<div>Dear Sirs,</div>
<div> </div>
<div>How do I make the encryption for tunnel on openswan?I can not find any informations.Please help.</div>
<div> </div>
<div>Thank's & Best Regards,</div>
<div>Ozai<br><br></div>
<div class="gmail_quote">Ozai <span dir="ltr"><<a href="mailto:ozai.tien@gmail.com">ozai.tien@gmail.com</a>></span> 於 2012年3月23日下午6:55 寫道:<br>
<blockquote style="BORDER-LEFT:#ccc 1px solid;MARGIN:0px 0px 0px 0.8ex;PADDING-LEFT:1ex" class="gmail_quote"><u></u>
<div bgcolor="#ffffff">
<div><font color="#0000ff" face="Verdana">Dear Sirs,</font></div>
<div><font color="#0000ff" face="Verdana"></font> </div>
<div><font color="#0000ff"><font face="Verdana">Client A---------------openswan gateway-----------------------<u></u>-------openswan gateway---------------------Client B<br>192.168.1.2 192.168.1.1 111.243.150.251 111.243.158.170 192.168.2.1 192.168.2.2</font></font></div>
<div><font color="#0000ff" face="Verdana"></font> </div>
<div><font color="#0000ff" face="Verdana">
<div>I merged the openswan(2.6.37) into embedded linux(2.6.30 mips) and tried to make the connection with another ipsec system(openswan) as above.The tunnel seem to be built successfully and Client A can ping to Client B.But I would like to make the encryption for all packet to pass through the tunnel.It's failed.From the wireshark,All packet is not encryption.Please help on this issue,thank's. </div>
</font><font color="#0000ff"><font face="Verdana"></font></font></div></div>
<div><font color="#0000ff" face="Verdana"></font> </div>
<div><font color="#0000ff" face="Verdana">Best Regards,</font></div>
<div><font color="#0000ff" face="Verdana">Ozai</font></div>
<div><font color="#0000ff" face="Verdana"></font> </div>
<div><font color="#0000ff" face="Verdana"></font> </div>
<div><font color="#0000ff" face="Verdana">
<div><font color="#0000ff" face="Verdana"># cat /var/ipsec.conf<br># /etc/ipsec.conf - Openswan IPsec configuration file</font></div>
<div> </div>
<div><font color="#0000ff" face="Verdana"># This file: /usr/local/share/doc/openswan/ipsec.conf-sample<br>#<br># Manual: ipsec.conf.5</font></div>
<div> </div>
<div><font color="#0000ff" face="Verdana"><br>version 2.0 # conforms to second version of ipsec.conf specification</font></div>
<div> </div>
<div><font color="#0000ff" face="Verdana"># basic configuration<br>config setup<br> # Do not set debug options to debug configuration issues!<br> # plutodebug / klipsdebug = "all", "none" or a combation from below:<br>
# "raw crypt parsing emitting control klips pfkey natt x509 dpd private"</font></div>
<div> </div>
<div><font color="#0000ff" face="Verdana"> # eg:<br> # plutodebug="control parsing"<br> # Again: only enable plutodebug or klipsdebug when asked by a developer<br> #<br> # enable to get logs per-peer<br>
# plutoopts="--perpeerlog"<br> #<br> # Enable core dumps (might require system changes, like ulimit -C)<br> # This is required for abrtd to work properly<br> # Note: incorrect SElinux policies might prevent pluto writing the core<br>
dumpdir=/var/run/pluto/<br> #<br> # NAT-TRAVERSAL support, see README.NAT-Traversal<br> nat_traversal=yes<br> # exclude networks used on server side by adding %v4:!a.b.c.0/24<br> # It seems that T-Mobile in the US and Rogers/Fido in Canada are<br>
# using 25/8 as "private" address space on their 3G network.<br> # This range has not been announced via BGP (at least upto 2010-12-21)<br> virtual_private=%v4:<a href="http://192.168.1.0/24,%v4:192.168.2.0/24" target="_blank">192.168.1.0/24,%v4:192.168.2.0/24</a><br>
interfaces=ipsec0=ppp0<br> # OE is now off by default. Uncomment and change to on, to enable.<br> oe=off<br> # which IPsec stack to use. auto will try netkey, then klips then mast<br> protostack=klips<br>
# Use this to log to a file, or disable logging on embedded systems (lik<br>e openwrt)<br> #plutostderrlog=/dev/null</font></div>
<div> </div>
<div><font color="#0000ff" face="Verdana"># Add connections here</font></div>
<div> </div>
<div><font color="#0000ff" face="Verdana"># sample VPN connection<br># for more examples, see /etc/ipsec.d/examples/<br>conn sample<br># # Left security gateway, subnet behind it, nexthop toward right.</font></div>
<div> </div>
<div><font color="#0000ff" face="Verdana"> left=111.243.150.251<br> leftsubnet=<a href="http://192.168.1.0/24" target="_blank">192.168.1.0/24</a><br># leftnexthop=192.168.1.1<br>
# # Right security gateway, subnet behind it, nexthop toward left.</font></div>
<div> </div>
<div><font color="#0000ff" face="Verdana"> right=111.243.158.170<br> rightsubnet=<a href="http://192.168.2.0/24" target="_blank">192.168.2.0/24</a><br># rightnexthop=192.168.2.1<br>
# # To authorize this connection, but not actually start it,<br># # at startup, uncomment this.<br> pfs=yes<br> keyexchange=ike<br> ike=3des-md5-modp1024<br>
esp=3des-md5<br> disablearrivalcheck=no</font></div>
<div><font color="#0000ff" face="Verdana"> compress=yes<br> auth=esp<br> type=tunnel<br> authby=secret<br> auto=start</font></div>
<div><font color="#0000ff" face="Verdana"></font> </div>
<div><font color="#0000ff" face="Verdana">#</font></div></font></div>
<div><font color="#0000ff" face="Verdana"></font> </div>
<div><font color="#0000ff" face="Verdana"># insmod ipsec.ko<br>klips_info:ipsec_init: KLIPS startup, Openswan KLIPS IPsec stack version: 2.6.37</font></div>
<div> </div>
<div><font color="#0000ff" face="Verdana">NET: Registered protocol family 15<br>ipsec0 (): not using net_device_ops yet<br>ipsec1 (): not using net_device_ops yet<br>mast0 (): not using net_device_ops yet<br>registered KLIPS /proc/sys/net<6>klips_info:ipsec_alg_init: KLIPS alg v=0.8.1-0<br>
(EALG_MAX=255, AALG_MAX=251)<br>klips_info:ipsec_alg_init: calling ipsec_alg_static_init()<br>ipsec_aes_init(alg_type=15 alg_id=12 name=aes): ret=0<br>ipsec_aes_init(alg_type=14 alg_id=9 name=aes_mac): ret=0<br>ipsec_3des_init(alg_type=15 alg_id=3 name=3des): ret=0<br>
KLIPS cryptoapi interface: alg_type=15 alg_id=12 name=cbc(aes) keyminbits=128 ke<br>ymaxbits=256, found(0)<br>KLIPS: lookup for ciphername=cbc(twofish): not found<br>KLIPS: lookup for ciphername=cbc(serpent): not found<br>
KLIPS: lookup for ciphername=cbc(cast5): not found<br>KLIPS: lookup for ciphername=cbc(blowfish): not found<br>KLIPS cryptoapi interface: alg_type=15 alg_id=3 name=cbc(des3_ede) keyminbits=19<br>2 keymaxbits=192, found(0)</font></div>
<div><font color="#0000ff" face="Verdana"> </font></div>
<div><br># ipsec setup start<br>/lib/libexec/ipsec/setup: 65: id: not found<br>[: 0: unknown operand<br>ipsec_setup: Starting Openswan IPsec 2.6.37...<br>ipsec_setup: /lib/ipsec/_startklips: 31: head: not found<br>ipsec_setup: /lib/ipsec/_startklips: 32: head: not found<br>
ipsec_setup: [: 1000: unknown operand</div>
<div> </div>
<div><font color="#0000ff" face="Verdana">ipsec_setup: /lib/ipsec/_startklips: 451: cut: not found<br>ipsec_setup: /lib/ipsec/_startklips: 451: sort: not found<br>ipsec_setup: ipsec0 -> NULL mtu=0(0) -> 0<br>Jan 1 06:02:59 pluto[9574]: Starting Pluto (Openswan Version 2.6.37; Vendor ID<br>
OEu\134d\134jy\134\134ap) pid:9574<br>Jan 1 06:02:59 pluto[9574]: LEAK_DETECTIVE support [disabled]<br>Jan 1 06:02:59 pluto[9574]: OCF support for IKE [disabled]<br>Jan 1 06:02:59 pluto[9574]: SAref support [disabled]: Protocol not available<br>
Jan 1 06:02:59 pluto[9574]: SAbind support [disabled]: Protocol not available<br>Jan 1 06:02:59 pluto[9574]: NSS support [disabled]<br>Jan 1 06:02:59 pluto[9574]: HAVE_STATSD notification support not compiled in<br>Jan 1 06:02:59 pluto[9574]: Setting NAT-Traversal port-4500 floating to on<br>
Jan 1 06:02:59 pluto[9574]: port floating activation criteria nat_t=1/port_f<br>loat=1<br>Jan 1 06:02:59 pluto[9574]: NAT-Traversal support [enabled]<br>Jan 1 06:02:59 pluto[9574]: using /dev/urandom as source of random entropy<br>
Jan 1 06:03:00 pluto[9574]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC:<br>Ok (ret=0)<br>Jan 1 06:03:00 pluto[9574]: starting up 1 cryptographic helpers<br>Jan 1 06:03:00 pluto[9579]: using /dev/urandom as source of random entropy<br>
Jan 1 06:03:00 pluto[9574]: started helper pid=9579 (fd:5)<br>Jan 1 06:03:00 pluto[9574]: Using KLIPS IPsec interface code on 2.6.30<br># Jan 1 06:03:00 pluto[9574]: Could not change to directory '/var/ipsec.d/cacer<br>
ts': /var/run/pluto<br>Jan 1 06:03:00 pluto[9574]: Could not change to directory '/var/ipsec.d/aacerts<br>': /var/run/pluto<br>Jan 1 06:03:00 pluto[9574]: Could not change to directory '/var/ipsec.d/ocspcer<br>
ts': /var/run/pluto<br>Jan 1 06:03:00 pluto[9574]: Could not change to directory '/var/ipsec.d/crls'<br>Jan 1 06:03:00 pluto[9574]: added connection description "sample"<br>Jan 1 06:03:00 pluto[9574]: listening for IKE messages<br>
Jan 1 06:03:00 pluto[9574]: adding interface ipsec0/ppp0 <a href="http://111.243.150.251:500/" target="_blank">111.243.150.251:500</a><br>Jan 1 06:03:00 pluto[9574]: adding interface ipsec0/ppp0 <a href="http://111.243.150.251:4500/" target="_blank">111.243.150.251:4500</a><br>
Jan 1 06:03:00 pluto[9574]: ERROR: problem with secrets file "/var". Errno 9: B<br>ad file descriptor<br>Jan 1 06:03:00 pluto[9574]: loading secrets from "/var/ipsec.secrets"<br>Jan 1 06:03:01 pluto[9574]: "sample" #1: initiating Main Mode<br>
Jan 1 06:03:01 pluto[9574]: "sample" #1: received Vendor ID payload [Openswan (<br>this version) 2.6.37 ]<br>Jan 1 06:03:01 pluto[9574]: "sample" #1: received Vendor ID payload [Dead Peer<br>Detection]<br>
Jan 1 06:03:01 pluto[9574]: "sample" #1: received Vendor ID payload [RFC 3947]<br>method set to=109<br>Jan 1 06:03:01 pluto[9574]: "sample" #1: enabling possible NAT-traversal with m<br>ethod 4<br>Jan 1 06:03:01 pluto[9574]: "sample" #1: transition from state STATE_MAIN_I1 to<br>
state STATE_MAIN_I2<br>Jan 1 06:03:01 pluto[9574]: "sample" #1: STATE_MAIN_I2: sent MI2, expecting MR2</font></div>
<div> </div>
<div><font color="#0000ff" face="Verdana">Jan 1 06:03:02 pluto[9574]: "sample" #1: NAT-Traversal: Result using RFC 3947 (<br>NAT-Traversal): no NAT detected<br>Jan 1 06:03:02 pluto[9574]: "sample" #1: transition from state STATE_MAIN_I2 to<br>
state STATE_MAIN_I3<br>Jan 1 06:03:02 pluto[9574]: "sample" #1: STATE_MAIN_I3: sent MI3, expecting MR3</font></div>
<div> </div>
<div><font color="#0000ff" face="Verdana">Jan 1 06:03:02 pluto[9574]: "sample" #1: received Vendor ID payload [CAN-IKEv2]</font></div>
<div> </div>
<div><font color="#0000ff" face="Verdana">Jan 1 06:03:02 pluto[9574]: "sample" #1: Main mode peer ID is ID_IPV4_ADDR: '11<br>1.243.158.170'<br>Jan 1 06:03:02 pluto[9574]: "sample" #1: transition from state STATE_MAIN_I3 to<br>
state STATE_MAIN_I4<br>Jan 1 06:03:02 pluto[9574]: "sample" #1: STATE_MAIN_I4: ISAKMP SA established {<br>auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp10<br>24}<br>Jan 1 06:03:02 pluto[9574]: "sample" #2: initiating Quick Mode PSK+ENCRYPT+COMP<br>
RESS+TUNNEL+PFS+UP+IKEv2ALLOW+SAREFTRACK {using isakmp#1 msgid:24d66534 proposal<br>=3DES(3)_192-MD5(1)_128 pfsgroup=OAKLEY_GROUP_MODP1024}<br>Jan 1 06:03:02 pluto[9574]: "sample" #2: transition from state STATE_QUICK_I1 t<br>
o state STATE_QUICK_I2<br>Jan 1 06:03:02 pluto[9574]: "sample" #2: STATE_QUICK_I2: sent QI2, IPsec SA est<br>ablished tunnel mode {ESP=>0x5df646a8 <0xdf3fcee9 xfrm=3DES_0-HMAC_MD5 IPCOMP=>0<br>x0000d84b <0x0000cf2e NATOA=none NATD=none DPD=none}<br>
Jan 1 06:03:17 pluto[9574]: packet from <a href="http://111.243.158.170:500/" target="_blank">111.243.158.170:500</a>: received Vendor ID<br> payload [Openswan (this version) 2.6.37 ]<br>Jan 1 06:03:17 pluto[9574]: packet from <a href="http://111.243.158.170:500/" target="_blank">111.243.158.170:500</a>: received Vendor ID<br>
payload [Dead Peer Detection]<br>Jan 1 06:03:17 pluto[9574]: packet from <a href="http://111.243.158.170:500/" target="_blank">111.243.158.170:500</a>: received Vendor ID<br> payload [RFC 3947] method set to=109<br>Jan 1 06:03:17 pluto[9574]: packet from <a href="http://111.243.158.170:500/" target="_blank">111.243.158.170:500</a>: received Vendor ID<br>
payload [draft-ietf-ipsec-nat-t-ike-03] meth=108, but already using method 109<br>Jan 1 06:03:17 pluto[9574]: packet from <a href="http://111.243.158.170:500/" target="_blank">111.243.158.170:500</a>: received Vendor ID<br>
payload [draft-ietf-ipsec-nat-t-ike-02_n] meth=106, but already using method 10<br>9<br>Jan 1 06:03:17 pluto[9574]: packet from <a href="http://111.243.158.170:500/" target="_blank">111.243.158.170:500</a>: received Vendor ID<br>
payload [draft-ietf-ipsec-nat-t-ike-02] meth=107, but already using method 109<br>Jan 1 06:03:17 pluto[9574]: packet from <a href="http://111.243.158.170:500/" target="_blank">111.243.158.170:500</a>: received Vendor ID<br>
payload [draft-ietf-ipsec-nat-t-ike-00]<br>Jan 1 06:03:17 pluto[9574]: "sample" #3: responding to Main Mode<br>Jan 1 06:03:17 pluto[9574]: "sample" #3: transition from state STATE_MAIN_R0 to<br> state STATE_MAIN_R1<br>
Jan 1 06:03:17 pluto[9574]: "sample" #3: STATE_MAIN_R1: sent MR1, expecting MI2</font></div>
<div> </div>
<div><font color="#0000ff" face="Verdana">Jan 1 06:03:17 pluto[9574]: "sample" #3: NAT-Traversal: Result using RFC 3947 (<br>NAT-Traversal): no NAT detected<br>Jan 1 06:03:18 pluto[9574]: "sample" #3: transition from state STATE_MAIN_R1 to<br>
state STATE_MAIN_R2<br>Jan 1 06:03:18 pluto[9574]: "sample" #3: STATE_MAIN_R2: sent MR2, expecting MI3</font></div>
<div> </div>
<div><font color="#0000ff" face="Verdana">Jan 1 06:03:18 pluto[9574]: "sample" #3: Main mode peer ID is ID_IPV4_ADDR: '11<br>1.243.158.170'<br>Jan 1 06:03:18 pluto[9574]: "sample" #3: transition from state STATE_MAIN_R2 to<br>
state STATE_MAIN_R3<br>Jan 1 06:03:18 pluto[9574]: "sample" #3: STATE_MAIN_R3: sent MR3, ISAKMP SA est<br>ablished {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 gr<br>oup=modp1024}<br>Jan 1 06:03:18 pluto[9574]: "sample" #3: the peer proposed: <a href="http://192.168.1.0/24:0/0" target="_blank">192.168.1.0/24:0/0</a><br>
-> <a href="http://192.168.2.0/24:0/0" target="_blank">192.168.2.0/24:0/0</a><br>Jan 1 06:03:18 pluto[9574]: "sample" #4: responding to Quick Mode proposal {msg<br>id:89a57974}<br>Jan 1 06:03:18 pluto[9574]: "sample" #4: us: <a href="http://192.168.1.0/24===111.243.150.2" target="_blank">192.168.1.0/24===111.243.150.2</a><br>
51<111.243.150.251>[+S=C]<br>Jan 1 06:03:18 pluto[9574]: "sample" #4: them: 111.243.158.170<111.243.158.17<br>0>[+S=C]===<a href="http://192.168.2.0/24" target="_blank">192.168.2.0/24</a><br>Jan 1 06:03:18 pluto[9574]: "sample" #4: keeping refhim=1 during rekey<br>
Jan 1 06:03:18 pluto[9574]: "sample" #4: transition from state STATE_QUICK_R0 t<br>o state STATE_QUICK_R1<br>Jan 1 06:03:18 pluto[9574]: "sample" #4: STATE_QUICK_R1: sent QR1, inbound IPse<br>c SA installed, expecting QI2<br>
Jan 1 06:03:18 pluto[9574]: "sample" #4: transition from state STATE_QUICK_R1 t<br>o state STATE_QUICK_R2<br>Jan 1 06:03:18 pluto[9574]: "sample" #4: STATE_QUICK_R2: IPsec SA established t<br>unnel mode {ESP=>0x5df646a9 <0xdf3fceea xfrm=3DES_0-HMAC_MD5 IPCOMP=>0x0000d84c<br>
<0x0000cf2f NATOA=none NATD=none DPD=none}</font></div>
<div><font color="#0000ff" face="Verdana"></font> </div>
<div><font color="#0000ff" face="Verdana"></font> </div>
<div><font color="#0000ff" face="Verdana">Openswan 2.6.37<br># ipsec whack --status<br>000 using kernel interface: klips<br>000 interface ipsec0/ppp0 111.243.150.251<br>000 interface ipsec0/ppp0 111.243.150.251<br>000 %myid = (none)<br>
000 debug none<br>000<br>000 virtual_private (%priv):<br>000 - allowed 2 subnets: <a href="http://192.168.1.0/24" target="_blank">192.168.1.0/24</a>, <a href="http://192.168.2.0/24" target="_blank">192.168.2.0/24</a><br>000 - disallowed 0 subnets:<br>
000 WARNING: Disallowed subnets in virtual_private= is empty. If you have<br>000 private address space in internal use, it should be excluded!<br>000<br>000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=64, keysizemin=192, keysiz<br>
emax=192<br>000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=128, keysizemin=128, keysi<br>zemax=256<br>000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128,<br> keysizemax=128<br>000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160<br>
, keysizemax=160<br>000 algorithm ESP auth attr: id=9, name=AUTH_ALGORITHM_AES_CBC, keysizemin=128,<br>keysizemax=128<br>000<br>000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8, keydeflen=19<br>2<br>000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16, keydeflen=12<br>
8<br>000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16<br>000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20<br>000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024<br>000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536<br>
000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048<br>000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072<br>000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096<br>
000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144<br>000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192<br>000 algorithm IKE dh group: id=22, name=OAKLEY_GROUP_DH22, bits=1024<br>
000 algorithm IKE dh group: id=23, name=OAKLEY_GROUP_DH23, bits=2048<br>000 algorithm IKE dh group: id=24, name=OAKLEY_GROUP_DH24, bits=2048<br>000<br>000 stats db_ops: {curr_cnt, total_cnt, maxsz} :context={0,2,36} trans={0,2,180}<br>
attrs={0,2,240}<br>000<br>000 "sample": <a href="http://192.168.1.0/24===111.243.150.251" target="_blank">192.168.1.0/24===111.243.150.251</a><111.243.150.251>[+S=C]...111.243.<br>158.170<111.243.158.170>[+S=C]===<a href="http://192.168.2.0/24" target="_blank">192.168.2.0/24</a>; erouted; eroute owner: #4<br>
000 "sample": myip=unset; hisip=unset;<br>000 "sample": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_f<br>uzz: 100%; keyingtries: 0<br>000 "sample": policy: PSK+ENCRYPT+COMPRESS+TUNNEL+PFS+UP+IKEv2ALLOW+SAREFTRACK<br>
+lKOD+rKOD; prio: 24,24; interface: ppp0;<br>000 "sample": newest ISAKMP SA: #3; newest IPsec SA: #4;<br>000 "sample": newest ISAKMP SA: #3; newest IPsec SA: #4;<br>lags=-strict<br>000 "sample": IKE algorithms found: 3DES_CBC(5)_192-MD5(1)_128-MODP1024(2)<br>
000 "sample": IKE algorithm newest: 3DES_CBC_192-MD5-MODP1024<br>000 "sample": ESP algorithms wanted: 3DES(3)_000-MD5(1)_000; flags=-strict<br>000 "sample": ESP algorithms loaded: 3DES(3)_192-MD5(1)_128<br>
000 "sample": ESP algorithm newest: 3DES_000-HMAC_MD5; pfsgroup=<Phase1><br>000<br>000 #2: "sample":500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_R<br>EPLACE in 25529s; isakmp#1; idle; import:admin initiate<br>
000 #2: "sample" <a href="mailto:esp.5df646a8@111.243.158.170" target="_blank">esp.5df646a8@111.243.158.170</a> <a href="mailto:esp.df3fcee9@111.243.150.251" target="_blank">esp.df3fcee9@111.243.150.251</a> comp.<br>
<a href="mailto:d84b@111.243.158.170" target="_blank">d84b@111.243.158.170</a> <a href="mailto:comp.cf2e@111.243.150.251" target="_blank">comp.cf2e@111.243.150.251</a> <a href="mailto:tun.1001@111.243.158.170" target="_blank">tun.1001@111.243.158.170</a> tun.1002<br>
@<a href="http://111.243.150.251/" target="_blank">111.243.150.251</a> ref=4 refhim=1<br>000 #1: "sample":500 STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in<br>462s; lastdpd=-1s(seq in:0 out:0); idle; import:admin initiate<br>
000 #4: "sample":500 STATE_QUICK_R2 (IPsec SA established); EVENT_SA_REPLACE in<br>26094s; newest IPSEC; eroute owner; isakmp#3; idle; import:not set<br>000 #4: "sample" used 53s ago; <a href="mailto:esp.5df646a9@111.243.158.170" target="_blank">esp.5df646a9@111.243.158.170</a> <a href="mailto:esp.df3fceea@111.243" target="_blank">esp.df3fceea@111.243</a><br>
.150.251 <a href="mailto:comp.d84c@111.243.158.170" target="_blank">comp.d84c@111.243.158.170</a> <a href="mailto:comp.cf2f@111.243.150.251" target="_blank">comp.cf2f@111.243.150.251</a> <a href="mailto:tun.1004@111.243.15" target="_blank">tun.1004@111.243.15</a><br>
8.170 <a href="mailto:tun.1003@111.243.150.251" target="_blank">tun.1003@111.243.150.251</a> ref=7 refhim=1<br>000 #3: "sample":500 STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_R<br>EPLACE in 894s; newest ISAKMP; lastdpd=-1s(seq in:0 out:0); idle; import:not set</font></div>
<div> </div>
<div><font color="#0000ff" face="Verdana">000<br>#</font></div>
<div><font color="#0000ff" face="Verdana"></font> </div>
<div><font color="#0000ff" face="Verdana"></font> </div>
<div><font color="#0000ff" face="Verdana"></font> </div>
<div><font color="#0000ff" face="Verdana"> </font></div>
<div><br></div></blockquote></div><br>