
xfrm6_tunnel 9860 1 ipcomp6, Live 0xfac62000
tunnel6 6664 1 xfrm6_tunnel, Live 0xfac5f000
fuse 49436 3 - Live 0xfac6f000
sunrpc 155924 3 - Live 0xfac8b000
ipt_REJECT 6656 2 - Live 0xfac5c000
nf_conntrack_ipv4 11528 5 iptable_nat,nf_nat, Live 0xfab28000
iptable_filter 6528 1 - Live 0xfac40000
ip_tables 13712 3 iptable_mangle,iptable_nat,iptable_filter, Live 0xfac57000
ip6t_REJECT 7296 2 - Live 0xfac38000
xt_tcpudp 6656 2 - Live 0xfac35000
nf_conntrack_ipv6 15864 2 - Live 0xfac3b000
xt_state 5888 4 - Live 0xfac32000
nf_conntrack 51424 5
iptable_nat,nf_nat,nf_conntrack_ipv4,nf_conntrack_ipv6,xt_state, Live
0xfac43000
ip6table_filter 6400 1 - Live 0xfab2c000
ip6_tables 14736 1 ip6table_filter, Live 0xf8ade000
x_tables 15236 7
iptable_nat,ipt_REJECT,ip_tables,ip6t_REJECT,xt_tcpudp,xt_state,ip6_tables,
Live 0xf8ad1000
cpufreq_ondemand 9868 2 - Live 0xf8ada000
acpi_cpufreq 12172 0 - Live 0xf8ad6000
dm_multipath 17292 0 - Live 0xf8a59000
scsi_dh 9476 1 dm_multipath, Live 0xf89d2000
radeon 119044 2 - Live 0xf8b08000
drm 146404 3 radeon, Live 0xf8ae3000
ipv6 230260 39
ipcomp6,ah6,esp6,xfrm6_mode_beet,xfrm6_mode_tunnel,xfrm6_tunnel,tunnel6,ip6t_REJECT,nf_conntrack_ipv6,
Live 0xf8a1f000
snd_hda_intel 351380 4 - Live 0xf8a5f000
snd_seq_dummy 6660 0 - Live 0xf89a3000
snd_seq_oss 30364 0 - Live 0xf89e3000
snd_seq_midi_event 9600 1 snd_seq_oss, Live 0xf89b0000
snd_seq 48576 5 snd_seq_dummy,snd_seq_oss,snd_seq_midi_event, Live
0xf89d6000
snd_seq_device 9996 3 snd_seq_dummy,snd_seq_oss,snd_seq, Live 0xf89ac000
snd_pcm_oss 42496 0 - Live 0xf89ba000
snd_mixer_oss 16896 1 snd_pcm_oss, Live 0xf89a6000
snd_pcm 65924 3 snd_hda_intel,snd_pcm_oss, Live 0xf896e000
snd_timer 22024 2 snd_seq,snd_pcm, Live 0xf8926000
snd_page_alloc 11016 2 snd_hda_intel,snd_pcm, Live 0xf896a000
snd_hwdep 10500 1 snd_hda_intel, Live 0xf8937000
ppdev 10372 0 - Live 0xf8933000
snd 50744 17
snd_hda_intel,snd_seq_dummy,snd_seq_oss,snd_seq,snd_seq_device,snd_pcm_oss,snd_mixer_oss,snd_pcm,snd_timer,snd_hwdep,
Live 0xf8991000
parport_pc 25620 0 - Live 0xf893d000
parport 31956 2 ppdev,parport_pc, Live 0xf8961000
dcdbas 10272 0 - Live 0xf891e000
sr_mod 17064 1 - Live 0xf892d000
tg3 107780 0 - Live 0xf8945000
serio_raw 8836 0 - Live 0xf8922000
libphy 18560 1 tg3, Live 0xf88fd000
soundcore 9416 1 snd, Live 0xf891a000
iTCO_wdt 13732 0 - Live 0xf8903000
cdrom 32664 1 sr_mod, Live 0xf8911000
i2c_i801 12048 0 - Live 0xf88ca000
iTCO_vendor_support 6916 1 iTCO_wdt, Live 0xf8834000
pcspkr 6272 0 - Live 0xf88ba000
i2c_core 21396 2 drm,i2c_i801, Live 0xf88f0000
sg 31028 0 - Live 0xf8908000
dm_snapshot 19364 0 - Live 0xf88f7000
dm_zero 5632 0 - Live 0xf88ad000
dm_mirror 19968 0 - Live 0xf88b4000
dm_log 12164 1 dm_mirror, Live 0xf884e000
dm_mod 48692 10 dm_multipath,dm_snapshot,dm_zero,dm_mirror,dm_log, Live
0xf88bd000
pata_acpi 7680 0 - Live 0xf884b000
ata_generic 8452 0 - Live 0xf8847000
ata_piix 24836 3 - Live 0xf88a5000
libata 134380 3 pata_acpi,ata_generic,ata_piix, Live 0xf88ce000
sd_mod 32408 3 - Live 0xf889c000
scsi_mod 123772 5 scsi_dh,sr_mod,sg,libata,sd_mod, Live 0xf885f000
crc_t10dif 5632 1 sd_mod, Live 0xf8844000
ext3 109192 2 - Live 0xf8880000
jbd 42900 1 ext3, Live 0xf8853000
mbcache 10244 1 ext3, Live 0xf8839000
uhci_hcd 23312 0 - Live 0xf883d000
ohci_hcd 24336 0 - Live 0xf8824000
ehci_hcd 32524 0 - Live 0xf882b000
+ _________________________ /proc/meminfo
+ cat /proc/meminfo
MemTotal: 2072476 kB
MemFree: 1448564 kB
Buffers: 16808 kB
Cached: 200772 kB
SwapCached: 0 kB
Active: 394208 kB
Inactive: 105636 kB
HighTotal: 1177596 kB
HighFree: 683760 kB
LowTotal: 894880 kB
LowFree: 764804 kB
SwapTotal: 2031608 kB
SwapFree: 2031608 kB
Dirty: 116 kB
Writeback: 0 kB
AnonPages: 282396 kB
Mapped: 68340 kB
Slab: 25928 kB
SReclaimable: 10220 kB
SUnreclaim: 15708 kB
PageTables: 5136 kB
NFS_Unstable: 0 kB
Bounce: 0 kB
WritebackTmp: 0 kB
CommitLimit: 3067844 kB
Committed_AS: 878784 kB
VmallocTotal: 110584 kB
VmallocUsed: 38328 kB
VmallocChunk: 72156 kB
HugePages_Total: 0
HugePages_Free: 0
HugePages_Rsvd: 0
HugePages_Surp: 0
Hugepagesize: 4096 kB
DirectMap4k: 8192 kB
DirectMap4M: 909312 kB
+ _________________________ /proc/net/ipsec-ls
+ test -f /proc/net/ipsec_version
+ _________________________ usr/src/linux/.config
+ test -f /proc/config.gz
++ uname -r
+ test -f /lib/modules/2.6.27.5-41.fc9.i686/build/.config
+ echo 'no .config file found, cannot list kernel properties'
no .config file found, cannot list kernel properties
+ _________________________ etc/syslog.conf
+ _________________________ etc/syslog-ng/syslog-ng.conf
+ cat /etc/syslog-ng/syslog-ng.conf
cat: /etc/syslog-ng/syslog-ng.conf: No such file or directory
+ cat /etc/syslog.conf
cat: /etc/syslog.conf: No such file or directory
+ _________________________ etc/resolv.conf
+ cat /etc/resolv.conf
# generated by NetworkManager, do not edit!
nameserver 192.168.15.1
+ _________________________ lib/modules-ls
+ ls -ltr /lib/modules
total 12
drwxr-xr-x 7 root root 4096 Oct 24 17:56 2.6.26.6-79.fc9.i686
drwxr-xr-x 7 root root 4096 Nov 15 12:00 2.6.27.5-37.fc9.i686
drwxr-xr-x 7 root root 4096 Nov 19 13:03 2.6.27.5-41.fc9.i686
+ _________________________ /proc/ksyms-netif_rx
+ test -r /proc/ksyms
+ test -r /proc/kallsyms
+ egrep netif_rx /proc/kallsyms
c05d6055 T netif_rx
c05d6697 T netif_rx_ni
c072abbc r __ksymtab_netif_rx
c072acc4 r __ksymtab_netif_rx_ni
c073b292 r __kstrtab_netif_rx
c073b4ce r __kstrtab_netif_rx_ni
c05d6697 u netif_rx_ni [bnep]
c05d6055 u netif_rx [ipv6]
f894f103 t netif_rx_schedule [tg3]
f8950af8 t netif_rx_complete [tg3]
+ _________________________ lib/modules-netif_rx
+ modulegoo kernel/net/ipv4/ipip.o netif_rx
+ set +x
2.6.26.6-79.fc9.i686:
2.6.27.5-37.fc9.i686:
2.6.27.5-41.fc9.i686:
+ _________________________ kern.debug
+ test -f /var/log/kern.debug
+ _________________________ klog
+ sed -n '5304,$p' /var/log/messages
+ egrep -i 'ipsec|klips|pluto'
+ case "$1" in
+ cat
Jan 21 09:10:00 localhost ipsec_setup: Starting Openswan IPsec
U2.6.14/K2.6.27.5-41.fc9.i686...
Jan 21 09:10:00 localhost ipsec_setup:
Jan 21 09:10:00 localhost ipsec_setup:
Jan 21 09:10:00 localhost setroubleshoot: SELinux is preventing logger
(ipsec_mgmt_t) "write" to log (devlog_t). For complete SELinux messages.
run sealert -l 68eff3d4-9eec-4f59-91c1-4d0cde3d88a2
Jan 21 09:10:00 localhost setroubleshoot: SELinux is preventing logger
(ipsec_mgmt_t) "write" to log (devlog_t). For complete SELinux messages.
run sealert -l 68eff3d4-9eec-4f59-91c1-4d0cde3d88a2
Jan 21 09:10:01 localhost setroubleshoot: SELinux is preventing logger
(ipsec_mgmt_t) "write" to log (devlog_t). For complete SELinux messages.
run sealert -l 68eff3d4-9eec-4f59-91c1-4d0cde3d88a2
Jan 21 09:10:01 localhost setroubleshoot: SELinux is preventing pluto
(ipsec_t) "search" to ./home (home_root_t). For complete SELinux
messages. run sealert -l 606544c1-5dfb-428e-badb-d719177ea1a7
Jan 21 09:10:01 localhost setroubleshoot: SELinux is preventing pluto
(ipsec_t) "search" to ./home (home_root_t). For complete SELinux
messages. run sealert -l 606544c1-5dfb-428e-badb-d719177ea1a7
Jan 21 09:10:01 localhost setroubleshoot: SELinux is preventing logger
(ipsec_mgmt_t) "write" to log (devlog_t). For complete SELinux messages.
run sealert -l 68eff3d4-9eec-4f59-91c1-4d0cde3d88a2
Jan 21 09:10:02 localhost setroubleshoot: SELinux is preventing logger
(ipsec_mgmt_t) "write" to log (devlog_t). For complete SELinux messages.
run sealert -l 68eff3d4-9eec-4f59-91c1-4d0cde3d88a2
Jan 21 09:10:02 localhost setroubleshoot: SELinux is preventing auto
(ipsec_mgmt_t) "execute_no_trans" to /bin/bash (shell_exec_t). For
complete SELinux messages. run sealert -l
12b4c94d-97f6-41cb-886f-048b26a24b1f
Jan 21 09:10:02 localhost setroubleshoot: SELinux is preventing logger
(ipsec_mgmt_t) "write" to log (devlog_t). For complete SELinux messages.
run sealert -l 68eff3d4-9eec-4f59-91c1-4d0cde3d88a2
Jan 21 09:10:02 localhost setroubleshoot: SELinux is preventing auto
(ipsec_mgmt_t) "execute_no_trans" to /bin/bash (shell_exec_t). For
complete SELinux messages. run sealert -l
12b4c94d-97f6-41cb-886f-048b26a24b1f
Jan 21 09:10:03 localhost setroubleshoot: SELinux is preventing logger
(ipsec_mgmt_t) "write" to log (devlog_t). For complete SELinux messages.
run sealert -l 68eff3d4-9eec-4f59-91c1-4d0cde3d88a2
Jan 21 09:10:03 localhost setroubleshoot: SELinux is preventing auto
(ipsec_mgmt_t) "execute_no_trans" to /bin/bash (shell_exec_t). For
complete SELinux messages. run sealert -l
12b4c94d-97f6-41cb-886f-048b26a24b1f
Jan 21 09:10:03 localhost setroubleshoot: SELinux is preventing logger
(ipsec_mgmt_t) "write" to log (devlog_t). For complete SELinux messages.
run sealert -l 68eff3d4-9eec-4f59-91c1-4d0cde3d88a2
Jan 21 09:10:04 localhost setroubleshoot: SELinux is preventing auto
(ipsec_mgmt_t) "execute_no_trans" to /bin/bash (shell_exec_t). For
complete SELinux messages. run sealert -l
12b4c94d-97f6-41cb-886f-048b26a24b1f
Jan 21 09:10:04 localhost setroubleshoot: SELinux is preventing logger
(ipsec_mgmt_t) "write" to log (devlog_t). For complete SELinux messages.
run sealert -l 68eff3d4-9eec-4f59-91c1-4d0cde3d88a2
Jan 21 09:10:04 localhost setroubleshoot: SELinux is preventing auto
(ipsec_mgmt_t) "execute_no_trans" to /bin/bash (shell_exec_t). For
complete SELinux messages. run sealert -l
12b4c94d-97f6-41cb-886f-048b26a24b1f
Jan 21 09:10:04 localhost setroubleshoot: SELinux is preventing logger
(ipsec_mgmt_t) "write" to log (devlog_t). For complete SELinux messages.
run sealert -l 68eff3d4-9eec-4f59-91c1-4d0cde3d88a2
+ _________________________ plog
+ sed -n '2,$p' /var/log/secure
+ egrep -i pluto
+ case "$1" in
+ cat
Jan 20 09:48:52 localhost pluto[13851]: Starting Pluto (Openswan Version
2.6.14; Vendor ID OEoSJUweaqAX) pid:13851
Jan 20 09:48:52 localhost pluto[13851]: Setting NAT-Traversal port-4500
floating to on
Jan 20 09:48:52 localhost pluto[13851]: port floating activation
criteria nat_t=1/port_float=1
Jan 20 09:48:52 localhost pluto[13851]: including NAT-Traversal patch
(Version 0.6c)
Jan 20 09:48:52 localhost pluto[13851]: using /dev/urandom as source of
random entropy
Jan 20 09:48:52 localhost pluto[13851]: ike_alg_register_enc():
Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
Jan 20 09:48:52 localhost pluto[13851]: ike_alg_register_enc():
Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
Jan 20 09:48:52 localhost pluto[13851]: ike_alg_register_enc():
Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
Jan 20 09:48:52 localhost pluto[13851]: ike_alg_register_enc():
Activating OAKLEY_AES_CBC: Ok (ret=0)
Jan 20 09:48:52 localhost pluto[13851]: ike_alg_register_enc():
Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
Jan 20 09:48:52 localhost pluto[13851]: ike_alg_register_hash():
Activating OAKLEY_SHA2_512: Ok (ret=0)
Jan 20 09:48:52 localhost pluto[13851]: ike_alg_register_hash():
Activating OAKLEY_SHA2_256: Ok (ret=0)
Jan 20 09:48:52 localhost pluto[13851]: starting up 1 cryptographic helpers
Jan 20 09:48:52 localhost pluto[13851]: started helper pid=13852 (fd:7)
Jan 20 09:48:52 localhost pluto[13851]: Using Linux 2.6 IPsec interface
code on 2.6.27.5-41.fc9.i686 (experimental code)
Jan 20 09:48:52 localhost pluto[13852]: using /dev/urandom as source of
random entropy
Jan 20 09:48:53 localhost pluto[13851]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 20 09:48:53 localhost pluto[13851]: ike_alg_register_enc():
Activating <NULL>: Ok (ret=0)
Jan 20 09:48:53 localhost pluto[13851]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 20 09:48:53 localhost pluto[13851]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 20 09:48:53 localhost pluto[13851]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 20 09:48:53 localhost pluto[13851]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 20 09:48:53 localhost pluto[13851]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 20 09:48:53 localhost pluto[13851]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 20 09:48:53 localhost pluto[13851]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 20 09:48:53 localhost pluto[13851]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 20 09:48:53 localhost pluto[13851]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 20 09:48:53 localhost pluto[13851]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 20 09:48:53 localhost pluto[13851]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 20 09:48:53 localhost pluto[13851]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 20 09:48:53 localhost pluto[13851]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 20 09:48:53 localhost pluto[13851]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 20 09:48:53 localhost pluto[13851]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 20 09:48:53 localhost pluto[13851]: Could not change to directory
'/etc/ipsec.d/cacerts': /usr/sbin
Jan 20 09:48:53 localhost pluto[13851]: Could not change to directory
'/etc/ipsec.d/aacerts': /usr/sbin
Jan 20 09:48:53 localhost pluto[13851]: Could not change to directory
'/etc/ipsec.d/ocspcerts': /usr/sbin
Jan 20 09:48:53 localhost pluto[13851]: Could not change to directory
'/etc/ipsec.d/crls'
Jan 20 09:48:53 localhost pluto[13851]: Changing back to directory
'/usr/sbin' failed - (2 No such file or directory)
Jan 20 09:48:53 localhost pluto[13851]: Changing back to directory
'/usr/sbin' failed - (2 No such file or directory)
Jan 20 09:48:53 localhost pluto[13851]: added connection description "vo"
Jan 20 09:48:53 localhost pluto[13851]: added connection description "vodmz"
Jan 20 09:49:32 localhost pluto[13851]: loading secrets from
"/etc/ipsec.secrets"
Jan 20 09:49:32 localhost pluto[13851]: no secrets filename matched
"/etc/ipsec.d/*.secrets"
Jan 20 09:56:08 localhost pluto[13851]: forgetting secrets
Jan 20 09:56:08 localhost pluto[13851]: no secrets filename matched
"/etc/ipsec.secrets"
Jan 20 09:56:24 localhost pluto[13851]: loading secrets from
"/etc/ipsec.secrets"
Jan 20 09:56:24 localhost pluto[13851]: no secrets filename matched
"/etc/ipsec.d/*.secrets"
Jan 20 09:57:04 localhost pluto[13851]: shutting down
Jan 20 09:57:04 localhost pluto[13851]: forgetting secrets
Jan 20 09:57:04 localhost pluto[13851]: "vodmz": deleting connection
Jan 20 09:57:04 localhost pluto[13851]: "vo": deleting connection
Jan 20 09:57:05 localhost pluto[14592]: Starting Pluto (Openswan Version
2.6.14; Vendor ID OEoSJUweaqAX) pid:14592
Jan 20 09:57:05 localhost pluto[14592]: Setting NAT-Traversal port-4500
floating to on
Jan 20 09:57:05 localhost pluto[14592]: port floating activation
criteria nat_t=1/port_float=1
Jan 20 09:57:05 localhost pluto[14592]: including NAT-Traversal patch
(Version 0.6c)
Jan 20 09:57:05 localhost pluto[14592]: using /dev/urandom as source of
random entropy
Jan 20 09:57:05 localhost pluto[14592]: ike_alg_register_enc():
Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
Jan 20 09:57:05 localhost pluto[14592]: ike_alg_register_enc():
Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
Jan 20 09:57:05 localhost pluto[14592]: ike_alg_register_enc():
Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
Jan 20 09:57:05 localhost pluto[14592]: ike_alg_register_enc():
Activating OAKLEY_AES_CBC: Ok (ret=0)
Jan 20 09:57:05 localhost pluto[14592]: ike_alg_register_enc():
Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
Jan 20 09:57:05 localhost pluto[14592]: ike_alg_register_hash():
Activating OAKLEY_SHA2_512: Ok (ret=0)
Jan 20 09:57:05 localhost pluto[14592]: ike_alg_register_hash():
Activating OAKLEY_SHA2_256: Ok (ret=0)
Jan 20 09:57:05 localhost pluto[14592]: starting up 1 cryptographic helpers
Jan 20 09:57:05 localhost pluto[14601]: using /dev/urandom as source of
random entropy
Jan 20 09:57:05 localhost pluto[14592]: started helper pid=14601 (fd:7)
Jan 20 09:57:05 localhost pluto[14592]: Using Linux 2.6 IPsec interface
code on 2.6.27.5-41.fc9.i686 (experimental code)
Jan 20 09:57:06 localhost pluto[14592]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 20 09:57:06 localhost pluto[14592]: ike_alg_register_enc():
Activating <NULL>: Ok (ret=0)
Jan 20 09:57:06 localhost pluto[14592]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 20 09:57:06 localhost pluto[14592]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 20 09:57:06 localhost pluto[14592]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 20 09:57:06 localhost pluto[14592]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 20 09:57:06 localhost pluto[14592]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 20 09:57:06 localhost pluto[14592]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 20 09:57:06 localhost pluto[14592]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 20 09:57:06 localhost pluto[14592]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 20 09:57:06 localhost pluto[14592]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 20 09:57:06 localhost pluto[14592]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 20 09:57:06 localhost pluto[14592]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 20 09:57:06 localhost pluto[14592]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 20 09:57:06 localhost pluto[14592]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 20 09:57:06 localhost pluto[14592]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 20 09:57:06 localhost pluto[14592]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 20 09:57:06 localhost pluto[14592]: Could not change to directory
'/etc/ipsec.d/cacerts': /etc
Jan 20 09:57:06 localhost pluto[14592]: Could not change to directory
'/etc/ipsec.d/aacerts': /etc
Jan 20 09:57:06 localhost pluto[14592]: Could not change to directory
'/etc/ipsec.d/ocspcerts': /etc
Jan 20 09:57:06 localhost pluto[14592]: Could not change to directory
'/etc/ipsec.d/crls'
Jan 20 09:57:06 localhost pluto[14592]: Changing back to directory
'/etc' failed - (2 No such file or directory)
Jan 20 09:57:06 localhost pluto[14592]: Changing back to directory
'/etc' failed - (2 No such file or directory)
Jan 20 09:57:06 localhost pluto[14592]: added connection description "vo"
Jan 20 09:57:06 localhost pluto[14592]: added connection description "vodmz"
Jan 20 09:57:08 localhost pluto[14592]: loading secrets from
"/etc/ipsec.secrets"
Jan 20 09:57:08 localhost pluto[14592]: no secrets filename matched
"/etc/ipsec.d/*.secrets"
Jan 20 09:59:17 localhost pluto[14592]: forgetting secrets
Jan 20 09:59:17 localhost pluto[14592]: loading secrets from
"/etc/ipsec.secrets"
Jan 20 09:59:17 localhost pluto[14592]: loading secrets from
"/etc/ipsec.d/ipsec.secrets"
Jan 20 10:01:37 localhost pluto[14592]: "vo": deleting connection
Jan 20 10:01:37 localhost pluto[14592]: added connection description "vo"
Jan 20 10:01:43 localhost pluto[14592]: "vodmz": deleting connection
Jan 20 10:01:43 localhost pluto[14592]: added connection description "vodmz"
Jan 20 10:07:07 localhost pluto[14592]: shutting down
Jan 20 10:07:07 localhost pluto[14592]: forgetting secrets
Jan 20 10:07:07 localhost pluto[14592]: "vodmz": deleting connection
Jan 20 10:07:07 localhost pluto[14592]: "vo": deleting connection
Jan 20 10:07:09 localhost pluto[15199]: Starting Pluto (Openswan Version
2.6.14; Vendor ID OEoSJUweaqAX) pid:15199
Jan 20 10:07:09 localhost pluto[15199]: Setting NAT-Traversal port-4500
floating to on
Jan 20 10:07:09 localhost pluto[15199]: port floating activation
criteria nat_t=1/port_float=1
Jan 20 10:07:09 localhost pluto[15199]: including NAT-Traversal patch
(Version 0.6c)
Jan 20 10:07:09 localhost pluto[15199]: using /dev/urandom as source of
random entropy
Jan 20 10:07:09 localhost pluto[15199]: ike_alg_register_enc():
Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
Jan 20 10:07:09 localhost pluto[15199]: ike_alg_register_enc():
Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
Jan 20 10:07:09 localhost pluto[15199]: ike_alg_register_enc():
Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
Jan 20 10:07:09 localhost pluto[15199]: ike_alg_register_enc():
Activating OAKLEY_AES_CBC: Ok (ret=0)
Jan 20 10:07:09 localhost pluto[15199]: ike_alg_register_enc():
Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
Jan 20 10:07:09 localhost pluto[15199]: ike_alg_register_hash():
Activating OAKLEY_SHA2_512: Ok (ret=0)
Jan 20 10:07:09 localhost pluto[15199]: ike_alg_register_hash():
Activating OAKLEY_SHA2_256: Ok (ret=0)
Jan 20 10:07:09 localhost pluto[15199]: starting up 1 cryptographic helpers
Jan 20 10:07:09 localhost pluto[15201]: using /dev/urandom as source of
random entropy
Jan 20 10:07:09 localhost pluto[15199]: started helper pid=15201 (fd:7)
Jan 20 10:07:09 localhost pluto[15199]: Using Linux 2.6 IPsec interface
code on 2.6.27.5-41.fc9.i686 (experimental code)
Jan 20 10:07:10 localhost pluto[15199]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 20 10:07:10 localhost pluto[15199]: ike_alg_register_enc():
Activating <NULL>: Ok (ret=0)
Jan 20 10:07:10 localhost pluto[15199]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 20 10:07:10 localhost pluto[15199]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 20 10:07:10 localhost pluto[15199]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 20 10:07:10 localhost pluto[15199]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 20 10:07:10 localhost pluto[15199]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 20 10:07:10 localhost pluto[15199]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 20 10:07:10 localhost pluto[15199]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 20 10:07:10 localhost pluto[15199]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 20 10:07:10 localhost pluto[15199]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 20 10:07:10 localhost pluto[15199]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 20 10:07:10 localhost pluto[15199]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 20 10:07:10 localhost pluto[15199]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 20 10:07:10 localhost pluto[15199]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 20 10:07:10 localhost pluto[15199]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 20 10:07:10 localhost pluto[15199]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 20 10:07:10 localhost pluto[15199]: Could not change to directory
'/etc/ipsec.d/cacerts': /etc
Jan 20 10:07:10 localhost pluto[15199]: Could not change to directory
'/etc/ipsec.d/aacerts': /etc
Jan 20 10:07:10 localhost pluto[15199]: Could not change to directory
'/etc/ipsec.d/ocspcerts': /etc
Jan 20 10:07:10 localhost pluto[15199]: Could not change to directory
'/etc/ipsec.d/crls'
Jan 20 10:07:10 localhost pluto[15199]: Changing back to directory
'/etc' failed - (2 No such file or directory)
Jan 20 10:07:10 localhost pluto[15199]: Changing back to directory
'/etc' failed - (2 No such file or directory)
Jan 20 10:07:10 localhost pluto[15199]: added connection description "vo"
Jan 20 10:07:10 localhost pluto[15199]: added connection description "vodmz"
Jan 20 10:17:24 localhost pluto[15199]: shutting down
Jan 20 10:17:24 localhost pluto[15199]: "vodmz": deleting connection
Jan 20 10:17:24 localhost pluto[15199]: "vo": deleting connection
Jan 20 10:17:27 localhost pluto[15738]: Starting Pluto (Openswan Version
2.6.14; Vendor ID OEoSJUweaqAX) pid:15738
Jan 20 10:17:27 localhost pluto[15738]: Setting NAT-Traversal port-4500
floating to on
Jan 20 10:17:27 localhost pluto[15738]: port floating activation
criteria nat_t=1/port_float=1
Jan 20 10:17:27 localhost pluto[15738]: including NAT-Traversal patch
(Version 0.6c)
Jan 20 10:17:27 localhost pluto[15738]: using /dev/urandom as source of
random entropy
Jan 20 10:17:27 localhost pluto[15738]: ike_alg_register_enc():
Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
Jan 20 10:17:27 localhost pluto[15738]: ike_alg_register_enc():
Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
Jan 20 10:17:27 localhost pluto[15738]: ike_alg_register_enc():
Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
Jan 20 10:17:27 localhost pluto[15738]: ike_alg_register_enc():
Activating OAKLEY_AES_CBC: Ok (ret=0)
Jan 20 10:17:27 localhost pluto[15738]: ike_alg_register_enc():
Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
Jan 20 10:17:27 localhost pluto[15738]: ike_alg_register_hash():
Activating OAKLEY_SHA2_512: Ok (ret=0)
Jan 20 10:17:27 localhost pluto[15738]: ike_alg_register_hash():
Activating OAKLEY_SHA2_256: Ok (ret=0)
Jan 20 10:17:27 localhost pluto[15738]: starting up 1 cryptographic helpers
Jan 20 10:17:27 localhost pluto[15744]: using /dev/urandom as source of
random entropy
Jan 20 10:17:27 localhost pluto[15738]: started helper pid=15744 (fd:7)
Jan 20 10:17:27 localhost pluto[15738]: Using Linux 2.6 IPsec interface
code on 2.6.27.5-41.fc9.i686 (experimental code)
Jan 20 10:17:27 localhost pluto[15738]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 20 10:17:27 localhost pluto[15738]: ike_alg_register_enc():
Activating <NULL>: Ok (ret=0)
Jan 20 10:17:27 localhost pluto[15738]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 20 10:17:27 localhost pluto[15738]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 20 10:17:27 localhost pluto[15738]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 20 10:17:27 localhost pluto[15738]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 20 10:17:27 localhost pluto[15738]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 20 10:17:27 localhost pluto[15738]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 20 10:17:27 localhost pluto[15738]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 20 10:17:27 localhost pluto[15738]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 20 10:17:27 localhost pluto[15738]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 20 10:17:27 localhost pluto[15738]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 20 10:17:27 localhost pluto[15738]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 20 10:17:27 localhost pluto[15738]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 20 10:17:27 localhost pluto[15738]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 20 10:17:27 localhost pluto[15738]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 20 10:17:27 localhost pluto[15738]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 20 10:17:27 localhost pluto[15738]: Could not change to directory
'/etc/ipsec.d/cacerts': /etc
Jan 20 10:17:27 localhost pluto[15738]: Could not change to directory
'/etc/ipsec.d/aacerts': /etc
Jan 20 10:17:27 localhost pluto[15738]: Could not change to directory
'/etc/ipsec.d/ocspcerts': /etc
Jan 20 10:17:27 localhost pluto[15738]: Could not change to directory
'/etc/ipsec.d/crls'
Jan 20 10:17:27 localhost pluto[15738]: Changing back to directory
'/etc' failed - (2 No such file or directory)
Jan 20 10:17:27 localhost pluto[15738]: Changing back to directory
'/etc' failed - (2 No such file or directory)
Jan 20 10:17:27 localhost pluto[15738]: added connection description "vo"
Jan 20 10:17:27 localhost pluto[15738]: added connection description "vodmz"
Jan 21 08:59:07 localhost pluto[15738]: shutting down
Jan 21 08:59:07 localhost pluto[15738]: "vodmz": deleting connection
Jan 21 08:59:07 localhost pluto[15738]: "vo": deleting connection
Jan 21 09:00:20 localhost pluto[2326]: Starting Pluto (Openswan Version
2.6.14; Vendor ID OEoSJUweaqAX) pid:2326
Jan 21 09:00:20 localhost pluto[2326]: Setting NAT-Traversal port-4500
floating to on
Jan 21 09:00:20 localhost pluto[2326]: port floating activation
criteria nat_t=1/port_float=1
Jan 21 09:00:20 localhost pluto[2326]: including NAT-Traversal patch
(Version 0.6c)
Jan 21 09:00:20 localhost pluto[2326]: using /dev/urandom as source of
random entropy
Jan 21 09:00:20 localhost pluto[2326]: ike_alg_register_enc():
Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
Jan 21 09:00:20 localhost pluto[2326]: ike_alg_register_enc():
Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
Jan 21 09:00:20 localhost pluto[2326]: ike_alg_register_enc():
Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
Jan 21 09:00:20 localhost pluto[2326]: ike_alg_register_enc():
Activating OAKLEY_AES_CBC: Ok (ret=0)
Jan 21 09:00:20 localhost pluto[2326]: ike_alg_register_enc():
Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
Jan 21 09:00:20 localhost pluto[2326]: ike_alg_register_hash():
Activating OAKLEY_SHA2_512: Ok (ret=0)
Jan 21 09:00:20 localhost pluto[2326]: ike_alg_register_hash():
Activating OAKLEY_SHA2_256: Ok (ret=0)
Jan 21 09:00:20 localhost pluto[2326]: starting up 1 cryptographic helpers
Jan 21 09:00:20 localhost pluto[2342]: using /dev/urandom as source of
random entropy
Jan 21 09:00:20 localhost pluto[2326]: started helper pid=2342 (fd:7)
Jan 21 09:00:20 localhost pluto[2326]: Using Linux 2.6 IPsec interface
code on 2.6.27.5-41.fc9.i686 (experimental code)
Jan 21 09:00:21 localhost pluto[2326]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 21 09:00:21 localhost pluto[2326]: ike_alg_register_enc():
Activating <NULL>: Ok (ret=0)
Jan 21 09:00:21 localhost pluto[2326]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 21 09:00:21 localhost pluto[2326]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 21 09:00:21 localhost pluto[2326]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 21 09:00:21 localhost pluto[2326]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 21 09:00:21 localhost pluto[2326]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 21 09:00:21 localhost pluto[2326]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 21 09:00:21 localhost pluto[2326]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 21 09:00:21 localhost pluto[2326]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 21 09:00:21 localhost pluto[2326]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 21 09:00:21 localhost pluto[2326]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 21 09:00:21 localhost pluto[2326]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 21 09:00:21 localhost pluto[2326]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 21 09:00:21 localhost pluto[2326]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 21 09:00:21 localhost pluto[2326]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 21 09:00:21 localhost pluto[2326]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 21 09:00:21 localhost pluto[2326]: Could not change to directory
'/etc/ipsec.d/cacerts': /
Jan 21 09:00:21 localhost pluto[2326]: Could not change to directory
'/etc/ipsec.d/aacerts': /
Jan 21 09:00:21 localhost pluto[2326]: Could not change to directory
'/etc/ipsec.d/ocspcerts': /
Jan 21 09:00:21 localhost pluto[2326]: Could not change to directory
'/etc/ipsec.d/crls'
Jan 21 09:00:21 localhost pluto[2326]: Changing back to directory '/'
failed - (2 No such file or directory)
Jan 21 09:00:21 localhost pluto[2326]: Changing back to directory '/'
failed - (2 No such file or directory)
Jan 21 09:00:21 localhost pluto[2326]: added connection description "vo"
Jan 21 09:00:21 localhost pluto[2326]: added connection description "vodmz"
Jan 21 09:06:20 localhost pluto[2326]: shutting down
Jan 21 09:06:20 localhost pluto[2326]: "vodmz": deleting connection
Jan 21 09:06:20 localhost pluto[2326]: "vo": deleting connection
Jan 21 09:06:22 localhost pluto[3784]: Starting Pluto (Openswan Version
2.6.14; Vendor ID OEoSJUweaqAX) pid:3784
Jan 21 09:06:22 localhost pluto[3784]: Setting NAT-Traversal port-4500
floating to on
Jan 21 09:06:22 localhost pluto[3784]: port floating activation
criteria nat_t=1/port_float=1
Jan 21 09:06:22 localhost pluto[3784]: including NAT-Traversal patch
(Version 0.6c)
Jan 21 09:06:22 localhost pluto[3784]: using /dev/urandom as source of
random entropy
Jan 21 09:06:22 localhost pluto[3784]: ike_alg_register_enc():
Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
Jan 21 09:06:22 localhost pluto[3784]: ike_alg_register_enc():
Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
Jan 21 09:06:22 localhost pluto[3784]: ike_alg_register_enc():
Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
Jan 21 09:06:22 localhost pluto[3784]: ike_alg_register_enc():
Activating OAKLEY_AES_CBC: Ok (ret=0)
Jan 21 09:06:22 localhost pluto[3784]: ike_alg_register_enc():
Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
Jan 21 09:06:22 localhost pluto[3784]: ike_alg_register_hash():
Activating OAKLEY_SHA2_512: Ok (ret=0)
Jan 21 09:06:22 localhost pluto[3784]: ike_alg_register_hash():
Activating OAKLEY_SHA2_256: Ok (ret=0)
Jan 21 09:06:22 localhost pluto[3784]: starting up 1 cryptographic helpers
Jan 21 09:06:22 localhost pluto[3784]: started helper pid=3785 (fd:7)
Jan 21 09:06:22 localhost pluto[3784]: Using Linux 2.6 IPsec interface
code on 2.6.27.5-41.fc9.i686 (experimental code)
Jan 21 09:06:22 localhost pluto[3785]: using /dev/urandom as source of
random entropy
Jan 21 09:06:22 localhost pluto[3784]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 21 09:06:22 localhost pluto[3784]: ike_alg_register_enc():
Activating <NULL>: Ok (ret=0)
Jan 21 09:06:22 localhost pluto[3784]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 21 09:06:22 localhost pluto[3784]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 21 09:06:22 localhost pluto[3784]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 21 09:06:22 localhost pluto[3784]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 21 09:06:22 localhost pluto[3784]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 21 09:06:22 localhost pluto[3784]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 21 09:06:22 localhost pluto[3784]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 21 09:06:22 localhost pluto[3784]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 21 09:06:22 localhost pluto[3784]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 21 09:06:22 localhost pluto[3784]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 21 09:06:22 localhost pluto[3784]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 21 09:06:22 localhost pluto[3784]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 21 09:06:22 localhost pluto[3784]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 21 09:06:22 localhost pluto[3784]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 21 09:06:22 localhost pluto[3784]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 21 09:06:22 localhost pluto[3784]: Could not change to directory
'/etc/ipsec.d/cacerts': /home/jingluo
Jan 21 09:06:22 localhost pluto[3784]: Could not change to directory
'/etc/ipsec.d/aacerts': /home/jingluo
Jan 21 09:06:22 localhost pluto[3784]: Could not change to directory
'/etc/ipsec.d/ocspcerts': /home/jingluo
Jan 21 09:06:22 localhost pluto[3784]: Could not change to directory
'/etc/ipsec.d/crls'
Jan 21 09:06:22 localhost pluto[3784]: added connection description "vo"
Jan 21 09:06:22 localhost pluto[3784]: added connection description "vodmz"
Jan 21 09:08:35 localhost pluto[3784]: loading secrets from
"/etc/ipsec.secrets"
Jan 21 09:08:35 localhost pluto[3784]: loading secrets from
"/etc/ipsec.d/ipsec.secrets"
Jan 21 09:08:44 localhost pluto[3784]: "vo": deleting connection
Jan 21 09:08:44 localhost pluto[3784]: added connection description "vo"
Jan 21 09:08:52 localhost pluto[3784]: "vodmz": deleting connection
Jan 21 09:08:52 localhost pluto[3784]: added connection description "vodmz"
Jan 21 09:09:04 localhost pluto[3784]: forgetting secrets
Jan 21 09:09:04 localhost pluto[3784]: loading secrets from
"/etc/ipsec.secrets"
Jan 21 09:09:04 localhost pluto[3784]: loading secrets from
"/etc/ipsec.d/ipsec.secrets"
Jan 21 09:09:08 localhost pluto[3784]: shutting down
Jan 21 09:09:08 localhost pluto[3784]: forgetting secrets
Jan 21 09:09:08 localhost pluto[3784]: "vodmz": deleting connection
Jan 21 09:09:08 localhost pluto[3784]: "vo": deleting connection
Jan 21 09:09:10 localhost pluto[4268]: Starting Pluto (Openswan Version
2.6.14; Vendor ID OEoSJUweaqAX) pid:4268
Jan 21 09:09:10 localhost pluto[4268]: Setting NAT-Traversal port-4500
floating to on
Jan 21 09:09:10 localhost pluto[4268]: port floating activation
criteria nat_t=1/port_float=1
Jan 21 09:09:10 localhost pluto[4268]: including NAT-Traversal patch
(Version 0.6c)
Jan 21 09:09:10 localhost pluto[4268]: using /dev/urandom as source of
random entropy
Jan 21 09:09:10 localhost pluto[4268]: ike_alg_register_enc():
Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
Jan 21 09:09:10 localhost pluto[4268]: ike_alg_register_enc():
Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
Jan 21 09:09:10 localhost pluto[4268]: ike_alg_register_enc():
Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
Jan 21 09:09:10 localhost pluto[4268]: ike_alg_register_enc():
Activating OAKLEY_AES_CBC: Ok (ret=0)
Jan 21 09:09:10 localhost pluto[4268]: ike_alg_register_enc():
Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
Jan 21 09:09:10 localhost pluto[4268]: ike_alg_register_hash():
Activating OAKLEY_SHA2_512: Ok (ret=0)
Jan 21 09:09:10 localhost pluto[4268]: ike_alg_register_hash():
Activating OAKLEY_SHA2_256: Ok (ret=0)
Jan 21 09:09:10 localhost pluto[4268]: starting up 1 cryptographic helpers
Jan 21 09:09:10 localhost pluto[4268]: started helper pid=4271 (fd:7)
Jan 21 09:09:10 localhost pluto[4268]: Using Linux 2.6 IPsec interface
code on 2.6.27.5-41.fc9.i686 (experimental code)
Jan 21 09:09:10 localhost pluto[4271]: using /dev/urandom as source of
random entropy
Jan 21 09:09:10 localhost pluto[4268]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 21 09:09:10 localhost pluto[4268]: ike_alg_register_enc():
Activating <NULL>: Ok (ret=0)
Jan 21 09:09:10 localhost pluto[4268]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 21 09:09:10 localhost pluto[4268]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 21 09:09:10 localhost pluto[4268]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 21 09:09:10 localhost pluto[4268]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 21 09:09:10 localhost pluto[4268]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 21 09:09:10 localhost pluto[4268]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 21 09:09:10 localhost pluto[4268]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 21 09:09:10 localhost pluto[4268]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 21 09:09:10 localhost pluto[4268]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 21 09:09:10 localhost pluto[4268]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 21 09:09:10 localhost pluto[4268]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 21 09:09:10 localhost pluto[4268]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 21 09:09:10 localhost pluto[4268]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 21 09:09:10 localhost pluto[4268]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 21 09:09:10 localhost pluto[4268]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 21 09:09:10 localhost pluto[4268]: Could not change to directory
'/etc/ipsec.d/cacerts': /home/jingluo
Jan 21 09:09:10 localhost pluto[4268]: Could not change to directory
'/etc/ipsec.d/aacerts': /home/jingluo
Jan 21 09:09:10 localhost pluto[4268]: Could not change to directory
'/etc/ipsec.d/ocspcerts': /home/jingluo
Jan 21 09:09:10 localhost pluto[4268]: Could not change to directory
'/etc/ipsec.d/crls'
Jan 21 09:09:10 localhost pluto[4268]: added connection description "vo"
Jan 21 09:09:10 localhost pluto[4268]: added connection description "vodmz"
Jan 21 09:09:57 localhost pluto[4268]: shutting down
Jan 21 09:09:57 localhost pluto[4268]: "vodmz": deleting connection
Jan 21 09:09:57 localhost pluto[4268]: "vo": deleting connection
Jan 21 09:10:00 localhost pluto[4647]: Starting Pluto (Openswan Version
2.6.14; Vendor ID OEoSJUweaqAX) pid:4647
Jan 21 09:10:00 localhost pluto[4647]: Setting NAT-Traversal port-4500
floating to on
Jan 21 09:10:00 localhost pluto[4647]: port floating activation
criteria nat_t=1/port_float=1
Jan 21 09:10:00 localhost pluto[4647]: including NAT-Traversal patch
(Version 0.6c)
Jan 21 09:10:00 localhost pluto[4647]: using /dev/urandom as source of
random entropy
Jan 21 09:10:00 localhost pluto[4647]: ike_alg_register_enc():
Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
Jan 21 09:10:00 localhost pluto[4647]: ike_alg_register_enc():
Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
Jan 21 09:10:00 localhost pluto[4647]: ike_alg_register_enc():
Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
Jan 21 09:10:00 localhost pluto[4647]: ike_alg_register_enc():
Activating OAKLEY_AES_CBC: Ok (ret=0)
Jan 21 09:10:00 localhost pluto[4647]: ike_alg_register_enc():
Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
Jan 21 09:10:00 localhost pluto[4647]: ike_alg_register_hash():
Activating OAKLEY_SHA2_512: Ok (ret=0)
Jan 21 09:10:00 localhost pluto[4647]: ike_alg_register_hash():
Activating OAKLEY_SHA2_256: Ok (ret=0)
Jan 21 09:10:00 localhost pluto[4647]: starting up 1 cryptographic helpers
Jan 21 09:10:00 localhost pluto[4647]: started helper pid=4648 (fd:7)
Jan 21 09:10:00 localhost pluto[4647]: Using Linux 2.6 IPsec interface
code on 2.6.27.5-41.fc9.i686 (experimental code)
Jan 21 09:10:00 localhost pluto[4648]: using /dev/urandom as source of
random entropy
Jan 21 09:10:00 localhost pluto[4647]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 21 09:10:00 localhost pluto[4647]: ike_alg_register_enc():
Activating <NULL>: Ok (ret=0)
Jan 21 09:10:00 localhost pluto[4647]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 21 09:10:00 localhost pluto[4647]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 21 09:10:00 localhost pluto[4647]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 21 09:10:00 localhost pluto[4647]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 21 09:10:00 localhost pluto[4647]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 21 09:10:00 localhost pluto[4647]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 21 09:10:00 localhost pluto[4647]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 21 09:10:00 localhost pluto[4647]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 21 09:10:00 localhost pluto[4647]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 21 09:10:00 localhost pluto[4647]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 21 09:10:00 localhost pluto[4647]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 21 09:10:00 localhost pluto[4647]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 21 09:10:00 localhost pluto[4647]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 21 09:10:00 localhost pluto[4647]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 21 09:10:00 localhost pluto[4647]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 21 09:10:00 localhost pluto[4647]: Could not change to directory
'/etc/ipsec.d/cacerts': /home/jingluo
Jan 21 09:10:00 localhost pluto[4647]: Could not change to directory
'/etc/ipsec.d/aacerts': /home/jingluo
Jan 21 09:10:00 localhost pluto[4647]: Could not change to directory
'/etc/ipsec.d/ocspcerts': /home/jingluo
Jan 21 09:10:00 localhost pluto[4647]: Could not change to directory
'/etc/ipsec.d/crls'
Jan 21 09:10:00 localhost pluto[4647]: added connection description "vo"
Jan 21 09:10:00 localhost pluto[4647]: added connection description "vodmz"
+ _________________________ date
+ date
Wed Jan 21 09:12:55 EST 2009
-------------- next part --------------
An embedded message was scrubbed...
From: Jing Luo <jing.luo at steeprockinc.com>
Subject: barf
Date: Wed, 21 Jan 2009 09:13:41 -0500 (EST)
Size: 84013
Url: http://lists.openswan.org/pipermail/users/attachments/20090122/3b68dde3/attachment-0001.eml
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
Url : http://lists.openswan.org/pipermail/users/attachments/20090122/3b68dde3/attachment-0001.bin
More information about the Users
mailing list