[Openswan Users] Problems routing from left to right, but not in reverse
Randy Wyatt
rwyatt at nvtl.com
Thu Sep 17 19:15:22 EDT 2009
I am currently working to evaluate the openswan application on a new
class of devices, but I am running into a bit of difficulty.
The IPSEC SA appears to come up, but I am unable to pass traffic through
to hosts on the right subnet. I am able to pass traffic from hosts on
the right subnet to hosts on the left subnet.
I have scratched my head over this for 2 days, and just can't seem to
get anywhere.
Here is the output of ipsec barf on the left.
# /flashapps/open[15D
# /flashapps/openmifi_vpn/[Jop[26D
# /flashapps/openmifi_vpn/openswan/[Jus[35D
# /flashapps/openmifi_vpn/openswan/usr/[Jl[38D
# /flashapps/openmifi_vpn/openswan/usr/local/[Js[44D
# /flashapps/openmifi_vpn/openswan/usr/local/sbin/[Jip[50D
# /flashapps/openmifi_vpn/openswan/usr/local/sbin/ipsec [Jbarf
Unable to find KLIPS messages, typically found in /var/log/messages or
equivalent. You may need to run Openswan for the first time;
alternatively, your log files have been emptied (ie, logwatch) or we do
not understand your logging configuration.
Unable to find Pluto messages, typically found in /var/log/secure or
equivalent. You may need to run Openswan for the first time;
alternatively, your log files have been emptied (ie, logwatch) or we do
not understand your logging configuration.
(none)
Thu Sep 17 16:06:52 UTC 2009
+ _________________________ version
+
+ ipsec --version
Linux Openswan U2.6.22/K2.6.25.05 (netkey)
See `ipsec --copyright' for copyright information.
+ _________________________ /proc/version
+
+ cat /proc/version
Linux version 2.6.25.05 (ylee at vernalequinox) (gcc version 4.1.1
(CodeSourcery ARM Sourcery G++ 2006q3-26)) #1 PREEMPT Mon Aug 31
22:14:42 EDT 2009
+ _________________________ /proc/net/ipsec_eroute
+
+ test -r /proc/net/ipsec_eroute
+ _________________________ netstat-rn
+
+ netstat -nr
+ head -n 100
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt
Iface
10.64.64.64 0.0.0.0 255.255.255.255 UH 0 0 0
ppp0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0
usb0
0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0
ppp0
+ _________________________ /proc/net/ipsec_spi
+
+ test -r /proc/net/ipsec_spi
+ _________________________ /proc/net/ipsec_spigrp
+
+ test -r /proc/net/ipsec_spigrp
+ _________________________ /proc/net/ipsec_tncfg
+
+ test -r /proc/net/ipsec_tncfg
+ _________________________ /proc/net/pfkey
+
+ test -r /proc/net/pfkey
+ cat /proc/net/pfkey
sk RefCnt Rmem Wmem User Inode
+ _________________________ ip-xfrm-state
+
+ ip xfrm state
BusyBox v1.10.4 (2009-08-31 22:21:14 EDT) multi-call binary
Usage: ip [OPTIONS] {address | route | link | } {COMMAND}
ip [OPTIONS] OBJECT {COMMAND}
where OBJECT := {address | route | link | }
OPTIONS := { -f[amily] { inet | inet6 | link } | -o[neline] }
+ _________________________ ip-xfrm-policy
+
+ ip xfrm policy
BusyBox v1.10.4 (2009-08-31 22:21:14 EDT) multi-call binary
Usage: ip [OPTIONS] {address | route | link | } {COMMAND}
ip [OPTIONS] OBJECT {COMMAND}
where OBJECT := {address | route | link | }
OPTIONS := { -f[amily] { inet | inet6 | link } | -o[neline] }
+ _________________________ /proc/crypto
+
+ test -r /proc/crypto
+ cat /proc/crypto
name : authenc(hmac(sha1),cbc(des3_ede))
driver : authenc(hmac(sha1-generic),cbc(des3_ede-generic))
module : kernel
priority : 0
refcnt : 5
type : aead
async : yes
blocksize : 8
ivsize : 8
maxauthsize : 20
geniv : <built-in>
name : cbc(des3_ede)
driver : cbc(des3_ede-generic)
module : kernel
priority : 0
refcnt : 5
type : givcipher
async : yes
blocksize : 8
min keysize : 24
max keysize : 24
ivsize : 8
geniv : chainiv
name : deflate
driver : deflate-generic
module : deflate
priority : 0
refcnt : 1
type : compression
name : rfc3686(ctr(aes))
driver : rfc3686(ctr(aes-generic))
module : kernel
priority : 100
refcnt : 1
type : blkcipher
blocksize : 1
min keysize : 20
max keysize : 36
ivsize : 8
geniv : seqiv
name : ctr(aes)
driver : ctr(aes-generic)
module : kernel
priority : 100
refcnt : 1
type : blkcipher
blocksize : 1
min keysize : 16
max keysize : 32
ivsize : 16
geniv : <default>
name : cbc(aes)
driver : cbc(aes-generic)
module : kernel
priority : 100
refcnt : 1
type : blkcipher
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 16
geniv : <default>
name : cbc(blowfish)
driver : cbc(blowfish-generic)
module : kernel
priority : 0
refcnt : 1
type : blkcipher
blocksize : 8
min keysize : 4
max keysize : 56
ivsize : 8
geniv : <default>
name : cbc(des3_ede)
driver : cbc(des3_ede-generic)
module : kernel
priority : 0
refcnt : 5
type : blkcipher
blocksize : 8
min keysize : 24
max keysize : 24
ivsize : 8
geniv : <default>
name : cbc(des)
driver : cbc(des-generic)
module : kernel
priority : 0
refcnt : 1
type : blkcipher
blocksize : 8
min keysize : 8
max keysize : 8
ivsize : 8
geniv : <default>
name : hmac(sha1)
driver : hmac(sha1-generic)
module : kernel
priority : 0
refcnt : 5
type : hash
blocksize : 64
digestsize : 20
name : hmac(md5)
driver : hmac(md5-generic)
module : kernel
priority : 0
refcnt : 1
type : hash
blocksize : 64
digestsize : 16
name : hmac(digest_null)
driver : hmac(digest_null-generic)
module : kernel
priority : 0
refcnt : 1
type : hash
blocksize : 1
digestsize : 0
name : compress_null
driver : compress_null-generic
module : crypto_null
priority : 0
refcnt : 1
type : compression
name : digest_null
driver : digest_null-generic
module : crypto_null
priority : 0
refcnt : 1
type : digest
blocksize : 1
digestsize : 0
name : ecb(cipher_null)
driver : ecb-cipher_null
module : crypto_null
priority : 100
refcnt : 1
type : blkcipher
blocksize : 1
min keysize : 0
max keysize : 0
ivsize : 0
geniv : <default>
name : cipher_null
driver : cipher_null-generic
module : crypto_null
priority : 0
refcnt : 1
type : cipher
blocksize : 1
min keysize : 0
max keysize : 0
name : blowfish
driver : blowfish-generic
module : blowfish
priority : 0
refcnt : 1
type : cipher
blocksize : 8
min keysize : 4
max keysize : 56
name : aes
driver : aes-generic
module : kernel
priority : 100
refcnt : 1
type : cipher
blocksize : 16
min keysize : 16
max keysize : 32
name : des3_ede
driver : des3_ede-generic
module : kernel
priority : 0
refcnt : 5
type : cipher
blocksize : 8
min keysize : 24
max keysize : 24
name : des
driver : des-generic
module : kernel
priority : 0
refcnt : 1
type : cipher
blocksize : 8
min keysize : 8
max keysize : 8
name : sha1
driver : sha1-generic
module : kernel
priority : 0
refcnt : 5
type : digest
blocksize : 64
digestsize : 20
name : md5
driver : md5-generic
module : kernel
priority : 0
refcnt : 1
type : digest
blocksize : 64
digestsize : 16
+ __________________________/proc/sys/net/core/xfrm-star
/usr/local/libexec/ipsec/barf: line 191:
__________________________/proc/sys/net/core/xfrm-star: not found
+ echo -n /proc/sys/net/core/xfrm_acq_expires:
/proc/sys/net/core/xfrm_acq_expires: + cat
/proc/sys/net/core/xfrm_acq_expires
30
+ echo -n /proc/sys/net/core/xfrm_aevent_etime:
/proc/sys/net/core/xfrm_aevent_etime: + cat
/proc/sys/net/core/xfrm_aevent_etime
10
+ echo -n /proc/sys/net/core/xfrm_aevent_rseqth:
/proc/sys/net/core/xfrm_aevent_rseqth: + cat
/proc/sys/net/core/xfrm_aevent_rseqth
2
+ echo -n /proc/sys/net/core/xfrm_larval_drop:
/proc/sys/net/core/xfrm_larval_drop: + cat
/proc/sys/net/core/xfrm_larval_drop
0
+ _________________________ /proc/sys/net/ipsec-star
+
+ test -d /proc/sys/net/ipsec
+ _________________________ ipsec/status
+
+ ipsec auto --status
000 using kernel interface: netkey
000 interface usb0/usb0 192.168.1.1
000 interface usb0/usb0 192.168.1.1
000 interface ppp0/ppp0 32.177.8.180
000 interface ppp0/ppp0 32.177.8.180
000 %myid = (none)
000 debug
raw+crypt+parsing+emitting+control+lifecycle+klips+dns+oppo+controlmore+
pfkey+nattraversal+x509
000
000 virtual_private (%priv):
000 - allowed 3 subnets: 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12
000 - disallowed 0 subnets:
000 WARNING: Either virtual_private= was not specified, or there was a
syntax
000 error in that line. 'left/rightsubnet=%priv' will not work!
000
000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64,
keysizemax=64
000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192,
keysizemax=192
000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8,
keysizemin=40, keysizemax=448
000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0,
keysizemax=0
000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128,
keysizemax=256
000 algorithm ESP encrypt: id=13, name=ESP_AES_CTR, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=14, name=ESP_AES_CCM_A, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=15, name=ESP_AES_CCM_B, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=16, name=ESP_AES_CCM_C, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=18, name=ESP_AES_GCM_A, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=19, name=ESP_AES_GCM_B, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=20, name=ESP_AES_GCM_C, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5,
keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1,
keysizemin=160, keysizemax=160
000 algorithm ESP auth attr: id=251, name=(null), keysizemin=0,
keysizemax=0
000
000 algorithm IKE encrypt: id=0, name=(null), blocksize=16,
keydeflen=131
000 algorithm IKE encrypt: id=3, name=OAKLEY_BLOWFISH_CBC, blocksize=8,
keydeflen=128
000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8,
keydeflen=192
000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16,
keydeflen=128
000 algorithm IKE encrypt: id=65004, name=OAKLEY_SERPENT_CBC,
blocksize=16, keydeflen=128
000 algorithm IKE encrypt: id=65005, name=OAKLEY_TWOFISH_CBC,
blocksize=16, keydeflen=128
000 algorithm IKE encrypt: id=65289, name=OAKLEY_TWOFISH_CBC_SSH,
blocksize=16, keydeflen=128
000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20
000 algorithm IKE hash: id=4, name=OAKLEY_SHA2_256, hashsize=32
000 algorithm IKE hash: id=6, name=OAKLEY_SHA2_512, hashsize=64
000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
000
000 stats db_ops: {curr_cnt, total_cnt, maxsz} :context={0,2,36}
trans={0,2,432} attrs={0,2,576}
000
000 "att-to-home":
192.168.1.0/24===32.177.8.180<32.177.8.180>[+S=C]...70.166.7.155<70.166.
7.155>[@rwwyatt.dyndns.org,+S=C]===10.0.1.0/24; erouted; eroute owner:
#6
000 "att-to-home": myip=unset; hisip=unset;
000 "att-to-home": ike_life: 3600s; ipsec_life: 28800s; rekey_margin:
540s; rekey_fuzz: 100%; keyingtries: 0
000 "att-to-home": policy:
PSK+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW+lKOD+rKOD; prio: 24,24; interface:
ppp0;
000 "att-to-home": newest ISAKMP SA: #3; newest IPsec SA: #6;
000 "att-to-home": IKE algorithms wanted:
3DES_CBC(5)_000-SHA1(2)-MODP1536(5),
3DES_CBC(5)_000-SHA1(2)-MODP1024(2); flags=-strict
000 "att-to-home": IKE algorithms found:
3DES_CBC(5)_192-SHA1(2)_160-5, 3DES_CBC(5)_192-SHA1(2)_160-2,
000 "att-to-home": IKE algorithm newest: 3DES_CBC_192-SHA1-MODP1536
000 "att-to-home": ESP algorithms wanted: 3DES(3)_000-SHA1(2);
pfsgroup=MODP1024(2); flags=-strict
000 "att-to-home": ESP algorithms loaded: 3DES(3)_192-SHA1(2)_160
000 "att-to-home": ESP algorithm newest: 3DES_0-HMAC_SHA1;
pfsgroup=MODP1024
000
000 #6: "att-to-home":4500 STATE_QUICK_I2 (sent QI2, IPsec SA
established); EVENT_SA_REPLACE in 26779s; newest IPSEC; eroute owner;
isakmp#3; idle; import:admin initiate
000 #6: "att-to-home" esp.dddaac04 at 70.166.7.155
esp.95903d60 at 32.177.8.180 tun.0 at 70.166.7.155 tun.0 at 32.177.8.180 ref=0
refhim=4294901761
000 #3: "att-to-home":4500 STATE_MAIN_I4 (ISAKMP SA established);
EVENT_SA_REPLACE in 1407s; newest ISAKMP; lastdpd=-1s(seq in:0 out:0);
idle; import:admin initiate
000 #5: "att-to-home":4500 STATE_QUICK_R2 (IPsec SA established);
EVENT_SA_REPLACE in 27356s; isakmp#4; idle; import:not set
000 #5: "att-to-home" esp.74f543b at 70.166.7.155 esp.b40bd9d7 at 32.177.8.180
tun.0 at 70.166.7.155 tun.0 at 32.177.8.180 ref=0 refhim=4294901761
000 #4: "att-to-home":4500 STATE_MAIN_R3 (sent MR3, ISAKMP SA
established); EVENT_SA_REPLACE in 2154s; lastdpd=-1s(seq in:0 out:0);
idle; import:not set
000
+ _________________________ ifconfig-a
+
+ ifconfig -a
dummy0 Link encap:Ethernet HWaddr DA:08:87:7B:F3:F4
BROADCAST NOARP MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
LOOPBACK MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
ppp0 Link encap:Point-to-Point Protocol
inet addr:32.177.8.180 P-t-P:10.64.64.64
Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:1400 errors:0 dropped:0 overruns:0 frame:0
TX packets:1342 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:216778 (211.6 KiB) TX bytes:193765 (189.2 KiB)
rmnet0 Link encap:Ethernet HWaddr 6E:4F:1B:4A:AA:56
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
rmnet1 Link encap:Ethernet HWaddr 6A:24:59:5C:03:A4
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
rmnet2 Link encap:Ethernet HWaddr BE:7D:1A:0E:51:E0
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
usb0 Link encap:Ethernet HWaddr 4A:FC:44:2A:83:45
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:11726 errors:0 dropped:0 overruns:0 frame:0
TX packets:10267 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1204205 (1.1 MiB) TX bytes:2276894 (2.1 MiB)
+ _________________________ ip-addr-list
+
+ ip addr list
1: lo: <LOOPBACK> mtu 16436 qdisc noop
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop
link/ether da:08:87:7b:f3:f4 brd ff:ff:ff:ff:ff:ff
3: rmnet0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 1000
link/ether 6e:4f:1b:4a:aa:56 brd ff:ff:ff:ff:ff:ff
4: rmnet1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 1000
link/ether 6a:24:59:5c:03:a4 brd ff:ff:ff:ff:ff:ff
5: rmnet2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 1000
link/ether be:7d:1a:0e:51:e0 brd ff:ff:ff:ff:ff:ff
6: usb0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen
1000
link/ether 4a:fc:44:2a:83:45 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.1/24 brd 192.168.1.255 scope global usb0
7: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,10000> mtu 1500 qdisc
pfifo_fast qlen 3
link/ppp
inet 32.177.8.180 peer 10.64.64.64/32 scope global ppp0
+ _________________________ ip-route-list
+
+ ip route list
10.64.64.64 dev ppp0 src 32.177.8.180
192.168.1.0/24 dev usb0 src 192.168.1.1
default dev ppp0
+ _________________________ ip-rule-list
+
+ ip rule list
BusyBox v1.10.4 (2009-08-31 22:21:14 EDT) multi-call binary
Usage: ip [OPTIONS] {address | route | link | } {COMMAND}
ip [OPTIONS] OBJECT {COMMAND}
where OBJECT := {address | route | link | }
OPTIONS := { -f[amily] { inet | inet6 | link } | -o[neline] }
+ _________________________ ipsec_verify
+
+ ipsec verify --nocolour
/usr/local/sbin/ipsec: exec: line 142: /usr/local/libexec/ipsec/verify:
not found
+ _________________________ mii-tool
+
+ [ -x /sbin/mii-tool ]
+ [ -x /usr/sbin/mii-tool ]
+ mii-tool -v
/usr/local/libexec/ipsec/barf: line 223: mii-tool: not found
+ _________________________ ipsec/directory
+
+ ipsec --directory
/usr/local/lib/ipsec
+ _________________________ hostname/fqdn
+
+ hostname --fqdn
hostname: unrecognized option `--fqdn'
BusyBox v1.10.4 (2009-08-31 22:21:14 EDT) multi-call binary
Usage: hostname [OPTION] [hostname | -F FILE]
Get or set hostname or DNS domain name
Options:
-s Short
-i Addresses for the hostname
-d DNS domain name
-f Fully qualified domain name
-F FILE Use the contents of FILE to specify the
hostname
+ _________________________ hostname/ipaddress
+
+ hostname --ip-address
hostname: unrecognized option `--ip-address'
BusyBox v1.10.4 (2009-08-31 22:21:14 EDT) multi-call binary
Usage: hostname [OPTION] [hostname | -F FILE]
Get or set hostname or DNS domain name
Options:
-s Short
-i Addresses for the hostname
-d DNS domain name
-f Fully qualified domain name
-F FILE Use the contents of FILE to specify the
hostname
+ _________________________ uptime
+
+ uptime
16:06:54 up 49 min, load average: 1.00, 1.00, 0.90
+ _________________________ ps
+
+ ps alxwf
+ egrep -i ppid|pluto|ipsec|klips
881 root 2860 S logger -s -p daemon.error -t ipsec_setup
973 root 2856 S /bin/sh /usr/local/lib/ipsec/_plutorun --debug
all ra
974 root 2856 S /bin/sh /usr/local/lib/ipsec/_plutorun --debug
all ra
975 root 3268 S /usr/local/libexec/ipsec/pluto --nofork
--secretsfile
976 root 2856 S /bin/sh /usr/local/lib/ipsec/_plutoload --wait
no --p
977 root 2860 S logger -s -p daemon.error -t ipsec__plutorun
981 root 3268 S N pluto helper # 0
1140 root 1436 S _pluto_adns -d
1197 root 2860 S /bin/sh /usr/local/libexec/ipsec/barf
1261 root 2864 S egrep -i ppid|pluto|ipsec|klips
+ _________________________ ipsec/showdefaults
+
+ ipsec showdefaults
routephys=ppp0
routevirt=none
routeaddr=32.177.8.180
routenexthop=10.64.64.64
+ _________________________ ipsec/conf
+
+ ipsec _include /etc/ipsec.conf
+ ipsec _keycensor
#< /etc/ipsec.conf 1
# /etc/ipsec.conf - Openswan IPsec configuration file
# RCSID $Id: ipsec.conf.in,v 1.16 2005/07/26 12:29:45 ken Exp $
# This file: /usr/local/share/doc/openswan/ipsec.conf-sample
#
# Manual: ipsec.conf.5
version 2.0 # conforms to second version of ipsec.conf
specification
# basic configuration
config setup
# Do not set debug options to debug configuration issues!
# plutodebug / klipsdebug = "all", "none" or a combation
from below:
# "raw crypt parsing emitting control klips pfkey natt x509
dpd private"
# eg:
# plutodebug="control parsing"
plutodebug="all"
#
# enable to get logs per-peer
# plutoopts="--perpeerlog"
#
# Again: only enable plutodebug or klipsdebug when asked by
a developer
#
# NAT-TRAVERSAL support, see README.NAT-Traversal
nat_traversal=yes
# exclude networks used on server side by adding
%v4:!a.b.c.0/24
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12
# OE is now off by default. Uncomment and change to on, to
enable.
oe=off
# which IPsec stack to use. netkey,klips,mast,auto or none
protostack=netkey
# Add connections here
# sample VPN connection
# for more examples, see /etc/ipsec.d/examples/
#conn sample
# # Left security gateway, subnet behind it,
nexthop toward right.
# left=10.0.0.1
# leftsubnet=172.16.0.0/24
# leftnexthop=10.22.33.44
# # Right security gateway, subnet behind it,
nexthop toward left.
# right=10.12.12.1
# rightsubnet=192.168.0.0/24
# rightnexthop=10.101.102.103
# # To authorize this connection, but not actually
start it,
# # at startup, uncomment this.
# #auto=start
conn att-to-home
authby=secret
type=tunnel
left=32.177.8.180
leftsubnet=192.168.1.0/24
right=70.166.7.155
rightsubnet=10.0.1.0/24
rightid=@rwwyatt.dyndns.org
ike=3des-sha1
phase2=esp
phase2alg=3des-sha1;modp1024
pfs=yes
auto=add
+ _________________________ ipsec/secrets
+
+ ipsec _include /etc/ipsec.secrets
+ ipsec _secretcensor
#< /etc/ipsec.secrets 1
32.177.8.180 @rwwyatt.dyndns.org: PSK "[sums to 6654...]"
+ _________________________ ipsec/listall
+
+ ipsec auto --listall
000
000 List of Public Keys:
000
000 List of Pre-shared secrets (from /etc/ipsec.secrets)
000 1: PSK @rwwyatt.dyndns.org 32.177.8.180
+ [ /etc/ipsec.d/policies ]
+ basename /etc/ipsec.d/policies/block
+ base=block
+ _________________________ ipsec/policies/block
+
+ cat /etc/ipsec.d/policies/block
# This file defines the set of CIDRs (network/mask-length) to which
# communication should never be allowed.
#
# See /usr/local/share/doc/openswan/policygroups.html for details.
#
# $Id: block.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
+ basename /etc/ipsec.d/policies/clear
+ base=clear
+ _________________________ ipsec/policies/clear
+
+ cat /etc/ipsec.d/policies/clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be in the clear.
#
# See /usr/local/share/doc/openswan/policygroups.html for details.
#
# root name servers should be in the clear
192.58.128.30/32
198.41.0.4/32
192.228.79.201/32
192.33.4.12/32
128.8.10.90/32
192.203.230.10/32
192.5.5.241/32
192.112.36.4/32
128.63.2.53/32
192.36.148.17/32
193.0.14.129/32
199.7.83.42/32
202.12.27.33/32
+ basename /etc/ipsec.d/policies/clear-or-private
+ base=clear-or-private
+ _________________________ ipsec/policies/clear-or-private
+
+ cat /etc/ipsec.d/policies/clear-or-private
# This file defines the set of CIDRs (network/mask-length) to which
# we will communicate in the clear, or, if the other side initiates
IPSEC,
# using encryption. This behaviour is also called "Opportunistic
Responder".
#
# See /usr/local/share/doc/openswan/policygroups.html for details.
#
# $Id: clear-or-private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
+ basename /etc/ipsec.d/policies/private
+ base=private
+ _________________________ ipsec/policies/private
+
+ cat /etc/ipsec.d/policies/private
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be private (i.e. encrypted).
# See /usr/local/share/doc/openswan/policygroups.html for details.
#
# $Id: private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
+ basename /etc/ipsec.d/policies/private-or-clear
+ base=private-or-clear
+ _________________________ ipsec/policies/private-or-clear
+
+ cat /etc/ipsec.d/policies/private-or-clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should be private, if possible, but in the clear
otherwise.
#
# If the target has a TXT (later IPSECKEY) record that specifies
# authentication material, we will require private (i.e. encrypted)
# communications. If no such record is found, communications will be
# in the clear.
#
# See /usr/local/share/doc/openswan/policygroups.html for details.
#
# $Id: private-or-clear.in,v 1.5 2003/02/17 02:22:15 mcr Exp $
#
0.0.0.0/0
+ _________________________ ipsec/ls-libdir
+
+ ls -l /usr/local/lib/ipsec
-rwxr-xr-x 1 root root 5256 Sep 17 15:20
[1;32m_copyright[0m
-rwxr-xr-x 1 root root 2379 Sep 17 15:20
[1;32m_include[0m
-rwxr-xr-x 1 root root 1475 Sep 17 15:20
[1;32m_keycensor[0m
-rwxr-xr-x 1 root root 2632 Sep 17 15:20
[1;32m_plutoload[0m
-rwxr-xr-x 1 root root 7635 Sep 17 15:20
[1;32m_plutorun[0m
-rwxr-xr-x 1 root root 12943 Sep 17 15:20
[1;32m_realsetup[0m
-rwxr-xr-x 1 root root 1975 Sep 17 15:20
[1;32m_secretcensor[0m
-rwxr-xr-x 1 root root 8567 Sep 17 15:20
[1;32m_startklips[0m
-rwxr-xr-x 1 root root 8567 Sep 17 15:20
[1;32m_startklips.old[0m
-rwxr-xr-x 1 root root 5923 Sep 17 15:20
[1;32m_startnetkey[0m
-rwxr-xr-x 1 root root 4886 Sep 17 15:20 [1;32m_updown[0m
-rwxr-xr-x 1 root root 14028 Sep 17 15:20
[1;32m_updown.klips[0m
-rwxr-xr-x 1 root root 14028 Sep 17 15:20
[1;32m_updown.klips.old[0m
-rwxr-xr-x 1 root root 11798 Sep 17 15:20
[1;32m_updown.mast[0m
-rwxr-xr-x 1 root root 11798 Sep 17 15:20
[1;32m_updown.mast.old[0m
-rwxr-xr-x 1 root root 8534 Sep 17 15:20
[1;32m_updown.netkey[0m
+ _________________________ ipsec/ls-execdir
+
+ ls -l /usr/local/libexec/ipsec
-rwxr-xr-x 1 root root 10124 Sep 17 15:20
[1;32m_pluto_adns[0m
-rwxr-xr-x 1 root root 221912 Sep 17 15:20 [1;32maddconn[0m
-rwxr-xr-x 1 root root 6129 Sep 17 15:20 [1;32mauto[0m
-rwxr-xr-x 1 root root 10828 Sep 17 15:20 [1;32mbarf[0m
-rwxr-xr-x 1 root root 115148 Sep 17 15:20 [1;32meroute[0m
-rwxr-xr-x 1 root root 25832 Sep 17 15:20 [1;32mikeping[0m
-rwxr-xr-x 1 root root 86152 Sep 17 15:20
[1;32mklipsdebug[0m
-rwxr-xr-x 1 root root 2591 Sep 17 15:20 [1;32mlook[0m
-rwxr-xr-x 1 root root 2182 Sep 17 15:20
[1;32mnewhostkey[0m
-rwxr-xr-x 1 root root 77568 Sep 17 15:20 [1;32mpf_key[0m
-rwxr-xr-x 1 root root 1207328 Sep 17 15:20 [1;32mpluto[0m
-rwxr-xr-x 1 root root 10292 Sep 17 15:20 [1;32mranbits[0m
-rwxr-xr-x 1 root root 22984 Sep 17 15:20
[1;32mrsasigkey[0m
-rwxr-xr-x 1 root root 766 Sep 17 15:20 [1;32msecrets[0m
lrwxrwxrwx 1 root root 22 Sep 17 15:20 [1;36msetup[0m
-> [1;32m/etc/rc.d/init.d/ipsec[0m
-rwxr-xr-x 1 root root 1054 Sep 17 15:20
[1;32mshowdefaults[0m
-rwxr-xr-x 1 root root 321336 Sep 17 15:20
[1;32mshowhostkey[0m
-rwxr-xr-x 1 root root 27088 Sep 17 15:20
[1;32mshowpolicy[0m
-rwxr-xr-x 1 root root 173476 Sep 17 15:20 [1;32mspi[0m
-rwxr-xr-x 1 root root 99092 Sep 17 15:20 [1;32mspigrp[0m
-rwxr-xr-x 1 root root 86644 Sep 17 15:20 [1;32mtncfg[0m
-rwxr-xr-x 1 root root 13380 Sep 17 15:20 [1;32mverify[0m
-rwxr-xr-x 1 root root 64596 Sep 17 15:20 [1;32mwhack[0m
+ _________________________ /proc/net/dev
+
+ cat /proc/net/dev
Inter-| Receive |
Transmit
face |bytes packets errs drop fifo frame compressed multicast|bytes
packets errs drop fifo colls carrier compressed
lo: 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0
dummy0: 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0
rmnet0: 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0
rmnet1: 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0
rmnet2: 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0
usb0: 1208787 11804 0 0 0 0 0 0
2300970 10346 0 0 0 0 0 0
ppp0: 217066 1402 0 0 0 0 0 0
194053 1344 0 0 0 0 0 0
+ _________________________ /proc/net/route
+
+ cat /proc/net/route
Iface Destination Gateway Flags RefCnt Use
Metric Mask MTU Window IRTT
ppp0 4040400A 00000000 0005 0 0 0
FFFFFFFF 0 0 0
usb0 0001A8C0 00000000 0001 0 0 0
00FFFFFF 0 0 0
ppp0 00000000 00000000 0001 0 0 0
00000000 0 0 0
+ _________________________ /proc/sys/net/ipv4/ip_no_pmtu_disc
+
+ cat /proc/sys/net/ipv4/ip_no_pmtu_disc
0
+ _________________________ /proc/sys/net/ipv4/ip_forward
+
+ cat /proc/sys/net/ipv4/ip_forward
1
+ _________________________ /proc/sys/net/ipv4/tcp_ecn
+
+ cat /proc/sys/net/ipv4/tcp_ecn
0
+ _________________________ /proc/sys/net/ipv4/conf/star-rp_filter
+
+ cd /proc/sys/net/ipv4/conf
+ egrep ^ all/rp_filter default/rp_filter dummy0/rp_filter lo/rp_filter
ppp0/rp_filter rmnet0/rp_filter rmnet1/rp_filter rmnet2/rp_filter
usb0/rp_filter
all/rp_filter:0
default/rp_filter:0
dummy0/rp_filter:0
lo/rp_filter:0
ppp0/rp_filter:0
rmnet0/rp_filter:0
rmnet1/rp_filter:0
rmnet2/rp_filter:0
usb0/rp_filter:0
+ _________________________ /proc/sys/net/ipv4/conf/star-star-redirects
+
+ cd /proc/sys/net/ipv4/conf
+ egrep ^ all/accept_redirects all/secure_redirects all/send_redirects
default/accept_redirects default/secure_redirects default/send_redirects
dummy0/accept_redirects dummy0/secure_redirects dummy0/send_redirects
lo/accept_redirects lo/secure_redirects lo/send_redirects
ppp0/accept_redirects ppp0/secure_redirects ppp0/send_redirects
rmnet0/accept_redirects rmnet0/secure_redirects rmnet0/send_redirects
rmnet1/accept_redirects rmnet1/secure_redirects rmnet1/send_redirects
rmnet2/accept_redirects rmnet2/secure_redirects rmnet2/send_redirects
usb0/accept_redirects usb0/secure_redirects usb0/send_redirects
all/accept_redirects:0
all/secure_redirects:1
all/send_redirects:1
default/accept_redirects:1
default/secure_redirects:1
default/send_redirects:1
dummy0/accept_redirects:1
dummy0/secure_redirects:1
dummy0/send_redirects:1
lo/accept_redirects:1
lo/secure_redirects:1
lo/send_redirects:1
ppp0/accept_redirects:1
ppp0/secure_redirects:1
ppp0/send_redirects:1
rmnet0/accept_redirects:1
rmnet0/secure_redirects:1
rmnet0/send_redirects:1
rmnet1/accept_redirects:1
rmnet1/secure_redirects:1
rmnet1/send_redirects:1
rmnet2/accept_redirects:1
rmnet2/secure_redirects:1
rmnet2/send_redirects:1
usb0/accept_redirects:1
usb0/secure_redirects:1
usb0/send_redirects:1
+ _________________________ /proc/sys/net/ipv4/tcp_window_scaling
+
+ cat /proc/sys/net/ipv4/tcp_window_scaling
1
+ _________________________ /proc/sys/net/ipv4/tcp_adv_win_scale
+
+ cat /proc/sys/net/ipv4/tcp_adv_win_scale
2
+ _________________________ uname-a
+
+ uname -a
Linux (none) 2.6.25.05 #1 PREEMPT Mon Aug 31 22:14:42 EDT 2009 armv6l
unknown
+ _________________________ config-built-with
+
+ test -r /proc/config_built_with
+ _________________________ distro-release
+
+ test -f /etc/redhat-release
+ test -f /etc/debian-release
+ test -f /etc/SuSE-release
+ test -f /etc/mandrake-release
+ test -f /etc/mandriva-release
+ test -f /etc/gentoo-release
+ _________________________ /proc/net/ipsec_version
+
+ test -r /proc/net/ipsec_version
+ test -r /proc/net/pfkey
+ uname -r
+ echo NETKEY (2.6.25.05) support detected
NETKEY (2.6.25.05) support detected
+ _________________________ iptables
+
+ test -r /sbin/iptables
+ iptables -L -v -n
Chain INPUT (policy ACCEPT 2 packets, 656 bytes)
pkts bytes target prot opt in out source
destination
10598 1096K ACCEPT all -- * * 192.168.1.0/28
0.0.0.0/0
1323 180K ACCEPT all -- ppp0 * 0.0.0.0/0
32.177.8.180 state NEW,RELATED,ESTABLISHED
Chain FORWARD (policy ACCEPT 1234 packets, 135K bytes)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT all -- ppp0 br0 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT all -- br0 ppp0 0.0.0.0/0
0.0.0.0/0
1241 110K ACCEPT all -- * * 192.168.1.0/28
0.0.0.0/0
0 0 ACCEPT all -- ppp0 * 0.0.0.0/0
32.177.8.180 state NEW,RELATED,ESTABLISHED
Chain OUTPUT (policy ACCEPT 10433 packets, 2214K bytes)
pkts bytes target prot opt in out source
destination
+ _________________________ iptables-nat
+
+ iptables -t nat -L -v -n
Chain PREROUTING (policy ACCEPT 2224 packets, 165K bytes)
pkts bytes target prot opt in out source
destination
Chain POSTROUTING (policy ACCEPT 1166 packets, 98336 bytes)
pkts bytes target prot opt in out source
destination
63 9619 MASQUERADE all -- * ppp0 0.0.0.0/0
0.0.0.0/0
0 0 MASQUERADE all -- * ppp0 0.0.0.0/0
0.0.0.0/0
Chain OUTPUT (policy ACCEPT 60 packets, 9935 bytes)
pkts bytes target prot opt in out source
destination
+ _________________________ iptables-mangle
+
+ iptables -t mangle -L -v -n
Chain PREROUTING (policy ACCEPT 14437 packets, 1529K bytes)
pkts bytes target prot opt in out source
destination
Chain INPUT (policy ACCEPT 11944 packets, 1280K bytes)
pkts bytes target prot opt in out source
destination
Chain FORWARD (policy ACCEPT 2475 packets, 245K bytes)
pkts bytes target prot opt in out source
destination
Chain OUTPUT (policy ACCEPT 10440 packets, 2217K bytes)
pkts bytes target prot opt in out source
destination
Chain POSTROUTING (policy ACCEPT 12919 packets, 2463K bytes)
pkts bytes target prot opt in out source
destination
+ _________________________ /proc/modules
+
+ test -f /proc/modules
+ cat /proc/modules
deflate 4224 0 - Live 0xbf036000
zlib_deflate 22408 1 deflate, Live 0xbf02f000
zlib_inflate 16256 1 deflate, Live 0xbf02a000
crypto_null 3712 0 - Live 0xbf028000
blowfish 9664 0 - Live 0xbf024000
ah4 7104 0 - Live 0xbf021000
esp4 8864 4 - Live 0xbf01d000
xfrm4_tunnel 3104 0 - Live 0xbf01b000
tunnel4 4040 1 xfrm4_tunnel, Live 0xbf019000
xfrm4_mode_tunnel 3328 8 - Live 0xbf017000
xfrm4_mode_transport 2464 0 - Live 0xbf015000
ipcomp 8712 0 - Live 0xbf011000
af_key 43344 0 - Live 0xbf005000
diagchar 15332 0 - Live 0xbf000000
+ _________________________ /proc/meminfo
+
+ cat /proc/meminfo
MemTotal: 65952 kB
MemFree: 17892 kB
Buffers: 0 kB
Cached: 35268 kB
SwapCached: 0 kB
Active: 9048 kB
Inactive: 30860 kB
SwapTotal: 0 kB
SwapFree: 0 kB
Dirty: 0 kB
Writeback: 0 kB
AnonPages: 4668 kB
Mapped: 4540 kB
Slab: 6064 kB
SReclaimable: 2616 kB
SUnreclaim: 3448 kB
PageTables: 504 kB
NFS_Unstable: 0 kB
Bounce: 0 kB
CommitLimit: 32976 kB
Committed_AS: 138984 kB
VmallocTotal: 188416 kB
VmallocUsed: 16 kB
VmallocChunk: 188400 kB
+ _________________________ /proc/net/ipsec-ls
+
+ test -f /proc/net/ipsec_version
+ _________________________ usr/src/linux/.config
+
+ test -f /proc/config.gz
+ zcat /proc/config.gz
+ egrep
CONFIG_IPSEC|CONFIG_KLIPS|CONFIG_NET_KEY|CONFIG_INET|CONFIG_IP|CONFIG_HW
_RANDOM|CONFIG_CRYPTO_DEV|_XFRM
CONFIG_XFRM=y
CONFIG_XFRM_USER=y
# CONFIG_XFRM_SUB_POLICY is not set
CONFIG_XFRM_MIGRATE=y
# CONFIG_XFRM_STATISTICS is not set
CONFIG_NET_KEY=m
CONFIG_NET_KEY_MIGRATE=y
CONFIG_INET=y
# CONFIG_IP_MULTICAST is not set
# CONFIG_IP_ADVANCED_ROUTER is not set
CONFIG_IP_FIB_HASH=y
# CONFIG_IP_PNP is not set
CONFIG_INET_AH=m
CONFIG_INET_ESP=m
CONFIG_INET_IPCOMP=m
CONFIG_INET_XFRM_TUNNEL=m
CONFIG_INET_TUNNEL=m
CONFIG_INET_XFRM_MODE_TRANSPORT=m
CONFIG_INET_XFRM_MODE_TUNNEL=m
# CONFIG_INET_XFRM_MODE_BEET is not set
# CONFIG_INET_LRO is not set
# CONFIG_INET_DIAG is not set
# CONFIG_IP_VS is not set
# CONFIG_IPV6 is not set
# CONFIG_INET6_XFRM_TUNNEL is not set
# CONFIG_INET6_TUNNEL is not set
# CONFIG_IP_NF_QUEUE is not set
CONFIG_IP_NF_IPTABLES=y
CONFIG_IP_NF_MATCH_RECENT=y
CONFIG_IP_NF_MATCH_ECN=y
CONFIG_IP_NF_MATCH_AH=y
CONFIG_IP_NF_MATCH_TTL=y
CONFIG_IP_NF_MATCH_ADDRTYPE=y
CONFIG_IP_NF_FILTER=y
CONFIG_IP_NF_TARGET_REJECT=y
CONFIG_IP_NF_TARGET_LOG=y
CONFIG_IP_NF_TARGET_ULOG=y
CONFIG_IP_NF_TARGET_MASQUERADE=y
CONFIG_IP_NF_TARGET_REDIRECT=y
CONFIG_IP_NF_TARGET_NETMAP=y
CONFIG_IP_NF_MANGLE=y
CONFIG_IP_NF_TARGET_ECN=y
CONFIG_IP_NF_TARGET_TTL=y
CONFIG_IP_NF_TARGET_CLUSTERIP=y
CONFIG_IP_NF_RAW=y
# CONFIG_IP_NF_ARPTABLES is not set
# CONFIG_IP_DCCP is not set
# CONFIG_IP_SCTP is not set
# CONFIG_IPX is not set
# CONFIG_IPMI_HANDLER is not set
# CONFIG_HW_RANDOM is not set
+ _________________________ etc/syslog.conf
+
+ _________________________ etc/syslog-ng/syslog-ng.conf
+
+ cat /etc/syslog-ng/syslog-ng.conf
cat: can't open '/etc/syslog-ng/syslog-ng.conf': No such file or
directory
+ cat /etc/syslog.conf
cat: can't open '/etc/syslog.conf': No such file or directory
+ _________________________ etc/resolv.conf
+
+ cat /etc/resolv.conf
nameserver 209.183.54.151
nameserver 209.183.54.151
+ _________________________ lib/modules-ls
+
+ ls -ltr /lib/modules
drwxr-xr-x 3 root root 0 Jan 1 1970
[1;34m2.6.25.05[0m
+ _________________________ fipscheck
+
+ cat /proc/sys/crypto/fips_enabled
cat: can't open '/proc/sys/crypto/fips_enabled': No such file or
directory
+ _________________________ /proc/ksyms-netif_rx
+
+ test -r /proc/ksyms
+ test -r /proc/kallsyms
+ egrep netif_rx /proc/kallsyms
c01d20d0 T netif_rx
c01d4034 T netif_rx_ni
c0326568 r __ksymtab_netif_rx_ni
c0326670 r __ksymtab_netif_rx
c032ada4 r __kcrctab_netif_rx_ni
c032ae28 r __kcrctab_netif_rx
c0336bd4 r __kstrtab_netif_rx_ni
c0336e20 r __kstrtab_netif_rx
+ _________________________ lib/modules-netif_rx
+
+ modulegoo kernel/net/ipv4/ipip.o netif_rx
+ set +x
2.6.25.05:
+ _________________________ kern.debug
+
+ test -f /var/log/kern.debug
+ _________________________ klog
+
+ sed -n 1,$p /dev/null
+ egrep -i ipsec|klips|pluto
+ cat
+ _________________________ plog
+
+ sed -n 1,$p+ egrep -i pluto
/dev/null
+ cat
+ _________________________ date
+
+ date
Thu Sep 17 16:06:58 UTC 2009
# exit
Connection to 192.168.1.1 closed.
]0;rwwyatt at rwwyatt-laptop: ~rwwyatt at rwwyatt-laptop:~$ exit
exit
Script done on Thu 17 Sep 2009 04:07:35 PM PDT
------------------------------------------------
Randy Wyatt
Senior Systems Engineer
Office: (858) 431-3743
Cell: (858) 527-8555
rwyatt at nvtl.com
Skype: randy.wyatt77
www.novatelwireless.com
This email and any attachments may contain confidential and privileged
information. If you are not the intended recipient, please notify the
sender immediately by return email, delete this email and destroy any
copies. Any dissemination or use of this information by a person other
than the intended recipient is unauthorized and may be illegal. Any
opinions expressed in this email are those of the individual writer
alone and not necessarily those of Novatel Wireless, Inc. or its
affiliates. To the extent this email purports to waive, amend or
supplement any term or condition of an agreement, contract or purchase
order (including any exhibits or attachments thereto), such purported
waiver, amendment or supplementation shall be of no force or effect
whatsoever, anything to the contrary notwithstanding
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20090917/0fdd3e04/attachment-0001.html
More information about the Users
mailing list