[Openswan Users] Trying to find why ipsec0 tx dropped occurs
David BENTO
nd.bento at free.fr
Tue Jun 22 05:18:45 EDT 2010
Hi,
i'm testing openswan 2.6.26(KLIPS) with kernel 2.6.32.15 and i also got tx
dropped packets.
When i send ping from my subnet to the remote, i tcpdump on ipsec0 on my
gateway, i see the icmp echo packet, then i tcpdump on the remote gateway on
the internal interface, i see icmp echo/reply packets, and when i try to
tcpdump ipsec0 on the remote i got an oops.
ifconfig shows that there are tx_dropped packets on ipsec0.
--
David BENTO
Mail : nd.bento at free.fr
Le vendredi 11 juin 2010 11:43:19, Mike C a écrit :
> Hi,
>
> I'm having trouble with what appears to be outbound packets being
> dropped from ipsec0. Incoming packets are fine.
>
> My setup is:
>
> 192.168.18.254/24 <-> 192.168.25.254
> I am trying to initiate a ping from 192.168.25.254 to 192.168.18.2 (a
> device on the network, which has its default gateway set to
> 192.168.18.254).
>
> I can see from the firewall on 192.168.18.254 that the ICMP request
> from 192.168.25.254 reaches the client (192.168.18.2), and the client
> sends a response, however the openswan endpoint at 192.168.18.254 is
> dropping the response from ipsec0 rather than sending it back to
> 192.168.25.254.
>
> Firewall Logs on 192.168.18.254:
> ACCEPT:IN=ipsec0 OUT=eth0 SRC=192.168.25.254 DST=192.168.18.2 LEN=84
> TOS=0x00 PREC=0x00 TTL=63 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=54837
> SEQ=6 MARK=0xf0014
> ACCEPT:IN=eth0 OUT=ipsec0 SRC=192.168.18.2 DST=192.168.25.254 LEN=84
> TOS=0x00 PREC=0x00 TTL=63 ID=112 DF PROTO=ICMP TYPE=0 CODE=0 ID=54837
> SEQ=6
>
> # ifconfig ipsec0 (see the TX dropped packets)
> ipsec0 Link encap:Point-to-Point Protocol
> inet addr:94.9.157.10 Mask:255.255.255.255
> UP RUNNING NOARP MTU:16260 Metric:1
> RX packets:97 errors:0 dropped:0 overruns:0 frame:0
> TX packets:0 errors:0 dropped:192 overruns:0 carrier:0
> collisions:0 txqueuelen:10
> RX bytes:6208 (6.0 KiB) TX bytes:0 (0.0 B)
>
> Turning klipsdebug on, I see this when I try a different ping - ping
> 192.168.25.254 (from 192.168.18.254):
>
> # ping 192.168.25.254
> PING 192.168.25.254 (192.168.25.254): 56 data bytes
> ping: sendto: Invalid argument
> # Jun 11 09:37:55 testbox user.info kernel:
> klips_debug:ipsec_tunnel_hard_header: cannot revector dev=ipsec0
> op=(null) func=(null)
> Jun 11 09:37:55 testbox user.info kernel:
> klips_debug:klips_header_cache: cannot revector dev=ipsec0 op=(null)
> func=(null)
> Jun 11 09:37:55 testbox user.info kernel:
> klips_debug:ipsec_tunnel_hard_header: skb->dev=ipsec0 dev=ipsec0.
>
> I get these same messages regardless of what machine it is initiated
> on in the 192.168.18.0/24 network. What is causing the packets to be
> dropped,and more importantly what needs to be changed?
>
> The machine is linux 2.6.32-9, with uClibc and busybox. Perl isn't
> installed so ipsec verify isn't working.
>
> Your help would be much appreciated,
>
> Thanks,
>
> Mike
>
> barf below:
>
> Jun 11 09:10:59 testbox user.info kernel: klips_info:ipsec_init: KLIPS
> startup, Openswan KLIPS IPsec stack version: 2.6.26
> Jun 11 09:10:59 testbox user.warn kernel: registered KLIPS /proc/sys/net
> Jun 11 09:10:59 testbox user.info kernel: klips_info:ipsec_alg_init:
> KLIPS alg v=0.8.1-0 (EALG_MAX=255, AALG_MAX=251)
> Jun 11 09:10:59 testbox user.info kernel: klips_info:ipsec_alg_init:
> calling ipsec_alg_static_init()
> Jun 11 09:10:59 testbox user.debug kernel: klips_debug: experimental
> ipsec_alg_AES_MAC not registered [Ok] (auth_id=0)
> Jun 11 09:13:01 testbox user.warn pluto[2204]: Using KLIPS IPsec
> interface code on 2.6.32.9-g9b5a066-dirty
> Jun 11 09:14:20 testbox user.warn pluto[2204]: "tun1" #5: up-client
> output: //lib/ipsec/_updown.klips: changesource `ip route change
> 192.168.25.0/24 dev ipsec0 src 192.168.18.254' failed (RTNETLINK
> answers: No such file or directory)
>
> Jun 11 08:59:44 testbox user.warn pluto[2844]: packet from
> 118.93.180.109:500: ignoring unknown Vendor ID payload
> [4f45685e5c537d65727a5053]
> Jun 11 08:59:44 testbox user.warn pluto[2844]: packet from
> 118.93.180.109:500: received Vendor ID payload [Dead Peer Detection]
> Jun 11 08:59:44 testbox user.warn pluto[2844]: packet from
> 118.93.180.109:500: received Vendor ID payload [RFC 3947] method set
> to=109
> Jun 11 08:59:44 testbox user.warn pluto[2844]: packet from
> 118.93.180.109:500: received Vendor ID payload
> [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109
> Jun 11 08:59:44 testbox user.warn pluto[2844]: packet from
> 118.93.180.109:500: received Vendor ID payload
> [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109
> Jun 11 08:59:44 testbox user.warn pluto[2844]: packet from
> 118.93.180.109:500: received Vendor ID payload
> [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method
> 109
> Jun 11 08:59:44 testbox user.warn pluto[2844]: packet from
> 118.93.180.109:500: received Vendor ID payload
> [draft-ietf-ipsec-nat-t-ike-00]
> Jun 11 08:59:44 testbox user.warn pluto[2844]: packet from
> 118.93.180.109:500: initial Main Mode message received on
> 94.11.24.57:500 but no connection has been authorized with policy=PSK
> Jun 11 09:13:01 testbox user.warn pluto[2204]: Setting NAT-Traversal
> port-4500 floating to on
> Jun 11 09:13:01 testbox user.warn pluto[2204]: port floating
> activation criteria nat_t=1/port_float=1
> Jun 11 09:13:01 testbox user.warn pluto[2204]: NAT-Traversal
> support [enabled] [Force KeepAlive]
> Jun 11 09:13:01 testbox user.warn pluto[2204]: using /dev/urandom as
> source of random entropy
> Jun 11 09:13:01 testbox user.warn pluto[2204]: ike_alg_register_enc():
> Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
> Jun 11 09:13:01 testbox user.warn pluto[2204]: ike_alg_register_enc():
> Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
> Jun 11 09:13:01 testbox user.warn pluto[2204]: ike_alg_register_enc():
> Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
> Jun 11 09:13:01 testbox user.warn pluto[2204]: ike_alg_register_enc():
> Activating OAKLEY_AES_CBC: Ok (ret=0)
> Jun 11 09:13:01 testbox user.warn pluto[2204]: ike_alg_register_enc():
> Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
> Jun 11 09:13:01 testbox user.warn pluto[2204]:
> ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
> Jun 11 09:13:01 testbox user.warn pluto[2204]:
> ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
> Jun 11 09:13:01 testbox user.warn pluto[2204]: no helpers will be
> started, all cryptographic operations will be done inline
> Jun 11 09:13:01 testbox user.warn pluto[2204]: Using KLIPS IPsec
> interface code on 2.6.32.9-g9b5a066-dirty
> Jun 11 09:13:01 testbox user.warn pluto[2204]: Changed path to
> directory '/etc/ipsec.d/cacerts'
> Jun 11 09:13:01 testbox user.warn pluto[2204]: Changed path to
> directory '/etc/ipsec.d/aacerts'
> Jun 11 09:13:01 testbox user.warn pluto[2204]: Changed path to
> directory '/etc/ipsec.d/ocspcerts'
> Jun 11 09:13:01 testbox user.warn pluto[2204]: Changing to directory
> '/etc/ipsec.d/crls'
> Jun 11 09:13:01 testbox user.warn pluto[2204]: Warning: empty directory
> Jun 11 09:13:01 testbox user.warn pluto[2204]: listening for IKE messages
> Jun 11 09:13:01 testbox user.warn pluto[2204]: NAT-Traversal: Trying
> new style NAT-T
> Jun 11 09:13:01 testbox user.warn pluto[2204]: adding interface
> ipsec0/ppp0 94.9.157.10:500
> Jun 11 09:13:01 testbox user.warn pluto[2204]: adding interface
> ipsec0/ppp0 94.9.157.10:4500
> Jun 11 09:13:01 testbox user.warn pluto[2204]: loading secrets from
> "/etc/ipsec.secrets"
> Jun 11 09:13:01 testbox user.warn pluto[2204]: added connection
> description "tun1"
> Jun 11 09:13:01 testbox user.warn pluto[2204]: "tun1" #1: initiating Main
> Mode Jun 11 09:13:01 testbox user.warn pluto[2204]: attempt to redefine
> connection "tun1"
> Jun 11 09:13:41 testbox user.warn pluto[2204]: "tun1": deleting connection
> Jun 11 09:13:41 testbox user.warn pluto[2204]: "tun1" #1: deleting
> state (STATE_MAIN_I1)
> Jun 11 09:13:41 testbox user.warn pluto[2204]: added connection
> description "tun1"
> Jun 11 09:13:41 testbox user.warn pluto[2204]: "tun1" #2: initiating Main
> Mode Jun 11 09:13:51 testbox user.warn pluto[2204]: "tun1": deleting
> connection Jun 11 09:13:51 testbox user.warn pluto[2204]: "tun1" #2:
> deleting state (STATE_MAIN_I1)
> Jun 11 09:13:51 testbox user.warn pluto[2204]: added connection
> description "tun1"
> Jun 11 09:13:51 testbox user.warn pluto[2204]: "tun1" #3: initiating Main
> Mode Jun 11 09:14:18 testbox user.warn pluto[2204]: packet from
> 118.93.180.109:500: ignoring unknown Vendor ID payload
> [4f45685e5c537d65727a5053]
> Jun 11 09:14:18 testbox user.warn pluto[2204]: packet from
> 118.93.180.109:500: received Vendor ID payload [Dead Peer Detection]
> Jun 11 09:14:18 testbox user.warn pluto[2204]: packet from
> 118.93.180.109:500: received Vendor ID payload [RFC 3947] method set
> to=109
> Jun 11 09:14:18 testbox user.warn pluto[2204]: packet from
> 118.93.180.109:500: received Vendor ID payload
> [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109
> Jun 11 09:14:18 testbox user.warn pluto[2204]: packet from
> 118.93.180.109:500: received Vendor ID payload
> [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109
> Jun 11 09:14:18 testbox user.warn pluto[2204]: packet from
> 118.93.180.109:500: received Vendor ID payload
> [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method
> 109
> Jun 11 09:14:18 testbox user.warn pluto[2204]: packet from
> 118.93.180.109:500: received Vendor ID payload
> [draft-ietf-ipsec-nat-t-ike-00]
> Jun 11 09:14:18 testbox user.warn pluto[2204]: "tun1" #4: responding
> to Main Mode
> Jun 11 09:14:18 testbox user.warn pluto[2204]: "tun1" #4: transition
> from state STATE_MAIN_R0 to state STATE_MAIN_R1
> Jun 11 09:14:18 testbox user.warn pluto[2204]: "tun1" #4:
> STATE_MAIN_R1: sent MR1, expecting MI2
> Jun 11 09:14:18 testbox user.warn pluto[2204]: "tun1" #4:
> NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected
> Jun 11 09:14:18 testbox user.warn pluto[2204]: "tun1" #4: transition
> from state STATE_MAIN_R1 to state STATE_MAIN_R2
> Jun 11 09:14:18 testbox user.warn pluto[2204]: "tun1" #4:
> STATE_MAIN_R2: sent MR2, expecting MI3
> Jun 11 09:14:19 testbox user.warn pluto[2204]: "tun1" #4: Main mode
> peer ID is ID_IPV4_ADDR: '118.93.180.109'
> Jun 11 09:14:19 testbox user.warn pluto[2204]: "tun1" #4: transition
> from state STATE_MAIN_R2 to state STATE_MAIN_R3
> Jun 11 09:14:19 testbox user.warn pluto[2204]: "tun1" #4:
> STATE_MAIN_R3: sent MR3, ISAKMP SA established
> {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5
> group=modp1536}
> Jun 11 09:14:19 testbox user.warn pluto[2204]: "tun1" #4: the peer
> proposed: 192.168.18.0/24:0/0 -> 192.168.25.0/24:0/0
> Jun 11 09:14:19 testbox user.warn pluto[2204]: "tun1" #5: responding
> to Quick Mode proposal {msgid:3f3a872e}
> Jun 11 09:14:19 testbox user.warn pluto[2204]: "tun1" #5: us:
> 192.168.18.0/24===94.9.157.10---89.200.128.42
> Jun 11 09:14:19 testbox user.warn pluto[2204]: "tun1" #5: them:
> 118.93.180.109===192.168.25.0/24
> Jun 11 09:14:19 testbox user.warn pluto[2204]: "tun1" #5: transition
> from state STATE_QUICK_R0 to state STATE_QUICK_R1
> Jun 11 09:14:19 testbox user.warn pluto[2204]: "tun1" #5:
> STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
> Jun 11 09:14:19 testbox user.warn pluto[2204]: "tun1" #4: the peer
> proposed: 192.168.18.0/24:0/0 -> 192.168.25.0/24:0/0
> Jun 11 09:14:19 testbox user.warn pluto[2204]: "tun1" #6: responding
> to Quick Mode proposal {msgid:a677ff3b}
> Jun 11 09:14:19 testbox user.warn pluto[2204]: "tun1" #6: us:
> 192.168.18.0/24===94.9.157.10---89.200.128.42
> Jun 11 09:14:19 testbox user.warn pluto[2204]: "tun1" #6: them:
> 118.93.180.109===192.168.25.0/24
> Jun 11 09:14:19 testbox user.warn pluto[2204]: "tun1" #6: transition
> from state STATE_QUICK_R0 to state STATE_QUICK_R1
> Jun 11 09:14:19 testbox user.warn pluto[2204]: "tun1" #6:
> STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
> Jun 11 09:14:20 testbox user.warn pluto[2204]: "tun1" #5: up-client
> output: //lib/ipsec/_updown.klips: changesource `ip route change
> 192.168.25.0/24 dev ipsec0 src 192.168.18.254' failed (RTNETLINK
> answers: No such file or directory)
> Jun 11 09:14:20 testbox user.warn pluto[2204]: "tun1" #5: transition
> from state STATE_QUICK_R1 to state STATE_QUICK_R2
> Jun 11 09:14:20 testbox user.warn pluto[2204]: "tun1" #5:
> STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0x71f2403b
> <0x84d7d90b xfrm=3DES_0-HMAC_MD5 NATOA=none NATD=none DPD=none}
> Jun 11 09:14:20 testbox user.warn pluto[2204]: "tun1" #6: transition
> from state STATE_QUICK_R1 to state STATE_QUICK_R2
> Jun 11 09:14:20 testbox user.warn pluto[2204]: "tun1" #6:
> STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0x71f2403c
> <0x84d7d90c xfrm=3DES_0-HMAC_MD5 NATOA=none NATD=none DPD=none}
> Jun 11 09:14:21 testbox user.warn pluto[2204]: "tun1" #3: ignoring
> unknown Vendor ID payload [4f45685e5c537d65727a5053]
> Jun 11 09:14:21 testbox user.warn pluto[2204]: "tun1" #3: received
> Vendor ID payload [Dead Peer Detection]
> Jun 11 09:14:21 testbox user.warn pluto[2204]: "tun1" #3: received
> Vendor ID payload [RFC 3947] method set to=109
> Jun 11 09:14:21 testbox user.warn pluto[2204]: "tun1" #3: enabling
> possible NAT-traversal with method 4
> Jun 11 09:14:21 testbox user.warn pluto[2204]: "tun1" #3: transition
> from state STATE_MAIN_I1 to state STATE_MAIN_I2
> Jun 11 09:14:21 testbox user.warn pluto[2204]: "tun1" #3:
> STATE_MAIN_I2: sent MI2, expecting MR2
> Jun 11 09:14:22 testbox user.warn pluto[2204]: "tun1" #3:
> NAT-Traversal: Result using RFC 3947 (NAT-Traversal): no NAT detected
> Jun 11 09:14:22 testbox user.warn pluto[2204]: "tun1" #3: transition
> from state STATE_MAIN_I2 to state STATE_MAIN_I3
> Jun 11 09:14:22 testbox user.warn pluto[2204]: "tun1" #3:
> STATE_MAIN_I3: sent MI3, expecting MR3
> Jun 11 09:14:23 testbox user.warn pluto[2204]: "tun1" #3: Main mode
> peer ID is ID_IPV4_ADDR: '118.93.180.109'
> Jun 11 09:14:23 testbox user.warn pluto[2204]: "tun1" #3: transition
> from state STATE_MAIN_I3 to state STATE_MAIN_I4
> Jun 11 09:14:23 testbox user.warn pluto[2204]: "tun1" #3:
> STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY
> cipher=aes_128 prf=oakley_sha group=modp2048}
> Jun 11 09:14:23 testbox user.warn pluto[2204]: "tun1" #7: initiating
> Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP {using isakmp#3 msgid:68db6fa1
> proposal=3DES(3)_192-MD5(1)_128 pfsgroup=OAKLEY_GROUP_MODP1024}
> Jun 11 09:14:23 testbox user.warn pluto[2204]: "tun1" #7: transition
> from state STATE_QUICK_I1 to state STATE_QUICK_I2
> Jun 11 09:14:23 testbox user.warn pluto[2204]: "tun1" #7:
> STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode
> {ESP=>0x71f2403d <0x84d7d90d xfrm=3DES_0-HMAC_MD5 NATOA=none NATD=none
> DPD=none}
> Jun 11 09:14:15 testbox user.warn pluto[2204]: time moved backwards 8
> seconds
>
>
> testbox
> Fri Jun 11 09:16:10 UTC 2010
> + _________________________ version
> +
> + ipsec --version
> Linux Openswan 2.6.26 (klips)
> See `ipsec --copyright' for copyright information.
> + _________________________ /proc/version
> +
> + cat /proc/version
> Linux version 2.6.32.9-g9b5a066-dirty (test at test) (gcc version 4.4.4
> (Buildroot 2010.05) ) #3 Thu Jun 10 17:03:30 UTC 2010
> + _________________________ /proc/net/ipsec_eroute
> +
> + test -r /proc/net/ipsec_eroute
> + sort -sg -k 3 /proc/net/ipsec_eroute
> 0 192.168.18.0/24 -> 192.168.25.0/24 =>
> tun0x1005 at 118.93.180.109 + _________________________ netstat-rn
> +
> + head -n 100
> + netstat -nr
> Kernel IP routing table
> Destination Gateway Genmask Flags MSS Window irtt
> Iface 89.200.128.42 0.0.0.0 255.255.255.255 UH 0 0
> 0 ppp0 89.200.128.42 0.0.0.0 255.255.255.255 UH 0 0
> 0 ipsec0 192.168.36.0 0.0.0.0 255.255.255.0 U 0
> 0 0 eth1 192.168.18.0 0.0.0.0 255.255.255.0 U
> 0 0 0 eth0 192.168.18.0 0.0.0.0 255.255.255.0 U
> 0 0 0 ipsec0 192.168.25.0 89.200.128.42 255.255.255.0
> UG 0 0 0 ipsec0 127.0.0.0 0.0.0.0 255.0.0.0
> U 0 0 0 lo 0.0.0.0 89.200.128.42 0.0.0.0
> UG 0 0 0 ppp0 + _________________________
> /proc/net/ipsec_spi
> +
> + test -r /proc/net/ipsec_spi
> + cat /proc/net/ipsec_spi
> esp0x71f2403d at 118.93.180.109 ESP_3DES_HMAC_MD5: dir=out
> src=94.9.157.10 iv_bits=64bits iv=0x9b32fd94b9f6b1ac ooowin=64
> alen=128 aklen=128 eklen=192
> life(c,s,h)=addtime(18446744073705256780,0,0) natencap=none natsport=0
> natdport=0 refcount=3 ref=10 refhim=0
> esp0x71f2403c at 118.93.180.109 ESP_3DES_HMAC_MD5: dir=out
> src=94.9.157.10 iv_bits=64bits iv=0x722e0e62f025769e ooowin=64
> alen=128 aklen=128 eklen=192
> life(c,s,h)=addtime(18446744073705256783,0,0) natencap=none natsport=0
> natdport=0 refcount=3 ref=6 refhim=0
> esp0x71f2403b at 118.93.180.109 ESP_3DES_HMAC_MD5: dir=out
> src=94.9.157.10 iv_bits=64bits iv=0x11cf4e3eee71cd74 ooowin=64
> alen=128 aklen=128 eklen=192
> life(c,s,h)=addtime(18446744073705256783,0,0) natencap=none natsport=0
> natdport=0 refcount=3 ref=2 refhim=0
> tun0x1005 at 118.93.180.109 IPIP: dir=out src=94.9.157.10
> life(c,s,h)=addtime(18446744073705256780,0,0) natencap=none natsport=0
> natdport=0 refcount=3 ref=9 refhim=0
> tun0x1003 at 118.93.180.109 IPIP: dir=out src=94.9.157.10
> life(c,s,h)=addtime(18446744073705256783,0,0) natencap=none natsport=0
> natdport=0 refcount=3 ref=5 refhim=0
> tun0x1001 at 118.93.180.109 IPIP: dir=out src=94.9.157.10
> life(c,s,h)=addtime(18446744073705256783,0,0) natencap=none natsport=0
> natdport=0 refcount=3 ref=1 refhim=0
> esp0x84d7d90d at 94.9.157.10 ESP_3DES_HMAC_MD5: dir=in
> src=118.93.180.109 iv_bits=64bits iv=0xd80c954a83fae6a2 ooowin=64
> seq=84 bit=0xffffffffffffffff alen=128 aklen=128 eklen=192
> life(c,s,h)=bytes(7056,0,0)addtime(18446744073705256780,0,0)usetime(1844674
> 4073705256779,0,0)packets(84,0,0) idle=19 natencap=none natsport=0
> natdport=0 refcount=3 ref=12 refhim=9 esp0x84d7d90c at 94.9.157.10
> ESP_3DES_HMAC_MD5: dir=in
> src=118.93.180.109 iv_bits=64bits iv=0x693297db55b20b22 ooowin=64
> seq=4 bit=0xf alen=128 aklen=128 eklen=192
> life(c,s,h)=bytes(336,0,0)addtime(18446744073705256783,0,0)usetime(18446744
> 073705256783,0,0)packets(4,0,0) idle=-4294836 natencap=none natsport=0
> natdport=0 refcount=3 ref=8 refhim=5
> esp0x84d7d90b at 94.9.157.10 ESP_3DES_HMAC_MD5: dir=in
> src=118.93.180.109 iv_bits=64bits iv=0xa56001251e6afdd2 ooowin=64
> alen=128 aklen=128 eklen=192
> life(c,s,h)=addtime(18446744073705256783,0,0) natencap=none natsport=0
> natdport=0 refcount=3 ref=4 refhim=1
> tun0x1006 at 94.9.157.10 IPIP: dir=in src=118.93.180.109
> policy=192.168.25.0/24->192.168.18.0/24 flags=0x8<>
> life(c,s,h)=bytes(7056,0,0)addtime(18446744073705256780,0,0)usetime(1844674
> 4073705256779,0,0)packets(84,0,0) idle=19 natencap=none natsport=0
> natdport=0 refcount=3 ref=11 refhim=9 tun0x1004 at 94.9.157.10 IPIP: dir=in
> src=118.93.180.109
> policy=192.168.25.0/24->192.168.18.0/24 flags=0x8<>
> life(c,s,h)=bytes(336,0,0)addtime(18446744073705256783,0,0)usetime(18446744
> 073705256783,0,0)packets(4,0,0) idle=-4294836 natencap=none natsport=0
> natdport=0 refcount=3 ref=7 refhim=5
> tun0x1002 at 94.9.157.10 IPIP: dir=in src=118.93.180.109
> policy=192.168.25.0/24->192.168.18.0/24 flags=0x8<>
> life(c,s,h)=addtime(18446744073705256783,0,0) natencap=none natsport=0
> natdport=0 refcount=3 ref=3 refhim=1
> + _________________________ /proc/net/ipsec_spigrp
> +
> + test -r /proc/net/ipsec_spigrp
> + cat /proc/net/ipsec_spigrp
> esp0x71f2403d at 118.93.180.109
> esp0x71f2403c at 118.93.180.109
> esp0x71f2403b at 118.93.180.109
> tun0x1005 at 118.93.180.109 esp0x71f2403d at 118.93.180.109
> tun0x1003 at 118.93.180.109 esp0x71f2403c at 118.93.180.109
> tun0x1001 at 118.93.180.109 esp0x71f2403b at 118.93.180.109
> esp0x84d7d90d at 94.9.157.10 tun0x1006 at 94.9.157.10
> esp0x84d7d90c at 94.9.157.10 tun0x1004 at 94.9.157.10
> esp0x84d7d90b at 94.9.157.10 tun0x1002 at 94.9.157.10
> tun0x1006 at 94.9.157.10
> tun0x1004 at 94.9.157.10
> tun0x1002 at 94.9.157.10
> + _________________________ /proc/net/ipsec_tncfg
> +
> + test -r /proc/net/ipsec_tncfg
> + cat /proc/net/ipsec_tncfg
> ipsec0 -> ppp0 mtu=16260(1500) -> 1500
> ipsec1 -> NULL mtu=0(0) -> 0
> + _________________________ /proc/net/pfkey
> +
> + test -r /proc/net/pfkey
> + _________________________ /proc/crypto
> +
> + test -r /proc/crypto
> + cat /proc/crypto
> name : cbc(aes)
> driver : cbc-aes-geode
> module : geode_aes
> priority : 400
> refcnt : 1
> selftest : passed
> type : blkcipher
> blocksize : 16
> min keysize : 16
> max keysize : 32
> ivsize : 16
> geniv : <default>
>
> name : ecb(aes)
> driver : ecb(geode-aes)
> module : ecb
> priority : 300
> refcnt : 1
> selftest : passed
> type : blkcipher
> blocksize : 16
> min keysize : 16
> max keysize : 32
> ivsize : 0
> geniv : <default>
>
> name : ecb(aes)
> driver : ecb-aes-geode
> module : geode_aes
> priority : 400
> refcnt : 1
> selftest : passed
> type : blkcipher
> blocksize : 16
> min keysize : 16
> max keysize : 32
> ivsize : 0
> geniv : <default>
>
> name : aes
> driver : aes-asm
> module : aes_i586
> priority : 200
> refcnt : 1
> selftest : passed
> type : cipher
> blocksize : 16
> min keysize : 16
> max keysize : 32
>
> name : aes
> driver : aes-generic
> module : aes_generic
> priority : 100
> refcnt : 1
> selftest : passed
> type : cipher
> blocksize : 16
> min keysize : 16
> max keysize : 32
>
> name : aes
> driver : geode-aes
> module : geode_aes
> priority : 300
> refcnt : 1
> selftest : passed
> type : cipher
> blocksize : 16
> min keysize : 16
> max keysize : 32
>
> name : sha1
> driver : sha1-generic
> module : sha1_generic
> priority : 0
> refcnt : 1
> selftest : passed
> type : shash
> blocksize : 64
> digestsize : 20
>
> name : ecb(arc4)
> driver : ecb(arc4-generic)
> module : ecb
> priority : 0
> refcnt : 1
> selftest : passed
> type : blkcipher
> blocksize : 1
> min keysize : 1
> max keysize : 256
> ivsize : 0
> geniv : <default>
>
> name : arc4
> driver : arc4-generic
> module : arc4
> priority : 0
> refcnt : 1
> selftest : passed
> type : cipher
> blocksize : 1
> min keysize : 1
> max keysize : 256
>
> name : stdrng
> driver : krng
> module : kernel
> priority : 200
> refcnt : 1
> selftest : passed
> type : rng
> seedsize : 0
>
> + __________________________/proc/sys/net/core/xfrm-star
> //libexec/ipsec/barf: line 1:
> __________________________/proc/sys/net/core/xfrm-star: not found
> + echo -n /proc/sys/net/core/xfrm_acq_expires:
> /proc/sys/net/core/xfrm_acq_expires: + cat
> /proc/sys/net/core/xfrm_acq_expires 30
> + echo -n /proc/sys/net/core/xfrm_aevent_etime:
> /proc/sys/net/core/xfrm_aevent_etime: + cat
> /proc/sys/net/core/xfrm_aevent_etime 10
> + echo -n /proc/sys/net/core/xfrm_aevent_rseqth:
> /proc/sys/net/core/xfrm_aevent_rseqth: + cat
> /proc/sys/net/core/xfrm_aevent_rseqth
> 2
> + echo -n /proc/sys/net/core/xfrm_larval_drop:
> /proc/sys/net/core/xfrm_larval_drop: + cat
> /proc/sys/net/core/xfrm_larval_drop 1
> + _________________________ /proc/sys/net/ipsec-star
> +
> + test -d /proc/sys/net/ipsec
> + cd /proc/sys/net/ipsec
> + egrep ^ debug_ah debug_eroute debug_esp debug_ipcomp debug_mast
> debug_netlink debug_pfkey debug_radij debug_rcv debug_spi debug_tunnel
> debug_verbose debug_xform debug_xmit icmp inbound_policy_check
> pfkey_lossage tos
> debug_ah:0
> debug_eroute:0
> debug_esp:0
> debug_ipcomp:0
> debug_mast:0
> debug_netlink:0
> debug_pfkey:0
> debug_radij:0
> debug_rcv:0
> debug_spi:0
> debug_tunnel:0
> debug_verbose:0
> debug_xform:0
> debug_xmit:0
> icmp:1
> inbound_policy_check:1
> pfkey_lossage:0
> tos:1
> + _________________________ ipsec/status
> +
> + ipsec auto --status
> 000 using kernel interface: klips
> 000 interface ipsec0/ppp0 94.9.157.10
> 000 interface ipsec0/ppp0 94.9.157.10
> 000 %myid = (none)
> 000 debug none
> 000
> 000 virtual_private (%priv):
> 000 - allowed 0 subnets:
> 000 - disallowed 0 subnets:
> 000 WARNING: Either virtual_private= was not specified, or there was a
> syntax 000 error in that line. 'left/rightsubnet=%priv' will not
> work! 000
> 000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=64,
> keysizemin=192, keysizemax=192
> 000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=128,
> keysizemin=128, keysizemax=256
> 000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5,
> keysizemin=128, keysizemax=128
> 000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1,
> keysizemin=160, keysizemax=160
> 000
> 000 algorithm IKE encrypt: id=3, name=OAKLEY_BLOWFISH_CBC,
> blocksize=8, keydeflen=128
> 000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8,
> keydeflen=192
> 000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16,
> keydeflen=128
> 000 algorithm IKE encrypt: id=65004, name=OAKLEY_SERPENT_CBC,
> blocksize=16, keydeflen=128
> 000 algorithm IKE encrypt: id=65005, name=OAKLEY_TWOFISH_CBC,
> blocksize=16, keydeflen=128
> 000 algorithm IKE encrypt: id=65289, name=OAKLEY_TWOFISH_CBC_SSH,
> blocksize=16, keydeflen=128
> 000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
> 000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20
> 000 algorithm IKE hash: id=4, name=OAKLEY_SHA2_256, hashsize=32
> 000 algorithm IKE hash: id=6, name=OAKLEY_SHA2_512, hashsize=64
> 000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
> 000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
> 000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
> 000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
> 000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
> 000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
> 000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
> 000
> 000 stats db_ops: {curr_cnt, total_cnt, maxsz} :context={0,4,36}
> trans={0,4,72} attrs={0,4,96}
> 000
> 000 "tun1":
> 192.168.18.0/24===94.9.157.10---89.200.128.42...118.93.180.109===192.168.2
> 5.0/24; erouted; eroute owner: #7
> 000 "tun1": myip=192.168.18.254; hisip=unset;
> myup=/lib/ipsec/_updown; hisup=/lib/ipsec/_updown;
> 000 "tun1": ike_life: 14400s; ipsec_life: 10800s; rekey_margin:
> 540s; rekey_fuzz: 100%; keyingtries: 5
> 000 "tun1": policy: PSK+ENCRYPT+TUNNEL+PFS+UP; prio: 24,24; interface:
> ppp0; 000 "tun1": newest ISAKMP SA: #3; newest IPsec SA: #7;
> 000 "tun1": IKE algorithm newest: AES_CBC_128-SHA1-MODP2048
> 000 "tun1": ESP algorithms wanted: 3DES(3)_000-MD5(1)_000;
> pfsgroup=MODP1024(2); flags=-strict
> 000 "tun1": ESP algorithms loaded: 3DES(3)_192-MD5(1)_128
> 000 "tun1": ESP algorithm newest: 3DES_000-HMAC_MD5; pfsgroup=MODP1024
> 000
> 000 #6: "tun1":500 STATE_QUICK_R2 (IPsec SA established);
> EVENT_SA_REPLACE in 10412s; isakmp#4; idle; import:not set
> 000 #6: "tun1" esp.71f2403c at 118.93.180.109 esp.84d7d90c at 94.9.157.10
> tun.1003 at 118.93.180.109 tun.1004 at 94.9.157.10 ref=7 refhim=5
> 000 #5: "tun1":500 STATE_QUICK_R2 (IPsec SA established);
> EVENT_SA_REPLACE in 10412s; isakmp#4; idle; import:not set
> 000 #5: "tun1" esp.71f2403b at 118.93.180.109 esp.84d7d90b at 94.9.157.10
> tun.1001 at 118.93.180.109 tun.1002 at 94.9.157.10 ref=3 refhim=1
> 000 #4: "tun1":500 STATE_MAIN_R3 (sent MR3, ISAKMP SA established);
> EVENT_SA_REPLACE in 14011s; lastdpd=-1s(seq in:0 out:0); idle;
> import:not set
> 000 #7: "tun1":500 STATE_QUICK_I2 (sent QI2, IPsec SA established);
> EVENT_SA_REPLACE in 9728s; newest IPSEC; eroute owner; isakmp#3; idle;
> import:admin initiate
> 000 #7: "tun1" esp.71f2403d at 118.93.180.109 esp.84d7d90d at 94.9.157.10
> tun.1005 at 118.93.180.109 tun.1006 at 94.9.157.10 ref=11 refhim=9
> 000 #3: "tun1":500 STATE_MAIN_I4 (ISAKMP SA established);
> EVENT_SA_REPLACE in 13505s; newest ISAKMP; lastdpd=-1s(seq in:0
> out:0); idle; import:admin initiate
> 000
> + _________________________ ifconfig-a
> +
> + ifconfig -a
> eth0 Link encap:Ethernet HWaddr 00:0A:FA:22:00:40
> inet addr:192.168.18.254 Bcast:192.168.18.255
> Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:1801 errors:0 dropped:0 overruns:0 frame:0
> TX packets:1184 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:237632 (232.0 KiB) TX bytes:512692 (500.6 KiB)
> Interrupt:10 Base address:0x8000
>
> eth1 Link encap:Ethernet HWaddr 00:0A:FA:22:00:41
> inet addr:192.168.36.254 Bcast:192.168.36.255
> Mask:255.255.255.0 UP BROADCAST MULTICAST MTU:1500 Metric:1
> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
> Interrupt:11 Base address:0xc100
>
> ipsec0 Link encap:Point-to-Point Protocol
> inet addr:94.9.157.10 Mask:255.255.255.255
> UP RUNNING NOARP MTU:16260 Metric:1
> RX packets:88 errors:0 dropped:0 overruns:0 frame:0
> TX packets:0 errors:0 dropped:174 overruns:0 carrier:0
> collisions:0 txqueuelen:10
> RX bytes:5632 (5.5 KiB) TX bytes:0 (0.0 B)
>
> ipsec1 Link encap:UNSPEC HWaddr
> 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
> NOARP MTU:0 Metric:1
> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:10
> RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
>
> lo Link encap:Local Loopback
> inet addr:127.0.0.1 Mask:255.0.0.0
> inet6 addr: ::1/128 Scope:Host
> UP LOOPBACK RUNNING MTU:16436 Metric:1
> RX packets:186 errors:0 dropped:0 overruns:0 frame:0
> TX packets:186 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:41317 (40.3 KiB) TX bytes:41317 (40.3 KiB)
>
> mast0 Link encap:UNSPEC HWaddr
> 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
> NOARP MTU:0 Metric:1
> RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:10
> RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
>
> ppp0 Link encap:Point-to-Point Protocol
> inet addr:94.9.157.10 P-t-P:89.200.128.42 Mask:255.255.255.255
> UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
> RX packets:1288 errors:0 dropped:0 overruns:0 frame:0
> TX packets:1349 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:100
> RX bytes:488772 (477.3 KiB) TX bytes:206346 (201.5 KiB)
>
> + _________________________ ip-addr-list
> +
> + ip addr list
> 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> inet 127.0.0.1/8 scope host lo
> inet6 ::1/128 scope host
> valid_lft forever preferred_lft forever
> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
> state UP qlen 1000
> link/ether 00:0a:fa:22:00:40 brd ff:ff:ff:ff:ff:ff
> inet 192.168.18.254/24 brd 192.168.18.255 scope global eth0
> 3: eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast
> state DOWN qlen 1000
> link/ether 00:0a:fa:22:00:41 brd ff:ff:ff:ff:ff:ff
> inet 192.168.36.254/24 brd 192.168.36.255 scope global eth1
> 4: ipsec0: <NOARP,UP,LOWER_UP> mtu 16260 qdisc pfifo_fast state UNKNOWN
> qlen 10 link/ppp
> inet 94.9.157.10 peer 89.200.128.42/32 scope global ipsec0
> inet 192.168.18.254/24 scope global ipsec0
> 5: ipsec1: <NOARP> mtu 0 qdisc noop state DOWN qlen 10
> link/void
> 6: mast0: <NOARP> mtu 0 qdisc noop state DOWN qlen 10
> link/[65534]
> 8: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc htb
> state UNKNOWN qlen 100
> link/ppp
> inet 94.9.157.10 peer 89.200.128.42/32 scope global ppp0
> + _________________________ ip-route-list
> +
> + ip route list
> 89.200.128.42 dev ppp0 proto kernel scope link src 94.9.157.10
> 89.200.128.42 dev ipsec0 proto kernel scope link src 94.9.157.10
> 192.168.36.0/24 dev eth1 scope link src 192.168.36.254
> 192.168.18.0/24 dev eth0 scope link src 192.168.18.254
> 192.168.18.0/24 dev ipsec0 proto kernel scope link src 192.168.18.254
> 192.168.25.0/24 via 89.200.128.42 dev ipsec0 src 192.168.18.254
> 127.0.0.0/8 dev lo scope link
> default via 89.200.128.42 dev ppp0 src 94.9.157.10
> + _________________________ ip-rule-list
> +
> + ip rule list
> 0: from all lookup local
> 32766: from all lookup main
> 32767: from all lookup default
> + _________________________ ipsec_verify
> +
> + ipsec verify --nocolour
> //sbin/ipsec: exec: line 142: //libexec/ipsec/verify: not found
> + _________________________ mii-tool
> +
> + [ -x /sbin/mii-tool ]
> + [ -x /usr/sbin/mii-tool ]
> + mii-tool -v
> //libexec/ipsec/barf: line 1: mii-tool: not found
> + _________________________ ipsec/directory
> +
> + ipsec --directory
> //lib/ipsec
> + _________________________ hostname/fqdn
> +
> + hostname --fqdn
> hostname: testbox: Unknown host
> + _________________________ hostname/ipaddress
> +
> + hostname --ip-address
> hostname: unrecognized option `--ip-address'
> BusyBox v1.16.1 (2010-06-09 14:37:31 UTC) multi-call binary.
>
> Usage: hostname [OPTIONS] [HOSTNAME | -F FILE]
>
> Get or set hostname or DNS domain name
>
> Options:
> -s Short
> -i Addresses for the hostname
> -d DNS domain name
> -f Fully qualified domain name
> -F FILE Use FILE's content as hostname
>
> + _________________________ uptime
> +
> + uptime
> 09:16:20 up 5 min, load average: 0.05, 0.10, 0.04
> + _________________________ ps
> +
> + egrep -i ppid|pluto|ipsec|klips
> + ps alxwf
> ps: invalid option -- a
> BusyBox v1.16.1 (2010-06-09 14:37:31 UTC) multi-call binary.
>
> corrected ps output:
> 2204 root 1832 S /libexec/ipsec/pluto
> --secretsfile=/etc/ipsec.secrets --ipsecdir /etc/ipsec.d --use-klips
> --uniqueid --no
> 2207 root 440 S _pluto_adns
>
>
> + _________________________ ipsec/showdefaults
> +
> + ipsec showdefaults
> ipsec showdefaults: cannot find defaults file `/var/run/pluto/ipsec.info'
> + _________________________ ipsec/conf
> +
> + ipsec _keycensor
> + ipsec _include /etc/ipsec.conf
> + _________________________ ipsec/secrets
> +
> + ipsec _secretcensor
> + ipsec _include /etc/ipsec.secrets
>
> #< /etc/ipsec.secrets 1
> 94.9.157.10 118.93.180.109 : PSK "[sums to d5d5...]"
> + _________________________ ipsec/listall
> +
> + ipsec auto --listall
> 000
> 000 List of Public Keys:
> 000
> 000 List of Pre-shared secrets (from /etc/ipsec.secrets)
> 000 1: PSK 118.93.180.109 94.9.157.10
> + [ /etc/ipsec.d/policies ]
> + basename /etc/ipsec.d/policies/block
> + base=block
> + _________________________ ipsec/policies/block
> +
> + cat /etc/ipsec.d/policies/block
> # This file defines the set of CIDRs (network/mask-length) to which
> # communication should never be allowed.
> #
> # See //share/doc/openswan/policygroups.html for details.
> #
> # $Id: block.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
> #
>
> + basename /etc/ipsec.d/policies/clear
> + base=clear
> + _________________________ ipsec/policies/clear
> +
> + cat /etc/ipsec.d/policies/clear
> # This file defines the set of CIDRs (network/mask-length) to which
> # communication should always be in the clear.
> #
> # See //share/doc/openswan/policygroups.html for details.
> #
>
> # root name servers should be in the clear
> 192.58.128.30/32
> 198.41.0.4/32
> 192.228.79.201/32
> 192.33.4.12/32
> 128.8.10.90/32
> 192.203.230.10/32
> 192.5.5.241/32
> 192.112.36.4/32
> 128.63.2.53/32
> 192.36.148.17/32
> 193.0.14.129/32
> 199.7.83.42/32
> 202.12.27.33/32
> + basename /etc/ipsec.d/policies/clear-or-private
> + base=clear-or-private
> + _________________________ ipsec/policies/clear-or-private
> +
> + cat /etc/ipsec.d/policies/clear-or-private
> # This file defines the set of CIDRs (network/mask-length) to which
> # we will communicate in the clear, or, if the other side initiates IPSEC,
> # using encryption. This behaviour is also called "Opportunistic
> Responder". #
> # See //share/doc/openswan/policygroups.html for details.
> #
> # $Id: clear-or-private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
> #
> + basename /etc/ipsec.d/policies/private
> + base=private
> + _________________________ ipsec/policies/private
> +
> + cat /etc/ipsec.d/policies/private
> # This file defines the set of CIDRs (network/mask-length) to which
> # communication should always be private (i.e. encrypted).
> # See //share/doc/openswan/policygroups.html for details.
> #
> # $Id: private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
> #
> + basename /etc/ipsec.d/policies/private-or-clear
> + base=private-or-clear
> + _________________________ ipsec/policies/private-or-clear
> +
> + cat /etc/ipsec.d/policies/private-or-clear
> # This file defines the set of CIDRs (network/mask-length) to which
> # communication should be private, if possible, but in the clear otherwise.
> #
> # If the target has a TXT (later IPSECKEY) record that specifies
> # authentication material, we will require private (i.e. encrypted)
> # communications. If no such record is found, communications will be
> # in the clear.
> #
> # See //share/doc/openswan/policygroups.html for details.
> #
> # $Id: private-or-clear.in,v 1.5 2003/02/17 02:22:15 mcr Exp $
> #
>
> 0.0.0.0/0
> + _________________________ ipsec/ls-libdir
> +
> + ls -l //lib/ipsec
> -rwxr-xr-x 1 root root 4428 Jun 10 05:35 _copyright
> -rwxr-xr-x 1 root root 2379 Jun 10 02:21 _include
> -rwxr-xr-x 1 root root 1475 Jun 10 02:21 _keycensor
> -rwxr-xr-x 1 root root 2632 Jun 10 02:21 _plutoload
> -rwxr-xr-x 1 root root 8203 Jun 10 02:21 _plutorun
> -rwxr-xr-x 1 root root 12952 Jun 10 02:21 _realsetup
> -rwxr-xr-x 1 root root 1975 Jun 10 02:21 _secretcensor
> -rwxr-xr-x 1 root root 9277 Jun 10 02:21 _startklips
> -rwxr-xr-x 1 root root 6042 Jun 10 02:22 _startnetkey
> -rwxr-xr-x 1 root root 4859 Jun 10 02:21 _updown
> -rwxr-xr-x 1 root root 16182 Jun 10 02:21 _updown.klips
> -rwxr-xr-x 1 root root 13909 Jun 10 02:22 _updown.mast
> -rwxr-xr-x 1 root root 10951 Jun 10 02:22 _updown.netkey
> + _________________________ ipsec/ls-execdir
> +
> + ls -l //libexec/ipsec
> -rwxr-xr-x 1 root root 8140 Jun 10 05:35 _pluto_adns
> -rwxr-xr-x 1 root root 8140 Jun 10 05:35 _pluto_adns.old
> -rwxr-xr-x 1 root root 167076 Jun 10 05:35 addconn
> -rwxr-xr-x 1 root root 167076 Jun 10 05:35 addconn.old
> -rwxr-xr-x 1 root root 6015 Jun 10 02:21 auto
> -rwxr-xr-x 1 root root 10828 Jun 10 02:21 barf
> -rwxr-xr-x 1 root root 81756 Jun 10 05:35 eroute
> -rwxr-xr-x 1 root root 17956 Jun 10 05:35 ikeping
> -rwxr-xr-x 1 root root 65212 Jun 10 05:35 klipsdebug
> -rwxr-xr-x 1 root root 2591 Jun 10 02:21 look
> -rwxr-xr-x 1 root root 2182 Jun 10 02:21 newhostkey
> -rwxr-xr-x 1 root root 56380 Jun 10 05:35 pf_key
> -rwxr-xr-x 1 root root 924784 Jun 10 05:35 pluto
> -rwxr-xr-x 1 root root 924784 Jun 10 05:35 pluto.old
> -rwxr-xr-x 1 root root 6600 Jun 10 05:35 ranbits
> -rwxr-xr-x 1 root root 18552 Jun 10 05:35 rsasigkey
> -rwxr-xr-x 1 root root 766 Jun 10 02:21 secrets
> lrwxrwxrwx 1 root root 17 Jun 10 02:21 setup ->
> /etc/init.d/ipsec
> -rwxr-xr-x 1 root root 1054 Jun 10 02:21 showdefaults
> -rwxr-xr-x 1 root root 234700 Jun 10 05:35 showhostkey
> -rwxr-xr-x 1 root root 18512 Jun 10 05:35 showpolicy
> -rwxr-xr-x 1 root root 18512 Jun 10 05:35 showpolicy.old
> -rwxr-xr-x 1 root root 130972 Jun 10 05:35 spi
> -rwxr-xr-x 1 root root 72940 Jun 10 05:35 spigrp
> -rwxr-xr-x 1 root root 64476 Jun 10 05:35 tncfg
> -rwxr-xr-x 1 root root 13460 Jun 10 02:21 verify
> -rwxr-xr-x 1 root root 48080 Jun 10 05:35 whack
> -rwxr-xr-x 1 root root 48080 Jun 10 05:35 whack.old
> + _________________________ /proc/net/dev
> +
> + cat /proc/net/dev
> Inter-| Receive |
> Transmit face |bytes packets errs drop fifo frame compressed
> multicast|bytes packets errs drop fifo colls carrier compressed
> lo: 41455 188 0 0 0 0 0 0
> 41455 188 0 0 0 0 0 0
> eth0: 238581 1812 0 0 0 0 0 0
> 519266 1193 0 0 0 0 0 0
> eth1: 0 0 0 0 0 0 0 0
> 0 0 0 0 0 0 0 0
> ipsec0: 5632 88 0 0 0 0 0 0
> 0 0 0 174 0 0 0 0
> ipsec1: 0 0 0 0 0 0 0 0
> 0 0 0 0 0 0 0 0
> mast0: 0 0 0 0 0 0 0 0
> 0 0 0 0 0 0 0 0
> ppp0: 488978 1290 0 0 0 0 0 0
> 206477 1351 0 0 0 0 0 0
> + _________________________ /proc/net/route
> +
> + cat /proc/net/route
> Iface Destination Gateway
> Flags RefCnt Use Metric Mask MTU Window IRTT
> ppp0 2A80C859 00000000 0005 0 0 0 FFFFFFFF 0 0
0
> ipsec0 2A80C859 00000000 0005 0 0 0 FFFFFFFF 0 0
0
> eth1 0024A8C0 00000000 0001 0 0 0 00FFFFFF 0 0
0
> eth0 0012A8C0 00000000 0001 0 0 0 00FFFFFF 0 0
0
> ipsec0 0012A8C0 00000000 0001 0 0 0 00FFFFFF 0 0
0
> ipsec0 0019A8C0 2A80C859 0003 0 0 0 00FFFFFF 0 0
0
> lo 0000007F 00000000 0001 0 0 0 000000FF 0 0 0
> ppp0 00000000 2A80C859 0003 0 0 0 00000000 0 0
0
> + _________________________ /proc/sys/net/ipv4/ip_no_pmtu_disc
> +
> + cat /proc/sys/net/ipv4/ip_no_pmtu_disc
> 0
> + _________________________ /proc/sys/net/ipv4/ip_forward
> +
> + cat /proc/sys/net/ipv4/ip_forward
> 1
> + _________________________ /proc/sys/net/ipv4/tcp_ecn
> +
> + cat /proc/sys/net/ipv4/tcp_ecn
> 0
> + _________________________ /proc/sys/net/ipv4/conf/star-rp_filter
> +
> + cd /proc/sys/net/ipv4/conf
> + egrep ^ all/rp_filter default/rp_filter eth0/rp_filter
> eth1/rp_filter ipsec0/rp_filter ipsec1/rp_filter lo/rp_filter
> mast0/rp_filter ppp0/rp_filter
> all/rp_filter:1
> default/rp_filter:0
> eth0/rp_filter:0
> eth1/rp_filter:0
> ipsec0/rp_filter:0
> ipsec1/rp_filter:0
> lo/rp_filter:0
> mast0/rp_filter:0
> ppp0/rp_filter:0
> + _________________________ /proc/sys/net/ipv4/conf/star-star-redirects
> +
> + cd /proc/sys/net/ipv4/conf
> + egrep ^ all/accept_redirects all/secure_redirects all/send_redirects
> default/accept_redirects default/secure_redirects
> default/send_redirects eth0/accept_redirects eth0/secure_redirects
> eth0/send_redirects eth1/accept_redirects eth1/secure_redirects
> eth1/send_redirects ipsec0/accept_redirects ipsec0/secure_redirects
> ipsec0/send_redirects ipsec1/accept_redirects ipsec1/secure_redirects
> ipsec1/send_redirects lo/accept_redirects lo/secure_redirects
> lo/send_redirects mast0/accept_redirects mast0/secure_redirects
> mast0/send_redirects ppp0/accept_redirects ppp0/secure_redirects
> ppp0/send_redirects
> all/accept_redirects:0
> all/secure_redirects:1
> all/send_redirects:1
> default/accept_redirects:1
> default/secure_redirects:1
> default/send_redirects:1
> eth0/accept_redirects:1
> eth0/secure_redirects:1
> eth0/send_redirects:1
> eth1/accept_redirects:1
> eth1/secure_redirects:1
> eth1/send_redirects:1
> ipsec0/accept_redirects:1
> ipsec0/secure_redirects:1
> ipsec0/send_redirects:1
> ipsec1/accept_redirects:1
> ipsec1/secure_redirects:1
> ipsec1/send_redirects:1
> lo/accept_redirects:1
> lo/secure_redirects:1
> lo/send_redirects:1
> mast0/accept_redirects:1
> mast0/secure_redirects:1
> mast0/send_redirects:1
> ppp0/accept_redirects:1
> ppp0/secure_redirects:1
> ppp0/send_redirects:1
> + _________________________ /proc/sys/net/ipv4/tcp_window_scaling
> +
> + cat /proc/sys/net/ipv4/tcp_window_scaling
> 0
> + _________________________ /proc/sys/net/ipv4/tcp_adv_win_scale
> +
> + cat /proc/sys/net/ipv4/tcp_adv_win_scale
> 2
> + _________________________ uname-a
> +
> + uname -a
> Linux testbox 2.6.32.9-g9b5a066-dirty #3 Thu Jun 10 17:03:30 UTC 2010
> i586 GNU/Linux
> + _________________________ config-built-with
> +
> + test -r /proc/config_built_with
> + _________________________ distro-release
> +
> + test -f /etc/redhat-release
> + test -f /etc/debian-release
> + test -f /etc/SuSE-release
> + test -f /etc/mandrake-release
> + test -f /etc/mandriva-release
> + test -f /etc/gentoo-release
> + _________________________ /proc/net/ipsec_version
> +
> + test -r /proc/net/ipsec_version
> + cat /proc/net/ipsec_version
> Openswan version: 2.6.26
> + _________________________ iptables
> +
> + test -r /sbin/iptables
> [output removed]
> Packets are definitely being accepted by firewall
>
> + _________________________ /proc/modules
> +
> + test -f /proc/modules
> + cat /proc/modules
> xt_TCPMSS 1524 4 - Live 0xd0a5e000
> cls_fw 2336 7 - Live 0xd076e000
> sch_sfq 3348 7 - Live 0xd0764000
> sch_htb 9468 1 - Live 0xd0758000
> ipt_REJECT 1304 2 - Live 0xd06df000
> xt_DSCP 1192 14 - Live 0xd0681000
> ipt_LOG 3512 15 - Live 0xd05ab000
> xt_state 688 11 - Live 0xd05a1000
> ipsec 299172 2 - Live 0xd0539000
> aes_i586 6524 0 - Live 0xd04d1000
> aes_generic 25432 1 aes_i586, Live 0xd04b8000
> geode_aes 3072 0 - Live 0xd04a0000
> tunnel4 1140 0 - Live 0xd046c000
> ip_set_macipmap 1728 0 - Live 0xd0462000
> ip_set_nethash 5672 13 - Live 0xd0457000
> ip_set_ipportnethash 7340 0 - Live 0xd044b000
> ip_set_ipmap 1664 0 - Live 0xd0440000
> ip_set_iphash 4400 7 - Live 0xd0435000
> ip_set_setlist 1868 0 - Live 0xd042a000
> ip_set_iptree 3320 0 - Live 0xd0420000
> ip_set_iptreemap 6128 0 - Live 0xd0415000
> ip_set_ipporthash 5416 0 - Live 0xd0409000
> ip_set_portmap 1752 1 - Live 0xd03fe000
> ipt_set 744 59 - Live 0xd03f4000
> ip_set 7792 21
> ip_set_macipmap,ip_set_nethash,ip_set_ipportnethash,ip_set_ipmap,ip_set_ip
> hash,ip_set_setlist,ip_set_iptree,ip_set_iptreemap,ip_set_ipporthash,ip_set
> _portmap,ipt_set, Live 0xd03e7000
> ipt_ULOG 3296 0 - Live 0xd03da000
> xt_tcpudp 1480 36 - Live 0xd03d0000
> xt_tcpmss 800 4 - Live 0xd03c7000
> xt_string 740 0 - Live 0xd03be000
> xt_statistic 636 0 - Live 0xd03b5000
> xt_sctp 1484 0 - Live 0xd03ac000
> xt_realm 440 0 - Live 0xd03a3000
> xt_quota 612 0 - Live 0xd039a000
> xt_policy 1544 0 - Live 0xd0391000
> xt_pkttype 504 0 - Live 0xd0388000
> xt_physdev 1048 0 - Live 0xd037f000
> xt_multiport 1428 50 - Live 0xd0376000
> xt_mark 440 2 - Live 0xd036d000
> xt_mac 500 0 - Live 0xd0364000
> xt_limit 760 17 - Live 0xd035b000
> xt_length 596 3 - Live 0xd0352000
> xt_hl 744 0 - Live 0xd0349000
> xt_helper 648 0 - Live 0xd0340000
> xt_hashlimit 4672 0 - Live 0xd0336000
> xt_esp 644 0 - Live 0xd032b000
> xt_dscp 880 0 - Live 0xd0322000
> xt_dccp 1280 0 - Live 0xd0319000
> xt_conntrack 1628 0 - Live 0xd0310000
> xt_connmark 560 0 - Live 0xd0306000
> xt_connbytes 872 0 - Live 0xd02fd000
> xt_comment 420 0 - Live 0xd02f4000
> xt_NFQUEUE 872 0 - Live 0xd02eb000
> xt_NFLOG 512 0 - Live 0xd02e2000
> nfnetlink_log 4400 1 xt_NFLOG, Live 0xd02d8000
> xt_MARK 444 23 - Live 0xd02cd000
> nf_conntrack_tftp 2140 0 - Live 0xd02c4000
> nf_conntrack_sip 9000 0 - Live 0xd02b8000
> nf_conntrack_pptp 2440 0 - Live 0xd02ab000
> nf_conntrack_proto_gre 1908 1 nf_conntrack_pptp, Live 0xd02a1000
> nf_conntrack_netlink 10288 0 - Live 0xd0295000
> nfnetlink 1256 3 nfnetlink_log,nf_conntrack_netlink, Live 0xd0288000
> nf_conntrack_netbios_ns 716 0 - Live 0xd027e000
> nf_conntrack_irc 2136 0 - Live 0xd0275000
> nf_conntrack_h323 28976 0 - Live 0xd0264000
> nf_conntrack_ftp 3628 0 - Live 0xd0251000
> iptable_nat 2092 1 - Live 0xd0246000
> nf_nat 8628 1 iptable_nat, Live 0xd023a000
> nf_conntrack_ipv4 5840 14 iptable_nat,nf_nat, Live 0xd022c000
> nf_conntrack 31312 17
> xt_state,xt_helper,xt_conntrack,xt_connmark,xt_connbytes,nf_conntrack_tftp,
> nf_conntrack_sip,nf_conntrack_pptp,nf_conntrack_proto_gre,nf_conntrack_netl
> ink,nf_conntrack_netbios_ns,nf_conntrack_irc,nf_conntrack_h323,nf_conntrack
> _ftp,iptable_nat,nf_nat,nf_conntrack_ipv4, Live 0xd0219000
> nf_defrag_ipv4 552 1 nf_conntrack_ipv4, Live 0xd0201000
> iptable_raw 576 0 - Live 0xd01f8000
> iptable_mangle 864 1 - Live 0xd01ef000
> iptable_filter 704 1 - Live 0xd01e5000
> ip_tables 6368 4
> iptable_nat,iptable_raw,iptable_mangle,iptable_filter, Live 0xd01da000
> x_tables 6340 37
> xt_TCPMSS,ipt_REJECT,xt_DSCP,ipt_LOG,xt_state,ipt_set,ipt_ULOG,xt_tcpudp,xt
> _tcpmss,xt_string,xt_statistic,xt_sctp,xt_realm,xt_quota,xt_policy,xt_pktty
> pe,xt_physdev,xt_multiport,xt_mark,xt_mac,xt_limit,xt_length,xt_hl,xt_helpe
> r,xt_hashlimit,xt_esp,xt_dscp,xt_dccp,xt_conntrack,xt_connmark,xt_connbytes
> ,xt_comment,xt_NFQUEUE,xt_NFLOG,xt_MARK,iptable_nat,ip_tables, Live
> 0xd01bd000
> solos_pci 14108 1 - Live 0xd01b0000
> firmware_class 3904 1 solos_pci, Live 0xd01a0000
> br2684 3532 0 - Live 0xd0195000
> ppp_deflate 2308 0 - Live 0xd018a000
> sha1_generic 1204 0 - Live 0xd0176000
> arc4 776 0 - Live 0xd016d000
> ecb 988 0 - Live 0xd0164000
> ppp_mppe 3744 0 - Live 0xd015b000
> pppoe 5244 0 - Live 0xd0150000
> pppox 844 1 pppoe, Live 0xd0144000
> pppoatm 1492 1 - Live 0xd013b000
> ppp_generic 13432 9 ppp_deflate,ppp_mppe,pppoe,pppox,pppoatm, Live
> 0xd012e000 slhc 3336 1 ppp_generic, Live 0xd0122000
> atm 20900 5 solos_pci,br2684,pppoatm, Live 0xd0113000
> ohci_hcd 14612 0 - Live 0xd00fb000
> ehci_hcd 22516 0 - Live 0xd00e5000
> usb_storage 26412 0 - Live 0xd00ce000
> usbcore 76108 4 ohci_hcd,ehci_hcd,usb_storage, Live 0xd00a2000
> 8139cp 10808 0 - Live 0xd0070000
> lm90 7032 0 - Live 0xd0062000
> scx200_acb 2288 0 - Live 0xd0055000
> cs5535_gpio 1456 0 - Live 0xd004b000
> geodewdt 1680 2 - Live 0xd0041000
> + _________________________ /proc/meminfo
> +
> + cat /proc/meminfo
> MemTotal: 248596 kB
> MemFree: 179688 kB
> Buffers: 7152 kB
> Cached: 25728 kB
> SwapCached: 0 kB
> Active: 18948 kB
> Inactive: 26704 kB
> Active(anon): 13064 kB
> Inactive(anon): 0 kB
> Active(file): 5884 kB
> Inactive(file): 26704 kB
> Unevictable: 0 kB
> Mlocked: 0 kB
> SwapTotal: 0 kB
> SwapFree: 0 kB
> Dirty: 24 kB
> Writeback: 0 kB
> AnonPages: 12784 kB
> Mapped: 4408 kB
> Shmem: 292 kB
> Slab: 6884 kB
> SReclaimable: 3140 kB
> SUnreclaim: 3744 kB
> KernelStack: 440 kB
> PageTables: 224 kB
> NFS_Unstable: 0 kB
> Bounce: 0 kB
> WritebackTmp: 0 kB
> CommitLimit: 124296 kB
> Committed_AS: 15252 kB
> VmallocTotal: 786452 kB
> VmallocUsed: 1992 kB
> VmallocChunk: 760612 kB
> DirectMap4k: 8060 kB
> DirectMap4M: 245760 kB
> + _________________________ /proc/net/ipsec-ls
> +
> + test -f /proc/net/ipsec_version
> + ls -l /proc/net/ipsec_eroute /proc/net/ipsec_klipsdebug
> /proc/net/ipsec_spi /proc/net/ipsec_spigrp /proc/net/ipsec_tncfg
> /proc/net/ipsec_version
> lrwxrwxrwx 1 root root 16 Jun 11 09:16
> /proc/net/ipsec_eroute -> ipsec/eroute/all
> lrwxrwxrwx 1 root root 16 Jun 11 09:16
> /proc/net/ipsec_klipsdebug -> ipsec/klipsdebug
> lrwxrwxrwx 1 root root 13 Jun 11 09:16
> /proc/net/ipsec_spi -> ipsec/spi/all
> lrwxrwxrwx 1 root root 16 Jun 11 09:16
> /proc/net/ipsec_spigrp -> ipsec/spigrp/all
> lrwxrwxrwx 1 root root 11 Jun 11 09:16
> /proc/net/ipsec_tncfg -> ipsec/tncfg
> lrwxrwxrwx 1 root root 13 Jun 11 09:16
> /proc/net/ipsec_version -> ipsec/version
> + _________________________ usr/src/linux/.config
> +
> + test -f /proc/config.gz
> + egrep
> CONFIG_IPSEC|CONFIG_KLIPS|CONFIG_NET_KEY|CONFIG_INET|CONFIG_IP|CONFIG_HW_R
> ANDOM|CONFIG_CRYPTO_DEV|_XFRM + zcat /proc/config.gz
> CONFIG_XFRM=y
> CONFIG_XFRM_USER=m
> # CONFIG_XFRM_SUB_POLICY is not set
> # CONFIG_XFRM_MIGRATE is not set
> # CONFIG_XFRM_STATISTICS is not set
> CONFIG_XFRM_IPCOMP=m
> CONFIG_NET_KEY=m
> # CONFIG_NET_KEY_MIGRATE is not set
> CONFIG_INET=y
> CONFIG_IP_MULTICAST=y
> CONFIG_IP_ADVANCED_ROUTER=y
> # CONFIG_IP_FIB_TRIE is not set
> CONFIG_IP_FIB_HASH=y
> CONFIG_IP_MULTIPLE_TABLES=y
> CONFIG_IP_ROUTE_MULTIPATH=y
> CONFIG_IP_ROUTE_VERBOSE=y
> # CONFIG_IP_PNP is not set
> CONFIG_IP_MROUTE=y
> CONFIG_IP_PIMSM_V1=y
> CONFIG_IP_PIMSM_V2=y
> CONFIG_INET_AH=m
> CONFIG_INET_ESP=m
> CONFIG_INET_IPCOMP=m
> CONFIG_INET_XFRM_TUNNEL=m
> CONFIG_INET_TUNNEL=m
> CONFIG_INET_XFRM_MODE_TRANSPORT=m
> CONFIG_INET_XFRM_MODE_TUNNEL=m
> CONFIG_INET_XFRM_MODE_BEET=m
> # CONFIG_INET_LRO is not set
> CONFIG_INET_DIAG=m
> CONFIG_INET_TCP_DIAG=m
> CONFIG_IPV6=y
> # CONFIG_IPV6_PRIVACY is not set
> # CONFIG_IPV6_ROUTER_PREF is not set
> # CONFIG_IPV6_OPTIMISTIC_DAD is not set
> # CONFIG_INET6_AH is not set
> # CONFIG_INET6_ESP is not set
> # CONFIG_INET6_IPCOMP is not set
> # CONFIG_IPV6_MIP6 is not set
> # CONFIG_INET6_XFRM_TUNNEL is not set
> # CONFIG_INET6_TUNNEL is not set
> # CONFIG_INET6_XFRM_MODE_TRANSPORT is not set
> # CONFIG_INET6_XFRM_MODE_TUNNEL is not set
> # CONFIG_INET6_XFRM_MODE_BEET is not set
> # CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION is not set
> # CONFIG_IPV6_SIT is not set
> # CONFIG_IPV6_TUNNEL is not set
> # CONFIG_IPV6_MULTIPLE_TABLES is not set
> # CONFIG_IPV6_MROUTE is not set
> # CONFIG_IP_VS is not set
> # CONFIG_IP_NF_QUEUE is not set
> CONFIG_IP_NF_IPTABLES=m
> CONFIG_IP_NF_MATCH_ADDRTYPE=m
> CONFIG_IP_NF_MATCH_AH=m
> CONFIG_IP_NF_MATCH_ECN=m
> CONFIG_IP_NF_MATCH_TTL=m
> CONFIG_IP_NF_FILTER=m
> CONFIG_IP_NF_TARGET_REJECT=m
> CONFIG_IP_NF_TARGET_LOG=m
> CONFIG_IP_NF_TARGET_ULOG=m
> CONFIG_IP_NF_TARGET_MASQUERADE=m
> CONFIG_IP_NF_TARGET_NETMAP=m
> CONFIG_IP_NF_TARGET_REDIRECT=m
> CONFIG_IP_NF_MANGLE=m
> CONFIG_IP_NF_TARGET_CLUSTERIP=m
> CONFIG_IP_NF_TARGET_ECN=m
> CONFIG_IP_NF_TARGET_TTL=m
> CONFIG_IP_NF_RAW=m
> CONFIG_IP_NF_SECURITY=m
> CONFIG_IP_NF_ARPTABLES=m
> CONFIG_IP_NF_ARPFILTER=m
> CONFIG_IP_NF_ARP_MANGLE=m
> # CONFIG_IP6_NF_QUEUE is not set
> # CONFIG_IP6_NF_IPTABLES is not set
> # CONFIG_IP_DCCP is not set
> # CONFIG_IP_SCTP is not set
> # CONFIG_IPX is not set
> CONFIG_IPMI_HANDLER=m
> CONFIG_IPMI_PANIC_EVENT=y
> # CONFIG_IPMI_PANIC_STRING is not set
> CONFIG_IPMI_DEVICE_INTERFACE=m
> CONFIG_IPMI_SI=m
> CONFIG_IPMI_WATCHDOG=m
> CONFIG_IPMI_POWEROFF=m
> CONFIG_HW_RANDOM=y
> # CONFIG_HW_RANDOM_TIMERIOMEM is not set
> CONFIG_HW_RANDOM_INTEL=m
> CONFIG_HW_RANDOM_AMD=m
> CONFIG_HW_RANDOM_GEODE=m
> CONFIG_HW_RANDOM_VIA=m
> CONFIG_SECURITY_NETWORK_XFRM=y
> CONFIG_CRYPTO_DEV_PADLOCK=m
> CONFIG_CRYPTO_DEV_PADLOCK_AES=m
> CONFIG_CRYPTO_DEV_PADLOCK_SHA=m
> CONFIG_CRYPTO_DEV_GEODE=m
> # CONFIG_CRYPTO_DEV_HIFN_795X is not set
> + _________________________ etc/syslog.conf
> +
> + _________________________ etc/syslog-ng/syslog-ng.conf
> +
> + cat /etc/syslog-ng/syslog-ng.conf
> cat: can't open '/etc/syslog-ng/syslog-ng.conf': No such file or directory
> + cat /etc/syslog.conf
> cat: can't open '/etc/syslog.conf': No such file or directory
> + _________________________ etc/resolv.conf
> +
> + cat /etc/resolv.conf
> nameserver 127.0.0.1
> nameserver 202.27.158.40
> nameserver 202.37.170.4
> + _________________________ lib/modules-ls
> +
> + ls -ltr /lib/modules
> drwxr-xr-x 4 root root 325 Jun 10 05:34
> 2.6.32.9-g9b5a066-dirty + _________________________ fipscheck
> +
> + cat /proc/sys/crypto/fips_enabled
> cat: can't open '/proc/sys/crypto/fips_enabled': No such file or directory
> + _________________________ /proc/ksyms-netif_rx
> +
> + test -r /proc/ksyms
> + test -r /proc/kallsyms
> + echo broken (redhat/fedora) 2.6 kernel without kallsyms
> broken (redhat/fedora) 2.6 kernel without kallsyms
> + _________________________ lib/modules-netif_rx
> +
> + modulegoo kernel/net/ipv4/ipip.o netif_rx
> + set +x
> 2.6.32.9-g9b5a066-dirty:
> + _________________________ kern.debug
> +
> + test -f /var/log/kern.debug
> + _________________________ klog
> +
> + cat
> + egrep -i ipsec|klips|pluto
> + sed -n 1,$p /dev/null
> + _________________________ plog
> +
> + cat
> + egrep -i pluto
> + sed -n 1,$p /dev/null
> + _________________________ date
> +
> + date
> Fri Jun 11 09:16:20 UTC 2010
> _______________________________________________
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
> Building and Integrating Virtual Private Networks with Openswan:
> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20100622/613030c1/attachment-0001.html
More information about the Users
mailing list