[Openswan Users] tunnel ok, virtual interface down
Roi Rodríguez
roi.rodriguez at qubitia.com
Mon May 4 13:53:55 EDT 2015
Ok, i used tcpdump when pinging 192.168.30.23 (in their private network)
and i see esp packets going on... Does this mean everything is ok and
the problem is on their side?
root at ubuntu:/etc/ipsec.d# ping 192.168.30.23 &
[1] 6312
root at ubuntu:/etc/ipsec.d# PING 192.168.30.23 (192.168.30.23) 56(84)
bytes of data.
root at ubuntu:/etc/ipsec.d# tcpdump -i eth0 -v -n -p udp port 500 or udp
port 4500
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size
65535 bytes
19:53:16.183452 IP (tos 0x0, ttl 64, id 59809, offset 0, flags [DF],
proto UDP (17), length 144)
192.168.0.6.4500 > 198.202.190.103.4500: UDP-encap:
ESP(spi=0xef2410db,seq=0x1f), length 116
19:53:17.183389 IP (tos 0x0, ttl 64, id 59810, offset 0, flags [DF],
proto UDP (17), length 144)
192.168.0.6.4500 > 198.202.190.103.4500: UDP-encap:
ESP(spi=0xef2410db,seq=0x20), length 116
19:53:18.183410 IP (tos 0x0, ttl 64, id 59811, offset 0, flags [DF],
proto UDP (17), length 144)
192.168.0.6.4500 > 198.202.190.103.4500: UDP-encap:
ESP(spi=0xef2410db,seq=0x21), length 116
19:53:19.183381 IP (tos 0x0, ttl 64, id 59812, offset 0, flags [DF],
proto UDP (17), length 144)
192.168.0.6.4500 > 198.202.190.103.4500: UDP-encap:
ESP(spi=0xef2410db,seq=0x22), length 116
19:53:20.183370 IP (tos 0x0, ttl 64, id 59813, offset 0, flags [DF],
proto UDP (17), length 144)
192.168.0.6.4500 > 198.202.190.103.4500: UDP-encap:
ESP(spi=0xef2410db,seq=0x23), length 116
19:53:21.183437 IP (tos 0x0, ttl 64, id 59814, offset 0, flags [DF],
proto UDP (17), length 144)
192.168.0.6.4500 > 198.202.190.103.4500: UDP-encap:
ESP(spi=0xef2410db,seq=0x24), length 116
19:53:22.183272 IP (tos 0x0, ttl 64, id 59815, offset 0, flags [DF],
proto UDP (17), length 144)
192.168.0.6.4500 > 198.202.190.103.4500: UDP-encap:
ESP(spi=0xef2410db,seq=0x25), length 116
19:53:22.728983 IP (tos 0x0, ttl 48, id 28206, offset 0, flags [DF],
proto UDP (17), length 29)
198.202.190.103.4500 > 192.168.0.6.4500: isakmp-nat-keep-alive
19:53:23.183382 IP (tos 0x0, ttl 64, id 59816, offset 0, flags [DF],
proto UDP (17), length 144)
192.168.0.6.4500 > 198.202.190.103.4500: UDP-encap:
ESP(spi=0xef2410db,seq=0x26), length 116
19:53:23.506262 IP (tos 0x0, ttl 64, id 38249, offset 0, flags [DF],
proto UDP (17), length 29)
192.168.0.6.4500 > 198.202.190.103.4500: isakmp-nat-keep-alive
19:53:23.506466 IP (tos 0x0, ttl 64, id 38250, offset 0, flags [DF],
proto UDP (17), length 29)
192.168.0.6.4500 > 198.202.190.103.4500: isakmp-nat-keep-alive
^C
11 packets captured
11 packets received by filter
0 packets dropped by kernel
root at ubuntu:/etc/ipsec.d# killall ping
[1]+ Terminado ping 192.168.30.23
El 04/05/15 a las 19:48, Roi Rodríguez escribió:
> Hi,
>
> El 04/05/15 a las 19:44, Nick Howitt escribió:
>> Have a look at the commands "ip xfrm state" and "ip xfrm policy".
>> There you should see your tunnel.
> Yes, they see my tunnel:
>
> $ ip xfrm state
> src 198.202.190.103 dst 192.168.0.6
> proto esp spi 0x8f1cd06b reqid 16385 mode tunnel
> replay-window 32 flag af-unspec
> auth-trunc hmac(md5) 0x321291db65b04e02e7d1f4526f7b718f 96
> enc cbc(des3_ede) 0xff3cf71fe47304ad69cc038503e884fac069cf65a1e7d92a
> encap type espinudp sport 4500 dport 4500 addr 0.0.0.0
> src 192.168.0.6 dst 198.202.190.103
> proto esp spi 0xef2410db reqid 16385 mode tunnel
> replay-window 32 flag af-unspec
> auth-trunc hmac(md5) 0x550b2287f176cc05602d5c92c3d59639 96
> enc cbc(des3_ede) 0x881215730d651d7ac9838838a9dc05730db60eb170f2cd2e
> encap type espinudp sport 4500 dport 4500 addr 0.0.0.0
>
> $ ip xfrm policy
> src 192.168.0.6/32 dst 192.168.30.0/24
> dir out priority 2088
> tmpl src 192.168.0.6 dst 198.202.190.103
> proto esp reqid 16385 mode tunnel
> src 192.168.30.0/24 dst 192.168.0.6/32
> dir fwd priority 2088
> tmpl src 198.202.190.103 dst 192.168.0.6
> proto esp reqid 16385 mode tunnel
> src 192.168.30.0/24 dst 192.168.0.6/32
> dir in priority 2088
> tmpl src 198.202.190.103 dst 192.168.0.6
> proto esp reqid 16385 mode tunnel
> src ::/0 dst ::/0
> socket out priority 0
> src ::/0 dst ::/0
> socket in priority 0
> src 0.0.0.0/0 dst 0.0.0.0/0
> socket out priority 0
> src 0.0.0.0/0 dst 0.0.0.0/0
> socket in priority 0
> src 0.0.0.0/0 dst 0.0.0.0/0
> socket out priority 0
> src 0.0.0.0/0 dst 0.0.0.0/0
> socket in priority 0
> src 0.0.0.0/0 dst 0.0.0.0/0
> socket out priority 0
> src 0.0.0.0/0 dst 0.0.0.0/0
> socket in priority 0
> src 0.0.0.0/0 dst 0.0.0.0/0
> socket out priority 0
> src 0.0.0.0/0 dst 0.0.0.0/0
> socket in priority 0
>
>>
>> Are you running a firewall on 192.168.0.6? If you are, have you set
>> any rules for the tunnel? When you are pinging the remote subnet, is
>> it from 192.168.0.6 or some other machine on the LAN?
> No, i'm not running any firewall on that machine. I'm pinging from
> 192.168.0.6.
>>
>> Nick
>>
>> On 04/05/2015 18:36, Roi Rodríguez wrote:
>>> Hi Nick,
>>>
>>> El 04/05/15 a las 19:19, Nick Howitt escribió:
>>>> It looks like your tunnel is up and running - I am a little
>>>> surprised as you don't have "nat_traversal=yes" in config setup.
>>> I added "nat_traversal=yes", as well as "forceencaps=yes" in my
>>> connection config.
>>>>
>>>> You won't see an ipsecX interface with netkey, only with klips
>>>> which you are not using.
>>> Ok. So the question is: With my setup, what should i see as the
>>> result of the tunnel going up? new routing rules? I don't see any
>>> new routing, iptables rules (NAT), etc appearing. So pinging someone
>>> inside their subnet does not succeed.
>>>
>>> I'm sure this is me not understanding what goes on...
>>>
>>>
>>>>
>>>> Nick
>>>>
>>>> On 04/05/2015 17:52, Roi Rodríguez wrote:
>>>>> Hi,
>>>>>
>>>>> I'm having difficulties setting up a site-to-site tunnel. I've got
>>>>> no previous backgroud with ipsec or VPNs.
>>>>>
>>>>> My network setup:
>>>>>
>>>>> 192.168.0.6-->192.168.0.1(gw:PUBLIC IP
>>>>> IFACE)====THEIR_PUBLIC_IP---192.168.30.0/24
>>>>>
>>>>> 192.168.0.6 is the machine where i installed and configured
>>>>> openswan. 192.168.0.1 is our office's router. The rest is on their
>>>>> side. I enabled "IPSec passthrough" and redirected UDP 500 and
>>>>> 4500 to 192.168.0.6.
>>>>>
>>>>>
>>>>>
>>>>> This is my ipsec.conf file:
>>>>>
>>>>> version 2.0
>>>>>
>>>>> config setup
>>>>> plutodebug=none
>>>>> dumpdir=/var/run/pluto/
>>>>> oe=off
>>>>> protostack=netkey
>>>>> interfaces=%defaultroute
>>>>>
>>>>> conn idata
>>>>> auto=start
>>>>> authby=secret
>>>>> type=tunnel
>>>>> ike=3des-md5;modp1024
>>>>> # Phase 1
>>>>> keyexchange=ike
>>>>> ikelifetime=86400s
>>>>> # Phase 2
>>>>> phase2=esp
>>>>> pfs=no
>>>>> leftid=$THEIR_PUBLIC_IP
>>>>> left=$THEIR_PUBLIC_IP
>>>>> leftnexthop=%defaultroute
>>>>> leftsubnet=192.168.30.0/24
>>>>> rightid=192.168.0.6
>>>>> right=192.168.0.6
>>>>> rightnexthop=192.168.0.1
>>>>> rightsubnet=192.168.0.6/32
>>>>>
>>>>> COMMENT: 192.168.0.6/32 as the rightsubnet is just a test, i'll
>>>>> setup this once connectivity works.
>>>>>
>>>>> When i bring up the "idata" connection:
>>>>> $ service ipsec status
>>>>> IPsec running - pluto pid: 5112
>>>>> pluto pid 5112
>>>>> 1 tunnels up
>>>>> some eroutes exist
>>>>> $ ipsec auto --status
>>>>> 000 using kernel interface: netkey
>>>>> 000 interface lo/lo ::1
>>>>> 000 interface lo/lo 127.0.0.1
>>>>> 000 interface lo/lo 127.0.0.1
>>>>> 000 interface eth0/eth0 192.168.0.6
>>>>> 000 interface eth0/eth0 192.168.0.6
>>>>> 000 %myid = (none)
>>>>> 000 debug none
>>>>> 000
>>>>> 000 virtual_private (%priv):
>>>>> 000 - allowed 0 subnets:
>>>>> 000 - disallowed 0 subnets:
>>>>> 000 WARNING: Either virtual_private= is not specified, or there is
>>>>> a syntax
>>>>> 000 error in that line. 'left/rightsubnet=vhost:%priv'
>>>>> will not work!
>>>>> 000 WARNING: Disallowed subnets in virtual_private= is empty. If
>>>>> you have
>>>>> 000 private address space in internal use, it should be
>>>>> excluded!
>>>>> 000
>>>>> 000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8,
>>>>> keysizemin=64, keysizemax=64
>>>>> 000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8,
>>>>> keysizemin=192, keysizemax=192
>>>>> 000 algorithm ESP encrypt: id=6, name=ESP_CAST, ivlen=8,
>>>>> keysizemin=40, keysizemax=128
>>>>> 000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8,
>>>>> keysizemin=40, keysizemax=448
>>>>> 000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0,
>>>>> keysizemin=0, keysizemax=0
>>>>> 000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8,
>>>>> keysizemin=128, keysizemax=256
>>>>> 000 algorithm ESP encrypt: id=13, name=ESP_AES_CTR, ivlen=8,
>>>>> keysizemin=160, keysizemax=288
>>>>> 000 algorithm ESP encrypt: id=14, name=ESP_AES_CCM_A, ivlen=8,
>>>>> keysizemin=128, keysizemax=256
>>>>> 000 algorithm ESP encrypt: id=15, name=ESP_AES_CCM_B, ivlen=8,
>>>>> keysizemin=128, keysizemax=256
>>>>> 000 algorithm ESP encrypt: id=16, name=ESP_AES_CCM_C, ivlen=8,
>>>>> keysizemin=128, keysizemax=256
>>>>> 000 algorithm ESP encrypt: id=18, name=ESP_AES_GCM_A, ivlen=8,
>>>>> keysizemin=128, keysizemax=256
>>>>> 000 algorithm ESP encrypt: id=19, name=ESP_AES_GCM_B, ivlen=8,
>>>>> keysizemin=128, keysizemax=256
>>>>> 000 algorithm ESP encrypt: id=20, name=ESP_AES_GCM_C, ivlen=8,
>>>>> keysizemin=128, keysizemax=256
>>>>> 000 algorithm ESP encrypt: id=22, name=ESP_CAMELLIA, ivlen=8,
>>>>> keysizemin=128, keysizemax=256
>>>>> 000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8,
>>>>> keysizemin=128, keysizemax=256
>>>>> 000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8,
>>>>> keysizemin=128, keysizemax=256
>>>>> 000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5,
>>>>> keysizemin=128, keysizemax=128
>>>>> 000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1,
>>>>> keysizemin=160, keysizemax=160
>>>>> 000 algorithm ESP auth attr: id=5,
>>>>> name=AUTH_ALGORITHM_HMAC_SHA2_256, keysizemin=256, keysizemax=256
>>>>> 000 algorithm ESP auth attr: id=6,
>>>>> name=AUTH_ALGORITHM_HMAC_SHA2_384, keysizemin=384, keysizemax=384
>>>>> 000 algorithm ESP auth attr: id=7,
>>>>> name=AUTH_ALGORITHM_HMAC_SHA2_512, keysizemin=512, keysizemax=512
>>>>> 000 algorithm ESP auth attr: id=8,
>>>>> name=AUTH_ALGORITHM_HMAC_RIPEMD, keysizemin=160, keysizemax=160
>>>>> 000 algorithm ESP auth attr: id=9, name=AUTH_ALGORITHM_AES_CBC,
>>>>> keysizemin=128, keysizemax=128
>>>>> 000 algorithm ESP auth attr: id=251,
>>>>> name=AUTH_ALGORITHM_NULL_KAME, keysizemin=0, keysizemax=0
>>>>> 000
>>>>> 000 algorithm IKE encrypt: id=0, name=(null), blocksize=16,
>>>>> keydeflen=131
>>>>> 000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC,
>>>>> blocksize=8, keydeflen=192
>>>>> 000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC,
>>>>> blocksize=16, keydeflen=128
>>>>> 000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
>>>>> 000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20
>>>>> 000 algorithm IKE hash: id=4, name=OAKLEY_SHA2_256, hashsize=32
>>>>> 000 algorithm IKE hash: id=6, name=OAKLEY_SHA2_512, hashsize=64
>>>>> 000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024,
>>>>> bits=1024
>>>>> 000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536,
>>>>> bits=1536
>>>>> 000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048,
>>>>> bits=2048
>>>>> 000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072,
>>>>> bits=3072
>>>>> 000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096,
>>>>> bits=4096
>>>>> 000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144,
>>>>> bits=6144
>>>>> 000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192,
>>>>> bits=8192
>>>>> 000 algorithm IKE dh group: id=22, name=OAKLEY_GROUP_DH22, bits=1024
>>>>> 000 algorithm IKE dh group: id=23, name=OAKLEY_GROUP_DH23, bits=2048
>>>>> 000 algorithm IKE dh group: id=24, name=OAKLEY_GROUP_DH24, bits=2048
>>>>> 000
>>>>> 000 stats db_ops: {curr_cnt, total_cnt, maxsz} :context={0,0,0}
>>>>> trans={0,0,0} attrs={0,0,0}
>>>>> 000
>>>>> 000 "idata":
>>>>> 192.168.0.6/32===192.168.0.6<192.168.0.6>---192.168.0.1...192.168.0.1---198.202.190.103<198.202.190.103>===192.168.30.0/24;
>>>>> erouted; eroute owner: #2
>>>>> 000 "idata": myip=unset; hisip=unset;
>>>>> 000 "idata": ike_life: 86400s; ipsec_life: 28800s; rekey_margin:
>>>>> 540s; rekey_fuzz: 100%; keyingtries: 0
>>>>> 000 "idata": policy:
>>>>> PSK+ENCRYPT+TUNNEL+UP+IKEv2ALLOW+SAREFTRACK+lKOD+rKOD; prio:
>>>>> 24,32; interface: eth0;
>>>>> 000 "idata": newest ISAKMP SA: #1; newest IPsec SA: #2;
>>>>> 000 "idata": IKE algorithms wanted:
>>>>> 3DES_CBC(5)_000-MD5(1)_000-MODP1024(2); flags=-strict
>>>>> 000 "idata": IKE algorithms found:
>>>>> 3DES_CBC(5)_192-MD5(1)_128-MODP1024(2)
>>>>> 000 "idata": IKE algorithm newest: 3DES_CBC_192-MD5-MODP1024
>>>>> 000
>>>>> 000 #2: "idata":4500 STATE_QUICK_I2 (sent QI2, IPsec SA
>>>>> established); EVENT_SA_REPLACE in 26911s; newest IPSEC; eroute
>>>>> owner; isakmp#1; idle; import:admin initiate
>>>>> 000 #2: "idata" esp.e00edafe at 198.202.190.103
>>>>> esp.e6393f98 at 192.168.0.6 tun.0 at 198.202.190.103 tun.0 at 192.168.0.6
>>>>> ref=0 refhim=4294901761
>>>>> 000 #1: "idata":4500 STATE_MAIN_I4 (ISAKMP SA established);
>>>>> EVENT_SA_REPLACE in 84648s; newest ISAKMP; lastdpd=17s(seq in:0
>>>>> out:0); idle; import:admin initiate
>>>>> 000
>>>>>
>>>>>
>>>>> According to the output tunnel seems up, but i can't see any
>>>>> ipsec0 interface or such.
>>>>> $ cat /var/run/pluto/ipsec.info
>>>>> defaultroutephys=eth0
>>>>> defaultroutevirt=none
>>>>> defaultrouteaddr=192.168.0.6
>>>>> defaultroutenexthop=192.168.0.1
>>>>>
>>>>> defaultroutevirt=none? Also "%myid = (none)", "myip=unset;
>>>>> hisip=unset;"... I'm not sure these are problems.
>>>>>
>>>>> Can anyone give some help?
>>>>>
>>>>> Best regards
>>>>> --
>>>>> Roi Rodríguez Méndez
>>>>> Partner @ *Qubitia Solutions S.L.*
>>>>> Avda. Conde de Bugallal Nº61H 2ºA
>>>>> 36004 - Pontevedra (SPAIN)
>>>>> Phone. +34886213038
>>>>> roi.rodriguez at qubitia.com <mailto:roi.rodriguez at qubitia.com>
>>>>> http://www.qubitia.com
>>>>>
>>>>> El contenido de este e-mail (incluyendo los documentos adjuntos)
>>>>> es privado y confidencial. Si usted no es el destinatario
>>>>> correcto, no debe copiar, distribuir, tomar medida alguna o
>>>>> revelar ningún detalle de este e-mail (incluyendo los documentos
>>>>> adjuntos) a ninguna persona, empresa o corporación. Si usted
>>>>> recibiera este e-mail por error, por favor notifíquenoslo
>>>>> inmediatamente.
>>>>>
>>>>> The contents of this email (including any attachments) are
>>>>> privileged & confidential. If you are not an intended recipient,
>>>>> you must not copy, distribute, take action in reliance on or
>>>>> disclose any details of the e-mail (including any attachments) to
>>>>> any other person, firm or corporation. If you received this email
>>>>> in error, please notify us immediately.
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Users at lists.openswan.org
>>>>> https://lists.openswan.org/mailman/listinfo/users
>>>>> Micropayments:https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
>>>>> Building and Integrating Virtual Private Networks with Openswan:
>>>>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>>>>
>>>
>>>
>>> --
>>> Roi Rodríguez Méndez
>>> Partner @ *Qubitia Solutions S.L.*
>>> Avda. Conde de Bugallal Nº61H 2ºA
>>> 36004 - Pontevedra (SPAIN)
>>> Phone. +34886213038
>>> roi.rodriguez at qubitia.com <mailto:roi.rodriguez at qubitia.com>
>>> http://www.qubitia.com
>>>
>>> El contenido de este e-mail (incluyendo los documentos adjuntos) es
>>> privado y confidencial. Si usted no es el destinatario correcto, no
>>> debe copiar, distribuir, tomar medida alguna o revelar ningún
>>> detalle de este e-mail (incluyendo los documentos adjuntos) a
>>> ninguna persona, empresa o corporación. Si usted recibiera este
>>> e-mail por error, por favor notifíquenoslo inmediatamente.
>>>
>>> The contents of this email (including any attachments) are
>>> privileged & confidential. If you are not an intended recipient, you
>>> must not copy, distribute, take action in reliance on or disclose
>>> any details of the e-mail (including any attachments) to any other
>>> person, firm or corporation. If you received this email in error,
>>> please notify us immediately.
>>>
>>
>
>
> --
> Roi Rodríguez Méndez
> Partner @ *Qubitia Solutions S.L.*
> Avda. Conde de Bugallal Nº61H 2ºA
> 36004 - Pontevedra (SPAIN)
> Phone. +34886213038
> roi.rodriguez at qubitia.com <mailto:roi.rodriguez at qubitia.com>
> http://www.qubitia.com
>
> El contenido de este e-mail (incluyendo los documentos adjuntos) es
> privado y confidencial. Si usted no es el destinatario correcto, no
> debe copiar, distribuir, tomar medida alguna o revelar ningún detalle
> de este e-mail (incluyendo los documentos adjuntos) a ninguna persona,
> empresa o corporación. Si usted recibiera este e-mail por error, por
> favor notifíquenoslo inmediatamente.
>
> The contents of this email (including any attachments) are privileged
> & confidential. If you are not an intended recipient, you must not
> copy, distribute, take action in reliance on or disclose any details
> of the e-mail (including any attachments) to any other person, firm or
> corporation. If you received this email in error, please notify us
> immediately.
>
--
Roi Rodríguez Méndez
Partner @ *Qubitia Solutions S.L.*
Avda. Conde de Bugallal Nº61H 2ºA
36004 - Pontevedra (SPAIN)
Phone. +34886213038
roi.rodriguez at qubitia.com <mailto:roi.rodriguez at qubitia.com>
http://www.qubitia.com
El contenido de este e-mail (incluyendo los documentos adjuntos) es
privado y confidencial. Si usted no es el destinatario correcto, no debe
copiar, distribuir, tomar medida alguna o revelar ningún detalle de este
e-mail (incluyendo los documentos adjuntos) a ninguna persona, empresa o
corporación. Si usted recibiera este e-mail por error, por favor
notifíquenoslo inmediatamente.
The contents of this email (including any attachments) are privileged &
confidential. If you are not an intended recipient, you must not copy,
distribute, take action in reliance on or disclose any details of the
e-mail (including any attachments) to any other person, firm or
corporation. If you received this email in error, please notify us
immediately.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20150504/9d8e39d4/attachment-0001.html>
More information about the Users
mailing list