[Openswan Users] OpenSWAN to SonicWALL problems

Chris Garrigues chris_garrigues at steeprockinc.com
Mon Jan 26 09:48:21 EST 2009


Peter McGill wrote:
> Chris,
>
> It appears that you still have opportunistic encryption on.
> > + ipsec verify
> > Opportunistic Encryption DNS checks:
> >    Looking for TXT in forward dns zone: localhost.localdomain  
> [MISSING]
> >    Does the machine have at least one non-private address?     
> [FAILED]
>
> I don't see anywhere that you've turned opportunistic encryption off.
> ipsec.conf:
> config setup
>     oe=off # Openswan 2.6.x only
>
> or
>
> include /etc/ipsec.d/examples/no_oe.conf
Apparently that wasn't enough.  We must have something else wrong as well.

Here's the latest barf:

localhost.localdomain
Mon Jan 26 09:41:08 EST 2009
+ _________________________ version
+ ipsec --version
Linux Openswan U2.6.14/K2.6.27.5-41.fc9.i686 (netkey)
See `ipsec --copyright' for copyright information.
+ _________________________ /proc/version
+ cat /proc/version
Linux version 2.6.27.5-41.fc9.i686 (mockbuild@) (gcc version 4.3.0
20080428 (Red Hat 4.3.0-8) (GCC) ) #1 SMP Thu Nov 13 20:52:14 EST 2008
+ _________________________ /proc/net/ipsec_eroute
+ test -r /proc/net/ipsec_eroute
+ _________________________ netstat-rn
+ netstat -nr
+ head -n 100
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt
Iface
192.168.15.0    0.0.0.0         255.255.255.0   U         0 0          0
eth0
0.0.0.0         192.168.15.1    0.0.0.0         UG        0 0          0
eth0
+ _________________________ /proc/net/ipsec_spi
+ test -r /proc/net/ipsec_spi
+ _________________________ /proc/net/ipsec_spigrp
+ test -r /proc/net/ipsec_spigrp
+ _________________________ /proc/net/ipsec_tncfg
+ test -r /proc/net/ipsec_tncfg
+ _________________________ /proc/net/pfkey
+ test -r /proc/net/pfkey
+ cat /proc/net/pfkey
sk       RefCnt Rmem   Wmem   User   Inode
+ _________________________ ip-xfrm-state
+ ip xfrm state
+ _________________________ ip-xfrm-policy
+ ip xfrm policy
+ _________________________ /proc/crypto
+ test -r /proc/crypto
+ cat /proc/crypto
name         : deflate
driver       : deflate-generic
module       : deflate
priority     : 0
refcnt       : 1
type         : compression

name         : rfc3686(ctr(aes))
driver       : rfc3686(ctr(aes-asm))
module       : ctr
priority     : 200
refcnt       : 1
type         : blkcipher
blocksize    : 1
min keysize  : 20
max keysize  : 36
ivsize       : 8
geniv        : seqiv

name         : ctr(aes)
driver       : ctr(aes-asm)
module       : ctr
priority     : 200
refcnt       : 1
type         : blkcipher
blocksize    : 1
min keysize  : 16
max keysize  : 32
ivsize       : 16
geniv        : <default>

name         : cbc(twofish)
driver       : cbc(twofish-generic)
module       : cbc
priority     : 100
refcnt       : 1
type         : blkcipher
blocksize    : 16
min keysize  : 16
max keysize  : 32
ivsize       : 16
geniv        : <default>

name         : cbc(camellia)
driver       : cbc(camellia-generic)
module       : cbc
priority     : 100
refcnt       : 1
type         : blkcipher
blocksize    : 16
min keysize  : 16
max keysize  : 32
ivsize       : 16
geniv        : <default>

name         : camellia
driver       : camellia-generic
module       : camellia
priority     : 100
refcnt       : 1
type         : cipher
blocksize    : 16
min keysize  : 16
max keysize  : 32

name         : cbc(serpent)
driver       : cbc(serpent-generic)
module       : cbc
priority     : 0
refcnt       : 1
type         : blkcipher
blocksize    : 16
min keysize  : 0
max keysize  : 32
ivsize       : 16
geniv        : <default>

name         : cbc(aes)
driver       : cbc(aes-asm)
module       : cbc
priority     : 200
refcnt       : 1
type         : blkcipher
blocksize    : 16
min keysize  : 16
max keysize  : 32
ivsize       : 16
geniv        : <default>

name         : cbc(blowfish)
driver       : cbc(blowfish-generic)
module       : cbc
priority     : 0
refcnt       : 1
type         : blkcipher
blocksize    : 8
min keysize  : 4
max keysize  : 56
ivsize       : 8
geniv        : <default>

name         : cbc(des3_ede)
driver       : cbc(des3_ede-generic)
module       : cbc
priority     : 0
refcnt       : 1
type         : blkcipher
blocksize    : 8
min keysize  : 24
max keysize  : 24
ivsize       : 8
geniv        : <default>

name         : cbc(des)
driver       : cbc(des-generic)
module       : cbc
priority     : 0
refcnt       : 1
type         : blkcipher
blocksize    : 8
min keysize  : 8
max keysize  : 8
ivsize       : 8
geniv        : <default>

name         : xcbc(aes)
driver       : xcbc(aes-asm)
module       : xcbc
priority     : 200
refcnt       : 1
type         : hash
blocksize    : 16
digestsize   : 16

name         : hmac(rmd160)
driver       : hmac(rmd160)
module       : kernel
priority     : 0
refcnt       : 1
type         : hash
blocksize    : 64
digestsize   : 20

name         : rmd160
driver       : rmd160
module       : rmd160
priority     : 0
refcnt       : 1
type         : digest
blocksize    : 64
digestsize   : 20

name         : hmac(sha256)
driver       : hmac(sha256-generic)
module       : kernel
priority     : 0
refcnt       : 1
type         : hash
blocksize    : 64
digestsize   : 32

name         : hmac(sha1)
driver       : hmac(sha1-generic)
module       : kernel
priority     : 0
refcnt       : 1
type         : hash
blocksize    : 64
digestsize   : 20

name         : hmac(md5)
driver       : hmac(md5-generic)
module       : kernel
priority     : 0
refcnt       : 1
type         : hash
blocksize    : 64
digestsize   : 16

name         : compress_null
driver       : compress_null-generic
module       : crypto_null
priority     : 0
refcnt       : 1
type         : compression

name         : digest_null
driver       : digest_null-generic
module       : crypto_null
priority     : 0
refcnt       : 1
type         : digest
blocksize    : 1
digestsize   : 0

name         : ecb(cipher_null)
driver       : ecb-cipher_null
module       : crypto_null
priority     : 100
refcnt       : 1
type         : blkcipher
blocksize    : 1
min keysize  : 0
max keysize  : 0
ivsize       : 0
geniv        : <default>

name         : cipher_null
driver       : cipher_null-generic
module       : crypto_null
priority     : 0
refcnt       : 1
type         : cipher
blocksize    : 1
min keysize  : 0
max keysize  : 0

name         : tnepres
driver       : tnepres-generic
module       : serpent
priority     : 0
refcnt       : 1
type         : cipher
blocksize    : 16
min keysize  : 0
max keysize  : 32

name         : serpent
driver       : serpent-generic
module       : serpent
priority     : 0
refcnt       : 1
type         : cipher
blocksize    : 16
min keysize  : 0
max keysize  : 32

name         : blowfish
driver       : blowfish-generic
module       : blowfish
priority     : 0
refcnt       : 1
type         : cipher
blocksize    : 8
min keysize  : 4
max keysize  : 56

name         : twofish
driver       : twofish-generic
module       : twofish
priority     : 100
refcnt       : 1
type         : cipher
blocksize    : 16
min keysize  : 16
max keysize  : 32

name         : sha256
driver       : sha256-generic
module       : sha256_generic
priority     : 0
refcnt       : 1
type         : digest
blocksize    : 64
digestsize   : 32

name         : sha224
driver       : sha224-generic
module       : sha256_generic
priority     : 0
refcnt       : 1
type         : digest
blocksize    : 64
digestsize   : 28

name         : sha512
driver       : sha512-generic
module       : sha512_generic
priority     : 0
refcnt       : 1
type         : digest
blocksize    : 128
digestsize   : 64

name         : sha384
driver       : sha384-generic
module       : sha512_generic
priority     : 0
refcnt       : 1
type         : digest
blocksize    : 128
digestsize   : 48

name         : des3_ede
driver       : des3_ede-generic
module       : des_generic
priority     : 0
refcnt       : 1
type         : cipher
blocksize    : 8
min keysize  : 24
max keysize  : 24

name         : des
driver       : des-generic
module       : des_generic
priority     : 0
refcnt       : 1
type         : cipher
blocksize    : 8
min keysize  : 8
max keysize  : 8

name         : aes
driver       : aes-asm
module       : aes_i586
priority     : 200
refcnt       : 1
type         : cipher
blocksize    : 16
min keysize  : 16
max keysize  : 32

name         : aes
driver       : aes-generic
module       : aes_generic
priority     : 100
refcnt       : 1
type         : cipher
blocksize    : 16
min keysize  : 16
max keysize  : 32

name         : sha1
driver       : sha1-generic
module       : kernel
priority     : 0
refcnt       : 1
type         : digest
blocksize    : 64
digestsize   : 20

name         : md5
driver       : md5-generic
module       : kernel
priority     : 0
refcnt       : 1
type         : digest
blocksize    : 64
digestsize   : 16

+ __________________________/proc/sys/net/core/xfrm-star
/usr/libexec/ipsec/barf: line 191:
__________________________/proc/sys/net/core/xfrm-star: No such file or
directory
+ for i in '/proc/sys/net/core/xfrm_*'
+ echo -n '/proc/sys/net/core/xfrm_acq_expires: '
/proc/sys/net/core/xfrm_acq_expires: + cat
/proc/sys/net/core/xfrm_acq_expires
30
+ for i in '/proc/sys/net/core/xfrm_*'
+ echo -n '/proc/sys/net/core/xfrm_aevent_etime: '
/proc/sys/net/core/xfrm_aevent_etime: + cat
/proc/sys/net/core/xfrm_aevent_etime
10
+ for i in '/proc/sys/net/core/xfrm_*'
+ echo -n '/proc/sys/net/core/xfrm_aevent_rseqth: '
/proc/sys/net/core/xfrm_aevent_rseqth: + cat
/proc/sys/net/core/xfrm_aevent_rseqth
2
+ for i in '/proc/sys/net/core/xfrm_*'
+ echo -n '/proc/sys/net/core/xfrm_larval_drop: '
/proc/sys/net/core/xfrm_larval_drop: + cat
/proc/sys/net/core/xfrm_larval_drop
0
+ _________________________ /proc/sys/net/ipsec-star
+ test -d /proc/sys/net/ipsec
+ _________________________ ipsec/status
+ ipsec auto --status
000 using kernel interface: netkey
000 %myid = (none)
000 debug none
000 
000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64,
keysizemax=64
000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192,
keysizemax=192
000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8,
keysizemin=40, keysizemax=448
000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0,
keysizemax=0
000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128,
keysizemax=256
000 algorithm ESP encrypt: id=13, name=ESP_AES_CTR, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=14, name=ESP_AES_CCM_A, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=15, name=ESP_AES_CCM_B, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=16, name=ESP_AES_CCM_C, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=18, name=ESP_AES_GCM_A, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=19, name=ESP_AES_GCM_B, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=20, name=ESP_AES_GCM_C, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=22, name=ESP_CAMELLIA, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5,
keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1,
keysizemin=160, keysizemax=160
000 algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256,
keysizemin=256, keysizemax=256
000 algorithm ESP auth attr: id=8, name=AUTH_ALGORITHM_HMAC_RIPEMD,
keysizemin=160, keysizemax=160
000 algorithm ESP auth attr: id=9, name=AUTH_ALGORITHM_AES_CBC,
keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=251, name=(null), keysizemin=0, keysizemax=0
000 
000 algorithm IKE encrypt: id=0, name=(null), blocksize=16, keydeflen=131
000 algorithm IKE encrypt: id=3, name=OAKLEY_BLOWFISH_CBC, blocksize=8,
keydeflen=128
000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8,
keydeflen=192
000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16,
keydeflen=128
000 algorithm IKE encrypt: id=65004, name=OAKLEY_SERPENT_CBC,
blocksize=16, keydeflen=128
000 algorithm IKE encrypt: id=65005, name=OAKLEY_TWOFISH_CBC,
blocksize=16, keydeflen=128
000 algorithm IKE encrypt: id=65289, name=OAKLEY_TWOFISH_CBC_SSH,
blocksize=16, keydeflen=128
000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20
000 algorithm IKE hash: id=4, name=OAKLEY_SHA2_256, hashsize=32
000 algorithm IKE hash: id=6, name=OAKLEY_SHA2_512, hashsize=64
000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
000 
000 stats db_ops: {curr_cnt, total_cnt, maxsz} :context={0,0,0}
trans={0,0,0} attrs={0,0,0}
000 
000 "vo":
192.168.10.0/24===67.220.126.196<67.220.126.196>[@vo,+S=C]...0.0.0.0---%any[@jingluo,+S=C]===192.168.200.56/32;
unrouted; eroute owner: #0
000 "vo":     myip=unset; hisip=192.168.200.56;
000 "vo":   ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s;
rekey_fuzz: 100%; keyingtries: 0
000 "vo":   policy: PSK+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW+lKOD+rKOD; prio:
24,32; interface: ;
000 "vo":   newest ISAKMP SA: #0; newest IPsec SA: #0;
000 "vo":   IKE algorithms wanted: AES_CBC(7)_256-SHA1(2)-MODP1536(5),
AES_CBC(7)_256-SHA1(2)-MODP1024(2); flags=-strict
000 "vo":   IKE algorithms found:  AES_CBC(7)_256-SHA1(2)_160-5,
AES_CBC(7)_256-SHA1(2)_160-2,
000 "vo":   ESP algorithms wanted: AES(12)_256-SHA1(2); flags=-strict
000 "vo":   ESP algorithms loaded: AES(12)_256-SHA1(2)_160
000 "vodmz":
192.168.8.0/24===67.220.126.196<67.220.126.196>[@vo,+S=C]...0.0.0.0---%any[@jingluo,+S=C]===192.168.200.56/32;
unrouted; eroute owner: #0
000 "vodmz":     myip=unset; hisip=192.168.200.56;
000 "vodmz":   ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s;
rekey_fuzz: 100%; keyingtries: 0
000 "vodmz":   policy: PSK+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW+lKOD+rKOD;
prio: 24,32; interface: ;
000 "vodmz":   newest ISAKMP SA: #0; newest IPsec SA: #0;
000 "vodmz":   IKE algorithms wanted:
AES_CBC(7)_256-SHA1(2)-MODP1536(5), AES_CBC(7)_256-SHA1(2)-MODP1024(2);
flags=-strict
000 "vodmz":   IKE algorithms found:  AES_CBC(7)_256-SHA1(2)_160-5,
AES_CBC(7)_256-SHA1(2)_160-2,
000 "vodmz":   ESP algorithms wanted: AES(12)_256-SHA1(2); flags=-strict
000 "vodmz":   ESP algorithms loaded: AES(12)_256-SHA1(2)_160
000 
000 
+ _________________________ ifconfig-a
+ ifconfig -a
eth0      Link encap:Ethernet  HWaddr 00:1A:A0:49:D6:F0 
          inet addr:192.168.15.3  Bcast:192.168.15.255  Mask:255.255.255.0
          inet6 addr: fe80::21a:a0ff:fe49:d6f0/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:437205 errors:0 dropped:0 overruns:0 frame:0
          TX packets:382402 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:392714376 (374.5 MiB)  TX bytes:73748413 (70.3 MiB)
          Interrupt:16

lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:8706 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8706 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:452185 (441.5 KiB)  TX bytes:452185 (441.5 KiB)

pan0      Link encap:Ethernet  HWaddr 42:44:14:66:91:88 
          BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

+ _________________________ ip-addr-list
+ ip addr list
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UP qlen 1000
    link/ether 00:1a:a0:49:d6:f0 brd ff:ff:ff:ff:ff:ff
    inet 192.168.15.3/24 brd 192.168.15.255 scope global eth0
    inet6 fe80::21a:a0ff:fe49:d6f0/64 scope link
       valid_lft forever preferred_lft forever
3: pan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN
    link/ether 42:44:14:66:91:88 brd ff:ff:ff:ff:ff:ff
+ _________________________ ip-route-list
+ ip route list
192.168.15.0/24 dev eth0  proto kernel  scope link  src 192.168.15.3
default via 192.168.15.1 dev eth0  proto static
+ _________________________ ip-rule-list
+ ip rule list
0:    from all lookup local
32766:    from all lookup main
32767:    from all lookup default
+ _________________________ ipsec_verify
+ ipsec verify --nocolour
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                                 [OK]
Linux Openswan U2.6.14/K2.6.27.5-41.fc9.i686 (netkey)
Checking for IPsec support in kernel                            [OK]
NETKEY detected, testing for disabled ICMP send_redirects       [FAILED]

  Please disable /proc/sys/net/ipv4/conf/*/send_redirects
  or NETKEY will cause the sending of bogus ICMP redirects!

NETKEY detected, testing for disabled ICMP accept_redirects     [FAILED]

  Please disable /proc/sys/net/ipv4/conf/*/accept_redirects
  or NETKEY will accept bogus ICMP redirects!

Checking for RSA private key (/etc/ipsec.secrets)               [OK]
Checking that pluto is running                                  [OK]
Pluto not listening on port udp 500. Check interfaces defintion in
ipsec.conf.Two or more interfaces found, checking IP forwarding       
    [FAILED]
Checking for 'ip' command                                       [OK]
Checking for 'iptables' command                                 [OK]
Opportunistic Encryption Support                                [DISABLED]
+ _________________________ mii-tool
+ '[' -x /sbin/mii-tool ']'
+ /sbin/mii-tool -v
eth0: negotiated 100baseTx-FD, link ok
  product info: vendor 00:50:ef, model 14 rev 0
  basic mode:   autonegotiation enabled
  basic status: autonegotiation complete, link ok
  capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
  advertising:  100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
  link partner: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
+ _________________________ ipsec/directory
+ ipsec --directory
/usr/libexec/ipsec
+ _________________________ hostname/fqdn
+ hostname --fqdn
localhost.localdomain
+ _________________________ hostname/ipaddress
+ hostname --ip-address
127.0.0.1
+ _________________________ uptime
+ uptime
 09:41:09 up 5 days, 41 min, 11 users,  load average: 0.51, 0.43, 0.22
+ _________________________ ps
+ ps alxwf
+ egrep -i 'ppid|pluto|ipsec|klips'
F   UID   PID  PPID PRI  NI    VSZ   RSS WCHAN  STAT TTY        TIME COMMAND
4     0 22375 20683  20   0   5668  1136 wait   S+   pts/10    
0:00              \_ /bin/sh /usr/libexec/ipsec/barf
0     0 22455 22375  20   0   2044   504 pipe_w S+   pts/10    
0:00                  \_ egrep -i ppid|pluto|ipsec|klips
1     0 22265     1  20   0   2668   416 wait   S    pts/10     0:00
/bin/sh /usr/libexec/ipsec/_plutorun --debug  --uniqueids no
--force_busy no --nocrsend no --strictcrlpolicy  --nat_traversal yes
--keep_alive  --protostack netkey --force_keepalive 
--disable_port_floating  --virtual_private  --crlcheckinterval 0
--ocspuri  --nhelpers  --dump  --opts  --stderrlog  --wait no --pre 
--post  --log daemon.error --plutorestartoncrash false --pid
/var/run/pluto/pluto.pid
1     0 22266 22265  20   0   2668   548 wait   S    pts/10     0:00  \_
/bin/sh /usr/libexec/ipsec/_plutorun --debug  --uniqueids no
--force_busy no --nocrsend no --strictcrlpolicy  --nat_traversal yes
--keep_alive  --protostack netkey --force_keepalive 
--disable_port_floating  --virtual_private  --crlcheckinterval 0
--ocspuri  --nhelpers  --dump  --opts  --stderrlog  --wait no --pre 
--post  --log daemon.error --plutorestartoncrash false --pid
/var/run/pluto/pluto.pid
4     0 22267 22266  20   0   3260  1152 select S    pts/10     0:00 
|   \_ /usr/libexec/ipsec/pluto --nofork --secretsfile
/etc/ipsec.secrets --use-netkey --nat_traversal
1     0 22268 22267  30  10   3268   580 unix_s SN   pts/10     0:00 
|       \_ pluto helper  # 
0                                                                            

0     0 22308 22267  20   0   1756   296 select S    pts/10     0:00 
|       \_ _pluto_adns
0     0 22270 22265  20   0   2668   968 pipe_w S    pts/10     0:00  \_
/bin/sh /usr/libexec/ipsec/_plutoload --wait no --post
0     0 22269     1  20   0   1808   504 pipe_w S    pts/10     0:00
logger -s -p daemon.error -t ipsec__plutorun
+ _________________________ ipsec/showdefaults
+ ipsec showdefaults
ipsec showdefaults: cannot find defaults file `/var/run/pluto/ipsec.info'
+ _________________________ ipsec/conf
+ ipsec _keycensor
+ ipsec _include /etc/ipsec.conf

#< /etc/ipsec.conf 1
# /etc/ipsec.conf - Openswan IPsec configuration file
#
# Manual:     ipsec.conf.5
#
# Please place your own config files in /etc/ipsec.d/ ending in .conf

version    2.0    # conforms to second version of ipsec.conf specification

# basic configuration
config setup
    # Debug-logging controls:  "none" for (almost) none, "all" for lots.
    # klipsdebug=none
    # plutodebug="control parsing"
    # For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
    protostack=netkey
    nat_traversal=yes


#< /etc/ipsec.d/ipsec.conf 1
conn vo
    also=vocommon
    rightsubnet=192.168.10.0/24
    auto=start

conn vodmz
    also=vocommon
    rightsubnet=192.168.8.0/24
    auto=start

conn vocommon
    type=tunnel
    left=%defaultroute
    leftid=@jingluo
    leftsourceip=192.168.200.56
    leftsubnet=192.168.200.56/32
    rightid=@vo
    right=67.220.126.196
    keyingtries=0
    pfs=yes
    authby=secret
    auth=esp
    ike=aes256-sha1
    esp=aes256-sha1
    keyexchange=ike

conn block
    auto=ignore

conn private
    auto=ignore

conn private-or-clear
    auto=ignore

conn clear-or-private
    auto=ignore

conn clear
    auto=ignore

conn packetdefault
    auto=ignore

#> /etc/ipsec.conf 19
+ _________________________ ipsec/secrets
+ ipsec _include /etc/ipsec.secrets
+ ipsec _secretcensor

#< /etc/ipsec.secrets 1

#< /etc/ipsec.d/ipsec.secrets 1
@jingluo @vo : PSK "[sums to 3db3...]"

#> /etc/ipsec.secrets 2
+ _________________________ ipsec/listall
+ ipsec auto --listall
000 
000 List of Public Keys:
000 
000 List of Pre-shared secrets (from /etc/ipsec.secrets)
+ '[' /etc/ipsec.d/policies ']'
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/block
+ base=block
+ _________________________ ipsec/policies/block
+ cat /etc/ipsec.d/policies/block
# This file defines the set of CIDRs (network/mask-length) to which
# communication should never be allowed.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: block.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#

+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/clear
+ base=clear
+ _________________________ ipsec/policies/clear
+ cat /etc/ipsec.d/policies/clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be in the clear.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#

# root name servers should be in the clear
192.58.128.30/32
198.41.0.4/32
192.228.79.201/32
192.33.4.12/32
128.8.10.90/32
192.203.230.10/32
192.5.5.241/32
192.112.36.4/32
128.63.2.53/32
192.36.148.17/32
193.0.14.129/32
199.7.83.42/32
202.12.27.33/32
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/clear-or-private
+ base=clear-or-private
+ _________________________ ipsec/policies/clear-or-private
+ cat /etc/ipsec.d/policies/clear-or-private
# This file defines the set of CIDRs (network/mask-length) to which
# we will communicate in the clear, or, if the other side initiates IPSEC,
# using encryption.  This behaviour is also called "Opportunistic
Responder".
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: clear-or-private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/private
+ base=private
+ _________________________ ipsec/policies/private
+ cat /etc/ipsec.d/policies/private
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be private (i.e. encrypted).
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/private-or-clear
+ base=private-or-clear
+ _________________________ ipsec/policies/private-or-clear
+ cat /etc/ipsec.d/policies/private-or-clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should be private, if possible, but in the clear otherwise.
#
# If the target has a TXT (later IPSECKEY) record that specifies
# authentication material, we will require private (i.e. encrypted)
# communications.  If no such record is found, communications will be
# in the clear.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: private-or-clear.in,v 1.5 2003/02/17 02:22:15 mcr Exp $
#

0.0.0.0/0
+ _________________________ ipsec/ls-libdir
+ ls -l /usr/libexec/ipsec
total 2256
-rwxr-xr-x 1 root root   6056 Jun  6  2008 _copyright
-rwxr-xr-x 1 root root   2379 Jun  6  2008 _include
-rwxr-xr-x 1 root root   1475 Jun  6  2008 _keycensor
-rwxr-xr-x 1 root root  10088 Jun  6  2008 _pluto_adns
-rwxr-xr-x 1 root root   2632 Jun  6  2008 _plutoload
-rwxr-xr-x 1 root root   7602 Jun  6  2008 _plutorun
-rwxr-xr-x 1 root root  13746 Jun  6  2008 _realsetup
-rwxr-xr-x 1 root root   1975 Jun  6  2008 _secretcensor
-rwxr-xr-x 1 root root   9752 Jun  6  2008 _startklips
-rwxr-xr-x 1 root root   9752 Jun  6  2008 _startklips.old
-rwxr-xr-x 1 root root   4988 Jun  6  2008 _startnetkey
-rwxr-xr-x 1 root root   4949 Jun  6  2008 _updown
-rwxr-xr-x 1 root root  14030 Jun  6  2008 _updown.klips
-rwxr-xr-x 1 root root  14030 Jun  6  2008 _updown.klips.old
-rwxr-xr-x 1 root root  13739 Jun  6  2008 _updown.mast
-rwxr-xr-x 1 root root  13739 Jun  6  2008 _updown.mast.old
-rwxr-xr-x 1 root root   8337 Jun  6  2008 _updown.netkey
-rwxr-xr-x 1 root root 188348 Jun  6  2008 addconn
-rwxr-xr-x 1 root root   6129 Jun  6  2008 auto
-rwxr-xr-x 1 root root  10758 Jun  6  2008 barf
-rwxr-xr-x 1 root root  90088 Jun  6  2008 eroute
-rwxr-xr-x 1 root root  20708 Jun  6  2008 ikeping
-rwxr-xr-x 1 root root  69804 Jun  6  2008 klipsdebug
-rwxr-xr-x 1 root root   1836 Jun  6  2008 livetest
-rwxr-xr-x 1 root root   2591 Jun  6  2008 look
-rwxr-xr-x 1 root root   1921 Jun  6  2008 newhostkey
-rwxr-xr-x 1 root root  60840 Jun  6  2008 pf_key
-rwxr-xr-x 1 root root 957728 Jun  6  2008 pluto
-rwxr-xr-x 1 root root  10236 Jun  6  2008 ranbits
-rwxr-xr-x 1 root root  20176 Jun  6  2008 rsasigkey
-rwxr-xr-x 1 root root    766 Jun  6  2008 secrets
lrwxrwxrwx 1 root root     30 Jan 20 09:30 setup ->
../../../etc/rc.d/init.d/ipsec
-rwxr-xr-x 1 root root   1054 Jun  6  2008 showdefaults
-rwxr-xr-x 1 root root 219368 Jun  6  2008 showhostkey
-rwxr-xr-x 1 root root  22744 Jun  6  2008 showpolicy
-rwxr-xr-x 1 root root 148388 Jun  6  2008 spi
-rwxr-xr-x 1 root root  77336 Jun  6  2008 spigrp
-rwxr-xr-x 1 root root  69700 Jun  6  2008 tncfg
-rwxr-xr-x 1 root root  12526 Jun  6  2008 verify
-rwxr-xr-x 1 root root  50340 Jun  6  2008 whack
+ _________________________ ipsec/ls-execdir
+ ls -l /usr/libexec/ipsec
total 2256
-rwxr-xr-x 1 root root   6056 Jun  6  2008 _copyright
-rwxr-xr-x 1 root root   2379 Jun  6  2008 _include
-rwxr-xr-x 1 root root   1475 Jun  6  2008 _keycensor
-rwxr-xr-x 1 root root  10088 Jun  6  2008 _pluto_adns
-rwxr-xr-x 1 root root   2632 Jun  6  2008 _plutoload
-rwxr-xr-x 1 root root   7602 Jun  6  2008 _plutorun
-rwxr-xr-x 1 root root  13746 Jun  6  2008 _realsetup
-rwxr-xr-x 1 root root   1975 Jun  6  2008 _secretcensor
-rwxr-xr-x 1 root root   9752 Jun  6  2008 _startklips
-rwxr-xr-x 1 root root   9752 Jun  6  2008 _startklips.old
-rwxr-xr-x 1 root root   4988 Jun  6  2008 _startnetkey
-rwxr-xr-x 1 root root   4949 Jun  6  2008 _updown
-rwxr-xr-x 1 root root  14030 Jun  6  2008 _updown.klips
-rwxr-xr-x 1 root root  14030 Jun  6  2008 _updown.klips.old
-rwxr-xr-x 1 root root  13739 Jun  6  2008 _updown.mast
-rwxr-xr-x 1 root root  13739 Jun  6  2008 _updown.mast.old
-rwxr-xr-x 1 root root   8337 Jun  6  2008 _updown.netkey
-rwxr-xr-x 1 root root 188348 Jun  6  2008 addconn
-rwxr-xr-x 1 root root   6129 Jun  6  2008 auto
-rwxr-xr-x 1 root root  10758 Jun  6  2008 barf
-rwxr-xr-x 1 root root  90088 Jun  6  2008 eroute
-rwxr-xr-x 1 root root  20708 Jun  6  2008 ikeping
-rwxr-xr-x 1 root root  69804 Jun  6  2008 klipsdebug
-rwxr-xr-x 1 root root   1836 Jun  6  2008 livetest
-rwxr-xr-x 1 root root   2591 Jun  6  2008 look
-rwxr-xr-x 1 root root   1921 Jun  6  2008 newhostkey
-rwxr-xr-x 1 root root  60840 Jun  6  2008 pf_key
-rwxr-xr-x 1 root root 957728 Jun  6  2008 pluto
-rwxr-xr-x 1 root root  10236 Jun  6  2008 ranbits
-rwxr-xr-x 1 root root  20176 Jun  6  2008 rsasigkey
-rwxr-xr-x 1 root root    766 Jun  6  2008 secrets
lrwxrwxrwx 1 root root     30 Jan 20 09:30 setup ->
../../../etc/rc.d/init.d/ipsec
-rwxr-xr-x 1 root root   1054 Jun  6  2008 showdefaults
-rwxr-xr-x 1 root root 219368 Jun  6  2008 showhostkey
-rwxr-xr-x 1 root root  22744 Jun  6  2008 showpolicy
-rwxr-xr-x 1 root root 148388 Jun  6  2008 spi
-rwxr-xr-x 1 root root  77336 Jun  6  2008 spigrp
-rwxr-xr-x 1 root root  69700 Jun  6  2008 tncfg
-rwxr-xr-x 1 root root  12526 Jun  6  2008 verify
-rwxr-xr-x 1 root root  50340 Jun  6  2008 whack
+ _________________________ /proc/net/dev
+ cat /proc/net/dev
Inter-|   Receive                                                |  Transmit
 face |bytes    packets errs drop fifo frame compressed
multicast|bytes    packets errs drop fifo colls carrier compressed
    lo:  452185    8706    0    0    0     0          0         0  
452185    8706    0    0    0     0       0          0
  eth0:392714376  437205    0    0    0     0          0         0
73748491  382403    0    0    0     0       0          0
  pan0:       0       0    0    0    0     0          0         0       
0       0    0    0    0     0       0          0
+ _________________________ /proc/net/route
+ cat /proc/net/route
Iface    Destination    Gateway     Flags    RefCnt    Use    Metric   
Mask        MTU    Window   
IRTT                                                      
eth0    000FA8C0    00000000    0001    0    0    0    00FFFFFF    0   
0   
0                                                                              

eth0    00000000    010FA8C0    0003    0    0    0    00000000    0   
0   
0                                                                              

+ _________________________ /proc/sys/net/ipv4/ip_no_pmtu_disc
+ cat /proc/sys/net/ipv4/ip_no_pmtu_disc
0
+ _________________________ /proc/sys/net/ipv4/ip_forward
+ cat /proc/sys/net/ipv4/ip_forward
0
+ _________________________ /proc/sys/net/ipv4/tcp_ecn
+ cat /proc/sys/net/ipv4/tcp_ecn
0
+ _________________________ /proc/sys/net/ipv4/conf/star-rp_filter
+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/rp_filter default/rp_filter eth0/rp_filter lo/rp_filter
pan0/rp_filter
all/rp_filter:0
default/rp_filter:1
eth0/rp_filter:1
lo/rp_filter:1
pan0/rp_filter:1
+ _________________________ /proc/sys/net/ipv4/conf/star-star-redirects
+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/accept_redirects all/secure_redirects all/send_redirects
default/accept_redirects default/secure_redirects default/send_redirects
eth0/accept_redirects eth0/secure_redirects eth0/send_redirects
lo/accept_redirects lo/secure_redirects lo/send_redirects
pan0/accept_redirects pan0/secure_redirects pan0/send_redirects
all/accept_redirects:1
all/secure_redirects:1
all/send_redirects:1
default/accept_redirects:1
default/secure_redirects:1
default/send_redirects:1
eth0/accept_redirects:1
eth0/secure_redirects:1
eth0/send_redirects:1
lo/accept_redirects:1
lo/secure_redirects:1
lo/send_redirects:1
pan0/accept_redirects:1
pan0/secure_redirects:1
pan0/send_redirects:1
+ _________________________ /proc/sys/net/ipv4/tcp_window_scaling
+ cat /proc/sys/net/ipv4/tcp_window_scaling
1
+ _________________________ /proc/sys/net/ipv4/tcp_adv_win_scale
+ cat /proc/sys/net/ipv4/tcp_adv_win_scale
2
+ _________________________ uname-a
+ uname -a
Linux localhost.localdomain 2.6.27.5-41.fc9.i686 #1 SMP Thu Nov 13
20:52:14 EST 2008 i686 i686 i386 GNU/Linux
+ _________________________ config-built-with
+ test -r /proc/config_built_with
+ _________________________ distro-release
+ for distro in /etc/redhat-release /etc/debian-release
/etc/SuSE-release /etc/mandrake-release /etc/mandriva-release
/etc/gentoo-release
+ test -f /etc/redhat-release
+ cat /etc/redhat-release
Fedora release 9 (Sulphur)
+ for distro in /etc/redhat-release /etc/debian-release
/etc/SuSE-release /etc/mandrake-release /etc/mandriva-release
/etc/gentoo-release
+ test -f /etc/debian-release
+ for distro in /etc/redhat-release /etc/debian-release
/etc/SuSE-release /etc/mandrake-release /etc/mandriva-release
/etc/gentoo-release
+ test -f /etc/SuSE-release
+ for distro in /etc/redhat-release /etc/debian-release
/etc/SuSE-release /etc/mandrake-release /etc/mandriva-release
/etc/gentoo-release
+ test -f /etc/mandrake-release
+ for distro in /etc/redhat-release /etc/debian-release
/etc/SuSE-release /etc/mandrake-release /etc/mandriva-release
/etc/gentoo-release
+ test -f /etc/mandriva-release
+ for distro in /etc/redhat-release /etc/debian-release
/etc/SuSE-release /etc/mandrake-release /etc/mandriva-release
/etc/gentoo-release
+ test -f /etc/gentoo-release
+ _________________________ /proc/net/ipsec_version
+ test -r /proc/net/ipsec_version
+ test -r /proc/net/pfkey
++ uname -r
+ echo 'NETKEY (2.6.27.5-41.fc9.i686) support detected '
NETKEY (2.6.27.5-41.fc9.i686) support detected
+ _________________________ iptables
+ test -r /sbin/iptables
+ iptables -L -v -n
+ _________________________ iptables-nat
+ iptables -t nat -L -v -n
+ _________________________ iptables-mangle
+ iptables -t mangle -L -v -n
+ _________________________ /proc/modules
+ test -f /proc/modules
+ cat /proc/modules
ipcomp6 6912 0 - Live 0xfacdb000
ipcomp 6656 0 - Live 0xfac54000
ah6 9216 0 - Live 0xfad76000
ah4 8320 0 - Live 0xfacd3000
esp6 9472 0 - Live 0xfaccf000
esp4 9472 0 - Live 0xfaccb000
xfrm4_mode_beet 6400 0 - Live 0xfacbc000
xfrm4_tunnel 6272 0 - Live 0xfacb9000
xfrm4_mode_tunnel 6272 0 - Live 0xfacb6000
xfrm4_mode_transport 5760 0 - Live 0xfacb3000
xfrm6_mode_transport 5760 0 - Live 0xfac86000
xfrm6_mode_ro 5632 0 - Live 0xfac83000
xfrm6_mode_beet 6144 0 - Live 0xfac80000
xfrm6_mode_tunnel 6144 0 - Live 0xfac7d000
af_key 30356 0 - Live 0xfac66000
iptable_mangle 6656 0 - Live 0xfad5d000
iptable_nat 8712 0 - Live 0xfad7a000
nf_nat 17944 1 iptable_nat, Live 0xfad81000
nls_utf8 5632 1 - Live 0xfad73000
deflate 6528 0 - Live 0xfad60000
zlib_deflate 21224 1 deflate, Live 0xfad6c000
ctr 7936 0 - Live 0xfad34000
camellia 22144 0 - Live 0xfad65000
bridge 43668 0 - Live 0xfad47000
stp 6148 1 bridge, Live 0xfad37000
bnep 14848 2 - Live 0xfad2a000
rfcomm 33936 4 - Live 0xfad53000
rmd160 14720 0 - Live 0xfad2f000
l2cap 21504 16 bnep,rfcomm, Live 0xfad18000
bluetooth 48608 5 bnep,rfcomm,l2cap, Live 0xfad3a000
crypto_null 6784 0 - Live 0xfad0f000
ccm 11776 0 - Live 0xfad26000
serpent 22912 0 - Live 0xfad1f000
blowfish 12032 0 - Live 0xfacf7000
twofish 10880 0 - Live 0xfad0b000
twofish_common 17024 1 twofish, Live 0xfad12000
ecb 6528 0 - Live 0xfad08000
xcbc 8200 0 - Live 0xfad04000
cbc 7168 0 - Live 0xfacfb000
crypto_blkcipher 18052 5 ctr,crypto_null,ccm,ecb,cbc, Live 0xfacfe000
sha256_generic 16128 0 - Live 0xfacee000
sha512_generic 11904 0 - Live 0xfacf3000
des_generic 20352 0 - Live 0xfacde000
aes_i586 11648 0 - Live 0xfacbf000
aes_generic 31144 1 aes_i586, Live 0xface5000
xfrm_ipcomp 8584 2 ipcomp6,ipcomp, Live 0xfacd7000
aead 9600 3 esp6,esp4,ccm, Live 0xfacc3000
tunnel4 6792 1 xfrm4_tunnel, Live 0xfac51000
xfrm6_tunnel 9860 1 ipcomp6, Live 0xfac62000
tunnel6 6664 1 xfrm6_tunnel, Live 0xfac5f000
fuse 49436 3 - Live 0xfac6f000
sunrpc 155924 3 - Live 0xfac8b000
ipt_REJECT 6656 2 - Live 0xfac5c000
nf_conntrack_ipv4 11528 5 iptable_nat,nf_nat, Live 0xfab28000
iptable_filter 6528 1 - Live 0xfac40000
ip_tables 13712 3 iptable_mangle,iptable_nat,iptable_filter, Live 0xfac57000
ip6t_REJECT 7296 2 - Live 0xfac38000
xt_tcpudp 6656 2 - Live 0xfac35000
nf_conntrack_ipv6 15864 2 - Live 0xfac3b000
xt_state 5888 4 - Live 0xfac32000
nf_conntrack 51424 5
iptable_nat,nf_nat,nf_conntrack_ipv4,nf_conntrack_ipv6,xt_state, Live
0xfac43000
ip6table_filter 6400 1 - Live 0xfab2c000
ip6_tables 14736 1 ip6table_filter, Live 0xf8ade000
x_tables 15236 7
iptable_nat,ipt_REJECT,ip_tables,ip6t_REJECT,xt_tcpudp,xt_state,ip6_tables,
Live 0xf8ad1000
cpufreq_ondemand 9868 2 - Live 0xf8ada000
acpi_cpufreq 12172 0 - Live 0xf8ad6000
dm_multipath 17292 0 - Live 0xf8a59000
scsi_dh 9476 1 dm_multipath, Live 0xf89d2000
radeon 119044 3 - Live 0xf8b08000
drm 146404 4 radeon, Live 0xf8ae3000
ipv6 230260 39
ipcomp6,ah6,esp6,xfrm6_mode_beet,xfrm6_mode_tunnel,xfrm6_tunnel,tunnel6,ip6t_REJECT,nf_conntrack_ipv6,
Live 0xf8a1f000
snd_hda_intel 351380 3 - Live 0xf8a5f000
snd_seq_dummy 6660 0 - Live 0xf89a3000
snd_seq_oss 30364 0 - Live 0xf89e3000
snd_seq_midi_event 9600 1 snd_seq_oss, Live 0xf89b0000
snd_seq 48576 5 snd_seq_dummy,snd_seq_oss,snd_seq_midi_event, Live
0xf89d6000
snd_seq_device 9996 3 snd_seq_dummy,snd_seq_oss,snd_seq, Live 0xf89ac000
snd_pcm_oss 42496 0 - Live 0xf89ba000
snd_mixer_oss 16896 1 snd_pcm_oss, Live 0xf89a6000
snd_pcm 65924 2 snd_hda_intel,snd_pcm_oss, Live 0xf896e000
snd_timer 22024 2 snd_seq,snd_pcm, Live 0xf8926000
snd_page_alloc 11016 2 snd_hda_intel,snd_pcm, Live 0xf896a000
snd_hwdep 10500 1 snd_hda_intel, Live 0xf8937000
ppdev 10372 0 - Live 0xf8933000
snd 50744 16
snd_hda_intel,snd_seq_dummy,snd_seq_oss,snd_seq,snd_seq_device,snd_pcm_oss,snd_mixer_oss,snd_pcm,snd_timer,snd_hwdep,
Live 0xf8991000
parport_pc 25620 0 - Live 0xf893d000
parport 31956 2 ppdev,parport_pc, Live 0xf8961000
dcdbas 10272 0 - Live 0xf891e000
sr_mod 17064 1 - Live 0xf892d000
tg3 107780 0 - Live 0xf8945000
serio_raw 8836 0 - Live 0xf8922000
libphy 18560 1 tg3, Live 0xf88fd000
soundcore 9416 1 snd, Live 0xf891a000
iTCO_wdt 13732 0 - Live 0xf8903000
cdrom 32664 1 sr_mod, Live 0xf8911000
i2c_i801 12048 0 - Live 0xf88ca000
iTCO_vendor_support 6916 1 iTCO_wdt, Live 0xf8834000
pcspkr 6272 0 - Live 0xf88ba000
i2c_core 21396 2 drm,i2c_i801, Live 0xf88f0000
sg 31028 0 - Live 0xf8908000
dm_snapshot 19364 0 - Live 0xf88f7000
dm_zero 5632 0 - Live 0xf88ad000
dm_mirror 19968 0 - Live 0xf88b4000
dm_log 12164 1 dm_mirror, Live 0xf884e000
dm_mod 48692 10 dm_multipath,dm_snapshot,dm_zero,dm_mirror,dm_log, Live
0xf88bd000
pata_acpi 7680 0 - Live 0xf884b000
ata_generic 8452 0 - Live 0xf8847000
ata_piix 24836 3 - Live 0xf88a5000
libata 134380 3 pata_acpi,ata_generic,ata_piix, Live 0xf88ce000
sd_mod 32408 3 - Live 0xf889c000
scsi_mod 123772 5 scsi_dh,sr_mod,sg,libata,sd_mod, Live 0xf885f000
crc_t10dif 5632 1 sd_mod, Live 0xf8844000
ext3 109192 2 - Live 0xf8880000
jbd 42900 1 ext3, Live 0xf8853000
mbcache 10244 1 ext3, Live 0xf8839000
uhci_hcd 23312 0 - Live 0xf883d000
ohci_hcd 24336 0 - Live 0xf8824000
ehci_hcd 32524 0 - Live 0xf882b000
+ _________________________ /proc/meminfo
+ cat /proc/meminfo
MemTotal:      2072476 kB
MemFree:         87604 kB
Buffers:        160136 kB
Cached:         779088 kB
SwapCached:         32 kB
Active:        1195048 kB
Inactive:       559600 kB
HighTotal:     1177596 kB
HighFree:        12000 kB
LowTotal:       894880 kB
LowFree:         75604 kB
SwapTotal:     2031608 kB
SwapFree:      2031456 kB
Dirty:             176 kB
Writeback:           0 kB
AnonPages:      815192 kB
Mapped:         143760 kB
Slab:           129540 kB
SReclaimable:   110380 kB
SUnreclaim:      19160 kB
PageTables:       7032 kB
NFS_Unstable:        0 kB
Bounce:              0 kB
WritebackTmp:        0 kB
CommitLimit:   3067844 kB
Committed_AS:  1478656 kB
VmallocTotal:   110584 kB
VmallocUsed:     38328 kB
VmallocChunk:    72156 kB
HugePages_Total:     0
HugePages_Free:      0
HugePages_Rsvd:      0
HugePages_Surp:      0
Hugepagesize:     4096 kB
DirectMap4k:      8192 kB
DirectMap4M:    909312 kB
+ _________________________ /proc/net/ipsec-ls
+ test -f /proc/net/ipsec_version
+ _________________________ usr/src/linux/.config
+ test -f /proc/config.gz
++ uname -r
+ test -f /lib/modules/2.6.27.5-41.fc9.i686/build/.config
+ echo 'no .config file found, cannot list kernel properties'
no .config file found, cannot list kernel properties
+ _________________________ etc/syslog.conf
+ _________________________ etc/syslog-ng/syslog-ng.conf
+ cat /etc/syslog-ng/syslog-ng.conf
cat: /etc/syslog-ng/syslog-ng.conf: No such file or directory
+ cat /etc/syslog.conf
cat: /etc/syslog.conf: No such file or directory
+ _________________________ etc/resolv.conf
+ cat /etc/resolv.conf
# generated by NetworkManager, do not edit!

nameserver 192.168.15.1

+ _________________________ lib/modules-ls
+ ls -ltr /lib/modules
total 12
drwxr-xr-x 7 root root 4096 Oct 24 17:56 2.6.26.6-79.fc9.i686
drwxr-xr-x 7 root root 4096 Nov 15 12:00 2.6.27.5-37.fc9.i686
drwxr-xr-x 7 root root 4096 Nov 19 13:03 2.6.27.5-41.fc9.i686
+ _________________________ /proc/ksyms-netif_rx
+ test -r /proc/ksyms
+ test -r /proc/kallsyms
+ egrep netif_rx /proc/kallsyms
c05d6055 T netif_rx
c05d6697 T netif_rx_ni
c072abbc r __ksymtab_netif_rx
c072acc4 r __ksymtab_netif_rx_ni
c073b292 r __kstrtab_netif_rx
c073b4ce r __kstrtab_netif_rx_ni
c05d6697 u netif_rx_ni    [bnep]
c05d6055 u netif_rx    [ipv6]
f894f103 t netif_rx_schedule    [tg3]
f8950af8 t netif_rx_complete    [tg3]
+ _________________________ lib/modules-netif_rx
+ modulegoo kernel/net/ipv4/ipip.o netif_rx
+ set +x
2.6.26.6-79.fc9.i686:
2.6.27.5-37.fc9.i686:
2.6.27.5-41.fc9.i686:
+ _________________________ kern.debug
+ test -f /var/log/kern.debug
+ _________________________ klog
+ sed -n '1151,$p' /var/log/messages
+ egrep -i 'ipsec|klips|pluto'
+ case "$1" in
+ cat
Jan 26 09:36:38 localhost ipsec_setup: Starting Openswan IPsec
U2.6.14/K2.6.27.5-41.fc9.i686...
Jan 26 09:36:38 localhost ipsec_setup:
Jan 26 09:36:38 localhost ipsec_setup:
Jan 26 09:36:38 localhost setroubleshoot: SELinux is preventing logger
(ipsec_mgmt_t) "write" to log (devlog_t). For complete SELinux messages.
run sealert -l 68eff3d4-9eec-4f59-91c1-4d0cde3d88a2
Jan 26 09:36:39 localhost setroubleshoot: SELinux is preventing logger
(ipsec_mgmt_t) "write" to log (devlog_t). For complete SELinux messages.
run sealert -l 68eff3d4-9eec-4f59-91c1-4d0cde3d88a2
Jan 26 09:36:39 localhost setroubleshoot: SELinux is preventing logger
(ipsec_mgmt_t) "write" to log (devlog_t). For complete SELinux messages.
run sealert -l 68eff3d4-9eec-4f59-91c1-4d0cde3d88a2
Jan 26 09:36:39 localhost setroubleshoot: SELinux is preventing logger
(ipsec_mgmt_t) "write" to log (devlog_t). For complete SELinux messages.
run sealert -l 68eff3d4-9eec-4f59-91c1-4d0cde3d88a2
Jan 26 09:36:40 localhost setroubleshoot: SELinux is preventing logger
(ipsec_mgmt_t) "write" to log (devlog_t). For complete SELinux messages.
run sealert -l 68eff3d4-9eec-4f59-91c1-4d0cde3d88a2
Jan 26 09:36:40 localhost setroubleshoot: SELinux is preventing auto
(ipsec_mgmt_t) "execute_no_trans" to /bin/bash (shell_exec_t). For
complete SELinux messages. run sealert -l
12b4c94d-97f6-41cb-886f-048b26a24b1f
Jan 26 09:36:40 localhost setroubleshoot: SELinux is preventing logger
(ipsec_mgmt_t) "write" to log (devlog_t). For complete SELinux messages.
run sealert -l 68eff3d4-9eec-4f59-91c1-4d0cde3d88a2
Jan 26 09:36:40 localhost setroubleshoot: SELinux is preventing auto
(ipsec_mgmt_t) "execute_no_trans" to /bin/bash (shell_exec_t). For
complete SELinux messages. run sealert -l
12b4c94d-97f6-41cb-886f-048b26a24b1f
Jan 26 09:36:41 localhost setroubleshoot: SELinux is preventing logger
(ipsec_mgmt_t) "write" to log (devlog_t). For complete SELinux messages.
run sealert -l 68eff3d4-9eec-4f59-91c1-4d0cde3d88a2
Jan 26 09:36:41 localhost setroubleshoot: SELinux is preventing auto
(ipsec_mgmt_t) "execute_no_trans" to /bin/bash (shell_exec_t). For
complete SELinux messages. run sealert -l
12b4c94d-97f6-41cb-886f-048b26a24b1f
Jan 26 09:36:41 localhost setroubleshoot: SELinux is preventing logger
(ipsec_mgmt_t) "write" to log (devlog_t). For complete SELinux messages.
run sealert -l 68eff3d4-9eec-4f59-91c1-4d0cde3d88a2
Jan 26 09:36:41 localhost setroubleshoot: SELinux is preventing auto
(ipsec_mgmt_t) "execute_no_trans" to /bin/bash (shell_exec_t). For
complete SELinux messages. run sealert -l
12b4c94d-97f6-41cb-886f-048b26a24b1f
Jan 26 09:36:42 localhost setroubleshoot: SELinux is preventing logger
(ipsec_mgmt_t) "write" to log (devlog_t). For complete SELinux messages.
run sealert -l 68eff3d4-9eec-4f59-91c1-4d0cde3d88a2
Jan 26 09:36:42 localhost setroubleshoot: SELinux is preventing auto
(ipsec_mgmt_t) "execute_no_trans" to /bin/bash (shell_exec_t). For
complete SELinux messages. run sealert -l
12b4c94d-97f6-41cb-886f-048b26a24b1f
Jan 26 09:36:42 localhost setroubleshoot: SELinux is preventing logger
(ipsec_mgmt_t) "write" to log (devlog_t). For complete SELinux messages.
run sealert -l 68eff3d4-9eec-4f59-91c1-4d0cde3d88a2
+ _________________________ plog
+ sed -n '5,$p' /var/log/secure
+ egrep -i pluto
+ case "$1" in
+ cat
Jan 26 09:33:17 localhost pluto[20993]: Starting Pluto (Openswan Version
2.6.14; Vendor ID OEoSJUweaqAX) pid:20993
Jan 26 09:33:17 localhost pluto[20993]: Setting NAT-Traversal port-4500
floating to on
Jan 26 09:33:17 localhost pluto[20993]:    port floating activation
criteria nat_t=1/port_float=1
Jan 26 09:33:17 localhost pluto[20993]:    including NAT-Traversal patch
(Version 0.6c)
Jan 26 09:33:17 localhost pluto[20993]: using /dev/urandom as source of
random entropy
Jan 26 09:33:17 localhost pluto[20993]: ike_alg_register_enc():
Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
Jan 26 09:33:17 localhost pluto[20993]: ike_alg_register_enc():
Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
Jan 26 09:33:17 localhost pluto[20993]: ike_alg_register_enc():
Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
Jan 26 09:33:17 localhost pluto[20993]: ike_alg_register_enc():
Activating OAKLEY_AES_CBC: Ok (ret=0)
Jan 26 09:33:17 localhost pluto[20993]: ike_alg_register_enc():
Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
Jan 26 09:33:17 localhost pluto[20993]: ike_alg_register_hash():
Activating OAKLEY_SHA2_512: Ok (ret=0)
Jan 26 09:33:17 localhost pluto[20993]: ike_alg_register_hash():
Activating OAKLEY_SHA2_256: Ok (ret=0)
Jan 26 09:33:17 localhost pluto[20993]: starting up 1 cryptographic helpers
Jan 26 09:33:17 localhost pluto[21003]: using /dev/urandom as source of
random entropy
Jan 26 09:33:17 localhost pluto[20993]: started helper pid=21003 (fd:7)
Jan 26 09:33:17 localhost pluto[20993]: Using Linux 2.6 IPsec interface
code on 2.6.27.5-41.fc9.i686 (experimental code)
Jan 26 09:33:18 localhost pluto[20993]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names 
Jan 26 09:33:18 localhost pluto[20993]: ike_alg_register_enc():
Activating <NULL>: Ok (ret=0)
Jan 26 09:33:18 localhost pluto[20993]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names 
Jan 26 09:33:18 localhost pluto[20993]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 26 09:33:18 localhost pluto[20993]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 26 09:33:18 localhost pluto[20993]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names 
Jan 26 09:33:18 localhost pluto[20993]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 26 09:33:18 localhost pluto[20993]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 26 09:33:18 localhost pluto[20993]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names 
Jan 26 09:33:18 localhost pluto[20993]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 26 09:33:18 localhost pluto[20993]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 26 09:33:18 localhost pluto[20993]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names 
Jan 26 09:33:18 localhost pluto[20993]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 26 09:33:18 localhost pluto[20993]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 26 09:33:18 localhost pluto[20993]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names 
Jan 26 09:33:18 localhost pluto[20993]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 26 09:33:18 localhost pluto[20993]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 26 09:33:18 localhost pluto[20993]: Could not change to directory
'/etc/ipsec.d/cacerts': /etc/ipsec.d
Jan 26 09:33:18 localhost pluto[20993]: Could not change to directory
'/etc/ipsec.d/aacerts': /etc/ipsec.d
Jan 26 09:33:18 localhost pluto[20993]: Could not change to directory
'/etc/ipsec.d/ocspcerts': /etc/ipsec.d
Jan 26 09:33:18 localhost pluto[20993]: Could not change to directory
'/etc/ipsec.d/crls'
Jan 26 09:33:18 localhost pluto[20993]: Changing back to directory
'/etc/ipsec.d' failed - (2 No such file or directory)
Jan 26 09:33:18 localhost pluto[20993]: Changing back to directory
'/etc/ipsec.d' failed - (2 No such file or directory)
Jan 26 09:33:18 localhost pluto[20993]: added connection description "vo"
Jan 26 09:33:18 localhost pluto[20993]: added connection description "vodmz"
Jan 26 09:33:28 localhost pluto[20993]: shutting down
Jan 26 09:33:28 localhost pluto[20993]: "vodmz": deleting connection
Jan 26 09:33:28 localhost pluto[20993]: "vo": deleting connection
Jan 26 09:33:31 localhost pluto[21368]: Starting Pluto (Openswan Version
2.6.14; Vendor ID OEoSJUweaqAX) pid:21368
Jan 26 09:33:31 localhost pluto[21368]: Setting NAT-Traversal port-4500
floating to on
Jan 26 09:33:31 localhost pluto[21368]:    port floating activation
criteria nat_t=1/port_float=1
Jan 26 09:33:31 localhost pluto[21368]:    including NAT-Traversal patch
(Version 0.6c)
Jan 26 09:33:31 localhost pluto[21368]: using /dev/urandom as source of
random entropy
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_register_enc():
Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_register_enc():
Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_register_enc():
Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_register_enc():
Activating OAKLEY_AES_CBC: Ok (ret=0)
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_register_enc():
Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_register_hash():
Activating OAKLEY_SHA2_512: Ok (ret=0)
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_register_hash():
Activating OAKLEY_SHA2_256: Ok (ret=0)
Jan 26 09:33:31 localhost pluto[21368]: starting up 1 cryptographic helpers
Jan 26 09:33:31 localhost pluto[21371]: using /dev/urandom as source of
random entropy
Jan 26 09:33:31 localhost pluto[21368]: started helper pid=21371 (fd:7)
Jan 26 09:33:31 localhost pluto[21368]: Using Linux 2.6 IPsec interface
code on 2.6.27.5-41.fc9.i686 (experimental code)
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names 
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_register_enc():
Activating <NULL>: Ok (ret=0)
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names 
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names 
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names 
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names 
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names 
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 26 09:33:31 localhost pluto[21368]: Could not change to directory
'/etc/ipsec.d/cacerts': /etc/ipsec.d
Jan 26 09:33:31 localhost pluto[21368]: Could not change to directory
'/etc/ipsec.d/aacerts': /etc/ipsec.d
Jan 26 09:33:31 localhost pluto[21368]: Could not change to directory
'/etc/ipsec.d/ocspcerts': /etc/ipsec.d
Jan 26 09:33:31 localhost pluto[21368]: Could not change to directory
'/etc/ipsec.d/crls'
Jan 26 09:33:31 localhost pluto[21368]: Changing back to directory
'/etc/ipsec.d' failed - (2 No such file or directory)
Jan 26 09:33:31 localhost pluto[21368]: Changing back to directory
'/etc/ipsec.d' failed - (2 No such file or directory)
Jan 26 09:33:31 localhost pluto[21368]: added connection description "vo"
Jan 26 09:33:31 localhost pluto[21368]: added connection description "vodmz"
Jan 26 09:34:10 localhost pluto[21368]: shutting down
Jan 26 09:34:10 localhost pluto[21368]: "vodmz": deleting connection
Jan 26 09:34:10 localhost pluto[21368]: "vo": deleting connection
Jan 26 09:34:12 localhost pluto[21750]: Starting Pluto (Openswan Version
2.6.14; Vendor ID OEoSJUweaqAX) pid:21750
Jan 26 09:34:12 localhost pluto[21750]: Setting NAT-Traversal port-4500
floating to on
Jan 26 09:34:12 localhost pluto[21750]:    port floating activation
criteria nat_t=1/port_float=1
Jan 26 09:34:12 localhost pluto[21750]:    including NAT-Traversal patch
(Version 0.6c)
Jan 26 09:34:12 localhost pluto[21750]: using /dev/urandom as source of
random entropy
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_register_enc():
Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_register_enc():
Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_register_enc():
Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_register_enc():
Activating OAKLEY_AES_CBC: Ok (ret=0)
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_register_enc():
Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_register_hash():
Activating OAKLEY_SHA2_512: Ok (ret=0)
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_register_hash():
Activating OAKLEY_SHA2_256: Ok (ret=0)
Jan 26 09:34:12 localhost pluto[21750]: starting up 1 cryptographic helpers
Jan 26 09:34:12 localhost pluto[21752]: using /dev/urandom as source of
random entropy
Jan 26 09:34:12 localhost pluto[21750]: started helper pid=21752 (fd:7)
Jan 26 09:34:12 localhost pluto[21750]: Using Linux 2.6 IPsec interface
code on 2.6.27.5-41.fc9.i686 (experimental code)
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names 
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_register_enc():
Activating <NULL>: Ok (ret=0)
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names 
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names 
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names 
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names 
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names 
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 26 09:34:12 localhost pluto[21750]: Could not change to directory
'/etc/ipsec.d/cacerts': /etc/ipsec.d
Jan 26 09:34:12 localhost pluto[21750]: Could not change to directory
'/etc/ipsec.d/aacerts': /etc/ipsec.d
Jan 26 09:34:12 localhost pluto[21750]: Could not change to directory
'/etc/ipsec.d/ocspcerts': /etc/ipsec.d
Jan 26 09:34:12 localhost pluto[21750]: Could not change to directory
'/etc/ipsec.d/crls'
Jan 26 09:34:12 localhost pluto[21750]: Changing back to directory
'/etc/ipsec.d' failed - (2 No such file or directory)
Jan 26 09:34:12 localhost pluto[21750]: Changing back to directory
'/etc/ipsec.d' failed - (2 No such file or directory)
Jan 26 09:34:12 localhost pluto[21750]: added connection description "vo"
Jan 26 09:34:12 localhost pluto[21750]: added connection description "vodmz"
Jan 26 09:36:36 localhost pluto[21750]: shutting down
Jan 26 09:36:36 localhost pluto[21750]: "vodmz": deleting connection
Jan 26 09:36:36 localhost pluto[21750]: "vo": deleting connection
Jan 26 09:36:38 localhost pluto[22267]: Starting Pluto (Openswan Version
2.6.14; Vendor ID OEoSJUweaqAX) pid:22267
Jan 26 09:36:38 localhost pluto[22267]: Setting NAT-Traversal port-4500
floating to on
Jan 26 09:36:38 localhost pluto[22267]:    port floating activation
criteria nat_t=1/port_float=1
Jan 26 09:36:38 localhost pluto[22267]:    including NAT-Traversal patch
(Version 0.6c)
Jan 26 09:36:38 localhost pluto[22267]: using /dev/urandom as source of
random entropy
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_register_enc():
Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_register_enc():
Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_register_enc():
Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_register_enc():
Activating OAKLEY_AES_CBC: Ok (ret=0)
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_register_enc():
Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_register_hash():
Activating OAKLEY_SHA2_512: Ok (ret=0)
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_register_hash():
Activating OAKLEY_SHA2_256: Ok (ret=0)
Jan 26 09:36:38 localhost pluto[22267]: starting up 1 cryptographic helpers
Jan 26 09:36:38 localhost pluto[22268]: using /dev/urandom as source of
random entropy
Jan 26 09:36:38 localhost pluto[22267]: started helper pid=22268 (fd:7)
Jan 26 09:36:38 localhost pluto[22267]: Using Linux 2.6 IPsec interface
code on 2.6.27.5-41.fc9.i686 (experimental code)
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names 
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_register_enc():
Activating <NULL>: Ok (ret=0)
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names 
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names 
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names 
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names 
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names 
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 26 09:36:39 localhost pluto[22267]: Could not change to directory
'/etc/ipsec.d/cacerts': /etc/ipsec.d
Jan 26 09:36:39 localhost pluto[22267]: Could not change to directory
'/etc/ipsec.d/aacerts': /etc/ipsec.d
Jan 26 09:36:39 localhost pluto[22267]: Could not change to directory
'/etc/ipsec.d/ocspcerts': /etc/ipsec.d
Jan 26 09:36:39 localhost pluto[22267]: Could not change to directory
'/etc/ipsec.d/crls'
Jan 26 09:36:39 localhost pluto[22267]: Changing back to directory
'/etc/ipsec.d' failed - (2 No such file or directory)
Jan 26 09:36:39 localhost pluto[22267]: Changing back to directory
'/etc/ipsec.d' failed - (2 No such file or directory)
Jan 26 09:36:39 localhost pluto[22267]: added connection description "vo"
Jan 26 09:36:39 localhost pluto[22267]: added connection description "vodmz"
+ _________________________ date
+ date
Mon Jan 26 09:41:09 EST 2009


-- 
Chris Garrigues
Senior System Administrator
Ph: (512) 961-6808
chris.garrigues at SteepRockInc.com <mailto:chris.garrigues at SteepRockInc.com>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20090126/151985c2/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: SteepRockLogo.gif
Type: image/gif
Size: 2419 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20090126/151985c2/attachment-0001.gif 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
Url : http://lists.openswan.org/pipermail/users/attachments/20090126/151985c2/attachment-0001.bin 


More information about the Users mailing list