[Openswan Users] OpenSWAN to SonicWALL problems
Peter McGill
petermcgill at goco.net
Fri Jan 23 10:41:36 EST 2009
Chris,
It appears that you still have opportunistic encryption on.
> + ipsec verify
> Opportunistic Encryption DNS checks:
> Looking for TXT in forward dns zone: localhost.localdomain [MISSING]
> Does the machine have at least one non-private address? [FAILED]
I don't see anywhere that you've turned opportunistic encryption off.
ipsec.conf:
config setup
oe=off # Openswan 2.6.x only
or
include /etc/ipsec.d/examples/no_oe.conf
Peter
Chris Garrigues wrote:
> Hi folks.
>
> We have a SonicWALL NSA 4500 and I've been setting up our Linux based
> users up using OpenSWAN. The Linux uses are running various versions of
> Linux and OpenSWAN. Most are working fine, but I've attached a barf
> file from one who isn't. I can't figure this one out and any assistance
> would be much appreciated.
>
> Chris
>
>
> localhost.localdomain
> Wed Jan 21 09:12:34 EST 2009
> + _________________________ version
> + ipsec --version
> Linux Openswan U2.6.14/K2.6.27.5-41.fc9.i686 (netkey)
> See `ipsec --copyright' for copyright information.
> + _________________________ /proc/version
> + cat /proc/version
> Linux version 2.6.27.5-41.fc9.i686 (mockbuild@) (gcc version 4.3.0
> 20080428 (Red Hat 4.3.0-8) (GCC) ) #1 SMP Thu Nov 13 20:52:14 EST 2008
> + _________________________ /proc/net/ipsec_eroute
> + test -r /proc/net/ipsec_eroute
> + _________________________ netstat-rn
> + netstat -nr
> + head -n 100
> Kernel IP routing table
> Destination Gateway Genmask Flags MSS Window irtt
> Iface
> 192.168.15.0 0.0.0.0 255.255.255.0 U 0 0 0
> eth0
> 0.0.0.0 192.168.15.1 0.0.0.0 UG 0 0 0
> eth0
> + _________________________ /proc/net/ipsec_spi
> + test -r /proc/net/ipsec_spi
> + _________________________ /proc/net/ipsec_spigrp
> + test -r /proc/net/ipsec_spigrp
> + _________________________ /proc/net/ipsec_tncfg
> + test -r /proc/net/ipsec_tncfg
> + _________________________ /proc/net/pfkey
> + test -r /proc/net/pfkey
> + cat /proc/net/pfkey
> sk RefCnt Rmem Wmem User Inode
> + _________________________ ip-xfrm-state
> + ip xfrm state
> + _________________________ ip-xfrm-policy
> + ip xfrm policy
> + _________________________ /proc/crypto
> + test -r /proc/crypto
> + cat /proc/crypto
> name : deflate
> driver : deflate-generic
> module : deflate
> priority : 0
> refcnt : 1
> type : compression
>
> name : rfc3686(ctr(aes))
> driver : rfc3686(ctr(aes-asm))
> module : ctr
> priority : 200
> refcnt : 1
> type : blkcipher
> blocksize : 1
> min keysize : 20
> max keysize : 36
> ivsize : 8
> geniv : seqiv
>
> name : ctr(aes)
> driver : ctr(aes-asm)
> module : ctr
> priority : 200
> refcnt : 1
> type : blkcipher
> blocksize : 1
> min keysize : 16
> max keysize : 32
> ivsize : 16
> geniv : <default>
>
> name : cbc(twofish)
> driver : cbc(twofish-generic)
> module : cbc
> priority : 100
> refcnt : 1
> type : blkcipher
> blocksize : 16
> min keysize : 16
> max keysize : 32
> ivsize : 16
> geniv : <default>
>
> name : cbc(camellia)
> driver : cbc(camellia-generic)
> module : cbc
> priority : 100
> refcnt : 1
> type : blkcipher
> blocksize : 16
> min keysize : 16
> max keysize : 32
> ivsize : 16
> geniv : <default>
>
> name : camellia
> driver : camellia-generic
> module : camellia
> priority : 100
> refcnt : 1
> type : cipher
> blocksize : 16
> min keysize : 16
> max keysize : 32
>
> name : cbc(serpent)
> driver : cbc(serpent-generic)
> module : cbc
> priority : 0
> refcnt : 1
> type : blkcipher
> blocksize : 16
> min keysize : 0
> max keysize : 32
> ivsize : 16
> geniv : <default>
>
> name : cbc(aes)
> driver : cbc(aes-asm)
> module : cbc
> priority : 200
> refcnt : 1
> type : blkcipher
> blocksize : 16
> min keysize : 16
> max keysize : 32
> ivsize : 16
> geniv : <default>
>
> name : cbc(blowfish)
> driver : cbc(blowfish-generic)
> module : cbc
> priority : 0
> refcnt : 1
> type : blkcipher
> blocksize : 8
> min keysize : 4
> max keysize : 56
> ivsize : 8
> geniv : <default>
>
> name : cbc(des3_ede)
> driver : cbc(des3_ede-generic)
> module : cbc
> priority : 0
> refcnt : 1
> type : blkcipher
> blocksize : 8
> min keysize : 24
> max keysize : 24
> ivsize : 8
> geniv : <default>
>
> name : cbc(des)
> driver : cbc(des-generic)
> module : cbc
> priority : 0
> refcnt : 1
> type : blkcipher
> blocksize : 8
> min keysize : 8
> max keysize : 8
> ivsize : 8
> geniv : <default>
>
> name : xcbc(aes)
> driver : xcbc(aes-asm)
> module : xcbc
> priority : 200
> refcnt : 1
> type : hash
> blocksize : 16
> digestsize : 16
>
> name : hmac(rmd160)
> driver : hmac(rmd160)
> module : kernel
> priority : 0
> refcnt : 1
> type : hash
> blocksize : 64
> digestsize : 20
>
> name : rmd160
> driver : rmd160
> module : rmd160
> priority : 0
> refcnt : 1
> type : digest
> blocksize : 64
> digestsize : 20
>
> name : hmac(sha256)
> driver : hmac(sha256-generic)
> module : kernel
> priority : 0
> refcnt : 1
> type : hash
> blocksize : 64
> digestsize : 32
>
> name : hmac(sha1)
> driver : hmac(sha1-generic)
> module : kernel
> priority : 0
> refcnt : 1
> type : hash
> blocksize : 64
> digestsize : 20
>
> name : hmac(md5)
> driver : hmac(md5-generic)
> module : kernel
> priority : 0
> refcnt : 1
> type : hash
> blocksize : 64
> digestsize : 16
>
> name : compress_null
> driver : compress_null-generic
> module : crypto_null
> priority : 0
> refcnt : 1
> type : compression
>
> name : digest_null
> driver : digest_null-generic
> module : crypto_null
> priority : 0
> refcnt : 1
> type : digest
> blocksize : 1
> digestsize : 0
>
> name : ecb(cipher_null)
> driver : ecb-cipher_null
> module : crypto_null
> priority : 100
> refcnt : 1
> type : blkcipher
> blocksize : 1
> min keysize : 0
> max keysize : 0
> ivsize : 0
> geniv : <default>
>
> name : cipher_null
> driver : cipher_null-generic
> module : crypto_null
> priority : 0
> refcnt : 1
> type : cipher
> blocksize : 1
> min keysize : 0
> max keysize : 0
>
> name : tnepres
> driver : tnepres-generic
> module : serpent
> priority : 0
> refcnt : 1
> type : cipher
> blocksize : 16
> min keysize : 0
> max keysize : 32
>
> name : serpent
> driver : serpent-generic
> module : serpent
> priority : 0
> refcnt : 1
> type : cipher
> blocksize : 16
> min keysize : 0
> max keysize : 32
>
> name : blowfish
> driver : blowfish-generic
> module : blowfish
> priority : 0
> refcnt : 1
> type : cipher
> blocksize : 8
> min keysize : 4
> max keysize : 56
>
> name : twofish
> driver : twofish-generic
> module : twofish
> priority : 100
> refcnt : 1
> type : cipher
> blocksize : 16
> min keysize : 16
> max keysize : 32
>
> name : sha256
> driver : sha256-generic
> module : sha256_generic
> priority : 0
> refcnt : 1
> type : digest
> blocksize : 64
> digestsize : 32
>
> name : sha224
> driver : sha224-generic
> module : sha256_generic
> priority : 0
> refcnt : 1
> type : digest
> blocksize : 64
> digestsize : 28
>
> name : sha512
> driver : sha512-generic
> module : sha512_generic
> priority : 0
> refcnt : 1
> type : digest
> blocksize : 128
> digestsize : 64
>
> name : sha384
> driver : sha384-generic
> module : sha512_generic
> priority : 0
> refcnt : 1
> type : digest
> blocksize : 128
> digestsize : 48
>
> name : des3_ede
> driver : des3_ede-generic
> module : des_generic
> priority : 0
> refcnt : 1
> type : cipher
> blocksize : 8
> min keysize : 24
> max keysize : 24
>
> name : des
> driver : des-generic
> module : des_generic
> priority : 0
> refcnt : 1
> type : cipher
> blocksize : 8
> min keysize : 8
> max keysize : 8
>
> name : aes
> driver : aes-asm
> module : aes_i586
> priority : 200
> refcnt : 1
> type : cipher
> blocksize : 16
> min keysize : 16
> max keysize : 32
>
> name : aes
> driver : aes-generic
> module : aes_generic
> priority : 100
> refcnt : 1
> type : cipher
> blocksize : 16
> min keysize : 16
> max keysize : 32
>
> name : sha1
> driver : sha1-generic
> module : kernel
> priority : 0
> refcnt : 1
> type : digest
> blocksize : 64
> digestsize : 20
>
> name : md5
> driver : md5-generic
> module : kernel
> priority : 0
> refcnt : 1
> type : digest
> blocksize : 64
> digestsize : 16
>
> + __________________________/proc/sys/net/core/xfrm-star
> /usr/libexec/ipsec/barf: line 191:
> __________________________/proc/sys/net/core/xfrm-star: No such file or
> directory
> + for i in '/proc/sys/net/core/xfrm_*'
> + echo -n '/proc/sys/net/core/xfrm_acq_expires: '
> /proc/sys/net/core/xfrm_acq_expires: + cat
> /proc/sys/net/core/xfrm_acq_expires
> 30
> + for i in '/proc/sys/net/core/xfrm_*'
> + echo -n '/proc/sys/net/core/xfrm_aevent_etime: '
> /proc/sys/net/core/xfrm_aevent_etime: + cat
> /proc/sys/net/core/xfrm_aevent_etime
> 10
> + for i in '/proc/sys/net/core/xfrm_*'
> + echo -n '/proc/sys/net/core/xfrm_aevent_rseqth: '
> /proc/sys/net/core/xfrm_aevent_rseqth: + cat
> /proc/sys/net/core/xfrm_aevent_rseqth
> 2
> + for i in '/proc/sys/net/core/xfrm_*'
> + echo -n '/proc/sys/net/core/xfrm_larval_drop: '
> /proc/sys/net/core/xfrm_larval_drop: + cat
> /proc/sys/net/core/xfrm_larval_drop
> 0
> + _________________________ /proc/sys/net/ipsec-star
> + test -d /proc/sys/net/ipsec
> + _________________________ ipsec/status
> + ipsec auto --status
> 000 using kernel interface: netkey
> 000 %myid = (none)
> 000 debug none
> 000
> 000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64,
> keysizemax=64
> 000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192,
> keysizemax=192
> 000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8,
> keysizemin=40, keysizemax=448
> 000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0,
> keysizemax=0
> 000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128,
> keysizemax=256
> 000 algorithm ESP encrypt: id=13, name=ESP_AES_CTR, ivlen=8,
> keysizemin=128, keysizemax=256
> 000 algorithm ESP encrypt: id=14, name=ESP_AES_CCM_A, ivlen=8,
> keysizemin=128, keysizemax=256
> 000 algorithm ESP encrypt: id=15, name=ESP_AES_CCM_B, ivlen=8,
> keysizemin=128, keysizemax=256
> 000 algorithm ESP encrypt: id=16, name=ESP_AES_CCM_C, ivlen=8,
> keysizemin=128, keysizemax=256
> 000 algorithm ESP encrypt: id=18, name=ESP_AES_GCM_A, ivlen=8,
> keysizemin=128, keysizemax=256
> 000 algorithm ESP encrypt: id=19, name=ESP_AES_GCM_B, ivlen=8,
> keysizemin=128, keysizemax=256
> 000 algorithm ESP encrypt: id=20, name=ESP_AES_GCM_C, ivlen=8,
> keysizemin=128, keysizemax=256
> 000 algorithm ESP encrypt: id=22, name=ESP_CAMELLIA, ivlen=8,
> keysizemin=128, keysizemax=256
> 000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8,
> keysizemin=128, keysizemax=256
> 000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8,
> keysizemin=128, keysizemax=256
> 000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5,
> keysizemin=128, keysizemax=128
> 000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1,
> keysizemin=160, keysizemax=160
> 000 algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256,
> keysizemin=256, keysizemax=256
> 000 algorithm ESP auth attr: id=8, name=AUTH_ALGORITHM_HMAC_RIPEMD,
> keysizemin=160, keysizemax=160
> 000 algorithm ESP auth attr: id=9, name=AUTH_ALGORITHM_AES_CBC,
> keysizemin=128, keysizemax=128
> 000 algorithm ESP auth attr: id=251, name=(null), keysizemin=0, keysizemax=0
> 000
> 000 algorithm IKE encrypt: id=0, name=(null), blocksize=16, keydeflen=131
> 000 algorithm IKE encrypt: id=3, name=OAKLEY_BLOWFISH_CBC, blocksize=8,
> keydeflen=128
> 000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8,
> keydeflen=192
> 000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16,
> keydeflen=128
> 000 algorithm IKE encrypt: id=65004, name=OAKLEY_SERPENT_CBC,
> blocksize=16, keydeflen=128
> 000 algorithm IKE encrypt: id=65005, name=OAKLEY_TWOFISH_CBC,
> blocksize=16, keydeflen=128
> 000 algorithm IKE encrypt: id=65289, name=OAKLEY_TWOFISH_CBC_SSH,
> blocksize=16, keydeflen=128
> 000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
> 000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20
> 000 algorithm IKE hash: id=4, name=OAKLEY_SHA2_256, hashsize=32
> 000 algorithm IKE hash: id=6, name=OAKLEY_SHA2_512, hashsize=64
> 000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
> 000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
> 000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
> 000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
> 000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
> 000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
> 000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
> 000
> 000 stats db_ops: {curr_cnt, total_cnt, maxsz} :context={0,0,0}
> trans={0,0,0} attrs={0,0,0}
> 000
> 000 "vo":
> 192.168.10.0/24===67.220.126.196<67.220.126.196>[@vo,+S=C]...0.0.0.0---%any[@jingluo,+S=C]===192.168.200.56/32;
> unrouted; eroute owner: #0
> 000 "vo": myip=unset; hisip=192.168.200.56;
> 000 "vo": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s;
> rekey_fuzz: 100%; keyingtries: 0
> 000 "vo": policy: PSK+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW+lKOD+rKOD; prio:
> 24,32; interface: ;
> 000 "vo": newest ISAKMP SA: #0; newest IPsec SA: #0;
> 000 "vo": IKE algorithms wanted: AES_CBC(7)_256-SHA1(2)-MODP1536(5),
> AES_CBC(7)_256-SHA1(2)-MODP1024(2); flags=-strict
> 000 "vo": IKE algorithms found: AES_CBC(7)_256-SHA1(2)_160-5,
> AES_CBC(7)_256-SHA1(2)_160-2,
> 000 "vo": ESP algorithms wanted: AES(12)_256-SHA1(2); flags=-strict
> 000 "vo": ESP algorithms loaded: AES(12)_256-SHA1(2)_160
> 000 "vodmz":
> 192.168.8.0/24===67.220.126.196<67.220.126.196>[@vo,+S=C]...0.0.0.0---%any[@jingluo,+S=C]===192.168.200.56/32;
> unrouted; eroute owner: #0
> 000 "vodmz": myip=unset; hisip=192.168.200.56;
> 000 "vodmz": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s;
> rekey_fuzz: 100%; keyingtries: 0
> 000 "vodmz": policy: PSK+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW+lKOD+rKOD;
> prio: 24,32; interface: ;
> 000 "vodmz": newest ISAKMP SA: #0; newest IPsec SA: #0;
> 000 "vodmz": IKE algorithms wanted:
> AES_CBC(7)_256-SHA1(2)-MODP1536(5), AES_CBC(7)_256-SHA1(2)-MODP1024(2);
> flags=-strict
> 000 "vodmz": IKE algorithms found: AES_CBC(7)_256-SHA1(2)_160-5,
> AES_CBC(7)_256-SHA1(2)_160-2,
> 000 "vodmz": ESP algorithms wanted: AES(12)_256-SHA1(2); flags=-strict
> 000 "vodmz": ESP algorithms loaded: AES(12)_256-SHA1(2)_160
> 000
> 000
> + _________________________ ifconfig-a
> + ifconfig -a
> eth0 Link encap:Ethernet HWaddr 00:1A:A0:49:D6:F0
> inet addr:192.168.15.3 Bcast:192.168.15.255 Mask:255.255.255.0
> inet6 addr: fe80::21a:a0ff:fe49:d6f0/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:280 errors:0 dropped:0 overruns:0 frame:0
> TX packets:293 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:232070 (226.6 KiB) TX bytes:59972 (58.5 KiB)
> Interrupt:16
>
> lo Link encap:Local Loopback
> inet addr:127.0.0.1 Mask:255.0.0.0
> inet6 addr: ::1/128 Scope:Host
> UP LOOPBACK RUNNING MTU:16436 Metric:1
> RX packets:7774 errors:0 dropped:0 overruns:0 frame:0
> TX packets:7774 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:388860 (379.7 KiB) TX bytes:388860 (379.7 KiB)
>
> pan0 Link encap:Ethernet HWaddr 42:44:14:66:91:88
> BROADCAST MULTICAST MTU:1500 Metric:1
> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
>
> + _________________________ ip-addr-list
> + ip addr list
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> inet 127.0.0.1/8 scope host lo
> inet6 ::1/128 scope host
> valid_lft forever preferred_lft forever
> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
> state UP qlen 1000
> link/ether 00:1a:a0:49:d6:f0 brd ff:ff:ff:ff:ff:ff
> inet 192.168.15.3/24 brd 192.168.15.255 scope global eth0
> inet6 fe80::21a:a0ff:fe49:d6f0/64 scope link
> valid_lft forever preferred_lft forever
> 3: pan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN
> link/ether 42:44:14:66:91:88 brd ff:ff:ff:ff:ff:ff
> + _________________________ ip-route-list
> + ip route list
> 192.168.15.0/24 dev eth0 proto kernel scope link src 192.168.15.3
> default via 192.168.15.1 dev eth0 proto static
> + _________________________ ip-rule-list
> + ip rule list
> 0: from all lookup local
> 32766: from all lookup main
> 32767: from all lookup default
> + _________________________ ipsec_verify
> + ipsec verify --nocolour
> Checking your system to see if IPsec got installed and started correctly:
> Version check and ipsec on-path [OK]
> Linux Openswan U2.6.14/K2.6.27.5-41.fc9.i686 (netkey)
> Checking for IPsec support in kernel [OK]
> NETKEY detected, testing for disabled ICMP send_redirects [FAILED]
>
> Please disable /proc/sys/net/ipv4/conf/*/send_redirects
> or NETKEY will cause the sending of bogus ICMP redirects!
>
> NETKEY detected, testing for disabled ICMP accept_redirects [FAILED]
>
> Please disable /proc/sys/net/ipv4/conf/*/accept_redirects
> or NETKEY will accept bogus ICMP redirects!
>
> Checking for RSA private key (/etc/ipsec.secrets) [OK]
> Checking that pluto is running [OK]
> Pluto not listening on port udp 500. Check interfaces defintion in
> ipsec.conf.Two or more interfaces found, checking IP forwarding
> [FAILED]
> Checking for 'ip' command [OK]
> Checking for 'iptables' command [OK]
>
> Opportunistic Encryption DNS checks:
> Looking for TXT in forward dns zone: localhost.localdomain [MISSING]
> Does the machine have at least one non-private address? [FAILED]
> + _________________________ mii-tool
> + '[' -x /sbin/mii-tool ']'
> + /sbin/mii-tool -v
> eth0: negotiated 100baseTx-FD, link ok
> product info: vendor 00:50:ef, model 14 rev 0
> basic mode: autonegotiation enabled
> basic status: autonegotiation complete, link ok
> capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
> advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
> link partner: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
> + _________________________ ipsec/directory
> + ipsec --directory
> /usr/libexec/ipsec
> + _________________________ hostname/fqdn
> + hostname --fqdn
> localhost.localdomain
> + _________________________ hostname/ipaddress
> + hostname --ip-address
> 127.0.0.1
> + _________________________ uptime
> + uptime
> 09:12:55 up 13 min, 2 users, load average: 0.18, 0.27, 0.19
> + _________________________ ps
> + ps alxwf
> + egrep -i 'ppid|pluto|ipsec|klips'
> F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME COMMAND
> 4 0 4865 3471 20 0 5668 1136 wait S+ pts/1
> 0:00 \_ /bin/sh /usr/libexec/ipsec/barf
> 0 0 4984 4865 20 0 2044 504 pipe_w S+ pts/1
> 0:00 \_ egrep -i ppid|pluto|ipsec|klips
> 1 0 4642 1 20 0 2668 412 wait S pts/1 0:00
> /bin/sh /usr/libexec/ipsec/_plutorun --debug --uniqueids no
> --force_busy no --nocrsend no --strictcrlpolicy --nat_traversal yes
> --keep_alive --protostack netkey --force_keepalive
> --disable_port_floating --virtual_private --crlcheckinterval 0
> --ocspuri --nhelpers --dump --opts --stderrlog --wait no --pre
> --post --log daemon.error --plutorestartoncrash false --pid
> /var/run/pluto/pluto.pid
> 1 0 4646 4642 20 0 2668 544 wait S pts/1 0:00 \_
> /bin/sh /usr/libexec/ipsec/_plutorun --debug --uniqueids no
> --force_busy no --nocrsend no --strictcrlpolicy --nat_traversal yes
> --keep_alive --protostack netkey --force_keepalive
> --disable_port_floating --virtual_private --crlcheckinterval 0
> --ocspuri --nhelpers --dump --opts --stderrlog --wait no --pre
> --post --log daemon.error --plutorestartoncrash false --pid
> /var/run/pluto/pluto.pid
> 4 0 4647 4646 20 0 3260 1156 select S pts/1 0:00
> | \_ /usr/libexec/ipsec/pluto --nofork --secretsfile
> /etc/ipsec.secrets --use-netkey --nat_traversal
> 1 0 4648 4647 30 10 3268 580 unix_s SN pts/1 0:00
> | \_ pluto helper #
> 0
>
> 0 0 4685 4647 20 0 1756 296 select S pts/1 0:00
> | \_ _pluto_adns
> 4 0 4651 4642 20 0 2668 964 pipe_w S pts/1 0:00 \_
> /bin/sh /usr/libexec/ipsec/_plutoload --wait no --post
> 4 0 4643 1 20 0 1808 504 pipe_w S pts/1 0:00
> logger -s -p daemon.error -t ipsec__plutorun
> + _________________________ ipsec/showdefaults
> + ipsec showdefaults
> ipsec showdefaults: cannot find defaults file `/var/run/pluto/ipsec.info'
> + _________________________ ipsec/conf
> + ipsec _include /etc/ipsec.conf
> + ipsec _keycensor
>
> #< /etc/ipsec.conf 1
> # /etc/ipsec.conf - Openswan IPsec configuration file
> #
> # Manual: ipsec.conf.5
> #
> # Please place your own config files in /etc/ipsec.d/ ending in .conf
>
> version 2.0 # conforms to second version of ipsec.conf specification
>
> # basic configuration
> config setup
> # Debug-logging controls: "none" for (almost) none, "all" for lots.
> # klipsdebug=none
> # plutodebug="control parsing"
> # For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
> protostack=netkey
> nat_traversal=yes
>
>
> #< /etc/ipsec.d/ipsec.conf 1
> conn vo
> also=vocommon
> rightsubnet=192.168.10.0/24
> auto=start
>
> conn vodmz
> also=vocommon
> rightsubnet=192.168.8.0/24
> auto=start
>
> conn vocommon
> type=tunnel
> left=%defaultroute
> leftid=@jingluo
> leftsourceip=192.168.200.56
> leftsubnet=192.168.200.56/32
> rightid=@vo
> right=67.220.126.196
> keyingtries=0
> pfs=yes
> authby=secret
> auth=esp
> ike=aes256-sha1
> esp=aes256-sha1
> keyexchange=ike
>
>
> #> /etc/ipsec.conf 19
> + _________________________ ipsec/secrets
> + ipsec _include /etc/ipsec.secrets
> + ipsec _secretcensor
>
> #< /etc/ipsec.secrets 1
>
> #< /etc/ipsec.d/ipsec.secrets 1
> @jingluo @vo : PSK "[sums to 3db3...]"
>
> #> /etc/ipsec.secrets 2
> + _________________________ ipsec/listall
> + ipsec auto --listall
> 000
> 000 List of Public Keys:
> 000
> 000 List of Pre-shared secrets (from /etc/ipsec.secrets)
> + '[' /etc/ipsec.d/policies ']'
> + for policy in '$POLICIES/*'
> ++ basename /etc/ipsec.d/policies/block
> + base=block
> + _________________________ ipsec/policies/block
> + cat /etc/ipsec.d/policies/block
> # This file defines the set of CIDRs (network/mask-length) to which
> # communication should never be allowed.
> #
> # See /usr/share/doc/openswan/policygroups.html for details.
> #
> # $Id: block.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
> #
>
> + for policy in '$POLICIES/*'
> ++ basename /etc/ipsec.d/policies/clear
> + base=clear
> + _________________________ ipsec/policies/clear
> + cat /etc/ipsec.d/policies/clear
> # This file defines the set of CIDRs (network/mask-length) to which
> # communication should always be in the clear.
> #
> # See /usr/share/doc/openswan/policygroups.html for details.
> #
>
> # root name servers should be in the clear
> 192.58.128.30/32
> 198.41.0.4/32
> 192.228.79.201/32
> 192.33.4.12/32
> 128.8.10.90/32
> 192.203.230.10/32
> 192.5.5.241/32
> 192.112.36.4/32
> 128.63.2.53/32
> 192.36.148.17/32
> 193.0.14.129/32
> 199.7.83.42/32
> 202.12.27.33/32
> + for policy in '$POLICIES/*'
> ++ basename /etc/ipsec.d/policies/clear-or-private
> + base=clear-or-private
> + _________________________ ipsec/policies/clear-or-private
> + cat /etc/ipsec.d/policies/clear-or-private
> # This file defines the set of CIDRs (network/mask-length) to which
> # we will communicate in the clear, or, if the other side initiates IPSEC,
> # using encryption. This behaviour is also called "Opportunistic
> Responder".
> #
> # See /usr/share/doc/openswan/policygroups.html for details.
> #
> # $Id: clear-or-private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
> #
> + for policy in '$POLICIES/*'
> ++ basename /etc/ipsec.d/policies/private
> + base=private
> + _________________________ ipsec/policies/private
> + cat /etc/ipsec.d/policies/private
> # This file defines the set of CIDRs (network/mask-length) to which
> # communication should always be private (i.e. encrypted).
> # See /usr/share/doc/openswan/policygroups.html for details.
> #
> # $Id: private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
> #
> + for policy in '$POLICIES/*'
> ++ basename /etc/ipsec.d/policies/private-or-clear
> + base=private-or-clear
> + _________________________ ipsec/policies/private-or-clear
> + cat /etc/ipsec.d/policies/private-or-clear
> # This file defines the set of CIDRs (network/mask-length) to which
> # communication should be private, if possible, but in the clear otherwise.
> #
> # If the target has a TXT (later IPSECKEY) record that specifies
> # authentication material, we will require private (i.e. encrypted)
> # communications. If no such record is found, communications will be
> # in the clear.
> #
> # See /usr/share/doc/openswan/policygroups.html for details.
> #
> # $Id: private-or-clear.in,v 1.5 2003/02/17 02:22:15 mcr Exp $
> #
>
> 0.0.0.0/0
> + _________________________ ipsec/ls-libdir
> + ls -l /usr/libexec/ipsec
> total 2256
> -rwxr-xr-x 1 root root 6056 Jun 6 2008 _copyright
> -rwxr-xr-x 1 root root 2379 Jun 6 2008 _include
> -rwxr-xr-x 1 root root 1475 Jun 6 2008 _keycensor
> -rwxr-xr-x 1 root root 10088 Jun 6 2008 _pluto_adns
> -rwxr-xr-x 1 root root 2632 Jun 6 2008 _plutoload
> -rwxr-xr-x 1 root root 7602 Jun 6 2008 _plutorun
> -rwxr-xr-x 1 root root 13746 Jun 6 2008 _realsetup
> -rwxr-xr-x 1 root root 1975 Jun 6 2008 _secretcensor
> -rwxr-xr-x 1 root root 9752 Jun 6 2008 _startklips
> -rwxr-xr-x 1 root root 9752 Jun 6 2008 _startklips.old
> -rwxr-xr-x 1 root root 4988 Jun 6 2008 _startnetkey
> -rwxr-xr-x 1 root root 4949 Jun 6 2008 _updown
> -rwxr-xr-x 1 root root 14030 Jun 6 2008 _updown.klips
> -rwxr-xr-x 1 root root 14030 Jun 6 2008 _updown.klips.old
> -rwxr-xr-x 1 root root 13739 Jun 6 2008 _updown.mast
> -rwxr-xr-x 1 root root 13739 Jun 6 2008 _updown.mast.old
> -rwxr-xr-x 1 root root 8337 Jun 6 2008 _updown.netkey
> -rwxr-xr-x 1 root root 188348 Jun 6 2008 addconn
> -rwxr-xr-x 1 root root 6129 Jun 6 2008 auto
> -rwxr-xr-x 1 root root 10758 Jun 6 2008 barf
> -rwxr-xr-x 1 root root 90088 Jun 6 2008 eroute
> -rwxr-xr-x 1 root root 20708 Jun 6 2008 ikeping
> -rwxr-xr-x 1 root root 69804 Jun 6 2008 klipsdebug
> -rwxr-xr-x 1 root root 1836 Jun 6 2008 livetest
> -rwxr-xr-x 1 root root 2591 Jun 6 2008 look
> -rwxr-xr-x 1 root root 1921 Jun 6 2008 newhostkey
> -rwxr-xr-x 1 root root 60840 Jun 6 2008 pf_key
> -rwxr-xr-x 1 root root 957728 Jun 6 2008 pluto
> -rwxr-xr-x 1 root root 10236 Jun 6 2008 ranbits
> -rwxr-xr-x 1 root root 20176 Jun 6 2008 rsasigkey
> -rwxr-xr-x 1 root root 766 Jun 6 2008 secrets
> lrwxrwxrwx 1 root root 30 Jan 20 09:30 setup ->
> ../../../etc/rc.d/init.d/ipsec
> -rwxr-xr-x 1 root root 1054 Jun 6 2008 showdefaults
> -rwxr-xr-x 1 root root 219368 Jun 6 2008 showhostkey
> -rwxr-xr-x 1 root root 22744 Jun 6 2008 showpolicy
> -rwxr-xr-x 1 root root 148388 Jun 6 2008 spi
> -rwxr-xr-x 1 root root 77336 Jun 6 2008 spigrp
> -rwxr-xr-x 1 root root 69700 Jun 6 2008 tncfg
> -rwxr-xr-x 1 root root 12526 Jun 6 2008 verify
> -rwxr-xr-x 1 root root 50340 Jun 6 2008 whack
> + _________________________ ipsec/ls-execdir
> + ls -l /usr/libexec/ipsec
> total 2256
> -rwxr-xr-x 1 root root 6056 Jun 6 2008 _copyright
> -rwxr-xr-x 1 root root 2379 Jun 6 2008 _include
> -rwxr-xr-x 1 root root 1475 Jun 6 2008 _keycensor
> -rwxr-xr-x 1 root root 10088 Jun 6 2008 _pluto_adns
> -rwxr-xr-x 1 root root 2632 Jun 6 2008 _plutoload
> -rwxr-xr-x 1 root root 7602 Jun 6 2008 _plutorun
> -rwxr-xr-x 1 root root 13746 Jun 6 2008 _realsetup
> -rwxr-xr-x 1 root root 1975 Jun 6 2008 _secretcensor
> -rwxr-xr-x 1 root root 9752 Jun 6 2008 _startklips
> -rwxr-xr-x 1 root root 9752 Jun 6 2008 _startklips.old
> -rwxr-xr-x 1 root root 4988 Jun 6 2008 _startnetkey
> -rwxr-xr-x 1 root root 4949 Jun 6 2008 _updown
> -rwxr-xr-x 1 root root 14030 Jun 6 2008 _updown.klips
> -rwxr-xr-x 1 root root 14030 Jun 6 2008 _updown.klips.old
> -rwxr-xr-x 1 root root 13739 Jun 6 2008 _updown.mast
> -rwxr-xr-x 1 root root 13739 Jun 6 2008 _updown.mast.old
> -rwxr-xr-x 1 root root 8337 Jun 6 2008 _updown.netkey
> -rwxr-xr-x 1 root root 188348 Jun 6 2008 addconn
> -rwxr-xr-x 1 root root 6129 Jun 6 2008 auto
> -rwxr-xr-x 1 root root 10758 Jun 6 2008 barf
> -rwxr-xr-x 1 root root 90088 Jun 6 2008 eroute
> -rwxr-xr-x 1 root root 20708 Jun 6 2008 ikeping
> -rwxr-xr-x 1 root root 69804 Jun 6 2008 klipsdebug
> -rwxr-xr-x 1 root root 1836 Jun 6 2008 livetest
> -rwxr-xr-x 1 root root 2591 Jun 6 2008 look
> -rwxr-xr-x 1 root root 1921 Jun 6 2008 newhostkey
> -rwxr-xr-x 1 root root 60840 Jun 6 2008 pf_key
> -rwxr-xr-x 1 root root 957728 Jun 6 2008 pluto
> -rwxr-xr-x 1 root root 10236 Jun 6 2008 ranbits
> -rwxr-xr-x 1 root root 20176 Jun 6 2008 rsasigkey
> -rwxr-xr-x 1 root root 766 Jun 6 2008 secrets
> lrwxrwxrwx 1 root root 30 Jan 20 09:30 setup ->
> ../../../etc/rc.d/init.d/ipsec
> -rwxr-xr-x 1 root root 1054 Jun 6 2008 showdefaults
> -rwxr-xr-x 1 root root 219368 Jun 6 2008 showhostkey
> -rwxr-xr-x 1 root root 22744 Jun 6 2008 showpolicy
> -rwxr-xr-x 1 root root 148388 Jun 6 2008 spi
> -rwxr-xr-x 1 root root 77336 Jun 6 2008 spigrp
> -rwxr-xr-x 1 root root 69700 Jun 6 2008 tncfg
> -rwxr-xr-x 1 root root 12526 Jun 6 2008 verify
> -rwxr-xr-x 1 root root 50340 Jun 6 2008 whack
> + _________________________ /proc/net/dev
> + cat /proc/net/dev
> Inter-| Receive | Transmit
> face |bytes packets errs drop fifo frame compressed
> multicast|bytes packets errs drop fifo colls carrier compressed
> lo: 388860 7774 0 0 0 0 0 0
> 388860 7774 0 0 0 0 0 0
> eth0: 232513 283 0 0 0 0 0 0
> 60510 300 0 0 0 0 0 0
> pan0: 0 0 0 0 0 0 0 0
> 0 0 0 0 0 0 0 0
> + _________________________ /proc/net/route
> + cat /proc/net/route
> Iface Destination Gateway Flags RefCnt Use Metric
> Mask MTU Window
> IRTT
> eth0 000FA8C0 00000000 0001 0 0 0 00FFFFFF 0
> 0
> 0
>
> eth0 00000000 010FA8C0 0003 0 0 0 00000000 0
> 0
> 0
>
> + _________________________ /proc/sys/net/ipv4/ip_no_pmtu_disc
> + cat /proc/sys/net/ipv4/ip_no_pmtu_disc
> 0
> + _________________________ /proc/sys/net/ipv4/ip_forward
> + cat /proc/sys/net/ipv4/ip_forward
> 0
> + _________________________ /proc/sys/net/ipv4/tcp_ecn
> + cat /proc/sys/net/ipv4/tcp_ecn
> 0
> + _________________________ /proc/sys/net/ipv4/conf/star-rp_filter
> + cd /proc/sys/net/ipv4/conf
> + egrep '^' all/rp_filter default/rp_filter eth0/rp_filter lo/rp_filter
> pan0/rp_filter
> all/rp_filter:0
> default/rp_filter:1
> eth0/rp_filter:1
> lo/rp_filter:1
> pan0/rp_filter:1
> + _________________________ /proc/sys/net/ipv4/conf/star-star-redirects
> + cd /proc/sys/net/ipv4/conf
> + egrep '^' all/accept_redirects all/secure_redirects all/send_redirects
> default/accept_redirects default/secure_redirects default/send_redirects
> eth0/accept_redirects eth0/secure_redirects eth0/send_redirects
> lo/accept_redirects lo/secure_redirects lo/send_redirects
> pan0/accept_redirects pan0/secure_redirects pan0/send_redirects
> all/accept_redirects:1
> all/secure_redirects:1
> all/send_redirects:1
> default/accept_redirects:1
> default/secure_redirects:1
> default/send_redirects:1
> eth0/accept_redirects:1
> eth0/secure_redirects:1
> eth0/send_redirects:1
> lo/accept_redirects:1
> lo/secure_redirects:1
> lo/send_redirects:1
> pan0/accept_redirects:1
> pan0/secure_redirects:1
> pan0/send_redirects:1
> + _________________________ /proc/sys/net/ipv4/tcp_window_scaling
> + cat /proc/sys/net/ipv4/tcp_window_scaling
> 1
> + _________________________ /proc/sys/net/ipv4/tcp_adv_win_scale
> + cat /proc/sys/net/ipv4/tcp_adv_win_scale
> 2
> + _________________________ uname-a
> + uname -a
> Linux localhost.localdomain 2.6.27.5-41.fc9.i686 #1 SMP Thu Nov 13
> 20:52:14 EST 2008 i686 i686 i386 GNU/Linux
> + _________________________ config-built-with
> + test -r /proc/config_built_with
> + _________________________ distro-release
> + for distro in /etc/redhat-release /etc/debian-release
> /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release
> /etc/gentoo-release
> + test -f /etc/redhat-release
> + cat /etc/redhat-release
> Fedora release 9 (Sulphur)
> + for distro in /etc/redhat-release /etc/debian-release
> /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release
> /etc/gentoo-release
> + test -f /etc/debian-release
> + for distro in /etc/redhat-release /etc/debian-release
> /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release
> /etc/gentoo-release
> + test -f /etc/SuSE-release
> + for distro in /etc/redhat-release /etc/debian-release
> /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release
> /etc/gentoo-release
> + test -f /etc/mandrake-release
> + for distro in /etc/redhat-release /etc/debian-release
> /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release
> /etc/gentoo-release
> + test -f /etc/mandriva-release
> + for distro in /etc/redhat-release /etc/debian-release
> /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release
> /etc/gentoo-release
> + test -f /etc/gentoo-release
> + _________________________ /proc/net/ipsec_version
> + test -r /proc/net/ipsec_version
> + test -r /proc/net/pfkey
> ++ uname -r
> + echo 'NETKEY (2.6.27.5-41.fc9.i686) support detected '
> NETKEY (2.6.27.5-41.fc9.i686) support detected
> + _________________________ iptables
> + test -r /sbin/iptables
> + iptables -L -v -n
> + _________________________ iptables-nat
> + iptables -t nat -L -v -n
> + _________________________ iptables-mangle
> + iptables -t mangle -L -v -n
> + _________________________ /proc/modules
> + test -f /proc/modules
> + cat /proc/modules
> iptable_mangle 6656 0 - Live 0xfad5d000
> iptable_nat 8712 0 - Live 0xfad7a000
> nf_nat 17944 1 iptable_nat, Live 0xfad81000
> ipcomp6 6912 0 - Live 0xfacdb000
> ipcomp 6656 0 - Live 0xfac54000
> ah6 9216 0 - Live 0xfad76000
> ah4 8320 0 - Live 0xfacd3000
> esp6 9472 0 - Live 0xfaccf000
> esp4 9472 0 - Live 0xfaccb000
> xfrm4_mode_beet 6400 0 - Live 0xfacbc000
> xfrm4_tunnel 6272 0 - Live 0xfacb9000
> xfrm4_mode_tunnel 6272 0 - Live 0xfacb6000
> xfrm4_mode_transport 5760 0 - Live 0xfacb3000
> xfrm6_mode_transport 5760 0 - Live 0xfac86000
> xfrm6_mode_ro 5632 0 - Live 0xfac83000
> xfrm6_mode_beet 6144 0 - Live 0xfac80000
> xfrm6_mode_tunnel 6144 0 - Live 0xfac7d000
> af_key 30356 0 - Live 0xfac66000
> nls_utf8 5632 1 - Live 0xfad73000
> deflate 6528 0 - Live 0xfad60000
> zlib_deflate 21224 1 deflate, Live 0xfad6c000
> ctr 7936 0 - Live 0xfad34000
> camellia 22144 0 - Live 0xfad65000
> bridge 43668 0 - Live 0xfad47000
> stp 6148 1 bridge, Live 0xfad37000
> bnep 14848 2 - Live 0xfad2a000
> rfcomm 33936 4 - Live 0xfad53000
> rmd160 14720 0 - Live 0xfad2f000
> l2cap 21504 16 bnep,rfcomm, Live 0xfad18000
> bluetooth 48608 5 bnep,rfcomm,l2cap, Live 0xfad3a000
> crypto_null 6784 0 - Live 0xfad0f000
> ccm 11776 0 - Live 0xfad26000
> serpent 22912 0 - Live 0xfad1f000
> blowfish 12032 0 - Live 0xfacf7000
> twofish 10880 0 - Live 0xfad0b000
> twofish_common 17024 1 twofish, Live 0xfad12000
> ecb 6528 0 - Live 0xfad08000
> xcbc 8200 0 - Live 0xfad04000
> cbc 7168 0 - Live 0xfacfb000
> crypto_blkcipher 18052 5 ctr,crypto_null,ccm,ecb,cbc, Live 0xfacfe000
> sha256_generic 16128 0 - Live 0xfacee000
> sha512_generic 11904 0 - Live 0xfacf3000
> des_generic 20352 0 - Live 0xfacde000
> aes_i586 11648 0 - Live 0xfacbf000
> aes_generic 31144 1 aes_i586, Live 0xface5000
> xfrm_ipcomp 8584 2 ipcomp6,ipcomp, Live 0xfacd7000
> aead 9600 3 esp6,esp4,ccm, Live 0xfacc3000
> tunnel4 6792 1 xfrm4_tunnel, Live 0xfac51000
> xfrm6_tunnel 9860 1 ipcomp6, Live 0xfac62000
> tunnel6 6664 1 xfrm6_tunnel, Live 0xfac5f000
> fuse 49436 3 - Live 0xfac6f000
> sunrpc 155924 3 - Live 0xfac8b000
> ipt_REJECT 6656 2 - Live 0xfac5c000
> nf_conntrack_ipv4 11528 5 iptable_nat,nf_nat, Live 0xfab28000
> iptable_filter 6528 1 - Live 0xfac40000
> ip_tables 13712 3 iptable_mangle,iptable_nat,iptable_filter, Live 0xfac57000
> ip6t_REJECT 7296 2 - Live 0xfac38000
> xt_tcpudp 6656 2 - Live 0xfac35000
> nf_conntrack_ipv6 15864 2 - Live 0xfac3b000
> xt_state 5888 4 - Live 0xfac32000
> nf_conntrack 51424 5
> iptable_nat,nf_nat,nf_conntrack_ipv4,nf_conntrack_ipv6,xt_state, Live
> 0xfac43000
> ip6table_filter 6400 1 - Live 0xfab2c000
> ip6_tables 14736 1 ip6table_filter, Live 0xf8ade000
> x_tables 15236 7
> iptable_nat,ipt_REJECT,ip_tables,ip6t_REJECT,xt_tcpudp,xt_state,ip6_tables,
> Live 0xf8ad1000
> cpufreq_ondemand 9868 2 - Live 0xf8ada000
> acpi_cpufreq 12172 0 - Live 0xf8ad6000
> dm_multipath 17292 0 - Live 0xf8a59000
> scsi_dh 9476 1 dm_multipath, Live 0xf89d2000
> radeon 119044 2 - Live 0xf8b08000
> drm 146404 3 radeon, Live 0xf8ae3000
> ipv6 230260 39
> ipcomp6,ah6,esp6,xfrm6_mode_beet,xfrm6_mode_tunnel,xfrm6_tunnel,tunnel6,ip6t_REJECT,nf_conntrack_ipv6,
> Live 0xf8a1f000
> snd_hda_intel 351380 4 - Live 0xf8a5f000
> snd_seq_dummy 6660 0 - Live 0xf89a3000
> snd_seq_oss 30364 0 - Live 0xf89e3000
> snd_seq_midi_event 9600 1 snd_seq_oss, Live 0xf89b0000
> snd_seq 48576 5 snd_seq_dummy,snd_seq_oss,snd_seq_midi_event, Live
> 0xf89d6000
> snd_seq_device 9996 3 snd_seq_dummy,snd_seq_oss,snd_seq, Live 0xf89ac000
> snd_pcm_oss 42496 0 - Live 0xf89ba000
> snd_mixer_oss 16896 1 snd_pcm_oss, Live 0xf89a6000
> snd_pcm 65924 3 snd_hda_intel,snd_pcm_oss, Live 0xf896e000
> snd_timer 22024 2 snd_seq,snd_pcm, Live 0xf8926000
> snd_page_alloc 11016 2 snd_hda_intel,snd_pcm, Live 0xf896a000
> snd_hwdep 10500 1 snd_hda_intel, Live 0xf8937000
> ppdev 10372 0 - Live 0xf8933000
> snd 50744 17
> snd_hda_intel,snd_seq_dummy,snd_seq_oss,snd_seq,snd_seq_device,snd_pcm_oss,snd_mixer_oss,snd_pcm,snd_timer,snd_hwdep,
> Live 0xf8991000
> parport_pc 25620 0 - Live 0xf893d000
> parport 31956 2 ppdev,parport_pc, Live 0xf8961000
> dcdbas 10272 0 - Live 0xf891e000
> sr_mod 17064 1 - Live 0xf892d000
> tg3 107780 0 - Live 0xf8945000
> serio_raw 8836 0 - Live 0xf8922000
> libphy 18560 1 tg3, Live 0xf88fd000
> soundcore 9416 1 snd, Live 0xf891a000
> iTCO_wdt 13732 0 - Live 0xf8903000
> cdrom 32664 1 sr_mod, Live 0xf8911000
> i2c_i801 12048 0 - Live 0xf88ca000
> iTCO_vendor_support 6916 1 iTCO_wdt, Live 0xf8834000
> pcspkr 6272 0 - Live 0xf88ba000
> i2c_core 21396 2 drm,i2c_i801, Live 0xf88f0000
> sg 31028 0 - Live 0xf8908000
> dm_snapshot 19364 0 - Live 0xf88f7000
> dm_zero 5632 0 - Live 0xf88ad000
> dm_mirror 19968 0 - Live 0xf88b4000
> dm_log 12164 1 dm_mirror, Live 0xf884e000
> dm_mod 48692 10 dm_multipath,dm_snapshot,dm_zero,dm_mirror,dm_log, Live
> 0xf88bd000
> pata_acpi 7680 0 - Live 0xf884b000
> ata_generic 8452 0 - Live 0xf8847000
> ata_piix 24836 3 - Live 0xf88a5000
> libata 134380 3 pata_acpi,ata_generic,ata_piix, Live 0xf88ce000
> sd_mod 32408 3 - Live 0xf889c000
> scsi_mod 123772 5 scsi_dh,sr_mod,sg,libata,sd_mod, Live 0xf885f000
> crc_t10dif 5632 1 sd_mod, Live 0xf8844000
> ext3 109192 2 - Live 0xf8880000
> jbd 42900 1 ext3, Live 0xf8853000
> mbcache 10244 1 ext3, Live 0xf8839000
> uhci_hcd 23312 0 - Live 0xf883d000
> ohci_hcd 24336 0 - Live 0xf8824000
> ehci_hcd 32524 0 - Live 0xf882b000
> + _________________________ /proc/meminfo
> + cat /proc/meminfo
> MemTotal: 2072476 kB
> MemFree: 1448564 kB
> Buffers: 16808 kB
> Cached: 200772 kB
> SwapCached: 0 kB
> Active: 394208 kB
> Inactive: 105636 kB
> HighTotal: 1177596 kB
> HighFree: 683760 kB
> LowTotal: 894880 kB
> LowFree: 764804 kB
> SwapTotal: 2031608 kB
> SwapFree: 2031608 kB
> Dirty: 116 kB
> Writeback: 0 kB
> AnonPages: 282396 kB
> Mapped: 68340 kB
> Slab: 25928 kB
> SReclaimable: 10220 kB
> SUnreclaim: 15708 kB
> PageTables: 5136 kB
> NFS_Unstable: 0 kB
> Bounce: 0 kB
> WritebackTmp: 0 kB
> CommitLimit: 3067844 kB
> Committed_AS: 878784 kB
> VmallocTotal: 110584 kB
> VmallocUsed: 38328 kB
> VmallocChunk: 72156 kB
> HugePages_Total: 0
> HugePages_Free: 0
> HugePages_Rsvd: 0
> HugePages_Surp: 0
> Hugepagesize: 4096 kB
> DirectMap4k: 8192 kB
> DirectMap4M: 909312 kB
> + _________________________ /proc/net/ipsec-ls
> + test -f /proc/net/ipsec_version
> + _________________________ usr/src/linux/.config
> + test -f /proc/config.gz
> ++ uname -r
> + test -f /lib/modules/2.6.27.5-41.fc9.i686/build/.config
> + echo 'no .config file found, cannot list kernel properties'
> no .config file found, cannot list kernel properties
> + _________________________ etc/syslog.conf
> + _________________________ etc/syslog-ng/syslog-ng.conf
> + cat /etc/syslog-ng/syslog-ng.conf
> cat: /etc/syslog-ng/syslog-ng.conf: No such file or directory
> + cat /etc/syslog.conf
> cat: /etc/syslog.conf: No such file or directory
> + _________________________ etc/resolv.conf
> + cat /etc/resolv.conf
> # generated by NetworkManager, do not edit!
>
> nameserver 192.168.15.1
>
> + _________________________ lib/modules-ls
> + ls -ltr /lib/modules
> total 12
> drwxr-xr-x 7 root root 4096 Oct 24 17:56 2.6.26.6-79.fc9.i686
> drwxr-xr-x 7 root root 4096 Nov 15 12:00 2.6.27.5-37.fc9.i686
> drwxr-xr-x 7 root root 4096 Nov 19 13:03 2.6.27.5-41.fc9.i686
> + _________________________ /proc/ksyms-netif_rx
> + test -r /proc/ksyms
> + test -r /proc/kallsyms
> + egrep netif_rx /proc/kallsyms
> c05d6055 T netif_rx
> c05d6697 T netif_rx_ni
> c072abbc r __ksymtab_netif_rx
> c072acc4 r __ksymtab_netif_rx_ni
> c073b292 r __kstrtab_netif_rx
> c073b4ce r __kstrtab_netif_rx_ni
> c05d6697 u netif_rx_ni [bnep]
> c05d6055 u netif_rx [ipv6]
> f894f103 t netif_rx_schedule [tg3]
> f8950af8 t netif_rx_complete [tg3]
> + _________________________ lib/modules-netif_rx
> + modulegoo kernel/net/ipv4/ipip.o netif_rx
> + set +x
> 2.6.26.6-79.fc9.i686:
> 2.6.27.5-37.fc9.i686:
> 2.6.27.5-41.fc9.i686:
> + _________________________ kern.debug
> + test -f /var/log/kern.debug
> + _________________________ klog
> + sed -n '5304,$p' /var/log/messages
> + egrep -i 'ipsec|klips|pluto'
> + case "$1" in
> + cat
> Jan 21 09:10:00 localhost ipsec_setup: Starting Openswan IPsec
> U2.6.14/K2.6.27.5-41.fc9.i686...
> Jan 21 09:10:00 localhost ipsec_setup:
> Jan 21 09:10:00 localhost ipsec_setup:
> Jan 21 09:10:00 localhost setroubleshoot: SELinux is preventing logger
> (ipsec_mgmt_t) "write" to log (devlog_t). For complete SELinux messages.
> run sealert -l 68eff3d4-9eec-4f59-91c1-4d0cde3d88a2
> Jan 21 09:10:00 localhost setroubleshoot: SELinux is preventing logger
> (ipsec_mgmt_t) "write" to log (devlog_t). For complete SELinux messages.
> run sealert -l 68eff3d4-9eec-4f59-91c1-4d0cde3d88a2
> Jan 21 09:10:01 localhost setroubleshoot: SELinux is preventing logger
> (ipsec_mgmt_t) "write" to log (devlog_t). For complete SELinux messages.
> run sealert -l 68eff3d4-9eec-4f59-91c1-4d0cde3d88a2
> Jan 21 09:10:01 localhost setroubleshoot: SELinux is preventing pluto
> (ipsec_t) "search" to ./home (home_root_t). For complete SELinux
> messages. run sealert -l 606544c1-5dfb-428e-badb-d719177ea1a7
> Jan 21 09:10:01 localhost setroubleshoot: SELinux is preventing pluto
> (ipsec_t) "search" to ./home (home_root_t). For complete SELinux
> messages. run sealert -l 606544c1-5dfb-428e-badb-d719177ea1a7
> Jan 21 09:10:01 localhost setroubleshoot: SELinux is preventing logger
> (ipsec_mgmt_t) "write" to log (devlog_t). For complete SELinux messages.
> run sealert -l 68eff3d4-9eec-4f59-91c1-4d0cde3d88a2
> Jan 21 09:10:02 localhost setroubleshoot: SELinux is preventing logger
> (ipsec_mgmt_t) "write" to log (devlog_t). For complete SELinux messages.
> run sealert -l 68eff3d4-9eec-4f59-91c1-4d0cde3d88a2
> Jan 21 09:10:02 localhost setroubleshoot: SELinux is preventing auto
> (ipsec_mgmt_t) "execute_no_trans" to /bin/bash (shell_exec_t). For
> complete SELinux messages. run sealert -l
> 12b4c94d-97f6-41cb-886f-048b26a24b1f
> Jan 21 09:10:02 localhost setroubleshoot: SELinux is preventing logger
> (ipsec_mgmt_t) "write" to log (devlog_t). For complete SELinux messages.
> run sealert -l 68eff3d4-9eec-4f59-91c1-4d0cde3d88a2
> Jan 21 09:10:02 localhost setroubleshoot: SELinux is preventing auto
> (ipsec_mgmt_t) "execute_no_trans" to /bin/bash (shell_exec_t). For
> complete SELinux messages. run sealert -l
> 12b4c94d-97f6-41cb-886f-048b26a24b1f
> Jan 21 09:10:03 localhost setroubleshoot: SELinux is preventing logger
> (ipsec_mgmt_t) "write" to log (devlog_t). For complete SELinux messages.
> run sealert -l 68eff3d4-9eec-4f59-91c1-4d0cde3d88a2
> Jan 21 09:10:03 localhost setroubleshoot: SELinux is preventing auto
> (ipsec_mgmt_t) "execute_no_trans" to /bin/bash (shell_exec_t). For
> complete SELinux messages. run sealert -l
> 12b4c94d-97f6-41cb-886f-048b26a24b1f
> Jan 21 09:10:03 localhost setroubleshoot: SELinux is preventing logger
> (ipsec_mgmt_t) "write" to log (devlog_t). For complete SELinux messages.
> run sealert -l 68eff3d4-9eec-4f59-91c1-4d0cde3d88a2
> Jan 21 09:10:04 localhost setroubleshoot: SELinux is preventing auto
> (ipsec_mgmt_t) "execute_no_trans" to /bin/bash (shell_exec_t). For
> complete SELinux messages. run sealert -l
> 12b4c94d-97f6-41cb-886f-048b26a24b1f
> Jan 21 09:10:04 localhost setroubleshoot: SELinux is preventing logger
> (ipsec_mgmt_t) "write" to log (devlog_t). For complete SELinux messages.
> run sealert -l 68eff3d4-9eec-4f59-91c1-4d0cde3d88a2
> Jan 21 09:10:04 localhost setroubleshoot: SELinux is preventing auto
> (ipsec_mgmt_t) "execute_no_trans" to /bin/bash (shell_exec_t). For
> complete SELinux messages. run sealert -l
> 12b4c94d-97f6-41cb-886f-048b26a24b1f
> Jan 21 09:10:04 localhost setroubleshoot: SELinux is preventing logger
> (ipsec_mgmt_t) "write" to log (devlog_t). For complete SELinux messages.
> run sealert -l 68eff3d4-9eec-4f59-91c1-4d0cde3d88a2
> + _________________________ plog
> + sed -n '2,$p' /var/log/secure
> + egrep -i pluto
> + case "$1" in
> + cat
> Jan 20 09:48:52 localhost pluto[13851]: Starting Pluto (Openswan Version
> 2.6.14; Vendor ID OEoSJUweaqAX) pid:13851
> Jan 20 09:48:52 localhost pluto[13851]: Setting NAT-Traversal port-4500
> floating to on
> Jan 20 09:48:52 localhost pluto[13851]: port floating activation
> criteria nat_t=1/port_float=1
> Jan 20 09:48:52 localhost pluto[13851]: including NAT-Traversal patch
> (Version 0.6c)
> Jan 20 09:48:52 localhost pluto[13851]: using /dev/urandom as source of
> random entropy
> Jan 20 09:48:52 localhost pluto[13851]: ike_alg_register_enc():
> Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
> Jan 20 09:48:52 localhost pluto[13851]: ike_alg_register_enc():
> Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
> Jan 20 09:48:52 localhost pluto[13851]: ike_alg_register_enc():
> Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
> Jan 20 09:48:52 localhost pluto[13851]: ike_alg_register_enc():
> Activating OAKLEY_AES_CBC: Ok (ret=0)
> Jan 20 09:48:52 localhost pluto[13851]: ike_alg_register_enc():
> Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
> Jan 20 09:48:52 localhost pluto[13851]: ike_alg_register_hash():
> Activating OAKLEY_SHA2_512: Ok (ret=0)
> Jan 20 09:48:52 localhost pluto[13851]: ike_alg_register_hash():
> Activating OAKLEY_SHA2_256: Ok (ret=0)
> Jan 20 09:48:52 localhost pluto[13851]: starting up 1 cryptographic helpers
> Jan 20 09:48:52 localhost pluto[13851]: started helper pid=13852 (fd:7)
> Jan 20 09:48:52 localhost pluto[13851]: Using Linux 2.6 IPsec interface
> code on 2.6.27.5-41.fc9.i686 (experimental code)
> Jan 20 09:48:52 localhost pluto[13852]: using /dev/urandom as source of
> random entropy
> Jan 20 09:48:53 localhost pluto[13851]: ike_alg_register_enc(): WARNING:
> enc alg=0 not found in constants.c:oakley_enc_names
> Jan 20 09:48:53 localhost pluto[13851]: ike_alg_register_enc():
> Activating <NULL>: Ok (ret=0)
> Jan 20 09:48:53 localhost pluto[13851]: ike_alg_register_enc(): WARNING:
> enc alg=0 not found in constants.c:oakley_enc_names
> Jan 20 09:48:53 localhost pluto[13851]: ike_alg_add(): ERROR: Algorithm
> already exists
> Jan 20 09:48:53 localhost pluto[13851]: ike_alg_register_enc():
> Activating <NULL>: FAILED (ret=-17)
> Jan 20 09:48:53 localhost pluto[13851]: ike_alg_register_enc(): WARNING:
> enc alg=0 not found in constants.c:oakley_enc_names
> Jan 20 09:48:53 localhost pluto[13851]: ike_alg_add(): ERROR: Algorithm
> already exists
> Jan 20 09:48:53 localhost pluto[13851]: ike_alg_register_enc():
> Activating <NULL>: FAILED (ret=-17)
> Jan 20 09:48:53 localhost pluto[13851]: ike_alg_register_enc(): WARNING:
> enc alg=0 not found in constants.c:oakley_enc_names
> Jan 20 09:48:53 localhost pluto[13851]: ike_alg_add(): ERROR: Algorithm
> already exists
> Jan 20 09:48:53 localhost pluto[13851]: ike_alg_register_enc():
> Activating <NULL>: FAILED (ret=-17)
> Jan 20 09:48:53 localhost pluto[13851]: ike_alg_register_enc(): WARNING:
> enc alg=0 not found in constants.c:oakley_enc_names
> Jan 20 09:48:53 localhost pluto[13851]: ike_alg_add(): ERROR: Algorithm
> already exists
> Jan 20 09:48:53 localhost pluto[13851]: ike_alg_register_enc():
> Activating <NULL>: FAILED (ret=-17)
> Jan 20 09:48:53 localhost pluto[13851]: ike_alg_register_enc(): WARNING:
> enc alg=0 not found in constants.c:oakley_enc_names
> Jan 20 09:48:53 localhost pluto[13851]: ike_alg_add(): ERROR: Algorithm
> already exists
> Jan 20 09:48:53 localhost pluto[13851]: ike_alg_register_enc():
> Activating <NULL>: FAILED (ret=-17)
> Jan 20 09:48:53 localhost pluto[13851]: Could not change to directory
> '/etc/ipsec.d/cacerts': /usr/sbin
> Jan 20 09:48:53 localhost pluto[13851]: Could not change to directory
> '/etc/ipsec.d/aacerts': /usr/sbin
> Jan 20 09:48:53 localhost pluto[13851]: Could not change to directory
> '/etc/ipsec.d/ocspcerts': /usr/sbin
> Jan 20 09:48:53 localhost pluto[13851]: Could not change to directory
> '/etc/ipsec.d/crls'
> Jan 20 09:48:53 localhost pluto[13851]: Changing back to directory
> '/usr/sbin' failed - (2 No such file or directory)
> Jan 20 09:48:53 localhost pluto[13851]: Changing back to directory
> '/usr/sbin' failed - (2 No such file or directory)
> Jan 20 09:48:53 localhost pluto[13851]: added connection description "vo"
> Jan 20 09:48:53 localhost pluto[13851]: added connection description "vodmz"
> Jan 20 09:49:32 localhost pluto[13851]: loading secrets from
> "/etc/ipsec.secrets"
> Jan 20 09:49:32 localhost pluto[13851]: no secrets filename matched
> "/etc/ipsec.d/*.secrets"
> Jan 20 09:56:08 localhost pluto[13851]: forgetting secrets
> Jan 20 09:56:08 localhost pluto[13851]: no secrets filename matched
> "/etc/ipsec.secrets"
> Jan 20 09:56:24 localhost pluto[13851]: loading secrets from
> "/etc/ipsec.secrets"
> Jan 20 09:56:24 localhost pluto[13851]: no secrets filename matched
> "/etc/ipsec.d/*.secrets"
> Jan 20 09:57:04 localhost pluto[13851]: shutting down
> Jan 20 09:57:04 localhost pluto[13851]: forgetting secrets
> Jan 20 09:57:04 localhost pluto[13851]: "vodmz": deleting connection
> Jan 20 09:57:04 localhost pluto[13851]: "vo": deleting connection
> Jan 20 09:57:05 localhost pluto[14592]: Starting Pluto (Openswan Version
> 2.6.14; Vendor ID OEoSJUweaqAX) pid:14592
> Jan 20 09:57:05 localhost pluto[14592]: Setting NAT-Traversal port-4500
> floating to on
> Jan 20 09:57:05 localhost pluto[14592]: port floating activation
> criteria nat_t=1/port_float=1
> Jan 20 09:57:05 localhost pluto[14592]: including NAT-Traversal patch
> (Version 0.6c)
> Jan 20 09:57:05 localhost pluto[14592]: using /dev/urandom as source of
> random entropy
> Jan 20 09:57:05 localhost pluto[14592]: ike_alg_register_enc():
> Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
> Jan 20 09:57:05 localhost pluto[14592]: ike_alg_register_enc():
> Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
> Jan 20 09:57:05 localhost pluto[14592]: ike_alg_register_enc():
> Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
> Jan 20 09:57:05 localhost pluto[14592]: ike_alg_register_enc():
> Activating OAKLEY_AES_CBC: Ok (ret=0)
> Jan 20 09:57:05 localhost pluto[14592]: ike_alg_register_enc():
> Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
> Jan 20 09:57:05 localhost pluto[14592]: ike_alg_register_hash():
> Activating OAKLEY_SHA2_512: Ok (ret=0)
> Jan 20 09:57:05 localhost pluto[14592]: ike_alg_register_hash():
> Activating OAKLEY_SHA2_256: Ok (ret=0)
> Jan 20 09:57:05 localhost pluto[14592]: starting up 1 cryptographic helpers
> Jan 20 09:57:05 localhost pluto[14601]: using /dev/urandom as source of
> random entropy
> Jan 20 09:57:05 localhost pluto[14592]: started helper pid=14601 (fd:7)
> Jan 20 09:57:05 localhost pluto[14592]: Using Linux 2.6 IPsec interface
> code on 2.6.27.5-41.fc9.i686 (experimental code)
> Jan 20 09:57:06 localhost pluto[14592]: ike_alg_register_enc(): WARNING:
> enc alg=0 not found in constants.c:oakley_enc_names
> Jan 20 09:57:06 localhost pluto[14592]: ike_alg_register_enc():
> Activating <NULL>: Ok (ret=0)
> Jan 20 09:57:06 localhost pluto[14592]: ike_alg_register_enc(): WARNING:
> enc alg=0 not found in constants.c:oakley_enc_names
> Jan 20 09:57:06 localhost pluto[14592]: ike_alg_add(): ERROR: Algorithm
> already exists
> Jan 20 09:57:06 localhost pluto[14592]: ike_alg_register_enc():
> Activating <NULL>: FAILED (ret=-17)
> Jan 20 09:57:06 localhost pluto[14592]: ike_alg_register_enc(): WARNING:
> enc alg=0 not found in constants.c:oakley_enc_names
> Jan 20 09:57:06 localhost pluto[14592]: ike_alg_add(): ERROR: Algorithm
> already exists
> Jan 20 09:57:06 localhost pluto[14592]: ike_alg_register_enc():
> Activating <NULL>: FAILED (ret=-17)
> Jan 20 09:57:06 localhost pluto[14592]: ike_alg_register_enc(): WARNING:
> enc alg=0 not found in constants.c:oakley_enc_names
> Jan 20 09:57:06 localhost pluto[14592]: ike_alg_add(): ERROR: Algorithm
> already exists
> Jan 20 09:57:06 localhost pluto[14592]: ike_alg_register_enc():
> Activating <NULL>: FAILED (ret=-17)
> Jan 20 09:57:06 localhost pluto[14592]: ike_alg_register_enc(): WARNING:
> enc alg=0 not found in constants.c:oakley_enc_names
> Jan 20 09:57:06 localhost pluto[14592]: ike_alg_add(): ERROR: Algorithm
> already exists
> Jan 20 09:57:06 localhost pluto[14592]: ike_alg_register_enc():
> Activating <NULL>: FAILED (ret=-17)
> Jan 20 09:57:06 localhost pluto[14592]: ike_alg_register_enc(): WARNING:
> enc alg=0 not found in constants.c:oakley_enc_names
> Jan 20 09:57:06 localhost pluto[14592]: ike_alg_add(): ERROR: Algorithm
> already exists
> Jan 20 09:57:06 localhost pluto[14592]: ike_alg_register_enc():
> Activating <NULL>: FAILED (ret=-17)
> Jan 20 09:57:06 localhost pluto[14592]: Could not change to directory
> '/etc/ipsec.d/cacerts': /etc
> Jan 20 09:57:06 localhost pluto[14592]: Could not change to directory
> '/etc/ipsec.d/aacerts': /etc
> Jan 20 09:57:06 localhost pluto[14592]: Could not change to directory
> '/etc/ipsec.d/ocspcerts': /etc
> Jan 20 09:57:06 localhost pluto[14592]: Could not change to directory
> '/etc/ipsec.d/crls'
> Jan 20 09:57:06 localhost pluto[14592]: Changing back to directory
> '/etc' failed - (2 No such file or directory)
> Jan 20 09:57:06 localhost pluto[14592]: Changing back to directory
> '/etc' failed - (2 No such file or directory)
> Jan 20 09:57:06 localhost pluto[14592]: added connection description "vo"
> Jan 20 09:57:06 localhost pluto[14592]: added connection description "vodmz"
> Jan 20 09:57:08 localhost pluto[14592]: loading secrets from
> "/etc/ipsec.secrets"
> Jan 20 09:57:08 localhost pluto[14592]: no secrets filename matched
> "/etc/ipsec.d/*.secrets"
> Jan 20 09:59:17 localhost pluto[14592]: forgetting secrets
> Jan 20 09:59:17 localhost pluto[14592]: loading secrets from
> "/etc/ipsec.secrets"
> Jan 20 09:59:17 localhost pluto[14592]: loading secrets from
> "/etc/ipsec.d/ipsec.secrets"
> Jan 20 10:01:37 localhost pluto[14592]: "vo": deleting connection
> Jan 20 10:01:37 localhost pluto[14592]: added connection description "vo"
> Jan 20 10:01:43 localhost pluto[14592]: "vodmz": deleting connection
> Jan 20 10:01:43 localhost pluto[14592]: added connection description "vodmz"
> Jan 20 10:07:07 localhost pluto[14592]: shutting down
> Jan 20 10:07:07 localhost pluto[14592]: forgetting secrets
> Jan 20 10:07:07 localhost pluto[14592]: "vodmz": deleting connection
> Jan 20 10:07:07 localhost pluto[14592]: "vo": deleting connection
> Jan 20 10:07:09 localhost pluto[15199]: Starting Pluto (Openswan Version
> 2.6.14; Vendor ID OEoSJUweaqAX) pid:15199
> Jan 20 10:07:09 localhost pluto[15199]: Setting NAT-Traversal port-4500
> floating to on
> Jan 20 10:07:09 localhost pluto[15199]: port floating activation
> criteria nat_t=1/port_float=1
> Jan 20 10:07:09 localhost pluto[15199]: including NAT-Traversal patch
> (Version 0.6c)
> Jan 20 10:07:09 localhost pluto[15199]: using /dev/urandom as source of
> random entropy
> Jan 20 10:07:09 localhost pluto[15199]: ike_alg_register_enc():
> Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
> Jan 20 10:07:09 localhost pluto[15199]: ike_alg_register_enc():
> Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
> Jan 20 10:07:09 localhost pluto[15199]: ike_alg_register_enc():
> Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
> Jan 20 10:07:09 localhost pluto[15199]: ike_alg_register_enc():
> Activating OAKLEY_AES_CBC: Ok (ret=0)
> Jan 20 10:07:09 localhost pluto[15199]: ike_alg_register_enc():
> Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
> Jan 20 10:07:09 localhost pluto[15199]: ike_alg_register_hash():
> Activating OAKLEY_SHA2_512: Ok (ret=0)
> Jan 20 10:07:09 localhost pluto[15199]: ike_alg_register_hash():
> Activating OAKLEY_SHA2_256: Ok (ret=0)
> Jan 20 10:07:09 localhost pluto[15199]: starting up 1 cryptographic helpers
> Jan 20 10:07:09 localhost pluto[15201]: using /dev/urandom as source of
> random entropy
> Jan 20 10:07:09 localhost pluto[15199]: started helper pid=15201 (fd:7)
> Jan 20 10:07:09 localhost pluto[15199]: Using Linux 2.6 IPsec interface
> code on 2.6.27.5-41.fc9.i686 (experimental code)
> Jan 20 10:07:10 localhost pluto[15199]: ike_alg_register_enc(): WARNING:
> enc alg=0 not found in constants.c:oakley_enc_names
> Jan 20 10:07:10 localhost pluto[15199]: ike_alg_register_enc():
> Activating <NULL>: Ok (ret=0)
> Jan 20 10:07:10 localhost pluto[15199]: ike_alg_register_enc(): WARNING:
> enc alg=0 not found in constants.c:oakley_enc_names
> Jan 20 10:07:10 localhost pluto[15199]: ike_alg_add(): ERROR: Algorithm
> already exists
> Jan 20 10:07:10 localhost pluto[15199]: ike_alg_register_enc():
> Activating <NULL>: FAILED (ret=-17)
> Jan 20 10:07:10 localhost pluto[15199]: ike_alg_register_enc(): WARNING:
> enc alg=0 not found in constants.c:oakley_enc_names
> Jan 20 10:07:10 localhost pluto[15199]: ike_alg_add(): ERROR: Algorithm
> already exists
> Jan 20 10:07:10 localhost pluto[15199]: ike_alg_register_enc():
> Activating <NULL>: FAILED (ret=-17)
> Jan 20 10:07:10 localhost pluto[15199]: ike_alg_register_enc(): WARNING:
> enc alg=0 not found in constants.c:oakley_enc_names
> Jan 20 10:07:10 localhost pluto[15199]: ike_alg_add(): ERROR: Algorithm
> already exists
> Jan 20 10:07:10 localhost pluto[15199]: ike_alg_register_enc():
> Activating <NULL>: FAILED (ret=-17)
> Jan 20 10:07:10 localhost pluto[15199]: ike_alg_register_enc(): WARNING:
> enc alg=0 not found in constants.c:oakley_enc_names
> Jan 20 10:07:10 localhost pluto[15199]: ike_alg_add(): ERROR: Algorithm
> already exists
> Jan 20 10:07:10 localhost pluto[15199]: ike_alg_register_enc():
> Activating <NULL>: FAILED (ret=-17)
> Jan 20 10:07:10 localhost pluto[15199]: ike_alg_register_enc(): WARNING:
> enc alg=0 not found in constants.c:oakley_enc_names
> Jan 20 10:07:10 localhost pluto[15199]: ike_alg_add(): ERROR: Algorithm
> already exists
> Jan 20 10:07:10 localhost pluto[15199]: ike_alg_register_enc():
> Activating <NULL>: FAILED (ret=-17)
> Jan 20 10:07:10 localhost pluto[15199]: Could not change to directory
> '/etc/ipsec.d/cacerts': /etc
> Jan 20 10:07:10 localhost pluto[15199]: Could not change to directory
> '/etc/ipsec.d/aacerts': /etc
> Jan 20 10:07:10 localhost pluto[15199]: Could not change to directory
> '/etc/ipsec.d/ocspcerts': /etc
> Jan 20 10:07:10 localhost pluto[15199]: Could not change to directory
> '/etc/ipsec.d/crls'
> Jan 20 10:07:10 localhost pluto[15199]: Changing back to directory
> '/etc' failed - (2 No such file or directory)
> Jan 20 10:07:10 localhost pluto[15199]: Changing back to directory
> '/etc' failed - (2 No such file or directory)
> Jan 20 10:07:10 localhost pluto[15199]: added connection description "vo"
> Jan 20 10:07:10 localhost pluto[15199]: added connection description "vodmz"
> Jan 20 10:17:24 localhost pluto[15199]: shutting down
> Jan 20 10:17:24 localhost pluto[15199]: "vodmz": deleting connection
> Jan 20 10:17:24 localhost pluto[15199]: "vo": deleting connection
> Jan 20 10:17:27 localhost pluto[15738]: Starting Pluto (Openswan Version
> 2.6.14; Vendor ID OEoSJUweaqAX) pid:15738
> Jan 20 10:17:27 localhost pluto[15738]: Setting NAT-Traversal port-4500
> floating to on
> Jan 20 10:17:27 localhost pluto[15738]: port floating activation
> criteria nat_t=1/port_float=1
> Jan 20 10:17:27 localhost pluto[15738]: including NAT-Traversal patch
> (Version 0.6c)
> Jan 20 10:17:27 localhost pluto[15738]: using /dev/urandom as source of
> random entropy
> Jan 20 10:17:27 localhost pluto[15738]: ike_alg_register_enc():
> Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
> Jan 20 10:17:27 localhost pluto[15738]: ike_alg_register_enc():
> Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
> Jan 20 10:17:27 localhost pluto[15738]: ike_alg_register_enc():
> Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
> Jan 20 10:17:27 localhost pluto[15738]: ike_alg_register_enc():
> Activating OAKLEY_AES_CBC: Ok (ret=0)
> Jan 20 10:17:27 localhost pluto[15738]: ike_alg_register_enc():
> Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
> Jan 20 10:17:27 localhost pluto[15738]: ike_alg_register_hash():
> Activating OAKLEY_SHA2_512: Ok (ret=0)
> Jan 20 10:17:27 localhost pluto[15738]: ike_alg_register_hash():
> Activating OAKLEY_SHA2_256: Ok (ret=0)
> Jan 20 10:17:27 localhost pluto[15738]: starting up 1 cryptographic helpers
> Jan 20 10:17:27 localhost pluto[15744]: using /dev/urandom as source of
> random entropy
> Jan 20 10:17:27 localhost pluto[15738]: started helper pid=15744 (fd:7)
> Jan 20 10:17:27 localhost pluto[15738]: Using Linux 2.6 IPsec interface
> code on 2.6.27.5-41.fc9.i686 (experimental code)
> Jan 20 10:17:27 localhost pluto[15738]: ike_alg_register_enc(): WARNING:
> enc alg=0 not found in constants.c:oakley_enc_names
> Jan 20 10:17:27 localhost pluto[15738]: ike_alg_register_enc():
> Activating <NULL>: Ok (ret=0)
> Jan 20 10:17:27 localhost pluto[15738]: ike_alg_register_enc(): WARNING:
> enc alg=0 not found in constants.c:oakley_enc_names
> Jan 20 10:17:27 localhost pluto[15738]: ike_alg_add(): ERROR: Algorithm
> already exists
> Jan 20 10:17:27 localhost pluto[15738]: ike_alg_register_enc():
> Activating <NULL>: FAILED (ret=-17)
> Jan 20 10:17:27 localhost pluto[15738]: ike_alg_register_enc(): WARNING:
> enc alg=0 not found in constants.c:oakley_enc_names
> Jan 20 10:17:27 localhost pluto[15738]: ike_alg_add(): ERROR: Algorithm
> already exists
> Jan 20 10:17:27 localhost pluto[15738]: ike_alg_register_enc():
> Activating <NULL>: FAILED (ret=-17)
> Jan 20 10:17:27 localhost pluto[15738]: ike_alg_register_enc(): WARNING:
> enc alg=0 not found in constants.c:oakley_enc_names
> Jan 20 10:17:27 localhost pluto[15738]: ike_alg_add(): ERROR: Algorithm
> already exists
> Jan 20 10:17:27 localhost pluto[15738]: ike_alg_register_enc():
> Activating <NULL>: FAILED (ret=-17)
> Jan 20 10:17:27 localhost pluto[15738]: ike_alg_register_enc(): WARNING:
> enc alg=0 not found in constants.c:oakley_enc_names
> Jan 20 10:17:27 localhost pluto[15738]: ike_alg_add(): ERROR: Algorithm
> already exists
> Jan 20 10:17:27 localhost pluto[15738]: ike_alg_register_enc():
> Activating <NULL>: FAILED (ret=-17)
> Jan 20 10:17:27 localhost pluto[15738]: ike_alg_register_enc(): WARNING:
> enc alg=0 not found in constants.c:oakley_enc_names
> Jan 20 10:17:27 localhost pluto[15738]: ike_alg_add(): ERROR: Algorithm
> already exists
> Jan 20 10:17:27 localhost pluto[15738]: ike_alg_register_enc():
> Activating <NULL>: FAILED (ret=-17)
> Jan 20 10:17:27 localhost pluto[15738]: Could not change to directory
> '/etc/ipsec.d/cacerts': /etc
> Jan 20 10:17:27 localhost pluto[15738]: Could not change to directory
> '/etc/ipsec.d/aacerts': /etc
> Jan 20 10:17:27 localhost pluto[15738]: Could not change to directory
> '/etc/ipsec.d/ocspcerts': /etc
> Jan 20 10:17:27 localhost pluto[15738]: Could not change to directory
> '/etc/ipsec.d/crls'
> Jan 20 10:17:27 localhost pluto[15738]: Changing back to directory
> '/etc' failed - (2 No such file or directory)
> Jan 20 10:17:27 localhost pluto[15738]: Changing back to directory
> '/etc' failed - (2 No such file or directory)
> Jan 20 10:17:27 localhost pluto[15738]: added connection description "vo"
> Jan 20 10:17:27 localhost pluto[15738]: added connection description "vodmz"
> Jan 21 08:59:07 localhost pluto[15738]: shutting down
> Jan 21 08:59:07 localhost pluto[15738]: "vodmz": deleting connection
> Jan 21 08:59:07 localhost pluto[15738]: "vo": deleting connection
> Jan 21 09:00:20 localhost pluto[2326]: Starting Pluto (Openswan Version
> 2.6.14; Vendor ID OEoSJUweaqAX) pid:2326
> Jan 21 09:00:20 localhost pluto[2326]: Setting NAT-Traversal port-4500
> floating to on
> Jan 21 09:00:20 localhost pluto[2326]: port floating activation
> criteria nat_t=1/port_float=1
> Jan 21 09:00:20 localhost pluto[2326]: including NAT-Traversal patch
> (Version 0.6c)
> Jan 21 09:00:20 localhost pluto[2326]: using /dev/urandom as source of
> random entropy
> Jan 21 09:00:20 localhost pluto[2326]: ike_alg_register_enc():
> Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
> Jan 21 09:00:20 localhost pluto[2326]: ike_alg_register_enc():
> Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
> Jan 21 09:00:20 localhost pluto[2326]: ike_alg_register_enc():
> Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
> Jan 21 09:00:20 localhost pluto[2326]: ike_alg_register_enc():
> Activating OAKLEY_AES_CBC: Ok (ret=0)
> Jan 21 09:00:20 localhost pluto[2326]: ike_alg_register_enc():
> Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
> Jan 21 09:00:20 localhost pluto[2326]: ike_alg_register_hash():
> Activating OAKLEY_SHA2_512: Ok (ret=0)
> Jan 21 09:00:20 localhost pluto[2326]: ike_alg_register_hash():
> Activating OAKLEY_SHA2_256: Ok (ret=0)
> Jan 21 09:00:20 localhost pluto[2326]: starting up 1 cryptographic helpers
> Jan 21 09:00:20 localhost pluto[2342]: using /dev/urandom as source of
> random entropy
> Jan 21 09:00:20 localhost pluto[2326]: started helper pid=2342 (fd:7)
> Jan 21 09:00:20 localhost pluto[2326]: Using Linux 2.6 IPsec interface
> code on 2.6.27.5-41.fc9.i686 (experimental code)
> Jan 21 09:00:21 localhost pluto[2326]: ike_alg_register_enc(): WARNING:
> enc alg=0 not found in constants.c:oakley_enc_names
> Jan 21 09:00:21 localhost pluto[2326]: ike_alg_register_enc():
> Activating <NULL>: Ok (ret=0)
> Jan 21 09:00:21 localhost pluto[2326]: ike_alg_register_enc(): WARNING:
> enc alg=0 not found in constants.c:oakley_enc_names
> Jan 21 09:00:21 localhost pluto[2326]: ike_alg_add(): ERROR: Algorithm
> already exists
> Jan 21 09:00:21 localhost pluto[2326]: ike_alg_register_enc():
> Activating <NULL>: FAILED (ret=-17)
> Jan 21 09:00:21 localhost pluto[2326]: ike_alg_register_enc(): WARNING:
> enc alg=0 not found in constants.c:oakley_enc_names
> Jan 21 09:00:21 localhost pluto[2326]: ike_alg_add(): ERROR: Algorithm
> already exists
> Jan 21 09:00:21 localhost pluto[2326]: ike_alg_register_enc():
> Activating <NULL>: FAILED (ret=-17)
> Jan 21 09:00:21 localhost pluto[2326]: ike_alg_register_enc(): WARNING:
> enc alg=0 not found in constants.c:oakley_enc_names
> Jan 21 09:00:21 localhost pluto[2326]: ike_alg_add(): ERROR: Algorithm
> already exists
> Jan 21 09:00:21 localhost pluto[2326]: ike_alg_register_enc():
> Activating <NULL>: FAILED (ret=-17)
> Jan 21 09:00:21 localhost pluto[2326]: ike_alg_register_enc(): WARNING:
> enc alg=0 not found in constants.c:oakley_enc_names
> Jan 21 09:00:21 localhost pluto[2326]: ike_alg_add(): ERROR: Algorithm
> already exists
> Jan 21 09:00:21 localhost pluto[2326]: ike_alg_register_enc():
> Activating <NULL>: FAILED (ret=-17)
> Jan 21 09:00:21 localhost pluto[2326]: ike_alg_register_enc(): WARNING:
> enc alg=0 not found in constants.c:oakley_enc_names
> Jan 21 09:00:21 localhost pluto[2326]: ike_alg_add(): ERROR: Algorithm
> already exists
> Jan 21 09:00:21 localhost pluto[2326]: ike_alg_register_enc():
> Activating <NULL>: FAILED (ret=-17)
> Jan 21 09:00:21 localhost pluto[2326]: Could not change to directory
> '/etc/ipsec.d/cacerts': /
> Jan 21 09:00:21 localhost pluto[2326]: Could not change to directory
> '/etc/ipsec.d/aacerts': /
> Jan 21 09:00:21 localhost pluto[2326]: Could not change to directory
> '/etc/ipsec.d/ocspcerts': /
> Jan 21 09:00:21 localhost pluto[2326]: Could not change to directory
> '/etc/ipsec.d/crls'
> Jan 21 09:00:21 localhost pluto[2326]: Changing back to directory '/'
> failed - (2 No such file or directory)
> Jan 21 09:00:21 localhost pluto[2326]: Changing back to directory '/'
> failed - (2 No such file or directory)
> Jan 21 09:00:21 localhost pluto[2326]: added connection description "vo"
> Jan 21 09:00:21 localhost pluto[2326]: added connection description "vodmz"
> Jan 21 09:06:20 localhost pluto[2326]: shutting down
> Jan 21 09:06:20 localhost pluto[2326]: "vodmz": deleting connection
> Jan 21 09:06:20 localhost pluto[2326]: "vo": deleting connection
> Jan 21 09:06:22 localhost pluto[3784]: Starting Pluto (Openswan Version
> 2.6.14; Vendor ID OEoSJUweaqAX) pid:3784
> Jan 21 09:06:22 localhost pluto[3784]: Setting NAT-Traversal port-4500
> floating to on
> Jan 21 09:06:22 localhost pluto[3784]: port floating activation
> criteria nat_t=1/port_float=1
> Jan 21 09:06:22 localhost pluto[3784]: including NAT-Traversal patch
> (Version 0.6c)
> Jan 21 09:06:22 localhost pluto[3784]: using /dev/urandom as source of
> random entropy
> Jan 21 09:06:22 localhost pluto[3784]: ike_alg_register_enc():
> Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
> Jan 21 09:06:22 localhost pluto[3784]: ike_alg_register_enc():
> Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
> Jan 21 09:06:22 localhost pluto[3784]: ike_alg_register_enc():
> Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
> Jan 21 09:06:22 localhost pluto[3784]: ike_alg_register_enc():
> Activating OAKLEY_AES_CBC: Ok (ret=0)
> Jan 21 09:06:22 localhost pluto[3784]: ike_alg_register_enc():
> Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
> Jan 21 09:06:22 localhost pluto[3784]: ike_alg_register_hash():
> Activating OAKLEY_SHA2_512: Ok (ret=0)
> Jan 21 09:06:22 localhost pluto[3784]: ike_alg_register_hash():
> Activating OAKLEY_SHA2_256: Ok (ret=0)
> Jan 21 09:06:22 localhost pluto[3784]: starting up 1 cryptographic helpers
> Jan 21 09:06:22 localhost pluto[3784]: started helper pid=3785 (fd:7)
> Jan 21 09:06:22 localhost pluto[3784]: Using Linux 2.6 IPsec interface
> code on 2.6.27.5-41.fc9.i686 (experimental code)
> Jan 21 09:06:22 localhost pluto[3785]: using /dev/urandom as source of
> random entropy
> Jan 21 09:06:22 localhost pluto[3784]: ike_alg_register_enc(): WARNING:
> enc alg=0 not found in constants.c:oakley_enc_names
> Jan 21 09:06:22 localhost pluto[3784]: ike_alg_register_enc():
> Activating <NULL>: Ok (ret=0)
> Jan 21 09:06:22 localhost pluto[3784]: ike_alg_register_enc(): WARNING:
> enc alg=0 not found in constants.c:oakley_enc_names
> Jan 21 09:06:22 localhost pluto[3784]: ike_alg_add(): ERROR: Algorithm
> already exists
> Jan 21 09:06:22 localhost pluto[3784]: ike_alg_register_enc():
> Activating <NULL>: FAILED (ret=-17)
> Jan 21 09:06:22 localhost pluto[3784]: ike_alg_register_enc(): WARNING:
> enc alg=0 not found in constants.c:oakley_enc_names
> Jan 21 09:06:22 localhost pluto[3784]: ike_alg_add(): ERROR: Algorithm
> already exists
> Jan 21 09:06:22 localhost pluto[3784]: ike_alg_register_enc():
> Activating <NULL>: FAILED (ret=-17)
> Jan 21 09:06:22 localhost pluto[3784]: ike_alg_register_enc(): WARNING:
> enc alg=0 not found in constants.c:oakley_enc_names
> Jan 21 09:06:22 localhost pluto[3784]: ike_alg_add(): ERROR: Algorithm
> already exists
> Jan 21 09:06:22 localhost pluto[3784]: ike_alg_register_enc():
> Activating <NULL>: FAILED (ret=-17)
> Jan 21 09:06:22 localhost pluto[3784]: ike_alg_register_enc(): WARNING:
> enc alg=0 not found in constants.c:oakley_enc_names
> Jan 21 09:06:22 localhost pluto[3784]: ike_alg_add(): ERROR: Algorithm
> already exists
> Jan 21 09:06:22 localhost pluto[3784]: ike_alg_register_enc():
> Activating <NULL>: FAILED (ret=-17)
> Jan 21 09:06:22 localhost pluto[3784]: ike_alg_register_enc(): WARNING:
> enc alg=0 not found in constants.c:oakley_enc_names
> Jan 21 09:06:22 localhost pluto[3784]: ike_alg_add(): ERROR: Algorithm
> already exists
> Jan 21 09:06:22 localhost pluto[3784]: ike_alg_register_enc():
> Activating <NULL>: FAILED (ret=-17)
> Jan 21 09:06:22 localhost pluto[3784]: Could not change to directory
> '/etc/ipsec.d/cacerts': /home/jingluo
> Jan 21 09:06:22 localhost pluto[3784]: Could not change to directory
> '/etc/ipsec.d/aacerts': /home/jingluo
> Jan 21 09:06:22 localhost pluto[3784]: Could not change to directory
> '/etc/ipsec.d/ocspcerts': /home/jingluo
> Jan 21 09:06:22 localhost pluto[3784]: Could not change to directory
> '/etc/ipsec.d/crls'
> Jan 21 09:06:22 localhost pluto[3784]: added connection description "vo"
> Jan 21 09:06:22 localhost pluto[3784]: added connection description "vodmz"
> Jan 21 09:08:35 localhost pluto[3784]: loading secrets from
> "/etc/ipsec.secrets"
> Jan 21 09:08:35 localhost pluto[3784]: loading secrets from
> "/etc/ipsec.d/ipsec.secrets"
> Jan 21 09:08:44 localhost pluto[3784]: "vo": deleting connection
> Jan 21 09:08:44 localhost pluto[3784]: added connection description "vo"
> Jan 21 09:08:52 localhost pluto[3784]: "vodmz": deleting connection
> Jan 21 09:08:52 localhost pluto[3784]: added connection description "vodmz"
> Jan 21 09:09:04 localhost pluto[3784]: forgetting secrets
> Jan 21 09:09:04 localhost pluto[3784]: loading secrets from
> "/etc/ipsec.secrets"
> Jan 21 09:09:04 localhost pluto[3784]: loading secrets from
> "/etc/ipsec.d/ipsec.secrets"
> Jan 21 09:09:08 localhost pluto[3784]: shutting down
> Jan 21 09:09:08 localhost pluto[3784]: forgetting secrets
> Jan 21 09:09:08 localhost pluto[3784]: "vodmz": deleting connection
> Jan 21 09:09:08 localhost pluto[3784]: "vo": deleting connection
> Jan 21 09:09:10 localhost pluto[4268]: Starting Pluto (Openswan Version
> 2.6.14; Vendor ID OEoSJUweaqAX) pid:4268
> Jan 21 09:09:10 localhost pluto[4268]: Setting NAT-Traversal port-4500
> floating to on
> Jan 21 09:09:10 localhost pluto[4268]: port floating activation
> criteria nat_t=1/port_float=1
> Jan 21 09:09:10 localhost pluto[4268]: including NAT-Traversal patch
> (Version 0.6c)
> Jan 21 09:09:10 localhost pluto[4268]: using /dev/urandom as source of
> random entropy
> Jan 21 09:09:10 localhost pluto[4268]: ike_alg_register_enc():
> Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
> Jan 21 09:09:10 localhost pluto[4268]: ike_alg_register_enc():
> Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
> Jan 21 09:09:10 localhost pluto[4268]: ike_alg_register_enc():
> Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
> Jan 21 09:09:10 localhost pluto[4268]: ike_alg_register_enc():
> Activating OAKLEY_AES_CBC: Ok (ret=0)
> Jan 21 09:09:10 localhost pluto[4268]: ike_alg_register_enc():
> Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
> Jan 21 09:09:10 localhost pluto[4268]: ike_alg_register_hash():
> Activating OAKLEY_SHA2_512: Ok (ret=0)
> Jan 21 09:09:10 localhost pluto[4268]: ike_alg_register_hash():
> Activating OAKLEY_SHA2_256: Ok (ret=0)
> Jan 21 09:09:10 localhost pluto[4268]: starting up 1 cryptographic helpers
> Jan 21 09:09:10 localhost pluto[4268]: started helper pid=4271 (fd:7)
> Jan 21 09:09:10 localhost pluto[4268]: Using Linux 2.6 IPsec interface
> code on 2.6.27.5-41.fc9.i686 (experimental code)
> Jan 21 09:09:10 localhost pluto[4271]: using /dev/urandom as source of
> random entropy
> Jan 21 09:09:10 localhost pluto[4268]: ike_alg_register_enc(): WARNING:
> enc alg=0 not found in constants.c:oakley_enc_names
> Jan 21 09:09:10 localhost pluto[4268]: ike_alg_register_enc():
> Activating <NULL>: Ok (ret=0)
> Jan 21 09:09:10 localhost pluto[4268]: ike_alg_register_enc(): WARNING:
> enc alg=0 not found in constants.c:oakley_enc_names
> Jan 21 09:09:10 localhost pluto[4268]: ike_alg_add(): ERROR: Algorithm
> already exists
> Jan 21 09:09:10 localhost pluto[4268]: ike_alg_register_enc():
> Activating <NULL>: FAILED (ret=-17)
> Jan 21 09:09:10 localhost pluto[4268]: ike_alg_register_enc(): WARNING:
> enc alg=0 not found in constants.c:oakley_enc_names
> Jan 21 09:09:10 localhost pluto[4268]: ike_alg_add(): ERROR: Algorithm
> already exists
> Jan 21 09:09:10 localhost pluto[4268]: ike_alg_register_enc():
> Activating <NULL>: FAILED (ret=-17)
> Jan 21 09:09:10 localhost pluto[4268]: ike_alg_register_enc(): WARNING:
> enc alg=0 not found in constants.c:oakley_enc_names
> Jan 21 09:09:10 localhost pluto[4268]: ike_alg_add(): ERROR: Algorithm
> already exists
> Jan 21 09:09:10 localhost pluto[4268]: ike_alg_register_enc():
> Activating <NULL>: FAILED (ret=-17)
> Jan 21 09:09:10 localhost pluto[4268]: ike_alg_register_enc(): WARNING:
> enc alg=0 not found in constants.c:oakley_enc_names
> Jan 21 09:09:10 localhost pluto[4268]: ike_alg_add(): ERROR: Algorithm
> already exists
> Jan 21 09:09:10 localhost pluto[4268]: ike_alg_register_enc():
> Activating <NULL>: FAILED (ret=-17)
> Jan 21 09:09:10 localhost pluto[4268]: ike_alg_register_enc(): WARNING:
> enc alg=0 not found in constants.c:oakley_enc_names
> Jan 21 09:09:10 localhost pluto[4268]: ike_alg_add(): ERROR: Algorithm
> already exists
> Jan 21 09:09:10 localhost pluto[4268]: ike_alg_register_enc():
> Activating <NULL>: FAILED (ret=-17)
> Jan 21 09:09:10 localhost pluto[4268]: Could not change to directory
> '/etc/ipsec.d/cacerts': /home/jingluo
> Jan 21 09:09:10 localhost pluto[4268]: Could not change to directory
> '/etc/ipsec.d/aacerts': /home/jingluo
> Jan 21 09:09:10 localhost pluto[4268]: Could not change to directory
> '/etc/ipsec.d/ocspcerts': /home/jingluo
> Jan 21 09:09:10 localhost pluto[4268]: Could not change to directory
> '/etc/ipsec.d/crls'
> Jan 21 09:09:10 localhost pluto[4268]: added connection description "vo"
> Jan 21 09:09:10 localhost pluto[4268]: added connection description "vodmz"
> Jan 21 09:09:57 localhost pluto[4268]: shutting down
> Jan 21 09:09:57 localhost pluto[4268]: "vodmz": deleting connection
> Jan 21 09:09:57 localhost pluto[4268]: "vo": deleting connection
> Jan 21 09:10:00 localhost pluto[4647]: Starting Pluto (Openswan Version
> 2.6.14; Vendor ID OEoSJUweaqAX) pid:4647
> Jan 21 09:10:00 localhost pluto[4647]: Setting NAT-Traversal port-4500
> floating to on
> Jan 21 09:10:00 localhost pluto[4647]: port floating activation
> criteria nat_t=1/port_float=1
> Jan 21 09:10:00 localhost pluto[4647]: including NAT-Traversal patch
> (Version 0.6c)
> Jan 21 09:10:00 localhost pluto[4647]: using /dev/urandom as source of
> random entropy
> Jan 21 09:10:00 localhost pluto[4647]: ike_alg_register_enc():
> Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
> Jan 21 09:10:00 localhost pluto[4647]: ike_alg_register_enc():
> Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
> Jan 21 09:10:00 localhost pluto[4647]: ike_alg_register_enc():
> Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
> Jan 21 09:10:00 localhost pluto[4647]: ike_alg_register_enc():
> Activating OAKLEY_AES_CBC: Ok (ret=0)
> Jan 21 09:10:00 localhost pluto[4647]: ike_alg_register_enc():
> Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
> Jan 21 09:10:00 localhost pluto[4647]: ike_alg_register_hash():
> Activating OAKLEY_SHA2_512: Ok (ret=0)
> Jan 21 09:10:00 localhost pluto[4647]: ike_alg_register_hash():
> Activating OAKLEY_SHA2_256: Ok (ret=0)
> Jan 21 09:10:00 localhost pluto[4647]: starting up 1 cryptographic helpers
> Jan 21 09:10:00 localhost pluto[4647]: started helper pid=4648 (fd:7)
> Jan 21 09:10:00 localhost pluto[4647]: Using Linux 2.6 IPsec interface
> code on 2.6.27.5-41.fc9.i686 (experimental code)
> Jan 21 09:10:00 localhost pluto[4648]: using /dev/urandom as source of
> random entropy
> Jan 21 09:10:00 localhost pluto[4647]: ike_alg_register_enc(): WARNING:
> enc alg=0 not found in constants.c:oakley_enc_names
> Jan 21 09:10:00 localhost pluto[4647]: ike_alg_register_enc():
> Activating <NULL>: Ok (ret=0)
> Jan 21 09:10:00 localhost pluto[4647]: ike_alg_register_enc(): WARNING:
> enc alg=0 not found in constants.c:oakley_enc_names
> Jan 21 09:10:00 localhost pluto[4647]: ike_alg_add(): ERROR: Algorithm
> already exists
> Jan 21 09:10:00 localhost pluto[4647]: ike_alg_register_enc():
> Activating <NULL>: FAILED (ret=-17)
> Jan 21 09:10:00 localhost pluto[4647]: ike_alg_register_enc(): WARNING:
> enc alg=0 not found in constants.c:oakley_enc_names
> Jan 21 09:10:00 localhost pluto[4647]: ike_alg_add(): ERROR: Algorithm
> already exists
> Jan 21 09:10:00 localhost pluto[4647]: ike_alg_register_enc():
> Activating <NULL>: FAILED (ret=-17)
> Jan 21 09:10:00 localhost pluto[4647]: ike_alg_register_enc(): WARNING:
> enc alg=0 not found in constants.c:oakley_enc_names
> Jan 21 09:10:00 localhost pluto[4647]: ike_alg_add(): ERROR: Algorithm
> already exists
> Jan 21 09:10:00 localhost pluto[4647]: ike_alg_register_enc():
> Activating <NULL>: FAILED (ret=-17)
> Jan 21 09:10:00 localhost pluto[4647]: ike_alg_register_enc(): WARNING:
> enc alg=0 not found in constants.c:oakley_enc_names
> Jan 21 09:10:00 localhost pluto[4647]: ike_alg_add(): ERROR: Algorithm
> already exists
> Jan 21 09:10:00 localhost pluto[4647]: ike_alg_register_enc():
> Activating <NULL>: FAILED (ret=-17)
> Jan 21 09:10:00 localhost pluto[4647]: ike_alg_register_enc(): WARNING:
> enc alg=0 not found in constants.c:oakley_enc_names
> Jan 21 09:10:00 localhost pluto[4647]: ike_alg_add(): ERROR: Algorithm
> already exists
> Jan 21 09:10:00 localhost pluto[4647]: ike_alg_register_enc():
> Activating <NULL>: FAILED (ret=-17)
> Jan 21 09:10:00 localhost pluto[4647]: Could not change to directory
> '/etc/ipsec.d/cacerts': /home/jingluo
> Jan 21 09:10:00 localhost pluto[4647]: Could not change to directory
> '/etc/ipsec.d/aacerts': /home/jingluo
> Jan 21 09:10:00 localhost pluto[4647]: Could not change to directory
> '/etc/ipsec.d/ocspcerts': /home/jingluo
> Jan 21 09:10:00 localhost pluto[4647]: Could not change to directory
> '/etc/ipsec.d/crls'
> Jan 21 09:10:00 localhost pluto[4647]: added connection description "vo"
> Jan 21 09:10:00 localhost pluto[4647]: added connection description "vodmz"
> + _________________________ date
> + date
> Wed Jan 21 09:12:55 EST 2009
>
>
> ------------------------------------------------------------------------
>
> Subject:
> barf
> From:
> Jing Luo <jing.luo at steeprockinc.com>
> Date:
> Wed, 21 Jan 2009 09:13:41 -0500 (EST)
> To:
> Chris Garrigues <chris.garrigues at steeprockinc.com>
>
> To:
> Chris Garrigues <chris.garrigues at steeprockinc.com>
>
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list