[Openswan Users] OpenSWAN to SonicWALL problems
Chris Garrigues
chris_garrigues at steeprockinc.com
Mon Jan 26 09:48:21 EST 2009
Peter McGill wrote:
> Chris,
>
> It appears that you still have opportunistic encryption on.
> > + ipsec verify
> > Opportunistic Encryption DNS checks:
> > Looking for TXT in forward dns zone: localhost.localdomain
> [MISSING]
> > Does the machine have at least one non-private address?
> [FAILED]
>
> I don't see anywhere that you've turned opportunistic encryption off.
> ipsec.conf:
> config setup
> oe=off # Openswan 2.6.x only
>
> or
>
> include /etc/ipsec.d/examples/no_oe.conf
Apparently that wasn't enough. We must have something else wrong as well.
Here's the latest barf:
localhost.localdomain
Mon Jan 26 09:41:08 EST 2009
+ _________________________ version
+ ipsec --version
Linux Openswan U2.6.14/K2.6.27.5-41.fc9.i686 (netkey)
See `ipsec --copyright' for copyright information.
+ _________________________ /proc/version
+ cat /proc/version
Linux version 2.6.27.5-41.fc9.i686 (mockbuild@) (gcc version 4.3.0
20080428 (Red Hat 4.3.0-8) (GCC) ) #1 SMP Thu Nov 13 20:52:14 EST 2008
+ _________________________ /proc/net/ipsec_eroute
+ test -r /proc/net/ipsec_eroute
+ _________________________ netstat-rn
+ netstat -nr
+ head -n 100
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt
Iface
192.168.15.0 0.0.0.0 255.255.255.0 U 0 0 0
eth0
0.0.0.0 192.168.15.1 0.0.0.0 UG 0 0 0
eth0
+ _________________________ /proc/net/ipsec_spi
+ test -r /proc/net/ipsec_spi
+ _________________________ /proc/net/ipsec_spigrp
+ test -r /proc/net/ipsec_spigrp
+ _________________________ /proc/net/ipsec_tncfg
+ test -r /proc/net/ipsec_tncfg
+ _________________________ /proc/net/pfkey
+ test -r /proc/net/pfkey
+ cat /proc/net/pfkey
sk RefCnt Rmem Wmem User Inode
+ _________________________ ip-xfrm-state
+ ip xfrm state
+ _________________________ ip-xfrm-policy
+ ip xfrm policy
+ _________________________ /proc/crypto
+ test -r /proc/crypto
+ cat /proc/crypto
name : deflate
driver : deflate-generic
module : deflate
priority : 0
refcnt : 1
type : compression
name : rfc3686(ctr(aes))
driver : rfc3686(ctr(aes-asm))
module : ctr
priority : 200
refcnt : 1
type : blkcipher
blocksize : 1
min keysize : 20
max keysize : 36
ivsize : 8
geniv : seqiv
name : ctr(aes)
driver : ctr(aes-asm)
module : ctr
priority : 200
refcnt : 1
type : blkcipher
blocksize : 1
min keysize : 16
max keysize : 32
ivsize : 16
geniv : <default>
name : cbc(twofish)
driver : cbc(twofish-generic)
module : cbc
priority : 100
refcnt : 1
type : blkcipher
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 16
geniv : <default>
name : cbc(camellia)
driver : cbc(camellia-generic)
module : cbc
priority : 100
refcnt : 1
type : blkcipher
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 16
geniv : <default>
name : camellia
driver : camellia-generic
module : camellia
priority : 100
refcnt : 1
type : cipher
blocksize : 16
min keysize : 16
max keysize : 32
name : cbc(serpent)
driver : cbc(serpent-generic)
module : cbc
priority : 0
refcnt : 1
type : blkcipher
blocksize : 16
min keysize : 0
max keysize : 32
ivsize : 16
geniv : <default>
name : cbc(aes)
driver : cbc(aes-asm)
module : cbc
priority : 200
refcnt : 1
type : blkcipher
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 16
geniv : <default>
name : cbc(blowfish)
driver : cbc(blowfish-generic)
module : cbc
priority : 0
refcnt : 1
type : blkcipher
blocksize : 8
min keysize : 4
max keysize : 56
ivsize : 8
geniv : <default>
name : cbc(des3_ede)
driver : cbc(des3_ede-generic)
module : cbc
priority : 0
refcnt : 1
type : blkcipher
blocksize : 8
min keysize : 24
max keysize : 24
ivsize : 8
geniv : <default>
name : cbc(des)
driver : cbc(des-generic)
module : cbc
priority : 0
refcnt : 1
type : blkcipher
blocksize : 8
min keysize : 8
max keysize : 8
ivsize : 8
geniv : <default>
name : xcbc(aes)
driver : xcbc(aes-asm)
module : xcbc
priority : 200
refcnt : 1
type : hash
blocksize : 16
digestsize : 16
name : hmac(rmd160)
driver : hmac(rmd160)
module : kernel
priority : 0
refcnt : 1
type : hash
blocksize : 64
digestsize : 20
name : rmd160
driver : rmd160
module : rmd160
priority : 0
refcnt : 1
type : digest
blocksize : 64
digestsize : 20
name : hmac(sha256)
driver : hmac(sha256-generic)
module : kernel
priority : 0
refcnt : 1
type : hash
blocksize : 64
digestsize : 32
name : hmac(sha1)
driver : hmac(sha1-generic)
module : kernel
priority : 0
refcnt : 1
type : hash
blocksize : 64
digestsize : 20
name : hmac(md5)
driver : hmac(md5-generic)
module : kernel
priority : 0
refcnt : 1
type : hash
blocksize : 64
digestsize : 16
name : compress_null
driver : compress_null-generic
module : crypto_null
priority : 0
refcnt : 1
type : compression
name : digest_null
driver : digest_null-generic
module : crypto_null
priority : 0
refcnt : 1
type : digest
blocksize : 1
digestsize : 0
name : ecb(cipher_null)
driver : ecb-cipher_null
module : crypto_null
priority : 100
refcnt : 1
type : blkcipher
blocksize : 1
min keysize : 0
max keysize : 0
ivsize : 0
geniv : <default>
name : cipher_null
driver : cipher_null-generic
module : crypto_null
priority : 0
refcnt : 1
type : cipher
blocksize : 1
min keysize : 0
max keysize : 0
name : tnepres
driver : tnepres-generic
module : serpent
priority : 0
refcnt : 1
type : cipher
blocksize : 16
min keysize : 0
max keysize : 32
name : serpent
driver : serpent-generic
module : serpent
priority : 0
refcnt : 1
type : cipher
blocksize : 16
min keysize : 0
max keysize : 32
name : blowfish
driver : blowfish-generic
module : blowfish
priority : 0
refcnt : 1
type : cipher
blocksize : 8
min keysize : 4
max keysize : 56
name : twofish
driver : twofish-generic
module : twofish
priority : 100
refcnt : 1
type : cipher
blocksize : 16
min keysize : 16
max keysize : 32
name : sha256
driver : sha256-generic
module : sha256_generic
priority : 0
refcnt : 1
type : digest
blocksize : 64
digestsize : 32
name : sha224
driver : sha224-generic
module : sha256_generic
priority : 0
refcnt : 1
type : digest
blocksize : 64
digestsize : 28
name : sha512
driver : sha512-generic
module : sha512_generic
priority : 0
refcnt : 1
type : digest
blocksize : 128
digestsize : 64
name : sha384
driver : sha384-generic
module : sha512_generic
priority : 0
refcnt : 1
type : digest
blocksize : 128
digestsize : 48
name : des3_ede
driver : des3_ede-generic
module : des_generic
priority : 0
refcnt : 1
type : cipher
blocksize : 8
min keysize : 24
max keysize : 24
name : des
driver : des-generic
module : des_generic
priority : 0
refcnt : 1
type : cipher
blocksize : 8
min keysize : 8
max keysize : 8
name : aes
driver : aes-asm
module : aes_i586
priority : 200
refcnt : 1
type : cipher
blocksize : 16
min keysize : 16
max keysize : 32
name : aes
driver : aes-generic
module : aes_generic
priority : 100
refcnt : 1
type : cipher
blocksize : 16
min keysize : 16
max keysize : 32
name : sha1
driver : sha1-generic
module : kernel
priority : 0
refcnt : 1
type : digest
blocksize : 64
digestsize : 20
name : md5
driver : md5-generic
module : kernel
priority : 0
refcnt : 1
type : digest
blocksize : 64
digestsize : 16
+ __________________________/proc/sys/net/core/xfrm-star
/usr/libexec/ipsec/barf: line 191:
__________________________/proc/sys/net/core/xfrm-star: No such file or
directory
+ for i in '/proc/sys/net/core/xfrm_*'
+ echo -n '/proc/sys/net/core/xfrm_acq_expires: '
/proc/sys/net/core/xfrm_acq_expires: + cat
/proc/sys/net/core/xfrm_acq_expires
30
+ for i in '/proc/sys/net/core/xfrm_*'
+ echo -n '/proc/sys/net/core/xfrm_aevent_etime: '
/proc/sys/net/core/xfrm_aevent_etime: + cat
/proc/sys/net/core/xfrm_aevent_etime
10
+ for i in '/proc/sys/net/core/xfrm_*'
+ echo -n '/proc/sys/net/core/xfrm_aevent_rseqth: '
/proc/sys/net/core/xfrm_aevent_rseqth: + cat
/proc/sys/net/core/xfrm_aevent_rseqth
2
+ for i in '/proc/sys/net/core/xfrm_*'
+ echo -n '/proc/sys/net/core/xfrm_larval_drop: '
/proc/sys/net/core/xfrm_larval_drop: + cat
/proc/sys/net/core/xfrm_larval_drop
0
+ _________________________ /proc/sys/net/ipsec-star
+ test -d /proc/sys/net/ipsec
+ _________________________ ipsec/status
+ ipsec auto --status
000 using kernel interface: netkey
000 %myid = (none)
000 debug none
000
000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64,
keysizemax=64
000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192,
keysizemax=192
000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8,
keysizemin=40, keysizemax=448
000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0,
keysizemax=0
000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128,
keysizemax=256
000 algorithm ESP encrypt: id=13, name=ESP_AES_CTR, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=14, name=ESP_AES_CCM_A, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=15, name=ESP_AES_CCM_B, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=16, name=ESP_AES_CCM_C, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=18, name=ESP_AES_GCM_A, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=19, name=ESP_AES_GCM_B, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=20, name=ESP_AES_GCM_C, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=22, name=ESP_CAMELLIA, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5,
keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1,
keysizemin=160, keysizemax=160
000 algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256,
keysizemin=256, keysizemax=256
000 algorithm ESP auth attr: id=8, name=AUTH_ALGORITHM_HMAC_RIPEMD,
keysizemin=160, keysizemax=160
000 algorithm ESP auth attr: id=9, name=AUTH_ALGORITHM_AES_CBC,
keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=251, name=(null), keysizemin=0, keysizemax=0
000
000 algorithm IKE encrypt: id=0, name=(null), blocksize=16, keydeflen=131
000 algorithm IKE encrypt: id=3, name=OAKLEY_BLOWFISH_CBC, blocksize=8,
keydeflen=128
000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8,
keydeflen=192
000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16,
keydeflen=128
000 algorithm IKE encrypt: id=65004, name=OAKLEY_SERPENT_CBC,
blocksize=16, keydeflen=128
000 algorithm IKE encrypt: id=65005, name=OAKLEY_TWOFISH_CBC,
blocksize=16, keydeflen=128
000 algorithm IKE encrypt: id=65289, name=OAKLEY_TWOFISH_CBC_SSH,
blocksize=16, keydeflen=128
000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20
000 algorithm IKE hash: id=4, name=OAKLEY_SHA2_256, hashsize=32
000 algorithm IKE hash: id=6, name=OAKLEY_SHA2_512, hashsize=64
000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
000
000 stats db_ops: {curr_cnt, total_cnt, maxsz} :context={0,0,0}
trans={0,0,0} attrs={0,0,0}
000
000 "vo":
192.168.10.0/24===67.220.126.196<67.220.126.196>[@vo,+S=C]...0.0.0.0---%any[@jingluo,+S=C]===192.168.200.56/32;
unrouted; eroute owner: #0
000 "vo": myip=unset; hisip=192.168.200.56;
000 "vo": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s;
rekey_fuzz: 100%; keyingtries: 0
000 "vo": policy: PSK+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW+lKOD+rKOD; prio:
24,32; interface: ;
000 "vo": newest ISAKMP SA: #0; newest IPsec SA: #0;
000 "vo": IKE algorithms wanted: AES_CBC(7)_256-SHA1(2)-MODP1536(5),
AES_CBC(7)_256-SHA1(2)-MODP1024(2); flags=-strict
000 "vo": IKE algorithms found: AES_CBC(7)_256-SHA1(2)_160-5,
AES_CBC(7)_256-SHA1(2)_160-2,
000 "vo": ESP algorithms wanted: AES(12)_256-SHA1(2); flags=-strict
000 "vo": ESP algorithms loaded: AES(12)_256-SHA1(2)_160
000 "vodmz":
192.168.8.0/24===67.220.126.196<67.220.126.196>[@vo,+S=C]...0.0.0.0---%any[@jingluo,+S=C]===192.168.200.56/32;
unrouted; eroute owner: #0
000 "vodmz": myip=unset; hisip=192.168.200.56;
000 "vodmz": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s;
rekey_fuzz: 100%; keyingtries: 0
000 "vodmz": policy: PSK+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW+lKOD+rKOD;
prio: 24,32; interface: ;
000 "vodmz": newest ISAKMP SA: #0; newest IPsec SA: #0;
000 "vodmz": IKE algorithms wanted:
AES_CBC(7)_256-SHA1(2)-MODP1536(5), AES_CBC(7)_256-SHA1(2)-MODP1024(2);
flags=-strict
000 "vodmz": IKE algorithms found: AES_CBC(7)_256-SHA1(2)_160-5,
AES_CBC(7)_256-SHA1(2)_160-2,
000 "vodmz": ESP algorithms wanted: AES(12)_256-SHA1(2); flags=-strict
000 "vodmz": ESP algorithms loaded: AES(12)_256-SHA1(2)_160
000
000
+ _________________________ ifconfig-a
+ ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:1A:A0:49:D6:F0
inet addr:192.168.15.3 Bcast:192.168.15.255 Mask:255.255.255.0
inet6 addr: fe80::21a:a0ff:fe49:d6f0/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:437205 errors:0 dropped:0 overruns:0 frame:0
TX packets:382402 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:392714376 (374.5 MiB) TX bytes:73748413 (70.3 MiB)
Interrupt:16
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:8706 errors:0 dropped:0 overruns:0 frame:0
TX packets:8706 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:452185 (441.5 KiB) TX bytes:452185 (441.5 KiB)
pan0 Link encap:Ethernet HWaddr 42:44:14:66:91:88
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
+ _________________________ ip-addr-list
+ ip addr list
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UP qlen 1000
link/ether 00:1a:a0:49:d6:f0 brd ff:ff:ff:ff:ff:ff
inet 192.168.15.3/24 brd 192.168.15.255 scope global eth0
inet6 fe80::21a:a0ff:fe49:d6f0/64 scope link
valid_lft forever preferred_lft forever
3: pan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN
link/ether 42:44:14:66:91:88 brd ff:ff:ff:ff:ff:ff
+ _________________________ ip-route-list
+ ip route list
192.168.15.0/24 dev eth0 proto kernel scope link src 192.168.15.3
default via 192.168.15.1 dev eth0 proto static
+ _________________________ ip-rule-list
+ ip rule list
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
+ _________________________ ipsec_verify
+ ipsec verify --nocolour
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.6.14/K2.6.27.5-41.fc9.i686 (netkey)
Checking for IPsec support in kernel [OK]
NETKEY detected, testing for disabled ICMP send_redirects [FAILED]
Please disable /proc/sys/net/ipv4/conf/*/send_redirects
or NETKEY will cause the sending of bogus ICMP redirects!
NETKEY detected, testing for disabled ICMP accept_redirects [FAILED]
Please disable /proc/sys/net/ipv4/conf/*/accept_redirects
or NETKEY will accept bogus ICMP redirects!
Checking for RSA private key (/etc/ipsec.secrets) [OK]
Checking that pluto is running [OK]
Pluto not listening on port udp 500. Check interfaces defintion in
ipsec.conf.Two or more interfaces found, checking IP forwarding
[FAILED]
Checking for 'ip' command [OK]
Checking for 'iptables' command [OK]
Opportunistic Encryption Support [DISABLED]
+ _________________________ mii-tool
+ '[' -x /sbin/mii-tool ']'
+ /sbin/mii-tool -v
eth0: negotiated 100baseTx-FD, link ok
product info: vendor 00:50:ef, model 14 rev 0
basic mode: autonegotiation enabled
basic status: autonegotiation complete, link ok
capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
advertising: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
link partner: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
+ _________________________ ipsec/directory
+ ipsec --directory
/usr/libexec/ipsec
+ _________________________ hostname/fqdn
+ hostname --fqdn
localhost.localdomain
+ _________________________ hostname/ipaddress
+ hostname --ip-address
127.0.0.1
+ _________________________ uptime
+ uptime
09:41:09 up 5 days, 41 min, 11 users, load average: 0.51, 0.43, 0.22
+ _________________________ ps
+ ps alxwf
+ egrep -i 'ppid|pluto|ipsec|klips'
F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME COMMAND
4 0 22375 20683 20 0 5668 1136 wait S+ pts/10
0:00 \_ /bin/sh /usr/libexec/ipsec/barf
0 0 22455 22375 20 0 2044 504 pipe_w S+ pts/10
0:00 \_ egrep -i ppid|pluto|ipsec|klips
1 0 22265 1 20 0 2668 416 wait S pts/10 0:00
/bin/sh /usr/libexec/ipsec/_plutorun --debug --uniqueids no
--force_busy no --nocrsend no --strictcrlpolicy --nat_traversal yes
--keep_alive --protostack netkey --force_keepalive
--disable_port_floating --virtual_private --crlcheckinterval 0
--ocspuri --nhelpers --dump --opts --stderrlog --wait no --pre
--post --log daemon.error --plutorestartoncrash false --pid
/var/run/pluto/pluto.pid
1 0 22266 22265 20 0 2668 548 wait S pts/10 0:00 \_
/bin/sh /usr/libexec/ipsec/_plutorun --debug --uniqueids no
--force_busy no --nocrsend no --strictcrlpolicy --nat_traversal yes
--keep_alive --protostack netkey --force_keepalive
--disable_port_floating --virtual_private --crlcheckinterval 0
--ocspuri --nhelpers --dump --opts --stderrlog --wait no --pre
--post --log daemon.error --plutorestartoncrash false --pid
/var/run/pluto/pluto.pid
4 0 22267 22266 20 0 3260 1152 select S pts/10 0:00
| \_ /usr/libexec/ipsec/pluto --nofork --secretsfile
/etc/ipsec.secrets --use-netkey --nat_traversal
1 0 22268 22267 30 10 3268 580 unix_s SN pts/10 0:00
| \_ pluto helper #
0
0 0 22308 22267 20 0 1756 296 select S pts/10 0:00
| \_ _pluto_adns
0 0 22270 22265 20 0 2668 968 pipe_w S pts/10 0:00 \_
/bin/sh /usr/libexec/ipsec/_plutoload --wait no --post
0 0 22269 1 20 0 1808 504 pipe_w S pts/10 0:00
logger -s -p daemon.error -t ipsec__plutorun
+ _________________________ ipsec/showdefaults
+ ipsec showdefaults
ipsec showdefaults: cannot find defaults file `/var/run/pluto/ipsec.info'
+ _________________________ ipsec/conf
+ ipsec _keycensor
+ ipsec _include /etc/ipsec.conf
#< /etc/ipsec.conf 1
# /etc/ipsec.conf - Openswan IPsec configuration file
#
# Manual: ipsec.conf.5
#
# Please place your own config files in /etc/ipsec.d/ ending in .conf
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
# Debug-logging controls: "none" for (almost) none, "all" for lots.
# klipsdebug=none
# plutodebug="control parsing"
# For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
protostack=netkey
nat_traversal=yes
#< /etc/ipsec.d/ipsec.conf 1
conn vo
also=vocommon
rightsubnet=192.168.10.0/24
auto=start
conn vodmz
also=vocommon
rightsubnet=192.168.8.0/24
auto=start
conn vocommon
type=tunnel
left=%defaultroute
leftid=@jingluo
leftsourceip=192.168.200.56
leftsubnet=192.168.200.56/32
rightid=@vo
right=67.220.126.196
keyingtries=0
pfs=yes
authby=secret
auth=esp
ike=aes256-sha1
esp=aes256-sha1
keyexchange=ike
conn block
auto=ignore
conn private
auto=ignore
conn private-or-clear
auto=ignore
conn clear-or-private
auto=ignore
conn clear
auto=ignore
conn packetdefault
auto=ignore
#> /etc/ipsec.conf 19
+ _________________________ ipsec/secrets
+ ipsec _include /etc/ipsec.secrets
+ ipsec _secretcensor
#< /etc/ipsec.secrets 1
#< /etc/ipsec.d/ipsec.secrets 1
@jingluo @vo : PSK "[sums to 3db3...]"
#> /etc/ipsec.secrets 2
+ _________________________ ipsec/listall
+ ipsec auto --listall
000
000 List of Public Keys:
000
000 List of Pre-shared secrets (from /etc/ipsec.secrets)
+ '[' /etc/ipsec.d/policies ']'
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/block
+ base=block
+ _________________________ ipsec/policies/block
+ cat /etc/ipsec.d/policies/block
# This file defines the set of CIDRs (network/mask-length) to which
# communication should never be allowed.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: block.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/clear
+ base=clear
+ _________________________ ipsec/policies/clear
+ cat /etc/ipsec.d/policies/clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be in the clear.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# root name servers should be in the clear
192.58.128.30/32
198.41.0.4/32
192.228.79.201/32
192.33.4.12/32
128.8.10.90/32
192.203.230.10/32
192.5.5.241/32
192.112.36.4/32
128.63.2.53/32
192.36.148.17/32
193.0.14.129/32
199.7.83.42/32
202.12.27.33/32
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/clear-or-private
+ base=clear-or-private
+ _________________________ ipsec/policies/clear-or-private
+ cat /etc/ipsec.d/policies/clear-or-private
# This file defines the set of CIDRs (network/mask-length) to which
# we will communicate in the clear, or, if the other side initiates IPSEC,
# using encryption. This behaviour is also called "Opportunistic
Responder".
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: clear-or-private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/private
+ base=private
+ _________________________ ipsec/policies/private
+ cat /etc/ipsec.d/policies/private
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be private (i.e. encrypted).
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/private-or-clear
+ base=private-or-clear
+ _________________________ ipsec/policies/private-or-clear
+ cat /etc/ipsec.d/policies/private-or-clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should be private, if possible, but in the clear otherwise.
#
# If the target has a TXT (later IPSECKEY) record that specifies
# authentication material, we will require private (i.e. encrypted)
# communications. If no such record is found, communications will be
# in the clear.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: private-or-clear.in,v 1.5 2003/02/17 02:22:15 mcr Exp $
#
0.0.0.0/0
+ _________________________ ipsec/ls-libdir
+ ls -l /usr/libexec/ipsec
total 2256
-rwxr-xr-x 1 root root 6056 Jun 6 2008 _copyright
-rwxr-xr-x 1 root root 2379 Jun 6 2008 _include
-rwxr-xr-x 1 root root 1475 Jun 6 2008 _keycensor
-rwxr-xr-x 1 root root 10088 Jun 6 2008 _pluto_adns
-rwxr-xr-x 1 root root 2632 Jun 6 2008 _plutoload
-rwxr-xr-x 1 root root 7602 Jun 6 2008 _plutorun
-rwxr-xr-x 1 root root 13746 Jun 6 2008 _realsetup
-rwxr-xr-x 1 root root 1975 Jun 6 2008 _secretcensor
-rwxr-xr-x 1 root root 9752 Jun 6 2008 _startklips
-rwxr-xr-x 1 root root 9752 Jun 6 2008 _startklips.old
-rwxr-xr-x 1 root root 4988 Jun 6 2008 _startnetkey
-rwxr-xr-x 1 root root 4949 Jun 6 2008 _updown
-rwxr-xr-x 1 root root 14030 Jun 6 2008 _updown.klips
-rwxr-xr-x 1 root root 14030 Jun 6 2008 _updown.klips.old
-rwxr-xr-x 1 root root 13739 Jun 6 2008 _updown.mast
-rwxr-xr-x 1 root root 13739 Jun 6 2008 _updown.mast.old
-rwxr-xr-x 1 root root 8337 Jun 6 2008 _updown.netkey
-rwxr-xr-x 1 root root 188348 Jun 6 2008 addconn
-rwxr-xr-x 1 root root 6129 Jun 6 2008 auto
-rwxr-xr-x 1 root root 10758 Jun 6 2008 barf
-rwxr-xr-x 1 root root 90088 Jun 6 2008 eroute
-rwxr-xr-x 1 root root 20708 Jun 6 2008 ikeping
-rwxr-xr-x 1 root root 69804 Jun 6 2008 klipsdebug
-rwxr-xr-x 1 root root 1836 Jun 6 2008 livetest
-rwxr-xr-x 1 root root 2591 Jun 6 2008 look
-rwxr-xr-x 1 root root 1921 Jun 6 2008 newhostkey
-rwxr-xr-x 1 root root 60840 Jun 6 2008 pf_key
-rwxr-xr-x 1 root root 957728 Jun 6 2008 pluto
-rwxr-xr-x 1 root root 10236 Jun 6 2008 ranbits
-rwxr-xr-x 1 root root 20176 Jun 6 2008 rsasigkey
-rwxr-xr-x 1 root root 766 Jun 6 2008 secrets
lrwxrwxrwx 1 root root 30 Jan 20 09:30 setup ->
../../../etc/rc.d/init.d/ipsec
-rwxr-xr-x 1 root root 1054 Jun 6 2008 showdefaults
-rwxr-xr-x 1 root root 219368 Jun 6 2008 showhostkey
-rwxr-xr-x 1 root root 22744 Jun 6 2008 showpolicy
-rwxr-xr-x 1 root root 148388 Jun 6 2008 spi
-rwxr-xr-x 1 root root 77336 Jun 6 2008 spigrp
-rwxr-xr-x 1 root root 69700 Jun 6 2008 tncfg
-rwxr-xr-x 1 root root 12526 Jun 6 2008 verify
-rwxr-xr-x 1 root root 50340 Jun 6 2008 whack
+ _________________________ ipsec/ls-execdir
+ ls -l /usr/libexec/ipsec
total 2256
-rwxr-xr-x 1 root root 6056 Jun 6 2008 _copyright
-rwxr-xr-x 1 root root 2379 Jun 6 2008 _include
-rwxr-xr-x 1 root root 1475 Jun 6 2008 _keycensor
-rwxr-xr-x 1 root root 10088 Jun 6 2008 _pluto_adns
-rwxr-xr-x 1 root root 2632 Jun 6 2008 _plutoload
-rwxr-xr-x 1 root root 7602 Jun 6 2008 _plutorun
-rwxr-xr-x 1 root root 13746 Jun 6 2008 _realsetup
-rwxr-xr-x 1 root root 1975 Jun 6 2008 _secretcensor
-rwxr-xr-x 1 root root 9752 Jun 6 2008 _startklips
-rwxr-xr-x 1 root root 9752 Jun 6 2008 _startklips.old
-rwxr-xr-x 1 root root 4988 Jun 6 2008 _startnetkey
-rwxr-xr-x 1 root root 4949 Jun 6 2008 _updown
-rwxr-xr-x 1 root root 14030 Jun 6 2008 _updown.klips
-rwxr-xr-x 1 root root 14030 Jun 6 2008 _updown.klips.old
-rwxr-xr-x 1 root root 13739 Jun 6 2008 _updown.mast
-rwxr-xr-x 1 root root 13739 Jun 6 2008 _updown.mast.old
-rwxr-xr-x 1 root root 8337 Jun 6 2008 _updown.netkey
-rwxr-xr-x 1 root root 188348 Jun 6 2008 addconn
-rwxr-xr-x 1 root root 6129 Jun 6 2008 auto
-rwxr-xr-x 1 root root 10758 Jun 6 2008 barf
-rwxr-xr-x 1 root root 90088 Jun 6 2008 eroute
-rwxr-xr-x 1 root root 20708 Jun 6 2008 ikeping
-rwxr-xr-x 1 root root 69804 Jun 6 2008 klipsdebug
-rwxr-xr-x 1 root root 1836 Jun 6 2008 livetest
-rwxr-xr-x 1 root root 2591 Jun 6 2008 look
-rwxr-xr-x 1 root root 1921 Jun 6 2008 newhostkey
-rwxr-xr-x 1 root root 60840 Jun 6 2008 pf_key
-rwxr-xr-x 1 root root 957728 Jun 6 2008 pluto
-rwxr-xr-x 1 root root 10236 Jun 6 2008 ranbits
-rwxr-xr-x 1 root root 20176 Jun 6 2008 rsasigkey
-rwxr-xr-x 1 root root 766 Jun 6 2008 secrets
lrwxrwxrwx 1 root root 30 Jan 20 09:30 setup ->
../../../etc/rc.d/init.d/ipsec
-rwxr-xr-x 1 root root 1054 Jun 6 2008 showdefaults
-rwxr-xr-x 1 root root 219368 Jun 6 2008 showhostkey
-rwxr-xr-x 1 root root 22744 Jun 6 2008 showpolicy
-rwxr-xr-x 1 root root 148388 Jun 6 2008 spi
-rwxr-xr-x 1 root root 77336 Jun 6 2008 spigrp
-rwxr-xr-x 1 root root 69700 Jun 6 2008 tncfg
-rwxr-xr-x 1 root root 12526 Jun 6 2008 verify
-rwxr-xr-x 1 root root 50340 Jun 6 2008 whack
+ _________________________ /proc/net/dev
+ cat /proc/net/dev
Inter-| Receive | Transmit
face |bytes packets errs drop fifo frame compressed
multicast|bytes packets errs drop fifo colls carrier compressed
lo: 452185 8706 0 0 0 0 0 0
452185 8706 0 0 0 0 0 0
eth0:392714376 437205 0 0 0 0 0 0
73748491 382403 0 0 0 0 0 0
pan0: 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0
+ _________________________ /proc/net/route
+ cat /proc/net/route
Iface Destination Gateway Flags RefCnt Use Metric
Mask MTU Window
IRTT
eth0 000FA8C0 00000000 0001 0 0 0 00FFFFFF 0
0
0
eth0 00000000 010FA8C0 0003 0 0 0 00000000 0
0
0
+ _________________________ /proc/sys/net/ipv4/ip_no_pmtu_disc
+ cat /proc/sys/net/ipv4/ip_no_pmtu_disc
0
+ _________________________ /proc/sys/net/ipv4/ip_forward
+ cat /proc/sys/net/ipv4/ip_forward
0
+ _________________________ /proc/sys/net/ipv4/tcp_ecn
+ cat /proc/sys/net/ipv4/tcp_ecn
0
+ _________________________ /proc/sys/net/ipv4/conf/star-rp_filter
+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/rp_filter default/rp_filter eth0/rp_filter lo/rp_filter
pan0/rp_filter
all/rp_filter:0
default/rp_filter:1
eth0/rp_filter:1
lo/rp_filter:1
pan0/rp_filter:1
+ _________________________ /proc/sys/net/ipv4/conf/star-star-redirects
+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/accept_redirects all/secure_redirects all/send_redirects
default/accept_redirects default/secure_redirects default/send_redirects
eth0/accept_redirects eth0/secure_redirects eth0/send_redirects
lo/accept_redirects lo/secure_redirects lo/send_redirects
pan0/accept_redirects pan0/secure_redirects pan0/send_redirects
all/accept_redirects:1
all/secure_redirects:1
all/send_redirects:1
default/accept_redirects:1
default/secure_redirects:1
default/send_redirects:1
eth0/accept_redirects:1
eth0/secure_redirects:1
eth0/send_redirects:1
lo/accept_redirects:1
lo/secure_redirects:1
lo/send_redirects:1
pan0/accept_redirects:1
pan0/secure_redirects:1
pan0/send_redirects:1
+ _________________________ /proc/sys/net/ipv4/tcp_window_scaling
+ cat /proc/sys/net/ipv4/tcp_window_scaling
1
+ _________________________ /proc/sys/net/ipv4/tcp_adv_win_scale
+ cat /proc/sys/net/ipv4/tcp_adv_win_scale
2
+ _________________________ uname-a
+ uname -a
Linux localhost.localdomain 2.6.27.5-41.fc9.i686 #1 SMP Thu Nov 13
20:52:14 EST 2008 i686 i686 i386 GNU/Linux
+ _________________________ config-built-with
+ test -r /proc/config_built_with
+ _________________________ distro-release
+ for distro in /etc/redhat-release /etc/debian-release
/etc/SuSE-release /etc/mandrake-release /etc/mandriva-release
/etc/gentoo-release
+ test -f /etc/redhat-release
+ cat /etc/redhat-release
Fedora release 9 (Sulphur)
+ for distro in /etc/redhat-release /etc/debian-release
/etc/SuSE-release /etc/mandrake-release /etc/mandriva-release
/etc/gentoo-release
+ test -f /etc/debian-release
+ for distro in /etc/redhat-release /etc/debian-release
/etc/SuSE-release /etc/mandrake-release /etc/mandriva-release
/etc/gentoo-release
+ test -f /etc/SuSE-release
+ for distro in /etc/redhat-release /etc/debian-release
/etc/SuSE-release /etc/mandrake-release /etc/mandriva-release
/etc/gentoo-release
+ test -f /etc/mandrake-release
+ for distro in /etc/redhat-release /etc/debian-release
/etc/SuSE-release /etc/mandrake-release /etc/mandriva-release
/etc/gentoo-release
+ test -f /etc/mandriva-release
+ for distro in /etc/redhat-release /etc/debian-release
/etc/SuSE-release /etc/mandrake-release /etc/mandriva-release
/etc/gentoo-release
+ test -f /etc/gentoo-release
+ _________________________ /proc/net/ipsec_version
+ test -r /proc/net/ipsec_version
+ test -r /proc/net/pfkey
++ uname -r
+ echo 'NETKEY (2.6.27.5-41.fc9.i686) support detected '
NETKEY (2.6.27.5-41.fc9.i686) support detected
+ _________________________ iptables
+ test -r /sbin/iptables
+ iptables -L -v -n
+ _________________________ iptables-nat
+ iptables -t nat -L -v -n
+ _________________________ iptables-mangle
+ iptables -t mangle -L -v -n
+ _________________________ /proc/modules
+ test -f /proc/modules
+ cat /proc/modules
ipcomp6 6912 0 - Live 0xfacdb000
ipcomp 6656 0 - Live 0xfac54000
ah6 9216 0 - Live 0xfad76000
ah4 8320 0 - Live 0xfacd3000
esp6 9472 0 - Live 0xfaccf000
esp4 9472 0 - Live 0xfaccb000
xfrm4_mode_beet 6400 0 - Live 0xfacbc000
xfrm4_tunnel 6272 0 - Live 0xfacb9000
xfrm4_mode_tunnel 6272 0 - Live 0xfacb6000
xfrm4_mode_transport 5760 0 - Live 0xfacb3000
xfrm6_mode_transport 5760 0 - Live 0xfac86000
xfrm6_mode_ro 5632 0 - Live 0xfac83000
xfrm6_mode_beet 6144 0 - Live 0xfac80000
xfrm6_mode_tunnel 6144 0 - Live 0xfac7d000
af_key 30356 0 - Live 0xfac66000
iptable_mangle 6656 0 - Live 0xfad5d000
iptable_nat 8712 0 - Live 0xfad7a000
nf_nat 17944 1 iptable_nat, Live 0xfad81000
nls_utf8 5632 1 - Live 0xfad73000
deflate 6528 0 - Live 0xfad60000
zlib_deflate 21224 1 deflate, Live 0xfad6c000
ctr 7936 0 - Live 0xfad34000
camellia 22144 0 - Live 0xfad65000
bridge 43668 0 - Live 0xfad47000
stp 6148 1 bridge, Live 0xfad37000
bnep 14848 2 - Live 0xfad2a000
rfcomm 33936 4 - Live 0xfad53000
rmd160 14720 0 - Live 0xfad2f000
l2cap 21504 16 bnep,rfcomm, Live 0xfad18000
bluetooth 48608 5 bnep,rfcomm,l2cap, Live 0xfad3a000
crypto_null 6784 0 - Live 0xfad0f000
ccm 11776 0 - Live 0xfad26000
serpent 22912 0 - Live 0xfad1f000
blowfish 12032 0 - Live 0xfacf7000
twofish 10880 0 - Live 0xfad0b000
twofish_common 17024 1 twofish, Live 0xfad12000
ecb 6528 0 - Live 0xfad08000
xcbc 8200 0 - Live 0xfad04000
cbc 7168 0 - Live 0xfacfb000
crypto_blkcipher 18052 5 ctr,crypto_null,ccm,ecb,cbc, Live 0xfacfe000
sha256_generic 16128 0 - Live 0xfacee000
sha512_generic 11904 0 - Live 0xfacf3000
des_generic 20352 0 - Live 0xfacde000
aes_i586 11648 0 - Live 0xfacbf000
aes_generic 31144 1 aes_i586, Live 0xface5000
xfrm_ipcomp 8584 2 ipcomp6,ipcomp, Live 0xfacd7000
aead 9600 3 esp6,esp4,ccm, Live 0xfacc3000
tunnel4 6792 1 xfrm4_tunnel, Live 0xfac51000
xfrm6_tunnel 9860 1 ipcomp6, Live 0xfac62000
tunnel6 6664 1 xfrm6_tunnel, Live 0xfac5f000
fuse 49436 3 - Live 0xfac6f000
sunrpc 155924 3 - Live 0xfac8b000
ipt_REJECT 6656 2 - Live 0xfac5c000
nf_conntrack_ipv4 11528 5 iptable_nat,nf_nat, Live 0xfab28000
iptable_filter 6528 1 - Live 0xfac40000
ip_tables 13712 3 iptable_mangle,iptable_nat,iptable_filter, Live 0xfac57000
ip6t_REJECT 7296 2 - Live 0xfac38000
xt_tcpudp 6656 2 - Live 0xfac35000
nf_conntrack_ipv6 15864 2 - Live 0xfac3b000
xt_state 5888 4 - Live 0xfac32000
nf_conntrack 51424 5
iptable_nat,nf_nat,nf_conntrack_ipv4,nf_conntrack_ipv6,xt_state, Live
0xfac43000
ip6table_filter 6400 1 - Live 0xfab2c000
ip6_tables 14736 1 ip6table_filter, Live 0xf8ade000
x_tables 15236 7
iptable_nat,ipt_REJECT,ip_tables,ip6t_REJECT,xt_tcpudp,xt_state,ip6_tables,
Live 0xf8ad1000
cpufreq_ondemand 9868 2 - Live 0xf8ada000
acpi_cpufreq 12172 0 - Live 0xf8ad6000
dm_multipath 17292 0 - Live 0xf8a59000
scsi_dh 9476 1 dm_multipath, Live 0xf89d2000
radeon 119044 3 - Live 0xf8b08000
drm 146404 4 radeon, Live 0xf8ae3000
ipv6 230260 39
ipcomp6,ah6,esp6,xfrm6_mode_beet,xfrm6_mode_tunnel,xfrm6_tunnel,tunnel6,ip6t_REJECT,nf_conntrack_ipv6,
Live 0xf8a1f000
snd_hda_intel 351380 3 - Live 0xf8a5f000
snd_seq_dummy 6660 0 - Live 0xf89a3000
snd_seq_oss 30364 0 - Live 0xf89e3000
snd_seq_midi_event 9600 1 snd_seq_oss, Live 0xf89b0000
snd_seq 48576 5 snd_seq_dummy,snd_seq_oss,snd_seq_midi_event, Live
0xf89d6000
snd_seq_device 9996 3 snd_seq_dummy,snd_seq_oss,snd_seq, Live 0xf89ac000
snd_pcm_oss 42496 0 - Live 0xf89ba000
snd_mixer_oss 16896 1 snd_pcm_oss, Live 0xf89a6000
snd_pcm 65924 2 snd_hda_intel,snd_pcm_oss, Live 0xf896e000
snd_timer 22024 2 snd_seq,snd_pcm, Live 0xf8926000
snd_page_alloc 11016 2 snd_hda_intel,snd_pcm, Live 0xf896a000
snd_hwdep 10500 1 snd_hda_intel, Live 0xf8937000
ppdev 10372 0 - Live 0xf8933000
snd 50744 16
snd_hda_intel,snd_seq_dummy,snd_seq_oss,snd_seq,snd_seq_device,snd_pcm_oss,snd_mixer_oss,snd_pcm,snd_timer,snd_hwdep,
Live 0xf8991000
parport_pc 25620 0 - Live 0xf893d000
parport 31956 2 ppdev,parport_pc, Live 0xf8961000
dcdbas 10272 0 - Live 0xf891e000
sr_mod 17064 1 - Live 0xf892d000
tg3 107780 0 - Live 0xf8945000
serio_raw 8836 0 - Live 0xf8922000
libphy 18560 1 tg3, Live 0xf88fd000
soundcore 9416 1 snd, Live 0xf891a000
iTCO_wdt 13732 0 - Live 0xf8903000
cdrom 32664 1 sr_mod, Live 0xf8911000
i2c_i801 12048 0 - Live 0xf88ca000
iTCO_vendor_support 6916 1 iTCO_wdt, Live 0xf8834000
pcspkr 6272 0 - Live 0xf88ba000
i2c_core 21396 2 drm,i2c_i801, Live 0xf88f0000
sg 31028 0 - Live 0xf8908000
dm_snapshot 19364 0 - Live 0xf88f7000
dm_zero 5632 0 - Live 0xf88ad000
dm_mirror 19968 0 - Live 0xf88b4000
dm_log 12164 1 dm_mirror, Live 0xf884e000
dm_mod 48692 10 dm_multipath,dm_snapshot,dm_zero,dm_mirror,dm_log, Live
0xf88bd000
pata_acpi 7680 0 - Live 0xf884b000
ata_generic 8452 0 - Live 0xf8847000
ata_piix 24836 3 - Live 0xf88a5000
libata 134380 3 pata_acpi,ata_generic,ata_piix, Live 0xf88ce000
sd_mod 32408 3 - Live 0xf889c000
scsi_mod 123772 5 scsi_dh,sr_mod,sg,libata,sd_mod, Live 0xf885f000
crc_t10dif 5632 1 sd_mod, Live 0xf8844000
ext3 109192 2 - Live 0xf8880000
jbd 42900 1 ext3, Live 0xf8853000
mbcache 10244 1 ext3, Live 0xf8839000
uhci_hcd 23312 0 - Live 0xf883d000
ohci_hcd 24336 0 - Live 0xf8824000
ehci_hcd 32524 0 - Live 0xf882b000
+ _________________________ /proc/meminfo
+ cat /proc/meminfo
MemTotal: 2072476 kB
MemFree: 87604 kB
Buffers: 160136 kB
Cached: 779088 kB
SwapCached: 32 kB
Active: 1195048 kB
Inactive: 559600 kB
HighTotal: 1177596 kB
HighFree: 12000 kB
LowTotal: 894880 kB
LowFree: 75604 kB
SwapTotal: 2031608 kB
SwapFree: 2031456 kB
Dirty: 176 kB
Writeback: 0 kB
AnonPages: 815192 kB
Mapped: 143760 kB
Slab: 129540 kB
SReclaimable: 110380 kB
SUnreclaim: 19160 kB
PageTables: 7032 kB
NFS_Unstable: 0 kB
Bounce: 0 kB
WritebackTmp: 0 kB
CommitLimit: 3067844 kB
Committed_AS: 1478656 kB
VmallocTotal: 110584 kB
VmallocUsed: 38328 kB
VmallocChunk: 72156 kB
HugePages_Total: 0
HugePages_Free: 0
HugePages_Rsvd: 0
HugePages_Surp: 0
Hugepagesize: 4096 kB
DirectMap4k: 8192 kB
DirectMap4M: 909312 kB
+ _________________________ /proc/net/ipsec-ls
+ test -f /proc/net/ipsec_version
+ _________________________ usr/src/linux/.config
+ test -f /proc/config.gz
++ uname -r
+ test -f /lib/modules/2.6.27.5-41.fc9.i686/build/.config
+ echo 'no .config file found, cannot list kernel properties'
no .config file found, cannot list kernel properties
+ _________________________ etc/syslog.conf
+ _________________________ etc/syslog-ng/syslog-ng.conf
+ cat /etc/syslog-ng/syslog-ng.conf
cat: /etc/syslog-ng/syslog-ng.conf: No such file or directory
+ cat /etc/syslog.conf
cat: /etc/syslog.conf: No such file or directory
+ _________________________ etc/resolv.conf
+ cat /etc/resolv.conf
# generated by NetworkManager, do not edit!
nameserver 192.168.15.1
+ _________________________ lib/modules-ls
+ ls -ltr /lib/modules
total 12
drwxr-xr-x 7 root root 4096 Oct 24 17:56 2.6.26.6-79.fc9.i686
drwxr-xr-x 7 root root 4096 Nov 15 12:00 2.6.27.5-37.fc9.i686
drwxr-xr-x 7 root root 4096 Nov 19 13:03 2.6.27.5-41.fc9.i686
+ _________________________ /proc/ksyms-netif_rx
+ test -r /proc/ksyms
+ test -r /proc/kallsyms
+ egrep netif_rx /proc/kallsyms
c05d6055 T netif_rx
c05d6697 T netif_rx_ni
c072abbc r __ksymtab_netif_rx
c072acc4 r __ksymtab_netif_rx_ni
c073b292 r __kstrtab_netif_rx
c073b4ce r __kstrtab_netif_rx_ni
c05d6697 u netif_rx_ni [bnep]
c05d6055 u netif_rx [ipv6]
f894f103 t netif_rx_schedule [tg3]
f8950af8 t netif_rx_complete [tg3]
+ _________________________ lib/modules-netif_rx
+ modulegoo kernel/net/ipv4/ipip.o netif_rx
+ set +x
2.6.26.6-79.fc9.i686:
2.6.27.5-37.fc9.i686:
2.6.27.5-41.fc9.i686:
+ _________________________ kern.debug
+ test -f /var/log/kern.debug
+ _________________________ klog
+ sed -n '1151,$p' /var/log/messages
+ egrep -i 'ipsec|klips|pluto'
+ case "$1" in
+ cat
Jan 26 09:36:38 localhost ipsec_setup: Starting Openswan IPsec
U2.6.14/K2.6.27.5-41.fc9.i686...
Jan 26 09:36:38 localhost ipsec_setup:
Jan 26 09:36:38 localhost ipsec_setup:
Jan 26 09:36:38 localhost setroubleshoot: SELinux is preventing logger
(ipsec_mgmt_t) "write" to log (devlog_t). For complete SELinux messages.
run sealert -l 68eff3d4-9eec-4f59-91c1-4d0cde3d88a2
Jan 26 09:36:39 localhost setroubleshoot: SELinux is preventing logger
(ipsec_mgmt_t) "write" to log (devlog_t). For complete SELinux messages.
run sealert -l 68eff3d4-9eec-4f59-91c1-4d0cde3d88a2
Jan 26 09:36:39 localhost setroubleshoot: SELinux is preventing logger
(ipsec_mgmt_t) "write" to log (devlog_t). For complete SELinux messages.
run sealert -l 68eff3d4-9eec-4f59-91c1-4d0cde3d88a2
Jan 26 09:36:39 localhost setroubleshoot: SELinux is preventing logger
(ipsec_mgmt_t) "write" to log (devlog_t). For complete SELinux messages.
run sealert -l 68eff3d4-9eec-4f59-91c1-4d0cde3d88a2
Jan 26 09:36:40 localhost setroubleshoot: SELinux is preventing logger
(ipsec_mgmt_t) "write" to log (devlog_t). For complete SELinux messages.
run sealert -l 68eff3d4-9eec-4f59-91c1-4d0cde3d88a2
Jan 26 09:36:40 localhost setroubleshoot: SELinux is preventing auto
(ipsec_mgmt_t) "execute_no_trans" to /bin/bash (shell_exec_t). For
complete SELinux messages. run sealert -l
12b4c94d-97f6-41cb-886f-048b26a24b1f
Jan 26 09:36:40 localhost setroubleshoot: SELinux is preventing logger
(ipsec_mgmt_t) "write" to log (devlog_t). For complete SELinux messages.
run sealert -l 68eff3d4-9eec-4f59-91c1-4d0cde3d88a2
Jan 26 09:36:40 localhost setroubleshoot: SELinux is preventing auto
(ipsec_mgmt_t) "execute_no_trans" to /bin/bash (shell_exec_t). For
complete SELinux messages. run sealert -l
12b4c94d-97f6-41cb-886f-048b26a24b1f
Jan 26 09:36:41 localhost setroubleshoot: SELinux is preventing logger
(ipsec_mgmt_t) "write" to log (devlog_t). For complete SELinux messages.
run sealert -l 68eff3d4-9eec-4f59-91c1-4d0cde3d88a2
Jan 26 09:36:41 localhost setroubleshoot: SELinux is preventing auto
(ipsec_mgmt_t) "execute_no_trans" to /bin/bash (shell_exec_t). For
complete SELinux messages. run sealert -l
12b4c94d-97f6-41cb-886f-048b26a24b1f
Jan 26 09:36:41 localhost setroubleshoot: SELinux is preventing logger
(ipsec_mgmt_t) "write" to log (devlog_t). For complete SELinux messages.
run sealert -l 68eff3d4-9eec-4f59-91c1-4d0cde3d88a2
Jan 26 09:36:41 localhost setroubleshoot: SELinux is preventing auto
(ipsec_mgmt_t) "execute_no_trans" to /bin/bash (shell_exec_t). For
complete SELinux messages. run sealert -l
12b4c94d-97f6-41cb-886f-048b26a24b1f
Jan 26 09:36:42 localhost setroubleshoot: SELinux is preventing logger
(ipsec_mgmt_t) "write" to log (devlog_t). For complete SELinux messages.
run sealert -l 68eff3d4-9eec-4f59-91c1-4d0cde3d88a2
Jan 26 09:36:42 localhost setroubleshoot: SELinux is preventing auto
(ipsec_mgmt_t) "execute_no_trans" to /bin/bash (shell_exec_t). For
complete SELinux messages. run sealert -l
12b4c94d-97f6-41cb-886f-048b26a24b1f
Jan 26 09:36:42 localhost setroubleshoot: SELinux is preventing logger
(ipsec_mgmt_t) "write" to log (devlog_t). For complete SELinux messages.
run sealert -l 68eff3d4-9eec-4f59-91c1-4d0cde3d88a2
+ _________________________ plog
+ sed -n '5,$p' /var/log/secure
+ egrep -i pluto
+ case "$1" in
+ cat
Jan 26 09:33:17 localhost pluto[20993]: Starting Pluto (Openswan Version
2.6.14; Vendor ID OEoSJUweaqAX) pid:20993
Jan 26 09:33:17 localhost pluto[20993]: Setting NAT-Traversal port-4500
floating to on
Jan 26 09:33:17 localhost pluto[20993]: port floating activation
criteria nat_t=1/port_float=1
Jan 26 09:33:17 localhost pluto[20993]: including NAT-Traversal patch
(Version 0.6c)
Jan 26 09:33:17 localhost pluto[20993]: using /dev/urandom as source of
random entropy
Jan 26 09:33:17 localhost pluto[20993]: ike_alg_register_enc():
Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
Jan 26 09:33:17 localhost pluto[20993]: ike_alg_register_enc():
Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
Jan 26 09:33:17 localhost pluto[20993]: ike_alg_register_enc():
Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
Jan 26 09:33:17 localhost pluto[20993]: ike_alg_register_enc():
Activating OAKLEY_AES_CBC: Ok (ret=0)
Jan 26 09:33:17 localhost pluto[20993]: ike_alg_register_enc():
Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
Jan 26 09:33:17 localhost pluto[20993]: ike_alg_register_hash():
Activating OAKLEY_SHA2_512: Ok (ret=0)
Jan 26 09:33:17 localhost pluto[20993]: ike_alg_register_hash():
Activating OAKLEY_SHA2_256: Ok (ret=0)
Jan 26 09:33:17 localhost pluto[20993]: starting up 1 cryptographic helpers
Jan 26 09:33:17 localhost pluto[21003]: using /dev/urandom as source of
random entropy
Jan 26 09:33:17 localhost pluto[20993]: started helper pid=21003 (fd:7)
Jan 26 09:33:17 localhost pluto[20993]: Using Linux 2.6 IPsec interface
code on 2.6.27.5-41.fc9.i686 (experimental code)
Jan 26 09:33:18 localhost pluto[20993]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 26 09:33:18 localhost pluto[20993]: ike_alg_register_enc():
Activating <NULL>: Ok (ret=0)
Jan 26 09:33:18 localhost pluto[20993]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 26 09:33:18 localhost pluto[20993]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 26 09:33:18 localhost pluto[20993]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 26 09:33:18 localhost pluto[20993]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 26 09:33:18 localhost pluto[20993]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 26 09:33:18 localhost pluto[20993]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 26 09:33:18 localhost pluto[20993]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 26 09:33:18 localhost pluto[20993]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 26 09:33:18 localhost pluto[20993]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 26 09:33:18 localhost pluto[20993]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 26 09:33:18 localhost pluto[20993]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 26 09:33:18 localhost pluto[20993]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 26 09:33:18 localhost pluto[20993]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 26 09:33:18 localhost pluto[20993]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 26 09:33:18 localhost pluto[20993]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 26 09:33:18 localhost pluto[20993]: Could not change to directory
'/etc/ipsec.d/cacerts': /etc/ipsec.d
Jan 26 09:33:18 localhost pluto[20993]: Could not change to directory
'/etc/ipsec.d/aacerts': /etc/ipsec.d
Jan 26 09:33:18 localhost pluto[20993]: Could not change to directory
'/etc/ipsec.d/ocspcerts': /etc/ipsec.d
Jan 26 09:33:18 localhost pluto[20993]: Could not change to directory
'/etc/ipsec.d/crls'
Jan 26 09:33:18 localhost pluto[20993]: Changing back to directory
'/etc/ipsec.d' failed - (2 No such file or directory)
Jan 26 09:33:18 localhost pluto[20993]: Changing back to directory
'/etc/ipsec.d' failed - (2 No such file or directory)
Jan 26 09:33:18 localhost pluto[20993]: added connection description "vo"
Jan 26 09:33:18 localhost pluto[20993]: added connection description "vodmz"
Jan 26 09:33:28 localhost pluto[20993]: shutting down
Jan 26 09:33:28 localhost pluto[20993]: "vodmz": deleting connection
Jan 26 09:33:28 localhost pluto[20993]: "vo": deleting connection
Jan 26 09:33:31 localhost pluto[21368]: Starting Pluto (Openswan Version
2.6.14; Vendor ID OEoSJUweaqAX) pid:21368
Jan 26 09:33:31 localhost pluto[21368]: Setting NAT-Traversal port-4500
floating to on
Jan 26 09:33:31 localhost pluto[21368]: port floating activation
criteria nat_t=1/port_float=1
Jan 26 09:33:31 localhost pluto[21368]: including NAT-Traversal patch
(Version 0.6c)
Jan 26 09:33:31 localhost pluto[21368]: using /dev/urandom as source of
random entropy
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_register_enc():
Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_register_enc():
Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_register_enc():
Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_register_enc():
Activating OAKLEY_AES_CBC: Ok (ret=0)
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_register_enc():
Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_register_hash():
Activating OAKLEY_SHA2_512: Ok (ret=0)
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_register_hash():
Activating OAKLEY_SHA2_256: Ok (ret=0)
Jan 26 09:33:31 localhost pluto[21368]: starting up 1 cryptographic helpers
Jan 26 09:33:31 localhost pluto[21371]: using /dev/urandom as source of
random entropy
Jan 26 09:33:31 localhost pluto[21368]: started helper pid=21371 (fd:7)
Jan 26 09:33:31 localhost pluto[21368]: Using Linux 2.6 IPsec interface
code on 2.6.27.5-41.fc9.i686 (experimental code)
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_register_enc():
Activating <NULL>: Ok (ret=0)
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 26 09:33:31 localhost pluto[21368]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 26 09:33:31 localhost pluto[21368]: Could not change to directory
'/etc/ipsec.d/cacerts': /etc/ipsec.d
Jan 26 09:33:31 localhost pluto[21368]: Could not change to directory
'/etc/ipsec.d/aacerts': /etc/ipsec.d
Jan 26 09:33:31 localhost pluto[21368]: Could not change to directory
'/etc/ipsec.d/ocspcerts': /etc/ipsec.d
Jan 26 09:33:31 localhost pluto[21368]: Could not change to directory
'/etc/ipsec.d/crls'
Jan 26 09:33:31 localhost pluto[21368]: Changing back to directory
'/etc/ipsec.d' failed - (2 No such file or directory)
Jan 26 09:33:31 localhost pluto[21368]: Changing back to directory
'/etc/ipsec.d' failed - (2 No such file or directory)
Jan 26 09:33:31 localhost pluto[21368]: added connection description "vo"
Jan 26 09:33:31 localhost pluto[21368]: added connection description "vodmz"
Jan 26 09:34:10 localhost pluto[21368]: shutting down
Jan 26 09:34:10 localhost pluto[21368]: "vodmz": deleting connection
Jan 26 09:34:10 localhost pluto[21368]: "vo": deleting connection
Jan 26 09:34:12 localhost pluto[21750]: Starting Pluto (Openswan Version
2.6.14; Vendor ID OEoSJUweaqAX) pid:21750
Jan 26 09:34:12 localhost pluto[21750]: Setting NAT-Traversal port-4500
floating to on
Jan 26 09:34:12 localhost pluto[21750]: port floating activation
criteria nat_t=1/port_float=1
Jan 26 09:34:12 localhost pluto[21750]: including NAT-Traversal patch
(Version 0.6c)
Jan 26 09:34:12 localhost pluto[21750]: using /dev/urandom as source of
random entropy
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_register_enc():
Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_register_enc():
Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_register_enc():
Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_register_enc():
Activating OAKLEY_AES_CBC: Ok (ret=0)
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_register_enc():
Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_register_hash():
Activating OAKLEY_SHA2_512: Ok (ret=0)
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_register_hash():
Activating OAKLEY_SHA2_256: Ok (ret=0)
Jan 26 09:34:12 localhost pluto[21750]: starting up 1 cryptographic helpers
Jan 26 09:34:12 localhost pluto[21752]: using /dev/urandom as source of
random entropy
Jan 26 09:34:12 localhost pluto[21750]: started helper pid=21752 (fd:7)
Jan 26 09:34:12 localhost pluto[21750]: Using Linux 2.6 IPsec interface
code on 2.6.27.5-41.fc9.i686 (experimental code)
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_register_enc():
Activating <NULL>: Ok (ret=0)
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 26 09:34:12 localhost pluto[21750]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 26 09:34:12 localhost pluto[21750]: Could not change to directory
'/etc/ipsec.d/cacerts': /etc/ipsec.d
Jan 26 09:34:12 localhost pluto[21750]: Could not change to directory
'/etc/ipsec.d/aacerts': /etc/ipsec.d
Jan 26 09:34:12 localhost pluto[21750]: Could not change to directory
'/etc/ipsec.d/ocspcerts': /etc/ipsec.d
Jan 26 09:34:12 localhost pluto[21750]: Could not change to directory
'/etc/ipsec.d/crls'
Jan 26 09:34:12 localhost pluto[21750]: Changing back to directory
'/etc/ipsec.d' failed - (2 No such file or directory)
Jan 26 09:34:12 localhost pluto[21750]: Changing back to directory
'/etc/ipsec.d' failed - (2 No such file or directory)
Jan 26 09:34:12 localhost pluto[21750]: added connection description "vo"
Jan 26 09:34:12 localhost pluto[21750]: added connection description "vodmz"
Jan 26 09:36:36 localhost pluto[21750]: shutting down
Jan 26 09:36:36 localhost pluto[21750]: "vodmz": deleting connection
Jan 26 09:36:36 localhost pluto[21750]: "vo": deleting connection
Jan 26 09:36:38 localhost pluto[22267]: Starting Pluto (Openswan Version
2.6.14; Vendor ID OEoSJUweaqAX) pid:22267
Jan 26 09:36:38 localhost pluto[22267]: Setting NAT-Traversal port-4500
floating to on
Jan 26 09:36:38 localhost pluto[22267]: port floating activation
criteria nat_t=1/port_float=1
Jan 26 09:36:38 localhost pluto[22267]: including NAT-Traversal patch
(Version 0.6c)
Jan 26 09:36:38 localhost pluto[22267]: using /dev/urandom as source of
random entropy
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_register_enc():
Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_register_enc():
Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_register_enc():
Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_register_enc():
Activating OAKLEY_AES_CBC: Ok (ret=0)
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_register_enc():
Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_register_hash():
Activating OAKLEY_SHA2_512: Ok (ret=0)
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_register_hash():
Activating OAKLEY_SHA2_256: Ok (ret=0)
Jan 26 09:36:38 localhost pluto[22267]: starting up 1 cryptographic helpers
Jan 26 09:36:38 localhost pluto[22268]: using /dev/urandom as source of
random entropy
Jan 26 09:36:38 localhost pluto[22267]: started helper pid=22268 (fd:7)
Jan 26 09:36:38 localhost pluto[22267]: Using Linux 2.6 IPsec interface
code on 2.6.27.5-41.fc9.i686 (experimental code)
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_register_enc():
Activating <NULL>: Ok (ret=0)
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_register_enc(): WARNING:
enc alg=0 not found in constants.c:oakley_enc_names
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_add(): ERROR: Algorithm
already exists
Jan 26 09:36:38 localhost pluto[22267]: ike_alg_register_enc():
Activating <NULL>: FAILED (ret=-17)
Jan 26 09:36:39 localhost pluto[22267]: Could not change to directory
'/etc/ipsec.d/cacerts': /etc/ipsec.d
Jan 26 09:36:39 localhost pluto[22267]: Could not change to directory
'/etc/ipsec.d/aacerts': /etc/ipsec.d
Jan 26 09:36:39 localhost pluto[22267]: Could not change to directory
'/etc/ipsec.d/ocspcerts': /etc/ipsec.d
Jan 26 09:36:39 localhost pluto[22267]: Could not change to directory
'/etc/ipsec.d/crls'
Jan 26 09:36:39 localhost pluto[22267]: Changing back to directory
'/etc/ipsec.d' failed - (2 No such file or directory)
Jan 26 09:36:39 localhost pluto[22267]: Changing back to directory
'/etc/ipsec.d' failed - (2 No such file or directory)
Jan 26 09:36:39 localhost pluto[22267]: added connection description "vo"
Jan 26 09:36:39 localhost pluto[22267]: added connection description "vodmz"
+ _________________________ date
+ date
Mon Jan 26 09:41:09 EST 2009
--
Chris Garrigues
Senior System Administrator
Ph: (512) 961-6808
chris.garrigues at SteepRockInc.com <mailto:chris.garrigues at SteepRockInc.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20090126/151985c2/attachment-0001.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: SteepRockLogo.gif
Type: image/gif
Size: 2419 bytes
Desc: not available
Url : http://lists.openswan.org/pipermail/users/attachments/20090126/151985c2/attachment-0001.gif
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
Url : http://lists.openswan.org/pipermail/users/attachments/20090126/151985c2/attachment-0001.bin
More information about the Users
mailing list