[Openswan Users] Help configuring simple IPSec from Linux to Windows - "cannot respond to IPsec SA request because no connection is known"

Paddy Doyle paddy at tchpc.tcd.ie
Tue Apr 10 10:05:07 EDT 2012


Hi again,

On Wed, Apr 04, 2012 at 06:29:44PM +0100, Paddy Doyle wrote:

> Hi all,
> 
> I'm having a problem trying to get IPSec working.

See attached output from "ipsec barf" from the Linux host.

I don't know how to interpret the "cannot respond to IPsec SA request because no
connection is known" lines.

   10.1.112.202<10.1.112.202>[+S=C]:1/0...10.1.112.14<10.1.112.14>[+S=C]:1/0

What do the various parts of the line mean? E.g. [+S=C] ?


Could the 'no connection' problem be something to do with {left|right}subnet? I
thought I had configured it to just restrict between two hosts.

Thanks,
Paddy

-- 
Paddy Doyle
Trinity Centre for High Performance Computing,
Lloyd Building, Trinity College Dublin, Dublin 2, Ireland.
Phone: +353-1-896-3725
http://www.tchpc.tcd.ie/
-------------- next part --------------
linuxhost.fq.dn
Tue Apr 10 14:54:03 IST 2012
+ _________________________ version
+ ipsec --version
Linux Openswan U2.6.32/K2.6.32-220.4.1.el6.x86_64 (netkey)
See `ipsec --copyright' for copyright information.
+ _________________________ /proc/version
+ cat /proc/version
Linux version 2.6.32-220.4.1.el6.x86_64 (mockbuild at sl6.fnal.gov) (gcc version 4.4.6 20110731 (Red Hat 4.4.6-3) (GCC) ) #1 SMP Mon Jan 23 17:20:44 CST 2012
+ _________________________ /proc/net/ipsec_eroute
+ test -r /proc/net/ipsec_eroute
+ _________________________ netstat-rn
+ netstat -nr
+ head -n 100
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
10.1.112.0   0.0.0.0         255.255.252.0   U         0 0          0 eth1
0.0.0.0         10.1.112.1   0.0.0.0         UG        0 0          0 eth1
+ _________________________ /proc/net/ipsec_spi
+ test -r /proc/net/ipsec_spi
+ _________________________ /proc/net/ipsec_spigrp
+ test -r /proc/net/ipsec_spigrp
+ _________________________ /proc/net/ipsec_tncfg
+ test -r /proc/net/ipsec_tncfg
+ _________________________ /proc/net/pfkey
+ test -r /proc/net/pfkey
+ cat /proc/net/pfkey
sk       RefCnt Rmem   Wmem   User   Inode
+ _________________________ ip-xfrm-state
+ ip xfrm state
src 10.1.112.14 dst 10.1.112.202
	proto esp spi 0x7fa89fe7 reqid 16385 mode transport
	replay-window 32 
	auth hmac(sha1) 0x0be2a63375df6c792a1259eb7589a8df8c7cbea9
	enc cbc(des3_ede) 0x524ec13ece87006e46a4db76fcad27587b280bf57848e84e
	sel src 0.0.0.0/0 dst 0.0.0.0/0 
src 10.1.112.202 dst 10.1.112.14
	proto esp spi 0xf967a2ad reqid 16385 mode transport
	replay-window 32 
	auth hmac(sha1) 0xd3ae726c1d02fd375e06ed87123319dab8285308
	enc cbc(des3_ede) 0xa5eb3609f080df75c0f8488293752ff1d7f017f04151aabe
	sel src 0.0.0.0/0 dst 0.0.0.0/0 
+ _________________________ ip-xfrm-policy
+ ip xfrm policy
src 10.1.112.202/32 dst 10.1.112.14/32 proto udp dport 1701 
	dir out priority 2080 ptype main 
	tmpl src 0.0.0.0 dst 0.0.0.0
		proto esp reqid 16385 mode transport
src 10.1.112.14/32 dst 10.1.112.202/32 proto udp sport 1701 
	dir in priority 2080 ptype main 
	tmpl src 0.0.0.0 dst 0.0.0.0
		proto esp reqid 16385 mode transport
src ::/0 dst ::/0 
	dir 4 priority 0 ptype main 
src ::/0 dst ::/0 
	dir 3 priority 0 ptype main 
src ::/0 dst ::/0 
	dir 4 priority 0 ptype main 
src ::/0 dst ::/0 
	dir 3 priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	dir 4 priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	dir 3 priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	dir 4 priority 0 ptype main 
src 0.0.0.0/0 dst 0.0.0.0/0 
	dir 3 priority 0 ptype main 
+ _________________________ /proc/crypto
+ test -r /proc/crypto
+ cat /proc/crypto
name         : authenc(hmac(sha1),cbc(des3_ede))
driver       : authenc(hmac(sha1-generic),cbc(des3_ede-generic))
module       : authenc
priority     : 0
refcnt       : 3
selftest     : passed
type         : aead
async        : no
blocksize    : 8
ivsize       : 8
maxauthsize  : 20
geniv        : <built-in>

name         : cbc(des3_ede)
driver       : cbc(des3_ede-generic)
module       : kernel
priority     : 0
refcnt       : 3
selftest     : passed
type         : givcipher
async        : no
blocksize    : 8
min keysize  : 24
max keysize  : 24
ivsize       : 8
geniv        : eseqiv

name         : deflate
driver       : deflate-generic
module       : deflate
priority     : 0
refcnt       : 1
selftest     : passed
type         : compression

name         : rfc3686(ctr(aes))
driver       : rfc3686(ctr(aes-asm))
module       : ctr
priority     : 200
refcnt       : 1
selftest     : passed
type         : blkcipher
blocksize    : 1
min keysize  : 20
max keysize  : 36
ivsize       : 8
geniv        : seqiv

name         : ctr(aes)
driver       : ctr(aes-asm)
module       : ctr
priority     : 200
refcnt       : 1
selftest     : passed
type         : blkcipher
blocksize    : 1
min keysize  : 16
max keysize  : 32
ivsize       : 16
geniv        : chainiv

name         : cbc(twofish)
driver       : cbc(twofish-asm)
module       : cbc
priority     : 200
refcnt       : 1
selftest     : passed
type         : blkcipher
blocksize    : 16
min keysize  : 16
max keysize  : 32
ivsize       : 16
geniv        : <default>

name         : cbc(camellia)
driver       : cbc(camellia-generic)
module       : cbc
priority     : 100
refcnt       : 1
selftest     : passed
type         : blkcipher
blocksize    : 16
min keysize  : 16
max keysize  : 32
ivsize       : 16
geniv        : <default>

name         : camellia
driver       : camellia-generic
module       : camellia
priority     : 100
refcnt       : 1
selftest     : passed
type         : cipher
blocksize    : 16
min keysize  : 16
max keysize  : 32

name         : cbc(serpent)
driver       : cbc(serpent-generic)
module       : cbc
priority     : 0
refcnt       : 1
selftest     : passed
type         : blkcipher
blocksize    : 16
min keysize  : 0
max keysize  : 32
ivsize       : 16
geniv        : <default>

name         : cbc(aes)
driver       : cbc(aes-asm)
module       : cbc
priority     : 200
refcnt       : 1
selftest     : passed
type         : blkcipher
blocksize    : 16
min keysize  : 16
max keysize  : 32
ivsize       : 16
geniv        : <default>

name         : cbc(blowfish)
driver       : cbc(blowfish-generic)
module       : cbc
priority     : 0
refcnt       : 1
selftest     : passed
type         : blkcipher
blocksize    : 8
min keysize  : 4
max keysize  : 56
ivsize       : 8
geniv        : <default>

name         : cbc(cast5)
driver       : cbc(cast5-generic)
module       : cbc
priority     : 0
refcnt       : 1
selftest     : passed
type         : blkcipher
blocksize    : 8
min keysize  : 5
max keysize  : 16
ivsize       : 8
geniv        : <default>

name         : cast5
driver       : cast5-generic
module       : cast5
priority     : 0
refcnt       : 1
selftest     : passed
type         : cipher
blocksize    : 8
min keysize  : 5
max keysize  : 16

name         : cbc(des3_ede)
driver       : cbc(des3_ede-generic)
module       : cbc
priority     : 0
refcnt       : 3
selftest     : passed
type         : blkcipher
blocksize    : 8
min keysize  : 24
max keysize  : 24
ivsize       : 8
geniv        : <default>

name         : cbc(des)
driver       : cbc(des-generic)
module       : cbc
priority     : 0
refcnt       : 1
selftest     : passed
type         : blkcipher
blocksize    : 8
min keysize  : 8
max keysize  : 8
ivsize       : 8
geniv        : <default>

name         : xcbc(aes)
driver       : xcbc(aes-asm)
module       : xcbc
priority     : 200
refcnt       : 1
selftest     : passed
type         : shash
blocksize    : 16
digestsize   : 16

name         : hmac(rmd160)
driver       : hmac(rmd160-generic)
module       : kernel
priority     : 0
refcnt       : 1
selftest     : passed
type         : shash
blocksize    : 64
digestsize   : 20

name         : rmd160
driver       : rmd160-generic
module       : rmd160
priority     : 0
refcnt       : 1
selftest     : passed
type         : shash
blocksize    : 64
digestsize   : 20

name         : hmac(sha256)
driver       : hmac(sha256-generic)
module       : kernel
priority     : 0
refcnt       : 1
selftest     : passed
type         : shash
blocksize    : 64
digestsize   : 32

name         : hmac(sha1)
driver       : hmac(sha1-generic)
module       : kernel
priority     : 0
refcnt       : 5
selftest     : passed
type         : shash
blocksize    : 64
digestsize   : 20

name         : hmac(md5)
driver       : hmac(md5-generic)
module       : kernel
priority     : 0
refcnt       : 1
selftest     : passed
type         : shash
blocksize    : 64
digestsize   : 16

name         : compress_null
driver       : compress_null-generic
module       : crypto_null
priority     : 0
refcnt       : 1
selftest     : passed
type         : compression

name         : digest_null
driver       : digest_null-generic
module       : crypto_null
priority     : 0
refcnt       : 1
selftest     : passed
type         : shash
blocksize    : 1
digestsize   : 0

name         : ecb(cipher_null)
driver       : ecb-cipher_null
module       : crypto_null
priority     : 100
refcnt       : 1
selftest     : passed
type         : blkcipher
blocksize    : 1
min keysize  : 0
max keysize  : 0
ivsize       : 0
geniv        : <default>

name         : cipher_null
driver       : cipher_null-generic
module       : crypto_null
priority     : 0
refcnt       : 1
selftest     : passed
type         : cipher
blocksize    : 1
min keysize  : 0
max keysize  : 0

name         : tnepres
driver       : tnepres-generic
module       : serpent
priority     : 0
refcnt       : 1
selftest     : passed
type         : cipher
blocksize    : 16
min keysize  : 0
max keysize  : 32

name         : serpent
driver       : serpent-generic
module       : serpent
priority     : 0
refcnt       : 1
selftest     : passed
type         : cipher
blocksize    : 16
min keysize  : 0
max keysize  : 32

name         : blowfish
driver       : blowfish-generic
module       : blowfish
priority     : 0
refcnt       : 1
selftest     : passed
type         : cipher
blocksize    : 8
min keysize  : 4
max keysize  : 56

name         : twofish
driver       : twofish-asm
module       : twofish_x86_64
priority     : 200
refcnt       : 1
selftest     : passed
type         : cipher
blocksize    : 16
min keysize  : 16
max keysize  : 32

name         : sha256
driver       : sha256-generic
module       : sha256_generic
priority     : 0
refcnt       : 1
selftest     : passed
type         : shash
blocksize    : 64
digestsize   : 32

name         : sha224
driver       : sha224-generic
module       : sha256_generic
priority     : 0
refcnt       : 1
selftest     : passed
type         : shash
blocksize    : 64
digestsize   : 28

name         : sha512
driver       : sha512-generic
module       : sha512_generic
priority     : 0
refcnt       : 1
selftest     : passed
type         : shash
blocksize    : 128
digestsize   : 64

name         : sha384
driver       : sha384-generic
module       : sha512_generic
priority     : 0
refcnt       : 1
selftest     : passed
type         : shash
blocksize    : 128
digestsize   : 48

name         : des3_ede
driver       : des3_ede-generic
module       : des_generic
priority     : 0
refcnt       : 3
selftest     : passed
type         : cipher
blocksize    : 8
min keysize  : 24
max keysize  : 24

name         : des
driver       : des-generic
module       : des_generic
priority     : 0
refcnt       : 1
selftest     : passed
type         : cipher
blocksize    : 8
min keysize  : 8
max keysize  : 8

name         : aes
driver       : aes-asm
module       : aes_x86_64
priority     : 200
refcnt       : 1
selftest     : passed
type         : cipher
blocksize    : 16
min keysize  : 16
max keysize  : 32

name         : aes
driver       : aes-generic
module       : aes_generic
priority     : 100
refcnt       : 1
selftest     : passed
type         : cipher
blocksize    : 16
min keysize  : 16
max keysize  : 32

name         : stdrng
driver       : krng
module       : kernel
priority     : 200
refcnt       : 2
selftest     : passed
type         : rng
seedsize     : 0

name         : crc32c
driver       : crc32c-generic
module       : kernel
priority     : 100
refcnt       : 1
selftest     : passed
type         : shash
blocksize    : 1
digestsize   : 4

name         : sha1
driver       : sha1-generic
module       : kernel
priority     : 0
refcnt       : 3
selftest     : passed
type         : shash
blocksize    : 64
digestsize   : 20

name         : md5
driver       : md5-generic
module       : kernel
priority     : 0
refcnt       : 1
selftest     : passed
type         : shash
blocksize    : 64
digestsize   : 16

+ __________________________/proc/sys/net/core/xfrm-star
/usr/libexec/ipsec/barf: line 190: __________________________/proc/sys/net/core/xfrm-star: No such file or directory
+ for i in '/proc/sys/net/core/xfrm_*'
+ echo -n '/proc/sys/net/core/xfrm_acq_expires: '
/proc/sys/net/core/xfrm_acq_expires: + cat /proc/sys/net/core/xfrm_acq_expires
30
+ for i in '/proc/sys/net/core/xfrm_*'
+ echo -n '/proc/sys/net/core/xfrm_aevent_etime: '
/proc/sys/net/core/xfrm_aevent_etime: + cat /proc/sys/net/core/xfrm_aevent_etime
10
+ for i in '/proc/sys/net/core/xfrm_*'
+ echo -n '/proc/sys/net/core/xfrm_aevent_rseqth: '
/proc/sys/net/core/xfrm_aevent_rseqth: + cat /proc/sys/net/core/xfrm_aevent_rseqth
2
+ for i in '/proc/sys/net/core/xfrm_*'
+ echo -n '/proc/sys/net/core/xfrm_larval_drop: '
/proc/sys/net/core/xfrm_larval_drop: + cat /proc/sys/net/core/xfrm_larval_drop
1
+ _________________________ /proc/sys/net/ipsec-star
+ test -d /proc/sys/net/ipsec
+ _________________________ ipsec/status
+ ipsec auto --status
000 using kernel interface: netkey
000 interface lo/lo ::1
000 interface eth1/eth1 xxx
000 interface lo/lo 127.0.0.1
000 interface eth1/eth1 10.1.112.202
000 %myid = (none)
000 debug none
000 
000 virtual_private (%priv):
000 - allowed 0 subnets: 
000 - disallowed 0 subnets: 
000 WARNING: Either virtual_private= is not specified, or there is a syntax 
000          error in that line. 'left/rightsubnet=vhost:%priv' will not work!
000 WARNING: Disallowed subnets in virtual_private= is empty. If you have 
000          private address space in internal use, it should be excluded!
000 
000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64, keysizemax=64
000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192, keysizemax=192
000 algorithm ESP encrypt: id=6, name=ESP_CAST, ivlen=8, keysizemin=40, keysizemax=128
000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8, keysizemin=40, keysizemax=448
000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0, keysizemax=0
000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=13, name=ESP_AES_CTR, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=14, name=ESP_AES_CCM_A, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=15, name=ESP_AES_CCM_B, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=16, name=ESP_AES_CCM_C, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=18, name=ESP_AES_GCM_A, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=19, name=ESP_AES_GCM_B, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=20, name=ESP_AES_GCM_C, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=22, name=ESP_CAMELLIA, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160
000 algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256, keysizemin=256, keysizemax=256
000 algorithm ESP auth attr: id=8, name=AUTH_ALGORITHM_HMAC_RIPEMD, keysizemin=160, keysizemax=160
000 algorithm ESP auth attr: id=9, name=AUTH_ALGORITHM_AES_CBC, keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=251, name=(null), keysizemin=0, keysizemax=0
000 
000 algorithm IKE encrypt: id=0, name=(null), blocksize=16, keydeflen=131
000 algorithm IKE encrypt: id=3, name=OAKLEY_BLOWFISH_CBC, blocksize=8, keydeflen=128
000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8, keydeflen=192
000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: id=65004, name=OAKLEY_SERPENT_CBC, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: id=65005, name=OAKLEY_TWOFISH_CBC, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: id=65289, name=OAKLEY_TWOFISH_CBC_SSH, blocksize=16, keydeflen=128
000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20
000 algorithm IKE hash: id=4, name=OAKLEY_SHA2_256, hashsize=32
000 algorithm IKE hash: id=6, name=OAKLEY_SHA2_512, hashsize=64
000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
000 algorithm IKE dh group: id=22, name=OAKLEY_GROUP_DH22, bits=1024
000 algorithm IKE dh group: id=23, name=OAKLEY_GROUP_DH23, bits=2048
000 algorithm IKE dh group: id=24, name=OAKLEY_GROUP_DH24, bits=2048
000 
000 stats db_ops: {curr_cnt, total_cnt, maxsz} :context={0,2,64} trans={0,2,2304} attrs={0,2,1536} 
000 
000 "windoze": 10.1.112.202/32===10.1.112.202<10.1.112.202>[+S=C]:17/0...10.1.112.14<10.1.112.14>[+S=C]:17/1701===10.1.112.14/32; erouted; eroute owner: #2
000 "windoze":     myip=unset; hisip=unset;
000 "windoze":   ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
000 "windoze":   policy: PSK+ENCRYPT+UP+IKEv2ALLOW+SAREFTRACK+lKOD+rKOD; prio: 32,32; interface: eth1; 
000 "windoze":   newest ISAKMP SA: #1; newest IPsec SA: #2; 
000 "windoze":   IKE algorithm newest: 3DES_CBC_192-SHA1-MODP1024
000 "windoze":   ESP algorithms wanted: 3DES(3)_000-SHA1(2)_000; flags=-strict
000 "windoze":   ESP algorithms loaded: 3DES(3)_192-SHA1(2)_160
000 "windoze":   ESP algorithm newest: 3DES_000-HMAC_SHA1; pfsgroup=<N/A>
000 
000 #2: "windoze":500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 28002s; newest IPSEC; eroute owner; isakmp#1; idle; import:admin initiate
000 #2: "windoze" esp.f967a2ad at 10.1.112.14 esp.7fa89fe7 at 10.1.112.202 ref=0 refhim=4294901761
000 #1: "windoze":500 STATE_MAIN_I4 (ISAKMP SA established); none in -1s; newest ISAKMP; nodpd; idle; import:admin initiate
000 
+ _________________________ ifconfig-a
+ ifconfig -a
eth1      Link encap:Ethernet  HWaddr 52:54:00:A6:E0:FD  
          inet addr:10.1.112.202  Bcast:10.1.115.255  Mask:255.255.252.0
          inet6 addr: xxx/64 Scope:Global
          inet6 addr: fe80::5054:ff:fea6:e0fd/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:6832125 errors:0 dropped:0 overruns:0 frame:0
          TX packets:93991 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1002004451 (955.5 MiB)  TX bytes:17842007 (17.0 MiB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

+ _________________________ ip-addr-list
+ ip addr list
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 52:54:00:a6:e0:fd brd ff:ff:ff:ff:ff:ff
    inet 10.1.112.202/22 brd 10.1.115.255 scope global eth1
    inet6 xxx/64 scope global dynamic 
       valid_lft 86395sec preferred_lft 14395sec
    inet6 fe80::5054:ff:fea6:e0fd/64 scope link 
       valid_lft forever preferred_lft forever
+ _________________________ ip-route-list
+ ip route list
10.1.112.0/22 dev eth1  proto kernel  scope link  src 10.1.112.202  metric 1 
default via 10.1.112.1 dev eth1  proto static 
+ _________________________ ip-rule-list
+ ip rule list
0:	from all lookup local 
32766:	from all lookup main 
32767:	from all lookup default 
+ _________________________ ipsec_verify
+ ipsec verify --nocolour
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                             	[OK]
Linux Openswan U2.6.32/K2.6.32-220.4.1.el6.x86_64 (netkey)
Checking for IPsec support in kernel                        	[OK]
 SAref kernel support                                       	[N/A]
 NETKEY:  Testing for disabled ICMP send_redirects          	[OK]
NETKEY detected, testing for disabled ICMP accept_redirects 	[OK]
Checking that pluto is running                              	[OK]
 Pluto listening for IKE on udp 500                         	[OK]
 Pluto listening for NAT-T on udp 4500                      	[FAILED]
Checking for 'ip' command                                   	[OK]
Checking /bin/sh is not /bin/dash                           	[OK]
Checking for 'iptables' command                             	[OK]
Opportunistic Encryption Support                            	[DISABLED]
+ _________________________ mii-tool
+ '[' -x /sbin/mii-tool ']'
+ /sbin/mii-tool -v
No interface specified
usage: /sbin/mii-tool [-VvRrwl] [-A media,... | -F media] <interface> ...
       -V, --version               display version information
       -v, --verbose               more verbose output
       -R, --reset                 reset MII to poweron state
       -r, --restart               restart autonegotiation
       -w, --watch                 monitor for link status changes
       -l, --log                   with -w, write events to syslog
       -A, --advertise=media,...   advertise only specified media
       -F, --force=media           force specified media technology
media: 100baseT4, 100baseTx-FD, 100baseTx-HD, 10baseT-FD, 10baseT-HD,
       (to advertise both HD and FD) 100baseTx, 10baseT
+ _________________________ ipsec/directory
+ ipsec --directory
/usr/libexec/ipsec
+ _________________________ hostname/fqdn
+ hostname --fqdn
linuxhost.fq.dn
+ _________________________ hostname/ipaddress
+ hostname --ip-address
10.1.112.202
+ _________________________ uptime
+ uptime
 14:54:03 up 11 days,  2:44,  9 users,  load average: 0.00, 0.00, 0.00
+ _________________________ ps
+ ps alxwf
+ egrep -i 'ppid|pluto|ipsec|klips'
F   UID   PID  PPID PRI  NI    VSZ   RSS WCHAN  STAT TTY        TIME COMMAND
0     0  2085  1929  20   0 143852  4160 signal T    pts/1      0:00                  |   \_ vim /etc/ipsec.conf
0     0 19195  2192  20   0 106088  1324 wait   S+   pts/4      0:00                  |   \_ /bin/sh /usr/libexec/ipsec/barf
0     0 19268 19195  20   0   4140   612 -      S+   pts/4      0:00                  |       \_ egrep -i ppid|pluto|ipsec|klips
1     0 18947     1  20   0   9220   520 wait   S    pts/4      0:00 /bin/sh /usr/libexec/ipsec/_plutorun --debug  --uniqueids yes --force_busy no --nocrsend no --strictcrlpolicy no --nat_traversal no --keep_alive  --protostack netkey --force_keepalive no --disable_port_floating no --virtual_private  --listen  --crlcheckinterval 0 --ocspuri  --nhelpers  --secctx_attr_value  --dump  --opts  --stderrlog  --wait no --pre  --post  --log daemon.error --plutorestartoncrash true --pid /var/run/pluto/pluto.pid
1     0 18949 18947  20   0   9220   680 wait   S    pts/4      0:00  \_ /bin/sh /usr/libexec/ipsec/_plutorun --debug  --uniqueids yes --force_busy no --nocrsend no --strictcrlpolicy no --nat_traversal no --keep_alive  --protostack netkey --force_keepalive no --disable_port_floating no --virtual_private  --listen  --crlcheckinterval 0 --ocspuri  --nhelpers  --secctx_attr_value  --dump  --opts  --stderrlog  --wait no --pre  --post  --log daemon.error --plutorestartoncrash true --pid /var/run/pluto/pluto.pid
4     0 18953 18949  20   0 313564  5364 poll_s Sl   pts/4      0:00  |   \_ /usr/libexec/ipsec/pluto --nofork --secretsfile /etc/ipsec.secrets --ipsecdir /etc/ipsec.d --use-netkey --uniqueids
0     0 18984 18953  20   0   6072   412 poll_s S    pts/4      0:00  |       \_ _pluto_adns
0     0 18950 18947  20   0   9220  1152 pipe_w S    pts/4      0:00  \_ /bin/sh /usr/libexec/ipsec/_plutoload --wait no --post 
0     0 18948     1  20   0   4044   612 pipe_w S    pts/4      0:00 logger -s -p daemon.error -t ipsec__plutorun
+ _________________________ ipsec/showdefaults
+ ipsec showdefaults
routephys=eth1
routevirt=none
routeaddr=10.1.112.202
routenexthop=10.1.112.1
+ _________________________ ipsec/conf
+ ipsec _include /etc/ipsec.conf
+ ipsec _keycensor

#< /etc/ipsec.conf 1
# /etc/ipsec.conf - Openswan IPsec configuration file
#
# Manual:     ipsec.conf.5
#
# Please place your own config files in /etc/ipsec.d/ ending in .conf

version	2.0	# conforms to second version of ipsec.conf specification

# basic configuration
config setup
	# Debug-logging controls:  "none" for (almost) none, "all" for lots.
	klipsdebug="none"
	plutodebug="none"
	# For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
	protostack=netkey
	#nat_traversal=yes
	#virtual_private=
	oe=off
	# Enable this if you see "failed to find any available worker"
	# nhelpers=0

#You may put your configuration (.conf) file in the "/etc/ipsec.d/" and uncomment this.

#< /etc/ipsec.d/winhost.conf 1
# conf file to connect linux - windoze (2003 server)

# sample host-to-host tunnel (no subnets)
# Here we assume (for purposes of illustration) that the hosts talk directly
# to each other, so we don't need next-hop settings.
#conn samplehth
#	### left host (public-network address)
#	left=10.1.112.202
#	#leftsubnet=10.1.112.202/32
#	### next hop to reach right
#	#leftnexthop=
#	### right host
#	right=10.1.112.14
#	#rightsubnet=10.1.112.14/32
#	### next hop to reach left
#	#rightnexthop=
#	### (manual) SPI number
#	#spi=0x300
#	# (manual) encryption/authentication algorithm and parameters to it
#	#esp=3des-sha1
#	#espenckey=[sums to 2e5f...]
#	#espauthkey=[sums to c8c9...]
#	authby=secret
#	auto=add
#	type=transport



conn windoze
        left=10.1.112.202
	leftsubnet=10.1.112.202/32
        right=10.1.112.14
	rightsubnet=10.1.112.14/32
        type=transport
	pfs=no
        auth=esp
        auto=start
        authby=secret
	leftprotoport=17/0
	rightprotoport=17/1701
	esp=3des-sha1

#conn samplehth
#        ### left host
#        left=10.1.112.202
#        ### right host
#        right=10.1.112.14
#        auto=start
#        authby=secret
#        type=transport


#conn win-tun
#	type=transport
#	authby=secret
#	auth=esp
#	keyingtries=0
#	compress=no
#	pfs=yes
#	esp=3des-sha1
#	ike=3des-sha1
#	ikelifetime=7200s
#	keylife=900s
#	rekey=yes
#	rekeymargin=90s
#	rekeyfuzz=5%
#	left=10.1.112.202
#	#leftsubnet=10.1.112.202/32
#	#leftsourceip=10.1.112.202
#	right=10.1.112.14
#	#rightsubnet=10.1.112.14/32
#	auto=route


#conn sampletm
#	### transport mode rather than tunnel
#	type=transport
#	### left host (public-network address)
#	left=10.1.112.202
#	# next hop to reach right
#	#leftnexthop=10.44.55.66
#	### right host, and next hop to reach left
#	right=10.1.112.14
#	#rightnexthop=10.88.77.66
#	### (manual) SPI number
#	spi=0x600
#	### (manual) encryption algorithm and parameters to it
#	esp=3des
#	espenckey=[sums to 2e5f...]
#	### (manual) authentication algorithm and parameters to it
#	ah=hmac-md5
#	ahkey=[128 bits]
#	### (auto) authentication control
#	auth=ah


#> /etc/ipsec.conf 24
+ _________________________ ipsec/secrets
+ ipsec _include /etc/ipsec.secrets
+ ipsec _secretcensor

#< /etc/ipsec.secrets 1

#< /etc/ipsec.d/winhost.secrets 1
10.1.112.202 10.1.112.14: PSK "[sums to 6f59...]"

#> /etc/ipsec.secrets 2
+ _________________________ ipsec/listall
+ ipsec auto --listall
000  
000 List of Public Keys:
000  
000 List of Pre-shared secrets (from /etc/ipsec.secrets)
000     1: PSK 10.1.112.14 10.1.112.202
+ '[' /etc/ipsec.d/policies ']'
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/block
+ base=block
+ _________________________ ipsec/policies/block
+ cat /etc/ipsec.d/policies/block
# This file defines the set of CIDRs (network/mask-length) to which
# communication should never be allowed.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: block.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#

+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/clear
+ base=clear
+ _________________________ ipsec/policies/clear
+ cat /etc/ipsec.d/policies/clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be in the clear.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#

# root name servers should be in the clear
192.58.128.30/32
198.41.0.4/32
192.228.79.201/32
192.33.4.12/32
128.8.10.90/32
192.203.230.10/32
192.5.5.241/32
192.112.36.4/32
128.63.2.53/32
192.36.148.17/32
193.0.14.129/32
199.7.83.42/32
202.12.27.33/32
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/clear-or-private
+ base=clear-or-private
+ _________________________ ipsec/policies/clear-or-private
+ cat /etc/ipsec.d/policies/clear-or-private
# This file defines the set of CIDRs (network/mask-length) to which
# we will communicate in the clear, or, if the other side initiates IPSEC,
# using encryption.  This behaviour is also called "Opportunistic Responder".
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: clear-or-private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/private
+ base=private
+ _________________________ ipsec/policies/private
+ cat /etc/ipsec.d/policies/private
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be private (i.e. encrypted).
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/private-or-clear
+ base=private-or-clear
+ _________________________ ipsec/policies/private-or-clear
+ cat /etc/ipsec.d/policies/private-or-clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should be private, if possible, but in the clear otherwise.
#
# If the target has a TXT (later IPSECKEY) record that specifies
# authentication material, we will require private (i.e. encrypted)
# communications.  If no such record is found, communications will be
# in the clear.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: private-or-clear.in,v 1.5 2003/02/17 02:22:15 mcr Exp $
#

0.0.0.0/0
+ _________________________ ipsec/ls-libdir
+ ls -l /usr/libexec/ipsec
total 2468
-rwxr-xr-x 1 root root   10592 Dec 10 07:19 _copyright
-rwxr-xr-x 1 root root    2430 Dec 10 07:18 _include
-rwxr-xr-x 1 root root    1475 Dec 10 07:18 _keycensor
-rwxr-xr-x 1 root root   14528 Dec 10 07:19 _pluto_adns
-rwxr-xr-x 1 root root    2567 Dec 10 07:18 _plutoload
-rwxr-xr-x 1 root root    8474 Dec 10 07:18 _plutorun
-rwxr-xr-x 1 root root   13671 Dec 10 07:18 _realsetup
-rwxr-xr-x 1 root root    1975 Dec 10 07:18 _secretcensor
-rwxr-xr-x 1 root root   11507 Dec 10 07:18 _startklips
-rwxr-xr-x 1 root root    6096 Dec 10 07:18 _startnetkey
-rwxr-xr-x 1 root root    4923 Dec 10 07:18 _updown
-rwxr-xr-x 1 root root   16227 Dec 10 07:18 _updown.klips
-rwxr-xr-x 1 root root   16583 Dec 10 07:18 _updown.mast
-rwxr-xr-x 1 root root   13745 Dec 10 07:18 _updown.netkey
-rwxr-xr-x 1 root root  226448 Dec 10 07:19 addconn
-rwxr-xr-x 1 root root    6015 Dec 10 07:18 auto
-rwxr-xr-x 1 root root   10978 Dec 10 07:18 barf
-rwxr-xr-x 1 root root   93840 Dec 10 07:19 eroute
-rwxr-xr-x 1 root root   26736 Dec 10 07:19 ikeping
-rwxr-xr-x 1 root root   69552 Dec 10 07:19 klipsdebug
-rwxr-xr-x 1 root root    2455 Dec 10 07:18 look
-rwxr-xr-x 1 root root    2189 Dec 10 07:18 newhostkey
-rwxr-xr-x 1 root root   64976 Dec 10 07:19 pf_key
-rwxr-xr-x 1 root root 1072848 Dec 10 07:19 pluto
-rwxr-xr-x 1 root root   12349 Dec 10 07:18 policy
-rwxr-xr-x 1 root root   10576 Dec 10 07:19 ranbits
-rwxr-xr-x 1 root root   27376 Dec 10 07:19 rsasigkey
-rwxr-xr-x 1 root root     704 Dec 10 07:18 secrets
lrwxrwxrwx 1 root root      30 Mar 28 15:48 setup -> ../../../etc/rc.d/init.d/ipsec
-rwxr-xr-x 1 root root    1126 Dec 10 07:18 showdefaults
-rwxr-xr-x 1 root root  267584 Dec 10 07:19 showhostkey
-rwxr-xr-x 1 root root   26736 Dec 10 07:19 showpolicy
-rwxr-xr-x 1 root root  176552 Dec 10 07:19 spi
-rwxr-xr-x 1 root root   81504 Dec 10 07:19 spigrp
-rwxr-xr-x 1 root root   77032 Dec 10 07:19 tncfg
-rwxr-xr-x 1 root root   14828 Dec 10 07:18 verify
-rwxr-xr-x 1 root root   59904 Dec 10 07:19 whack
+ _________________________ ipsec/ls-execdir
+ ls -l /usr/libexec/ipsec
total 2468
-rwxr-xr-x 1 root root   10592 Dec 10 07:19 _copyright
-rwxr-xr-x 1 root root    2430 Dec 10 07:18 _include
-rwxr-xr-x 1 root root    1475 Dec 10 07:18 _keycensor
-rwxr-xr-x 1 root root   14528 Dec 10 07:19 _pluto_adns
-rwxr-xr-x 1 root root    2567 Dec 10 07:18 _plutoload
-rwxr-xr-x 1 root root    8474 Dec 10 07:18 _plutorun
-rwxr-xr-x 1 root root   13671 Dec 10 07:18 _realsetup
-rwxr-xr-x 1 root root    1975 Dec 10 07:18 _secretcensor
-rwxr-xr-x 1 root root   11507 Dec 10 07:18 _startklips
-rwxr-xr-x 1 root root    6096 Dec 10 07:18 _startnetkey
-rwxr-xr-x 1 root root    4923 Dec 10 07:18 _updown
-rwxr-xr-x 1 root root   16227 Dec 10 07:18 _updown.klips
-rwxr-xr-x 1 root root   16583 Dec 10 07:18 _updown.mast
-rwxr-xr-x 1 root root   13745 Dec 10 07:18 _updown.netkey
-rwxr-xr-x 1 root root  226448 Dec 10 07:19 addconn
-rwxr-xr-x 1 root root    6015 Dec 10 07:18 auto
-rwxr-xr-x 1 root root   10978 Dec 10 07:18 barf
-rwxr-xr-x 1 root root   93840 Dec 10 07:19 eroute
-rwxr-xr-x 1 root root   26736 Dec 10 07:19 ikeping
-rwxr-xr-x 1 root root   69552 Dec 10 07:19 klipsdebug
-rwxr-xr-x 1 root root    2455 Dec 10 07:18 look
-rwxr-xr-x 1 root root    2189 Dec 10 07:18 newhostkey
-rwxr-xr-x 1 root root   64976 Dec 10 07:19 pf_key
-rwxr-xr-x 1 root root 1072848 Dec 10 07:19 pluto
-rwxr-xr-x 1 root root   12349 Dec 10 07:18 policy
-rwxr-xr-x 1 root root   10576 Dec 10 07:19 ranbits
-rwxr-xr-x 1 root root   27376 Dec 10 07:19 rsasigkey
-rwxr-xr-x 1 root root     704 Dec 10 07:18 secrets
lrwxrwxrwx 1 root root      30 Mar 28 15:48 setup -> ../../../etc/rc.d/init.d/ipsec
-rwxr-xr-x 1 root root    1126 Dec 10 07:18 showdefaults
-rwxr-xr-x 1 root root  267584 Dec 10 07:19 showhostkey
-rwxr-xr-x 1 root root   26736 Dec 10 07:19 showpolicy
-rwxr-xr-x 1 root root  176552 Dec 10 07:19 spi
-rwxr-xr-x 1 root root   81504 Dec 10 07:19 spigrp
-rwxr-xr-x 1 root root   77032 Dec 10 07:19 tncfg
-rwxr-xr-x 1 root root   14828 Dec 10 07:18 verify
-rwxr-xr-x 1 root root   59904 Dec 10 07:19 whack
+ _________________________ /proc/net/dev
+ cat /proc/net/dev
Inter-|   Receive                                                |  Transmit
 face |bytes    packets errs drop fifo frame compressed multicast|bytes    packets errs drop fifo colls carrier compressed
    lo:       0       0    0    0    0     0          0         0        0       0    0    0    0     0       0          0
  eth1:1002005656 6832129    0    0    0     0          0         0 17842430   93995    0    0    0     0       0          0
+ _________________________ /proc/net/route
+ cat /proc/net/route
Iface	Destination	Gateway 	Flags	RefCnt	Use	Metric	Mask		MTU	Window	IRTT                                                       
eth1	0070E286	00000000	0001	0	0	1	00FCFFFF	0	0	0                                                                               
eth1	00000000	0170E286	0003	0	0	0	00000000	0	0	0                                                                               
+ _________________________ /proc/sys/net/ipv4/ip_no_pmtu_disc
+ cat /proc/sys/net/ipv4/ip_no_pmtu_disc
0
+ _________________________ /proc/sys/net/ipv4/ip_forward
+ cat /proc/sys/net/ipv4/ip_forward
0
+ _________________________ /proc/sys/net/ipv4/tcp_ecn
+ cat /proc/sys/net/ipv4/tcp_ecn
2
+ _________________________ /proc/sys/net/ipv4/conf/star-rp_filter
+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/rp_filter default/rp_filter eth1/rp_filter lo/rp_filter
all/rp_filter:0
default/rp_filter:1
eth1/rp_filter:1
lo/rp_filter:1
+ _________________________ /proc/sys/net/ipv4/conf/star-star-redirects
+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/accept_redirects all/secure_redirects all/send_redirects default/accept_redirects default/secure_redirects default/send_redirects eth1/accept_redirects eth1/secure_redirects eth1/send_redirects lo/accept_redirects lo/secure_redirects lo/send_redirects
all/accept_redirects:0
all/secure_redirects:1
all/send_redirects:0
default/accept_redirects:0
default/secure_redirects:1
default/send_redirects:0
eth1/accept_redirects:0
eth1/secure_redirects:1
eth1/send_redirects:0
lo/accept_redirects:0
lo/secure_redirects:1
lo/send_redirects:0
+ _________________________ /proc/sys/net/ipv4/tcp_window_scaling
+ cat /proc/sys/net/ipv4/tcp_window_scaling
1
+ _________________________ /proc/sys/net/ipv4/tcp_adv_win_scale
+ cat /proc/sys/net/ipv4/tcp_adv_win_scale
2
+ _________________________ uname-a
+ uname -a
Linux linuxhost.fq.dn 2.6.32-220.4.1.el6.x86_64 #1 SMP Mon Jan 23 17:20:44 CST 2012 x86_64 x86_64 x86_64 GNU/Linux
+ _________________________ config-built-with
+ test -r /proc/config_built_with
+ _________________________ distro-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/redhat-release
+ cat /etc/redhat-release
Scientific Linux release 6.2 (Carbon)
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/debian-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/SuSE-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/mandrake-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/mandriva-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/gentoo-release
+ _________________________ /proc/net/ipsec_version
+ test -r /proc/net/ipsec_version
+ test -r /proc/net/pfkey
++ uname -r
+ echo 'NETKEY (2.6.32-220.4.1.el6.x86_64) support detected '
NETKEY (2.6.32-220.4.1.el6.x86_64) support detected 
+ _________________________ iptables
+ test -r /sbin/iptables-save
+ iptables-save
# Generated by iptables-save v1.4.7 on Tue Apr 10 14:54:03 2012
*mangle
:PREROUTING ACCEPT [1396087:281825983]
:INPUT ACCEPT [1162693:251084533]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [3552:766895]
:POSTROUTING ACCEPT [3552:766895]
COMMIT
# Completed on Tue Apr 10 14:54:03 2012
# Generated by iptables-save v1.4.7 on Tue Apr 10 14:54:03 2012
*nat
:PREROUTING ACCEPT [1382359:276943703]
:POSTROUTING ACCEPT [1255:112867]
:OUTPUT ACCEPT [1255:112867]
COMMIT
# Completed on Tue Apr 10 14:54:03 2012
# Generated by iptables-save v1.4.7 on Tue Apr 10 14:54:03 2012
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [82358:16255526]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A INPUT -p icmp -j ACCEPT 
-A INPUT -i lo -j ACCEPT 
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT 
-A INPUT -p udp -m udp --dport 69 -j ACCEPT 
-A INPUT -s 10.1.112.22/32 -j ACCEPT 
-A INPUT -s 10.1.112.14/32 -j ACCEPT 
-A INPUT -j REJECT --reject-with icmp-host-prohibited 
-A FORWARD -j REJECT --reject-with icmp-host-prohibited 
COMMIT
# Completed on Tue Apr 10 14:54:03 2012
+ _________________________ iptables-nat
+ iptables-save -t nat
# Generated by iptables-save v1.4.7 on Tue Apr 10 14:54:03 2012
*nat
:PREROUTING ACCEPT [1382359:276943703]
:POSTROUTING ACCEPT [1255:112867]
:OUTPUT ACCEPT [1255:112867]
COMMIT
# Completed on Tue Apr 10 14:54:03 2012
+ _________________________ iptables-mangle
+ iptables-save -t mangle
# Generated by iptables-save v1.4.7 on Tue Apr 10 14:54:03 2012
*mangle
:PREROUTING ACCEPT [1396087:281825983]
:INPUT ACCEPT [1162693:251084533]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [3552:766895]
:POSTROUTING ACCEPT [3552:766895]
COMMIT
# Completed on Tue Apr 10 14:54:03 2012
+ _________________________ /proc/modules
+ test -f /proc/modules
+ cat /proc/modules
ah6 5389 0 - Live 0xffffffffa0281000
ah4 4416 0 - Live 0xffffffffa027a000
esp6 5075 0 - Live 0xffffffffa0273000
esp4 5454 2 - Live 0xffffffffa026c000
xfrm4_mode_beet 2069 0 - Live 0xffffffffa0263000
xfrm4_tunnel 1981 0 - Live 0xffffffffa0254000
xfrm4_mode_tunnel 2002 0 - Live 0xffffffffa0247000
xfrm4_mode_transport 1449 4 - Live 0xffffffffa0235000
xfrm6_mode_transport 1545 0 - Live 0xffffffffa0224000
xfrm6_mode_ro 1318 0 - Live 0xffffffffa021c000
xfrm6_mode_beet 2020 0 - Live 0xffffffffa0216000
xfrm6_mode_tunnel 1906 0 - Live 0xffffffffa01f7000
ipcomp 2073 0 - Live 0xffffffffa0175000
ipcomp6 2138 0 - Live 0xffffffffa0167000
xfrm6_tunnel 7969 1 ipcomp6, Live 0xffffffffa0140000
af_key 29987 0 - Live 0xffffffffa01e6000
iptable_mangle 3349 0 - Live 0xffffffffa043c000
iptable_nat 6158 0 - Live 0xffffffffa0435000
nf_nat 22726 1 iptable_nat, Live 0xffffffffa0428000
authenc 6747 2 - Live 0xffffffffa0736000
deflate 2107 0 - Live 0xffffffffa039a000
zlib_deflate 21629 1 deflate, Live 0xffffffffa038f000
ctr 4063 0 - Live 0xffffffffa0389000
camellia 18334 0 - Live 0xffffffffa037f000
cast5 15242 0 - Live 0xffffffffa0376000
rmd160 8154 0 - Live 0xffffffffa036f000
crypto_null 2952 0 - Live 0xffffffffa0369000
ccm 8471 0 - Live 0xffffffffa0361000
serpent 18455 0 - Live 0xffffffffa0357000
blowfish 7884 0 - Live 0xffffffffa0350000
twofish_x86_64 5257 0 - Live 0xffffffffa0349000
twofish_common 14633 1 twofish_x86_64, Live 0xffffffffa0340000
ecb 2209 0 - Live 0xffffffffa033a000
xcbc 2849 0 - Live 0xffffffffa0334000
cbc 3083 2 - Live 0xffffffffa032e000
sha256_generic 10361 0 - Live 0xffffffffa0326000
sha512_generic 4974 0 - Live 0xffffffffa031f000
des_generic 16604 2 - Live 0xffffffffa0315000
cryptd 8006 0 - Live 0xffffffffa02fc000
aes_x86_64 7914 0 - Live 0xffffffffa02eb000
aes_generic 27609 1 aes_x86_64, Live 0xffffffffa02d9000
tunnel4 2943 1 xfrm4_tunnel, Live 0xffffffffa0266000
xfrm_ipcomp 4802 2 ipcomp,ipcomp6, Live 0xffffffffa01f0000
tunnel6 2714 1 xfrm6_tunnel, Live 0xffffffffa0122000
autofs4 26888 3 - Live 0xffffffffa02f0000
sunrpc 243758 1 - Live 0xffffffffa029b000
ipt_REJECT 2383 2 - Live 0xffffffffa0260000
nf_conntrack_ipv4 9506 5 iptable_nat,nf_nat, Live 0xffffffffa0257000
nf_defrag_ipv4 1483 1 nf_conntrack_ipv4, Live 0xffffffffa0251000
iptable_filter 2793 1 - Live 0xffffffffa024b000
ip_tables 17831 3 iptable_mangle,iptable_nat,iptable_filter, Live 0xffffffffa0240000
ip6t_REJECT 4628 2 - Live 0xffffffffa0239000
nf_conntrack_ipv6 8748 2 - Live 0xffffffffa0230000
nf_defrag_ipv6 12182 1 nf_conntrack_ipv6, Live 0xffffffffa0227000
xt_state 1492 4 - Live 0xffffffffa0221000
nf_conntrack 79453 5 iptable_nat,nf_nat,nf_conntrack_ipv4,nf_conntrack_ipv6,xt_state, Live 0xffffffffa0200000
ip6table_filter 2889 1 - Live 0xffffffffa01fa000
ip6_tables 19458 1 ip6table_filter, Live 0xffffffffa015d000
ipv6 322029 60 ah6,esp6,xfrm6_mode_beet,xfrm6_mode_tunnel,ipcomp6,xfrm6_tunnel,tunnel6,ip6t_REJECT,nf_conntrack_ipv6,nf_defrag_ipv6, Live 0xffffffffa0195000
dm_mirror 14101 0 - Live 0xffffffffa0126000
dm_region_hash 12170 1 dm_mirror, Live 0xffffffffa00fd000
dm_log 10122 2 dm_mirror,dm_region_hash, Live 0xffffffffa00e7000
microcode 112594 0 - Live 0xffffffffa0177000
virtio_balloon 4347 0 - Live 0xffffffffa001b000
snd_hda_intel 25548 0 - Live 0xffffffffa0169000
snd_hda_codec 91845 1 snd_hda_intel, Live 0xffffffffa0144000
snd_hwdep 6780 1 snd_hda_codec, Live 0xffffffffa013c000
snd_seq 56591 0 - Live 0xffffffffa012c000
snd_seq_device 6596 1 snd_seq, Live 0xffffffffa004b000
snd_pcm 84702 2 snd_hda_intel,snd_hda_codec, Live 0xffffffffa010b000
snd_timer 23057 2 snd_seq,snd_pcm, Live 0xffffffffa0103000
snd 70023 7 snd_hda_intel,snd_hda_codec,snd_hwdep,snd_seq,snd_seq_device,snd_pcm,snd_timer, Live 0xffffffffa00c9000
soundcore 8086 1 snd, Live 0xffffffffa002f000
snd_page_alloc 8630 2 snd_hda_intel,snd_pcm, Live 0xffffffffa0016000
virtio_net 15839 0 - Live 0xffffffffa00f3000
i2c_piix4 12608 0 - Live 0xffffffffa00ed000
i2c_core 31276 1 i2c_piix4, Live 0xffffffffa00dd000
ext4 364410 3 - Live 0xffffffffa006e000
mbcache 8144 1 ext4, Live 0xffffffffa0028000
jbd2 88738 1 ext4, Live 0xffffffffa0056000
virtio_blk 6473 5 - Live 0xffffffffa004e000
virtio_pci 6687 0 - Live 0xffffffffa0047000
virtio_ring 7729 4 virtio_balloon,virtio_net,virtio_blk,virtio_pci, Live 0xffffffffa003f000
virtio 4890 4 virtio_balloon,virtio_net,virtio_blk,virtio_pci, Live 0xffffffffa0038000
pata_acpi 3701 0 - Live 0xffffffffa0032000
ata_generic 3837 0 - Live 0xffffffffa002c000
ata_piix 22846 0 - Live 0xffffffffa0020000
dm_mod 81596 2 dm_mirror,dm_log, Live 0xffffffffa0000000
+ _________________________ /proc/meminfo
+ cat /proc/meminfo
MemTotal:        3922956 kB
MemFree:         2879904 kB
Buffers:          291092 kB
Cached:           490600 kB
SwapCached:            0 kB
Active:           424260 kB
Inactive:         406420 kB
Active(anon):      30468 kB
Inactive(anon):    18716 kB
Active(file):     393792 kB
Inactive(file):   387704 kB
Unevictable:           0 kB
Mlocked:               0 kB
SwapTotal:             0 kB
SwapFree:              0 kB
Dirty:                 4 kB
Writeback:             0 kB
AnonPages:         48840 kB
Mapped:            16596 kB
Shmem:               196 kB
Slab:             144880 kB
SReclaimable:     117228 kB
SUnreclaim:        27652 kB
KernelStack:        1440 kB
PageTables:         5432 kB
NFS_Unstable:          0 kB
Bounce:                0 kB
WritebackTmp:          0 kB
CommitLimit:     1961476 kB
Committed_AS:     225468 kB
VmallocTotal:   34359738367 kB
VmallocUsed:       19684 kB
VmallocChunk:   34359715936 kB
HardwareCorrupted:     0 kB
AnonHugePages:      2048 kB
HugePages_Total:       0
HugePages_Free:        0
HugePages_Rsvd:        0
HugePages_Surp:        0
Hugepagesize:       2048 kB
DirectMap4k:        8180 kB
DirectMap2M:     4186112 kB
+ _________________________ /proc/net/ipsec-ls
+ test -f /proc/net/ipsec_version
+ _________________________ usr/src/linux/.config
+ test -f /proc/config.gz
++ uname -r
+ test -f /lib/modules/2.6.32-220.4.1.el6.x86_64/build/.config
+ echo 'no .config file found, cannot list kernel properties'
no .config file found, cannot list kernel properties
+ _________________________ etc/syslog.conf
+ _________________________ etc/syslog-ng/syslog-ng.conf
+ cat /etc/syslog-ng/syslog-ng.conf
cat: /etc/syslog-ng/syslog-ng.conf: No such file or directory
+ cat /etc/syslog.conf
cat: /etc/syslog.conf: No such file or directory
+ _________________________ etc/resolv.conf
+ cat /etc/resolv.conf
# Generated by NetworkManager
domain tchpc.tcd.ie
search tchpc.tcd.ie
nameserver 10.1.112.8
nameserver 10.1.112.9
+ _________________________ lib/modules-ls
+ ls -ltr /lib/modules
total 8
drwxr-xr-x. 7 root root 4096 Feb 10 09:43 2.6.32-131.0.15.el6.x86_64
drwxr-xr-x. 7 root root 4096 Feb 10 10:14 2.6.32-220.4.1.el6.x86_64
+ _________________________ fipscheck
+ cat /proc/sys/crypto/fips_enabled
0
+ _________________________ /proc/ksyms-netif_rx
+ test -r /proc/ksyms
+ test -r /proc/kallsyms
+ egrep netif_rx /proc/kallsyms
ffffffff81431060 T netif_rx
ffffffff814312d0 T netif_rx_ni
ffffffff81443a40 t ftrace_raw_output_netif_rx
ffffffff814445a0 t ftrace_profile_disable_netif_rx
ffffffff814445c0 t ftrace_raw_unreg_event_netif_rx
ffffffff81444c60 t ftrace_profile_enable_netif_rx
ffffffff81444c80 t ftrace_raw_reg_event_netif_rx
ffffffff81445550 t ftrace_raw_init_event_netif_rx
ffffffff81445c70 t ftrace_profile_netif_rx
ffffffff814465b0 t ftrace_raw_event_netif_rx
ffffffff81804ff2 r __tpstrtab_netif_rx
ffffffff81816c40 r __ksymtab_netif_rx_ni
ffffffff81816c50 r __ksymtab_netif_rx
ffffffff81825fc0 r __kcrctab_netif_rx_ni
ffffffff81825fc8 r __kcrctab_netif_rx
ffffffff8183f546 r __kstrtab_netif_rx_ni
ffffffff8183f552 r __kstrtab_netif_rx
ffffffff81b12980 d ftrace_event_type_netif_rx
ffffffff81bc79a0 D __tracepoint_netif_rx
ffffffff81bf12b0 d event_netif_rx
+ _________________________ lib/modules-netif_rx
+ modulegoo kernel/net/ipv4/ipip.o netif_rx
+ set +x
2.6.32-131.0.15.el6.x86_64: 
2.6.32-220.4.1.el6.x86_64: 
+ _________________________ kern.debug
+ test -f /var/log/kern.debug
+ _________________________ klog
+ sed -n '66,$p' /var/log/messages
+ egrep -i 'ipsec|klips|pluto'
+ case "$1" in
+ cat
Apr 10 14:49:27 linuxhost ipsec_setup: Starting Openswan IPsec U2.6.32/K2.6.32-220.4.1.el6.x86_64...
Apr 10 14:49:27 linuxhost ipsec_setup: Using NETKEY(XFRM) stack
Apr 10 14:49:27 linuxhost ipsec_setup: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
Apr 10 14:49:27 linuxhost ipsec_setup: ...Openswan IPsec started
Apr 10 14:49:27 linuxhost ipsec__plutorun: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
Apr 10 14:49:27 linuxhost ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
Apr 10 14:49:27 linuxhost pluto: adjusting ipsec.d to /etc/ipsec.d
Apr 10 14:49:27 linuxhost ipsec__plutorun: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
Apr 10 14:49:27 linuxhost ipsec__plutorun: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
Apr 10 14:49:27 linuxhost ipsec__plutorun: 002 Non-fips mode set in /proc/sys/crypto/fips_enabled
Apr 10 14:49:27 linuxhost ipsec__plutorun: 002 added connection description "windoze"
Apr 10 14:49:27 linuxhost ipsec__plutorun: 104 "windoze" #1: STATE_MAIN_I1: initiate
+ _________________________ plog
+ sed -n '1066,$p' /var/log/secure
+ egrep -i pluto
+ case "$1" in
+ cat
Apr 10 14:49:27 linuxhost ipsec__plutorun: Starting Pluto subsystem...
Apr 10 14:49:27 linuxhost pluto[18953]: nss directory plutomain: /etc/ipsec.d
Apr 10 14:49:27 linuxhost pluto[18953]: NSS Initialized
Apr 10 14:49:27 linuxhost pluto[18953]: Non-fips mode set in /proc/sys/crypto/fips_enabled
Apr 10 14:49:27 linuxhost pluto[18953]: Starting Pluto (Openswan Version 2.6.32; Vendor ID OEhyLdACecfa) pid:18953
Apr 10 14:49:27 linuxhost pluto[18953]: Non-fips mode set in /proc/sys/crypto/fips_enabled
Apr 10 14:49:27 linuxhost pluto[18953]: LEAK_DETECTIVE support [disabled]
Apr 10 14:49:27 linuxhost pluto[18953]: OCF support for IKE [disabled]
Apr 10 14:49:27 linuxhost pluto[18953]: SAref support [disabled]: Protocol not available
Apr 10 14:49:27 linuxhost pluto[18953]: SAbind support [disabled]: Protocol not available
Apr 10 14:49:27 linuxhost pluto[18953]: NSS support [enabled]
Apr 10 14:49:27 linuxhost pluto[18953]: HAVE_STATSD notification support not compiled in
Apr 10 14:49:27 linuxhost pluto[18953]: Setting NAT-Traversal port-4500 floating to off
Apr 10 14:49:27 linuxhost pluto[18953]:    port floating activation criteria nat_t=0/port_float=1
Apr 10 14:49:27 linuxhost pluto[18953]:    NAT-Traversal support  [disabled]
Apr 10 14:49:27 linuxhost pluto[18953]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
Apr 10 14:49:27 linuxhost pluto[18953]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
Apr 10 14:49:27 linuxhost pluto[18953]: ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
Apr 10 14:49:27 linuxhost pluto[18953]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
Apr 10 14:49:27 linuxhost pluto[18953]: ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
Apr 10 14:49:27 linuxhost pluto[18953]: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
Apr 10 14:49:27 linuxhost pluto[18953]: ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
Apr 10 14:49:27 linuxhost pluto[18953]: starting up 3 cryptographic helpers
Apr 10 14:49:27 linuxhost pluto[18953]: started helper (thread) pid=139799685940992 (fd:10)
Apr 10 14:49:27 linuxhost pluto[18953]: started helper (thread) pid=139799675451136 (fd:12)
Apr 10 14:49:27 linuxhost pluto[18953]: started helper (thread) pid=139799664961280 (fd:14)
Apr 10 14:49:27 linuxhost pluto[18953]: Using Linux 2.6 IPsec interface code on 2.6.32-220.4.1.el6.x86_64 (experimental code)
Apr 10 14:49:27 linuxhost pluto[18953]: ike_alg_register_enc(): Activating aes_ccm_8: Ok (ret=0)
Apr 10 14:49:27 linuxhost pluto[18953]: ike_alg_add(): ERROR: Algorithm already exists
Apr 10 14:49:27 linuxhost pluto[18953]: ike_alg_register_enc(): Activating aes_ccm_12: FAILED (ret=-17)
Apr 10 14:49:27 linuxhost pluto[18953]: ike_alg_add(): ERROR: Algorithm already exists
Apr 10 14:49:27 linuxhost pluto[18953]: ike_alg_register_enc(): Activating aes_ccm_16: FAILED (ret=-17)
Apr 10 14:49:27 linuxhost pluto[18953]: ike_alg_add(): ERROR: Algorithm already exists
Apr 10 14:49:27 linuxhost pluto[18953]: ike_alg_register_enc(): Activating aes_gcm_8: FAILED (ret=-17)
Apr 10 14:49:27 linuxhost pluto[18953]: ike_alg_add(): ERROR: Algorithm already exists
Apr 10 14:49:27 linuxhost pluto[18953]: ike_alg_register_enc(): Activating aes_gcm_12: FAILED (ret=-17)
Apr 10 14:49:27 linuxhost pluto[18953]: ike_alg_add(): ERROR: Algorithm already exists
Apr 10 14:49:27 linuxhost pluto[18953]: ike_alg_register_enc(): Activating aes_gcm_16: FAILED (ret=-17)
Apr 10 14:49:27 linuxhost pluto[18953]: Could not change to directory '/etc/ipsec.d/cacerts': /
Apr 10 14:49:27 linuxhost pluto[18953]: Could not change to directory '/etc/ipsec.d/aacerts': /
Apr 10 14:49:27 linuxhost pluto[18953]: Could not change to directory '/etc/ipsec.d/ocspcerts': /
Apr 10 14:49:27 linuxhost pluto[18953]: Could not change to directory '/etc/ipsec.d/crls'
Apr 10 14:49:27 linuxhost pluto[18953]: | selinux support is NOT enabled. 
Apr 10 14:49:27 linuxhost pluto[18953]: Non-fips mode set in /proc/sys/crypto/fips_enabled
Apr 10 14:49:27 linuxhost pluto[18953]: added connection description "windoze"
Apr 10 14:49:27 linuxhost pluto[18953]: listening for IKE messages
Apr 10 14:49:27 linuxhost pluto[18953]: adding interface eth1/eth1 10.1.112.202:500
Apr 10 14:49:27 linuxhost pluto[18953]: adding interface lo/lo 127.0.0.1:500
Apr 10 14:49:27 linuxhost pluto[18953]: adding interface eth1/eth1 xxx:500
Apr 10 14:49:27 linuxhost pluto[18953]: adding interface lo/lo ::1:500
Apr 10 14:49:27 linuxhost pluto[18953]: loading secrets from "/etc/ipsec.secrets"
Apr 10 14:49:27 linuxhost pluto[18953]: loading secrets from "/etc/ipsec.d/winhost.secrets"
Apr 10 14:49:27 linuxhost pluto[18953]: "windoze" #1: initiating Main Mode
Apr 10 14:53:17 linuxhost pluto[18953]: "windoze" #1: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000004]
Apr 10 14:53:17 linuxhost pluto[18953]: "windoze" #1: ignoring Vendor ID payload [FRAGMENTATION]
Apr 10 14:53:17 linuxhost pluto[18953]: "windoze" #1: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but port floating is off
Apr 10 14:53:17 linuxhost pluto[18953]: "windoze" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Apr 10 14:53:17 linuxhost pluto[18953]: "windoze" #1: STATE_MAIN_I2: sent MI2, expecting MR2
Apr 10 14:53:17 linuxhost pluto[18953]: "windoze" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Apr 10 14:53:17 linuxhost pluto[18953]: "windoze" #1: STATE_MAIN_I3: sent MI3, expecting MR3
Apr 10 14:53:17 linuxhost pluto[18953]: "windoze" #1: Main mode peer ID is ID_IPV4_ADDR: '10.1.112.14'
Apr 10 14:53:17 linuxhost pluto[18953]: "windoze" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
Apr 10 14:53:17 linuxhost pluto[18953]: "windoze" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
Apr 10 14:53:17 linuxhost pluto[18953]: "windoze" #2: initiating Quick Mode PSK+ENCRYPT+UP+IKEv2ALLOW+SAREFTRACK {using isakmp#1 msgid:ba3e2c2b proposal=3DES(3)_192-SHA1(2)_160 pfsgroup=no-pfs}
Apr 10 14:53:17 linuxhost pluto[18953]: "windoze" #2: IKE message has the Commit Flag set but Pluto doesn't implement this feature; ignoring flag
Apr 10 14:53:17 linuxhost pluto[18953]: "windoze" #2: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
Apr 10 14:53:17 linuxhost pluto[18953]: "windoze" #2: STATE_QUICK_I2: sent QI2, IPsec SA established transport mode {ESP=>0xf967a2ad <0x7fa89fe7 xfrm=3DES_0-HMAC_SHA1 NATOA=none NATD=none DPD=none}
Apr 10 14:53:17 linuxhost pluto[18953]: "windoze" #2: IKE message has the Commit Flag set but Pluto doesn't implement this feature; ignoring flag
Apr 10 14:53:17 linuxhost pluto[18953]: "windoze" #2: message ignored because it contains an unexpected payload type (ISAKMP_NEXT_HASH)
Apr 10 14:53:17 linuxhost pluto[18953]: "windoze" #2: sending encrypted notification INVALID_PAYLOAD_TYPE to 10.1.112.14:500
Apr 10 14:53:22 linuxhost pluto[18953]: "windoze" #1: the peer proposed: 10.1.112.202/32:17/0 -> 10.1.112.14/32:17/1701
Apr 10 14:53:22 linuxhost pluto[18953]: "windoze" #1: cannot respond to IPsec SA request because no connection is known for 10.1.112.202<10.1.112.202>[+S=C]:1/0...10.1.112.14<10.1.112.14>[+S=C]:1/0
Apr 10 14:53:22 linuxhost pluto[18953]: "windoze" #1: sending encrypted notification INVALID_ID_INFORMATION to 10.1.112.14:500
Apr 10 14:53:24 linuxhost pluto[18953]: "windoze" #1: the peer proposed: 10.1.112.202/32:17/0 -> 10.1.112.14/32:17/1701
Apr 10 14:53:24 linuxhost pluto[18953]: "windoze" #1: cannot respond to IPsec SA request because no connection is known for 10.1.112.202<10.1.112.202>[+S=C]:1/0...10.1.112.14<10.1.112.14>[+S=C]:1/0
Apr 10 14:53:24 linuxhost pluto[18953]: "windoze" #1: sending encrypted notification INVALID_ID_INFORMATION to 10.1.112.14:500
Apr 10 14:53:26 linuxhost pluto[18953]: "windoze" #1: the peer proposed: 10.1.112.202/32:17/0 -> 10.1.112.14/32:17/1701
Apr 10 14:53:26 linuxhost pluto[18953]: "windoze" #1: cannot respond to IPsec SA request because no connection is known for 10.1.112.202<10.1.112.202>[+S=C]:1/0...10.1.112.14<10.1.112.14>[+S=C]:1/0
Apr 10 14:53:26 linuxhost pluto[18953]: "windoze" #1: sending encrypted notification INVALID_ID_INFORMATION to 10.1.112.14:500
Apr 10 14:53:30 linuxhost pluto[18953]: "windoze" #1: the peer proposed: 10.1.112.202/32:17/0 -> 10.1.112.14/32:17/1701
Apr 10 14:53:30 linuxhost pluto[18953]: "windoze" #1: cannot respond to IPsec SA request because no connection is known for 10.1.112.202<10.1.112.202>[+S=C]:1/0...10.1.112.14<10.1.112.14>[+S=C]:1/0
Apr 10 14:53:30 linuxhost pluto[18953]: "windoze" #1: sending encrypted notification INVALID_ID_INFORMATION to 10.1.112.14:500
Apr 10 14:53:38 linuxhost pluto[18953]: "windoze" #1: the peer proposed: 10.1.112.202/32:17/0 -> 10.1.112.14/32:17/1701
Apr 10 14:53:38 linuxhost pluto[18953]: "windoze" #1: cannot respond to IPsec SA request because no connection is known for 10.1.112.202<10.1.112.202>[+S=C]:1/0...10.1.112.14<10.1.112.14>[+S=C]:1/0
Apr 10 14:53:38 linuxhost pluto[18953]: "windoze" #1: sending encrypted notification INVALID_ID_INFORMATION to 10.1.112.14:500
Apr 10 14:53:54 linuxhost pluto[18953]: "windoze" #1: the peer proposed: 10.1.112.202/32:17/0 -> 10.1.112.14/32:17/1701
Apr 10 14:53:54 linuxhost pluto[18953]: "windoze" #1: cannot respond to IPsec SA request because no connection is known for 10.1.112.202<10.1.112.202>[+S=C]:1/0...10.1.112.14<10.1.112.14>[+S=C]:1/0
Apr 10 14:53:54 linuxhost pluto[18953]: "windoze" #1: sending encrypted notification INVALID_ID_INFORMATION to 10.1.112.14:500
+ _________________________ date
+ date
Tue Apr 10 14:54:03 IST 2012


More information about the Users mailing list