[Openswan Users] Help configuring simple IPSec from Linux to Windows - "cannot respond to IPsec SA request because no connection is known"
Paddy Doyle
paddy at tchpc.tcd.ie
Tue Apr 10 10:05:07 EDT 2012
Hi again,
On Wed, Apr 04, 2012 at 06:29:44PM +0100, Paddy Doyle wrote:
> Hi all,
>
> I'm having a problem trying to get IPSec working.
See attached output from "ipsec barf" from the Linux host.
I don't know how to interpret the "cannot respond to IPsec SA request because no
connection is known" lines.
10.1.112.202<10.1.112.202>[+S=C]:1/0...10.1.112.14<10.1.112.14>[+S=C]:1/0
What do the various parts of the line mean? E.g. [+S=C] ?
Could the 'no connection' problem be something to do with {left|right}subnet? I
thought I had configured it to just restrict between two hosts.
Thanks,
Paddy
--
Paddy Doyle
Trinity Centre for High Performance Computing,
Lloyd Building, Trinity College Dublin, Dublin 2, Ireland.
Phone: +353-1-896-3725
http://www.tchpc.tcd.ie/
-------------- next part --------------
linuxhost.fq.dn
Tue Apr 10 14:54:03 IST 2012
+ _________________________ version
+ ipsec --version
Linux Openswan U2.6.32/K2.6.32-220.4.1.el6.x86_64 (netkey)
See `ipsec --copyright' for copyright information.
+ _________________________ /proc/version
+ cat /proc/version
Linux version 2.6.32-220.4.1.el6.x86_64 (mockbuild at sl6.fnal.gov) (gcc version 4.4.6 20110731 (Red Hat 4.4.6-3) (GCC) ) #1 SMP Mon Jan 23 17:20:44 CST 2012
+ _________________________ /proc/net/ipsec_eroute
+ test -r /proc/net/ipsec_eroute
+ _________________________ netstat-rn
+ netstat -nr
+ head -n 100
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
10.1.112.0 0.0.0.0 255.255.252.0 U 0 0 0 eth1
0.0.0.0 10.1.112.1 0.0.0.0 UG 0 0 0 eth1
+ _________________________ /proc/net/ipsec_spi
+ test -r /proc/net/ipsec_spi
+ _________________________ /proc/net/ipsec_spigrp
+ test -r /proc/net/ipsec_spigrp
+ _________________________ /proc/net/ipsec_tncfg
+ test -r /proc/net/ipsec_tncfg
+ _________________________ /proc/net/pfkey
+ test -r /proc/net/pfkey
+ cat /proc/net/pfkey
sk RefCnt Rmem Wmem User Inode
+ _________________________ ip-xfrm-state
+ ip xfrm state
src 10.1.112.14 dst 10.1.112.202
proto esp spi 0x7fa89fe7 reqid 16385 mode transport
replay-window 32
auth hmac(sha1) 0x0be2a63375df6c792a1259eb7589a8df8c7cbea9
enc cbc(des3_ede) 0x524ec13ece87006e46a4db76fcad27587b280bf57848e84e
sel src 0.0.0.0/0 dst 0.0.0.0/0
src 10.1.112.202 dst 10.1.112.14
proto esp spi 0xf967a2ad reqid 16385 mode transport
replay-window 32
auth hmac(sha1) 0xd3ae726c1d02fd375e06ed87123319dab8285308
enc cbc(des3_ede) 0xa5eb3609f080df75c0f8488293752ff1d7f017f04151aabe
sel src 0.0.0.0/0 dst 0.0.0.0/0
+ _________________________ ip-xfrm-policy
+ ip xfrm policy
src 10.1.112.202/32 dst 10.1.112.14/32 proto udp dport 1701
dir out priority 2080 ptype main
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 16385 mode transport
src 10.1.112.14/32 dst 10.1.112.202/32 proto udp sport 1701
dir in priority 2080 ptype main
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 16385 mode transport
src ::/0 dst ::/0
dir 4 priority 0 ptype main
src ::/0 dst ::/0
dir 3 priority 0 ptype main
src ::/0 dst ::/0
dir 4 priority 0 ptype main
src ::/0 dst ::/0
dir 3 priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
dir 4 priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
dir 3 priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
dir 4 priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
dir 3 priority 0 ptype main
+ _________________________ /proc/crypto
+ test -r /proc/crypto
+ cat /proc/crypto
name : authenc(hmac(sha1),cbc(des3_ede))
driver : authenc(hmac(sha1-generic),cbc(des3_ede-generic))
module : authenc
priority : 0
refcnt : 3
selftest : passed
type : aead
async : no
blocksize : 8
ivsize : 8
maxauthsize : 20
geniv : <built-in>
name : cbc(des3_ede)
driver : cbc(des3_ede-generic)
module : kernel
priority : 0
refcnt : 3
selftest : passed
type : givcipher
async : no
blocksize : 8
min keysize : 24
max keysize : 24
ivsize : 8
geniv : eseqiv
name : deflate
driver : deflate-generic
module : deflate
priority : 0
refcnt : 1
selftest : passed
type : compression
name : rfc3686(ctr(aes))
driver : rfc3686(ctr(aes-asm))
module : ctr
priority : 200
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 1
min keysize : 20
max keysize : 36
ivsize : 8
geniv : seqiv
name : ctr(aes)
driver : ctr(aes-asm)
module : ctr
priority : 200
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 1
min keysize : 16
max keysize : 32
ivsize : 16
geniv : chainiv
name : cbc(twofish)
driver : cbc(twofish-asm)
module : cbc
priority : 200
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 16
geniv : <default>
name : cbc(camellia)
driver : cbc(camellia-generic)
module : cbc
priority : 100
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 16
geniv : <default>
name : camellia
driver : camellia-generic
module : camellia
priority : 100
refcnt : 1
selftest : passed
type : cipher
blocksize : 16
min keysize : 16
max keysize : 32
name : cbc(serpent)
driver : cbc(serpent-generic)
module : cbc
priority : 0
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 16
min keysize : 0
max keysize : 32
ivsize : 16
geniv : <default>
name : cbc(aes)
driver : cbc(aes-asm)
module : cbc
priority : 200
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 16
geniv : <default>
name : cbc(blowfish)
driver : cbc(blowfish-generic)
module : cbc
priority : 0
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 8
min keysize : 4
max keysize : 56
ivsize : 8
geniv : <default>
name : cbc(cast5)
driver : cbc(cast5-generic)
module : cbc
priority : 0
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 8
min keysize : 5
max keysize : 16
ivsize : 8
geniv : <default>
name : cast5
driver : cast5-generic
module : cast5
priority : 0
refcnt : 1
selftest : passed
type : cipher
blocksize : 8
min keysize : 5
max keysize : 16
name : cbc(des3_ede)
driver : cbc(des3_ede-generic)
module : cbc
priority : 0
refcnt : 3
selftest : passed
type : blkcipher
blocksize : 8
min keysize : 24
max keysize : 24
ivsize : 8
geniv : <default>
name : cbc(des)
driver : cbc(des-generic)
module : cbc
priority : 0
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 8
min keysize : 8
max keysize : 8
ivsize : 8
geniv : <default>
name : xcbc(aes)
driver : xcbc(aes-asm)
module : xcbc
priority : 200
refcnt : 1
selftest : passed
type : shash
blocksize : 16
digestsize : 16
name : hmac(rmd160)
driver : hmac(rmd160-generic)
module : kernel
priority : 0
refcnt : 1
selftest : passed
type : shash
blocksize : 64
digestsize : 20
name : rmd160
driver : rmd160-generic
module : rmd160
priority : 0
refcnt : 1
selftest : passed
type : shash
blocksize : 64
digestsize : 20
name : hmac(sha256)
driver : hmac(sha256-generic)
module : kernel
priority : 0
refcnt : 1
selftest : passed
type : shash
blocksize : 64
digestsize : 32
name : hmac(sha1)
driver : hmac(sha1-generic)
module : kernel
priority : 0
refcnt : 5
selftest : passed
type : shash
blocksize : 64
digestsize : 20
name : hmac(md5)
driver : hmac(md5-generic)
module : kernel
priority : 0
refcnt : 1
selftest : passed
type : shash
blocksize : 64
digestsize : 16
name : compress_null
driver : compress_null-generic
module : crypto_null
priority : 0
refcnt : 1
selftest : passed
type : compression
name : digest_null
driver : digest_null-generic
module : crypto_null
priority : 0
refcnt : 1
selftest : passed
type : shash
blocksize : 1
digestsize : 0
name : ecb(cipher_null)
driver : ecb-cipher_null
module : crypto_null
priority : 100
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 1
min keysize : 0
max keysize : 0
ivsize : 0
geniv : <default>
name : cipher_null
driver : cipher_null-generic
module : crypto_null
priority : 0
refcnt : 1
selftest : passed
type : cipher
blocksize : 1
min keysize : 0
max keysize : 0
name : tnepres
driver : tnepres-generic
module : serpent
priority : 0
refcnt : 1
selftest : passed
type : cipher
blocksize : 16
min keysize : 0
max keysize : 32
name : serpent
driver : serpent-generic
module : serpent
priority : 0
refcnt : 1
selftest : passed
type : cipher
blocksize : 16
min keysize : 0
max keysize : 32
name : blowfish
driver : blowfish-generic
module : blowfish
priority : 0
refcnt : 1
selftest : passed
type : cipher
blocksize : 8
min keysize : 4
max keysize : 56
name : twofish
driver : twofish-asm
module : twofish_x86_64
priority : 200
refcnt : 1
selftest : passed
type : cipher
blocksize : 16
min keysize : 16
max keysize : 32
name : sha256
driver : sha256-generic
module : sha256_generic
priority : 0
refcnt : 1
selftest : passed
type : shash
blocksize : 64
digestsize : 32
name : sha224
driver : sha224-generic
module : sha256_generic
priority : 0
refcnt : 1
selftest : passed
type : shash
blocksize : 64
digestsize : 28
name : sha512
driver : sha512-generic
module : sha512_generic
priority : 0
refcnt : 1
selftest : passed
type : shash
blocksize : 128
digestsize : 64
name : sha384
driver : sha384-generic
module : sha512_generic
priority : 0
refcnt : 1
selftest : passed
type : shash
blocksize : 128
digestsize : 48
name : des3_ede
driver : des3_ede-generic
module : des_generic
priority : 0
refcnt : 3
selftest : passed
type : cipher
blocksize : 8
min keysize : 24
max keysize : 24
name : des
driver : des-generic
module : des_generic
priority : 0
refcnt : 1
selftest : passed
type : cipher
blocksize : 8
min keysize : 8
max keysize : 8
name : aes
driver : aes-asm
module : aes_x86_64
priority : 200
refcnt : 1
selftest : passed
type : cipher
blocksize : 16
min keysize : 16
max keysize : 32
name : aes
driver : aes-generic
module : aes_generic
priority : 100
refcnt : 1
selftest : passed
type : cipher
blocksize : 16
min keysize : 16
max keysize : 32
name : stdrng
driver : krng
module : kernel
priority : 200
refcnt : 2
selftest : passed
type : rng
seedsize : 0
name : crc32c
driver : crc32c-generic
module : kernel
priority : 100
refcnt : 1
selftest : passed
type : shash
blocksize : 1
digestsize : 4
name : sha1
driver : sha1-generic
module : kernel
priority : 0
refcnt : 3
selftest : passed
type : shash
blocksize : 64
digestsize : 20
name : md5
driver : md5-generic
module : kernel
priority : 0
refcnt : 1
selftest : passed
type : shash
blocksize : 64
digestsize : 16
+ __________________________/proc/sys/net/core/xfrm-star
/usr/libexec/ipsec/barf: line 190: __________________________/proc/sys/net/core/xfrm-star: No such file or directory
+ for i in '/proc/sys/net/core/xfrm_*'
+ echo -n '/proc/sys/net/core/xfrm_acq_expires: '
/proc/sys/net/core/xfrm_acq_expires: + cat /proc/sys/net/core/xfrm_acq_expires
30
+ for i in '/proc/sys/net/core/xfrm_*'
+ echo -n '/proc/sys/net/core/xfrm_aevent_etime: '
/proc/sys/net/core/xfrm_aevent_etime: + cat /proc/sys/net/core/xfrm_aevent_etime
10
+ for i in '/proc/sys/net/core/xfrm_*'
+ echo -n '/proc/sys/net/core/xfrm_aevent_rseqth: '
/proc/sys/net/core/xfrm_aevent_rseqth: + cat /proc/sys/net/core/xfrm_aevent_rseqth
2
+ for i in '/proc/sys/net/core/xfrm_*'
+ echo -n '/proc/sys/net/core/xfrm_larval_drop: '
/proc/sys/net/core/xfrm_larval_drop: + cat /proc/sys/net/core/xfrm_larval_drop
1
+ _________________________ /proc/sys/net/ipsec-star
+ test -d /proc/sys/net/ipsec
+ _________________________ ipsec/status
+ ipsec auto --status
000 using kernel interface: netkey
000 interface lo/lo ::1
000 interface eth1/eth1 xxx
000 interface lo/lo 127.0.0.1
000 interface eth1/eth1 10.1.112.202
000 %myid = (none)
000 debug none
000
000 virtual_private (%priv):
000 - allowed 0 subnets:
000 - disallowed 0 subnets:
000 WARNING: Either virtual_private= is not specified, or there is a syntax
000 error in that line. 'left/rightsubnet=vhost:%priv' will not work!
000 WARNING: Disallowed subnets in virtual_private= is empty. If you have
000 private address space in internal use, it should be excluded!
000
000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64, keysizemax=64
000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192, keysizemax=192
000 algorithm ESP encrypt: id=6, name=ESP_CAST, ivlen=8, keysizemin=40, keysizemax=128
000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8, keysizemin=40, keysizemax=448
000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0, keysizemax=0
000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=13, name=ESP_AES_CTR, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=14, name=ESP_AES_CCM_A, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=15, name=ESP_AES_CCM_B, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=16, name=ESP_AES_CCM_C, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=18, name=ESP_AES_GCM_A, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=19, name=ESP_AES_GCM_B, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=20, name=ESP_AES_GCM_C, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=22, name=ESP_CAMELLIA, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160
000 algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256, keysizemin=256, keysizemax=256
000 algorithm ESP auth attr: id=8, name=AUTH_ALGORITHM_HMAC_RIPEMD, keysizemin=160, keysizemax=160
000 algorithm ESP auth attr: id=9, name=AUTH_ALGORITHM_AES_CBC, keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=251, name=(null), keysizemin=0, keysizemax=0
000
000 algorithm IKE encrypt: id=0, name=(null), blocksize=16, keydeflen=131
000 algorithm IKE encrypt: id=3, name=OAKLEY_BLOWFISH_CBC, blocksize=8, keydeflen=128
000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8, keydeflen=192
000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: id=65004, name=OAKLEY_SERPENT_CBC, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: id=65005, name=OAKLEY_TWOFISH_CBC, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: id=65289, name=OAKLEY_TWOFISH_CBC_SSH, blocksize=16, keydeflen=128
000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20
000 algorithm IKE hash: id=4, name=OAKLEY_SHA2_256, hashsize=32
000 algorithm IKE hash: id=6, name=OAKLEY_SHA2_512, hashsize=64
000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
000 algorithm IKE dh group: id=22, name=OAKLEY_GROUP_DH22, bits=1024
000 algorithm IKE dh group: id=23, name=OAKLEY_GROUP_DH23, bits=2048
000 algorithm IKE dh group: id=24, name=OAKLEY_GROUP_DH24, bits=2048
000
000 stats db_ops: {curr_cnt, total_cnt, maxsz} :context={0,2,64} trans={0,2,2304} attrs={0,2,1536}
000
000 "windoze": 10.1.112.202/32===10.1.112.202<10.1.112.202>[+S=C]:17/0...10.1.112.14<10.1.112.14>[+S=C]:17/1701===10.1.112.14/32; erouted; eroute owner: #2
000 "windoze": myip=unset; hisip=unset;
000 "windoze": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
000 "windoze": policy: PSK+ENCRYPT+UP+IKEv2ALLOW+SAREFTRACK+lKOD+rKOD; prio: 32,32; interface: eth1;
000 "windoze": newest ISAKMP SA: #1; newest IPsec SA: #2;
000 "windoze": IKE algorithm newest: 3DES_CBC_192-SHA1-MODP1024
000 "windoze": ESP algorithms wanted: 3DES(3)_000-SHA1(2)_000; flags=-strict
000 "windoze": ESP algorithms loaded: 3DES(3)_192-SHA1(2)_160
000 "windoze": ESP algorithm newest: 3DES_000-HMAC_SHA1; pfsgroup=<N/A>
000
000 #2: "windoze":500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 28002s; newest IPSEC; eroute owner; isakmp#1; idle; import:admin initiate
000 #2: "windoze" esp.f967a2ad at 10.1.112.14 esp.7fa89fe7 at 10.1.112.202 ref=0 refhim=4294901761
000 #1: "windoze":500 STATE_MAIN_I4 (ISAKMP SA established); none in -1s; newest ISAKMP; nodpd; idle; import:admin initiate
000
+ _________________________ ifconfig-a
+ ifconfig -a
eth1 Link encap:Ethernet HWaddr 52:54:00:A6:E0:FD
inet addr:10.1.112.202 Bcast:10.1.115.255 Mask:255.255.252.0
inet6 addr: xxx/64 Scope:Global
inet6 addr: fe80::5054:ff:fea6:e0fd/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6832125 errors:0 dropped:0 overruns:0 frame:0
TX packets:93991 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1002004451 (955.5 MiB) TX bytes:17842007 (17.0 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
+ _________________________ ip-addr-list
+ ip addr list
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 52:54:00:a6:e0:fd brd ff:ff:ff:ff:ff:ff
inet 10.1.112.202/22 brd 10.1.115.255 scope global eth1
inet6 xxx/64 scope global dynamic
valid_lft 86395sec preferred_lft 14395sec
inet6 fe80::5054:ff:fea6:e0fd/64 scope link
valid_lft forever preferred_lft forever
+ _________________________ ip-route-list
+ ip route list
10.1.112.0/22 dev eth1 proto kernel scope link src 10.1.112.202 metric 1
default via 10.1.112.1 dev eth1 proto static
+ _________________________ ip-rule-list
+ ip rule list
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
+ _________________________ ipsec_verify
+ ipsec verify --nocolour
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.6.32/K2.6.32-220.4.1.el6.x86_64 (netkey)
Checking for IPsec support in kernel [OK]
SAref kernel support [N/A]
NETKEY: Testing for disabled ICMP send_redirects [OK]
NETKEY detected, testing for disabled ICMP accept_redirects [OK]
Checking that pluto is running [OK]
Pluto listening for IKE on udp 500 [OK]
Pluto listening for NAT-T on udp 4500 [FAILED]
Checking for 'ip' command [OK]
Checking /bin/sh is not /bin/dash [OK]
Checking for 'iptables' command [OK]
Opportunistic Encryption Support [DISABLED]
+ _________________________ mii-tool
+ '[' -x /sbin/mii-tool ']'
+ /sbin/mii-tool -v
No interface specified
usage: /sbin/mii-tool [-VvRrwl] [-A media,... | -F media] <interface> ...
-V, --version display version information
-v, --verbose more verbose output
-R, --reset reset MII to poweron state
-r, --restart restart autonegotiation
-w, --watch monitor for link status changes
-l, --log with -w, write events to syslog
-A, --advertise=media,... advertise only specified media
-F, --force=media force specified media technology
media: 100baseT4, 100baseTx-FD, 100baseTx-HD, 10baseT-FD, 10baseT-HD,
(to advertise both HD and FD) 100baseTx, 10baseT
+ _________________________ ipsec/directory
+ ipsec --directory
/usr/libexec/ipsec
+ _________________________ hostname/fqdn
+ hostname --fqdn
linuxhost.fq.dn
+ _________________________ hostname/ipaddress
+ hostname --ip-address
10.1.112.202
+ _________________________ uptime
+ uptime
14:54:03 up 11 days, 2:44, 9 users, load average: 0.00, 0.00, 0.00
+ _________________________ ps
+ ps alxwf
+ egrep -i 'ppid|pluto|ipsec|klips'
F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME COMMAND
0 0 2085 1929 20 0 143852 4160 signal T pts/1 0:00 | \_ vim /etc/ipsec.conf
0 0 19195 2192 20 0 106088 1324 wait S+ pts/4 0:00 | \_ /bin/sh /usr/libexec/ipsec/barf
0 0 19268 19195 20 0 4140 612 - S+ pts/4 0:00 | \_ egrep -i ppid|pluto|ipsec|klips
1 0 18947 1 20 0 9220 520 wait S pts/4 0:00 /bin/sh /usr/libexec/ipsec/_plutorun --debug --uniqueids yes --force_busy no --nocrsend no --strictcrlpolicy no --nat_traversal no --keep_alive --protostack netkey --force_keepalive no --disable_port_floating no --virtual_private --listen --crlcheckinterval 0 --ocspuri --nhelpers --secctx_attr_value --dump --opts --stderrlog --wait no --pre --post --log daemon.error --plutorestartoncrash true --pid /var/run/pluto/pluto.pid
1 0 18949 18947 20 0 9220 680 wait S pts/4 0:00 \_ /bin/sh /usr/libexec/ipsec/_plutorun --debug --uniqueids yes --force_busy no --nocrsend no --strictcrlpolicy no --nat_traversal no --keep_alive --protostack netkey --force_keepalive no --disable_port_floating no --virtual_private --listen --crlcheckinterval 0 --ocspuri --nhelpers --secctx_attr_value --dump --opts --stderrlog --wait no --pre --post --log daemon.error --plutorestartoncrash true --pid /var/run/pluto/pluto.pid
4 0 18953 18949 20 0 313564 5364 poll_s Sl pts/4 0:00 | \_ /usr/libexec/ipsec/pluto --nofork --secretsfile /etc/ipsec.secrets --ipsecdir /etc/ipsec.d --use-netkey --uniqueids
0 0 18984 18953 20 0 6072 412 poll_s S pts/4 0:00 | \_ _pluto_adns
0 0 18950 18947 20 0 9220 1152 pipe_w S pts/4 0:00 \_ /bin/sh /usr/libexec/ipsec/_plutoload --wait no --post
0 0 18948 1 20 0 4044 612 pipe_w S pts/4 0:00 logger -s -p daemon.error -t ipsec__plutorun
+ _________________________ ipsec/showdefaults
+ ipsec showdefaults
routephys=eth1
routevirt=none
routeaddr=10.1.112.202
routenexthop=10.1.112.1
+ _________________________ ipsec/conf
+ ipsec _include /etc/ipsec.conf
+ ipsec _keycensor
#< /etc/ipsec.conf 1
# /etc/ipsec.conf - Openswan IPsec configuration file
#
# Manual: ipsec.conf.5
#
# Please place your own config files in /etc/ipsec.d/ ending in .conf
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
# Debug-logging controls: "none" for (almost) none, "all" for lots.
klipsdebug="none"
plutodebug="none"
# For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
protostack=netkey
#nat_traversal=yes
#virtual_private=
oe=off
# Enable this if you see "failed to find any available worker"
# nhelpers=0
#You may put your configuration (.conf) file in the "/etc/ipsec.d/" and uncomment this.
#< /etc/ipsec.d/winhost.conf 1
# conf file to connect linux - windoze (2003 server)
# sample host-to-host tunnel (no subnets)
# Here we assume (for purposes of illustration) that the hosts talk directly
# to each other, so we don't need next-hop settings.
#conn samplehth
# ### left host (public-network address)
# left=10.1.112.202
# #leftsubnet=10.1.112.202/32
# ### next hop to reach right
# #leftnexthop=
# ### right host
# right=10.1.112.14
# #rightsubnet=10.1.112.14/32
# ### next hop to reach left
# #rightnexthop=
# ### (manual) SPI number
# #spi=0x300
# # (manual) encryption/authentication algorithm and parameters to it
# #esp=3des-sha1
# #espenckey=[sums to 2e5f...]
# #espauthkey=[sums to c8c9...]
# authby=secret
# auto=add
# type=transport
conn windoze
left=10.1.112.202
leftsubnet=10.1.112.202/32
right=10.1.112.14
rightsubnet=10.1.112.14/32
type=transport
pfs=no
auth=esp
auto=start
authby=secret
leftprotoport=17/0
rightprotoport=17/1701
esp=3des-sha1
#conn samplehth
# ### left host
# left=10.1.112.202
# ### right host
# right=10.1.112.14
# auto=start
# authby=secret
# type=transport
#conn win-tun
# type=transport
# authby=secret
# auth=esp
# keyingtries=0
# compress=no
# pfs=yes
# esp=3des-sha1
# ike=3des-sha1
# ikelifetime=7200s
# keylife=900s
# rekey=yes
# rekeymargin=90s
# rekeyfuzz=5%
# left=10.1.112.202
# #leftsubnet=10.1.112.202/32
# #leftsourceip=10.1.112.202
# right=10.1.112.14
# #rightsubnet=10.1.112.14/32
# auto=route
#conn sampletm
# ### transport mode rather than tunnel
# type=transport
# ### left host (public-network address)
# left=10.1.112.202
# # next hop to reach right
# #leftnexthop=10.44.55.66
# ### right host, and next hop to reach left
# right=10.1.112.14
# #rightnexthop=10.88.77.66
# ### (manual) SPI number
# spi=0x600
# ### (manual) encryption algorithm and parameters to it
# esp=3des
# espenckey=[sums to 2e5f...]
# ### (manual) authentication algorithm and parameters to it
# ah=hmac-md5
# ahkey=[128 bits]
# ### (auto) authentication control
# auth=ah
#> /etc/ipsec.conf 24
+ _________________________ ipsec/secrets
+ ipsec _include /etc/ipsec.secrets
+ ipsec _secretcensor
#< /etc/ipsec.secrets 1
#< /etc/ipsec.d/winhost.secrets 1
10.1.112.202 10.1.112.14: PSK "[sums to 6f59...]"
#> /etc/ipsec.secrets 2
+ _________________________ ipsec/listall
+ ipsec auto --listall
000
000 List of Public Keys:
000
000 List of Pre-shared secrets (from /etc/ipsec.secrets)
000 1: PSK 10.1.112.14 10.1.112.202
+ '[' /etc/ipsec.d/policies ']'
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/block
+ base=block
+ _________________________ ipsec/policies/block
+ cat /etc/ipsec.d/policies/block
# This file defines the set of CIDRs (network/mask-length) to which
# communication should never be allowed.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: block.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/clear
+ base=clear
+ _________________________ ipsec/policies/clear
+ cat /etc/ipsec.d/policies/clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be in the clear.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# root name servers should be in the clear
192.58.128.30/32
198.41.0.4/32
192.228.79.201/32
192.33.4.12/32
128.8.10.90/32
192.203.230.10/32
192.5.5.241/32
192.112.36.4/32
128.63.2.53/32
192.36.148.17/32
193.0.14.129/32
199.7.83.42/32
202.12.27.33/32
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/clear-or-private
+ base=clear-or-private
+ _________________________ ipsec/policies/clear-or-private
+ cat /etc/ipsec.d/policies/clear-or-private
# This file defines the set of CIDRs (network/mask-length) to which
# we will communicate in the clear, or, if the other side initiates IPSEC,
# using encryption. This behaviour is also called "Opportunistic Responder".
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: clear-or-private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/private
+ base=private
+ _________________________ ipsec/policies/private
+ cat /etc/ipsec.d/policies/private
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be private (i.e. encrypted).
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/private-or-clear
+ base=private-or-clear
+ _________________________ ipsec/policies/private-or-clear
+ cat /etc/ipsec.d/policies/private-or-clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should be private, if possible, but in the clear otherwise.
#
# If the target has a TXT (later IPSECKEY) record that specifies
# authentication material, we will require private (i.e. encrypted)
# communications. If no such record is found, communications will be
# in the clear.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: private-or-clear.in,v 1.5 2003/02/17 02:22:15 mcr Exp $
#
0.0.0.0/0
+ _________________________ ipsec/ls-libdir
+ ls -l /usr/libexec/ipsec
total 2468
-rwxr-xr-x 1 root root 10592 Dec 10 07:19 _copyright
-rwxr-xr-x 1 root root 2430 Dec 10 07:18 _include
-rwxr-xr-x 1 root root 1475 Dec 10 07:18 _keycensor
-rwxr-xr-x 1 root root 14528 Dec 10 07:19 _pluto_adns
-rwxr-xr-x 1 root root 2567 Dec 10 07:18 _plutoload
-rwxr-xr-x 1 root root 8474 Dec 10 07:18 _plutorun
-rwxr-xr-x 1 root root 13671 Dec 10 07:18 _realsetup
-rwxr-xr-x 1 root root 1975 Dec 10 07:18 _secretcensor
-rwxr-xr-x 1 root root 11507 Dec 10 07:18 _startklips
-rwxr-xr-x 1 root root 6096 Dec 10 07:18 _startnetkey
-rwxr-xr-x 1 root root 4923 Dec 10 07:18 _updown
-rwxr-xr-x 1 root root 16227 Dec 10 07:18 _updown.klips
-rwxr-xr-x 1 root root 16583 Dec 10 07:18 _updown.mast
-rwxr-xr-x 1 root root 13745 Dec 10 07:18 _updown.netkey
-rwxr-xr-x 1 root root 226448 Dec 10 07:19 addconn
-rwxr-xr-x 1 root root 6015 Dec 10 07:18 auto
-rwxr-xr-x 1 root root 10978 Dec 10 07:18 barf
-rwxr-xr-x 1 root root 93840 Dec 10 07:19 eroute
-rwxr-xr-x 1 root root 26736 Dec 10 07:19 ikeping
-rwxr-xr-x 1 root root 69552 Dec 10 07:19 klipsdebug
-rwxr-xr-x 1 root root 2455 Dec 10 07:18 look
-rwxr-xr-x 1 root root 2189 Dec 10 07:18 newhostkey
-rwxr-xr-x 1 root root 64976 Dec 10 07:19 pf_key
-rwxr-xr-x 1 root root 1072848 Dec 10 07:19 pluto
-rwxr-xr-x 1 root root 12349 Dec 10 07:18 policy
-rwxr-xr-x 1 root root 10576 Dec 10 07:19 ranbits
-rwxr-xr-x 1 root root 27376 Dec 10 07:19 rsasigkey
-rwxr-xr-x 1 root root 704 Dec 10 07:18 secrets
lrwxrwxrwx 1 root root 30 Mar 28 15:48 setup -> ../../../etc/rc.d/init.d/ipsec
-rwxr-xr-x 1 root root 1126 Dec 10 07:18 showdefaults
-rwxr-xr-x 1 root root 267584 Dec 10 07:19 showhostkey
-rwxr-xr-x 1 root root 26736 Dec 10 07:19 showpolicy
-rwxr-xr-x 1 root root 176552 Dec 10 07:19 spi
-rwxr-xr-x 1 root root 81504 Dec 10 07:19 spigrp
-rwxr-xr-x 1 root root 77032 Dec 10 07:19 tncfg
-rwxr-xr-x 1 root root 14828 Dec 10 07:18 verify
-rwxr-xr-x 1 root root 59904 Dec 10 07:19 whack
+ _________________________ ipsec/ls-execdir
+ ls -l /usr/libexec/ipsec
total 2468
-rwxr-xr-x 1 root root 10592 Dec 10 07:19 _copyright
-rwxr-xr-x 1 root root 2430 Dec 10 07:18 _include
-rwxr-xr-x 1 root root 1475 Dec 10 07:18 _keycensor
-rwxr-xr-x 1 root root 14528 Dec 10 07:19 _pluto_adns
-rwxr-xr-x 1 root root 2567 Dec 10 07:18 _plutoload
-rwxr-xr-x 1 root root 8474 Dec 10 07:18 _plutorun
-rwxr-xr-x 1 root root 13671 Dec 10 07:18 _realsetup
-rwxr-xr-x 1 root root 1975 Dec 10 07:18 _secretcensor
-rwxr-xr-x 1 root root 11507 Dec 10 07:18 _startklips
-rwxr-xr-x 1 root root 6096 Dec 10 07:18 _startnetkey
-rwxr-xr-x 1 root root 4923 Dec 10 07:18 _updown
-rwxr-xr-x 1 root root 16227 Dec 10 07:18 _updown.klips
-rwxr-xr-x 1 root root 16583 Dec 10 07:18 _updown.mast
-rwxr-xr-x 1 root root 13745 Dec 10 07:18 _updown.netkey
-rwxr-xr-x 1 root root 226448 Dec 10 07:19 addconn
-rwxr-xr-x 1 root root 6015 Dec 10 07:18 auto
-rwxr-xr-x 1 root root 10978 Dec 10 07:18 barf
-rwxr-xr-x 1 root root 93840 Dec 10 07:19 eroute
-rwxr-xr-x 1 root root 26736 Dec 10 07:19 ikeping
-rwxr-xr-x 1 root root 69552 Dec 10 07:19 klipsdebug
-rwxr-xr-x 1 root root 2455 Dec 10 07:18 look
-rwxr-xr-x 1 root root 2189 Dec 10 07:18 newhostkey
-rwxr-xr-x 1 root root 64976 Dec 10 07:19 pf_key
-rwxr-xr-x 1 root root 1072848 Dec 10 07:19 pluto
-rwxr-xr-x 1 root root 12349 Dec 10 07:18 policy
-rwxr-xr-x 1 root root 10576 Dec 10 07:19 ranbits
-rwxr-xr-x 1 root root 27376 Dec 10 07:19 rsasigkey
-rwxr-xr-x 1 root root 704 Dec 10 07:18 secrets
lrwxrwxrwx 1 root root 30 Mar 28 15:48 setup -> ../../../etc/rc.d/init.d/ipsec
-rwxr-xr-x 1 root root 1126 Dec 10 07:18 showdefaults
-rwxr-xr-x 1 root root 267584 Dec 10 07:19 showhostkey
-rwxr-xr-x 1 root root 26736 Dec 10 07:19 showpolicy
-rwxr-xr-x 1 root root 176552 Dec 10 07:19 spi
-rwxr-xr-x 1 root root 81504 Dec 10 07:19 spigrp
-rwxr-xr-x 1 root root 77032 Dec 10 07:19 tncfg
-rwxr-xr-x 1 root root 14828 Dec 10 07:18 verify
-rwxr-xr-x 1 root root 59904 Dec 10 07:19 whack
+ _________________________ /proc/net/dev
+ cat /proc/net/dev
Inter-| Receive | Transmit
face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed
lo: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
eth1:1002005656 6832129 0 0 0 0 0 0 17842430 93995 0 0 0 0 0 0
+ _________________________ /proc/net/route
+ cat /proc/net/route
Iface Destination Gateway Flags RefCnt Use Metric Mask MTU Window IRTT
eth1 0070E286 00000000 0001 0 0 1 00FCFFFF 0 0 0
eth1 00000000 0170E286 0003 0 0 0 00000000 0 0 0
+ _________________________ /proc/sys/net/ipv4/ip_no_pmtu_disc
+ cat /proc/sys/net/ipv4/ip_no_pmtu_disc
0
+ _________________________ /proc/sys/net/ipv4/ip_forward
+ cat /proc/sys/net/ipv4/ip_forward
0
+ _________________________ /proc/sys/net/ipv4/tcp_ecn
+ cat /proc/sys/net/ipv4/tcp_ecn
2
+ _________________________ /proc/sys/net/ipv4/conf/star-rp_filter
+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/rp_filter default/rp_filter eth1/rp_filter lo/rp_filter
all/rp_filter:0
default/rp_filter:1
eth1/rp_filter:1
lo/rp_filter:1
+ _________________________ /proc/sys/net/ipv4/conf/star-star-redirects
+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/accept_redirects all/secure_redirects all/send_redirects default/accept_redirects default/secure_redirects default/send_redirects eth1/accept_redirects eth1/secure_redirects eth1/send_redirects lo/accept_redirects lo/secure_redirects lo/send_redirects
all/accept_redirects:0
all/secure_redirects:1
all/send_redirects:0
default/accept_redirects:0
default/secure_redirects:1
default/send_redirects:0
eth1/accept_redirects:0
eth1/secure_redirects:1
eth1/send_redirects:0
lo/accept_redirects:0
lo/secure_redirects:1
lo/send_redirects:0
+ _________________________ /proc/sys/net/ipv4/tcp_window_scaling
+ cat /proc/sys/net/ipv4/tcp_window_scaling
1
+ _________________________ /proc/sys/net/ipv4/tcp_adv_win_scale
+ cat /proc/sys/net/ipv4/tcp_adv_win_scale
2
+ _________________________ uname-a
+ uname -a
Linux linuxhost.fq.dn 2.6.32-220.4.1.el6.x86_64 #1 SMP Mon Jan 23 17:20:44 CST 2012 x86_64 x86_64 x86_64 GNU/Linux
+ _________________________ config-built-with
+ test -r /proc/config_built_with
+ _________________________ distro-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/redhat-release
+ cat /etc/redhat-release
Scientific Linux release 6.2 (Carbon)
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/debian-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/SuSE-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/mandrake-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/mandriva-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/gentoo-release
+ _________________________ /proc/net/ipsec_version
+ test -r /proc/net/ipsec_version
+ test -r /proc/net/pfkey
++ uname -r
+ echo 'NETKEY (2.6.32-220.4.1.el6.x86_64) support detected '
NETKEY (2.6.32-220.4.1.el6.x86_64) support detected
+ _________________________ iptables
+ test -r /sbin/iptables-save
+ iptables-save
# Generated by iptables-save v1.4.7 on Tue Apr 10 14:54:03 2012
*mangle
:PREROUTING ACCEPT [1396087:281825983]
:INPUT ACCEPT [1162693:251084533]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [3552:766895]
:POSTROUTING ACCEPT [3552:766895]
COMMIT
# Completed on Tue Apr 10 14:54:03 2012
# Generated by iptables-save v1.4.7 on Tue Apr 10 14:54:03 2012
*nat
:PREROUTING ACCEPT [1382359:276943703]
:POSTROUTING ACCEPT [1255:112867]
:OUTPUT ACCEPT [1255:112867]
COMMIT
# Completed on Tue Apr 10 14:54:03 2012
# Generated by iptables-save v1.4.7 on Tue Apr 10 14:54:03 2012
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [82358:16255526]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -p udp -m udp --dport 69 -j ACCEPT
-A INPUT -s 10.1.112.22/32 -j ACCEPT
-A INPUT -s 10.1.112.14/32 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Tue Apr 10 14:54:03 2012
+ _________________________ iptables-nat
+ iptables-save -t nat
# Generated by iptables-save v1.4.7 on Tue Apr 10 14:54:03 2012
*nat
:PREROUTING ACCEPT [1382359:276943703]
:POSTROUTING ACCEPT [1255:112867]
:OUTPUT ACCEPT [1255:112867]
COMMIT
# Completed on Tue Apr 10 14:54:03 2012
+ _________________________ iptables-mangle
+ iptables-save -t mangle
# Generated by iptables-save v1.4.7 on Tue Apr 10 14:54:03 2012
*mangle
:PREROUTING ACCEPT [1396087:281825983]
:INPUT ACCEPT [1162693:251084533]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [3552:766895]
:POSTROUTING ACCEPT [3552:766895]
COMMIT
# Completed on Tue Apr 10 14:54:03 2012
+ _________________________ /proc/modules
+ test -f /proc/modules
+ cat /proc/modules
ah6 5389 0 - Live 0xffffffffa0281000
ah4 4416 0 - Live 0xffffffffa027a000
esp6 5075 0 - Live 0xffffffffa0273000
esp4 5454 2 - Live 0xffffffffa026c000
xfrm4_mode_beet 2069 0 - Live 0xffffffffa0263000
xfrm4_tunnel 1981 0 - Live 0xffffffffa0254000
xfrm4_mode_tunnel 2002 0 - Live 0xffffffffa0247000
xfrm4_mode_transport 1449 4 - Live 0xffffffffa0235000
xfrm6_mode_transport 1545 0 - Live 0xffffffffa0224000
xfrm6_mode_ro 1318 0 - Live 0xffffffffa021c000
xfrm6_mode_beet 2020 0 - Live 0xffffffffa0216000
xfrm6_mode_tunnel 1906 0 - Live 0xffffffffa01f7000
ipcomp 2073 0 - Live 0xffffffffa0175000
ipcomp6 2138 0 - Live 0xffffffffa0167000
xfrm6_tunnel 7969 1 ipcomp6, Live 0xffffffffa0140000
af_key 29987 0 - Live 0xffffffffa01e6000
iptable_mangle 3349 0 - Live 0xffffffffa043c000
iptable_nat 6158 0 - Live 0xffffffffa0435000
nf_nat 22726 1 iptable_nat, Live 0xffffffffa0428000
authenc 6747 2 - Live 0xffffffffa0736000
deflate 2107 0 - Live 0xffffffffa039a000
zlib_deflate 21629 1 deflate, Live 0xffffffffa038f000
ctr 4063 0 - Live 0xffffffffa0389000
camellia 18334 0 - Live 0xffffffffa037f000
cast5 15242 0 - Live 0xffffffffa0376000
rmd160 8154 0 - Live 0xffffffffa036f000
crypto_null 2952 0 - Live 0xffffffffa0369000
ccm 8471 0 - Live 0xffffffffa0361000
serpent 18455 0 - Live 0xffffffffa0357000
blowfish 7884 0 - Live 0xffffffffa0350000
twofish_x86_64 5257 0 - Live 0xffffffffa0349000
twofish_common 14633 1 twofish_x86_64, Live 0xffffffffa0340000
ecb 2209 0 - Live 0xffffffffa033a000
xcbc 2849 0 - Live 0xffffffffa0334000
cbc 3083 2 - Live 0xffffffffa032e000
sha256_generic 10361 0 - Live 0xffffffffa0326000
sha512_generic 4974 0 - Live 0xffffffffa031f000
des_generic 16604 2 - Live 0xffffffffa0315000
cryptd 8006 0 - Live 0xffffffffa02fc000
aes_x86_64 7914 0 - Live 0xffffffffa02eb000
aes_generic 27609 1 aes_x86_64, Live 0xffffffffa02d9000
tunnel4 2943 1 xfrm4_tunnel, Live 0xffffffffa0266000
xfrm_ipcomp 4802 2 ipcomp,ipcomp6, Live 0xffffffffa01f0000
tunnel6 2714 1 xfrm6_tunnel, Live 0xffffffffa0122000
autofs4 26888 3 - Live 0xffffffffa02f0000
sunrpc 243758 1 - Live 0xffffffffa029b000
ipt_REJECT 2383 2 - Live 0xffffffffa0260000
nf_conntrack_ipv4 9506 5 iptable_nat,nf_nat, Live 0xffffffffa0257000
nf_defrag_ipv4 1483 1 nf_conntrack_ipv4, Live 0xffffffffa0251000
iptable_filter 2793 1 - Live 0xffffffffa024b000
ip_tables 17831 3 iptable_mangle,iptable_nat,iptable_filter, Live 0xffffffffa0240000
ip6t_REJECT 4628 2 - Live 0xffffffffa0239000
nf_conntrack_ipv6 8748 2 - Live 0xffffffffa0230000
nf_defrag_ipv6 12182 1 nf_conntrack_ipv6, Live 0xffffffffa0227000
xt_state 1492 4 - Live 0xffffffffa0221000
nf_conntrack 79453 5 iptable_nat,nf_nat,nf_conntrack_ipv4,nf_conntrack_ipv6,xt_state, Live 0xffffffffa0200000
ip6table_filter 2889 1 - Live 0xffffffffa01fa000
ip6_tables 19458 1 ip6table_filter, Live 0xffffffffa015d000
ipv6 322029 60 ah6,esp6,xfrm6_mode_beet,xfrm6_mode_tunnel,ipcomp6,xfrm6_tunnel,tunnel6,ip6t_REJECT,nf_conntrack_ipv6,nf_defrag_ipv6, Live 0xffffffffa0195000
dm_mirror 14101 0 - Live 0xffffffffa0126000
dm_region_hash 12170 1 dm_mirror, Live 0xffffffffa00fd000
dm_log 10122 2 dm_mirror,dm_region_hash, Live 0xffffffffa00e7000
microcode 112594 0 - Live 0xffffffffa0177000
virtio_balloon 4347 0 - Live 0xffffffffa001b000
snd_hda_intel 25548 0 - Live 0xffffffffa0169000
snd_hda_codec 91845 1 snd_hda_intel, Live 0xffffffffa0144000
snd_hwdep 6780 1 snd_hda_codec, Live 0xffffffffa013c000
snd_seq 56591 0 - Live 0xffffffffa012c000
snd_seq_device 6596 1 snd_seq, Live 0xffffffffa004b000
snd_pcm 84702 2 snd_hda_intel,snd_hda_codec, Live 0xffffffffa010b000
snd_timer 23057 2 snd_seq,snd_pcm, Live 0xffffffffa0103000
snd 70023 7 snd_hda_intel,snd_hda_codec,snd_hwdep,snd_seq,snd_seq_device,snd_pcm,snd_timer, Live 0xffffffffa00c9000
soundcore 8086 1 snd, Live 0xffffffffa002f000
snd_page_alloc 8630 2 snd_hda_intel,snd_pcm, Live 0xffffffffa0016000
virtio_net 15839 0 - Live 0xffffffffa00f3000
i2c_piix4 12608 0 - Live 0xffffffffa00ed000
i2c_core 31276 1 i2c_piix4, Live 0xffffffffa00dd000
ext4 364410 3 - Live 0xffffffffa006e000
mbcache 8144 1 ext4, Live 0xffffffffa0028000
jbd2 88738 1 ext4, Live 0xffffffffa0056000
virtio_blk 6473 5 - Live 0xffffffffa004e000
virtio_pci 6687 0 - Live 0xffffffffa0047000
virtio_ring 7729 4 virtio_balloon,virtio_net,virtio_blk,virtio_pci, Live 0xffffffffa003f000
virtio 4890 4 virtio_balloon,virtio_net,virtio_blk,virtio_pci, Live 0xffffffffa0038000
pata_acpi 3701 0 - Live 0xffffffffa0032000
ata_generic 3837 0 - Live 0xffffffffa002c000
ata_piix 22846 0 - Live 0xffffffffa0020000
dm_mod 81596 2 dm_mirror,dm_log, Live 0xffffffffa0000000
+ _________________________ /proc/meminfo
+ cat /proc/meminfo
MemTotal: 3922956 kB
MemFree: 2879904 kB
Buffers: 291092 kB
Cached: 490600 kB
SwapCached: 0 kB
Active: 424260 kB
Inactive: 406420 kB
Active(anon): 30468 kB
Inactive(anon): 18716 kB
Active(file): 393792 kB
Inactive(file): 387704 kB
Unevictable: 0 kB
Mlocked: 0 kB
SwapTotal: 0 kB
SwapFree: 0 kB
Dirty: 4 kB
Writeback: 0 kB
AnonPages: 48840 kB
Mapped: 16596 kB
Shmem: 196 kB
Slab: 144880 kB
SReclaimable: 117228 kB
SUnreclaim: 27652 kB
KernelStack: 1440 kB
PageTables: 5432 kB
NFS_Unstable: 0 kB
Bounce: 0 kB
WritebackTmp: 0 kB
CommitLimit: 1961476 kB
Committed_AS: 225468 kB
VmallocTotal: 34359738367 kB
VmallocUsed: 19684 kB
VmallocChunk: 34359715936 kB
HardwareCorrupted: 0 kB
AnonHugePages: 2048 kB
HugePages_Total: 0
HugePages_Free: 0
HugePages_Rsvd: 0
HugePages_Surp: 0
Hugepagesize: 2048 kB
DirectMap4k: 8180 kB
DirectMap2M: 4186112 kB
+ _________________________ /proc/net/ipsec-ls
+ test -f /proc/net/ipsec_version
+ _________________________ usr/src/linux/.config
+ test -f /proc/config.gz
++ uname -r
+ test -f /lib/modules/2.6.32-220.4.1.el6.x86_64/build/.config
+ echo 'no .config file found, cannot list kernel properties'
no .config file found, cannot list kernel properties
+ _________________________ etc/syslog.conf
+ _________________________ etc/syslog-ng/syslog-ng.conf
+ cat /etc/syslog-ng/syslog-ng.conf
cat: /etc/syslog-ng/syslog-ng.conf: No such file or directory
+ cat /etc/syslog.conf
cat: /etc/syslog.conf: No such file or directory
+ _________________________ etc/resolv.conf
+ cat /etc/resolv.conf
# Generated by NetworkManager
domain tchpc.tcd.ie
search tchpc.tcd.ie
nameserver 10.1.112.8
nameserver 10.1.112.9
+ _________________________ lib/modules-ls
+ ls -ltr /lib/modules
total 8
drwxr-xr-x. 7 root root 4096 Feb 10 09:43 2.6.32-131.0.15.el6.x86_64
drwxr-xr-x. 7 root root 4096 Feb 10 10:14 2.6.32-220.4.1.el6.x86_64
+ _________________________ fipscheck
+ cat /proc/sys/crypto/fips_enabled
0
+ _________________________ /proc/ksyms-netif_rx
+ test -r /proc/ksyms
+ test -r /proc/kallsyms
+ egrep netif_rx /proc/kallsyms
ffffffff81431060 T netif_rx
ffffffff814312d0 T netif_rx_ni
ffffffff81443a40 t ftrace_raw_output_netif_rx
ffffffff814445a0 t ftrace_profile_disable_netif_rx
ffffffff814445c0 t ftrace_raw_unreg_event_netif_rx
ffffffff81444c60 t ftrace_profile_enable_netif_rx
ffffffff81444c80 t ftrace_raw_reg_event_netif_rx
ffffffff81445550 t ftrace_raw_init_event_netif_rx
ffffffff81445c70 t ftrace_profile_netif_rx
ffffffff814465b0 t ftrace_raw_event_netif_rx
ffffffff81804ff2 r __tpstrtab_netif_rx
ffffffff81816c40 r __ksymtab_netif_rx_ni
ffffffff81816c50 r __ksymtab_netif_rx
ffffffff81825fc0 r __kcrctab_netif_rx_ni
ffffffff81825fc8 r __kcrctab_netif_rx
ffffffff8183f546 r __kstrtab_netif_rx_ni
ffffffff8183f552 r __kstrtab_netif_rx
ffffffff81b12980 d ftrace_event_type_netif_rx
ffffffff81bc79a0 D __tracepoint_netif_rx
ffffffff81bf12b0 d event_netif_rx
+ _________________________ lib/modules-netif_rx
+ modulegoo kernel/net/ipv4/ipip.o netif_rx
+ set +x
2.6.32-131.0.15.el6.x86_64:
2.6.32-220.4.1.el6.x86_64:
+ _________________________ kern.debug
+ test -f /var/log/kern.debug
+ _________________________ klog
+ sed -n '66,$p' /var/log/messages
+ egrep -i 'ipsec|klips|pluto'
+ case "$1" in
+ cat
Apr 10 14:49:27 linuxhost ipsec_setup: Starting Openswan IPsec U2.6.32/K2.6.32-220.4.1.el6.x86_64...
Apr 10 14:49:27 linuxhost ipsec_setup: Using NETKEY(XFRM) stack
Apr 10 14:49:27 linuxhost ipsec_setup: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
Apr 10 14:49:27 linuxhost ipsec_setup: ...Openswan IPsec started
Apr 10 14:49:27 linuxhost ipsec__plutorun: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
Apr 10 14:49:27 linuxhost ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
Apr 10 14:49:27 linuxhost pluto: adjusting ipsec.d to /etc/ipsec.d
Apr 10 14:49:27 linuxhost ipsec__plutorun: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
Apr 10 14:49:27 linuxhost ipsec__plutorun: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
Apr 10 14:49:27 linuxhost ipsec__plutorun: 002 Non-fips mode set in /proc/sys/crypto/fips_enabled
Apr 10 14:49:27 linuxhost ipsec__plutorun: 002 added connection description "windoze"
Apr 10 14:49:27 linuxhost ipsec__plutorun: 104 "windoze" #1: STATE_MAIN_I1: initiate
+ _________________________ plog
+ sed -n '1066,$p' /var/log/secure
+ egrep -i pluto
+ case "$1" in
+ cat
Apr 10 14:49:27 linuxhost ipsec__plutorun: Starting Pluto subsystem...
Apr 10 14:49:27 linuxhost pluto[18953]: nss directory plutomain: /etc/ipsec.d
Apr 10 14:49:27 linuxhost pluto[18953]: NSS Initialized
Apr 10 14:49:27 linuxhost pluto[18953]: Non-fips mode set in /proc/sys/crypto/fips_enabled
Apr 10 14:49:27 linuxhost pluto[18953]: Starting Pluto (Openswan Version 2.6.32; Vendor ID OEhyLdACecfa) pid:18953
Apr 10 14:49:27 linuxhost pluto[18953]: Non-fips mode set in /proc/sys/crypto/fips_enabled
Apr 10 14:49:27 linuxhost pluto[18953]: LEAK_DETECTIVE support [disabled]
Apr 10 14:49:27 linuxhost pluto[18953]: OCF support for IKE [disabled]
Apr 10 14:49:27 linuxhost pluto[18953]: SAref support [disabled]: Protocol not available
Apr 10 14:49:27 linuxhost pluto[18953]: SAbind support [disabled]: Protocol not available
Apr 10 14:49:27 linuxhost pluto[18953]: NSS support [enabled]
Apr 10 14:49:27 linuxhost pluto[18953]: HAVE_STATSD notification support not compiled in
Apr 10 14:49:27 linuxhost pluto[18953]: Setting NAT-Traversal port-4500 floating to off
Apr 10 14:49:27 linuxhost pluto[18953]: port floating activation criteria nat_t=0/port_float=1
Apr 10 14:49:27 linuxhost pluto[18953]: NAT-Traversal support [disabled]
Apr 10 14:49:27 linuxhost pluto[18953]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
Apr 10 14:49:27 linuxhost pluto[18953]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
Apr 10 14:49:27 linuxhost pluto[18953]: ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
Apr 10 14:49:27 linuxhost pluto[18953]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
Apr 10 14:49:27 linuxhost pluto[18953]: ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
Apr 10 14:49:27 linuxhost pluto[18953]: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
Apr 10 14:49:27 linuxhost pluto[18953]: ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
Apr 10 14:49:27 linuxhost pluto[18953]: starting up 3 cryptographic helpers
Apr 10 14:49:27 linuxhost pluto[18953]: started helper (thread) pid=139799685940992 (fd:10)
Apr 10 14:49:27 linuxhost pluto[18953]: started helper (thread) pid=139799675451136 (fd:12)
Apr 10 14:49:27 linuxhost pluto[18953]: started helper (thread) pid=139799664961280 (fd:14)
Apr 10 14:49:27 linuxhost pluto[18953]: Using Linux 2.6 IPsec interface code on 2.6.32-220.4.1.el6.x86_64 (experimental code)
Apr 10 14:49:27 linuxhost pluto[18953]: ike_alg_register_enc(): Activating aes_ccm_8: Ok (ret=0)
Apr 10 14:49:27 linuxhost pluto[18953]: ike_alg_add(): ERROR: Algorithm already exists
Apr 10 14:49:27 linuxhost pluto[18953]: ike_alg_register_enc(): Activating aes_ccm_12: FAILED (ret=-17)
Apr 10 14:49:27 linuxhost pluto[18953]: ike_alg_add(): ERROR: Algorithm already exists
Apr 10 14:49:27 linuxhost pluto[18953]: ike_alg_register_enc(): Activating aes_ccm_16: FAILED (ret=-17)
Apr 10 14:49:27 linuxhost pluto[18953]: ike_alg_add(): ERROR: Algorithm already exists
Apr 10 14:49:27 linuxhost pluto[18953]: ike_alg_register_enc(): Activating aes_gcm_8: FAILED (ret=-17)
Apr 10 14:49:27 linuxhost pluto[18953]: ike_alg_add(): ERROR: Algorithm already exists
Apr 10 14:49:27 linuxhost pluto[18953]: ike_alg_register_enc(): Activating aes_gcm_12: FAILED (ret=-17)
Apr 10 14:49:27 linuxhost pluto[18953]: ike_alg_add(): ERROR: Algorithm already exists
Apr 10 14:49:27 linuxhost pluto[18953]: ike_alg_register_enc(): Activating aes_gcm_16: FAILED (ret=-17)
Apr 10 14:49:27 linuxhost pluto[18953]: Could not change to directory '/etc/ipsec.d/cacerts': /
Apr 10 14:49:27 linuxhost pluto[18953]: Could not change to directory '/etc/ipsec.d/aacerts': /
Apr 10 14:49:27 linuxhost pluto[18953]: Could not change to directory '/etc/ipsec.d/ocspcerts': /
Apr 10 14:49:27 linuxhost pluto[18953]: Could not change to directory '/etc/ipsec.d/crls'
Apr 10 14:49:27 linuxhost pluto[18953]: | selinux support is NOT enabled.
Apr 10 14:49:27 linuxhost pluto[18953]: Non-fips mode set in /proc/sys/crypto/fips_enabled
Apr 10 14:49:27 linuxhost pluto[18953]: added connection description "windoze"
Apr 10 14:49:27 linuxhost pluto[18953]: listening for IKE messages
Apr 10 14:49:27 linuxhost pluto[18953]: adding interface eth1/eth1 10.1.112.202:500
Apr 10 14:49:27 linuxhost pluto[18953]: adding interface lo/lo 127.0.0.1:500
Apr 10 14:49:27 linuxhost pluto[18953]: adding interface eth1/eth1 xxx:500
Apr 10 14:49:27 linuxhost pluto[18953]: adding interface lo/lo ::1:500
Apr 10 14:49:27 linuxhost pluto[18953]: loading secrets from "/etc/ipsec.secrets"
Apr 10 14:49:27 linuxhost pluto[18953]: loading secrets from "/etc/ipsec.d/winhost.secrets"
Apr 10 14:49:27 linuxhost pluto[18953]: "windoze" #1: initiating Main Mode
Apr 10 14:53:17 linuxhost pluto[18953]: "windoze" #1: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Apr 10 14:53:17 linuxhost pluto[18953]: "windoze" #1: ignoring Vendor ID payload [FRAGMENTATION]
Apr 10 14:53:17 linuxhost pluto[18953]: "windoze" #1: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but port floating is off
Apr 10 14:53:17 linuxhost pluto[18953]: "windoze" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Apr 10 14:53:17 linuxhost pluto[18953]: "windoze" #1: STATE_MAIN_I2: sent MI2, expecting MR2
Apr 10 14:53:17 linuxhost pluto[18953]: "windoze" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Apr 10 14:53:17 linuxhost pluto[18953]: "windoze" #1: STATE_MAIN_I3: sent MI3, expecting MR3
Apr 10 14:53:17 linuxhost pluto[18953]: "windoze" #1: Main mode peer ID is ID_IPV4_ADDR: '10.1.112.14'
Apr 10 14:53:17 linuxhost pluto[18953]: "windoze" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
Apr 10 14:53:17 linuxhost pluto[18953]: "windoze" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
Apr 10 14:53:17 linuxhost pluto[18953]: "windoze" #2: initiating Quick Mode PSK+ENCRYPT+UP+IKEv2ALLOW+SAREFTRACK {using isakmp#1 msgid:ba3e2c2b proposal=3DES(3)_192-SHA1(2)_160 pfsgroup=no-pfs}
Apr 10 14:53:17 linuxhost pluto[18953]: "windoze" #2: IKE message has the Commit Flag set but Pluto doesn't implement this feature; ignoring flag
Apr 10 14:53:17 linuxhost pluto[18953]: "windoze" #2: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
Apr 10 14:53:17 linuxhost pluto[18953]: "windoze" #2: STATE_QUICK_I2: sent QI2, IPsec SA established transport mode {ESP=>0xf967a2ad <0x7fa89fe7 xfrm=3DES_0-HMAC_SHA1 NATOA=none NATD=none DPD=none}
Apr 10 14:53:17 linuxhost pluto[18953]: "windoze" #2: IKE message has the Commit Flag set but Pluto doesn't implement this feature; ignoring flag
Apr 10 14:53:17 linuxhost pluto[18953]: "windoze" #2: message ignored because it contains an unexpected payload type (ISAKMP_NEXT_HASH)
Apr 10 14:53:17 linuxhost pluto[18953]: "windoze" #2: sending encrypted notification INVALID_PAYLOAD_TYPE to 10.1.112.14:500
Apr 10 14:53:22 linuxhost pluto[18953]: "windoze" #1: the peer proposed: 10.1.112.202/32:17/0 -> 10.1.112.14/32:17/1701
Apr 10 14:53:22 linuxhost pluto[18953]: "windoze" #1: cannot respond to IPsec SA request because no connection is known for 10.1.112.202<10.1.112.202>[+S=C]:1/0...10.1.112.14<10.1.112.14>[+S=C]:1/0
Apr 10 14:53:22 linuxhost pluto[18953]: "windoze" #1: sending encrypted notification INVALID_ID_INFORMATION to 10.1.112.14:500
Apr 10 14:53:24 linuxhost pluto[18953]: "windoze" #1: the peer proposed: 10.1.112.202/32:17/0 -> 10.1.112.14/32:17/1701
Apr 10 14:53:24 linuxhost pluto[18953]: "windoze" #1: cannot respond to IPsec SA request because no connection is known for 10.1.112.202<10.1.112.202>[+S=C]:1/0...10.1.112.14<10.1.112.14>[+S=C]:1/0
Apr 10 14:53:24 linuxhost pluto[18953]: "windoze" #1: sending encrypted notification INVALID_ID_INFORMATION to 10.1.112.14:500
Apr 10 14:53:26 linuxhost pluto[18953]: "windoze" #1: the peer proposed: 10.1.112.202/32:17/0 -> 10.1.112.14/32:17/1701
Apr 10 14:53:26 linuxhost pluto[18953]: "windoze" #1: cannot respond to IPsec SA request because no connection is known for 10.1.112.202<10.1.112.202>[+S=C]:1/0...10.1.112.14<10.1.112.14>[+S=C]:1/0
Apr 10 14:53:26 linuxhost pluto[18953]: "windoze" #1: sending encrypted notification INVALID_ID_INFORMATION to 10.1.112.14:500
Apr 10 14:53:30 linuxhost pluto[18953]: "windoze" #1: the peer proposed: 10.1.112.202/32:17/0 -> 10.1.112.14/32:17/1701
Apr 10 14:53:30 linuxhost pluto[18953]: "windoze" #1: cannot respond to IPsec SA request because no connection is known for 10.1.112.202<10.1.112.202>[+S=C]:1/0...10.1.112.14<10.1.112.14>[+S=C]:1/0
Apr 10 14:53:30 linuxhost pluto[18953]: "windoze" #1: sending encrypted notification INVALID_ID_INFORMATION to 10.1.112.14:500
Apr 10 14:53:38 linuxhost pluto[18953]: "windoze" #1: the peer proposed: 10.1.112.202/32:17/0 -> 10.1.112.14/32:17/1701
Apr 10 14:53:38 linuxhost pluto[18953]: "windoze" #1: cannot respond to IPsec SA request because no connection is known for 10.1.112.202<10.1.112.202>[+S=C]:1/0...10.1.112.14<10.1.112.14>[+S=C]:1/0
Apr 10 14:53:38 linuxhost pluto[18953]: "windoze" #1: sending encrypted notification INVALID_ID_INFORMATION to 10.1.112.14:500
Apr 10 14:53:54 linuxhost pluto[18953]: "windoze" #1: the peer proposed: 10.1.112.202/32:17/0 -> 10.1.112.14/32:17/1701
Apr 10 14:53:54 linuxhost pluto[18953]: "windoze" #1: cannot respond to IPsec SA request because no connection is known for 10.1.112.202<10.1.112.202>[+S=C]:1/0...10.1.112.14<10.1.112.14>[+S=C]:1/0
Apr 10 14:53:54 linuxhost pluto[18953]: "windoze" #1: sending encrypted notification INVALID_ID_INFORMATION to 10.1.112.14:500
+ _________________________ date
+ date
Tue Apr 10 14:54:03 IST 2012
More information about the Users
mailing list