[Openswan Users] SA Established, no ping
Patrick Naubert
patrickn at xelerance.com
Tue May 7 01:34:20 UTC 2013
Rescued from the Spam bucket. Please remember to subscribe to the mailing list before posting to it.
Begin forwarded message:
From: "serzer at gmail.com" <serzer at gmail.com>
Subject: SA Established, no ping
Date: 3 May, 2013 8:59:36 PM EDT
To: users at lists.openswan.org
Hello, I am trying to establish connection between my mikrotik router and CentOS 6.4 server
Looks like ipsec tunnel is establishing, but i am not able to ping my router:
[root at ks3307690 ~]# ping 192.168.0.1
PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data.
^C
--- 192.168.0.1 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2285ms
[root at ks3307690 ~]# traceroute 192.168.0.1
traceroute to 192.168.0.1 (192.168.0.1), 30 hops max, 60 byte packets
1 178.32.223.253 (178.32.223.253) 0.842 ms^C
here is the barf log:
[root at ks3307690 ~]# ipsec barf
ks3307690.kimsufi.com
Sat May 4 02:55:49 CEST 2013
+ _________________________ version
+ ipsec --version
Linux Openswan U2.6.32/K2.6.32-358.6.1.el6.x86_64 (netkey)
See `ipsec --copyright' for copyright information.
+ _________________________ /proc/version
+ cat /proc/version
Linux version 2.6.32-358.6.1.el6.x86_64 (mockbuild at c6b9.bsys.dev.centos.org) (gcc version 4.4.7 20120313 (Red Hat 4.4.7-3) (GCC) ) #1 SMP Tue Apr 23 19:29:00 UTC 2013
+ _________________________ /proc/net/ipsec_eroute
+ test -r /proc/net/ipsec_eroute
+ _________________________ netstat-rn
+ netstat -nr
+ head -n 100
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
178.32.223.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
0.0.0.0 178.32.223.254 0.0.0.0 UG 0 0 0 eth0
+ _________________________ /proc/net/ipsec_spi
+ test -r /proc/net/ipsec_spi
+ _________________________ /proc/net/ipsec_spigrp
+ test -r /proc/net/ipsec_spigrp
+ _________________________ /proc/net/ipsec_tncfg
+ test -r /proc/net/ipsec_tncfg
+ _________________________ /proc/net/pfkey
+ test -r /proc/net/pfkey
+ cat /proc/net/pfkey
sk RefCnt Rmem Wmem User Inode
+ _________________________ ip-xfrm-state
+ ip xfrm state
src 82.198.121.45 dst 179.34.222.31
proto esp spi 0x743427d2 reqid 16389 mode tunnel
replay-window 32 flag 20
auth hmac(sha1) 0x0ec98333b7b35011dd556775706927fb24bc91b4
enc cbc(des3_ede) 0x5acc8c5560d040f567ead8e79977da51e0c50db968e4aa15
src 179.34.222.31 dst 82.198.121.45
proto esp spi 0x01eea26a reqid 16389 mode tunnel
replay-window 32 flag 20
auth hmac(sha1) 0x2564bcea5b8774578011ab4ab09bd9323f436f16
enc cbc(des3_ede) 0x059e52c2b2dd0dbca0342ff5be47c5a908f1be5bb4de6447
+ _________________________ ip-xfrm-policy
+ ip xfrm policy
src 192.168.1.0/24 dst 192.168.0.0/24
dir out priority 2344 ptype main
tmpl src 179.34.222.31 dst 82.198.121.45
proto esp reqid 16389 mode tunnel
src 192.168.0.0/24 dst 192.168.1.0/24
dir fwd priority 2344 ptype main
tmpl src 82.198.121.45 dst 179.34.222.31
proto esp reqid 16389 mode tunnel
src 192.168.0.0/24 dst 192.168.1.0/24
dir in priority 2344 ptype main
tmpl src 82.198.121.45 dst 179.34.222.31
proto esp reqid 16389 mode tunnel
src ::/0 dst ::/0
dir 4 priority 0 ptype main
src ::/0 dst ::/0
dir 3 priority 0 ptype main
src ::/0 dst ::/0
dir 4 priority 0 ptype main
src ::/0 dst ::/0
dir 3 priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
dir 4 priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
dir 3 priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
dir 4 priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
dir 3 priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
dir 4 priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
dir 3 priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
dir 4 priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
dir 3 priority 0 ptype main
+ _________________________ /proc/crypto
+ test -r /proc/crypto
+ cat /proc/crypto
name : authenc(hmac(sha1),cbc(des3_ede))
driver : authenc(hmac(sha1-generic),cbc(des3_ede-generic))
module : authenc
priority : 0
refcnt : 3
selftest : passed
type : aead
async : no
blocksize : 8
ivsize : 8
maxauthsize : 20
geniv : <built-in>
name : cbc(des3_ede)
driver : cbc(des3_ede-generic)
module : kernel
priority : 0
refcnt : 3
selftest : passed
type : givcipher
async : no
blocksize : 8
min keysize : 24
max keysize : 24
ivsize : 8
geniv : eseqiv
name : deflate
driver : deflate-generic
module : deflate
priority : 0
refcnt : 1
selftest : passed
type : compression
name : rfc3686(ctr(aes))
driver : rfc3686(ctr(aes-asm))
module : ctr
priority : 200
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 1
min keysize : 20
max keysize : 36
ivsize : 8
geniv : seqiv
name : ctr(aes)
driver : ctr(aes-asm)
module : ctr
priority : 200
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 1
min keysize : 16
max keysize : 32
ivsize : 16
geniv : chainiv
name : cbc(twofish)
driver : cbc(twofish-asm)
module : cbc
priority : 200
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 16
geniv : <default>
name : cbc(camellia)
driver : cbc(camellia-generic)
module : cbc
priority : 100
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 16
geniv : <default>
name : camellia
driver : camellia-generic
module : camellia
priority : 100
refcnt : 1
selftest : passed
type : cipher
blocksize : 16
min keysize : 16
max keysize : 32
name : cbc(serpent)
driver : cbc(serpent-generic)
module : cbc
priority : 0
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 16
min keysize : 0
max keysize : 32
ivsize : 16
geniv : <default>
name : cbc(aes)
driver : cbc(aes-asm)
module : cbc
priority : 200
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 16
geniv : <default>
name : cbc(blowfish)
driver : cbc(blowfish-generic)
module : cbc
priority : 0
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 8
min keysize : 4
max keysize : 56
ivsize : 8
geniv : <default>
name : cbc(cast5)
driver : cbc(cast5-generic)
module : cbc
priority : 0
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 8
min keysize : 5
max keysize : 16
ivsize : 8
geniv : <default>
name : cast5
driver : cast5-generic
module : cast5
priority : 0
refcnt : 1
selftest : passed
type : cipher
blocksize : 8
min keysize : 5
max keysize : 16
name : cbc(des3_ede)
driver : cbc(des3_ede-generic)
module : cbc
priority : 0
refcnt : 3
selftest : passed
type : blkcipher
blocksize : 8
min keysize : 24
max keysize : 24
ivsize : 8
geniv : <default>
name : cbc(des)
driver : cbc(des-generic)
module : cbc
priority : 0
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 8
min keysize : 8
max keysize : 8
ivsize : 8
geniv : <default>
name : xcbc(aes)
driver : xcbc(aes-asm)
module : xcbc
priority : 200
refcnt : 1
selftest : passed
type : shash
blocksize : 16
digestsize : 16
name : hmac(rmd160)
driver : hmac(rmd160-generic)
module : kernel
priority : 0
refcnt : 1
selftest : passed
type : shash
blocksize : 64
digestsize : 20
name : rmd160
driver : rmd160-generic
module : rmd160
priority : 0
refcnt : 1
selftest : passed
type : shash
blocksize : 64
digestsize : 20
name : hmac(sha512)
driver : hmac(sha512-generic)
module : kernel
priority : 0
refcnt : 1
selftest : passed
type : shash
blocksize : 128
digestsize : 64
name : hmac(sha384)
driver : hmac(sha384-generic)
module : kernel
priority : 0
refcnt : 1
selftest : passed
type : shash
blocksize : 128
digestsize : 48
name : hmac(sha256)
driver : hmac(sha256-generic)
module : kernel
priority : 0
refcnt : 1
selftest : passed
type : shash
blocksize : 64
digestsize : 32
name : hmac(sha1)
driver : hmac(sha1-generic)
module : kernel
priority : 0
refcnt : 5
selftest : passed
type : shash
blocksize : 64
digestsize : 20
name : hmac(md5)
driver : hmac(md5-generic)
module : kernel
priority : 0
refcnt : 1
selftest : passed
type : shash
blocksize : 64
digestsize : 16
name : compress_null
driver : compress_null-generic
module : crypto_null
priority : 0
refcnt : 1
selftest : passed
type : compression
name : digest_null
driver : digest_null-generic
module : crypto_null
priority : 0
refcnt : 1
selftest : passed
type : shash
blocksize : 1
digestsize : 0
name : ecb(cipher_null)
driver : ecb-cipher_null
module : crypto_null
priority : 100
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 1
min keysize : 0
max keysize : 0
ivsize : 0
geniv : <default>
name : cipher_null
driver : cipher_null-generic
module : crypto_null
priority : 0
refcnt : 1
selftest : passed
type : cipher
blocksize : 1
min keysize : 0
max keysize : 0
name : tnepres
driver : tnepres-generic
module : serpent
priority : 0
refcnt : 1
selftest : passed
type : cipher
blocksize : 16
min keysize : 0
max keysize : 32
name : serpent
driver : serpent-generic
module : serpent
priority : 0
refcnt : 1
selftest : passed
type : cipher
blocksize : 16
min keysize : 0
max keysize : 32
name : blowfish
driver : blowfish-generic
module : blowfish
priority : 0
refcnt : 1
selftest : passed
type : cipher
blocksize : 8
min keysize : 4
max keysize : 56
name : twofish
driver : twofish-asm
module : twofish_x86_64
priority : 200
refcnt : 1
selftest : passed
type : cipher
blocksize : 16
min keysize : 16
max keysize : 32
name : sha256
driver : sha256-generic
module : sha256_generic
priority : 0
refcnt : 1
selftest : passed
type : shash
blocksize : 64
digestsize : 32
name : sha224
driver : sha224-generic
module : sha256_generic
priority : 0
refcnt : 1
selftest : passed
type : shash
blocksize : 64
digestsize : 28
name : sha512
driver : sha512-generic
module : sha512_generic
priority : 0
refcnt : 1
selftest : passed
type : shash
blocksize : 128
digestsize : 64
name : sha384
driver : sha384-generic
module : sha512_generic
priority : 0
refcnt : 1
selftest : passed
type : shash
blocksize : 128
digestsize : 48
name : des3_ede
driver : des3_ede-generic
module : des_generic
priority : 0
refcnt : 3
selftest : passed
type : cipher
blocksize : 8
min keysize : 24
max keysize : 24
name : des
driver : des-generic
module : des_generic
priority : 0
refcnt : 1
selftest : passed
type : cipher
blocksize : 8
min keysize : 8
max keysize : 8
name : aes
driver : aes-asm
module : aes_x86_64
priority : 200
refcnt : 1
selftest : passed
type : cipher
blocksize : 16
min keysize : 16
max keysize : 32
name : aes
driver : aes-generic
module : aes_generic
priority : 100
refcnt : 1
selftest : passed
type : cipher
blocksize : 16
min keysize : 16
max keysize : 32
name : stdrng
driver : krng
module : kernel
priority : 200
refcnt : 2
selftest : passed
type : rng
seedsize : 0
name : crc32c
driver : crc32c-generic
module : kernel
priority : 100
refcnt : 1
selftest : passed
type : shash
blocksize : 1
digestsize : 4
name : sha1
driver : sha1-generic
module : kernel
priority : 0
refcnt : 3
selftest : passed
type : shash
blocksize : 64
digestsize : 20
name : md5
driver : md5-generic
module : kernel
priority : 0
refcnt : 1
selftest : passed
type : shash
blocksize : 64
digestsize : 16
+ __________________________/proc/sys/net/core/xfrm-star
/usr/libexec/ipsec/barf: line 190: __________________________/proc/sys/net/core/xfrm-star: No such file or directory
+ for i in '/proc/sys/net/core/xfrm_*'
+ echo -n '/proc/sys/net/core/xfrm_acq_expires: '
/proc/sys/net/core/xfrm_acq_expires: + cat /proc/sys/net/core/xfrm_acq_expires
30
+ for i in '/proc/sys/net/core/xfrm_*'
+ echo -n '/proc/sys/net/core/xfrm_aevent_etime: '
/proc/sys/net/core/xfrm_aevent_etime: + cat /proc/sys/net/core/xfrm_aevent_etime
10
+ for i in '/proc/sys/net/core/xfrm_*'
+ echo -n '/proc/sys/net/core/xfrm_aevent_rseqth: '
/proc/sys/net/core/xfrm_aevent_rseqth: + cat /proc/sys/net/core/xfrm_aevent_rseqth
2
+ for i in '/proc/sys/net/core/xfrm_*'
+ echo -n '/proc/sys/net/core/xfrm_larval_drop: '
/proc/sys/net/core/xfrm_larval_drop: + cat /proc/sys/net/core/xfrm_larval_drop
1
+ _________________________ /proc/sys/net/ipsec-star
+ test -d /proc/sys/net/ipsec
+ _________________________ ipsec/status
+ ipsec auto --status
000 using kernel interface: netkey
000 interface eth0/eth0 2001:41d0:8:e242::1
000 interface lo/lo ::1
000 interface lo/lo 127.0.0.1
000 interface lo/lo 127.0.0.1
000 interface eth0/eth0 179.34.222.31
000 interface eth0/eth0 179.34.222.31
000 %myid = (none)
000 debug none
000
000 virtual_private (%priv):
000 - allowed 0 subnets:
000 - disallowed 0 subnets:
000 WARNING: Either virtual_private= is not specified, or there is a syntax
000 error in that line. 'left/rightsubnet=vhost:%priv' will not work!
000 WARNING: Disallowed subnets in virtual_private= is empty. If you have
000 private address space in internal use, it should be excluded!
000
000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64, keysizemax=64
000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192, keysizemax=192
000 algorithm ESP encrypt: id=6, name=ESP_CAST, ivlen=8, keysizemin=40, keysizemax=128
000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8, keysizemin=40, keysizemax=448
000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0, keysizemax=0
000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=13, name=ESP_AES_CTR, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=14, name=ESP_AES_CCM_A, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=15, name=ESP_AES_CCM_B, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=16, name=ESP_AES_CCM_C, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=18, name=ESP_AES_GCM_A, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=19, name=ESP_AES_GCM_B, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=20, name=ESP_AES_GCM_C, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=22, name=ESP_CAMELLIA, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160
000 algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256, keysizemin=256, keysizemax=256
000 algorithm ESP auth attr: id=6, name=AUTH_ALGORITHM_HMAC_SHA2_384, keysizemin=384, keysizemax=384
000 algorithm ESP auth attr: id=7, name=AUTH_ALGORITHM_HMAC_SHA2_512, keysizemin=512, keysizemax=512
000 algorithm ESP auth attr: id=8, name=AUTH_ALGORITHM_HMAC_RIPEMD, keysizemin=160, keysizemax=160
000 algorithm ESP auth attr: id=9, name=AUTH_ALGORITHM_AES_CBC, keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=251, name=(null), keysizemin=0, keysizemax=0
000
000 algorithm IKE encrypt: id=0, name=(null), blocksize=16, keydeflen=131
000 algorithm IKE encrypt: id=3, name=OAKLEY_BLOWFISH_CBC, blocksize=8, keydeflen=128
000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8, keydeflen=192
000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: id=65004, name=OAKLEY_SERPENT_CBC, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: id=65005, name=OAKLEY_TWOFISH_CBC, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: id=65289, name=OAKLEY_TWOFISH_CBC_SSH, blocksize=16, keydeflen=128
000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20
000 algorithm IKE hash: id=4, name=OAKLEY_SHA2_256, hashsize=32
000 algorithm IKE hash: id=6, name=OAKLEY_SHA2_512, hashsize=64
000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
000 algorithm IKE dh group: id=22, name=OAKLEY_GROUP_DH22, bits=1024
000 algorithm IKE dh group: id=23, name=OAKLEY_GROUP_DH23, bits=2048
000 algorithm IKE dh group: id=24, name=OAKLEY_GROUP_DH24, bits=2048
000
000 stats db_ops: {curr_cnt, total_cnt, maxsz} :context={0,0,0} trans={0,0,0} attrs={0,0,0}
000
000 "mikrotik": 192.168.1.0/24===179.34.222.31<179.34.222.31>[+S=C]...192.168.0.1---82.198.121.45<82.198.121.45>[+S=C]===192.168.0.0/24; erouted; eroute owner: #7
000 "mikrotik": myip=unset; hisip=unset;
000 "mikrotik": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
000 "mikrotik": policy: PSK+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW+SAREFTRACK+lKOD+rKOD; prio: 24,24; interface: eth0;
000 "mikrotik": newest ISAKMP SA: #6; newest IPsec SA: #7;
000 "mikrotik": IKE algorithm newest: 3DES_CBC_192-SHA1-MODP1024
000
000 #7: "mikrotik":500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 27750s; newest IPSEC; eroute owner; isakmp#6; idle; import:admin initiate
000 #7: "mikrotik" esp.1eea26a at 82.198.121.45 esp.743427d2 at 179.34.222.31 tun.0 at 82.198.121.45 tun.0 at 179.34.222.31 ref=0 refhim=4294901761
000 #6: "mikrotik":500 STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 2625s; newest ISAKMP; lastdpd=-1s(seq in:0 out:0); idle; import:admin initiate
000
+ _________________________ ifconfig-a
+ ifconfig -a
eth0 Link encap:Ethernet HWaddr 4C:72:B9:D1:C4:25
inet addr:179.34.222.31 Bcast:178.32.223.255 Mask:255.255.255.0
inet6 addr: 2001:41d0:8:e242::1/64 Scope:Global
inet6 addr: fe80::4e72:b9ff:fed1:c425/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:17969 errors:0 dropped:0 overruns:0 frame:0
TX packets:48900 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1532137 (1.4 MiB) TX bytes:14568681 (13.8 MiB)
Interrupt:20 Memory:fe500000-fe520000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:248 errors:0 dropped:0 overruns:0 frame:0
TX packets:248 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:39867 (38.9 KiB) TX bytes:39867 (38.9 KiB)
+ _________________________ ip-addr-list
+ ip addr list
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 4c:72:b9:d1:c4:25 brd ff:ff:ff:ff:ff:ff
inet 179.34.222.31/24 brd 178.32.223.255 scope global eth0
inet6 2001:41d0:8:e242::1/64 scope global
valid_lft forever preferred_lft forever
inet6 fe80::4e72:b9ff:fed1:c425/64 scope link
valid_lft forever preferred_lft forever
+ _________________________ ip-route-list
+ ip route list
178.32.223.0/24 dev eth0 proto kernel scope link src 179.34.222.31
default via 178.32.223.254 dev eth0
+ _________________________ ip-rule-list
+ ip rule list
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
+ _________________________ ipsec_verify
+ ipsec verify --nocolour
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Linux Openswan U2.6.32/K2.6.32-358.6.1.el6.x86_64 (netkey)
Checking for IPsec support in kernel [OK]
SAref kernel support [N/A]
NETKEY: Testing for disabled ICMP send_redirects [OK]
NETKEY detected, testing for disabled ICMP accept_redirects [OK]
Testing against enforced SElinux mode [OK]
Checking that pluto is running [OK]
Pluto listening for IKE on udp 500 [OK]
Pluto listening for NAT-T on udp 4500 [OK]
Checking for 'ip' command [OK]
Checking /bin/sh is not /bin/dash [OK]
Checking for 'iptables' command [OK]
Opportunistic Encryption Support [DISABLED]
+ _________________________ mii-tool
+ '[' -x /sbin/mii-tool ']'
+ /sbin/mii-tool -v
No interface specified
usage: /sbin/mii-tool [-VvRrwl] [-A media,... | -F media] <interface> ...
-V, --version display version information
-v, --verbose more verbose output
-R, --reset reset MII to poweron state
-r, --restart restart autonegotiation
-w, --watch monitor for link status changes
-l, --log with -w, write events to syslog
-A, --advertise=media,... advertise only specified media
-F, --force=media force specified media technology
media: 100baseT4, 100baseTx-FD, 100baseTx-HD, 10baseT-FD, 10baseT-HD,
(to advertise both HD and FD) 100baseTx, 10baseT
+ _________________________ ipsec/directory
+ ipsec --directory
/usr/libexec/ipsec
+ _________________________ hostname/fqdn
+ hostname --fqdn
ks3307690.kimsufi.com
+ _________________________ hostname/ipaddress
+ hostname --ip-address
179.34.222.31
+ _________________________ uptime
+ uptime
02:55:49 up 1:09, 2 users, load average: 0.06, 0.03, 0.00
+ _________________________ ps
+ ps alxwf
+ egrep -i 'ppid|pluto|ipsec|klips'
F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME COMMAND
4 0 7913 1701 20 0 106064 1480 wait S+ pts/0 0:00 | \_ /bin/sh /usr/libexec/ipsec/barf
0 0 7978 7913 20 0 4148 672 pipe_w S+ pts/0 0:00 | \_ egrep -i ppid|pluto|ipsec|klips
1 0 4897 1 20 0 9192 524 wait S pts/0 0:00 /bin/sh /usr/libexec/ipsec/_plutorun --debug --uniqueids yes --force_busy no --nocrsend no --strictcrlpolicy no --nat_traversal yes --keep_alive --protostack netkey --force_keepalive no --disable_port_floating no --virtual_private oe=off --listen --crlcheckinterval 0 --ocspuri --nhelpers --secctx_attr_value --dump --opts --stderrlog --wait no --pre --post --log daemon.error --plutorestartoncrash true --pid /var/run/pluto/pluto.pid
1 0 4899 4897 20 0 9192 692 wait S pts/0 0:00 \_ /bin/sh /usr/libexec/ipsec/_plutorun --debug --uniqueids yes --force_busy no --nocrsend no --strictcrlpolicy no --nat_traversal yes --keep_alive --protostack netkey --force_keepalive no --disable_port_floating no --virtual_private oe=off --listen --crlcheckinterval 0 --ocspuri --nhelpers --secctx_attr_value --dump --opts --stderrlog --wait no --pre --post --log daemon.error --plutorestartoncrash true --pid /var/run/pluto/pluto.pid
4 0 4903 4899 20 0 313724 7860 poll_s Sl pts/0 0:00 | \_ /usr/libexec/ipsec/pluto --nofork --secretsfile /etc/ipsec.secrets --ipsecdir /etc/ipsec.d --use-netkey --uniqueids --nat_traversal --virtual_private oe=off
0 0 4934 4903 20 0 6080 404 poll_s S pts/0 0:00 | \_ _pluto_adns
0 0 4900 4897 20 0 9192 1316 pipe_w S pts/0 0:00 \_ /bin/sh /usr/libexec/ipsec/_plutoload --wait no --post
0 0 4898 1 20 0 4056 664 pipe_w S pts/0 0:00 logger -s -p daemon.error -t ipsec__plutorun
+ _________________________ ipsec/showdefaults
+ ipsec showdefaults
routephys=eth0
routevirt=none
routeaddr=179.34.222.31
routenexthop=178.32.223.254
+ _________________________ ipsec/conf
+ ipsec _include /etc/ipsec.conf
+ ipsec _keycensor
#< /etc/ipsec.conf 1
# /etc/ipsec.conf - Openswan IPsec configuration file
#
# Manual: ipsec.conf.5
#
# Please place your own config files in /etc/ipsec.d/ ending in .conf
version 2.0 # conforms to second version of ipsec.conf specification
# basic configuration
config setup
# Debug-logging controls: "none" for (almost) none, "all" for lots.
# klipsdebug=none
# plutodebug="control parsing"
# For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
#protostack=klips
interfaces=%defaultroute
protostack=netkey
nat_traversal=yes
virtual_private=
oe=off
# Enable this if you see "failed to find any available worker"
# nhelpers=0
conn mikrotik
left=179.34.222.31
leftsubnet=192.168.1.0/24
#leftnexthop=%defaultroute
right=82.198.121.45
rightsubnet=192.168.0.0/24
rightnexthop=192.168.0.1
type=tunnel
authby=secret
auto=start
#You may put your configuration (.conf) file in the "/etc/ipsec.d/" and uncomment this.
#include /etc/ipsec.d/*.conf
+ _________________________ ipsec/secrets
+ ipsec _include /etc/ipsec.secrets
+ ipsec _secretcensor
#< /etc/ipsec.secrets 1
#:cannot open configuration file \'/etc/ipsec.d/*.secrets\'
#> /etc/ipsec.secrets 2
179.34.222.31 82.198.121.45: PSK "[sums to 354c...]"
+ _________________________ ipsec/listall
+ ipsec auto --listall
000
000 List of Public Keys:
000
000 List of Pre-shared secrets (from /etc/ipsec.secrets)
000 2: PSK 82.198.121.45 179.34.222.31
+ '[' /etc/ipsec.d/policies ']'
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/block
+ base=block
+ _________________________ ipsec/policies/block
+ cat /etc/ipsec.d/policies/block
# This file defines the set of CIDRs (network/mask-length) to which
# communication should never be allowed.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: block.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/clear
+ base=clear
+ _________________________ ipsec/policies/clear
+ cat /etc/ipsec.d/policies/clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be in the clear.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# root name servers should be in the clear
192.58.128.30/32
198.41.0.4/32
192.228.79.201/32
192.33.4.12/32
128.8.10.90/32
192.203.230.10/32
192.5.5.241/32
192.112.36.4/32
128.63.2.53/32
192.36.148.17/32
193.0.14.129/32
199.7.83.42/32
202.12.27.33/32
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/clear-or-private
+ base=clear-or-private
+ _________________________ ipsec/policies/clear-or-private
+ cat /etc/ipsec.d/policies/clear-or-private
# This file defines the set of CIDRs (network/mask-length) to which
# we will communicate in the clear, or, if the other side initiates IPSEC,
# using encryption. This behaviour is also called "Opportunistic Responder".
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: clear-or-private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/private
+ base=private
+ _________________________ ipsec/policies/private
+ cat /etc/ipsec.d/policies/private
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be private (i.e. encrypted).
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/private-or-clear
+ base=private-or-clear
+ _________________________ ipsec/policies/private-or-clear
+ cat /etc/ipsec.d/policies/private-or-clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should be private, if possible, but in the clear otherwise.
#
# If the target has a TXT (later IPSECKEY) record that specifies
# authentication material, we will require private (i.e. encrypted)
# communications. If no such record is found, communications will be
# in the clear.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: private-or-clear.in,v 1.5 2003/02/17 02:22:15 mcr Exp $
#
0.0.0.0/0
+ _________________________ ipsec/ls-libdir
+ ls -l /usr/libexec/ipsec
total 2676
-rwxr-xr-x. 1 root root 10592 Sep 24 2012 _copyright
-rwxr-xr-x. 1 root root 2430 Sep 24 2012 _include
-rwxr-xr-x. 1 root root 1475 Sep 24 2012 _keycensor
-rwxr-xr-x. 1 root root 14528 Sep 24 2012 _pluto_adns
-rwxr-xr-x. 1 root root 2567 Sep 24 2012 _plutoload
-rwxr-xr-x. 1 root root 8474 Sep 24 2012 _plutorun
-rwxr-xr-x. 1 root root 13671 Sep 24 2012 _realsetup
-rwxr-xr-x. 1 root root 1975 Sep 24 2012 _secretcensor
-rwxr-xr-x. 1 root root 11507 Sep 24 2012 _startklips
-rwxr-xr-x. 1 root root 6096 Sep 24 2012 _startnetkey
-rwxr-xr-x. 1 root root 4923 Sep 24 2012 _updown
-rwxr-xr-x. 1 root root 16227 Sep 24 2012 _updown.klips
-rwxr-xr-x. 1 root root 16583 Sep 24 2012 _updown.mast
-rwxr-xr-x. 1 root root 13745 Sep 24 2012 _updown.netkey
-rwxr-xr-x. 1 root root 226704 Sep 24 2012 addconn
-rwxr-xr-x. 1 root root 6015 Sep 24 2012 auto
-rwxr-xr-x. 1 root root 10978 Sep 24 2012 barf
-rwxr-xr-x. 1 root root 93840 Sep 24 2012 eroute
-rwxr-xr-x. 1 root root 26736 Sep 24 2012 ikeping
-rwxr-xr-x. 1 root root 69552 Sep 24 2012 klipsdebug
-rwxr-xr-x. 1 root root 2455 Sep 24 2012 look
-rwxr-xr-x. 1 root root 2189 Sep 24 2012 newhostkey
-rwxr-xr-x. 1 root root 64976 Sep 24 2012 pf_key
-rwxr-xr-x. 1 root root 1093328 Sep 24 2012 pluto
-rwxr-xr-x. 1 root root 12349 Sep 24 2012 policy
-rwxr-xr-x. 1 root root 10576 Sep 24 2012 ranbits
-rwxr-xr-x. 1 root root 27376 Sep 24 2012 rsasigkey
-rwxr-xr-x. 1 root root 704 Sep 24 2012 secrets
lrwxrwxrwx. 1 root root 30 May 4 01:15 setup -> ../../../etc/rc.d/init.d/ipsec
-rwxr-xr-x. 1 root root 1126 Sep 24 2012 showdefaults
-rwxr-xr-x. 1 root root 267584 Sep 24 2012 showhostkey
-rwxr-xr-x. 1 root root 26736 Sep 24 2012 showpolicy
-rwxr-xr-x. 1 root root 176552 Sep 24 2012 spi
-rwxr-xr-x. 1 root root 81504 Sep 24 2012 spigrp
-rwxr-xr-x. 1 root root 77032 Sep 24 2012 tncfg
-rwxr-xr-x. 1 root root 14828 Sep 24 2012 verify
-rwxr-xr-x. 1 root root 59904 Sep 24 2012 whack
+ _________________________ ipsec/ls-execdir
+ ls -l /usr/libexec/ipsec
total 2676
-rwxr-xr-x. 1 root root 10592 Sep 24 2012 _copyright
-rwxr-xr-x. 1 root root 2430 Sep 24 2012 _include
-rwxr-xr-x. 1 root root 1475 Sep 24 2012 _keycensor
-rwxr-xr-x. 1 root root 14528 Sep 24 2012 _pluto_adns
-rwxr-xr-x. 1 root root 2567 Sep 24 2012 _plutoload
-rwxr-xr-x. 1 root root 8474 Sep 24 2012 _plutorun
-rwxr-xr-x. 1 root root 13671 Sep 24 2012 _realsetup
-rwxr-xr-x. 1 root root 1975 Sep 24 2012 _secretcensor
-rwxr-xr-x. 1 root root 11507 Sep 24 2012 _startklips
-rwxr-xr-x. 1 root root 6096 Sep 24 2012 _startnetkey
-rwxr-xr-x. 1 root root 4923 Sep 24 2012 _updown
-rwxr-xr-x. 1 root root 16227 Sep 24 2012 _updown.klips
-rwxr-xr-x. 1 root root 16583 Sep 24 2012 _updown.mast
-rwxr-xr-x. 1 root root 13745 Sep 24 2012 _updown.netkey
-rwxr-xr-x. 1 root root 226704 Sep 24 2012 addconn
-rwxr-xr-x. 1 root root 6015 Sep 24 2012 auto
-rwxr-xr-x. 1 root root 10978 Sep 24 2012 barf
-rwxr-xr-x. 1 root root 93840 Sep 24 2012 eroute
-rwxr-xr-x. 1 root root 26736 Sep 24 2012 ikeping
-rwxr-xr-x. 1 root root 69552 Sep 24 2012 klipsdebug
-rwxr-xr-x. 1 root root 2455 Sep 24 2012 look
-rwxr-xr-x. 1 root root 2189 Sep 24 2012 newhostkey
-rwxr-xr-x. 1 root root 64976 Sep 24 2012 pf_key
-rwxr-xr-x. 1 root root 1093328 Sep 24 2012 pluto
-rwxr-xr-x. 1 root root 12349 Sep 24 2012 policy
-rwxr-xr-x. 1 root root 10576 Sep 24 2012 ranbits
-rwxr-xr-x. 1 root root 27376 Sep 24 2012 rsasigkey
-rwxr-xr-x. 1 root root 704 Sep 24 2012 secrets
lrwxrwxrwx. 1 root root 30 May 4 01:15 setup -> ../../../etc/rc.d/init.d/ipsec
-rwxr-xr-x. 1 root root 1126 Sep 24 2012 showdefaults
-rwxr-xr-x. 1 root root 267584 Sep 24 2012 showhostkey
-rwxr-xr-x. 1 root root 26736 Sep 24 2012 showpolicy
-rwxr-xr-x. 1 root root 176552 Sep 24 2012 spi
-rwxr-xr-x. 1 root root 81504 Sep 24 2012 spigrp
-rwxr-xr-x. 1 root root 77032 Sep 24 2012 tncfg
-rwxr-xr-x. 1 root root 14828 Sep 24 2012 verify
-rwxr-xr-x. 1 root root 59904 Sep 24 2012 whack
+ _________________________ /proc/net/dev
+ cat /proc/net/dev
Inter-| Receive | Transmit
face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed
lo: 40474 252 0 0 0 0 0 0 40474 252 0 0 0 0 0 0
eth0: 1532197 17970 0 0 0 0 0 41 14568681 48900 0 0 0 0 0 0
+ _________________________ /proc/net/route
+ cat /proc/net/route
Iface Destination Gateway Flags RefCnt Use Metric Mask MTU Window IRTT
eth0 00DF20B2 00000000 0001 0 0 0 00FFFFFF 0 0 0
eth0 00000000 FEDF20B2 0003 0 0 0 00000000 0 0 0
+ _________________________ /proc/sys/net/ipv4/ip_no_pmtu_disc
+ cat /proc/sys/net/ipv4/ip_no_pmtu_disc
0
+ _________________________ /proc/sys/net/ipv4/ip_forward
+ cat /proc/sys/net/ipv4/ip_forward
1
+ _________________________ /proc/sys/net/ipv4/tcp_ecn
+ cat /proc/sys/net/ipv4/tcp_ecn
2
+ _________________________ /proc/sys/net/ipv4/conf/star-rp_filter
+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/rp_filter default/rp_filter eth0/rp_filter lo/rp_filter
all/rp_filter:0
default/rp_filter:0
eth0/rp_filter:0
lo/rp_filter:0
+ _________________________ /proc/sys/net/ipv4/conf/star-star-redirects
+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/accept_redirects all/secure_redirects all/send_redirects default/accept_redirects default/secure_redirects default/send_redirects eth0/accept_redirects eth0/secure_redirects eth0/send_redirects lo/accept_redirects lo/secure_redirects lo/send_redirects
all/accept_redirects:0
all/secure_redirects:1
all/send_redirects:0
default/accept_redirects:0
default/secure_redirects:1
default/send_redirects:0
eth0/accept_redirects:0
eth0/secure_redirects:1
eth0/send_redirects:0
lo/accept_redirects:0
lo/secure_redirects:1
lo/send_redirects:0
+ _________________________ /proc/sys/net/ipv4/tcp_window_scaling
+ cat /proc/sys/net/ipv4/tcp_window_scaling
1
+ _________________________ /proc/sys/net/ipv4/tcp_adv_win_scale
+ cat /proc/sys/net/ipv4/tcp_adv_win_scale
2
+ _________________________ uname-a
+ uname -a
Linux ks3307690.kimsufi.com 2.6.32-358.6.1.el6.x86_64 #1 SMP Tue Apr 23 19:29:00 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
+ _________________________ config-built-with
+ test -r /proc/config_built_with
+ _________________________ distro-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/redhat-release
+ cat /etc/redhat-release
CentOS release 6.4 (Final)
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/debian-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/SuSE-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/mandrake-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/mandriva-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/gentoo-release
+ _________________________ /proc/net/ipsec_version
+ test -r /proc/net/ipsec_version
+ test -r /proc/net/pfkey
++ uname -r
+ echo 'NETKEY (2.6.32-358.6.1.el6.x86_64) support detected '
NETKEY (2.6.32-358.6.1.el6.x86_64) support detected
+ _________________________ iptables
+ test -r /sbin/iptables-save
+ iptables-save
# Generated by iptables-save v1.4.7 on Sat May 4 02:55:49 2013
*mangle
:PREROUTING ACCEPT [4726:242681]
:INPUT ACCEPT [4725:242553]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [12292:3653325]
:POSTROUTING ACCEPT [12292:3653325]
COMMIT
# Completed on Sat May 4 02:55:49 2013
# Generated by iptables-save v1.4.7 on Sat May 4 02:55:49 2013
*nat
:PREROUTING ACCEPT [22:2083]
:POSTROUTING ACCEPT [14:1473]
:OUTPUT ACCEPT [221:34157]
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Sat May 4 02:55:49 2013
+ _________________________ iptables-nat
+ iptables-save -t nat
# Generated by iptables-save v1.4.7 on Sat May 4 02:55:49 2013
*nat
:PREROUTING ACCEPT [22:2083]
:POSTROUTING ACCEPT [14:1473]
:OUTPUT ACCEPT [221:34157]
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Sat May 4 02:55:49 2013
+ _________________________ iptables-mangle
+ iptables-save -t mangle
# Generated by iptables-save v1.4.7 on Sat May 4 02:55:49 2013
*mangle
:PREROUTING ACCEPT [4726:242681]
:INPUT ACCEPT [4725:242553]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [12292:3653325]
:POSTROUTING ACCEPT [12292:3653325]
COMMIT
# Completed on Sat May 4 02:55:49 2013
+ _________________________ /proc/modules
+ test -f /proc/modules
+ cat /proc/modules
ipt_MASQUERADE 2466 1 - Live 0xffffffffa0331000
iptable_mangle 3349 0 - Live 0xffffffffa0326000
iptable_nat 6158 1 - Live 0xffffffffa03df000
nf_nat 22759 2 ipt_MASQUERADE,iptable_nat, Live 0xffffffffa03d4000
nf_conntrack_ipv4 9506 3 iptable_nat,nf_nat, Live 0xffffffffa03cd000
nf_defrag_ipv4 1483 1 nf_conntrack_ipv4, Live 0xffffffffa031e000
ip_tables 17831 2 iptable_mangle,iptable_nat, Live 0xffffffffa03c4000
bluetooth 99239 0 - Live 0xffffffffa03a0000
rfkill 19255 1 bluetooth, Live 0xffffffffa0396000
ah6 5191 0 - Live 0xffffffffa030a000
ah4 4320 0 - Live 0xffffffffa0305000
esp6 4979 0 - Live 0xffffffffa0300000
esp4 5358 2 - Live 0xffffffffa02f0000
xfrm4_mode_beet 2069 0 - Live 0xffffffffa02ec000
xfrm4_tunnel 1981 0 - Live 0xffffffffa02dc000
xfrm4_mode_tunnel 2002 4 - Live 0xffffffffa02d6000
xfrm4_mode_transport 1449 0 - Live 0xffffffffa02d0000
xfrm6_mode_transport 1545 0 - Live 0xffffffffa02ca000
xfrm6_mode_ro 1318 0 - Live 0xffffffffa02c4000
xfrm6_mode_beet 2020 0 - Live 0xffffffffa02bc000
xfrm6_mode_tunnel 1906 2 - Live 0xffffffffa02ad000
ipcomp 2073 0 - Live 0xffffffffa02a3000
ipcomp6 2138 0 - Live 0xffffffffa015a000
xfrm6_tunnel 7969 1 ipcomp6, Live 0xffffffffa0285000
af_key 29685 0 - Live 0xffffffffa026c000
authenc 6651 2 - Live 0xffffffffa0374000
deflate 2107 0 - Live 0xffffffffa0370000
zlib_deflate 21629 1 deflate, Live 0xffffffffa0367000
ctr 4063 0 - Live 0xffffffffa0363000
camellia 18334 0 - Live 0xffffffffa035b000
cast5 15242 0 - Live 0xffffffffa0354000
rmd160 8154 0 - Live 0xffffffffa034f000
crypto_null 2952 0 - Live 0xffffffffa034b000
ccm 8247 0 - Live 0xffffffffa0345000
serpent 18455 0 - Live 0xffffffffa033d000
blowfish 7884 0 - Live 0xffffffffa0338000
twofish_x86_64 5297 0 - Live 0xffffffffa0333000
twofish_common 14633 1 twofish_x86_64, Live 0xffffffffa032c000
ecb 2209 0 - Live 0xffffffffa0328000
xcbc 2849 0 - Live 0xffffffffa0324000
cbc 3083 2 - Live 0xffffffffa0320000
sha256_generic 10361 0 - Live 0xffffffffa031a000
sha512_generic 4974 0 - Live 0xffffffffa0315000
des_generic 16604 2 - Live 0xffffffffa030d000
cryptd 8006 0 - Live 0xffffffffa02fa000
aes_x86_64 7961 0 - Live 0xffffffffa02f5000
aes_generic 27609 1 aes_x86_64, Live 0xffffffffa02e2000
tunnel4 2943 1 xfrm4_tunnel, Live 0xffffffffa02c2000
xfrm_ipcomp 4610 2 ipcomp,ipcomp6, Live 0xffffffffa0275000
tunnel6 2714 1 xfrm6_tunnel, Live 0xffffffffa0042000
ip6t_REJECT 4628 2 - Live 0xffffffffa02b7000
nf_conntrack_ipv6 8748 2 - Live 0xffffffffa02b0000
nf_defrag_ipv6 11182 1 nf_conntrack_ipv6, Live 0xffffffffa02a9000
xt_state 1492 2 - Live 0xffffffffa015e000
nf_conntrack 79645 6 ipt_MASQUERADE,iptable_nat,nf_nat,nf_conntrack_ipv4,nf_conntrack_ipv6,xt_state, Live 0xffffffffa0288000
ip6table_filter 2889 1 - Live 0xffffffffa0055000
ip6_tables 19458 1 ip6table_filter, Live 0xffffffffa027f000
ipv6 321454 40 ah6,esp6,xfrm6_mode_beet,xfrm6_mode_tunnel,ipcomp6,xfrm6_tunnel,tunnel6,ip6t_REJECT,nf_conntrack_ipv6,nf_defrag_ipv6, Live 0xffffffffa021c000
sg 29350 0 - Live 0xffffffffa0151000
serio_raw 4594 0 - Live 0xffffffffa0032000
i2c_i801 11167 0 - Live 0xffffffffa0019000
xhci_hcd 142149 0 - Live 0xffffffffa01ef000
iTCO_wdt 14990 0 - Live 0xffffffffa00bb000
iTCO_vendor_support 3088 1 iTCO_wdt, Live 0xffffffffa0037000
ext3 232456 2 - Live 0xffffffffa01b5000
jbd 79071 1 ext3, Live 0xffffffffa01a0000
mbcache 8193 1 ext3, Live 0xffffffffa004d000
raid1 31657 2 - Live 0xffffffffa00a4000
sd_mod 38976 8 - Live 0xffffffffa0099000
crc_t10dif 1541 1 sd_mod, Live 0xffffffffa0023000
ahci 41127 6 - Live 0xffffffffa0145000
e1000e 253849 0 - Live 0xffffffffa0161000
wmi 6287 0 - Live 0xffffffffa0016000
i915 537570 1 - Live 0xffffffffa00c0000
drm_kms_helper 40087 1 i915, Live 0xffffffffa00b0000
drm 265638 2 i915,drm_kms_helper, Live 0xffffffffa0057000
i2c_algo_bit 5935 1 i915, Live 0xffffffffa0052000
i2c_core 31084 5 i2c_i801,i915,drm_kms_helper,drm,i2c_algo_bit, Live 0xffffffffa0044000
video 20674 1 i915, Live 0xffffffffa0039000
output 2409 1 video, Live 0xffffffffa0035000
dm_mirror 14133 0 - Live 0xffffffffa002d000
dm_region_hash 12085 1 dm_mirror, Live 0xffffffffa0026000
dm_log 9930 2 dm_mirror,dm_region_hash, Live 0xffffffffa001f000
dm_mod 82839 2 dm_mirror,dm_log, Live 0xffffffffa0000000
+ _________________________ /proc/meminfo
+ cat /proc/meminfo
MemTotal: 8089016 kB
MemFree: 7839892 kB
Buffers: 8560 kB
Cached: 61384 kB
SwapCached: 0 kB
Active: 61012 kB
Inactive: 46064 kB
Active(anon): 37288 kB
Inactive(anon): 3540 kB
Active(file): 23724 kB
Inactive(file): 42524 kB
Unevictable: 0 kB
Mlocked: 0 kB
SwapTotal: 8386544 kB
SwapFree: 8386544 kB
Dirty: 4 kB
Writeback: 0 kB
AnonPages: 37224 kB
Mapped: 10824 kB
Shmem: 3688 kB
Slab: 64536 kB
SReclaimable: 11388 kB
SUnreclaim: 53148 kB
KernelStack: 1104 kB
PageTables: 2464 kB
NFS_Unstable: 0 kB
Bounce: 0 kB
WritebackTmp: 0 kB
CommitLimit: 12431052 kB
Committed_AS: 191160 kB
VmallocTotal: 34359738367 kB
VmallocUsed: 366072 kB
VmallocChunk: 34359366644 kB
HardwareCorrupted: 0 kB
AnonHugePages: 16384 kB
HugePages_Total: 0
HugePages_Free: 0
HugePages_Rsvd: 0
HugePages_Surp: 0
Hugepagesize: 2048 kB
DirectMap4k: 8192 kB
DirectMap2M: 8288256 kB
+ _________________________ /proc/net/ipsec-ls
+ test -f /proc/net/ipsec_version
+ _________________________ usr/src/linux/.config
+ test -f /proc/config.gz
++ uname -r
+ test -f /lib/modules/2.6.32-358.6.1.el6.x86_64/build/.config
+ echo 'no .config file found, cannot list kernel properties'
no .config file found, cannot list kernel properties
+ _________________________ etc/syslog.conf
+ _________________________ etc/syslog-ng/syslog-ng.conf
+ cat /etc/syslog-ng/syslog-ng.conf
cat: /etc/syslog-ng/syslog-ng.conf: No such file or directory
+ cat /etc/syslog.conf
cat: /etc/syslog.conf: No such file or directory
+ _________________________ etc/resolv.conf
+ cat /etc/resolv.conf
nameserver 127.0.0.1
nameserver 213.186.33.99
search ovh.net
+ _________________________ lib/modules-ls
+ ls -ltr /lib/modules
total 8
drwxr-xr-x. 7 root root 4096 May 4 01:05 2.6.32-358.6.1.el6.x86_64
+ _________________________ fipscheck
+ cat /proc/sys/crypto/fips_enabled
0
+ _________________________ /proc/ksyms-netif_rx
+ test -r /proc/ksyms
+ test -r /proc/kallsyms
+ egrep netif_rx /proc/kallsyms
ffffffff8144d2b0 T netif_rx
ffffffff8144d520 T netif_rx_ni
ffffffff814611e0 t ftrace_raw_output_netif_rx
ffffffff81461750 t ftrace_profile_disable_netif_rx
ffffffff81461770 t ftrace_raw_unreg_event_netif_rx
ffffffff81461e10 t ftrace_profile_enable_netif_rx
ffffffff81461e30 t ftrace_raw_reg_event_netif_rx
ffffffff81462700 t ftrace_raw_init_event_netif_rx
ffffffff81462e20 t ftrace_profile_netif_rx
ffffffff81463760 t ftrace_raw_event_netif_rx
ffffffff818162d2 r __tpstrtab_netif_rx
ffffffff81829720 r __ksymtab_netif_rx_ni
ffffffff81829730 r __ksymtab_netif_rx
ffffffff818395e8 r __kcrctab_netif_rx_ni
ffffffff818395f0 r __kcrctab_netif_rx
ffffffff81853fb4 r __kstrtab_netif_rx_ni
ffffffff81853fc0 r __kstrtab_netif_rx
ffffffff81b186a0 d ftrace_event_type_netif_rx
ffffffff81bcddc0 D __tracepoint_netif_rx
ffffffff81bf8250 d event_netif_rx
+ _________________________ lib/modules-netif_rx
+ modulegoo kernel/net/ipv4/ipip.o netif_rx
+ set +x
2.6.32-358.6.1.el6.x86_64:
+ _________________________ kern.debug
+ test -f /var/log/kern.debug
+ _________________________ klog
+ sed -n '1542,$p' /var/log/messages
+ egrep -i 'ipsec|klips|pluto'
+ case "$1" in
+ cat
May 4 02:09:47 ks3307690 ipsec_setup: Starting Openswan IPsec U2.6.32/K2.6.32-358.6.1.el6.x86_64...
May 4 02:09:47 ks3307690 ipsec_setup: Using NETKEY(XFRM) stack
May 4 02:09:47 ks3307690 ipsec_setup: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
May 4 02:09:47 ks3307690 ipsec_setup: ...Openswan IPsec started
May 4 02:09:47 ks3307690 ipsec__plutorun: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
May 4 02:09:47 ks3307690 ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
May 4 02:09:47 ks3307690 pluto: adjusting ipsec.d to /etc/ipsec.d
May 4 02:09:47 ks3307690 ipsec__plutorun: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
May 4 02:09:47 ks3307690 ipsec__plutorun: /usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled
May 4 02:09:47 ks3307690 ipsec__plutorun: 002 added connection description "mikrotik"
May 4 02:09:47 ks3307690 ipsec__plutorun: 003 no secrets filename matched "/etc/ipsec.d/*.secrets"
May 4 02:09:47 ks3307690 ipsec__plutorun: 104 "mikrotik" #1: STATE_MAIN_I1: initiate
+ _________________________ plog
+ sed -n '889,$p' /var/log/secure
+ egrep -i pluto
+ case "$1" in
+ cat
May 4 02:09:47 ks3307690 ipsec__plutorun: Starting Pluto subsystem...
May 4 02:09:47 ks3307690 pluto[4903]: nss directory plutomain: /etc/ipsec.d
May 4 02:09:47 ks3307690 pluto[4903]: NSS Initialized
May 4 02:09:47 ks3307690 pluto[4903]: Non-fips mode set in /proc/sys/crypto/fips_enabled
May 4 02:09:47 ks3307690 pluto[4903]: Starting Pluto (Openswan Version 2.6.32; Vendor ID OEhyLdACecfa) pid:4903
May 4 02:09:47 ks3307690 pluto[4903]: Non-fips mode set in /proc/sys/crypto/fips_enabled
May 4 02:09:47 ks3307690 pluto[4903]: LEAK_DETECTIVE support [disabled]
May 4 02:09:47 ks3307690 pluto[4903]: OCF support for IKE [disabled]
May 4 02:09:47 ks3307690 pluto[4903]: SAref support [disabled]: Protocol not available
May 4 02:09:47 ks3307690 pluto[4903]: SAbind support [disabled]: Protocol not available
May 4 02:09:47 ks3307690 pluto[4903]: NSS support [enabled]
May 4 02:09:47 ks3307690 pluto[4903]: HAVE_STATSD notification support not compiled in
May 4 02:09:47 ks3307690 pluto[4903]: Setting NAT-Traversal port-4500 floating to on
May 4 02:09:47 ks3307690 pluto[4903]: port floating activation criteria nat_t=1/port_float=1
May 4 02:09:47 ks3307690 pluto[4903]: NAT-Traversal support [enabled]
May 4 02:09:47 ks3307690 pluto[4903]: 1 bad entries in virtual_private - none loaded
May 4 02:09:47 ks3307690 pluto[4903]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
May 4 02:09:47 ks3307690 pluto[4903]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
May 4 02:09:47 ks3307690 pluto[4903]: ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
May 4 02:09:47 ks3307690 pluto[4903]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
May 4 02:09:47 ks3307690 pluto[4903]: ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
May 4 02:09:47 ks3307690 pluto[4903]: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
May 4 02:09:47 ks3307690 pluto[4903]: ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
May 4 02:09:47 ks3307690 pluto[4903]: starting up 3 cryptographic helpers
May 4 02:09:47 ks3307690 pluto[4903]: started helper (thread) pid=140013406775040 (fd:10)
May 4 02:09:47 ks3307690 pluto[4903]: started helper (thread) pid=140013396285184 (fd:12)
May 4 02:09:47 ks3307690 pluto[4903]: started helper (thread) pid=140013316601600 (fd:14)
May 4 02:09:47 ks3307690 pluto[4903]: Using Linux 2.6 IPsec interface code on 2.6.32-358.6.1.el6.x86_64 (experimental code)
May 4 02:09:47 ks3307690 pluto[4903]: ike_alg_register_enc(): Activating aes_ccm_8: Ok (ret=0)
May 4 02:09:47 ks3307690 pluto[4903]: ike_alg_add(): ERROR: Algorithm already exists
May 4 02:09:47 ks3307690 pluto[4903]: ike_alg_register_enc(): Activating aes_ccm_12: FAILED (ret=-17)
May 4 02:09:47 ks3307690 pluto[4903]: ike_alg_add(): ERROR: Algorithm already exists
May 4 02:09:47 ks3307690 pluto[4903]: ike_alg_register_enc(): Activating aes_ccm_16: FAILED (ret=-17)
May 4 02:09:47 ks3307690 pluto[4903]: ike_alg_add(): ERROR: Algorithm already exists
May 4 02:09:47 ks3307690 pluto[4903]: ike_alg_register_enc(): Activating aes_gcm_8: FAILED (ret=-17)
May 4 02:09:47 ks3307690 pluto[4903]: ike_alg_add(): ERROR: Algorithm already exists
May 4 02:09:47 ks3307690 pluto[4903]: ike_alg_register_enc(): Activating aes_gcm_12: FAILED (ret=-17)
May 4 02:09:47 ks3307690 pluto[4903]: ike_alg_add(): ERROR: Algorithm already exists
May 4 02:09:47 ks3307690 pluto[4903]: ike_alg_register_enc(): Activating aes_gcm_16: FAILED (ret=-17)
May 4 02:09:47 ks3307690 pluto[4903]: Could not change to directory '/etc/ipsec.d/cacerts': /
May 4 02:09:47 ks3307690 pluto[4903]: Could not change to directory '/etc/ipsec.d/aacerts': /
May 4 02:09:47 ks3307690 pluto[4903]: Could not change to directory '/etc/ipsec.d/ocspcerts': /
May 4 02:09:47 ks3307690 pluto[4903]: Could not change to directory '/etc/ipsec.d/crls'
May 4 02:09:47 ks3307690 pluto[4903]: | selinux support is enabled.
May 4 02:09:47 ks3307690 pluto[4903]: added connection description "mikrotik"
May 4 02:09:47 ks3307690 pluto[4903]: listening for IKE messages
May 4 02:09:47 ks3307690 pluto[4903]: adding interface eth0/eth0 179.34.222.31:500
May 4 02:09:47 ks3307690 pluto[4903]: adding interface eth0/eth0 179.34.222.31:4500
May 4 02:09:47 ks3307690 pluto[4903]: adding interface lo/lo 127.0.0.1:500
May 4 02:09:47 ks3307690 pluto[4903]: adding interface lo/lo 127.0.0.1:4500
May 4 02:09:47 ks3307690 pluto[4903]: adding interface lo/lo ::1:500
May 4 02:09:47 ks3307690 pluto[4903]: adding interface eth0/eth0 2001:41d0:8:e242::1:500
May 4 02:09:47 ks3307690 pluto[4903]: loading secrets from "/etc/ipsec.secrets"
May 4 02:09:47 ks3307690 pluto[4903]: no secrets filename matched "/etc/ipsec.d/*.secrets"
May 4 02:09:47 ks3307690 pluto[4903]: "mikrotik" #1: initiating Main Mode
May 4 02:09:47 ks3307690 pluto[4903]: "mikrotik" #1: received Vendor ID payload [Dead Peer Detection]
May 4 02:09:47 ks3307690 pluto[4903]: "mikrotik" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
May 4 02:09:47 ks3307690 pluto[4903]: "mikrotik" #1: STATE_MAIN_I2: sent MI2, expecting MR2
May 4 02:09:48 ks3307690 pluto[4903]: "mikrotik" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
May 4 02:09:48 ks3307690 pluto[4903]: "mikrotik" #1: STATE_MAIN_I3: sent MI3, expecting MR3
May 4 02:09:48 ks3307690 pluto[4903]: "mikrotik" #1: next payload type of ISAKMP Hash Payload has an unknown value: 184
May 4 02:09:48 ks3307690 pluto[4903]: "mikrotik" #1: malformed payload in packet
May 4 02:09:48 ks3307690 pluto[4903]: | payload malformed after IV
May 4 02:09:48 ks3307690 pluto[4903]: | d5 e9 80 46 c0 88 41 e9
May 4 02:09:48 ks3307690 pluto[4903]: "mikrotik" #1: sending notification PAYLOAD_MALFORMED to 82.198.121.45:500
May 4 02:09:48 ks3307690 pluto[4903]: "mikrotik" #1: byte 2 of ISAKMP Hash Payload must be zero, but is not
May 4 02:09:48 ks3307690 pluto[4903]: "mikrotik" #1: malformed payload in packet
May 4 02:09:48 ks3307690 pluto[4903]: "mikrotik" #1: Main mode peer ID is ID_IPV4_ADDR: '82.198.121.45'
May 4 02:09:48 ks3307690 pluto[4903]: "mikrotik" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
May 4 02:09:48 ks3307690 pluto[4903]: "mikrotik" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
May 4 02:09:48 ks3307690 pluto[4903]: "mikrotik" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW+SAREFTRACK {using isakmp#1 msgid:121009cf proposal=defaults pfsgroup=OAKLEY_GROUP_MODP1024}
May 4 02:09:48 ks3307690 pluto[4903]: "mikrotik" #2: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
May 4 02:09:48 ks3307690 pluto[4903]: "mikrotik" #2: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x08ab66a0 <0xc0d22436 xfrm=3DES_0-HMAC_SHA1 NATOA=none NATD=none DPD=none}
May 4 02:10:08 ks3307690 pluto[4903]: "mikrotik" #3: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW+SAREFTRACK {using isakmp#1 msgid:8eb8d24a proposal=defaults pfsgroup=OAKLEY_GROUP_MODP1024}
May 4 02:10:08 ks3307690 pluto[4903]: "mikrotik" #3: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
May 4 02:10:08 ks3307690 pluto[4903]: "mikrotik" #3: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x03d0e567 <0x8b2ece14 xfrm=3DES_0-HMAC_SHA1 NATOA=none NATD=none DPD=none}
May 4 02:48:10 ks3307690 pluto[4903]: "mikrotik": terminating SAs using this connection
May 4 02:48:10 ks3307690 pluto[4903]: "mikrotik" #3: deleting state (STATE_QUICK_I2)
May 4 02:48:10 ks3307690 pluto[4903]: "mikrotik" #2: deleting state (STATE_QUICK_I2)
May 4 02:48:10 ks3307690 pluto[4903]: "mikrotik" #1: deleting state (STATE_MAIN_I4)
May 4 02:48:18 ks3307690 pluto[4903]: "mikrotik" #4: initiating Main Mode
May 4 02:48:18 ks3307690 pluto[4903]: "mikrotik" #4: received Vendor ID payload [Dead Peer Detection]
May 4 02:48:18 ks3307690 pluto[4903]: "mikrotik" #4: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
May 4 02:48:18 ks3307690 pluto[4903]: "mikrotik" #4: STATE_MAIN_I2: sent MI2, expecting MR2
May 4 02:48:18 ks3307690 pluto[4903]: "mikrotik" #4: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
May 4 02:48:18 ks3307690 pluto[4903]: "mikrotik" #4: STATE_MAIN_I3: sent MI3, expecting MR3
May 4 02:48:19 ks3307690 pluto[4903]: "mikrotik" #4: Main mode peer ID is ID_IPV4_ADDR: '82.198.121.45'
May 4 02:48:19 ks3307690 pluto[4903]: "mikrotik" #4: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
May 4 02:48:19 ks3307690 pluto[4903]: "mikrotik" #4: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
May 4 02:48:19 ks3307690 pluto[4903]: "mikrotik" #5: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW+SAREFTRACK {using isakmp#4 msgid:3eac258b proposal=defaults pfsgroup=OAKLEY_GROUP_MODP1024}
May 4 02:48:19 ks3307690 pluto[4903]: "mikrotik" #5: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
May 4 02:48:19 ks3307690 pluto[4903]: "mikrotik" #5: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x06fb8921 <0x112666f8 xfrm=3DES_0-HMAC_SHA1 NATOA=none NATD=none DPD=none}
May 4 02:50:11 ks3307690 pluto[4903]: "mikrotik": deleting connection
May 4 02:50:11 ks3307690 pluto[4903]: "mikrotik" #5: deleting state (STATE_QUICK_I2)
May 4 02:50:11 ks3307690 pluto[4903]: "mikrotik" #4: deleting state (STATE_MAIN_I4)
May 4 02:50:11 ks3307690 pluto[4903]: added connection description "mikrotik"
May 4 02:50:19 ks3307690 pluto[4903]: "mikrotik" #6: initiating Main Mode
May 4 02:50:20 ks3307690 pluto[4903]: "mikrotik" #6: received Vendor ID payload [Dead Peer Detection]
May 4 02:50:20 ks3307690 pluto[4903]: "mikrotik" #6: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
May 4 02:50:20 ks3307690 pluto[4903]: "mikrotik" #6: STATE_MAIN_I2: sent MI2, expecting MR2
May 4 02:50:20 ks3307690 pluto[4903]: "mikrotik" #6: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
May 4 02:50:20 ks3307690 pluto[4903]: "mikrotik" #6: STATE_MAIN_I3: sent MI3, expecting MR3
May 4 02:50:20 ks3307690 pluto[4903]: "mikrotik" #6: Main mode peer ID is ID_IPV4_ADDR: '82.198.121.45'
May 4 02:50:20 ks3307690 pluto[4903]: "mikrotik" #6: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
May 4 02:50:20 ks3307690 pluto[4903]: "mikrotik" #6: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
May 4 02:50:20 ks3307690 pluto[4903]: "mikrotik" #7: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW+SAREFTRACK {using isakmp#6 msgid:aae4f37f proposal=defaults pfsgroup=OAKLEY_GROUP_MODP1024}
May 4 02:50:20 ks3307690 pluto[4903]: "mikrotik" #7: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
May 4 02:50:20 ks3307690 pluto[4903]: "mikrotik" #7: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x01eea26a <0x743427d2 xfrm=3DES_0-HMAC_SHA1 NATOA=none NATD=none DPD=none}
+ _________________________ date
+ date
Sat May 4 02:55:49 CEST 2013
Is it possible to solve this problem?
Thanks in advance.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20130506/b6a56918/attachment-0001.html>
More information about the Users
mailing list