[Openswan Users] Problems routing from left to right, but not in reverse

Randy Wyatt rwyatt at nvtl.com
Thu Sep 17 19:15:22 EDT 2009


 

 

I am currently working to evaluate the openswan application on a new
class of devices, but I am running into a bit of difficulty.

 

The IPSEC SA appears to come up, but I am unable to pass traffic through
to hosts on the right subnet.  I am able to pass traffic from hosts on
the right subnet to hosts on the left subnet.

 

I have scratched my head over this for 2 days, and just can't seem to
get anywhere.

 

Here is the output of ipsec barf on the left.

 

# /flashapps/open[15D

# /flashapps/openmifi_vpn/[Jop[26D

# /flashapps/openmifi_vpn/openswan/[Jus[35D

# /flashapps/openmifi_vpn/openswan/usr/[Jl[38D

# /flashapps/openmifi_vpn/openswan/usr/local/[Js[44D

# /flashapps/openmifi_vpn/openswan/usr/local/sbin/[Jip[50D

# /flashapps/openmifi_vpn/openswan/usr/local/sbin/ipsec [Jbarf

Unable to find KLIPS messages, typically found in /var/log/messages or
equivalent. You may need to run Openswan for the first time;
alternatively, your log files have been emptied (ie, logwatch) or we do
not understand your logging configuration.

Unable to find Pluto messages, typically found in /var/log/secure or
equivalent. You may need to run Openswan for the first time;
alternatively, your log files have been emptied (ie, logwatch) or we do
not understand your logging configuration.

(none)

Thu Sep 17 16:06:52 UTC 2009

+ _________________________ version

+ 

+ ipsec --version

Linux Openswan U2.6.22/K2.6.25.05 (netkey)

See `ipsec --copyright' for copyright information.

+ _________________________ /proc/version

+ 

+ cat /proc/version

Linux version 2.6.25.05 (ylee at vernalequinox) (gcc version 4.1.1
(CodeSourcery ARM Sourcery G++ 2006q3-26)) #1 PREEMPT Mon Aug 31
22:14:42 EDT 2009

+ _________________________ /proc/net/ipsec_eroute

+ 

+ test -r /proc/net/ipsec_eroute

+ _________________________ netstat-rn

+ 

+ netstat -nr

+ head -n 100

Kernel IP routing table

Destination     Gateway         Genmask         Flags   MSS Window  irtt
Iface

10.64.64.64     0.0.0.0         255.255.255.255 UH        0 0          0
ppp0

192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0
usb0

0.0.0.0         0.0.0.0         0.0.0.0         U         0 0          0
ppp0

+ _________________________ /proc/net/ipsec_spi

+ 

+ test -r /proc/net/ipsec_spi

+ _________________________ /proc/net/ipsec_spigrp

+ 

+ test -r /proc/net/ipsec_spigrp

+ _________________________ /proc/net/ipsec_tncfg

+ 

+ test -r /proc/net/ipsec_tncfg

+ _________________________ /proc/net/pfkey

+ 

+ test -r /proc/net/pfkey

+ cat /proc/net/pfkey

sk       RefCnt Rmem   Wmem   User   Inode

+ _________________________ ip-xfrm-state

+ 

+ ip xfrm state

BusyBox v1.10.4 (2009-08-31 22:21:14 EDT) multi-call binary

 

Usage: ip [OPTIONS] {address | route | link | } {COMMAND}

 

ip [OPTIONS] OBJECT {COMMAND}

where OBJECT := {address | route | link | }

OPTIONS := { -f[amily] { inet | inet6 | link } | -o[neline] }

 

+ _________________________ ip-xfrm-policy

+ 

+ ip xfrm policy

BusyBox v1.10.4 (2009-08-31 22:21:14 EDT) multi-call binary

 

Usage: ip [OPTIONS] {address | route | link | } {COMMAND}

 

ip [OPTIONS] OBJECT {COMMAND}

where OBJECT := {address | route | link | }

OPTIONS := { -f[amily] { inet | inet6 | link } | -o[neline] }

 

+ _________________________ /proc/crypto

+ 

+ test -r /proc/crypto

+ cat /proc/crypto

name         : authenc(hmac(sha1),cbc(des3_ede))

driver       : authenc(hmac(sha1-generic),cbc(des3_ede-generic))

module       : kernel

priority     : 0

refcnt       : 5

type         : aead

async        : yes

blocksize    : 8

ivsize       : 8

maxauthsize  : 20

geniv        : <built-in>

 

name         : cbc(des3_ede)

driver       : cbc(des3_ede-generic)

module       : kernel

priority     : 0

refcnt       : 5

type         : givcipher

async        : yes

blocksize    : 8

min keysize  : 24

max keysize  : 24

ivsize       : 8

geniv        : chainiv

 

name         : deflate

driver       : deflate-generic

module       : deflate

priority     : 0

refcnt       : 1

type         : compression

 

name         : rfc3686(ctr(aes))

driver       : rfc3686(ctr(aes-generic))

module       : kernel

priority     : 100

refcnt       : 1

type         : blkcipher

blocksize    : 1

min keysize  : 20

max keysize  : 36

ivsize       : 8

geniv        : seqiv

 

name         : ctr(aes)

driver       : ctr(aes-generic)

module       : kernel

priority     : 100

refcnt       : 1

type         : blkcipher

blocksize    : 1

min keysize  : 16

max keysize  : 32

ivsize       : 16

geniv        : <default>

 

name         : cbc(aes)

driver       : cbc(aes-generic)

module       : kernel

priority     : 100

refcnt       : 1

type         : blkcipher

blocksize    : 16

min keysize  : 16

max keysize  : 32

ivsize       : 16

geniv        : <default>

 

name         : cbc(blowfish)

driver       : cbc(blowfish-generic)

module       : kernel

priority     : 0

refcnt       : 1

type         : blkcipher

blocksize    : 8

min keysize  : 4

max keysize  : 56

ivsize       : 8

geniv        : <default>

 

name         : cbc(des3_ede)

driver       : cbc(des3_ede-generic)

module       : kernel

priority     : 0

refcnt       : 5

type         : blkcipher

blocksize    : 8

min keysize  : 24

max keysize  : 24

ivsize       : 8

geniv        : <default>

 

name         : cbc(des)

driver       : cbc(des-generic)

module       : kernel

priority     : 0

refcnt       : 1

type         : blkcipher

blocksize    : 8

min keysize  : 8

max keysize  : 8

ivsize       : 8

geniv        : <default>

 

name         : hmac(sha1)

driver       : hmac(sha1-generic)

module       : kernel

priority     : 0

refcnt       : 5

type         : hash

blocksize    : 64

digestsize   : 20

 

name         : hmac(md5)

driver       : hmac(md5-generic)

module       : kernel

priority     : 0

refcnt       : 1

type         : hash

blocksize    : 64

digestsize   : 16

 

name         : hmac(digest_null)

driver       : hmac(digest_null-generic)

module       : kernel

priority     : 0

refcnt       : 1

type         : hash

blocksize    : 1

digestsize   : 0

 

name         : compress_null

driver       : compress_null-generic

module       : crypto_null

priority     : 0

refcnt       : 1

type         : compression

 

name         : digest_null

driver       : digest_null-generic

module       : crypto_null

priority     : 0

refcnt       : 1

type         : digest

blocksize    : 1

digestsize   : 0

 

name         : ecb(cipher_null)

driver       : ecb-cipher_null

module       : crypto_null

priority     : 100

refcnt       : 1

type         : blkcipher

blocksize    : 1

min keysize  : 0

max keysize  : 0

ivsize       : 0

geniv        : <default>

 

name         : cipher_null

driver       : cipher_null-generic

module       : crypto_null

priority     : 0

refcnt       : 1

type         : cipher

blocksize    : 1

min keysize  : 0

max keysize  : 0

 

name         : blowfish

driver       : blowfish-generic

module       : blowfish

priority     : 0

refcnt       : 1

type         : cipher

blocksize    : 8

min keysize  : 4

max keysize  : 56

 

name         : aes

driver       : aes-generic

module       : kernel

priority     : 100

refcnt       : 1

type         : cipher

blocksize    : 16

min keysize  : 16

max keysize  : 32

 

name         : des3_ede

driver       : des3_ede-generic

module       : kernel

priority     : 0

refcnt       : 5

type         : cipher

blocksize    : 8

min keysize  : 24

max keysize  : 24

 

name         : des

driver       : des-generic

module       : kernel

priority     : 0

refcnt       : 1

type         : cipher

blocksize    : 8

min keysize  : 8

max keysize  : 8

 

name         : sha1

driver       : sha1-generic

module       : kernel

priority     : 0

refcnt       : 5

type         : digest

blocksize    : 64

digestsize   : 20

 

name         : md5

driver       : md5-generic

module       : kernel

priority     : 0

refcnt       : 1

type         : digest

blocksize    : 64

digestsize   : 16

 

+ __________________________/proc/sys/net/core/xfrm-star

/usr/local/libexec/ipsec/barf: line 191:
__________________________/proc/sys/net/core/xfrm-star: not found

+ echo -n /proc/sys/net/core/xfrm_acq_expires: 

/proc/sys/net/core/xfrm_acq_expires: + cat
/proc/sys/net/core/xfrm_acq_expires

30

+ echo -n /proc/sys/net/core/xfrm_aevent_etime: 

/proc/sys/net/core/xfrm_aevent_etime: + cat
/proc/sys/net/core/xfrm_aevent_etime

10

+ echo -n /proc/sys/net/core/xfrm_aevent_rseqth: 

/proc/sys/net/core/xfrm_aevent_rseqth: + cat
/proc/sys/net/core/xfrm_aevent_rseqth

2

+ echo -n /proc/sys/net/core/xfrm_larval_drop: 

/proc/sys/net/core/xfrm_larval_drop: + cat
/proc/sys/net/core/xfrm_larval_drop

0

+ _________________________ /proc/sys/net/ipsec-star

+ 

+ test -d /proc/sys/net/ipsec

+ _________________________ ipsec/status

+ 

+ ipsec auto --status

000 using kernel interface: netkey

000 interface usb0/usb0 192.168.1.1

000 interface usb0/usb0 192.168.1.1

000 interface ppp0/ppp0 32.177.8.180

000 interface ppp0/ppp0 32.177.8.180

000 %myid = (none)

000 debug
raw+crypt+parsing+emitting+control+lifecycle+klips+dns+oppo+controlmore+
pfkey+nattraversal+x509

000  

000 virtual_private (%priv):

000 - allowed 3 subnets: 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12

000 - disallowed 0 subnets: 

000 WARNING: Either virtual_private= was not specified, or there was a
syntax 

000          error in that line. 'left/rightsubnet=%priv' will not work!

000  

000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64,
keysizemax=64

000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192,
keysizemax=192

000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8,
keysizemin=40, keysizemax=448

000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0,
keysizemax=0

000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128,
keysizemax=256

000 algorithm ESP encrypt: id=13, name=ESP_AES_CTR, ivlen=8,
keysizemin=128, keysizemax=256

000 algorithm ESP encrypt: id=14, name=ESP_AES_CCM_A, ivlen=8,
keysizemin=128, keysizemax=256

000 algorithm ESP encrypt: id=15, name=ESP_AES_CCM_B, ivlen=8,
keysizemin=128, keysizemax=256

000 algorithm ESP encrypt: id=16, name=ESP_AES_CCM_C, ivlen=8,
keysizemin=128, keysizemax=256

000 algorithm ESP encrypt: id=18, name=ESP_AES_GCM_A, ivlen=8,
keysizemin=128, keysizemax=256

000 algorithm ESP encrypt: id=19, name=ESP_AES_GCM_B, ivlen=8,
keysizemin=128, keysizemax=256

000 algorithm ESP encrypt: id=20, name=ESP_AES_GCM_C, ivlen=8,
keysizemin=128, keysizemax=256

000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5,
keysizemin=128, keysizemax=128

000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1,
keysizemin=160, keysizemax=160

000 algorithm ESP auth attr: id=251, name=(null), keysizemin=0,
keysizemax=0

000  

000 algorithm IKE encrypt: id=0, name=(null), blocksize=16,
keydeflen=131

000 algorithm IKE encrypt: id=3, name=OAKLEY_BLOWFISH_CBC, blocksize=8,
keydeflen=128

000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8,
keydeflen=192

000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16,
keydeflen=128

000 algorithm IKE encrypt: id=65004, name=OAKLEY_SERPENT_CBC,
blocksize=16, keydeflen=128

000 algorithm IKE encrypt: id=65005, name=OAKLEY_TWOFISH_CBC,
blocksize=16, keydeflen=128

000 algorithm IKE encrypt: id=65289, name=OAKLEY_TWOFISH_CBC_SSH,
blocksize=16, keydeflen=128

000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16

000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20

000 algorithm IKE hash: id=4, name=OAKLEY_SHA2_256, hashsize=32

000 algorithm IKE hash: id=6, name=OAKLEY_SHA2_512, hashsize=64

000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024

000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536

000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048

000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072

000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096

000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144

000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192

000  

000 stats db_ops: {curr_cnt, total_cnt, maxsz} :context={0,2,36}
trans={0,2,432} attrs={0,2,576} 

000  

000 "att-to-home":
192.168.1.0/24===32.177.8.180<32.177.8.180>[+S=C]...70.166.7.155<70.166.
7.155>[@rwwyatt.dyndns.org,+S=C]===10.0.1.0/24; erouted; eroute owner:
#6

000 "att-to-home":     myip=unset; hisip=unset;

000 "att-to-home":   ike_life: 3600s; ipsec_life: 28800s; rekey_margin:
540s; rekey_fuzz: 100%; keyingtries: 0

000 "att-to-home":   policy:
PSK+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW+lKOD+rKOD; prio: 24,24; interface:
ppp0; 

000 "att-to-home":   newest ISAKMP SA: #3; newest IPsec SA: #6; 

000 "att-to-home":   IKE algorithms wanted:
3DES_CBC(5)_000-SHA1(2)-MODP1536(5),
3DES_CBC(5)_000-SHA1(2)-MODP1024(2); flags=-strict

000 "att-to-home":   IKE algorithms found:
3DES_CBC(5)_192-SHA1(2)_160-5, 3DES_CBC(5)_192-SHA1(2)_160-2, 

000 "att-to-home":   IKE algorithm newest: 3DES_CBC_192-SHA1-MODP1536

000 "att-to-home":   ESP algorithms wanted: 3DES(3)_000-SHA1(2);
pfsgroup=MODP1024(2); flags=-strict

000 "att-to-home":   ESP algorithms loaded: 3DES(3)_192-SHA1(2)_160

000 "att-to-home":   ESP algorithm newest: 3DES_0-HMAC_SHA1;
pfsgroup=MODP1024

000  

000 #6: "att-to-home":4500 STATE_QUICK_I2 (sent QI2, IPsec SA
established); EVENT_SA_REPLACE in 26779s; newest IPSEC; eroute owner;
isakmp#3; idle; import:admin initiate

000 #6: "att-to-home" esp.dddaac04 at 70.166.7.155
esp.95903d60 at 32.177.8.180 tun.0 at 70.166.7.155 tun.0 at 32.177.8.180 ref=0
refhim=4294901761

000 #3: "att-to-home":4500 STATE_MAIN_I4 (ISAKMP SA established);
EVENT_SA_REPLACE in 1407s; newest ISAKMP; lastdpd=-1s(seq in:0 out:0);
idle; import:admin initiate

000 #5: "att-to-home":4500 STATE_QUICK_R2 (IPsec SA established);
EVENT_SA_REPLACE in 27356s; isakmp#4; idle; import:not set

000 #5: "att-to-home" esp.74f543b at 70.166.7.155 esp.b40bd9d7 at 32.177.8.180
tun.0 at 70.166.7.155 tun.0 at 32.177.8.180 ref=0 refhim=4294901761

000 #4: "att-to-home":4500 STATE_MAIN_R3 (sent MR3, ISAKMP SA
established); EVENT_SA_REPLACE in 2154s; lastdpd=-1s(seq in:0 out:0);
idle; import:not set

000  

+ _________________________ ifconfig-a

+ 

+ ifconfig -a

dummy0    Link encap:Ethernet  HWaddr DA:08:87:7B:F3:F4  

          BROADCAST NOARP  MTU:1500  Metric:1

          RX packets:0 errors:0 dropped:0 overruns:0 frame:0

          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0 

          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

 

lo        Link encap:Local Loopback  

          LOOPBACK  MTU:16436  Metric:1

          RX packets:0 errors:0 dropped:0 overruns:0 frame:0

          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0 

          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

 

ppp0      Link encap:Point-to-Point Protocol  

          inet addr:32.177.8.180  P-t-P:10.64.64.64
Mask:255.255.255.255

          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1

          RX packets:1400 errors:0 dropped:0 overruns:0 frame:0

          TX packets:1342 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:3 

          RX bytes:216778 (211.6 KiB)  TX bytes:193765 (189.2 KiB)

 

rmnet0    Link encap:Ethernet  HWaddr 6E:4F:1B:4A:AA:56  

          BROADCAST MULTICAST  MTU:1500  Metric:1

          RX packets:0 errors:0 dropped:0 overruns:0 frame:0

          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000 

          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

 

rmnet1    Link encap:Ethernet  HWaddr 6A:24:59:5C:03:A4  

          BROADCAST MULTICAST  MTU:1500  Metric:1

          RX packets:0 errors:0 dropped:0 overruns:0 frame:0

          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000 

          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

 

rmnet2    Link encap:Ethernet  HWaddr BE:7D:1A:0E:51:E0  

          BROADCAST MULTICAST  MTU:1500  Metric:1

          RX packets:0 errors:0 dropped:0 overruns:0 frame:0

          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000 

          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

 

usb0      Link encap:Ethernet  HWaddr 4A:FC:44:2A:83:45  

          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:11726 errors:0 dropped:0 overruns:0 frame:0

          TX packets:10267 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000 

          RX bytes:1204205 (1.1 MiB)  TX bytes:2276894 (2.1 MiB)

 

+ _________________________ ip-addr-list

+ 

+ ip addr list

1: lo: <LOOPBACK> mtu 16436 qdisc noop 

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

2: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop 

    link/ether da:08:87:7b:f3:f4 brd ff:ff:ff:ff:ff:ff

3: rmnet0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 1000

    link/ether 6e:4f:1b:4a:aa:56 brd ff:ff:ff:ff:ff:ff

4: rmnet1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 1000

    link/ether 6a:24:59:5c:03:a4 brd ff:ff:ff:ff:ff:ff

5: rmnet2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop qlen 1000

    link/ether be:7d:1a:0e:51:e0 brd ff:ff:ff:ff:ff:ff

6: usb0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen
1000

    link/ether 4a:fc:44:2a:83:45 brd ff:ff:ff:ff:ff:ff

    inet 192.168.1.1/24 brd 192.168.1.255 scope global usb0

7: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,10000> mtu 1500 qdisc
pfifo_fast qlen 3

    link/ppp 

    inet 32.177.8.180 peer 10.64.64.64/32 scope global ppp0

+ _________________________ ip-route-list

+ 

+ ip route list

10.64.64.64 dev ppp0  src 32.177.8.180 

192.168.1.0/24 dev usb0  src 192.168.1.1 

default dev ppp0 

+ _________________________ ip-rule-list

+ 

+ ip rule list

BusyBox v1.10.4 (2009-08-31 22:21:14 EDT) multi-call binary

 

Usage: ip [OPTIONS] {address | route | link | } {COMMAND}

 

ip [OPTIONS] OBJECT {COMMAND}

where OBJECT := {address | route | link | }

OPTIONS := { -f[amily] { inet | inet6 | link } | -o[neline] }

 

+ _________________________ ipsec_verify

+ 

+ ipsec verify --nocolour

/usr/local/sbin/ipsec: exec: line 142: /usr/local/libexec/ipsec/verify:
not found

+ _________________________ mii-tool

+ 

+ [ -x /sbin/mii-tool ]

+ [ -x /usr/sbin/mii-tool ]

+ mii-tool -v

/usr/local/libexec/ipsec/barf: line 223: mii-tool: not found

+ _________________________ ipsec/directory

+ 

+ ipsec --directory

/usr/local/lib/ipsec

+ _________________________ hostname/fqdn

+ 

+ hostname --fqdn

hostname: unrecognized option `--fqdn'

BusyBox v1.10.4 (2009-08-31 22:21:14 EDT) multi-call binary

 

Usage: hostname [OPTION] [hostname | -F FILE]

 

Get or set hostname or DNS domain name

 

Options:

            -s         Short

            -i          Addresses for the hostname

            -d         DNS domain name

            -f          Fully qualified domain name

            -F FILE           Use the contents of FILE to specify the
hostname

 

+ _________________________ hostname/ipaddress

+ 

+ hostname --ip-address

hostname: unrecognized option `--ip-address'

BusyBox v1.10.4 (2009-08-31 22:21:14 EDT) multi-call binary

 

Usage: hostname [OPTION] [hostname | -F FILE]

 

Get or set hostname or DNS domain name

 

Options:

            -s         Short

            -i          Addresses for the hostname

            -d         DNS domain name

            -f          Fully qualified domain name

            -F FILE           Use the contents of FILE to specify the
hostname

 

+ _________________________ uptime

+ 

+ uptime

 16:06:54 up 49 min, load average: 1.00, 1.00, 0.90

+ _________________________ ps

+ 

+ ps alxwf

+ egrep -i ppid|pluto|ipsec|klips

  881 root      2860 S    logger -s -p daemon.error -t ipsec_setup 

  973 root      2856 S    /bin/sh /usr/local/lib/ipsec/_plutorun --debug
all ra

  974 root      2856 S    /bin/sh /usr/local/lib/ipsec/_plutorun --debug
all ra

  975 root      3268 S    /usr/local/libexec/ipsec/pluto --nofork
--secretsfile

  976 root      2856 S    /bin/sh /usr/local/lib/ipsec/_plutoload --wait
no --p

  977 root      2860 S    logger -s -p daemon.error -t ipsec__plutorun 

  981 root      3268 S N  pluto helper  #  0


 1140 root      1436 S    _pluto_adns -d 

 1197 root      2860 S    /bin/sh /usr/local/libexec/ipsec/barf 

 1261 root      2864 S    egrep -i ppid|pluto|ipsec|klips 

+ _________________________ ipsec/showdefaults

+ 

+ ipsec showdefaults

routephys=ppp0

routevirt=none

routeaddr=32.177.8.180

routenexthop=10.64.64.64

+ _________________________ ipsec/conf

+ 

+ ipsec _include /etc/ipsec.conf

+ ipsec _keycensor

 

#< /etc/ipsec.conf 1

# /etc/ipsec.conf - Openswan IPsec configuration file

# RCSID $Id: ipsec.conf.in,v 1.16 2005/07/26 12:29:45 ken Exp $

 

# This file:  /usr/local/share/doc/openswan/ipsec.conf-sample

#

# Manual:     ipsec.conf.5

 

 

version 2.0       # conforms to second version of ipsec.conf
specification

 

# basic configuration

config setup

            # Do not set debug options to debug configuration issues!

            # plutodebug / klipsdebug = "all", "none" or a combation
from below:

            # "raw crypt parsing emitting control klips pfkey natt x509
dpd private"

            # eg:

            # plutodebug="control parsing"

            plutodebug="all"

            #

            # enable to get logs per-peer

            # plutoopts="--perpeerlog"

            #

            # Again: only enable plutodebug or klipsdebug when asked by
a developer

            #

            # NAT-TRAVERSAL support, see README.NAT-Traversal

            nat_traversal=yes

            # exclude networks used on server side by adding
%v4:!a.b.c.0/24

 
virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12

            # OE is now off by default. Uncomment and change to on, to
enable.

            oe=off

            # which IPsec stack to use. netkey,klips,mast,auto or none

            protostack=netkey

            

 

# Add connections here

 

# sample VPN connection

# for more examples, see /etc/ipsec.d/examples/

#conn sample

#                      # Left security gateway, subnet behind it,
nexthop toward right.

#                      left=10.0.0.1

#                      leftsubnet=172.16.0.0/24

#                      leftnexthop=10.22.33.44

#                      # Right security gateway, subnet behind it,
nexthop toward left.

#                      right=10.12.12.1

#                      rightsubnet=192.168.0.0/24

#                      rightnexthop=10.101.102.103

#                      # To authorize this connection, but not actually
start it, 

#                      # at startup, uncomment this.

#                      #auto=start

 

conn att-to-home

            authby=secret

            type=tunnel

            left=32.177.8.180

            leftsubnet=192.168.1.0/24

            right=70.166.7.155

            rightsubnet=10.0.1.0/24

            rightid=@rwwyatt.dyndns.org

            ike=3des-sha1

            phase2=esp

            phase2alg=3des-sha1;modp1024

            pfs=yes

            auto=add

+ _________________________ ipsec/secrets

+ 

+ ipsec _include /etc/ipsec.secrets

+ ipsec _secretcensor

 

#< /etc/ipsec.secrets 1

32.177.8.180 @rwwyatt.dyndns.org: PSK "[sums to 6654...]"

+ _________________________ ipsec/listall

+ 

+ ipsec auto --listall

000  

000 List of Public Keys:

000  

000 List of Pre-shared secrets (from /etc/ipsec.secrets)

000     1: PSK @rwwyatt.dyndns.org 32.177.8.180

+ [ /etc/ipsec.d/policies ]

+ basename /etc/ipsec.d/policies/block

+ base=block

+ _________________________ ipsec/policies/block

+ 

+ cat /etc/ipsec.d/policies/block

# This file defines the set of CIDRs (network/mask-length) to which

# communication should never be allowed.

#

# See /usr/local/share/doc/openswan/policygroups.html for details.

#

# $Id: block.in,v 1.4 2003/02/17 02:22:15 mcr Exp $

#

 

+ basename /etc/ipsec.d/policies/clear

+ base=clear

+ _________________________ ipsec/policies/clear

+ 

+ cat /etc/ipsec.d/policies/clear

# This file defines the set of CIDRs (network/mask-length) to which

# communication should always be in the clear.

#

# See /usr/local/share/doc/openswan/policygroups.html for details.

#

 

# root name servers should be in the clear

192.58.128.30/32

198.41.0.4/32

192.228.79.201/32

192.33.4.12/32

128.8.10.90/32

192.203.230.10/32

192.5.5.241/32

192.112.36.4/32

128.63.2.53/32

192.36.148.17/32

193.0.14.129/32

199.7.83.42/32

202.12.27.33/32

+ basename /etc/ipsec.d/policies/clear-or-private

+ base=clear-or-private

+ _________________________ ipsec/policies/clear-or-private

+ 

+ cat /etc/ipsec.d/policies/clear-or-private

# This file defines the set of CIDRs (network/mask-length) to which

# we will communicate in the clear, or, if the other side initiates
IPSEC,

# using encryption.  This behaviour is also called "Opportunistic
Responder".

#

# See /usr/local/share/doc/openswan/policygroups.html for details.

#

# $Id: clear-or-private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $

#

+ basename /etc/ipsec.d/policies/private

+ base=private

+ _________________________ ipsec/policies/private

+ 

+ cat /etc/ipsec.d/policies/private

# This file defines the set of CIDRs (network/mask-length) to which

# communication should always be private (i.e. encrypted).

# See /usr/local/share/doc/openswan/policygroups.html for details.

#

# $Id: private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $

#

+ basename /etc/ipsec.d/policies/private-or-clear

+ base=private-or-clear

+ _________________________ ipsec/policies/private-or-clear

+ 

+ cat /etc/ipsec.d/policies/private-or-clear

# This file defines the set of CIDRs (network/mask-length) to which

# communication should be private, if possible, but in the clear
otherwise.

#

# If the target has a TXT (later IPSECKEY) record that specifies

# authentication material, we will require private (i.e. encrypted)

# communications.  If no such record is found, communications will be

# in the clear.

#

# See /usr/local/share/doc/openswan/policygroups.html for details.

#

# $Id: private-or-clear.in,v 1.5 2003/02/17 02:22:15 mcr Exp $

#

 

0.0.0.0/0

+ _________________________ ipsec/ls-libdir

+ 

+ ls -l /usr/local/lib/ipsec

-rwxr-xr-x    1 root     root         5256 Sep 17 15:20
[1;32m_copyright[0m

-rwxr-xr-x    1 root     root         2379 Sep 17 15:20
[1;32m_include[0m

-rwxr-xr-x    1 root     root         1475 Sep 17 15:20
[1;32m_keycensor[0m

-rwxr-xr-x    1 root     root         2632 Sep 17 15:20
[1;32m_plutoload[0m

-rwxr-xr-x    1 root     root         7635 Sep 17 15:20
[1;32m_plutorun[0m

-rwxr-xr-x    1 root     root        12943 Sep 17 15:20
[1;32m_realsetup[0m

-rwxr-xr-x    1 root     root         1975 Sep 17 15:20
[1;32m_secretcensor[0m

-rwxr-xr-x    1 root     root         8567 Sep 17 15:20
[1;32m_startklips[0m

-rwxr-xr-x    1 root     root         8567 Sep 17 15:20
[1;32m_startklips.old[0m

-rwxr-xr-x    1 root     root         5923 Sep 17 15:20
[1;32m_startnetkey[0m

-rwxr-xr-x    1 root     root         4886 Sep 17 15:20 [1;32m_updown[0m

-rwxr-xr-x    1 root     root        14028 Sep 17 15:20
[1;32m_updown.klips[0m

-rwxr-xr-x    1 root     root        14028 Sep 17 15:20
[1;32m_updown.klips.old[0m

-rwxr-xr-x    1 root     root        11798 Sep 17 15:20
[1;32m_updown.mast[0m

-rwxr-xr-x    1 root     root        11798 Sep 17 15:20
[1;32m_updown.mast.old[0m

-rwxr-xr-x    1 root     root         8534 Sep 17 15:20
[1;32m_updown.netkey[0m

+ _________________________ ipsec/ls-execdir

+ 

+ ls -l /usr/local/libexec/ipsec

-rwxr-xr-x    1 root     root        10124 Sep 17 15:20
[1;32m_pluto_adns[0m

-rwxr-xr-x    1 root     root       221912 Sep 17 15:20 [1;32maddconn[0m

-rwxr-xr-x    1 root     root         6129 Sep 17 15:20 [1;32mauto[0m

-rwxr-xr-x    1 root     root        10828 Sep 17 15:20 [1;32mbarf[0m

-rwxr-xr-x    1 root     root       115148 Sep 17 15:20 [1;32meroute[0m

-rwxr-xr-x    1 root     root        25832 Sep 17 15:20 [1;32mikeping[0m

-rwxr-xr-x    1 root     root        86152 Sep 17 15:20
[1;32mklipsdebug[0m

-rwxr-xr-x    1 root     root         2591 Sep 17 15:20 [1;32mlook[0m

-rwxr-xr-x    1 root     root         2182 Sep 17 15:20
[1;32mnewhostkey[0m

-rwxr-xr-x    1 root     root        77568 Sep 17 15:20 [1;32mpf_key[0m

-rwxr-xr-x    1 root     root      1207328 Sep 17 15:20 [1;32mpluto[0m

-rwxr-xr-x    1 root     root        10292 Sep 17 15:20 [1;32mranbits[0m

-rwxr-xr-x    1 root     root        22984 Sep 17 15:20
[1;32mrsasigkey[0m

-rwxr-xr-x    1 root     root          766 Sep 17 15:20 [1;32msecrets[0m

lrwxrwxrwx    1 root     root           22 Sep 17 15:20 [1;36msetup[0m
-> [1;32m/etc/rc.d/init.d/ipsec[0m

-rwxr-xr-x    1 root     root         1054 Sep 17 15:20
[1;32mshowdefaults[0m

-rwxr-xr-x    1 root     root       321336 Sep 17 15:20
[1;32mshowhostkey[0m

-rwxr-xr-x    1 root     root        27088 Sep 17 15:20
[1;32mshowpolicy[0m

-rwxr-xr-x    1 root     root       173476 Sep 17 15:20 [1;32mspi[0m

-rwxr-xr-x    1 root     root        99092 Sep 17 15:20 [1;32mspigrp[0m

-rwxr-xr-x    1 root     root        86644 Sep 17 15:20 [1;32mtncfg[0m

-rwxr-xr-x    1 root     root        13380 Sep 17 15:20 [1;32mverify[0m

-rwxr-xr-x    1 root     root        64596 Sep 17 15:20 [1;32mwhack[0m

+ _________________________ /proc/net/dev

+ 

+ cat /proc/net/dev

Inter-|   Receive                                                |
Transmit

 face |bytes    packets errs drop fifo frame compressed multicast|bytes
packets errs drop fifo colls carrier compressed

    lo:       0       0    0    0    0     0          0         0
0       0    0    0    0     0       0          0

dummy0:       0       0    0    0    0     0          0         0
0       0    0    0    0     0       0          0

rmnet0:       0       0    0    0    0     0          0         0
0       0    0    0    0     0       0          0

rmnet1:       0       0    0    0    0     0          0         0
0       0    0    0    0     0       0          0

rmnet2:       0       0    0    0    0     0          0         0
0       0    0    0    0     0       0          0

  usb0: 1208787   11804    0    0    0     0          0         0
2300970   10346    0    0    0     0       0          0

  ppp0:  217066    1402    0    0    0     0          0         0
194053    1344    0    0    0     0       0          0

+ _________________________ /proc/net/route

+ 

+ cat /proc/net/route

Iface     Destination       Gateway           Flags    RefCnt Use
Metric  Mask               MTU    Window           IRTT


ppp0    4040400A       00000000        0005    0          0          0
FFFFFFFF      0          0          0


usb0     0001A8C0       00000000        0001    0          0          0
00FFFFFF       0          0          0


ppp0    00000000        00000000        0001    0          0          0
00000000        0          0          0


+ _________________________ /proc/sys/net/ipv4/ip_no_pmtu_disc

+ 

+ cat /proc/sys/net/ipv4/ip_no_pmtu_disc

0

+ _________________________ /proc/sys/net/ipv4/ip_forward

+ 

+ cat /proc/sys/net/ipv4/ip_forward

1

+ _________________________ /proc/sys/net/ipv4/tcp_ecn

+ 

+ cat /proc/sys/net/ipv4/tcp_ecn

0

+ _________________________ /proc/sys/net/ipv4/conf/star-rp_filter

+ 

+ cd /proc/sys/net/ipv4/conf

+ egrep ^ all/rp_filter default/rp_filter dummy0/rp_filter lo/rp_filter
ppp0/rp_filter rmnet0/rp_filter rmnet1/rp_filter rmnet2/rp_filter
usb0/rp_filter

all/rp_filter:0

default/rp_filter:0

dummy0/rp_filter:0

lo/rp_filter:0

ppp0/rp_filter:0

rmnet0/rp_filter:0

rmnet1/rp_filter:0

rmnet2/rp_filter:0

usb0/rp_filter:0

+ _________________________ /proc/sys/net/ipv4/conf/star-star-redirects

+ 

+ cd /proc/sys/net/ipv4/conf

+ egrep ^ all/accept_redirects all/secure_redirects all/send_redirects
default/accept_redirects default/secure_redirects default/send_redirects
dummy0/accept_redirects dummy0/secure_redirects dummy0/send_redirects
lo/accept_redirects lo/secure_redirects lo/send_redirects
ppp0/accept_redirects ppp0/secure_redirects ppp0/send_redirects
rmnet0/accept_redirects rmnet0/secure_redirects rmnet0/send_redirects
rmnet1/accept_redirects rmnet1/secure_redirects rmnet1/send_redirects
rmnet2/accept_redirects rmnet2/secure_redirects rmnet2/send_redirects
usb0/accept_redirects usb0/secure_redirects usb0/send_redirects

all/accept_redirects:0

all/secure_redirects:1

all/send_redirects:1

default/accept_redirects:1

default/secure_redirects:1

default/send_redirects:1

dummy0/accept_redirects:1

dummy0/secure_redirects:1

dummy0/send_redirects:1

lo/accept_redirects:1

lo/secure_redirects:1

lo/send_redirects:1

ppp0/accept_redirects:1

ppp0/secure_redirects:1

ppp0/send_redirects:1

rmnet0/accept_redirects:1

rmnet0/secure_redirects:1

rmnet0/send_redirects:1

rmnet1/accept_redirects:1

rmnet1/secure_redirects:1

rmnet1/send_redirects:1

rmnet2/accept_redirects:1

rmnet2/secure_redirects:1

rmnet2/send_redirects:1

usb0/accept_redirects:1

usb0/secure_redirects:1

usb0/send_redirects:1

+ _________________________ /proc/sys/net/ipv4/tcp_window_scaling

+ 

+ cat /proc/sys/net/ipv4/tcp_window_scaling

1

+ _________________________ /proc/sys/net/ipv4/tcp_adv_win_scale

+ 

+ cat /proc/sys/net/ipv4/tcp_adv_win_scale

2

+ _________________________ uname-a

+ 

+ uname -a

Linux (none) 2.6.25.05 #1 PREEMPT Mon Aug 31 22:14:42 EDT 2009 armv6l
unknown

+ _________________________ config-built-with

+ 

+ test -r /proc/config_built_with

+ _________________________ distro-release

+ 

+ test -f /etc/redhat-release

+ test -f /etc/debian-release

+ test -f /etc/SuSE-release

+ test -f /etc/mandrake-release

+ test -f /etc/mandriva-release

+ test -f /etc/gentoo-release

+ _________________________ /proc/net/ipsec_version

+ 

+ test -r /proc/net/ipsec_version

+ test -r /proc/net/pfkey

+ uname -r

+ echo NETKEY (2.6.25.05) support detected 

NETKEY (2.6.25.05) support detected 

+ _________________________ iptables

+ 

+ test -r /sbin/iptables

+ iptables -L -v -n

Chain INPUT (policy ACCEPT 2 packets, 656 bytes)

 pkts bytes target     prot opt in     out     source
destination         

10598 1096K ACCEPT     all  --  *      *       192.168.1.0/28
0.0.0.0/0           

 1323  180K ACCEPT     all  --  ppp0   *       0.0.0.0/0
32.177.8.180        state NEW,RELATED,ESTABLISHED 

 

Chain FORWARD (policy ACCEPT 1234 packets, 135K bytes)

 pkts bytes target     prot opt in     out     source
destination         

    0     0 ACCEPT     all  --  ppp0   br0     0.0.0.0/0
0.0.0.0/0           

    0     0 ACCEPT     all  --  br0    ppp0    0.0.0.0/0
0.0.0.0/0           

 1241  110K ACCEPT     all  --  *      *       192.168.1.0/28
0.0.0.0/0           

    0     0 ACCEPT     all  --  ppp0   *       0.0.0.0/0
32.177.8.180        state NEW,RELATED,ESTABLISHED 

 

Chain OUTPUT (policy ACCEPT 10433 packets, 2214K bytes)

 pkts bytes target     prot opt in     out     source
destination         

+ _________________________ iptables-nat

+ 

+ iptables -t nat -L -v -n

Chain PREROUTING (policy ACCEPT 2224 packets, 165K bytes)

 pkts bytes target     prot opt in     out     source
destination         

 

Chain POSTROUTING (policy ACCEPT 1166 packets, 98336 bytes)

 pkts bytes target     prot opt in     out     source
destination         

   63  9619 MASQUERADE  all  --  *      ppp0    0.0.0.0/0
0.0.0.0/0           

    0     0 MASQUERADE  all  --  *      ppp0    0.0.0.0/0
0.0.0.0/0           

 

Chain OUTPUT (policy ACCEPT 60 packets, 9935 bytes)

 pkts bytes target     prot opt in     out     source
destination         

+ _________________________ iptables-mangle

+ 

+ iptables -t mangle -L -v -n

Chain PREROUTING (policy ACCEPT 14437 packets, 1529K bytes)

 pkts bytes target     prot opt in     out     source
destination         

 

Chain INPUT (policy ACCEPT 11944 packets, 1280K bytes)

 pkts bytes target     prot opt in     out     source
destination         

 

Chain FORWARD (policy ACCEPT 2475 packets, 245K bytes)

 pkts bytes target     prot opt in     out     source
destination         

 

Chain OUTPUT (policy ACCEPT 10440 packets, 2217K bytes)

 pkts bytes target     prot opt in     out     source
destination         

 

Chain POSTROUTING (policy ACCEPT 12919 packets, 2463K bytes)

 pkts bytes target     prot opt in     out     source
destination         

+ _________________________ /proc/modules

+ 

+ test -f /proc/modules

+ cat /proc/modules

deflate 4224 0 - Live 0xbf036000

zlib_deflate 22408 1 deflate, Live 0xbf02f000

zlib_inflate 16256 1 deflate, Live 0xbf02a000

crypto_null 3712 0 - Live 0xbf028000

blowfish 9664 0 - Live 0xbf024000

ah4 7104 0 - Live 0xbf021000

esp4 8864 4 - Live 0xbf01d000

xfrm4_tunnel 3104 0 - Live 0xbf01b000

tunnel4 4040 1 xfrm4_tunnel, Live 0xbf019000

xfrm4_mode_tunnel 3328 8 - Live 0xbf017000

xfrm4_mode_transport 2464 0 - Live 0xbf015000

ipcomp 8712 0 - Live 0xbf011000

af_key 43344 0 - Live 0xbf005000

diagchar 15332 0 - Live 0xbf000000

+ _________________________ /proc/meminfo

+ 

+ cat /proc/meminfo

MemTotal:        65952 kB

MemFree:         17892 kB

Buffers:             0 kB

Cached:          35268 kB

SwapCached:          0 kB

Active:           9048 kB

Inactive:        30860 kB

SwapTotal:           0 kB

SwapFree:            0 kB

Dirty:               0 kB

Writeback:           0 kB

AnonPages:        4668 kB

Mapped:           4540 kB

Slab:             6064 kB

SReclaimable:     2616 kB

SUnreclaim:       3448 kB

PageTables:        504 kB

NFS_Unstable:        0 kB

Bounce:              0 kB

CommitLimit:     32976 kB

Committed_AS:   138984 kB

VmallocTotal:   188416 kB

VmallocUsed:        16 kB

VmallocChunk:   188400 kB

+ _________________________ /proc/net/ipsec-ls

+ 

+ test -f /proc/net/ipsec_version

+ _________________________ usr/src/linux/.config

+ 

+ test -f /proc/config.gz

+ zcat /proc/config.gz

+ egrep
CONFIG_IPSEC|CONFIG_KLIPS|CONFIG_NET_KEY|CONFIG_INET|CONFIG_IP|CONFIG_HW
_RANDOM|CONFIG_CRYPTO_DEV|_XFRM

CONFIG_XFRM=y

CONFIG_XFRM_USER=y

# CONFIG_XFRM_SUB_POLICY is not set

CONFIG_XFRM_MIGRATE=y

# CONFIG_XFRM_STATISTICS is not set

CONFIG_NET_KEY=m

CONFIG_NET_KEY_MIGRATE=y

CONFIG_INET=y

# CONFIG_IP_MULTICAST is not set

# CONFIG_IP_ADVANCED_ROUTER is not set

CONFIG_IP_FIB_HASH=y

# CONFIG_IP_PNP is not set

CONFIG_INET_AH=m

CONFIG_INET_ESP=m

CONFIG_INET_IPCOMP=m

CONFIG_INET_XFRM_TUNNEL=m

CONFIG_INET_TUNNEL=m

CONFIG_INET_XFRM_MODE_TRANSPORT=m

CONFIG_INET_XFRM_MODE_TUNNEL=m

# CONFIG_INET_XFRM_MODE_BEET is not set

# CONFIG_INET_LRO is not set

# CONFIG_INET_DIAG is not set

# CONFIG_IP_VS is not set

# CONFIG_IPV6 is not set

# CONFIG_INET6_XFRM_TUNNEL is not set

# CONFIG_INET6_TUNNEL is not set

# CONFIG_IP_NF_QUEUE is not set

CONFIG_IP_NF_IPTABLES=y

CONFIG_IP_NF_MATCH_RECENT=y

CONFIG_IP_NF_MATCH_ECN=y

CONFIG_IP_NF_MATCH_AH=y

CONFIG_IP_NF_MATCH_TTL=y

CONFIG_IP_NF_MATCH_ADDRTYPE=y

CONFIG_IP_NF_FILTER=y

CONFIG_IP_NF_TARGET_REJECT=y

CONFIG_IP_NF_TARGET_LOG=y

CONFIG_IP_NF_TARGET_ULOG=y

CONFIG_IP_NF_TARGET_MASQUERADE=y

CONFIG_IP_NF_TARGET_REDIRECT=y

CONFIG_IP_NF_TARGET_NETMAP=y

CONFIG_IP_NF_MANGLE=y

CONFIG_IP_NF_TARGET_ECN=y

CONFIG_IP_NF_TARGET_TTL=y

CONFIG_IP_NF_TARGET_CLUSTERIP=y

CONFIG_IP_NF_RAW=y

# CONFIG_IP_NF_ARPTABLES is not set

# CONFIG_IP_DCCP is not set

# CONFIG_IP_SCTP is not set

# CONFIG_IPX is not set

# CONFIG_IPMI_HANDLER is not set

# CONFIG_HW_RANDOM is not set

+ _________________________ etc/syslog.conf

+ 

+ _________________________ etc/syslog-ng/syslog-ng.conf

+ 

+ cat /etc/syslog-ng/syslog-ng.conf

cat: can't open '/etc/syslog-ng/syslog-ng.conf': No such file or
directory

+ cat /etc/syslog.conf

cat: can't open '/etc/syslog.conf': No such file or directory

+ _________________________ etc/resolv.conf

+ 

+ cat /etc/resolv.conf

nameserver 209.183.54.151

nameserver 209.183.54.151

+ _________________________ lib/modules-ls

+ 

+ ls -ltr /lib/modules

drwxr-xr-x    3 root     root            0 Jan  1  1970
[1;34m2.6.25.05[0m

+ _________________________ fipscheck

+ 

+ cat /proc/sys/crypto/fips_enabled

cat: can't open '/proc/sys/crypto/fips_enabled': No such file or
directory

+ _________________________ /proc/ksyms-netif_rx

+ 

+ test -r /proc/ksyms

+ test -r /proc/kallsyms

+ egrep netif_rx /proc/kallsyms

c01d20d0 T netif_rx

c01d4034 T netif_rx_ni

c0326568 r __ksymtab_netif_rx_ni

c0326670 r __ksymtab_netif_rx

c032ada4 r __kcrctab_netif_rx_ni

c032ae28 r __kcrctab_netif_rx

c0336bd4 r __kstrtab_netif_rx_ni

c0336e20 r __kstrtab_netif_rx

+ _________________________ lib/modules-netif_rx

+ 

+ modulegoo kernel/net/ipv4/ipip.o netif_rx

+ set +x

2.6.25.05: 

+ _________________________ kern.debug

+ 

+ test -f /var/log/kern.debug

+ _________________________ klog

+ 

+ sed -n 1,$p /dev/null

+ egrep -i ipsec|klips|pluto

+ cat

+ _________________________ plog

+ 

+ sed -n 1,$p+ egrep -i pluto

 /dev/null

+ cat

+ _________________________ date

+ 

+ date

Thu Sep 17 16:06:58 UTC 2009

# exit

Connection to 192.168.1.1 closed.

]0;rwwyatt at rwwyatt-laptop: ~rwwyatt at rwwyatt-laptop:~$ exit

exit

 

Script done on Thu 17 Sep 2009 04:07:35 PM PDT

 

------------------------------------------------
Randy Wyatt
Senior Systems Engineer
Office: (858) 431-3743

Cell: (858) 527-8555
rwyatt at nvtl.com
Skype: randy.wyatt77
www.novatelwireless.com

This email and any attachments may contain confidential and privileged
information. If you are not the intended recipient, please notify the
sender immediately by return email, delete this email and destroy any
copies. Any dissemination or use of this information by a person other
than the intended recipient is unauthorized and may be illegal. Any
opinions expressed in this email are those of the individual writer
alone and not necessarily those of Novatel Wireless, Inc. or its
affiliates. To the extent this email purports to waive, amend or
supplement any term or condition of an agreement, contract or purchase
order (including any exhibits or attachments thereto), such purported
waiver, amendment or supplementation shall be of no force or effect
whatsoever, anything to the contrary notwithstanding 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20090917/0fdd3e04/attachment-0001.html 


More information about the Users mailing list