[Openswan Users] Encryption only one way
Langland, Blake
blangland at integrity-apps.com
Mon Dec 31 15:32:40 EST 2012
Hello,
I am attempting to create an IPsec tunnel between a a linux server running Openswan and a client running Windows 7. I am currently able to create the tunnel, but traffic is only being encrypted one way. I have tried looking at the traffic with a third machine on the network and can see the unencrypted UDP packets I am sending.
Here is my ipsec barf (I took out proc/crypto/ since it was so long):
localhost.localdomain
Mon Dec 31 12:19:42 PST 2012
+ _________________________ version
+ ipsec --version
Linux Openswan U2.6.37/K3.6.7-4.fc16.x86_64 (netkey)
See `ipsec --copyright' for copyright information.
+ _________________________ /proc/version
+ cat /proc/version
Linux version 3.6.7-4.fc16.x86_64 (mockbuild at bkernel01.phx2.fedoraproject.org) (gcc version 4.6.3 20120306 (Red Hat 4.6.3-2) (GCC) ) #1 SMP Tue Nov 20 20:33:31 UTC 2012
+ _________________________ /proc/net/ipsec_eroute
+ test -r /proc/net/ipsec_eroute
+ _________________________ netstat-rn
+ head -n 100
+ netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 192.168.52.2 0.0.0.0 UG 0 0 0 eth0
192.168.52.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
+ _________________________ /proc/net/ipsec_spi
+ test -r /proc/net/ipsec_spi
+ _________________________ /proc/net/ipsec_spigrp
+ test -r /proc/net/ipsec_spigrp
+ _________________________ /proc/net/ipsec_tncfg
+ test -r /proc/net/ipsec_tncfg
+ _________________________ /proc/net/pfkey
+ test -r /proc/net/pfkey
+ cat /proc/net/pfkey
sk RefCnt Rmem Wmem User Inode
+ _________________________ ip-xfrm-state
+ ip xfrm state
+ _________________________ ip-xfrm-policy
+ ip xfrm policy
src 192.168.52.245/32 dst 192.168.52.1/32 proto udp sport 1701
dir out priority 2080 ptype main
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src ::/0 dst ::/0
socket out priority 0 ptype main
src ::/0 dst ::/0
socket in priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket out priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket in priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket out priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket in priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket out priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket in priority 0 ptype main
+ _________________________ /proc/crypto
+ test -r /proc/crypto
...
+ __________________________/proc/sys/net/core/xfrm-star
/usr/libexec/ipsec/barf: line 190: __________________________/proc/sys/net/core/xfrm-star: No such file or directory
+ for i in '/proc/sys/net/core/xfrm_*'
+ echo -n '/proc/sys/net/core/xfrm_acq_expires: '
/proc/sys/net/core/xfrm_acq_expires: + cat /proc/sys/net/core/xfrm_acq_expires
30
+ for i in '/proc/sys/net/core/xfrm_*'
+ echo -n '/proc/sys/net/core/xfrm_aevent_etime: '
/proc/sys/net/core/xfrm_aevent_etime: + cat /proc/sys/net/core/xfrm_aevent_etime
10
+ for i in '/proc/sys/net/core/xfrm_*'
+ echo -n '/proc/sys/net/core/xfrm_aevent_rseqth: '
/proc/sys/net/core/xfrm_aevent_rseqth: + cat /proc/sys/net/core/xfrm_aevent_rseqth
2
+ for i in '/proc/sys/net/core/xfrm_*'
+ echo -n '/proc/sys/net/core/xfrm_larval_drop: '
/proc/sys/net/core/xfrm_larval_drop: + cat /proc/sys/net/core/xfrm_larval_drop
1
+ _________________________ /proc/sys/net/ipsec-star
+ test -d /proc/sys/net/ipsec
+ _________________________ ipsec/status
+ ipsec auto --status
000 using kernel interface: netkey
000 interface lo/lo ::1
000 interface lo/lo 127.0.0.1
000 interface eth0/eth0 192.168.52.245
000 interface ppp0/ppp0 10.10.10.1
000 %myid = (none)
000 debug none
000
000 virtual_private (%priv):
000 - allowed 0 subnets:
000 - disallowed 0 subnets:
000 WARNING: Either virtual_private= is not specified, or there is a syntax
000 error in that line. 'left/rightsubnet=vhost:%priv' will not work!
000 WARNING: Disallowed subnets in virtual_private= is empty. If you have
000 private address space in internal use, it should be excluded!
000
000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64, keysizemax=64
000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192, keysizemax=192
000 algorithm ESP encrypt: id=6, name=ESP_CAST, ivlen=8, keysizemin=40, keysizemax=128
000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8, keysizemin=40, keysizemax=448
000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0, keysizemax=0
000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=13, name=ESP_AES_CTR, ivlen=8, keysizemin=160, keysizemax=288
000 algorithm ESP encrypt: id=14, name=ESP_AES_CCM_A, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=15, name=ESP_AES_CCM_B, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=16, name=ESP_AES_CCM_C, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=18, name=ESP_AES_GCM_A, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=19, name=ESP_AES_GCM_B, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=20, name=ESP_AES_GCM_C, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=22, name=ESP_CAMELLIA, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160
000 algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256, keysizemin=256, keysizemax=256
000 algorithm ESP auth attr: id=6, name=AUTH_ALGORITHM_HMAC_SHA2_384, keysizemin=384, keysizemax=384
000 algorithm ESP auth attr: id=7, name=AUTH_ALGORITHM_HMAC_SHA2_512, keysizemin=512, keysizemax=512
000 algorithm ESP auth attr: id=8, name=AUTH_ALGORITHM_HMAC_RIPEMD, keysizemin=160, keysizemax=160
000 algorithm ESP auth attr: id=9, name=AUTH_ALGORITHM_AES_CBC, keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=251, name=(null), keysizemin=0, keysizemax=0
000
000 algorithm IKE encrypt: id=0, name=(null), blocksize=16, keydeflen=131
000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8, keydeflen=192
000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16, keydeflen=128
000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20
000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
000 algorithm IKE dh group: id=22, name=OAKLEY_GROUP_DH22, bits=1024
000 algorithm IKE dh group: id=23, name=OAKLEY_GROUP_DH23, bits=2048
000 algorithm IKE dh group: id=24, name=OAKLEY_GROUP_DH24, bits=2048
000
000 stats db_ops: {curr_cnt, total_cnt, maxsz} :context={0,0,0} trans={0,0,0} attrs={0,0,0}
000
000 "L2TP-PSK": 192.168.52.245[+S=C]:17/1701...192.168.52.1<192.168.52.1>[+S=C]:17/0; prospective erouted; eroute owner: #0
000 "L2TP-PSK": myip=unset; hisip=unset;
000 "L2TP-PSK": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3
000 "L2TP-PSK": policy: PSK+ENCRYPT+TUNNEL+DONTREKEY+IKEv2ALLOW+SAREFTRACK+lKOD+rKOD; prio: 32,32; interface: eth0;
000 "L2TP-PSK": newest ISAKMP SA: #0; newest IPsec SA: #0;
000
000
+ _________________________ ifconfig-a
+ ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:0C:29:21:AB:B0
inet addr:192.168.52.245 Bcast:192.168.52.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe21:abb0/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:16527 errors:0 dropped:0 overruns:0 frame:0
TX packets:9901 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2060150 (1.9 MiB) TX bytes:1331141 (1.2 MiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
+ _________________________ ip-addr-list
+ ip addr list
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:21:ab:b0 brd ff:ff:ff:ff:ff:ff
inet 192.168.52.245/24 brd 192.168.52.255 scope global eth0
inet6 fe80::20c:29ff:fe21:abb0/64 scope link
valid_lft forever preferred_lft forever
+ _________________________ ip-route-list
+ ip route list
default via 192.168.52.2 dev eth0 proto static
192.168.52.0/24 dev eth0 proto kernel scope link src 192.168.52.245 metric 1
+ _________________________ ip-rule-list
+ ip rule list
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
+ _________________________ ipsec_verify
+ ipsec verify --nocolour
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.6.37/K3.6.7-4.fc16.x86_64 (netkey)
Checking for IPsec support in kernel [OK]
SAref kernel support [N/A]
NETKEY: Testing XFRM related proc values [FAILED]
Please disable /proc/sys/net/ipv4/conf/*/send_redirects
or NETKEY will cause the sending of bogus ICMP redirects!
[FAILED]
Please disable /proc/sys/net/ipv4/conf/*/accept_redirects
or NETKEY will accept bogus ICMP redirects!
[OK]
Checking that pluto is running [OK]
Pluto listening for IKE on udp 500 [OK]
Pluto listening for NAT-T on udp 4500 [FAILED]
Checking for 'ip' command [OK]
Checking /bin/sh is not /bin/dash [OK]
Checking for 'iptables' command [OK]
Opportunistic Encryption Support [DISABLED]
+ _________________________ mii-tool
+ '[' -x /sbin/mii-tool ']'
+ /sbin/mii-tool -v
No interface specified
usage: /sbin/mii-tool [-VvRrwl] [-A media,... | -F media] <interface> ...
-V, --version display version information
-v, --verbose more verbose output
-R, --reset reset MII to poweron state
-r, --restart restart autonegotiation
-w, --watch monitor for link status changes
-l, --log with -w, write events to syslog
-A, --advertise=media,... advertise only specified media
-F, --force=media force specified media technology
media: 1000baseTx-HD, 1000baseTx-FD,
100baseT4, 100baseTx-FD, 100baseTx-HD, 10baseT-FD, 10baseT-HD,
(to advertise both HD and FD) 100baseTx, 10baseT
+ _________________________ ipsec/directory
+ ipsec --directory
/usr/libexec/ipsec
+ _________________________ hostname/fqdn
+ hostname --fqdn
localhost
+ _________________________ hostname/ipaddress
+ hostname --ip-address
::1 127.0.0.1
+ _________________________ uptime
+ uptime
12:19:43 up 4:32, 3 users, load average: 0.00, 0.01, 0.05
+ _________________________ ps
+ egrep -i 'ppid|pluto|ipsec|klips'
+ ps alxwf
F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME COMMAND
4 0 8014 2377 20 0 114196 1448 wait S+ pts/0 0:00 \_ /bin/sh /usr/libexec/ipsec/barf
0 0 8073 8014 20 0 4380 512 pipe_w S+ pts/0 0:00 \_ egrep -i ppid|pluto|ipsec|klips
1 0 7538 1 20 0 13720 556 wait S pts/0 0:00 /bin/sh /usr/libexec/ipsec/_plutorun --debug --uniqueids yes --force_busy no --nocrsend no --strictcrlpolicy no --nat_traversal no --keep_alive --protostack netkey --force_keepalive no --disable_port_floating no --virtual_private --listen --crlcheckinterval 0 --ocspuri --nhelpers --dump --opts --stderrlog --wait no --pre --post --log daemon.error --plutorestartoncrash true --pid /var/run/pluto/pluto.pid
1 0 7542 7538 20 0 13720 648 wait S pts/0 0:00 \_ /bin/sh /usr/libexec/ipsec/_plutorun --debug --uniqueids yes --force_busy no --nocrsend no --strictcrlpolicy no --nat_traversal no --keep_alive --protostack netkey --force_keepalive no --disable_port_floating no --virtual_private --listen --crlcheckinterval 0 --ocspuri --nhelpers --dump --opts --stderrlog --wait no --pre --post --log daemon.error --plutorestartoncrash true --pid /var/run/pluto/pluto.pid
4 0 7545 7542 20 0 162288 5260 poll_s Sl pts/0 0:00 | \_ /usr/libexec/ipsec/pluto --nofork --secretsfile /etc/ipsec.secrets --ipsecdir /etc/ipsec.d --use-netkey --uniqueids
0 0 7573 7545 20 0 6288 372 poll_s S pts/0 0:00 | \_ _pluto_adns
0 0 7543 7538 20 0 13720 1396 pipe_w S pts/0 0:00 \_ /bin/sh /usr/libexec/ipsec/_plutoload --wait no --post
0 0 7539 1 20 0 4272 596 pipe_w S pts/0 0:00 logger -s -p daemon.error -t ipsec__plutorun
+ _________________________ ipsec/showdefaults
+ ipsec showdefaults
routephys=eth0
routevirt=none
routeaddr=192.168.52.245
routenexthop=192.168.52.2
+ _________________________ ipsec/conf
+ ipsec _keycensor
+ ipsec _include /etc/ipsec.conf
#< /etc/ipsec.conf 1
version 2.0
config setup
protostack=netkey
oe=off
conn L2TP-PSK
authby=secret
pfs=no
auto=add
keyingtries=3
rekey=no
type=tunnel
left=%defaultroute
leftprotoport=17/1701
right=192.168.52.1
rightprotoport=17/0
+ _________________________ ipsec/secrets
+ ipsec _secretcensor
+ ipsec _include /etc/ipsec.secrets
#< /etc/ipsec.secrets 1
#< /etc/ipsec.d/test.secrets 1
192.168.52.245 %any: "[sums to 1c3c...]"
#> /etc/ipsec.secrets 2
+ _________________________ ipsec/listall
+ ipsec auto --listall
000
000 List of Public Keys:
000
000 List of Pre-shared secrets (from /etc/ipsec.secrets)
000 1: PSK %any 192.168.52.245
+ '[' /etc/ipsec.d/policies ']'
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/block
+ base=block
+ _________________________ ipsec/policies/block
+ cat /etc/ipsec.d/policies/block
# This file defines the set of CIDRs (network/mask-length) to which
# communication should never be allowed.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: block.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/clear
+ base=clear
+ _________________________ ipsec/policies/clear
+ cat /etc/ipsec.d/policies/clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be in the clear.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# root name servers should be in the clear
192.58.128.30/32
198.41.0.4/32
192.228.79.201/32
192.33.4.12/32
128.8.10.90/32
192.203.230.10/32
192.5.5.241/32
192.112.36.4/32
128.63.2.53/32
192.36.148.17/32
193.0.14.129/32
199.7.83.42/32
202.12.27.33/32
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/clear-or-private
+ base=clear-or-private
+ _________________________ ipsec/policies/clear-or-private
+ cat /etc/ipsec.d/policies/clear-or-private
# This file defines the set of CIDRs (network/mask-length) to which
# we will communicate in the clear, or, if the other side initiates IPSEC,
# using encryption. This behaviour is also called "Opportunistic Responder".
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: clear-or-private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/private
+ base=private
+ _________________________ ipsec/policies/private
+ cat /etc/ipsec.d/policies/private
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be private (i.e. encrypted).
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/private-or-clear
+ base=private-or-clear
+ _________________________ ipsec/policies/private-or-clear
+ cat /etc/ipsec.d/policies/private-or-clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should be private, if possible, but in the clear otherwise.
#
# If the target has a TXT (later IPSECKEY) record that specifies
# authentication material, we will require private (i.e. encrypted)
# communications. If no such record is found, communications will be
# in the clear.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: private-or-clear.in,v 1.5 2003/02/17 02:22:15 mcr Exp $
#
0.0.0.0/0
+ _________________________ ipsec/ls-libdir
+ ls -l /usr/libexec/ipsec
total 2360
-rwxr-xr-x. 1 root root 7792 Oct 28 2011 _copyright
-rwxr-xr-x. 1 root root 2430 Oct 28 2011 _include
-rwxr-xr-x. 1 root root 1475 Oct 28 2011 _keycensor
-rwxr-xr-x. 1 root root 12048 Oct 28 2011 _pluto_adns
-rwxr-xr-x. 1 root root 2567 Oct 28 2011 _plutoload
-rwxr-xr-x. 1 root root 8307 Oct 28 2011 _plutorun
-rwxr-xr-x. 1 root root 13684 Oct 28 2011 _realsetup
-rwxr-xr-x. 1 root root 1975 Oct 28 2011 _secretcensor
-rwxr-xr-x. 1 root root 12347 Oct 28 2011 _startklips
-rwxr-xr-x. 1 root root 6188 Oct 28 2011 _startnetkey
-rwxr-xr-x. 1 root root 4923 Oct 28 2011 _updown
-rwxr-xr-x. 1 root root 17776 Oct 28 2011 _updown.klips
-rwxr-xr-x. 1 root root 17537 Oct 28 2011 _updown.mast
-rwxr-xr-x. 1 root root 13833 Oct 28 2011 _updown.netkey
-rwxr-xr-x. 1 root root 224920 Oct 28 2011 addconn
-rwxr-xr-x. 1 root root 6167 Oct 28 2011 auto
-rwxr-xr-x. 1 root root 11317 Oct 28 2011 barf
-rwxr-xr-x. 1 root root 93368 Oct 28 2011 eroute
-rwxr-xr-x. 1 root root 24008 Oct 28 2011 ikeping
-rwxr-xr-x. 1 root root 72000 Oct 28 2011 klipsdebug
-rwxr-xr-x. 1 root root 2783 Oct 28 2011 look
-rwxr-xr-x. 1 root root 2189 Oct 28 2011 newhostkey
-rwxr-xr-x. 1 root root 66552 Oct 28 2011 pf_key
-rwxr-xr-x. 1 root root 991400 Oct 28 2011 pluto
-rwxr-xr-x. 1 root root 12349 Oct 28 2011 policy
-rwxr-xr-x. 1 root root 11416 Oct 28 2011 ranbits
-rwxr-xr-x. 1 root root 25024 Oct 28 2011 rsasigkey
-rwxr-xr-x. 1 root root 704 Oct 28 2011 secrets
lrwxrwxrwx. 1 root root 30 Dec 28 10:53 setup -> ../../../etc/rc.d/init.d/ipsec
-rwxr-xr-x. 1 root root 1126 Oct 28 2011 showdefaults
-rwxr-xr-x. 1 root root 265168 Oct 28 2011 showhostkey
-rwxr-xr-x. 1 root root 175416 Oct 28 2011 spi
-rwxr-xr-x. 1 root root 79944 Oct 28 2011 spigrp
-rwxr-xr-x. 1 root root 79128 Oct 28 2011 tncfg
-rwxr-xr-x. 1 root root 14674 Oct 28 2011 verify
-rwxr-xr-x. 1 root root 58568 Oct 28 2011 whack
+ _________________________ ipsec/ls-execdir
+ ls -l /usr/libexec/ipsec
total 2360
-rwxr-xr-x. 1 root root 7792 Oct 28 2011 _copyright
-rwxr-xr-x. 1 root root 2430 Oct 28 2011 _include
-rwxr-xr-x. 1 root root 1475 Oct 28 2011 _keycensor
-rwxr-xr-x. 1 root root 12048 Oct 28 2011 _pluto_adns
-rwxr-xr-x. 1 root root 2567 Oct 28 2011 _plutoload
-rwxr-xr-x. 1 root root 8307 Oct 28 2011 _plutorun
-rwxr-xr-x. 1 root root 13684 Oct 28 2011 _realsetup
-rwxr-xr-x. 1 root root 1975 Oct 28 2011 _secretcensor
-rwxr-xr-x. 1 root root 12347 Oct 28 2011 _startklips
-rwxr-xr-x. 1 root root 6188 Oct 28 2011 _startnetkey
-rwxr-xr-x. 1 root root 4923 Oct 28 2011 _updown
-rwxr-xr-x. 1 root root 17776 Oct 28 2011 _updown.klips
-rwxr-xr-x. 1 root root 17537 Oct 28 2011 _updown.mast
-rwxr-xr-x. 1 root root 13833 Oct 28 2011 _updown.netkey
-rwxr-xr-x. 1 root root 224920 Oct 28 2011 addconn
-rwxr-xr-x. 1 root root 6167 Oct 28 2011 auto
-rwxr-xr-x. 1 root root 11317 Oct 28 2011 barf
-rwxr-xr-x. 1 root root 93368 Oct 28 2011 eroute
-rwxr-xr-x. 1 root root 24008 Oct 28 2011 ikeping
-rwxr-xr-x. 1 root root 72000 Oct 28 2011 klipsdebug
-rwxr-xr-x. 1 root root 2783 Oct 28 2011 look
-rwxr-xr-x. 1 root root 2189 Oct 28 2011 newhostkey
-rwxr-xr-x. 1 root root 66552 Oct 28 2011 pf_key
-rwxr-xr-x. 1 root root 991400 Oct 28 2011 pluto
-rwxr-xr-x. 1 root root 12349 Oct 28 2011 policy
-rwxr-xr-x. 1 root root 11416 Oct 28 2011 ranbits
-rwxr-xr-x. 1 root root 25024 Oct 28 2011 rsasigkey
-rwxr-xr-x. 1 root root 704 Oct 28 2011 secrets
lrwxrwxrwx. 1 root root 30 Dec 28 10:53 setup -> ../../../etc/rc.d/init.d/ipsec
-rwxr-xr-x. 1 root root 1126 Oct 28 2011 showdefaults
-rwxr-xr-x. 1 root root 265168 Oct 28 2011 showhostkey
-rwxr-xr-x. 1 root root 175416 Oct 28 2011 spi
-rwxr-xr-x. 1 root root 79944 Oct 28 2011 spigrp
-rwxr-xr-x. 1 root root 79128 Oct 28 2011 tncfg
-rwxr-xr-x. 1 root root 14674 Oct 28 2011 verify
-rwxr-xr-x. 1 root root 58568 Oct 28 2011 whack
+ _________________________ /proc/net/dev
+ cat /proc/net/dev
Inter-| Receive | Transmit
face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed
eth0: 2060534 16531 0 0 0 0 0 0 1331371 9904 0 0 0 0 0 0
lo: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
+ _________________________ /proc/net/route
+ cat /proc/net/route
Iface Destination Gateway Flags RefCnt Use Metric Mask MTU Window IRTT
eth0 00000000 0234A8C0 0003 0 0 0 00000000 0 0 0
eth0 0034A8C0 00000000 0001 0 0 1 00FFFFFF 0 0 0
+ _________________________ /proc/sys/net/ipv4/ip_no_pmtu_disc
+ cat /proc/sys/net/ipv4/ip_no_pmtu_disc
0
+ _________________________ /proc/sys/net/ipv4/ip_forward
+ cat /proc/sys/net/ipv4/ip_forward
0
+ _________________________ /proc/sys/net/ipv4/tcp_ecn
+ cat /proc/sys/net/ipv4/tcp_ecn
2
+ _________________________ /proc/sys/net/ipv4/conf/star-rp_filter
+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/rp_filter default/rp_filter eth0/rp_filter lo/rp_filter
all/rp_filter:0
default/rp_filter:1
eth0/rp_filter:1
lo/rp_filter:0
+ _________________________ /proc/sys/net/ipv4/conf/star-star-redirects
+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/accept_redirects all/secure_redirects all/send_redirects default/accept_redirects default/secure_redirects default/send_redirects eth0/accept_redirects eth0/secure_redirects eth0/send_redirects lo/accept_redirects lo/secure_redirects lo/send_redirects
all/accept_redirects:1
all/secure_redirects:1
all/send_redirects:1
default/accept_redirects:1
default/secure_redirects:1
default/send_redirects:1
eth0/accept_redirects:1
eth0/secure_redirects:1
eth0/send_redirects:1
lo/accept_redirects:1
lo/secure_redirects:1
lo/send_redirects:1
+ _________________________ /proc/sys/net/ipv4/tcp_window_scaling
+ cat /proc/sys/net/ipv4/tcp_window_scaling
1
+ _________________________ /proc/sys/net/ipv4/tcp_adv_win_scale
+ cat /proc/sys/net/ipv4/tcp_adv_win_scale
1
+ _________________________ uname-a
+ uname -a
Linux localhost.localdomain 3.6.7-4.fc16.x86_64 #1 SMP Tue Nov 20 20:33:31 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux
+ _________________________ config-built-with
+ test -r /proc/config_built_with
+ _________________________ distro-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/redhat-release
+ cat /etc/redhat-release
Fedora release 16 (Verne)
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/debian-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/SuSE-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/mandrake-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/mandriva-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/gentoo-release
+ _________________________ /proc/net/ipsec_version
+ test -r /proc/net/ipsec_version
+ test -r /proc/net/pfkey
++ uname -r
+ echo 'NETKEY (3.6.7-4.fc16.x86_64) support detected '
NETKEY (3.6.7-4.fc16.x86_64) support detected
+ _________________________ iptables
+ test -r /sbin/iptables-save
+ iptables-save
# Generated by iptables-save v1.4.12 on Mon Dec 31 12:19:43 2012
*mangle
:PREROUTING ACCEPT [13581:1297121]
:INPUT ACCEPT [11374:1126590]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [8348:988446]
:POSTROUTING ACCEPT [8432:1008490]
COMMIT
# Completed on Mon Dec 31 12:19:43 2012
# Generated by iptables-save v1.4.12 on Mon Dec 31 12:19:43 2012
*nat
:PREROUTING ACCEPT [2162:160278]
:INPUT ACCEPT [61:8506]
:OUTPUT ACCEPT [28:4243]
:POSTROUTING ACCEPT [28:4243]
COMMIT
# Completed on Mon Dec 31 12:19:43 2012
# Generated by iptables-save v1.4.12 on Mon Dec 31 12:19:43 2012
*filter
:INPUT ACCEPT [21856:2480187]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [9630:1163321]
COMMIT
# Completed on Mon Dec 31 12:19:43 2012
+ _________________________ iptables-nat
+ iptables-save -t nat
# Generated by iptables-save v1.4.12 on Mon Dec 31 12:19:43 2012
*nat
:PREROUTING ACCEPT [2162:160278]
:INPUT ACCEPT [61:8506]
:OUTPUT ACCEPT [28:4243]
:POSTROUTING ACCEPT [28:4243]
COMMIT
# Completed on Mon Dec 31 12:19:43 2012
+ _________________________ iptables-mangle
+ iptables-save -t mangle
# Generated by iptables-save v1.4.12 on Mon Dec 31 12:19:43 2012
*mangle
:PREROUTING ACCEPT [13581:1297121]
:INPUT ACCEPT [11374:1126590]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [8348:988446]
:POSTROUTING ACCEPT [8432:1008490]
COMMIT
# Completed on Mon Dec 31 12:19:43 2012
+ _________________________ ip6tables
+ test -r /sbin/ip6tables-save
+ ip6tables-save
# Generated by ip6tables-save v1.4.12 on Mon Dec 31 12:19:43 2012
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [36:2496]
:POSTROUTING ACCEPT [35:2400]
COMMIT
# Completed on Mon Dec 31 12:19:43 2012
+ _________________________ ip6tables-mangle
+ ip6tables-save -t mangle
# Generated by ip6tables-save v1.4.12 on Mon Dec 31 12:19:43 2012
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [36:2496]
:POSTROUTING ACCEPT [35:2400]
COMMIT
# Completed on Mon Dec 31 12:19:43 2012
+ _________________________ ip6tables
# Completed on Mon Dec 31 12:19:43 2012
+ _________________________ ip6tables
+ _________________________ /proc/modules
+ test -f /proc/modules
+ cat /proc/modules
ah6 12972 0 - Live 0xffffffffa0351000
ah4 13002 0 - Live 0xffffffffa034c000
esp6 17103 0 - Live 0xffffffffa0346000
xfrm4_mode_beet 12611 0 - Live 0xffffffffa033b000
xfrm4_tunnel 12857 0 - Live 0xffffffffa0336000
xfrm4_mode_tunnel 13125 0 - Live 0xffffffffa032c000
xfrm6_mode_transport 12631 0 - Live 0xffffffffa0322000
xfrm6_mode_ro 12564 0 - Live 0xffffffffa031d000
xfrm6_mode_beet 12658 0 - Live 0xffffffffa0318000
xfrm6_mode_tunnel 12639 0 - Live 0xffffffffa0313000
ipcomp 12661 0 - Live 0xffffffffa030e000
ipcomp6 12662 0 - Live 0xffffffffa0309000
xfrm_ipcomp 13212 2 ipcomp,ipcomp6, Live 0xffffffffa0304000
xfrm6_tunnel 13597 1 ipcomp6, Live 0xffffffffa02ff000
tunnel6 13140 1 xfrm6_tunnel, Live 0xffffffffa02df000
af_key 36071 0 - Live 0xffffffffa02f5000
ip6table_mangle 12700 0 - Live 0xffffffffa047f000
ip6_tables 26845 1 ip6table_mangle, Live 0xffffffffa0473000
iptable_mangle 12695 0 - Live 0xffffffffa0466000
iptable_nat 13383 0 - Live 0xffffffffa046e000
nf_nat 25378 1 iptable_nat, Live 0xffffffffa0458000
nf_conntrack_ipv4 14969 3 iptable_nat,nf_nat, Live 0xffffffffa0461000
nf_conntrack 83892 3 iptable_nat,nf_nat,nf_conntrack_ipv4, Live 0xffffffffa0442000
nf_defrag_ipv4 12673 1 nf_conntrack_ipv4, Live 0xffffffffa043d000
authenc 17535 0 - Live 0xffffffffa0437000
rmd160 16744 0 - Live 0xffffffffa0431000
crypto_null 12918 0 - Live 0xffffffffa042c000
camellia_generic 29260 0 - Live 0xffffffffa0423000
camellia_x86_64 51381 0 - Live 0xffffffffa0415000
lzo 12597 0 - Live 0xffffffffa0410000
cast6 16909 0 - Live 0xffffffffa040a000
cast5 25112 0 - Live 0xffffffffa0402000
deflate 12617 0 - Live 0xffffffffa03fd000
zlib_deflate 26614 1 deflate, Live 0xffffffffa03f5000
cts 12854 0 - Live 0xffffffffa03f0000
gcm 23322 0 - Live 0xffffffffa03e5000
ccm 17782 0 - Live 0xffffffffa03df000
serpent_avx_x86_64 46270 0 - Live 0xffffffffa03d2000
serpent_sse2_x86_64 50363 0 - Live 0xffffffffa03c4000
serpent_generic 29616 2 serpent_avx_x86_64,serpent_sse2_x86_64, Live 0xffffffffa03bb000
blowfish_generic 12530 0 - Live 0xffffffffa03b6000
blowfish_x86_64 21381 0 - Live 0xffffffffa03af000
blowfish_common 16649 2 blowfish_generic,blowfish_x86_64, Live 0xffffffffa03a9000
twofish_generic 16635 0 - Live 0xffffffffa03a3000
twofish_avx_x86_64 46144 0 - Live 0xffffffffa0396000
twofish_x86_64_3way 26736 1 twofish_avx_x86_64, Live 0xffffffffa038e000
glue_helper 13171 5 camellia_x86_64,serpent_avx_x86_64,serpent_sse2_x86_64,twofish_avx_x86_64,twofish_x86_64_3way, Live 0xffffffffa0389000
lrw 13144 5 camellia_x86_64,serpent_avx_x86_64,serpent_sse2_x86_64,twofish_avx_x86_64,twofish_x86_64_3way, Live 0xffffffffa0384000
xts 12836 5 camellia_x86_64,serpent_avx_x86_64,serpent_sse2_x86_64,twofish_avx_x86_64,twofish_x86_64_3way, Live 0xffffffffa037f000
gf128mul 14332 2 lrw,xts, Live 0xffffffffa037a000
twofish_x86_64 12767 2 twofish_avx_x86_64,twofish_x86_64_3way, Live 0xffffffffa0375000
twofish_common 21013 4 twofish_generic,twofish_avx_x86_64,twofish_x86_64_3way,twofish_x86_64, Live 0xffffffffa036e000
xcbc 12815 0 - Live 0xffffffffa0369000
sha256_generic 21031 0 - Live 0xffffffffa0362000
sha512_generic 12796 0 - Live 0xffffffffa0356000
des_generic 21343 0 - Live 0xffffffffa035b000
esp4 17098 0 - Live 0xffffffffa0340000
tunnel4 13138 1 xfrm4_tunnel, Live 0xffffffffa0331000
xfrm4_mode_transport 12631 0 - Live 0xffffffffa0327000
tpm_bios 13528 0 - Live 0xffffffffa02f0000
l2tp_ppp 22661 0 - Live 0xffffffffa02e9000
pppox 13132 1 l2tp_ppp, Live 0xffffffffa02e4000
ppp_generic 32452 2 l2tp_ppp,pppox, Live 0xffffffffa02d6000
slhc 13187 1 ppp_generic, Live 0xffffffffa0276000
l2tp_netlink 17775 1 l2tp_ppp, Live 0xffffffffa02b6000
l2tp_core 24305 2 l2tp_ppp,l2tp_netlink, Live 0xffffffffa0299000
lockd 93332 0 - Live 0xffffffffa02be000
fuse 78005 3 - Live 0xffffffffa02a1000
rfcomm 68917 4 - Live 0xffffffffa0287000
bnep 19587 2 - Live 0xffffffffa0281000
binfmt_misc 17431 1 - Live 0xffffffffa027b000
snd_ens1371 25421 0 - Live 0xffffffffa026e000
gameport 14999 1 snd_ens1371, Live 0xffffffffa025c000
snd_rawmidi 29462 1 snd_ens1371, Live 0xffffffffa0265000
snd_ac97_codec 133390 1 snd_ens1371, Live 0xffffffffa023a000
btusb 23827 0 - Live 0xffffffffa022f000
ac97_bus 12718 1 snd_ac97_codec, Live 0xffffffffa0185000
bluetooth 317706 24 rfcomm,bnep,btusb, Live 0xffffffffa01e0000
coretemp 13437 0 - Live 0xffffffffa0174000
snd_seq 64808 0 - Live 0xffffffffa01cf000
snd_seq_device 14129 2 snd_rawmidi,snd_seq, Live 0xffffffffa0167000
snd_pcm 97571 2 snd_ens1371,snd_ac97_codec, Live 0xffffffffa01b6000
ppdev 17635 0 - Live 0xffffffffa01a5000
snd_timer 28815 2 snd_seq,snd_pcm, Live 0xffffffffa01ad000
snd 79417 7 snd_ens1371,snd_rawmidi,snd_ac97_codec,snd_seq,snd_seq_device,snd_pcm,snd_timer, Live 0xffffffffa0190000
soundcore 14484 1 snd, Live 0xffffffffa0128000
snd_page_alloc 18101 1 snd_pcm, Live 0xffffffffa018a000
shpchp 37094 0 - Live 0xffffffffa017a000
parport_pc 28082 0 - Live 0xffffffffa016c000
rfkill 21342 2 bluetooth, Live 0xffffffffa0152000
joydev 17412 0 - Live 0xffffffffa0112000
parport 40419 2 ppdev,parport_pc, Live 0xffffffffa015c000
e1000 145004 0 - Live 0xffffffffa012d000
i2c_piix4 13958 0 - Live 0xffffffffa010d000
vmw_balloon 13408 0 - Live 0xffffffffa0119000
microcode 23446 0 - Live 0xffffffffa0121000
sunrpc 255306 2 lockd, Live 0xffffffffa00cd000
uinput 17606 0 - Live 0xffffffffa00c7000
crc32c_intel 12858 0 - Live 0xffffffffa000b000
ghash_clmulni_intel 13180 0 - Live 0xffffffffa0051000
mptspi 22560 3 - Live 0xffffffffa0078000
mptscsih 38796 1 mptspi, Live 0xffffffffa00b9000
mptbase 99869 2 mptspi,mptscsih, Live 0xffffffffa009f000
scsi_transport_spi 30202 1 mptspi, Live 0xffffffffa005a000
vmwgfx 121268 0 - Live 0xffffffffa0080000
ttm 79618 1 vmwgfx, Live 0xffffffffa0063000
drm 255073 2 vmwgfx,ttm, Live 0xffffffffa0011000
i2c_core 38277 2 i2c_piix4,drm, Live 0xffffffffa0000000
+ _________________________ /proc/meminfo
+ cat /proc/meminfo
MemTotal: 1012544 kB
MemFree: 691524 kB
Buffers: 65172 kB
Cached: 80032 kB
SwapCached: 0 kB
Active: 131184 kB
Inactive: 87548 kB
Active(anon): 73748 kB
Inactive(anon): 432 kB
Active(file): 57436 kB
Inactive(file): 87116 kB
Unevictable: 0 kB
Mlocked: 0 kB
SwapTotal: 2030588 kB
SwapFree: 2030588 kB
Dirty: 104 kB
Writeback: 0 kB
AnonPages: 73536 kB
Mapped: 19064 kB
Shmem: 660 kB
Slab: 75348 kB
SReclaimable: 46012 kB
SUnreclaim: 29336 kB
KernelStack: 1872 kB
PageTables: 5520 kB
NFS_Unstable: 0 kB
Bounce: 0 kB
WritebackTmp: 0 kB
CommitLimit: 2536860 kB
Committed_AS: 227616 kB
VmallocTotal: 34359738367 kB
VmallocUsed: 278296 kB
VmallocChunk: 34359456904 kB
HardwareCorrupted: 0 kB
AnonHugePages: 6144 kB
HugePages_Total: 0
HugePages_Free: 0
HugePages_Rsvd: 0
HugePages_Surp: 0
Hugepagesize: 2048 kB
DirectMap4k: 61440 kB
DirectMap2M: 987136 kB
+ _________________________ /proc/net/ipsec-ls
+ test -f /proc/net/ipsec_version
+ _________________________ usr/src/linux/.config
+ test -f /proc/config.gz
++ uname -r
+ test -f /lib/modules/3.6.7-4.fc16.x86_64/build/.config
+ egrep 'CONFIG_IPSEC|CONFIG_KLIPS|CONFIG_NET_KEY|CONFIG_INET|CONFIG_IP|CONFIG_HW_RANDOM|CONFIG_CRYPTO_DEV|_XFRM'
++ uname -r
+ cat /lib/modules/3.6.7-4.fc16.x86_64/build/.config
CONFIG_IPC_NS=y
CONFIG_XFRM=y
CONFIG_XFRM_ALGO=y
CONFIG_XFRM_USER=y
CONFIG_XFRM_SUB_POLICY=y
CONFIG_XFRM_MIGRATE=y
CONFIG_XFRM_STATISTICS=y
CONFIG_XFRM_IPCOMP=m
CONFIG_NET_KEY=m
CONFIG_NET_KEY_MIGRATE=y
CONFIG_INET=y
CONFIG_IP_MULTICAST=y
CONFIG_IP_ADVANCED_ROUTER=y
CONFIG_IP_FIB_TRIE_STATS=y
CONFIG_IP_MULTIPLE_TABLES=y
CONFIG_IP_ROUTE_MULTIPATH=y
CONFIG_IP_ROUTE_VERBOSE=y
CONFIG_IP_ROUTE_CLASSID=y
# CONFIG_IP_PNP is not set
CONFIG_IP_MROUTE=y
CONFIG_IP_MROUTE_MULTIPLE_TABLES=y
CONFIG_IP_PIMSM_V1=y
CONFIG_IP_PIMSM_V2=y
CONFIG_INET_AH=m
CONFIG_INET_ESP=m
CONFIG_INET_IPCOMP=m
CONFIG_INET_XFRM_TUNNEL=m
CONFIG_INET_TUNNEL=m
CONFIG_INET_XFRM_MODE_TRANSPORT=m
CONFIG_INET_XFRM_MODE_TUNNEL=m
CONFIG_INET_XFRM_MODE_BEET=m
CONFIG_INET_LRO=y
CONFIG_INET_DIAG=m
CONFIG_INET_TCP_DIAG=m
CONFIG_INET_UDP_DIAG=m
CONFIG_IPV6=y
CONFIG_IPV6_PRIVACY=y
CONFIG_IPV6_ROUTER_PREF=y
CONFIG_IPV6_ROUTE_INFO=y
CONFIG_IPV6_OPTIMISTIC_DAD=y
CONFIG_INET6_AH=m
CONFIG_INET6_ESP=m
CONFIG_INET6_IPCOMP=m
CONFIG_IPV6_MIP6=y
CONFIG_INET6_XFRM_TUNNEL=m
CONFIG_INET6_TUNNEL=m
CONFIG_INET6_XFRM_MODE_TRANSPORT=m
CONFIG_INET6_XFRM_MODE_TUNNEL=m
CONFIG_INET6_XFRM_MODE_BEET=m
CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION=m
CONFIG_IPV6_SIT=m
CONFIG_IPV6_SIT_6RD=y
CONFIG_IPV6_NDISC_NODETYPE=y
CONFIG_IPV6_TUNNEL=m
CONFIG_IPV6_MULTIPLE_TABLES=y
CONFIG_IPV6_SUBTREES=y
CONFIG_IPV6_MROUTE=y
CONFIG_IPV6_MROUTE_MULTIPLE_TABLES=y
CONFIG_IPV6_PIMSM_V2=y
CONFIG_IP_SET=m
CONFIG_IP_SET_MAX=256
CONFIG_IP_SET_BITMAP_IP=m
CONFIG_IP_SET_BITMAP_IPMAC=m
CONFIG_IP_SET_BITMAP_PORT=m
CONFIG_IP_SET_HASH_IP=m
CONFIG_IP_SET_HASH_IPPORT=m
CONFIG_IP_SET_HASH_IPPORTIP=m
CONFIG_IP_SET_HASH_IPPORTNET=m
CONFIG_IP_SET_HASH_NET=m
CONFIG_IP_SET_HASH_NETPORT=m
CONFIG_IP_SET_HASH_NETIFACE=m
CONFIG_IP_SET_LIST_SET=m
CONFIG_IP_VS=m
CONFIG_IP_VS_IPV6=y
# CONFIG_IP_VS_DEBUG is not set
CONFIG_IP_VS_TAB_BITS=12
CONFIG_IP_VS_PROTO_TCP=y
CONFIG_IP_VS_PROTO_UDP=y
CONFIG_IP_VS_PROTO_AH_ESP=y
CONFIG_IP_VS_PROTO_ESP=y
CONFIG_IP_VS_PROTO_AH=y
CONFIG_IP_VS_PROTO_SCTP=y
CONFIG_IP_VS_RR=m
CONFIG_IP_VS_WRR=m
CONFIG_IP_VS_LC=m
CONFIG_IP_VS_WLC=m
CONFIG_IP_VS_LBLC=m
CONFIG_IP_VS_LBLCR=m
CONFIG_IP_VS_DH=m
CONFIG_IP_VS_SH=m
CONFIG_IP_VS_SED=m
CONFIG_IP_VS_NQ=m
CONFIG_IP_VS_SH_TAB_BITS=8
CONFIG_IP_VS_FTP=m
CONFIG_IP_VS_NFCT=y
CONFIG_IP_VS_PE_SIP=m
CONFIG_IP_NF_QUEUE=m
CONFIG_IP_NF_IPTABLES=y
CONFIG_IP_NF_MATCH_AH=m
CONFIG_IP_NF_MATCH_ECN=m
CONFIG_IP_NF_MATCH_RPFILTER=m
CONFIG_IP_NF_MATCH_TTL=m
CONFIG_IP_NF_FILTER=y
CONFIG_IP_NF_TARGET_REJECT=y
CONFIG_IP_NF_TARGET_ULOG=m
CONFIG_IP_NF_TARGET_MASQUERADE=m
CONFIG_IP_NF_TARGET_NETMAP=m
CONFIG_IP_NF_TARGET_REDIRECT=m
CONFIG_IP_NF_MANGLE=m
CONFIG_IP_NF_TARGET_CLUSTERIP=m
CONFIG_IP_NF_TARGET_ECN=m
CONFIG_IP_NF_TARGET_TTL=m
CONFIG_IP_NF_RAW=m
CONFIG_IP_NF_SECURITY=m
CONFIG_IP_NF_ARPTABLES=m
CONFIG_IP_NF_ARPFILTER=m
CONFIG_IP_NF_ARP_MANGLE=m
CONFIG_IP6_NF_IPTABLES=m
CONFIG_IP6_NF_MATCH_AH=m
CONFIG_IP6_NF_MATCH_EUI64=m
CONFIG_IP6_NF_MATCH_FRAG=m
CONFIG_IP6_NF_MATCH_OPTS=m
CONFIG_IP6_NF_MATCH_HL=m
CONFIG_IP6_NF_MATCH_IPV6HEADER=m
CONFIG_IP6_NF_MATCH_MH=m
CONFIG_IP6_NF_MATCH_RPFILTER=m
CONFIG_IP6_NF_MATCH_RT=m
CONFIG_IP6_NF_TARGET_HL=m
CONFIG_IP6_NF_FILTER=m
CONFIG_IP6_NF_TARGET_REJECT=m
CONFIG_IP6_NF_MANGLE=m
CONFIG_IP6_NF_RAW=m
CONFIG_IP6_NF_SECURITY=m
CONFIG_IP_DCCP=m
CONFIG_INET_DCCP_DIAG=m
# CONFIG_IP_DCCP_CCID2_DEBUG is not set
CONFIG_IP_DCCP_CCID3=y
# CONFIG_IP_DCCP_CCID3_DEBUG is not set
CONFIG_IP_DCCP_TFRC_LIB=y
# CONFIG_IP_DCCP_DEBUG is not set
CONFIG_IP_SCTP=m
CONFIG_IPX=m
# CONFIG_IPX_INTERN is not set
CONFIG_IPDDP=m
CONFIG_IPDDP_ENCAP=y
CONFIG_IPDDP_DECAP=y
CONFIG_IP1000=m
CONFIG_IPW2100=m
CONFIG_IPW2100_MONITOR=y
# CONFIG_IPW2100_DEBUG is not set
CONFIG_IPW2200=m
CONFIG_IPW2200_MONITOR=y
CONFIG_IPW2200_RADIOTAP=y
CONFIG_IPW2200_PROMISCUOUS=y
CONFIG_IPW2200_QOS=y
# CONFIG_IPW2200_DEBUG is not set
CONFIG_IPPP_FILTER=y
CONFIG_IPMI_HANDLER=m
# CONFIG_IPMI_PANIC_EVENT is not set
CONFIG_IPMI_DEVICE_INTERFACE=m
CONFIG_IPMI_SI=m
CONFIG_IPMI_WATCHDOG=m
CONFIG_IPMI_POWEROFF=m
CONFIG_HW_RANDOM=y
CONFIG_HW_RANDOM_TIMERIOMEM=m
CONFIG_HW_RANDOM_INTEL=m
CONFIG_HW_RANDOM_AMD=m
CONFIG_HW_RANDOM_VIA=m
CONFIG_HW_RANDOM_VIRTIO=m
CONFIG_IPWIRELESS=m
# CONFIG_IPACK_BUS is not set
CONFIG_SECURITY_NETWORK_XFRM=y
CONFIG_CRYPTO_DEV_PADLOCK=m
CONFIG_CRYPTO_DEV_PADLOCK_AES=m
CONFIG_CRYPTO_DEV_PADLOCK_SHA=m
+ _________________________ etc/syslog.conf
+ _________________________ etc/syslog-ng/syslog-ng.conf
+ cat /etc/syslog-ng/syslog-ng.conf
cat: /etc/syslog-ng/syslog-ng.conf: No such file or directory
+ cat /etc/syslog.conf
cat: /etc/syslog.conf: No such file or directory
+ _________________________ etc/resolv.conf
+ cat /etc/resolv.conf
# Generated by NetworkManager
domain localdomain
search localdomain
nameserver 192.168.52.2
+ _________________________ lib/modules-ls
+ ls -ltr /lib/modules
total 8
drwxr-xr-x. 7 root root 4096 Nov 29 06:18 3.1.0-7.fc16.x86_64
drwxr-xr-x. 6 root root 4096 Nov 29 14:44 3.6.7-4.fc16.x86_64
+ _________________________ fipscheck
+ cat /proc/sys/crypto/fips_enabled
0
+ _________________________ /proc/ksyms-netif_rx
+ test -r /proc/ksyms
+ test -r /proc/kallsyms
+ egrep netif_rx /proc/kallsyms
ffffffff8150ccd0 T netif_rx
ffffffff8150d000 T netif_rx_ni
ffffffff81a54c08 r __tracepoint_ptr_netif_rx
ffffffff81a56a8d r __tpstrtab_netif_rx
ffffffff81a69c30 r __ksymtab_netif_rx
ffffffff81a69c40 r __ksymtab_netif_rx_ni
ffffffff81a92b61 r __kstrtab_netif_rx_ni
ffffffff81a92b6d r __kstrtab_netif_rx
ffffffff81ca47a0 d event_netif_rx
ffffffff81cc6c80 D __tracepoint_netif_rx
ffffffff81dd4df0 t __event_netif_rx
+ _________________________ lib/modules-netif_rx
+ modulegoo kernel/net/ipv4/ipip.o netif_rx
+ set +x
3.1.0-7.fc16.x86_64:
3.6.7-4.fc16.x86_64:
+ _________________________ kern.debug
+ test -f /var/log/kern.debug
+ _________________________ klog
+ case "$1" in
+ cat
+ egrep -i 'ipsec|klips|pluto'
+ sed -n '1078,$p' /var/log/messages
Dec 31 11:55:03 localhost ipsec_setup: Starting Openswan IPsec U2.6.37/K3.6.7-4.fc16.x86_64...
Dec 31 11:55:03 localhost ipsec_setup: Using NETKEY(XFRM) stack
Dec 31 11:55:03 localhost ipsec_setup: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
Dec 31 11:55:03 localhost ipsec_setup: ...Openswan IPsec started
Dec 31 11:55:03 localhost ipsec__plutorun: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
Dec 31 11:55:03 localhost ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
Dec 31 11:55:03 localhost pluto: adjusting ipsec.d to /etc/ipsec.d
Dec 31 11:55:03 localhost ipsec__plutorun: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
Dec 31 11:55:03 localhost ipsec__plutorun: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
Dec 31 11:55:03 localhost ipsec__plutorun: 002 added connection description "L2TP-PSK"
+ _________________________ plog
+ case "$1" in
+ cat
+ egrep -i pluto
+ sed -n '261,$p' /var/log/secure
Dec 31 11:55:03 localhost ipsec__plutorun: Starting Pluto subsystem...
Dec 31 11:55:03 localhost pluto[7545]: nss directory plutomain: /etc/ipsec.d
Dec 31 11:55:03 localhost pluto[7545]: NSS Initialized
Dec 31 11:55:03 localhost pluto[7545]: Non-fips mode set in /proc/sys/crypto/fips_enabled
Dec 31 11:55:03 localhost pluto[7545]: Starting Pluto (Openswan Version 2.6.37; Vendor ID OEu\134d\134jy\134\134ap) pid:7545
Dec 31 11:55:03 localhost pluto[7545]: Non-fips mode set in /proc/sys/crypto/fips_enabled
Dec 31 11:55:03 localhost pluto[7545]: LEAK_DETECTIVE support [disabled]
Dec 31 11:55:03 localhost pluto[7545]: OCF support for IKE [disabled]
Dec 31 11:55:03 localhost pluto[7545]: SAref support [disabled]: Protocol not available
Dec 31 11:55:03 localhost pluto[7545]: SAbind support [disabled]: Protocol not available
Dec 31 11:55:03 localhost pluto[7545]: NSS support [enabled]
Dec 31 11:55:03 localhost pluto[7545]: HAVE_STATSD notification support not compiled in
Dec 31 11:55:03 localhost pluto[7545]: Setting NAT-Traversal port-4500 floating to off
Dec 31 11:55:03 localhost pluto[7545]: port floating activation criteria nat_t=0/port_float=1
Dec 31 11:55:03 localhost pluto[7545]: NAT-Traversal support [disabled]
Dec 31 11:55:03 localhost pluto[7545]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
Dec 31 11:55:03 localhost pluto[7545]: starting up 1 cryptographic helpers
Dec 31 11:55:03 localhost pluto[7545]: started helper (thread) pid=139706525218560 (fd:7)
Dec 31 11:55:03 localhost pluto[7545]: Using Linux 2.6 IPsec interface code on 3.6.7-4.fc16.x86_64 (experimental code)
Dec 31 11:55:03 localhost pluto[7545]: ike_alg_register_enc(): Activating aes_ccm_8: Ok (ret=0)
Dec 31 11:55:03 localhost pluto[7545]: ike_alg_add(): ERROR: Algorithm already exists
Dec 31 11:55:03 localhost pluto[7545]: ike_alg_register_enc(): Activating aes_ccm_12: FAILED (ret=-17)
Dec 31 11:55:03 localhost pluto[7545]: ike_alg_add(): ERROR: Algorithm already exists
Dec 31 11:55:03 localhost pluto[7545]: ike_alg_register_enc(): Activating aes_ccm_16: FAILED (ret=-17)
Dec 31 11:55:03 localhost pluto[7545]: ike_alg_add(): ERROR: Algorithm already exists
Dec 31 11:55:03 localhost pluto[7545]: ike_alg_register_enc(): Activating aes_gcm_8: FAILED (ret=-17)
Dec 31 11:55:03 localhost pluto[7545]: ike_alg_add(): ERROR: Algorithm already exists
Dec 31 11:55:03 localhost pluto[7545]: ike_alg_register_enc(): Activating aes_gcm_12: FAILED (ret=-17)
Dec 31 11:55:03 localhost pluto[7545]: ike_alg_add(): ERROR: Algorithm already exists
Dec 31 11:55:03 localhost pluto[7545]: ike_alg_register_enc(): Activating aes_gcm_16: FAILED (ret=-17)
Dec 31 11:55:03 localhost pluto[7545]: Could not change to directory '/etc/ipsec.d/cacerts': /
Dec 31 11:55:03 localhost pluto[7545]: Could not change to directory '/etc/ipsec.d/aacerts': /
Dec 31 11:55:03 localhost pluto[7545]: Could not change to directory '/etc/ipsec.d/ocspcerts': /
Dec 31 11:55:03 localhost pluto[7545]: Could not change to directory '/etc/ipsec.d/crls'
Dec 31 11:55:03 localhost pluto[7545]: added connection description "L2TP-PSK"
Dec 31 11:55:03 localhost pluto[7545]: listening for IKE messages
Dec 31 11:55:03 localhost pluto[7545]: adding interface ppp0/ppp0 10.10.10.1:500
Dec 31 11:55:03 localhost pluto[7545]: adding interface eth0/eth0 192.168.52.245:500
Dec 31 11:55:03 localhost pluto[7545]: adding interface lo/lo 127.0.0.1:500
Dec 31 11:55:03 localhost pluto[7545]: adding interface lo/lo ::1:500
Dec 31 11:55:03 localhost pluto[7545]: loading secrets from "/etc/ipsec.secrets"
Dec 31 11:55:03 localhost pluto[7545]: loading secrets from "/etc/ipsec.d/test.secrets"
Dec 31 11:55:04 localhost pluto[7545]: packet from 192.168.52.1:500: ignoring Vendor ID payload [MS NT5 ISAKMPOAKLEY 00000008]
Dec 31 11:55:04 localhost pluto[7545]: packet from 192.168.52.1:500: received Vendor ID payload [RFC 3947] meth=109, but port floating is off
Dec 31 11:55:04 localhost pluto[7545]: packet from 192.168.52.1:500: received Vendor ID payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but port floating is off
Dec 31 11:55:04 localhost pluto[7545]: packet from 192.168.52.1:500: ignoring Vendor ID payload [FRAGMENTATION]
Dec 31 11:55:04 localhost pluto[7545]: packet from 192.168.52.1:500: ignoring Vendor ID payload [MS-Negotiation Discovery Capable]
Dec 31 11:55:04 localhost pluto[7545]: packet from 192.168.52.1:500: ignoring Vendor ID payload [Vid-Initial-Contact]
Dec 31 11:55:04 localhost pluto[7545]: packet from 192.168.52.1:500: ignoring Vendor ID payload [IKE CGA version 1]
Dec 31 11:55:04 localhost pluto[7545]: "L2TP-PSK" #1: responding to Main Mode
Dec 31 11:55:04 localhost pluto[7545]: "L2TP-PSK" #1: OAKLEY_GROUP 20 not supported. Attribute OAKLEY_GROUP_DESCRIPTION
Dec 31 11:55:04 localhost pluto[7545]: "L2TP-PSK" #1: OAKLEY_GROUP 19 not supported. Attribute OAKLEY_GROUP_DESCRIPTION
Dec 31 11:55:04 localhost pluto[7545]: "L2TP-PSK" #1: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1
Dec 31 11:55:04 localhost pluto[7545]: "L2TP-PSK" #1: STATE_MAIN_R1: sent MR1, expecting MI2
Dec 31 11:55:04 localhost pluto[7545]: "L2TP-PSK" #1: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2
Dec 31 11:55:04 localhost pluto[7545]: "L2TP-PSK" #1: STATE_MAIN_R2: sent MR2, expecting MI3
Dec 31 11:55:04 localhost pluto[7545]: "L2TP-PSK" #1: Main mode peer ID is ID_IPV4_ADDR: '192.168.52.1'
Dec 31 11:55:04 localhost pluto[7545]: "L2TP-PSK" #1: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3
Dec 31 11:55:04 localhost pluto[7545]: "L2TP-PSK" #1: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_256 prf=oakley_sha group=modp2048}
Dec 31 11:55:04 localhost pluto[7545]: "L2TP-PSK" #1: the peer proposed: 192.168.52.245/32:17/1701 -> 192.168.52.1/32:17/0
Dec 31 11:55:04 localhost pluto[7545]: "L2TP-PSK" #2: responding to Quick Mode proposal {msgid:01000000}
Dec 31 11:55:04 localhost pluto[7545]: "L2TP-PSK" #2: us: 192.168.52.245[+S=C]:17/1701
Dec 31 11:55:04 localhost pluto[7545]: "L2TP-PSK" #2: them: 192.168.52.1<192.168.52.1>[+S=C]:17/0
Dec 31 11:55:04 localhost pluto[7545]: "L2TP-PSK" #2: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1
Dec 31 11:55:04 localhost pluto[7545]: "L2TP-PSK" #2: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2
Dec 31 11:55:04 localhost pluto[7545]: "L2TP-PSK" #2: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
Dec 31 11:55:04 localhost pluto[7545]: "L2TP-PSK" #2: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0xf9e67465 <0x9bbd081e xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=none}
Dec 31 11:57:40 localhost pluto[7545]: "L2TP-PSK" #1: received Delete SA(0xf9e67465) payload: deleting IPSEC State #2
Dec 31 11:57:40 localhost pluto[7545]: "L2TP-PSK" #1: received and ignored informational message
Dec 31 11:57:40 localhost pluto[7545]: "L2TP-PSK" #1: received Delete SA payload: deleting ISAKMP State #1
Dec 31 11:57:40 localhost pluto[7545]: packet from 192.168.52.1:500: received and ignored informational message
+ _________________________ date
+ date
Mon Dec 32 12:19:43 PST 2012
Thanks for any help you can give,
Blake Langland
Software Engineer
Integritry Applications Incorporated
blangland at integrity-apps.com<mailto:blangland at integrity-apps.com>
760-602-3400 x5322
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20121231/26a60edc/attachment-0001.html>
More information about the Users
mailing list