[prev in list] [next in list] [prev in thread] [next in thread]
List: openswan-users
Subject: Re: [Openswan Users] SA Established, no ping
From: Nick Howitt <n1ck.h0w1tt () gmail ! com>
Date: 2013-05-07 7:34:49
Message-ID: 95a4f4f6cf7960fc4dadaafb77ae3938 () howitts ! poweredbyclear ! com
[Download RAW message or body]
Add left/rightsourceip to your conns
Nick
On 2013-05-07 02:34,
Patrick Naubert wrote:
> Rescued from the Spam bucket. Please remember
to subscribe to the mailing list before posting to it.
>
> Begin
forwarded message:
>
> FROM: "serzer@gmail.com" <serzer@gmail.com>
>
SUBJECT: SA ESTABLISHED, NO PING
>
> DATE: 3 May, 2013 8:59:36 PM EDT
>
> TO: users@lists.openswan.org
>
> Hello, I am trying to establish
connection between my mikrotik router and CentOS 6.4 server
>
> Looks
like ipsec tunnel is establishing, but i am not able to ping my router:
>
> [root@ks3307690 ~]# ping 192.168.0.1
> PING 192.168.0.1
(192.168.0.1) 56(84) bytes of data.
> ^C
> --- 192.168.0.1 ping
statistics ---
> 3 packets transmitted, 0 received, 100% packet loss,
time 2285ms
>
> [root@ks3307690 ~]# traceroute 192.168.0.1
>
traceroute to 192.168.0.1 (192.168.0.1), 30 hops max, 60 byte packets
>
1 178.32.223.253 (178.32.223.253) 0.842 ms^C
>
> here is the barf log:
>
> [root@ks3307690 ~]# ipsec barf
> ks3307690.kimsufi.com [4]
> Sat
May 4 02:55:49 CEST 2013
> + _________________________ version
> +
ipsec --version
> Linux Openswan U2.6.32/K2.6.32-358.6.1.el6.x86_64
(netkey)
> See `ipsec --copyright' for copyright information.
> +
_________________________ /proc/version
> + cat /proc/version
> Linux
version 2.6.32-358.6.1.el6.x86_64 (mockbuild@c6b9.bsys.dev.centos.org)
(gcc version 4.4.7 20120313 (Red Hat 4.4.7-3) (GCC) ) #1 SMP Tue Apr 23
19:29:00 UTC 2013
> + _________________________ /proc/net/ipsec_eroute
> + test -r /proc/net/ipsec_eroute
> + _________________________
netstat-rn
> + netstat -nr
> + head -n 100
> Kernel IP routing table
> Destination Gateway Genmask Flags MSS Window irtt Iface
>
178.32.223.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
> 0.0.0.0
178.32.223.254 0.0.0.0 UG 0 0 0 eth0
> + _________________________
/proc/net/ipsec_spi
> + test -r /proc/net/ipsec_spi
> +
_________________________ /proc/net/ipsec_spigrp
> + test -r
/proc/net/ipsec_spigrp
> + _________________________
/proc/net/ipsec_tncfg
> + test -r /proc/net/ipsec_tncfg
> +
_________________________ /proc/net/pfkey
> + test -r /proc/net/pfkey
> + cat /proc/net/pfkey
> sk RefCnt Rmem Wmem User Inode
> +
_________________________ ip-xfrm-state
> + ip xfrm state
> src
82.198.121.45 dst 179.34.222.31
> proto esp spi 0x743427d2 reqid 16389
mode tunnel
> replay-window 32 flag 20
> auth hmac(sha1)
0x0ec98333b7b35011dd556775706927fb24bc91b4
> enc cbc(des3_ede)
0x5acc8c5560d040f567ead8e79977da51e0c50db968e4aa15
> src 179.34.222.31
dst 82.198.121.45
> proto esp spi 0x01eea26a reqid 16389 mode tunnel
>
replay-window 32 flag 20
> auth hmac(sha1)
0x2564bcea5b8774578011ab4ab09bd9323f436f16
> enc cbc(des3_ede)
0x059e52c2b2dd0dbca0342ff5be47c5a908f1be5bb4de6447
> +
_________________________ ip-xfrm-policy
> + ip xfrm policy
> src
192.168.1.0/24 [5] dst 192.168.0.0/24 [6]
> dir out priority 2344 ptype
main
> tmpl src 179.34.222.31 dst 82.198.121.45
> proto esp reqid
16389 mode tunnel
> src 192.168.0.0/24 [6] dst 192.168.1.0/24 [5]
>
dir fwd priority 2344 ptype main
> tmpl src 82.198.121.45 dst
179.34.222.31
> proto esp reqid 16389 mode tunnel
> src 192.168.0.0/24
[6] dst 192.168.1.0/24 [5]
> dir in priority 2344 ptype main
> tmpl
src 82.198.121.45 dst 179.34.222.31
> proto esp reqid 16389 mode tunnel
> src ::/0 dst ::/0
> dir 4 priority 0 ptype main
> src ::/0 dst ::/0
> dir 3 priority 0 ptype main
> src ::/0 dst ::/0
> dir 4 priority 0
ptype main
> src ::/0 dst ::/0
> dir 3 priority 0 ptype main
> src
0.0.0.0/0 [7] dst 0.0.0.0/0 [7]
> dir 4 priority 0 ptype main
> src
0.0.0.0/0 [7] dst 0.0.0.0/0 [7]
> dir 3 priority 0 ptype main
> src
0.0.0.0/0 [7] dst 0.0.0.0/0 [7]
> dir 4 priority 0 ptype main
> src
0.0.0.0/0 [7] dst 0.0.0.0/0 [7]
> dir 3 priority 0 ptype main
> src
0.0.0.0/0 [7] dst 0.0.0.0/0 [7]
> dir 4 priority 0 ptype main
> src
0.0.0.0/0 [7] dst 0.0.0.0/0 [7]
> dir 3 priority 0 ptype main
> src
0.0.0.0/0 [7] dst 0.0.0.0/0 [7]
> dir 4 priority 0 ptype main
> src
0.0.0.0/0 [7] dst 0.0.0.0/0 [7]
> dir 3 priority 0 ptype main
> +
_________________________ /proc/crypto
> + test -r /proc/crypto
> +
cat /proc/crypto
> name : authenc(hmac(sha1),cbc(des3_ede))
> driver :
authenc(hmac(sha1-generic),cbc(des3_ede-generic))
> module : authenc
>
priority : 0
> refcnt : 3
> selftest : passed
> type : aead
> async
> no
> blocksize : 8
> ivsize : 8
> maxauthsize : 20
> geniv :
<built-in>
>
> name : cbc(des3_ede)
> driver : cbc(des3_ede-generic)
> module : kernel
> priority : 0
> refcnt : 3
> selftest : passed
>
type : givcipher
> async : no
> blocksize : 8
> min keysize : 24
>
max keysize : 24
> ivsize : 8
> geniv : eseqiv
>
> name : deflate
>
driver : deflate-generic
> module : deflate
> priority : 0
> refcnt :
1
> selftest : passed
> type : compression
>
> name :
rfc3686(ctr(aes))
> driver : rfc3686(ctr(aes-asm))
> module : ctr
>
priority : 200
> refcnt : 1
> selftest : passed
> type : blkcipher
>
blocksize : 1
> min keysize : 20
> max keysize : 36
> ivsize : 8
>
geniv : seqiv
>
> name : ctr(aes)
> driver : ctr(aes-asm)
> module :
ctr
> priority : 200
> refcnt : 1
> selftest : passed
> type :
blkcipher
> blocksize : 1
> min keysize : 16
> max keysize : 32
>
ivsize : 16
> geniv : chainiv
>
> name : cbc(twofish)
> driver :
cbc(twofish-asm)
> module : cbc
> priority : 200
> refcnt : 1
>
selftest : passed
> type : blkcipher
> blocksize : 16
> min keysize :
16
> max keysize : 32
> ivsize : 16
> geniv : <default>
>
> name :
cbc(camellia)
> driver : cbc(camellia-generic)
> module : cbc
>
priority : 100
> refcnt : 1
> selftest : passed
> type : blkcipher
>
blocksize : 16
> min keysize : 16
> max keysize : 32
> ivsize : 16
>
geniv : <default>
>
> name : camellia
> driver : camellia-generic
>
module : camellia
> priority : 100
> refcnt : 1
> selftest : passed
> type : cipher
> blocksize : 16
> min keysize : 16
> max keysize :
32
>
> name : cbc(serpent)
> driver : cbc(serpent-generic)
> module
> cbc
> priority : 0
> refcnt : 1
> selftest : passed
> type :
blkcipher
> blocksize : 16
> min keysize : 0
> max keysize : 32
>
ivsize : 16
> geniv : <default>
>
> name : cbc(aes)
> driver :
cbc(aes-asm)
> module : cbc
> priority : 200
> refcnt : 1
> selftest
> passed
> type : blkcipher
> blocksize : 16
> min keysize : 16
>
max keysize : 32
> ivsize : 16
> geniv : <default>
>
> name :
cbc(blowfish)
> driver : cbc(blowfish-generic)
> module : cbc
>
priority : 0
> refcnt : 1
> selftest : passed
> type : blkcipher
>
blocksize : 8
> min keysize : 4
> max keysize : 56
> ivsize : 8
>
geniv : <default>
>
> name : cbc(cast5)
> driver : cbc(cast5-generic)
> module : cbc
> priority : 0
> refcnt : 1
> selftest : passed
>
type : blkcipher
> blocksize : 8
> min keysize : 5
> max keysize : 16
> ivsize : 8
> geniv : <default>
>
> name : cast5
> driver :
cast5-generic
> module : cast5
> priority : 0
> refcnt : 1
>
selftest : passed
> type : cipher
> blocksize : 8
> min keysize : 5
> max keysize : 16
>
> name : cbc(des3_ede)
> driver :
cbc(des3_ede-generic)
> module : cbc
> priority : 0
> refcnt : 3
>
selftest : passed
> type : blkcipher
> blocksize : 8
> min keysize :
24
> max keysize : 24
> ivsize : 8
> geniv : <default>
>
> name :
cbc(des)
> driver : cbc(des-generic)
> module : cbc
> priority : 0
>
refcnt : 1
> selftest : passed
> type : blkcipher
> blocksize : 8
>
min keysize : 8
> max keysize : 8
> ivsize : 8
> geniv : <default>
>
> name : xcbc(aes)
> driver : xcbc(aes-asm)
> module : xcbc
>
priority : 200
> refcnt : 1
> selftest : passed
> type : shash
>
blocksize : 16
> digestsize : 16
>
> name : hmac(rmd160)
> driver :
hmac(rmd160-generic)
> module : kernel
> priority : 0
> refcnt : 1
>
selftest : passed
> type : shash
> blocksize : 64
> digestsize : 20
>
> name : rmd160
> driver : rmd160-generic
> module : rmd160
>
priority : 0
> refcnt : 1
> selftest : passed
> type : shash
>
blocksize : 64
> digestsize : 20
>
> name : hmac(sha512)
> driver :
hmac(sha512-generic)
> module : kernel
> priority : 0
> refcnt : 1
>
selftest : passed
> type : shash
> blocksize : 128
> digestsize : 64
>
> name : hmac(sha384)
> driver : hmac(sha384-generic)
> module :
kernel
> priority : 0
> refcnt : 1
> selftest : passed
> type :
shash
> blocksize : 128
> digestsize : 48
>
> name : hmac(sha256)
>
driver : hmac(sha256-generic)
> module : kernel
> priority : 0
>
refcnt : 1
> selftest : passed
> type : shash
> blocksize : 64
>
digestsize : 32
>
> name : hmac(sha1)
> driver : hmac(sha1-generic)
> module : kernel
> priority : 0
> refcnt : 5
> selftest : passed
>
type : shash
> blocksize : 64
> digestsize : 20
>
> name : hmac(md5)
> driver : hmac(md5-generic)
> module : kernel
> priority : 0
>
refcnt : 1
> selftest : passed
> type : shash
> blocksize : 64
>
digestsize : 16
>
> name : compress_null
> driver :
compress_null-generic
> module : crypto_null
> priority : 0
> refcnt
> 1
> selftest : passed
> type : compression
>
> name : digest_null
> driver : digest_null-generic
> module : crypto_null
> priority : 0
> refcnt : 1
> selftest : passed
> type : shash
> blocksize : 1
>
digestsize : 0
>
> name : ecb(cipher_null)
> driver : ecb-cipher_null
> module : crypto_null
> priority : 100
> refcnt : 1
> selftest :
passed
> type : blkcipher
> blocksize : 1
> min keysize : 0
> max
keysize : 0
> ivsize : 0
> geniv : <default>
>
> name : cipher_null
> driver : cipher_null-generic
> module : crypto_null
> priority : 0
> refcnt : 1
> selftest : passed
> type : cipher
> blocksize : 1
>
min keysize : 0
> max keysize : 0
>
> name : tnepres
> driver :
tnepres-generic
> module : serpent
> priority : 0
> refcnt : 1
>
selftest : passed
> type : cipher
> blocksize : 16
> min keysize : 0
> max keysize : 32
>
> name : serpent
> driver : serpent-generic
>
module : serpent
> priority : 0
> refcnt : 1
> selftest : passed
>
type : cipher
> blocksize : 16
> min keysize : 0
> max keysize : 32
>
> name : blowfish
> driver : blowfish-generic
> module : blowfish
> priority : 0
> refcnt : 1
> selftest : passed
> type : cipher
>
blocksize : 8
> min keysize : 4
> max keysize : 56
>
> name :
twofish
> driver : twofish-asm
> module : twofish_x86_64
> priority :
200
> refcnt : 1
> selftest : passed
> type : cipher
> blocksize :
16
> min keysize : 16
> max keysize : 32
>
> name : sha256
> driver
> sha256-generic
> module : sha256_generic
> priority : 0
> refcnt :
1
> selftest : passed
> type : shash
> blocksize : 64
> digestsize :
32
>
> name : sha224
> driver : sha224-generic
> module :
sha256_generic
> priority : 0
> refcnt : 1
> selftest : passed
>
type : shash
> blocksize : 64
> digestsize : 28
>
> name : sha512
>
driver : sha512-generic
> module : sha512_generic
> priority : 0
>
refcnt : 1
> selftest : passed
> type : shash
> blocksize : 128
>
digestsize : 64
>
> name : sha384
> driver : sha384-generic
> module
> sha512_generic
> priority : 0
> refcnt : 1
> selftest : passed
>
type : shash
> blocksize : 128
> digestsize : 48
>
> name : des3_ede
> driver : des3_ede-generic
> module : des_generic
> priority : 0
>
refcnt : 3
> selftest : passed
> type : cipher
> blocksize : 8
> min
keysize : 24
> max keysize : 24
>
> name : des
> driver :
des-generic
> module : des_generic
> priority : 0
> refcnt : 1
>
selftest : passed
> type : cipher
> blocksize : 8
> min keysize : 8
> max keysize : 8
>
> name : aes
> driver : aes-asm
> module :
aes_x86_64
> priority : 200
> refcnt : 1
> selftest : passed
> type
> cipher
> blocksize : 16
> min keysize : 16
> max keysize : 32
>
>
name : aes
> driver : aes-generic
> module : aes_generic
> priority :
100
> refcnt : 1
> selftest : passed
> type : cipher
> blocksize :
16
> min keysize : 16
> max keysize : 32
>
> name : stdrng
> driver
> krng
> module : kernel
> priority : 200
> refcnt : 2
> selftest :
passed
> type : rng
> seedsize : 0
>
> name : crc32c
> driver :
crc32c-generic
> module : kernel
> priority : 100
> refcnt : 1
>
selftest : passed
> type : shash
> blocksize : 1
> digestsize : 4
>
> name : sha1
> driver : sha1-generic
> module : kernel
> priority :
0
> refcnt : 3
> selftest : passed
> type : shash
> blocksize : 64
> digestsize : 20
>
> name : md5
> driver : md5-generic
> module :
kernel
> priority : 0
> refcnt : 1
> selftest : passed
> type :
shash
> blocksize : 64
> digestsize : 16
>
> +
__________________________/proc/sys/net/core/xfrm-star
>
/usr/libexec/ipsec/barf: line 190:
__________________________/proc/sys/net/core/xfrm-star: No such file or
directory
> + for i in '/proc/sys/net/core/xfrm_*'
> + echo -n
'/proc/sys/net/core/xfrm_acq_expires: '
>
/proc/sys/net/core/xfrm_acq_expires: + cat
/proc/sys/net/core/xfrm_acq_expires
> 30
> + for i in
'/proc/sys/net/core/xfrm_*'
> + echo -n
'/proc/sys/net/core/xfrm_aevent_etime: '
>
/proc/sys/net/core/xfrm_aevent_etime: + cat
/proc/sys/net/core/xfrm_aevent_etime
> 10
> + for i in
'/proc/sys/net/core/xfrm_*'
> + echo -n
'/proc/sys/net/core/xfrm_aevent_rseqth: '
>
/proc/sys/net/core/xfrm_aevent_rseqth: + cat
/proc/sys/net/core/xfrm_aevent_rseqth
> 2
> + for i in
'/proc/sys/net/core/xfrm_*'
> + echo -n
'/proc/sys/net/core/xfrm_larval_drop: '
>
/proc/sys/net/core/xfrm_larval_drop: + cat
/proc/sys/net/core/xfrm_larval_drop
> 1
> + _________________________
/proc/sys/net/ipsec-star
> + test -d /proc/sys/net/ipsec
> +
_________________________ ipsec/status
> + ipsec auto --status
> 000
using kernel interface: netkey
> 000 interface eth0/eth0
2001:41d0:8:e242::1
> 000 interface lo/lo ::1
> 000 interface lo/lo
127.0.0.1
> 000 interface lo/lo 127.0.0.1
> 000 interface eth0/eth0
179.34.222.31
> 000 interface eth0/eth0 179.34.222.31
> 000 %myid (none)
> 000 debug none
> 000
> 000 virtual_private (%priv):
> 000 -
allowed 0 subnets:
> 000 - disallowed 0 subnets:
> 000 WARNING: Either
virtual_private= is not specified, or there is a syntax
> 000 error in
that line. 'left/rightsubnet=vhost:%priv' will not work!
> 000 WARNING:
Disallowed subnets in virtual_private= is empty. If you have
> 000
private address space in internal use, it should be excluded!
> 000
>
000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemind,
keysizemaxd
> 000 algorithm ESP encrypt: id=3, name=ESP_3DES,
ivlen=8, keysizemin2, keysizemax2
> 000 algorithm ESP encrypt:
id=6, name=ESP_CAST, ivlen=8, keysizemin@, keysizemax8
> 000
algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8, keysizemin@,
keysizemaxD8
> 000 algorithm ESP encrypt: id, name=ESP_NULL,
ivlen=0, keysizemin=0, keysizemax=0
> 000 algorithm ESP encrypt: id,
name=ESP_AES, ivlen=8, keysizemin8, keysizemax%6
> 000 algorithm
ESP encrypt: id, name=ESP_AES_CTR, ivlen=8, keysizemin8,
keysizemax%6
> 000 algorithm ESP encrypt: id, name=ESP_AES_CCM_A,
ivlen=8, keysizemin8, keysizemax%6
> 000 algorithm ESP encrypt:
id, name=ESP_AES_CCM_B, ivlen=8, keysizemin8, keysizemax%6
>
000 algorithm ESP encrypt: id, name=ESP_AES_CCM_C, ivlen=8,
keysizemin8, keysizemax%6
> 000 algorithm ESP encrypt: id,
name=ESP_AES_GCM_A, ivlen=8, keysizemin8, keysizemax%6
> 000
algorithm ESP encrypt: id, name=ESP_AES_GCM_B, ivlen=8,
keysizemin8, keysizemax%6
> 000 algorithm ESP encrypt: id ,
name=ESP_AES_GCM_C, ivlen=8, keysizemin8, keysizemax%6
> 000
algorithm ESP encrypt: id", name=ESP_CAMELLIA, ivlen=8,
keysizemin8, keysizemax%6
> 000 algorithm ESP encrypt: id%2,
name=ESP_SERPENT, ivlen=8, keysizemin8, keysizemax%6
> 000
algorithm ESP encrypt: id%3, name=ESP_TWOFISH, ivlen=8,
keysizemin8, keysizemax%6
> 000 algorithm ESP auth attr: id=1,
name=AUTH_ALGORITHM_HMAC_MD5, keysizemin8, keysizemax8
> 000
algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1,
keysizemin0, keysizemax0
> 000 algorithm ESP auth attr: id=5,
name=AUTH_ALGORITHM_HMAC_SHA2_256, keysizemin%6, keysizemax%6
> 000
algorithm ESP auth attr: id=6, name=AUTH_ALGORITHM_HMAC_SHA2_384,
keysizemin84, keysizemax84
> 000 algorithm ESP auth attr: id=7,
name=AUTH_ALGORITHM_HMAC_SHA2_512, keysizeminQ2, keysizemaxQ2
> 000
algorithm ESP auth attr: id=8, name=AUTH_ALGORITHM_HMAC_RIPEMD,
keysizemin0, keysizemax0
> 000 algorithm ESP auth attr: id=9,
name=AUTH_ALGORITHM_AES_CBC, keysizemin8, keysizemax8
> 000
algorithm ESP auth attr: id%1, name=(null), keysizemin=0, keysizemax=0
> 000
> 000 algorithm IKE encrypt: id=0, name=(null), blocksize,
keydeflen1
> 000 algorithm IKE encrypt: id=3,
name=OAKLEY_BLOWFISH_CBC, blocksize=8, keydeflen8
> 000 algorithm
IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8, keydeflen2
>
000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize,
keydeflen8
> 000 algorithm IKE encrypt: ide004,
name=OAKLEY_SERPENT_CBC, blocksize, keydeflen8
> 000 algorithm
IKE encrypt: ide005, name=OAKLEY_TWOFISH_CBC, blocksize,
keydeflen8
> 000 algorithm IKE encrypt: ide289,
name=OAKLEY_TWOFISH_CBC_SSH, blocksize, keydeflen8
> 000
algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize
> 000 algorithm
IKE hash: id=2, name=OAKLEY_SHA1, hashsize
> 000 algorithm IKE hash:
id=4, name=OAKLEY_SHA2_256, hashsize2
> 000 algorithm IKE hash: id=6,
name=OAKLEY_SHA2_512, hashsized
> 000 algorithm IKE dh group: id=2,
name=OAKLEY_GROUP_MODP1024, bits24
> 000 algorithm IKE dh group:
id=5, name=OAKLEY_GROUP_MODP1536, bits36
> 000 algorithm IKE dh
group: id, name=OAKLEY_GROUP_MODP2048, bits 48
> 000 algorithm IKE
dh group: id, name=OAKLEY_GROUP_MODP3072, bits072
> 000 algorithm
IKE dh group: id, name=OAKLEY_GROUP_MODP4096, bits@96
> 000
algorithm IKE dh group: id, name=OAKLEY_GROUP_MODP6144, bitsa44
>
000 algorithm IKE dh group: id, name=OAKLEY_GROUP_MODP8192, bits92
> 000 algorithm IKE dh group: id", name=OAKLEY_GROUP_DH22, bits24
> 000 algorithm IKE dh group: id#, name=OAKLEY_GROUP_DH23, bits 48
> 000 algorithm IKE dh group: id$, name=OAKLEY_GROUP_DH24, bits 48
> 000
> 000 stats db_ops: {curr_cnt, total_cnt, maxsz}
> context={0,0,0} trans={0,0,0} attrs={0,0,0}
> 000
> 000 "mikrotik":
192.168.1.0/24==9.34.222.31
[8]<179.34.222.31>[+S=C]...192.168.0.1---82.198.121.45<82.198.121.45>[+S=C]==2.168.0.0/24
[6]; erouted; eroute owner: #7
> 000 "mikrotik": myip=unset;
hisip=unset;
> 000 "mikrotik": ike_life: 3600s; ipsec_life: 28800s;
rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
> 000 "mikrotik":
policy: PSK+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW+SAREFTRACK+lKOD+rKOD; prio:
24,24; interface: eth0;
> 000 "mikrotik": newest ISAKMP SA: #6; newest
IPsec SA: #7;
> 000 "mikrotik": IKE algorithm newest:
3DES_CBC_192-SHA1-MODP1024
> 000
> 000 #7: "mikrotik":500
STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in
27750s; newest IPSEC; eroute owner; isakmp#6; idle; import:admin
initiate
> 000 #7: "mikrotik" esp.1eea26a@82.198.121.45
esp.743427d2@179.34.222.31 tun.0@82.198.121.45 tun.0@179.34.222.31 ref=0
refhimB94901761
> 000 #6: "mikrotik":500 STATE_MAIN_I4 (ISAKMP SA
established); EVENT_SA_REPLACE in 2625s; newest ISAKMP; lastdpd=-1s(seq
in:0 out:0); idle; import:admin initiate
> 000
> +
_________________________ ifconfig-a
> + ifconfig -a
> eth0 Link
encap:Ethernet HWaddr 4C:72:B9:D1:C4:25
> inet addr:179.34.222.31
Bcast:178.32.223.255 Mask:255.255.255.0
> inet6 addr:
2001:41d0:8:e242::1/64 Scope:Global
> inet6 addr:
fe80::4e72:b9ff:fed1:c425/64 Scope:Link
> UP BROADCAST RUNNING
MULTICAST MTU:1500 Metric:1
> RX packets:17969 errors:0 dropped:0
overruns:0 frame:0
> TX packets:48900 errors:0 dropped:0 overruns:0
carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:1532137 (1.4 MiB)
TX bytes:14568681 (13.8 MiB)
> Interrupt:20 Memory:fe500000-fe520000
>
> lo Link encap:Local Loopback
> inet addr:127.0.0.1 Mask:255.0.0.0
>
inet6 addr: ::1/128 Scope:Host
> UP LOOPBACK RUNNING MTU:16436 Metric:1
> RX packets:248 errors:0 dropped:0 overruns:0 frame:0
> TX
packets:248 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0
txqueuelen:0
> RX bytes:39867 (38.9 KiB) TX bytes:39867 (38.9 KiB)
>
> + _________________________ ip-addr-list
> + ip addr list
> 1: lo:
<LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
>
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> inet
127.0.0.1/8 [9] scope host lo
> inet6 ::1/128 scope host
> valid_lft
forever preferred_lft forever
> 2: eth0:
<BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
qlen 1000
> link/ether 4c:72:b9:d1:c4:25 brd ff:ff:ff:ff:ff:ff
> inet
179.34.222.31/24 [10] brd 178.32.223.255 scope global eth0
> inet6
2001:41d0:8:e242::1/64 scope global
> valid_lft forever preferred_lft
forever
> inet6 fe80::4e72:b9ff:fed1:c425/64 scope link
> valid_lft
forever preferred_lft forever
> + _________________________
ip-route-list
> + ip route list
> 178.32.223.0/24 [11] dev eth0 proto
kernel scope link src 179.34.222.31
> default via 178.32.223.254 dev
eth0
> + _________________________ ip-rule-list
> + ip rule list
> 0:
from all lookup local
> 32766: from all lookup main
> 32767: from all
lookup default
> + _________________________ ipsec_verify
> + ipsec
verify --nocolour
> Checking your system to see if IPsec got installed
and started correctly:
> Version check and ipsec on-path [OK]
> Linux
Openswan U2.6.32/K2.6.32-358.6.1.el6.x86_64 (netkey)
> Checking for
IPsec support in kernel [OK]
> SAref kernel support [N/A]
> NETKEY:
Testing for disabled ICMP send_redirects [OK]
> NETKEY detected,
testing for disabled ICMP accept_redirects [OK]
> Testing against
enforced SElinux mode [OK]
> Checking that pluto is running [OK]
>
Pluto listening for IKE on udp 500 [OK]
> Pluto listening for NAT-T on
udp 4500 [OK]
> Checking for 'ip' command [OK]
> Checking /bin/sh is
not /bin/dash [OK]
> Checking for 'iptables' command [OK]
>
Opportunistic Encryption Support [DISABLED]
> +
_________________________ mii-tool
> + '[' -x /sbin/mii-tool ']'
> +
/sbin/mii-tool -v
> No interface specified
> usage: /sbin/mii-tool
[-VvRrwl] [-A media,... | -F media] <interface> ...
> -V, --version
display version information
> -v, --verbose more verbose output
> -R,
--reset reset MII to poweron state
> -r, --restart restart
autonegotiation
> -w, --watch monitor for link status changes
> -l,
--log with -w, write events to syslog
> -A, --advertise=media,...
advertise only specified media
> -F, --force=media force specified
media technology
> media: 100baseT4, 100baseTx-FD, 100baseTx-HD,
10baseT-FD, 10baseT-HD,
> (to advertise both HD and FD) 100baseTx,
10baseT
> + _________________________ ipsec/directory
> + ipsec
--directory
> /usr/libexec/ipsec
> + _________________________
hostname/fqdn
> + hostname --fqdn
> ks3307690.kimsufi.com [4]
> +
_________________________ hostname/ipaddress
> + hostname --ip-address
> 179.34.222.31
> + _________________________ uptime
> + uptime
>
02:55:49 up 1:09, 2 users, load average: 0.06, 0.03, 0.00
> +
_________________________ ps
> + ps alxwf
> + egrep -i
'ppid|pluto|ipsec|klips'
> F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY
TIME COMMAND
> 4 0 7913 1701 20 0 106064 1480 wait S+ pts/0 0:00 | _
/bin/sh /usr/libexec/ipsec/barf
> 0 0 7978 7913 20 0 4148 672 pipe_w S+
pts/0 0:00 | _ egrep -i ppid|pluto|ipsec|klips
> 1 0 4897 1 20 0 9192
524 wait S pts/0 0:00 /bin/sh /usr/libexec/ipsec/_plutorun --debug
--uniqueids yes --force_busy no --nocrsend no --strictcrlpolicy no
--nat_traversal yes --keep_alive --protostack netkey --force_keepalive
no --disable_port_floating no --virtual_private oe=off --listen
--crlcheckinterval 0 --ocspuri --nhelpers --secctx_attr_value --dump
--opts --stderrlog --wait no --pre --post --log daemon.error
--plutorestartoncrash true --pid /var/run/pluto/pluto.pid
> 1 0 4899
4897 20 0 9192 692 wait S pts/0 0:00 _ /bin/sh
/usr/libexec/ipsec/_plutorun --debug --uniqueids yes --force_busy no
--nocrsend no --strictcrlpolicy no --nat_traversal yes --keep_alive
--protostack netkey --force_keepalive no --disable_port_floating no
--virtual_private oe=off --listen --crlcheckinterval 0 --ocspuri
--nhelpers --secctx_attr_value --dump --opts --stderrlog --wait no --pre
--post --log daemon.error --plutorestartoncrash true --pid
/var/run/pluto/pluto.pid
> 4 0 4903 4899 20 0 313724 7860 poll_s Sl
pts/0 0:00 | _ /usr/libexec/ipsec/pluto --nofork --secretsfile
/etc/ipsec.secrets --ipsecdir /etc/ipsec.d --use-netkey --uniqueids
--nat_traversal --virtual_private oe=off
> 0 0 4934 4903 20 0 6080 404
poll_s S pts/0 0:00 | _ _pluto_adns
> 0 0 4900 4897 20 0 9192 1316
pipe_w S pts/0 0:00 _ /bin/sh /usr/libexec/ipsec/_plutoload --wait no
--post
> 0 0 4898 1 20 0 4056 664 pipe_w S pts/0 0:00 logger -s -p
daemon.error -t ipsec__plutorun
> + _________________________
ipsec/showdefaults
> + ipsec showdefaults
> routephys=eth0
>
routevirt=none
> routeaddr9.34.222.31
> routenexthop8.32.223.254
> + _________________________ ipsec/conf
> + ipsec _include
/etc/ipsec.conf
> + ipsec _keycensor
>
> #< /etc/ipsec.conf 1
> #
/etc/ipsec.conf - Openswan IPsec configuration file
> #
> # Manual:
ipsec.conf.5
> #
> # Please place your own config files in
/etc/ipsec.d/ ending in .conf
>
> version 2.0 # conforms to second
version of ipsec.conf specification
>
> # basic configuration
>
config setup
> # Debug-logging controls: "none" for (almost) none,
"all" for lots.
> # klipsdebug=none
> # plutodebug="control parsing"
> # For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
>
#protostack=klips
> interfaces=%defaultroute
> protostack=netkey
>
>
nat_traversal=yes
> virtual_private> oe=off
> # Enable this if you
see "failed to find any available worker"
> # nhelpers=0
>
> conn
mikrotik
> left9.34.222.31
> leftsubnet2.168.1.0/24 [5]
>
#leftnexthop=%defaultroute
>
> right.198.121.45
>
rightsubnet2.168.0.0/24 [6]
> rightnexthop2.168.0.1
>
>
type=tunnel
> authby=secret
> auto=start
> #You may put your
configuration (.conf) file in the "/etc/ipsec.d/" and uncomment this.
>
#include /etc/ipsec.d/*.conf
> + _________________________
ipsec/secrets
> + ipsec _include /etc/ipsec.secrets
> + ipsec
_secretcensor
>
> #< /etc/ipsec.secrets 1
> #:cannot open
configuration file '/etc/ipsec.d/*.secrets'
>
> #> /etc/ipsec.secrets
2
> 179.34.222.31 82.198.121.45 [12]: PSK "[sums to 354c...]"
> +
_________________________ ipsec/listall
> + ipsec auto --listall
> 000
> 000 List of Public Keys:
> 000
> 000 List of Pre-shared secrets
(from /etc/ipsec.secrets)
> 000 2: PSK 82.198.121.45 179.34.222.31
> +
'[' /etc/ipsec.d/policies ']'
> + for policy in '$POLICIES/*'
> ++
basename /etc/ipsec.d/policies/block
> + base=block
> +
_________________________ ipsec/policies/block
> + cat
/etc/ipsec.d/policies/block
> # This file defines the set of CIDRs
(network/mask-length) to which
> # communication should never be
allowed.
> #
> # See /usr/share/doc/openswan/policygroups.html for
details.
> #
> # $Id: block.in [13],v 1.4 2003/02/17 02:22:15 mcr Exp
$
> #
>
> + for policy in '$POLICIES/*'
> ++ basename
/etc/ipsec.d/policies/clear
> + base=clear
> +
_________________________ ipsec/policies/clear
> + cat
/etc/ipsec.d/policies/clear
> # This file defines the set of CIDRs
(network/mask-length) to which
> # communication should always be in
the clear.
> #
> # See /usr/share/doc/openswan/policygroups.html for
details.
> #
>
> # root name servers should be in the clear
>
192.58.128.30/32 [14]
> 198.41.0.4/32 [15]
> 192.228.79.201/32 [16]
>
192.33.4.12/32 [17]
> 128.8.10.90/32 [18]
> 192.203.230.10/32 [19]
>
192.5.5.241/32 [20]
> 192.112.36.4/32 [21]
> 128.63.2.53/32 [22]
>
192.36.148.17/32 [23]
> 193.0.14.129/32 [24]
> 199.7.83.42/32 [25]
>
202.12.27.33/32 [26]
> + for policy in '$POLICIES/*'
> ++ basename
/etc/ipsec.d/policies/clear-or-private
> + base=clear-or-private
> +
_________________________ ipsec/policies/clear-or-private
> + cat
/etc/ipsec.d/policies/clear-or-private
> # This file defines the set of
CIDRs (network/mask-length) to which
> # we will communicate in the
clear, or, if the other side initiates IPSEC,
> # using encryption.
This behaviour is also called "Opportunistic Responder".
> #
> # See
/usr/share/doc/openswan/policygroups.html for details.
> #
> # $Id:
clear-or-private.in [27],v 1.4 2003/02/17 02:22:15 mcr Exp $
> #
> +
for policy in '$POLICIES/*'
> ++ basename /etc/ipsec.d/policies/private
> + base=private
> + _________________________ ipsec/policies/private
> + cat /etc/ipsec.d/policies/private
> # This file defines the set of
CIDRs (network/mask-length) to which
> # communication should always be
private (i.e. encrypted).
> # See
/usr/share/doc/openswan/policygroups.html for details.
> #
> # $Id:
private.in [28],v 1.4 2003/02/17 02:22:15 mcr Exp $
> #
> + for policy
in '$POLICIES/*'
> ++ basename /etc/ipsec.d/policies/private-or-clear
> + base=private-or-clear
> + _________________________
ipsec/policies/private-or-clear
> + cat
/etc/ipsec.d/policies/private-or-clear
> # This file defines the set of
CIDRs (network/mask-length) to which
> # communication should be
private, if possible, but in the clear otherwise.
> #
> # If the
target has a TXT (later IPSECKEY) record that specifies
> #
authentication material, we will require private (i.e. encrypted)
> #
communications. If no such record is found, communications will be
> #
in the clear.
> #
> # See /usr/share/doc/openswan/policygroups.html
for details.
> #
> # $Id: private-or-clear.in [29],v 1.5 2003/02/17
02:22:15 mcr Exp $
> #
>
> 0.0.0.0/0 [7]
> +
_________________________ ipsec/ls-libdir
> + ls -l /usr/libexec/ipsec
> total 2676
> -rwxr-xr-x. 1 root root 10592 Sep 24 2012 _copyright
>
-rwxr-xr-x. 1 root root 2430 Sep 24 2012 _include
> -rwxr-xr-x. 1 root
root 1475 Sep 24 2012 _keycensor
> -rwxr-xr-x. 1 root root 14528 Sep 24
2012 _pluto_adns
> -rwxr-xr-x. 1 root root 2567 Sep 24 2012 _plutoload
> -rwxr-xr-x. 1 root root 8474 Sep 24 2012 _plutorun
> -rwxr-xr-x. 1
root root 13671 Sep 24 2012 _realsetup
> -rwxr-xr-x. 1 root root 1975
Sep 24 2012 _secretcensor
> -rwxr-xr-x. 1 root root 11507 Sep 24 2012
_startklips
> -rwxr-xr-x. 1 root root 6096 Sep 24 2012 _startnetkey
>
-rwxr-xr-x. 1 root root 4923 Sep 24 2012 _updown
> -rwxr-xr-x. 1 root
root 16227 Sep 24 2012 _updown.klips
> -rwxr-xr-x. 1 root root 16583
Sep 24 2012 _updown.mast
> -rwxr-xr-x. 1 root root 13745 Sep 24 2012
_updown.netkey
> -rwxr-xr-x. 1 root root 226704 Sep 24 2012 addconn
>
-rwxr-xr-x. 1 root root 6015 Sep 24 2012 auto
> -rwxr-xr-x. 1 root root
10978 Sep 24 2012 barf
> -rwxr-xr-x. 1 root root 93840 Sep 24 2012
eroute
> -rwxr-xr-x. 1 root root 26736 Sep 24 2012 ikeping
>
-rwxr-xr-x. 1 root root 69552 Sep 24 2012 klipsdebug
> -rwxr-xr-x. 1
root root 2455 Sep 24 2012 look
> -rwxr-xr-x. 1 root root 2189 Sep 24
2012 newhostkey
> -rwxr-xr-x. 1 root root 64976 Sep 24 2012 pf_key
>
-rwxr-xr-x. 1 root root 1093328 Sep 24 2012 pluto
> -rwxr-xr-x. 1 root
root 12349 Sep 24 2012 policy
> -rwxr-xr-x. 1 root root 10576 Sep 24
2012 ranbits
> -rwxr-xr-x. 1 root root 27376 Sep 24 2012 rsasigkey
>
-rwxr-xr-x. 1 root root 704 Sep 24 2012 secrets
> lrwxrwxrwx. 1 root
root 30 May 4 01:15 setup -> ../../../etc/rc.d/init.d/ipsec
>
-rwxr-xr-x. 1 root root 1126 Sep 24 2012 showdefaults
> -rwxr-xr-x. 1
root root 267584 Sep 24 2012 showhostkey
> -rwxr-xr-x. 1 root root
26736 Sep 24 2012 showpolicy
> -rwxr-xr-x. 1 root root 176552 Sep 24
2012 spi
> -rwxr-xr-x. 1 root root 81504 Sep 24 2012 spigrp
>
-rwxr-xr-x. 1 root root 77032 Sep 24 2012 tncfg
> -rwxr-xr-x. 1 root
root 14828 Sep 24 2012 verify
> -rwxr-xr-x. 1 root root 59904 Sep 24
2012 whack
> + _________________________ ipsec/ls-execdir
> + ls -l
/usr/libexec/ipsec
> total 2676
> -rwxr-xr-x. 1 root root 10592 Sep 24
2012 _copyright
> -rwxr-xr-x. 1 root root 2430 Sep 24 2012 _include
>
-rwxr-xr-x. 1 root root 1475 Sep 24 2012 _keycensor
> -rwxr-xr-x. 1
root root 14528 Sep 24 2012 _pluto_adns
> -rwxr-xr-x. 1 root root 2567
Sep 24 2012 _plutoload
> -rwxr-xr-x. 1 root root 8474 Sep 24 2012
_plutorun
> -rwxr-xr-x. 1 root root 13671 Sep 24 2012 _realsetup
>
-rwxr-xr-x. 1 root root 1975 Sep 24 2012 _secretcensor
> -rwxr-xr-x. 1
root root 11507 Sep 24 2012 _startklips
> -rwxr-xr-x. 1 root root 6096
Sep 24 2012 _startnetkey
> -rwxr-xr-x. 1 root root 4923 Sep 24 2012
_updown
> -rwxr-xr-x. 1 root root 16227 Sep 24 2012 _updown.klips
>
-rwxr-xr-x. 1 root root 16583 Sep 24 2012 _updown.mast
> -rwxr-xr-x. 1
root root 13745 Sep 24 2012 _updown.netkey
> -rwxr-xr-x. 1 root root
226704 Sep 24 2012 addconn
> -rwxr-xr-x. 1 root root 6015 Sep 24 2012
auto
> -rwxr-xr-x. 1 root root 10978 Sep 24 2012 barf
> -rwxr-xr-x. 1
root root 93840 Sep 24 2012 eroute
> -rwxr-xr-x. 1 root root 26736 Sep
24 2012 ikeping
> -rwxr-xr-x. 1 root root 69552 Sep 24 2012 klipsdebug
> -rwxr-xr-x. 1 root root 2455 Sep 24 2012 look
> -rwxr-xr-x. 1 root
root 2189 Sep 24 2012 newhostkey
> -rwxr-xr-x. 1 root root 64976 Sep 24
2012 pf_key
> -rwxr-xr-x. 1 root root 1093328 Sep 24 2012 pluto
>
-rwxr-xr-x. 1 root root 12349 Sep 24 2012 policy
> -rwxr-xr-x. 1 root
root 10576 Sep 24 2012 ranbits
> -rwxr-xr-x. 1 root root 27376 Sep 24
2012 rsasigkey
> -rwxr-xr-x. 1 root root 704 Sep 24 2012 secrets
>
lrwxrwxrwx. 1 root root 30 May 4 01:15 setup ->
../../../etc/rc.d/init.d/ipsec
> -rwxr-xr-x. 1 root root 1126 Sep 24
2012 showdefaults
> -rwxr-xr-x. 1 root root 267584 Sep 24 2012
showhostkey
> -rwxr-xr-x. 1 root root 26736 Sep 24 2012 showpolicy
>
-rwxr-xr-x. 1 root root 176552 Sep 24 2012 spi
> -rwxr-xr-x. 1 root
root 81504 Sep 24 2012 spigrp
> -rwxr-xr-x. 1 root root 77032 Sep 24
2012 tncfg
> -rwxr-xr-x. 1 root root 14828 Sep 24 2012 verify
>
-rwxr-xr-x. 1 root root 59904 Sep 24 2012 whack
> +
_________________________ /proc/net/dev
> + cat /proc/net/dev
>
Inter-| Receive | Transmit
> face |bytes packets errs drop fifo frame
compressed multicast|bytes packets errs drop fifo colls carrier
compressed
> lo: 40474 252 0 0 0 0 0 0 40474 252 0 0 0 0 0 0
> eth0:
1532197 17970 0 0 0 0 0 41 14568681 48900 0 0 0 0 0 0
> +
_________________________ /proc/net/route
> + cat /proc/net/route
>
Iface Destination Gateway Flags RefCnt Use Metric Mask MTU Window IRTT
> eth0 00DF20B2 00000000 0001 0 0 0 00FFFFFF 0 0 0
> eth0 00000000
FEDF20B2 0003 0 0 0 00000000 0 0 0
> + _________________________
/proc/sys/net/ipv4/ip_no_pmtu_disc
> + cat
/proc/sys/net/ipv4/ip_no_pmtu_disc
> 0
> + _________________________
/proc/sys/net/ipv4/ip_forward
> + cat /proc/sys/net/ipv4/ip_forward
>
1
> + _________________________ /proc/sys/net/ipv4/tcp_ecn
> + cat
/proc/sys/net/ipv4/tcp_ecn
> 2
> + _________________________
/proc/sys/net/ipv4/conf/star-rp_filter
> + cd /proc/sys/net/ipv4/conf
> + egrep '^' all/rp_filter default/rp_filter eth0/rp_filter
lo/rp_filter
> all/rp_filter:0
> default/rp_filter:0
>
eth0/rp_filter:0
> lo/rp_filter:0
> + _________________________
/proc/sys/net/ipv4/conf/star-star-redirects
> + cd
/proc/sys/net/ipv4/conf
> + egrep '^' all/accept_redirects
all/secure_redirects all/send_redirects default/accept_redirects
default/secure_redirects default/send_redirects eth0/accept_redirects
eth0/secure_redirects eth0/send_redirects lo/accept_redirects
lo/secure_redirects lo/send_redirects
> all/accept_redirects:0
>
all/secure_redirects:1
> all/send_redirects:0
>
default/accept_redirects:0
> default/secure_redirects:1
>
default/send_redirects:0
> eth0/accept_redirects:0
>
eth0/secure_redirects:1
> eth0/send_redirects:0
>
lo/accept_redirects:0
> lo/secure_redirects:1
> lo/send_redirects:0
>
+ _________________________ /proc/sys/net/ipv4/tcp_window_scaling
> +
cat /proc/sys/net/ipv4/tcp_window_scaling
> 1
> +
_________________________ /proc/sys/net/ipv4/tcp_adv_win_scale
> + cat
/proc/sys/net/ipv4/tcp_adv_win_scale
> 2
> + _________________________
uname-a
> + uname -a
> Linux ks3307690.kimsufi.com [4]
2.6.32-358.6.1.el6.x86_64 #1 SMP Tue Apr 23 19:29:00 UTC 2013 x86_64
x86_64 x86_64 GNU/Linux
> + _________________________ config-built-with
> + test -r /proc/config_built_with
> + _________________________
distro-release
> + for distro in /etc/redhat-release
/etc/debian-release /etc/SuSE-release /etc/mandrake-release
/etc/mandriva-release /etc/gentoo-release
> + test -f
/etc/redhat-release
> + cat /etc/redhat-release
> CentOS release 6.4
(Final)
> + for distro in /etc/redhat-release /etc/debian-release
/etc/SuSE-release /etc/mandrake-release /etc/mandriva-release
/etc/gentoo-release
> + test -f /etc/debian-release
> + for distro in
/etc/redhat-release /etc/debian-release /etc/SuSE-release
/etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
> +
test -f /etc/SuSE-release
> + for distro in /etc/redhat-release
/etc/debian-release /etc/SuSE-release /etc/mandrake-release
/etc/mandriva-release /etc/gentoo-release
> + test -f
/etc/mandrake-release
> + for distro in /etc/redhat-release
/etc/debian-release /etc/SuSE-release /etc/mandrake-release
/etc/mandriva-release /etc/gentoo-release
> + test -f
/etc/mandriva-release
> + for distro in /etc/redhat-release
/etc/debian-release /etc/SuSE-release /etc/mandrake-release
/etc/mandriva-release /etc/gentoo-release
> + test -f
/etc/gentoo-release
> + _________________________
/proc/net/ipsec_version
> + test -r /proc/net/ipsec_version
> + test
-r /proc/net/pfkey
> ++ uname -r
> + echo 'NETKEY
(2.6.32-358.6.1.el6.x86_64) support detected '
> NETKEY
(2.6.32-358.6.1.el6.x86_64) support detected
> +
_________________________ iptables
> + test -r /sbin/iptables-save
> +
iptables-save
> # Generated by iptables-save v1.4.7 on Sat May 4
02:55:49 2013
> *mangle
> > PREROUTING ACCEPT [4726:242681]
> > INPUT
ACCEPT [4725:242553]
> > FORWARD ACCEPT [0:0]
> > OUTPUT ACCEPT
[12292:3653325]
> > POSTROUTING ACCEPT [12292:3653325]
> COMMIT
> #
Completed on Sat May 4 02:55:49 2013
> # Generated by iptables-save
v1.4.7 on Sat May 4 02:55:49 2013
> *nat
> > PREROUTING ACCEPT
[22:2083]
> > POSTROUTING ACCEPT [14:1473]
> > OUTPUT ACCEPT [221:34157]
> -A POSTROUTING -o eth0 -j MASQUERADE
> COMMIT
> # Completed on Sat
May 4 02:55:49 2013
> + _________________________ iptables-nat
> +
iptables-save -t nat
> # Generated by iptables-save v1.4.7 on Sat May 4
02:55:49 2013
> *nat
> > PREROUTING ACCEPT [22:2083]
> > POSTROUTING
ACCEPT [14:1473]
> > OUTPUT ACCEPT [221:34157]
> -A POSTROUTING -o eth0
-j MASQUERADE
> COMMIT
> # Completed on Sat May 4 02:55:49 2013
> +
_________________________ iptables-mangle
> + iptables-save -t mangle
> # Generated by iptables-save v1.4.7 on Sat May 4 02:55:49 2013
>
*mangle
> > PREROUTING ACCEPT [4726:242681]
> > INPUT ACCEPT
[4725:242553]
> > FORWARD ACCEPT [0:0]
> > OUTPUT ACCEPT [12292:3653325]
> > POSTROUTING ACCEPT [12292:3653325]
> COMMIT
> # Completed on Sat
May 4 02:55:49 2013
> + _________________________ /proc/modules
> +
test -f /proc/modules
> + cat /proc/modules
> ipt_MASQUERADE 2466 1 -
Live 0xffffffffa0331000
> iptable_mangle 3349 0 - Live
0xffffffffa0326000
> iptable_nat 6158 1 - Live 0xffffffffa03df000
>
nf_nat 22759 2 ipt_MASQUERADE,iptable_nat, Live 0xffffffffa03d4000
>
nf_conntrack_ipv4 9506 3 iptable_nat,nf_nat, Live 0xffffffffa03cd000
>
nf_defrag_ipv4 1483 1 nf_conntrack_ipv4, Live 0xffffffffa031e000
>
ip_tables 17831 2 iptable_mangle,iptable_nat, Live 0xffffffffa03c4000
>
bluetooth 99239 0 - Live 0xffffffffa03a0000
> rfkill 19255 1 bluetooth,
Live 0xffffffffa0396000
> ah6 5191 0 - Live 0xffffffffa030a000
> ah4
4320 0 - Live 0xffffffffa0305000
> esp6 4979 0 - Live
0xffffffffa0300000
> esp4 5358 2 - Live 0xffffffffa02f0000
>
xfrm4_mode_beet 2069 0 - Live 0xffffffffa02ec000
> xfrm4_tunnel 1981 0
- Live 0xffffffffa02dc000
> xfrm4_mode_tunnel 2002 4 - Live
0xffffffffa02d6000
> xfrm4_mode_transport 1449 0 - Live
0xffffffffa02d0000
> xfrm6_mode_transport 1545 0 - Live
0xffffffffa02ca000
> xfrm6_mode_ro 1318 0 - Live 0xffffffffa02c4000
>
xfrm6_mode_beet 2020 0 - Live 0xffffffffa02bc000
> xfrm6_mode_tunnel
1906 2 - Live 0xffffffffa02ad000
> ipcomp 2073 0 - Live
0xffffffffa02a3000
> ipcomp6 2138 0 - Live 0xffffffffa015a000
>
xfrm6_tunnel 7969 1 ipcomp6, Live 0xffffffffa0285000
> af_key 29685 0 -
Live 0xffffffffa026c000
> authenc 6651 2 - Live 0xffffffffa0374000
>
deflate 2107 0 - Live 0xffffffffa0370000
> zlib_deflate 21629 1
deflate, Live 0xffffffffa0367000
> ctr 4063 0 - Live 0xffffffffa0363000
> camellia 18334 0 - Live 0xffffffffa035b000
> cast5 15242 0 - Live
0xffffffffa0354000
> rmd160 8154 0 - Live 0xffffffffa034f000
>
crypto_null 2952 0 - Live 0xffffffffa034b000
> ccm 8247 0 - Live
0xffffffffa0345000
> serpent 18455 0 - Live 0xffffffffa033d000
>
blowfish 7884 0 - Live 0xffffffffa0338000
> twofish_x86_64 5297 0 -
Live 0xffffffffa0333000
> twofish_common 14633 1 twofish_x86_64, Live
0xffffffffa032c000
> ecb 2209 0 - Live 0xffffffffa0328000
> xcbc 2849
0 - Live 0xffffffffa0324000
> cbc 3083 2 - Live 0xffffffffa0320000
>
sha256_generic 10361 0 - Live 0xffffffffa031a000
> sha512_generic 4974
0 - Live 0xffffffffa0315000
> des_generic 16604 2 - Live
0xffffffffa030d000
> cryptd 8006 0 - Live 0xffffffffa02fa000
>
aes_x86_64 7961 0 - Live 0xffffffffa02f5000
> aes_generic 27609 1
aes_x86_64, Live 0xffffffffa02e2000
> tunnel4 2943 1 xfrm4_tunnel, Live
0xffffffffa02c2000
> xfrm_ipcomp 4610 2 ipcomp,ipcomp6, Live
0xffffffffa0275000
> tunnel6 2714 1 xfrm6_tunnel, Live
0xffffffffa0042000
> ip6t_REJECT 4628 2 - Live 0xffffffffa02b7000
>
nf_conntrack_ipv6 8748 2 - Live 0xffffffffa02b0000
> nf_defrag_ipv6
11182 1 nf_conntrack_ipv6, Live 0xffffffffa02a9000
> xt_state 1492 2 -
Live 0xffffffffa015e000
> nf_conntrack 79645 6
ipt_MASQUERADE,iptable_nat,nf_nat,nf_conntrack_ipv4,nf_conntrack_ipv6,xt_state,
Live 0xffffffffa0288000
> ip6table_filter 2889 1 - Live
0xffffffffa0055000
> ip6_tables 19458 1 ip6table_filter, Live
0xffffffffa027f000
> ipv6 321454 40
ah6,esp6,xfrm6_mode_beet,xfrm6_mode_tunnel,ipcomp6,xfrm6_tunnel,tunnel6,ip6t_REJECT,nf_conntrack_ipv6,nf_defrag_ipv6,
Live 0xffffffffa021c000
> sg 29350 0 - Live 0xffffffffa0151000
>
serio_raw 4594 0 - Live 0xffffffffa0032000
> i2c_i801 11167 0 - Live
0xffffffffa0019000
> xhci_hcd 142149 0 - Live 0xffffffffa01ef000
>
iTCO_wdt 14990 0 - Live 0xffffffffa00bb000
> iTCO_vendor_support 3088 1
iTCO_wdt, Live 0xffffffffa0037000
> ext3 232456 2 - Live
0xffffffffa01b5000
> jbd 79071 1 ext3, Live 0xffffffffa01a0000
>
mbcache 8193 1 ext3, Live 0xffffffffa004d000
> raid1 31657 2 - Live
0xffffffffa00a4000
> sd_mod 38976 8 - Live 0xffffffffa0099000
>
crc_t10dif 1541 1 sd_mod, Live 0xffffffffa0023000
> ahci 41127 6 - Live
0xffffffffa0145000
> e1000e 253849 0 - Live 0xffffffffa0161000
> wmi
6287 0 - Live 0xffffffffa0016000
> i915 537570 1 - Live
0xffffffffa00c0000
> drm_kms_helper 40087 1 i915, Live
0xffffffffa00b0000
> drm 265638 2 i915,drm_kms_helper, Live
0xffffffffa0057000
> i2c_algo_bit 5935 1 i915, Live 0xffffffffa0052000
> i2c_core 31084 5 i2c_i801,i915,drm_kms_helper,drm,i2c_algo_bit, Live
0xffffffffa0044000
> video 20674 1 i915, Live 0xffffffffa0039000
>
output 2409 1 video, Live 0xffffffffa0035000
> dm_mirror 14133 0 - Live
0xffffffffa002d000
> dm_region_hash 12085 1 dm_mirror, Live
0xffffffffa0026000
> dm_log 9930 2 dm_mirror,dm_region_hash, Live
0xffffffffa001f000
> dm_mod 82839 2 dm_mirror,dm_log, Live
0xffffffffa0000000
> + _________________________ /proc/meminfo
> + cat
/proc/meminfo
> MemTotal: 8089016 kB
> MemFree: 7839892 kB
> Buffers:
8560 kB
> Cached: 61384 kB
> SwapCached: 0 kB
> Active: 61012 kB
>
Inactive: 46064 kB
> Active(anon): 37288 kB
> Inactive(anon): 3540 kB
> Active(file): 23724 kB
> Inactive(file): 42524 kB
> Unevictable: 0
kB
> Mlocked: 0 kB
> SwapTotal: 8386544 kB
> SwapFree: 8386544 kB
>
Dirty: 4 kB
> Writeback: 0 kB
> AnonPages: 37224 kB
> Mapped: 10824
kB
> Shmem: 3688 kB
> Slab: 64536 kB
> SReclaimable: 11388 kB
>
SUnreclaim: 53148 kB
> KernelStack: 1104 kB
> PageTables: 2464 kB
>
NFS_Unstable: 0 kB
> Bounce: 0 kB
> WritebackTmp: 0 kB
> CommitLimit:
12431052 kB
> Committed_AS: 191160 kB
> VmallocTotal: 34359738367 kB
> VmallocUsed: 366072 kB
> VmallocChunk: 34359366644 kB
>
HardwareCorrupted: 0 kB
> AnonHugePages: 16384 kB
> HugePages_Total: 0
> HugePages_Free: 0
> HugePages_Rsvd: 0
> HugePages_Surp: 0
>
Hugepagesize: 2048 kB
> DirectMap4k: 8192 kB
> DirectMap2M: 8288256 kB
> + _________________________ /proc/net/ipsec-ls
> + test -f
/proc/net/ipsec_version
> + _________________________
usr/src/linux/.config
> + test -f /proc/config.gz
> ++ uname -r
> +
test -f /lib/modules/2.6.32-358.6.1.el6.x86_64/build/.config
> + echo
'no .config file found, cannot list kernel properties'
> no .config
file found, cannot list kernel properties
> + _________________________
etc/syslog.conf
> + _________________________
etc/syslog-ng/syslog-ng.conf
> + cat /etc/syslog-ng/syslog-ng.conf
>
cat: /etc/syslog-ng/syslog-ng.conf: No such file or directory
> + cat
/etc/syslog.conf
> cat: /etc/syslog.conf: No such file or directory
>
+ _________________________ etc/resolv.conf
> + cat /etc/resolv.conf
>
nameserver 127.0.0.1
> nameserver 213.186.33.99
> search ovh.net [30]
> + _________________________ lib/modules-ls
> + ls -ltr /lib/modules
> total 8
> drwxr-xr-x. 7 root root 4096 May 4 01:05
2.6.32-358.6.1.el6.x86_64
> + _________________________ fipscheck
> +
cat /proc/sys/crypto/fips_enabled
> 0
> + _________________________
/proc/ksyms-netif_rx
> + test -r /proc/ksyms
> + test -r
/proc/kallsyms
> + egrep netif_rx /proc/kallsyms
> ffffffff8144d2b0 T
netif_rx
> ffffffff8144d520 T netif_rx_ni
> ffffffff814611e0 t
ftrace_raw_output_netif_rx
> ffffffff81461750 t
ftrace_profile_disable_netif_rx
> ffffffff81461770 t
ftrace_raw_unreg_event_netif_rx
> ffffffff81461e10 t
ftrace_profile_enable_netif_rx
> ffffffff81461e30 t
ftrace_raw_reg_event_netif_rx
> ffffffff81462700 t
ftrace_raw_init_event_netif_rx
> ffffffff81462e20 t
ftrace_profile_netif_rx
> ffffffff81463760 t ftrace_raw_event_netif_rx
> ffffffff818162d2 r __tpstrtab_netif_rx
> ffffffff81829720 r
__ksymtab_netif_rx_ni
> ffffffff81829730 r __ksymtab_netif_rx
>
ffffffff818395e8 r __kcrctab_netif_rx_ni
> ffffffff818395f0 r
__kcrctab_netif_rx
> ffffffff81853fb4 r __kstrtab_netif_rx_ni
>
ffffffff81853fc0 r __kstrtab_netif_rx
> ffffffff81b186a0 d
ftrace_event_type_netif_rx
> ffffffff81bcddc0 D __tracepoint_netif_rx
> ffffffff81bf8250 d event_netif_rx
> + _________________________
lib/modules-netif_rx
> + modulegoo kernel/net/ipv4/ipip.o netif_rx
> +
set +x
> 2.6.32-358.6.1.el6.x86_64:
> + _________________________
kern.debug
> + test -f /var/log/kern.debug
> +
_________________________ klog
> + sed -n '1542,$p' /var/log/messages
> + egrep -i 'ipsec|klips|pluto'
> + case "$1" in
> + cat
> May 4
02:09:47 ks3307690 ipsec_setup: Starting Openswan IPsec
U2.6.32/K2.6.32-358.6.1.el6.x86_64...
> May 4 02:09:47 ks3307690
ipsec_setup: Using NETKEY(XFRM) stack
> May 4 02:09:47 ks3307690
ipsec_setup: /usr/libexec/ipsec/addconn Non-fips mode set in
/proc/sys/crypto/fips_enabled
> May 4 02:09:47 ks3307690 ipsec_setup:
...Openswan IPsec started
> May 4 02:09:47 ks3307690 ipsec__plutorun:
/usr/libexec/ipsec/addconn Non-fips mode set in
/proc/sys/crypto/fips_enabled
> May 4 02:09:47 ks3307690
ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
> May 4 02:09:47
ks3307690 pluto: adjusting ipsec.d to /etc/ipsec.d
> May 4 02:09:47
ks3307690 ipsec__plutorun: /usr/libexec/ipsec/addconn Non-fips mode set
in /proc/sys/crypto/fips_enabled
> May 4 02:09:47 ks3307690
ipsec__plutorun: /usr/libexec/ipsec/addconn Non-fips mode set in
/proc/sys/crypto/fips_enabled
> May 4 02:09:47 ks3307690
ipsec__plutorun: 002 added connection description "mikrotik"
> May 4
02:09:47 ks3307690 ipsec__plutorun: 003 no secrets filename matched
"/etc/ipsec.d/*.secrets"
> May 4 02:09:47 ks3307690 ipsec__plutorun:
104 "mikrotik" #1: STATE_MAIN_I1: initiate
> +
_________________________ plog
> + sed -n '889,$p' /var/log/secure
> +
egrep -i pluto
> + case "$1" in
> + cat
> May 4 02:09:47 ks3307690
ipsec__plutorun: Starting Pluto subsystem...
> May 4 02:09:47 ks3307690
pluto[4903]: nss directory plutomain: /etc/ipsec.d
> May 4 02:09:47
ks3307690 pluto[4903]: NSS Initialized
> May 4 02:09:47 ks3307690
pluto[4903]: Non-fips mode set in /proc/sys/crypto/fips_enabled
> May 4
02:09:47 ks3307690 pluto[4903]: Starting Pluto (Openswan Version 2.6.32;
Vendor ID OEhyLdACecfa) pid:4903
> May 4 02:09:47 ks3307690
pluto[4903]: Non-fips mode set in /proc/sys/crypto/fips_enabled
> May 4
02:09:47 ks3307690 pluto[4903]: LEAK_DETECTIVE support [disabled]
> May
4 02:09:47 ks3307690 pluto[4903]: OCF support for IKE [disabled]
> May
4 02:09:47 ks3307690 pluto[4903]: SAref support [disabled]: Protocol not
available
> May 4 02:09:47 ks3307690 pluto[4903]: SAbind support
[disabled]: Protocol not available
> May 4 02:09:47 ks3307690
pluto[4903]: NSS support [enabled]
> May 4 02:09:47 ks3307690
pluto[4903]: HAVE_STATSD notification support not compiled in
> May 4
02:09:47 ks3307690 pluto[4903]: Setting NAT-Traversal port-4500 floating
to on
> May 4 02:09:47 ks3307690 pluto[4903]: port floating activation
criteria nat_t=1/port_float=1
> May 4 02:09:47 ks3307690 pluto[4903]:
NAT-Traversal support [enabled]
> May 4 02:09:47 ks3307690 pluto[4903]:
1 bad entries in virtual_private - none loaded
> May 4 02:09:47
ks3307690 pluto[4903]: ike_alg_register_enc(): Activating
OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
> May 4 02:09:47 ks3307690
pluto[4903]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok
(ret=0)
> May 4 02:09:47 ks3307690 pluto[4903]: ike_alg_register_enc():
Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
> May 4 02:09:47 ks3307690
pluto[4903]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok
(ret=0)
> May 4 02:09:47 ks3307690 pluto[4903]: ike_alg_register_enc():
Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
> May 4 02:09:47 ks3307690
pluto[4903]: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok
(ret=0)
> May 4 02:09:47 ks3307690 pluto[4903]:
ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
> May 4
02:09:47 ks3307690 pluto[4903]: starting up 3 cryptographic helpers
>
May 4 02:09:47 ks3307690 pluto[4903]: started helper (thread)
pid0013406775040 (fd:10)
> May 4 02:09:47 ks3307690 pluto[4903]:
started helper (thread) pid0013396285184 (fd:12)
> May 4 02:09:47
ks3307690 pluto[4903]: started helper (thread) pid0013316601600
(fd:14)
> May 4 02:09:47 ks3307690 pluto[4903]: Using Linux 2.6 IPsec
interface code on 2.6.32-358.6.1.el6.x86_64 (experimental code)
> May 4
02:09:47 ks3307690 pluto[4903]: ike_alg_register_enc(): Activating
aes_ccm_8: Ok (ret=0)
> May 4 02:09:47 ks3307690 pluto[4903]:
ike_alg_add(): ERROR: Algorithm already exists
> May 4 02:09:47
ks3307690 pluto[4903]: ike_alg_register_enc(): Activating aes_ccm_12:
FAILED (ret=-17)
> May 4 02:09:47 ks3307690 pluto[4903]: ike_alg_add():
ERROR: Algorithm already exists
> May 4 02:09:47 ks3307690 pluto[4903]:
ike_alg_register_enc(): Activating aes_ccm_16: FAILED (ret=-17)
> May 4
02:09:47 ks3307690 pluto[4903]: ike_alg_add(): ERROR: Algorithm already
exists
> May 4 02:09:47 ks3307690 pluto[4903]: ike_alg_register_enc():
Activating aes_gcm_8: FAILED (ret=-17)
> May 4 02:09:47 ks3307690
pluto[4903]: ike_alg_add(): ERROR: Algorithm already exists
> May 4
02:09:47 ks3307690 pluto[4903]: ike_alg_register_enc(): Activating
aes_gcm_12: FAILED (ret=-17)
> May 4 02:09:47 ks3307690 pluto[4903]:
ike_alg_add(): ERROR: Algorithm already exists
> May 4 02:09:47
ks3307690 pluto[4903]: ike_alg_register_enc(): Activating aes_gcm_16:
FAILED (ret=-17)
> May 4 02:09:47 ks3307690 pluto[4903]: Could not
change to directory '/etc/ipsec.d/cacerts': /
> May 4 02:09:47
ks3307690 pluto[4903]: Could not change to directory
'/etc/ipsec.d/aacerts': /
> May 4 02:09:47 ks3307690 pluto[4903]: Could
not change to directory '/etc/ipsec.d/ocspcerts': /
> May 4 02:09:47
ks3307690 pluto[4903]: Could not change to directory '/etc/ipsec.d/crls'
> May 4 02:09:47 ks3307690 pluto[4903]: | selinux support is enabled.
> May 4 02:09:47 ks3307690 pluto[4903]: added connection description
"mikrotik"
> May 4 02:09:47 ks3307690 pluto[4903]: listening for IKE
messages
> May 4 02:09:47 ks3307690 pluto[4903]: adding interface
eth0/eth0 179.34.222.31:500 [31]
> May 4 02:09:47 ks3307690
pluto[4903]: adding interface eth0/eth0 179.34.222.31:4500 [32]
> May 4
02:09:47 ks3307690 pluto[4903]: adding interface lo/lo 127.0.0.1:500
[33]
> May 4 02:09:47 ks3307690 pluto[4903]: adding interface lo/lo
127.0.0.1:4500 [34]
> May 4 02:09:47 ks3307690 pluto[4903]: adding
interface lo/lo ::1:500
> May 4 02:09:47 ks3307690 pluto[4903]: adding
interface eth0/eth0 2001:41d0:8:e242::1:500
> May 4 02:09:47 ks3307690
pluto[4903]: loading secrets from "/etc/ipsec.secrets"
> May 4 02:09:47
ks3307690 pluto[4903]: no secrets filename matched
"/etc/ipsec.d/*.secrets"
> May 4 02:09:47 ks3307690 pluto[4903]:
"mikrotik" #1: initiating Main Mode
> May 4 02:09:47 ks3307690
pluto[4903]: "mikrotik" #1: received Vendor ID payload [Dead Peer
Detection]
> May 4 02:09:47 ks3307690 pluto[4903]: "mikrotik" #1:
transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
> May 4
02:09:47 ks3307690 pluto[4903]: "mikrotik" #1: STATE_MAIN_I2: sent MI2,
expecting MR2
> May 4 02:09:48 ks3307690 pluto[4903]: "mikrotik" #1:
transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
> May 4
02:09:48 ks3307690 pluto[4903]: "mikrotik" #1: STATE_MAIN_I3: sent MI3,
expecting MR3
> May 4 02:09:48 ks3307690 pluto[4903]: "mikrotik" #1:
next payload type of ISAKMP Hash Payload has an unknown value: 184
>
May 4 02:09:48 ks3307690 pluto[4903]: "mikrotik" #1: malformed payload
in packet
> May 4 02:09:48 ks3307690 pluto[4903]: | payload malformed
after IV
> May 4 02:09:48 ks3307690 pluto[4903]: | d5 e9 80 46 c0 88 41
e9
> May 4 02:09:48 ks3307690 pluto[4903]: "mikrotik" #1: sending
notification PAYLOAD_MALFORMED to 82.198.121.45:500 [35]
> May 4
02:09:48 ks3307690 pluto[4903]: "mikrotik" #1: byte 2 of ISAKMP Hash
Payload must be zero, but is not
> May 4 02:09:48 ks3307690
pluto[4903]: "mikrotik" #1: malformed payload in packet
> May 4
02:09:48 ks3307690 pluto[4903]: "mikrotik" #1: Main mode peer ID is
ID_IPV4_ADDR: '82.198.121.45'
> May 4 02:09:48 ks3307690 pluto[4903]:
"mikrotik" #1: transition from state STATE_MAIN_I3 to state
STATE_MAIN_I4
> May 4 02:09:48 ks3307690 pluto[4903]: "mikrotik" #1:
STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY
cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
> May 4
02:09:48 ks3307690 pluto[4903]: "mikrotik" #2: initiating Quick Mode
PSK+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW+SAREFTRACK {using isakmp#1
msgid:121009cf proposalfaults pfsgroup=OAKLEY_GROUP_MODP1024}
> May
4 02:09:48 ks3307690 pluto[4903]: "mikrotik" #2: transition from state
STATE_QUICK_I1 to state STATE_QUICK_I2
> May 4 02:09:48 ks3307690
pluto[4903]: "mikrotik" #2: STATE_QUICK_I2: sent QI2, IPsec SA
established tunnel mode {ESP=>0x08ab66a0 <0xc0d22436
xfrm=ES_0-HMAC_SHA1 NATOA=none NATD=none DPD=none}
> May 4 02:10:08
ks3307690 pluto[4903]: "mikrotik" #3: initiating Quick Mode
PSK+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW+SAREFTRACK {using isakmp#1
msgid:8eb8d24a proposalfaults pfsgroup=OAKLEY_GROUP_MODP1024}
> May
4 02:10:08 ks3307690 pluto[4903]: "mikrotik" #3: transition from state
STATE_QUICK_I1 to state STATE_QUICK_I2
> May 4 02:10:08 ks3307690
pluto[4903]: "mikrotik" #3: STATE_QUICK_I2: sent QI2, IPsec SA
established tunnel mode {ESP=>0x03d0e567 <0x8b2ece14
xfrm=ES_0-HMAC_SHA1 NATOA=none NATD=none DPD=none}
> May 4 02:48:10
ks3307690 pluto[4903]: "mikrotik": terminating SAs using this connection
> May 4 02:48:10 ks3307690 pluto[4903]: "mikrotik" #3: deleting state
(STATE_QUICK_I2)
> May 4 02:48:10 ks3307690 pluto[4903]: "mikrotik" #2:
deleting state (STATE_QUICK_I2)
> May 4 02:48:10 ks3307690 pluto[4903]:
"mikrotik" #1: deleting state (STATE_MAIN_I4)
> May 4 02:48:18
ks3307690 pluto[4903]: "mikrotik" #4: initiating Main Mode
> May 4
02:48:18 ks3307690 pluto[4903]: "mikrotik" #4: received Vendor ID
payload [Dead Peer Detection]
> May 4 02:48:18 ks3307690 pluto[4903]:
"mikrotik" #4: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2
> May 4 02:48:18 ks3307690 pluto[4903]: "mikrotik" #4:
STATE_MAIN_I2: sent MI2, expecting MR2
> May 4 02:48:18 ks3307690
pluto[4903]: "mikrotik" #4: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3
> May 4 02:48:18 ks3307690 pluto[4903]: "mikrotik" #4:
STATE_MAIN_I3: sent MI3, expecting MR3
> May 4 02:48:19 ks3307690
pluto[4903]: "mikrotik" #4: Main mode peer ID is ID_IPV4_ADDR:
'82.198.121.45'
> May 4 02:48:19 ks3307690 pluto[4903]: "mikrotik" #4:
transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
> May 4
02:48:19 ks3307690 pluto[4903]: "mikrotik" #4: STATE_MAIN_I4: ISAKMP SA
established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192
prf=oakley_sha group=modp1024}
> May 4 02:48:19 ks3307690 pluto[4903]:
"mikrotik" #5: initiating Quick Mode
PSK+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW+SAREFTRACK {using isakmp#4
msgid:3eac258b proposalfaults pfsgroup=OAKLEY_GROUP_MODP1024}
> May
4 02:48:19 ks3307690 pluto[4903]: "mikrotik" #5: transition from state
STATE_QUICK_I1 to state STATE_QUICK_I2
> May 4 02:48:19 ks3307690
pluto[4903]: "mikrotik" #5: STATE_QUICK_I2: sent QI2, IPsec SA
established tunnel mode {ESP=>0x06fb8921 <0x112666f8
xfrm=ES_0-HMAC_SHA1 NATOA=none NATD=none DPD=none}
> May 4 02:50:11
ks3307690 pluto[4903]: "mikrotik": deleting connection
> May 4 02:50:11
ks3307690 pluto[4903]: "mikrotik" #5: deleting state (STATE_QUICK_I2)
>
May 4 02:50:11 ks3307690 pluto[4903]: "mikrotik" #4: deleting state
(STATE_MAIN_I4)
> May 4 02:50:11 ks3307690 pluto[4903]: added
connection description "mikrotik"
> May 4 02:50:19 ks3307690
pluto[4903]: "mikrotik" #6: initiating Main Mode
> May 4 02:50:20
ks3307690 pluto[4903]: "mikrotik" #6: received Vendor ID payload [Dead
Peer Detection]
> May 4 02:50:20 ks3307690 pluto[4903]: "mikrotik" #6:
transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
> May 4
02:50:20 ks3307690 pluto[4903]: "mikrotik" #6: STATE_MAIN_I2: sent MI2,
expecting MR2
> May 4 02:50:20 ks3307690 pluto[4903]: "mikrotik" #6:
transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
> May 4
02:50:20 ks3307690 pluto[4903]: "mikrotik" #6: STATE_MAIN_I3: sent MI3,
expecting MR3
> May 4 02:50:20 ks3307690 pluto[4903]: "mikrotik" #6:
Main mode peer ID is ID_IPV4_ADDR: '82.198.121.45'
> May 4 02:50:20
ks3307690 pluto[4903]: "mikrotik" #6: transition from state
STATE_MAIN_I3 to state STATE_MAIN_I4
> May 4 02:50:20 ks3307690
pluto[4903]: "mikrotik" #6: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha
group=modp1024}
> May 4 02:50:20 ks3307690 pluto[4903]: "mikrotik" #7:
initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW+SAREFTRACK
{using isakmp#6 msgid:aae4f37f proposalfaults
pfsgroup=OAKLEY_GROUP_MODP1024}
> May 4 02:50:20 ks3307690 pluto[4903]:
"mikrotik" #7: transition from state STATE_QUICK_I1 to state
STATE_QUICK_I2
> May 4 02:50:20 ks3307690 pluto[4903]: "mikrotik" #7:
STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode
{ESP=>0x01eea26a <0x743427d2 xfrm=ES_0-HMAC_SHA1 NATOA=none NATD=none
DPD=none}
> + _________________________ date
> + date
> Sat May 4
02:55:49 CEST 2013
>
> Is it possible to solve this problem?
> Thanks
in advance.
>
> _______________________________________________
>
Users@lists.openswan.org
>
https://lists.openswan.org/mailman/listinfo/users [1]
> Micropayments:
https://flattr.com/thing/38387/IPsec-for-Linux-made-easy [2]
> Building
and Integrating Virtual Private Networks with Openswan:
>
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n(3155
[3]
Links:
------
[1]
https://lists.openswan.org/mailman/listinfo/users
[2]
https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
[3]
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n(3155
[4]
http://ks3307690.kimsufi.com/
[5] http://192.168.1.0/24
[6]
http://192.168.0.0/24
[7] http://0.0.0.0/0
[8]
http://192.168.1.0/24==9.34.222.31
[9] http://127.0.0.1/8
[10]
http://179.34.222.31/24
[11] http://178.32.223.0/24
[12]
http://82.198.121.45/
[13] http://block.in/
[14]
http://192.58.128.30/32
[15] http://198.41.0.4/32
[16]
http://192.228.79.201/32
[17] http://192.33.4.12/32
[18]
http://128.8.10.90/32
[19] http://192.203.230.10/32
[20]
http://192.5.5.241/32
[21] http://192.112.36.4/32
[22]
http://128.63.2.53/32
[23] http://192.36.148.17/32
[24]
http://193.0.14.129/32
[25] http://199.7.83.42/32
[26]
http://202.12.27.33/32
[27] http://clear-or-private.in/
[28]
http://private.in/
[29] http://private-or-clear.in/
[30]
http://ovh.net/
[31] http://179.34.222.31:500/
[32]
http://179.34.222.31:4500/
[33] http://127.0.0.1:500/
[34]
http://127.0.0.1:4500/
[35] http://82.198.121.45:500/
[Attachment #3 (unknown)]
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN">
<html><body style='font-family: Arial,Helvetica,sans-serif'>
<p>Add left/rightsourceip to your conns</p>
<p> </p>
<p>Nick</p>
<p>On 2013-05-07 02:34, Patrick Naubert wrote:</p>
<blockquote type="cite" style="padding-left:5px; border-left:#1010ff 2px solid; \
margin-left:5px; width:100%"><!-- html ignored --><!-- head ignored --><!-- meta \
ignored -->Rescued from the Spam bucket. Please remember to subscribe to the \
mailing list before posting to it.<br /> <div><br />
<div>Begin forwarded message:</div>
<br class="Apple-interchange-newline" />
<div>
<div style="margin: 0px;"><span style="color: #7f7f7f;"><strong>From: \
</strong></span>"<a href="mailto:serzer@gmail.com">serzer@gmail.com</a>" <<a \
href="mailto:serzer@gmail.com">serzer@gmail.com</a>></div> <div style="margin: \
0px;"><span style="font-size: medium; color: rgba;"><strong>Subject: \
</strong></span><span style="font-size: medium;"><strong>SA Established, no \
ping</strong><br /></span></div> <div style="margin: 0px;"><span style="font-size: \
medium; color: rgba;"><strong>Date: </strong></span><span style="font-size: \
medium;">3 May, 2013 8:59:36 PM EDT<br /></span></div> <div style="margin: \
0px;"><span style="font-size: medium; color: rgba;"><strong>To: </strong></span><span \
style="font-size: medium;"><a \
href="mailto:users@lists.openswan.org">users@lists.openswan.org</a><br \
/></span></div> <br /><br />
<div dir="ltr">Hello, I am trying to establish connection between my mikrotik router \
and CentOS 6.4 server<br clear="all" /> <div> </div>
<div>Looks like ipsec tunnel is establishing, but i am not able to ping my \
router:</div> <div> </div>
<div>
<div>[root@ks3307690 ~]# ping 192.168.0.1</div>
<div>PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data.</div>
<div>^C</div>
<div>--- 192.168.0.1 ping statistics ---</div>
<div>3 packets transmitted, 0 received, 100% packet loss, time 2285ms</div>
<div> </div>
<div>
<div>[root@ks3307690 ~]# traceroute 192.168.0.1</div>
<div>traceroute to 192.168.0.1 (192.168.0.1), 30 hops max, 60 byte packets</div>
<div> 1 178.32.223.253 (178.32.223.253) 0.842 ms^C</div>
<div> </div>
<div>here is the barf log:</div>
<div>
<div>[root@ks3307690 ~]# ipsec barf</div>
<div><a href="http://ks3307690.kimsufi.com/">ks3307690.kimsufi.com</a></div>
<div>Sat May 4 02:55:49 CEST 2013</div>
<div>+ _________________________ version</div>
<div>+ ipsec --version</div>
<div>Linux Openswan U2.6.32/K2.6.32-358.6.1.el6.x86_64 (netkey)</div>
<div>See `ipsec --copyright' for copyright information.</div>
<div>+ _________________________ /proc/version</div>
<div>+ cat /proc/version</div>
<div>Linux version 2.6.32-358.6.1.el6.x86_64 (<a \
href="mailto:mockbuild@c6b9.bsys.dev.centos.org">mockbuild@c6b9.bsys.dev.centos.org</a>) \
(gcc version 4.4.7 20120313 (Red Hat 4.4.7-3) (GCC) ) #1 SMP Tue Apr 23 19:29:00 UTC \
2013</div> <div>+ _________________________ /proc/net/ipsec_eroute</div>
<div>+ test -r /proc/net/ipsec_eroute</div>
<div>+ _________________________ netstat-rn</div>
<div>+ netstat -nr</div>
<div>+ head -n 100</div>
<div>Kernel IP routing table</div>
<div>Destination Gateway Genmask \
Flags MSS Window irtt Iface</div> <div>178.32.223.0 \
0.0.0.0 255.255.255.0 U \
0 0 0 eth0</div> <div>0.0.0.0 \
178.32.223.254 0.0.0.0 UG \
0 0 0 eth0</div> <div>+ \
_________________________ /proc/net/ipsec_spi</div> <div>+ test -r \
/proc/net/ipsec_spi</div> <div>+ _________________________ \
/proc/net/ipsec_spigrp</div> <div>+ test -r /proc/net/ipsec_spigrp</div>
<div>+ _________________________ /proc/net/ipsec_tncfg</div>
<div>+ test -r /proc/net/ipsec_tncfg</div>
<div>+ _________________________ /proc/net/pfkey</div>
<div>+ test -r /proc/net/pfkey</div>
<div>+ cat /proc/net/pfkey</div>
<div>sk RefCnt Rmem Wmem User Inode</div>
<div>+ _________________________ ip-xfrm-state</div>
<div>+ ip xfrm state</div>
<div>src 82.198.121.45 dst 179.34.222.31</div>
<div> proto esp spi 0x743427d2 reqid 16389 mode \
tunnel</div> <div> replay-window 32 flag 20</div>
<div> auth hmac(sha1) \
0x0ec98333b7b35011dd556775706927fb24bc91b4</div> <div> enc \
cbc(des3_ede) 0x5acc8c5560d040f567ead8e79977da51e0c50db968e4aa15</div> <div>src \
179.34.222.31 dst 82.198.121.45</div> <div> proto esp spi \
0x01eea26a reqid 16389 mode tunnel</div> <div> \
replay-window 32 flag 20</div> <div> auth hmac(sha1) \
0x2564bcea5b8774578011ab4ab09bd9323f436f16</div> <div> enc \
cbc(des3_ede) 0x059e52c2b2dd0dbca0342ff5be47c5a908f1be5bb4de6447</div> <div>+ \
_________________________ ip-xfrm-policy</div> <div>+ ip xfrm policy</div>
<div>src <a href="http://192.168.1.0/24">192.168.1.0/24</a> dst <a \
href="http://192.168.0.0/24">192.168.0.0/24</a></div> <div> \
dir out priority 2344 ptype main</div> <div> tmpl \
src 179.34.222.31 dst 82.198.121.45</div> <div> \
proto esp reqid 16389 mode tunnel</div> <div>src <a \
href="http://192.168.0.0/24">192.168.0.0/24</a> dst <a \
href="http://192.168.1.0/24">192.168.1.0/24</a></div> <div> \
dir fwd priority 2344 ptype main</div> <div> tmpl \
src 82.198.121.45 dst 179.34.222.31</div> <div> \
proto esp reqid 16389 mode tunnel</div> <div>src <a \
href="http://192.168.0.0/24">192.168.0.0/24</a> dst <a \
href="http://192.168.1.0/24">192.168.1.0/24</a></div> <div> \
dir in priority 2344 ptype main</div> <div> tmpl \
src 82.198.121.45 dst 179.34.222.31</div> <div> \
proto esp reqid 16389 mode tunnel</div> <div>src ::/0 dst \
::/0</div> <div> dir 4 priority 0 ptype main</div>
<div>src ::/0 dst ::/0</div>
<div> dir 3 priority 0 ptype main</div>
<div>src ::/0 dst ::/0</div>
<div> dir 4 priority 0 ptype main</div>
<div>src ::/0 dst ::/0</div>
<div> dir 3 priority 0 ptype main</div>
<div>src <a href="http://0.0.0.0/0">0.0.0.0/0</a> dst <a \
href="http://0.0.0.0/0">0.0.0.0/0</a></div> <div> dir 4 \
priority 0 ptype main</div> <div>src <a href="http://0.0.0.0/0">0.0.0.0/0</a> dst <a \
href="http://0.0.0.0/0">0.0.0.0/0</a></div> <div> dir 3 \
priority 0 ptype main</div> <div>src <a href="http://0.0.0.0/0">0.0.0.0/0</a> dst <a \
href="http://0.0.0.0/0">0.0.0.0/0</a></div> <div> dir 4 \
priority 0 ptype main</div> <div>src <a href="http://0.0.0.0/0">0.0.0.0/0</a> dst <a \
href="http://0.0.0.0/0">0.0.0.0/0</a></div> <div> dir 3 \
priority 0 ptype main</div> <div>src <a href="http://0.0.0.0/0">0.0.0.0/0</a> dst <a \
href="http://0.0.0.0/0">0.0.0.0/0</a></div> <div> dir 4 \
priority 0 ptype main</div> <div>src <a href="http://0.0.0.0/0">0.0.0.0/0</a> dst <a \
href="http://0.0.0.0/0">0.0.0.0/0</a></div> <div> dir 3 \
priority 0 ptype main</div> <div>src <a href="http://0.0.0.0/0">0.0.0.0/0</a> dst <a \
href="http://0.0.0.0/0">0.0.0.0/0</a></div> <div> dir 4 \
priority 0 ptype main</div> <div>src <a href="http://0.0.0.0/0">0.0.0.0/0</a> dst <a \
href="http://0.0.0.0/0">0.0.0.0/0</a></div> <div> dir 3 \
priority 0 ptype main</div> <div>+ _________________________ /proc/crypto</div>
<div>+ test -r /proc/crypto</div>
<div>+ cat /proc/crypto</div>
<div>name : authenc(hmac(sha1),cbc(des3_ede))</div>
<div>driver : \
authenc(hmac(sha1-generic),cbc(des3_ede-generic))</div> <div>module \
: authenc</div> <div>priority : 0</div>
<div>refcnt : 3</div>
<div>selftest : passed</div>
<div>type : aead</div>
<div>async : no</div>
<div>blocksize : 8</div>
<div>ivsize : 8</div>
<div>maxauthsize : 20</div>
<div>geniv : <built-in></div>
<div> </div>
<div>name : cbc(des3_ede)</div>
<div>driver : cbc(des3_ede-generic)</div>
<div>module : kernel</div>
<div>priority : 0</div>
<div>refcnt : 3</div>
<div>selftest : passed</div>
<div>type : givcipher</div>
<div>async : no</div>
<div>blocksize : 8</div>
<div>min keysize : 24</div>
<div>max keysize : 24</div>
<div>ivsize : 8</div>
<div>geniv : eseqiv</div>
<div> </div>
<div>name : deflate</div>
<div>driver : deflate-generic</div>
<div>module : deflate</div>
<div>priority : 0</div>
<div>refcnt : 1</div>
<div>selftest : passed</div>
<div>type : compression</div>
<div> </div>
<div>name : rfc3686(ctr(aes))</div>
<div>driver : rfc3686(ctr(aes-asm))</div>
<div>module : ctr</div>
<div>priority : 200</div>
<div>refcnt : 1</div>
<div>selftest : passed</div>
<div>type : blkcipher</div>
<div>blocksize : 1</div>
<div>min keysize : 20</div>
<div>max keysize : 36</div>
<div>ivsize : 8</div>
<div>geniv : seqiv</div>
<div> </div>
<div>name : ctr(aes)</div>
<div>driver : ctr(aes-asm)</div>
<div>module : ctr</div>
<div>priority : 200</div>
<div>refcnt : 1</div>
<div>selftest : passed</div>
<div>type : blkcipher</div>
<div>blocksize : 1</div>
<div>min keysize : 16</div>
<div>max keysize : 32</div>
<div>ivsize : 16</div>
<div>geniv : chainiv</div>
<div> </div>
<div>name : cbc(twofish)</div>
<div>driver : cbc(twofish-asm)</div>
<div>module : cbc</div>
<div>priority : 200</div>
<div>refcnt : 1</div>
<div>selftest : passed</div>
<div>type : blkcipher</div>
<div>blocksize : 16</div>
<div>min keysize : 16</div>
<div>max keysize : 32</div>
<div>ivsize : 16</div>
<div>geniv : <default></div>
<div> </div>
<div>name : cbc(camellia)</div>
<div>driver : cbc(camellia-generic)</div>
<div>module : cbc</div>
<div>priority : 100</div>
<div>refcnt : 1</div>
<div>selftest : passed</div>
<div>type : blkcipher</div>
<div>blocksize : 16</div>
<div>min keysize : 16</div>
<div>max keysize : 32</div>
<div>ivsize : 16</div>
<div>geniv : <default></div>
<div> </div>
<div>name : camellia</div>
<div>driver : camellia-generic</div>
<div>module : camellia</div>
<div>priority : 100</div>
<div>refcnt : 1</div>
<div>selftest : passed</div>
<div>type : cipher</div>
<div>blocksize : 16</div>
<div>min keysize : 16</div>
<div>max keysize : 32</div>
<div> </div>
<div>name : cbc(serpent)</div>
<div>driver : cbc(serpent-generic)</div>
<div>module : cbc</div>
<div>priority : 0</div>
<div>refcnt : 1</div>
<div>selftest : passed</div>
<div>type : blkcipher</div>
<div>blocksize : 16</div>
<div>min keysize : 0</div>
<div>max keysize : 32</div>
<div>ivsize : 16</div>
<div>geniv : <default></div>
<div> </div>
<div>name : cbc(aes)</div>
<div>driver : cbc(aes-asm)</div>
<div>module : cbc</div>
<div>priority : 200</div>
<div>refcnt : 1</div>
<div>selftest : passed</div>
<div>type : blkcipher</div>
<div>blocksize : 16</div>
<div>min keysize : 16</div>
<div>max keysize : 32</div>
<div>ivsize : 16</div>
<div>geniv : <default></div>
<div> </div>
<div>name : cbc(blowfish)</div>
<div>driver : cbc(blowfish-generic)</div>
<div>module : cbc</div>
<div>priority : 0</div>
<div>refcnt : 1</div>
<div>selftest : passed</div>
<div>type : blkcipher</div>
<div>blocksize : 8</div>
<div>min keysize : 4</div>
<div>max keysize : 56</div>
<div>ivsize : 8</div>
<div>geniv : <default></div>
<div> </div>
<div>name : cbc(cast5)</div>
<div>driver : cbc(cast5-generic)</div>
<div>module : cbc</div>
<div>priority : 0</div>
<div>refcnt : 1</div>
<div>selftest : passed</div>
<div>type : blkcipher</div>
<div>blocksize : 8</div>
<div>min keysize : 5</div>
<div>max keysize : 16</div>
<div>ivsize : 8</div>
<div>geniv : <default></div>
<div> </div>
<div>name : cast5</div>
<div>driver : cast5-generic</div>
<div>module : cast5</div>
<div>priority : 0</div>
<div>refcnt : 1</div>
<div>selftest : passed</div>
<div>type : cipher</div>
<div>blocksize : 8</div>
<div>min keysize : 5</div>
<div>max keysize : 16</div>
<div> </div>
<div>name : cbc(des3_ede)</div>
<div>driver : cbc(des3_ede-generic)</div>
<div>module : cbc</div>
<div>priority : 0</div>
<div>refcnt : 3</div>
<div>selftest : passed</div>
<div>type : blkcipher</div>
<div>blocksize : 8</div>
<div>min keysize : 24</div>
<div>max keysize : 24</div>
<div>ivsize : 8</div>
<div>geniv : <default></div>
<div> </div>
<div>name : cbc(des)</div>
<div>driver : cbc(des-generic)</div>
<div>module : cbc</div>
<div>priority : 0</div>
<div>refcnt : 1</div>
<div>selftest : passed</div>
<div>type : blkcipher</div>
<div>blocksize : 8</div>
<div>min keysize : 8</div>
<div>max keysize : 8</div>
<div>ivsize : 8</div>
<div>geniv : <default></div>
<div> </div>
<div>name : xcbc(aes)</div>
<div>driver : xcbc(aes-asm)</div>
<div>module : xcbc</div>
<div>priority : 200</div>
<div>refcnt : 1</div>
<div>selftest : passed</div>
<div>type : shash</div>
<div>blocksize : 16</div>
<div>digestsize : 16</div>
<div> </div>
<div>name : hmac(rmd160)</div>
<div>driver : hmac(rmd160-generic)</div>
<div>module : kernel</div>
<div>priority : 0</div>
<div>refcnt : 1</div>
<div>selftest : passed</div>
<div>type : shash</div>
<div>blocksize : 64</div>
<div>digestsize : 20</div>
<div> </div>
<div>name : rmd160</div>
<div>driver : rmd160-generic</div>
<div>module : rmd160</div>
<div>priority : 0</div>
<div>refcnt : 1</div>
<div>selftest : passed</div>
<div>type : shash</div>
<div>blocksize : 64</div>
<div>digestsize : 20</div>
<div> </div>
<div>name : hmac(sha512)</div>
<div>driver : hmac(sha512-generic)</div>
<div>module : kernel</div>
<div>priority : 0</div>
<div>refcnt : 1</div>
<div>selftest : passed</div>
<div>type : shash</div>
<div>blocksize : 128</div>
<div>digestsize : 64</div>
<div> </div>
<div>name : hmac(sha384)</div>
<div>driver : hmac(sha384-generic)</div>
<div>module : kernel</div>
<div>priority : 0</div>
<div>refcnt : 1</div>
<div>selftest : passed</div>
<div>type : shash</div>
<div>blocksize : 128</div>
<div>digestsize : 48</div>
<div> </div>
<div>name : hmac(sha256)</div>
<div>driver : hmac(sha256-generic)</div>
<div>module : kernel</div>
<div>priority : 0</div>
<div>refcnt : 1</div>
<div>selftest : passed</div>
<div>type : shash</div>
<div>blocksize : 64</div>
<div>digestsize : 32</div>
<div> </div>
<div>name : hmac(sha1)</div>
<div>driver : hmac(sha1-generic)</div>
<div>module : kernel</div>
<div>priority : 0</div>
<div>refcnt : 5</div>
<div>selftest : passed</div>
<div>type : shash</div>
<div>blocksize : 64</div>
<div>digestsize : 20</div>
<div> </div>
<div>name : hmac(md5)</div>
<div>driver : hmac(md5-generic)</div>
<div>module : kernel</div>
<div>priority : 0</div>
<div>refcnt : 1</div>
<div>selftest : passed</div>
<div>type : shash</div>
<div>blocksize : 64</div>
<div>digestsize : 16</div>
<div> </div>
<div>name : compress_null</div>
<div>driver : compress_null-generic</div>
<div>module : crypto_null</div>
<div>priority : 0</div>
<div>refcnt : 1</div>
<div>selftest : passed</div>
<div>type : compression</div>
<div> </div>
<div>name : digest_null</div>
<div>driver : digest_null-generic</div>
<div>module : crypto_null</div>
<div>priority : 0</div>
<div>refcnt : 1</div>
<div>selftest : passed</div>
<div>type : shash</div>
<div>blocksize : 1</div>
<div>digestsize : 0</div>
<div> </div>
<div>name : ecb(cipher_null)</div>
<div>driver : ecb-cipher_null</div>
<div>module : crypto_null</div>
<div>priority : 100</div>
<div>refcnt : 1</div>
<div>selftest : passed</div>
<div>type : blkcipher</div>
<div>blocksize : 1</div>
<div>min keysize : 0</div>
<div>max keysize : 0</div>
<div>ivsize : 0</div>
<div>geniv : <default></div>
<div> </div>
<div>name : cipher_null</div>
<div>driver : cipher_null-generic</div>
<div>module : crypto_null</div>
<div>priority : 0</div>
<div>refcnt : 1</div>
<div>selftest : passed</div>
<div>type : cipher</div>
<div>blocksize : 1</div>
<div>min keysize : 0</div>
<div>max keysize : 0</div>
<div> </div>
<div>name : tnepres</div>
<div>driver : tnepres-generic</div>
<div>module : serpent</div>
<div>priority : 0</div>
<div>refcnt : 1</div>
<div>selftest : passed</div>
<div>type : cipher</div>
<div>blocksize : 16</div>
<div>min keysize : 0</div>
<div>max keysize : 32</div>
<div> </div>
<div>name : serpent</div>
<div>driver : serpent-generic</div>
<div>module : serpent</div>
<div>priority : 0</div>
<div>refcnt : 1</div>
<div>selftest : passed</div>
<div>type : cipher</div>
<div>blocksize : 16</div>
<div>min keysize : 0</div>
<div>max keysize : 32</div>
<div> </div>
<div>name : blowfish</div>
<div>driver : blowfish-generic</div>
<div>module : blowfish</div>
<div>priority : 0</div>
<div>refcnt : 1</div>
<div>selftest : passed</div>
<div>type : cipher</div>
<div>blocksize : 8</div>
<div>min keysize : 4</div>
<div>max keysize : 56</div>
<div> </div>
<div>name : twofish</div>
<div>driver : twofish-asm</div>
<div>module : twofish_x86_64</div>
<div>priority : 200</div>
<div>refcnt : 1</div>
<div>selftest : passed</div>
<div>type : cipher</div>
<div>blocksize : 16</div>
<div>min keysize : 16</div>
<div>max keysize : 32</div>
<div> </div>
<div>name : sha256</div>
<div>driver : sha256-generic</div>
<div>module : sha256_generic</div>
<div>priority : 0</div>
<div>refcnt : 1</div>
<div>selftest : passed</div>
<div>type : shash</div>
<div>blocksize : 64</div>
<div>digestsize : 32</div>
<div> </div>
<div>name : sha224</div>
<div>driver : sha224-generic</div>
<div>module : sha256_generic</div>
<div>priority : 0</div>
<div>refcnt : 1</div>
<div>selftest : passed</div>
<div>type : shash</div>
<div>blocksize : 64</div>
<div>digestsize : 28</div>
<div> </div>
<div>name : sha512</div>
<div>driver : sha512-generic</div>
<div>module : sha512_generic</div>
<div>priority : 0</div>
<div>refcnt : 1</div>
<div>selftest : passed</div>
<div>type : shash</div>
<div>blocksize : 128</div>
<div>digestsize : 64</div>
<div> </div>
<div>name : sha384</div>
<div>driver : sha384-generic</div>
<div>module : sha512_generic</div>
<div>priority : 0</div>
<div>refcnt : 1</div>
<div>selftest : passed</div>
<div>type : shash</div>
<div>blocksize : 128</div>
<div>digestsize : 48</div>
<div> </div>
<div>name : des3_ede</div>
<div>driver : des3_ede-generic</div>
<div>module : des_generic</div>
<div>priority : 0</div>
<div>refcnt : 3</div>
<div>selftest : passed</div>
<div>type : cipher</div>
<div>blocksize : 8</div>
<div>min keysize : 24</div>
<div>max keysize : 24</div>
<div> </div>
<div>name : des</div>
<div>driver : des-generic</div>
<div>module : des_generic</div>
<div>priority : 0</div>
<div>refcnt : 1</div>
<div>selftest : passed</div>
<div>type : cipher</div>
<div>blocksize : 8</div>
<div>min keysize : 8</div>
<div>max keysize : 8</div>
<div> </div>
<div>name : aes</div>
<div>driver : aes-asm</div>
<div>module : aes_x86_64</div>
<div>priority : 200</div>
<div>refcnt : 1</div>
<div>selftest : passed</div>
<div>type : cipher</div>
<div>blocksize : 16</div>
<div>min keysize : 16</div>
<div>max keysize : 32</div>
<div> </div>
<div>name : aes</div>
<div>driver : aes-generic</div>
<div>module : aes_generic</div>
<div>priority : 100</div>
<div>refcnt : 1</div>
<div>selftest : passed</div>
<div>type : cipher</div>
<div>blocksize : 16</div>
<div>min keysize : 16</div>
<div>max keysize : 32</div>
<div> </div>
<div>name : stdrng</div>
<div>driver : krng</div>
<div>module : kernel</div>
<div>priority : 200</div>
<div>refcnt : 2</div>
<div>selftest : passed</div>
<div>type : rng</div>
<div>seedsize : 0</div>
<div> </div>
<div>name : crc32c</div>
<div>driver : crc32c-generic</div>
<div>module : kernel</div>
<div>priority : 100</div>
<div>refcnt : 1</div>
<div>selftest : passed</div>
<div>type : shash</div>
<div>blocksize : 1</div>
<div>digestsize : 4</div>
<div> </div>
<div>name : sha1</div>
<div>driver : sha1-generic</div>
<div>module : kernel</div>
<div>priority : 0</div>
<div>refcnt : 3</div>
<div>selftest : passed</div>
<div>type : shash</div>
<div>blocksize : 64</div>
<div>digestsize : 20</div>
<div> </div>
<div>name : md5</div>
<div>driver : md5-generic</div>
<div>module : kernel</div>
<div>priority : 0</div>
<div>refcnt : 1</div>
<div>selftest : passed</div>
<div>type : shash</div>
<div>blocksize : 64</div>
<div>digestsize : 16</div>
<div> </div>
<div>+ __________________________/proc/sys/net/core/xfrm-star</div>
<div>/usr/libexec/ipsec/barf: line 190: \
__________________________/proc/sys/net/core/xfrm-star: No such file or \
directory</div> <div>+ for i in '/proc/sys/net/core/xfrm_*'</div>
<div>+ echo -n '/proc/sys/net/core/xfrm_acq_expires: '</div>
<div>/proc/sys/net/core/xfrm_acq_expires: + cat \
/proc/sys/net/core/xfrm_acq_expires</div> <div>30</div>
<div>+ for i in '/proc/sys/net/core/xfrm_*'</div>
<div>+ echo -n '/proc/sys/net/core/xfrm_aevent_etime: '</div>
<div>/proc/sys/net/core/xfrm_aevent_etime: + cat \
/proc/sys/net/core/xfrm_aevent_etime</div> <div>10</div>
<div>+ for i in '/proc/sys/net/core/xfrm_*'</div>
<div>+ echo -n '/proc/sys/net/core/xfrm_aevent_rseqth: '</div>
<div>/proc/sys/net/core/xfrm_aevent_rseqth: + cat \
/proc/sys/net/core/xfrm_aevent_rseqth</div> <div>2</div>
<div>+ for i in '/proc/sys/net/core/xfrm_*'</div>
<div>+ echo -n '/proc/sys/net/core/xfrm_larval_drop: '</div>
<div>/proc/sys/net/core/xfrm_larval_drop: + cat \
/proc/sys/net/core/xfrm_larval_drop</div> <div>1</div>
<div>+ _________________________ /proc/sys/net/ipsec-star</div>
<div>+ test -d /proc/sys/net/ipsec</div>
<div>+ _________________________ ipsec/status</div>
<div>+ ipsec auto --status</div>
<div>000 using kernel interface: netkey</div>
<div>000 interface eth0/eth0 2001:41d0:8:e242::1</div>
<div>000 interface lo/lo ::1</div>
<div>000 interface lo/lo 127.0.0.1</div>
<div>000 interface lo/lo 127.0.0.1</div>
<div>000 interface eth0/eth0 179.34.222.31</div>
<div>000 interface eth0/eth0 179.34.222.31</div>
<div>000 %myid = (none)</div>
<div>000 debug none</div>
<div>000</div>
<div>000 virtual_private (%priv):</div>
<div>000 - allowed 0 subnets:</div>
<div>000 - disallowed 0 subnets:</div>
<div>000 WARNING: Either virtual_private= is not specified, or there is a \
syntax</div> <div>000 error in that line. \
'left/rightsubnet=vhost:%priv' will not work!</div> <div>000 WARNING: Disallowed \
subnets in virtual_private= is empty. If you have</div> <div>000 \
private address space in internal use, it should be excluded!</div> \
<div>000</div> <div>000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, \
keysizemin=64, keysizemax=64</div> <div>000 algorithm ESP encrypt: id=3, \
name=ESP_3DES, ivlen=8, keysizemin=192, keysizemax=192</div> <div>000 algorithm ESP \
encrypt: id=6, name=ESP_CAST, ivlen=8, keysizemin=40, keysizemax=128</div> <div>000 \
algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8, keysizemin=40, \
keysizemax=448</div> <div>000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, \
keysizemin=0, keysizemax=0</div> <div>000 algorithm ESP encrypt: id=12, name=ESP_AES, \
ivlen=8, keysizemin=128, keysizemax=256</div> <div>000 algorithm ESP encrypt: id=13, \
name=ESP_AES_CTR, ivlen=8, keysizemin=128, keysizemax=256</div> <div>000 algorithm \
ESP encrypt: id=14, name=ESP_AES_CCM_A, ivlen=8, keysizemin=128, keysizemax=256</div> \
<div>000 algorithm ESP encrypt: id=15, name=ESP_AES_CCM_B, ivlen=8, keysizemin=128, \
keysizemax=256</div> <div>000 algorithm ESP encrypt: id=16, name=ESP_AES_CCM_C, \
ivlen=8, keysizemin=128, keysizemax=256</div> <div>000 algorithm ESP encrypt: id=18, \
name=ESP_AES_GCM_A, ivlen=8, keysizemin=128, keysizemax=256</div> <div>000 algorithm \
ESP encrypt: id=19, name=ESP_AES_GCM_B, ivlen=8, keysizemin=128, keysizemax=256</div> \
<div>000 algorithm ESP encrypt: id=20, name=ESP_AES_GCM_C, ivlen=8, keysizemin=128, \
keysizemax=256</div> <div>000 algorithm ESP encrypt: id=22, name=ESP_CAMELLIA, \
ivlen=8, keysizemin=128, keysizemax=256</div> <div>000 algorithm ESP encrypt: id=252, \
name=ESP_SERPENT, ivlen=8, keysizemin=128, keysizemax=256</div> <div>000 algorithm \
ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8, keysizemin=128, keysizemax=256</div> \
<div>000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, \
keysizemax=128</div> <div>000 algorithm ESP auth attr: id=2, \
name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160</div> <div>000 \
algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256, keysizemin=256, \
keysizemax=256</div> <div>000 algorithm ESP auth attr: id=6, \
name=AUTH_ALGORITHM_HMAC_SHA2_384, keysizemin=384, keysizemax=384</div> <div>000 \
algorithm ESP auth attr: id=7, name=AUTH_ALGORITHM_HMAC_SHA2_512, keysizemin=512, \
keysizemax=512</div> <div>000 algorithm ESP auth attr: id=8, \
name=AUTH_ALGORITHM_HMAC_RIPEMD, keysizemin=160, keysizemax=160</div> <div>000 \
algorithm ESP auth attr: id=9, name=AUTH_ALGORITHM_AES_CBC, keysizemin=128, \
keysizemax=128</div> <div>000 algorithm ESP auth attr: id=251, name=(null), \
keysizemin=0, keysizemax=0</div> <div>000</div>
<div>000 algorithm IKE encrypt: id=0, name=(null), blocksize=16, keydeflen=131</div>
<div>000 algorithm IKE encrypt: id=3, name=OAKLEY_BLOWFISH_CBC, blocksize=8, \
keydeflen=128</div> <div>000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, \
blocksize=8, keydeflen=192</div> <div>000 algorithm IKE encrypt: id=7, \
name=OAKLEY_AES_CBC, blocksize=16, keydeflen=128</div> <div>000 algorithm IKE \
encrypt: id=65004, name=OAKLEY_SERPENT_CBC, blocksize=16, keydeflen=128</div> \
<div>000 algorithm IKE encrypt: id=65005, name=OAKLEY_TWOFISH_CBC, blocksize=16, \
keydeflen=128</div> <div>000 algorithm IKE encrypt: id=65289, \
name=OAKLEY_TWOFISH_CBC_SSH, blocksize=16, keydeflen=128</div> <div>000 algorithm IKE \
hash: id=1, name=OAKLEY_MD5, hashsize=16</div> <div>000 algorithm IKE hash: id=2, \
name=OAKLEY_SHA1, hashsize=20</div> <div>000 algorithm IKE hash: id=4, \
name=OAKLEY_SHA2_256, hashsize=32</div> <div>000 algorithm IKE hash: id=6, \
name=OAKLEY_SHA2_512, hashsize=64</div> <div>000 algorithm IKE dh group: id=2, \
name=OAKLEY_GROUP_MODP1024, bits=1024</div> <div>000 algorithm IKE dh group: id=5, \
name=OAKLEY_GROUP_MODP1536, bits=1536</div> <div>000 algorithm IKE dh group: id=14, \
name=OAKLEY_GROUP_MODP2048, bits=2048</div> <div>000 algorithm IKE dh group: id=15, \
name=OAKLEY_GROUP_MODP3072, bits=3072</div> <div>000 algorithm IKE dh group: id=16, \
name=OAKLEY_GROUP_MODP4096, bits=4096</div> <div>000 algorithm IKE dh group: id=17, \
name=OAKLEY_GROUP_MODP6144, bits=6144</div> <div>000 algorithm IKE dh group: id=18, \
name=OAKLEY_GROUP_MODP8192, bits=8192</div> <div>000 algorithm IKE dh group: id=22, \
name=OAKLEY_GROUP_DH22, bits=1024</div> <div>000 algorithm IKE dh group: id=23, \
name=OAKLEY_GROUP_DH23, bits=2048</div> <div>000 algorithm IKE dh group: id=24, \
name=OAKLEY_GROUP_DH24, bits=2048</div> <div>000</div>
<div>000 stats db_ops: {curr_cnt, total_cnt, maxsz} :context={0,0,0} trans={0,0,0} \
attrs={0,0,0}</div> <div>000</div>
<div>000 "mikrotik": <a \
href="http://192.168.1.0/24===179.34.222.31">192.168.1.0/24===179.34.222.31</a><179 \
.34.222.31>[+S=C]...192.168.0.1---82.198.121.45<82.198.121.45>[+S=C]===<a \
href="http://192.168.0.0/24">192.168.0.0/24</a>; erouted; eroute owner: #7</div> \
<div>000 "mikrotik": myip=unset; hisip=unset;</div> <div>000 \
"mikrotik": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; \
rekey_fuzz: 100%; keyingtries: 0</div> <div>000 "mikrotik": policy: \
PSK+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW+SAREFTRACK+lKOD+rKOD; prio: 24,24; interface: \
eth0;</div> <div>000 "mikrotik": newest ISAKMP SA: #6; newest IPsec SA: \
#7;</div> <div>000 "mikrotik": IKE algorithm newest: \
3DES_CBC_192-SHA1-MODP1024</div> <div>000</div>
<div>000 #7: "mikrotik":500 STATE_QUICK_I2 (sent QI2, IPsec SA established); \
EVENT_SA_REPLACE in 27750s; newest IPSEC; eroute owner; isakmp#6; idle; import:admin \
initiate</div> <div>000 #7: "mikrotik" <a \
href="mailto:esp.1eea26a@82.198.121.45">esp.1eea26a@82.198.121.45</a> <a \
href="mailto:esp.743427d2@179.34.222.31">esp.743427d2@179.34.222.31</a> <a \
href="mailto:tun.0@82.198.121.45">tun.0@82.198.121.45</a> <a \
href="mailto:tun.0@179.34.222.31">tun.0@179.34.222.31</a> ref=0 \
refhim=4294901761</div> <div>000 #6: "mikrotik":500 STATE_MAIN_I4 (ISAKMP SA \
established); EVENT_SA_REPLACE in 2625s; newest ISAKMP; lastdpd=-1s(seq in:0 out:0); \
idle; import:admin initiate</div> <div>000</div>
<div>+ _________________________ ifconfig-a</div>
<div>+ ifconfig -a</div>
<div>eth0 Link encap:Ethernet HWaddr \
4C:72:B9:D1:C4:25</div> <div> inet \
addr:179.34.222.31 Bcast:178.32.223.255 Mask:255.255.255.0</div> \
<div> inet6 addr: 2001:41d0:8:e242::1/64 \
Scope:Global</div> <div> inet6 addr: \
fe80::4e72:b9ff:fed1:c425/64 Scope:Link</div> <div> \
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1</div> <div> \
RX packets:17969 errors:0 dropped:0 overruns:0 frame:0</div> \
<div> TX packets:48900 errors:0 dropped:0 \
overruns:0 carrier:0</div> <div> collisions:0 \
txqueuelen:1000</div> <div> RX bytes:1532137 (1.4 \
MiB) TX bytes:14568681 (13.8 MiB)</div> <div> \
Interrupt:20 Memory:fe500000-fe520000</div> <div> </div>
<div>lo Link encap:Local Loopback</div>
<div> inet addr:127.0.0.1 \
Mask:255.0.0.0</div> <div> inet6 addr: \
::1/128 Scope:Host</div> <div> UP LOOPBACK RUNNING \
MTU:16436 Metric:1</div> <div> RX \
packets:248 errors:0 dropped:0 overruns:0 frame:0</div> <div> \
TX packets:248 errors:0 dropped:0 overruns:0 carrier:0</div> \
<div> collisions:0 txqueuelen:0</div> <div> \
RX bytes:39867 (38.9 KiB) TX bytes:39867 (38.9 \
KiB)</div> <div> </div>
<div>+ _________________________ ip-addr-list</div>
<div>+ ip addr list</div>
<div>1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN</div>
<div> link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00</div>
<div> inet <a href="http://127.0.0.1/8">127.0.0.1/8</a> scope host \
lo</div> <div> inet6 ::1/128 scope host</div>
<div> valid_lft forever preferred_lft forever</div>
<div>2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state \
UP qlen 1000</div> <div> link/ether 4c:72:b9:d1:c4:25 brd \
ff:ff:ff:ff:ff:ff</div> <div> inet <a \
href="http://179.34.222.31/24">179.34.222.31/24</a> brd 178.32.223.255 scope global \
eth0</div> <div> inet6 2001:41d0:8:e242::1/64 scope global</div>
<div> valid_lft forever preferred_lft forever</div>
<div> inet6 fe80::4e72:b9ff:fed1:c425/64 scope link</div>
<div> valid_lft forever preferred_lft forever</div>
<div>+ _________________________ ip-route-list</div>
<div>+ ip route list</div>
<div><a href="http://178.32.223.0/24">178.32.223.0/24</a> dev eth0 proto kernel \
scope link src 179.34.222.31</div> <div>default via 178.32.223.254 dev \
eth0</div> <div>+ _________________________ ip-rule-list</div>
<div>+ ip rule list</div>
<div>0: from all lookup local</div>
<div>32766: from all lookup main</div>
<div>32767: from all lookup default</div>
<div>+ _________________________ ipsec_verify</div>
<div>+ ipsec verify --nocolour</div>
<div>Checking your system to see if IPsec got installed and started correctly:</div>
<div>Version check and ipsec on-path \
[OK]</div> <div>Linux \
Openswan U2.6.32/K2.6.32-358.6.1.el6.x86_64 (netkey)</div> <div>Checking for IPsec \
support in kernel \
[OK]</div> <div> SAref kernel support \
\
[N/A]</div> \
<div> NETKEY: Testing for disabled ICMP send_redirects \
[OK]</div> <div>NETKEY detected, testing for \
disabled ICMP accept_redirects [OK]</div> <div>Testing against enforced \
SElinux mode \
[OK]</div> <div>Checking that pluto is running \
\
[OK]</div> <div> Pluto listening for IKE on udp 500 \
\
[OK]</div> <div> Pluto listening for NAT-T on udp 4500 \
\
[OK]</div> <div>Checking for 'ip' command \
\
[OK]</div> <div>Checking /bin/sh is not /bin/dash \
\
[OK]</div> <div>Checking for 'iptables' command \
\
[OK]</div> <div>Opportunistic Encryption Support \
\
[DISABLED]</div> <div>+ _________________________ mii-tool</div>
<div>+ '[' -x /sbin/mii-tool ']'</div>
<div>+ /sbin/mii-tool -v</div>
<div>No interface specified</div>
<div>usage: /sbin/mii-tool [-VvRrwl] [-A media,... | -F media] <interface> \
...</div> <div> -V, --version \
display version information</div> <div> \
-v, --verbose more verbose \
output</div> <div> -R, --reset \
reset MII to poweron state</div> <div> \
-r, --restart restart \
autonegotiation</div> <div> -w, --watch \
monitor for link status changes</div> \
<div> -l, --log \
with -w, write events to syslog</div> <div> \
-A, --advertise=media,... advertise only specified media</div> \
<div> -F, --force=media \
force specified media technology</div> <div>media: 100baseT4, 100baseTx-FD, \
100baseTx-HD, 10baseT-FD, 10baseT-HD,</div> <div> (to \
advertise both HD and FD) 100baseTx, 10baseT</div> <div>+ _________________________ \
ipsec/directory</div> <div>+ ipsec --directory</div>
<div>/usr/libexec/ipsec</div>
<div>+ _________________________ hostname/fqdn</div>
<div>+ hostname --fqdn</div>
<div><a href="http://ks3307690.kimsufi.com/">ks3307690.kimsufi.com</a></div>
<div>+ _________________________ hostname/ipaddress</div>
<div>+ hostname --ip-address</div>
<div>179.34.222.31</div>
<div>+ _________________________ uptime</div>
<div>+ uptime</div>
<div> 02:55:49 up 1:09, 2 users, load average: 0.06, 0.03, \
0.00</div> <div>+ _________________________ ps</div>
<div>+ ps alxwf</div>
<div>+ egrep -i 'ppid|pluto|ipsec|klips'</div>
<div>F UID PID PPID PRI NI VSZ RSS \
WCHAN STAT TTY TIME COMMAND</div> <div>4 \
0 7913 1701 20 0 106064 1480 wait S+ \
pts/0 0:00 | \_ /bin/sh \
/usr/libexec/ipsec/barf</div> <div>0 0 7978 7913 20 \
0 4148 672 pipe_w S+ pts/0 0:00 \
| \_ egrep -i ppid|pluto|ipsec|klips</div> \
<div>1 0 4897 1 20 0 9192 \
524 wait S pts/0 0:00 /bin/sh \
/usr/libexec/ipsec/_plutorun --debug --uniqueids yes --force_busy no --nocrsend \
no --strictcrlpolicy no --nat_traversal yes --keep_alive --protostack netkey \
--force_keepalive no --disable_port_floating no --virtual_private oe=off --listen \
--crlcheckinterval 0 --ocspuri --nhelpers --secctx_attr_value \
--dump --opts --stderrlog --wait no --pre --post \
--log daemon.error --plutorestartoncrash true --pid \
/var/run/pluto/pluto.pid</div> <div>1 0 4899 4897 20 \
0 9192 692 wait S pts/0 \
0:00 \_ /bin/sh /usr/libexec/ipsec/_plutorun --debug --uniqueids \
yes --force_busy no --nocrsend no --strictcrlpolicy no --nat_traversal yes \
--keep_alive --protostack netkey --force_keepalive no --disable_port_floating \
no --virtual_private oe=off --listen --crlcheckinterval 0 --ocspuri \
--nhelpers --secctx_attr_value --dump --opts \
--stderrlog --wait no --pre --post --log daemon.error \
--plutorestartoncrash true --pid /var/run/pluto/pluto.pid</div> <div>4 \
0 4903 4899 20 0 313724 7860 poll_s Sl pts/0 \
0:00 | \_ /usr/libexec/ipsec/pluto --nofork \
--secretsfile /etc/ipsec.secrets --ipsecdir /etc/ipsec.d --use-netkey --uniqueids \
--nat_traversal --virtual_private oe=off</div> <div>0 0 4934 \
4903 20 0 6080 404 poll_s S pts/0 \
0:00 | \_ _pluto_adns</div> <div>0 \
0 4900 4897 20 0 9192 1316 pipe_w \
S pts/0 0:00 \_ /bin/sh \
/usr/libexec/ipsec/_plutoload --wait no --post</div> <div>0 0 \
4898 1 20 0 4056 664 pipe_w S \
pts/0 0:00 logger -s -p daemon.error -t \
ipsec__plutorun</div> <div>+ _________________________ ipsec/showdefaults</div>
<div>+ ipsec showdefaults</div>
<div>routephys=eth0</div>
<div>routevirt=none</div>
<div>routeaddr=179.34.222.31</div>
<div>routenexthop=178.32.223.254</div>
<div>+ _________________________ ipsec/conf</div>
<div>+ ipsec _include /etc/ipsec.conf</div>
<div>+ ipsec _keycensor</div>
<div> </div>
<div>#< /etc/ipsec.conf 1</div>
<div># /etc/ipsec.conf - Openswan IPsec configuration file</div>
<div>#</div>
<div># Manual: ipsec.conf.5</div>
<div>#</div>
<div># Please place your own config files in /etc/ipsec.d/ ending in .conf</div>
<div> </div>
<div>version 2.0 # conforms to second version of ipsec.conf \
specification</div> <div> </div>
<div># basic configuration</div>
<div>config setup</div>
<div> # Debug-logging controls: "none" for (almost) \
none, "all" for lots.</div> <div> # klipsdebug=none</div>
<div> # plutodebug="control parsing"</div>
<div> # For Red Hat Enterprise Linux and Fedora, leave \
protostack=netkey</div> <div> #protostack=klips</div>
<div> interfaces=%defaultroute</div>
<div> protostack=netkey</div>
<div> </div>
<div> nat_traversal=yes</div>
<div> virtual_private=</div>
<div> oe=off</div>
<div> # Enable this if you see "failed to find any \
available worker"</div> <div> # nhelpers=0</div>
<div> </div>
<div>conn mikrotik</div>
<div> left=179.34.222.31</div>
<div> leftsubnet=<a \
href="http://192.168.1.0/24">192.168.1.0/24</a></div> <div> \
#leftnexthop=%defaultroute</div> <div> </div>
<div> right=82.198.121.45</div>
<div> rightsubnet=<a \
href="http://192.168.0.0/24">192.168.0.0/24</a></div> <div> \
rightnexthop=192.168.0.1</div> <div> </div>
<div> type=tunnel</div>
<div> authby=secret</div>
<div> auto=start</div>
<div>#You may put your configuration (.conf) file in the "/etc/ipsec.d/" and \
uncomment this.</div> <div>#include /etc/ipsec.d/*.conf</div>
<div>+ _________________________ ipsec/secrets</div>
<div>+ ipsec _include /etc/ipsec.secrets</div>
<div>+ ipsec _secretcensor</div>
<div> </div>
<div>#< /etc/ipsec.secrets 1</div>
<div>#:cannot open configuration file \'/etc/ipsec.d/*.secrets\'</div>
<div> </div>
<div>#> /etc/ipsec.secrets 2</div>
<div>179.34.222.31 <a href="http://82.198.121.45/">82.198.121.45</a>: PSK "[sums to \
354c...]"</div> <div>+ _________________________ ipsec/listall</div>
<div>+ ipsec auto --listall</div>
<div>000</div>
<div>000 List of Public Keys:</div>
<div>000</div>
<div>000 List of Pre-shared secrets (from /etc/ipsec.secrets)</div>
<div>000 2: PSK 82.198.121.45 179.34.222.31</div>
<div>+ '[' /etc/ipsec.d/policies ']'</div>
<div>+ for policy in '$POLICIES/*'</div>
<div>++ basename /etc/ipsec.d/policies/block</div>
<div>+ base=block</div>
<div>+ _________________________ ipsec/policies/block</div>
<div>+ cat /etc/ipsec.d/policies/block</div>
<div># This file defines the set of CIDRs (network/mask-length) to which</div>
<div># communication should never be allowed.</div>
<div>#</div>
<div># See /usr/share/doc/openswan/policygroups.html for details.</div>
<div>#</div>
<div># $Id: <a href="http://block.in/">block.in</a>,v 1.4 2003/02/17 02:22:15 mcr Exp \
$</div> <div>#</div>
<div> </div>
<div>+ for policy in '$POLICIES/*'</div>
<div>++ basename /etc/ipsec.d/policies/clear</div>
<div>+ base=clear</div>
<div>+ _________________________ ipsec/policies/clear</div>
<div>+ cat /etc/ipsec.d/policies/clear</div>
<div># This file defines the set of CIDRs (network/mask-length) to which</div>
<div># communication should always be in the clear.</div>
<div>#</div>
<div># See /usr/share/doc/openswan/policygroups.html for details.</div>
<div>#</div>
<div> </div>
<div># root name servers should be in the clear</div>
<div><a href="http://192.58.128.30/32">192.58.128.30/32</a></div>
<div><a href="http://198.41.0.4/32">198.41.0.4/32</a></div>
<div><a href="http://192.228.79.201/32">192.228.79.201/32</a></div>
<div><a href="http://192.33.4.12/32">192.33.4.12/32</a></div>
<div><a href="http://128.8.10.90/32">128.8.10.90/32</a></div>
<div><a href="http://192.203.230.10/32">192.203.230.10/32</a></div>
<div><a href="http://192.5.5.241/32">192.5.5.241/32</a></div>
<div><a href="http://192.112.36.4/32">192.112.36.4/32</a></div>
<div><a href="http://128.63.2.53/32">128.63.2.53/32</a></div>
<div><a href="http://192.36.148.17/32">192.36.148.17/32</a></div>
<div><a href="http://193.0.14.129/32">193.0.14.129/32</a></div>
<div><a href="http://199.7.83.42/32">199.7.83.42/32</a></div>
<div><a href="http://202.12.27.33/32">202.12.27.33/32</a></div>
<div>+ for policy in '$POLICIES/*'</div>
<div>++ basename /etc/ipsec.d/policies/clear-or-private</div>
<div>+ base=clear-or-private</div>
<div>+ _________________________ ipsec/policies/clear-or-private</div>
<div>+ cat /etc/ipsec.d/policies/clear-or-private</div>
<div># This file defines the set of CIDRs (network/mask-length) to which</div>
<div># we will communicate in the clear, or, if the other side initiates IPSEC,</div>
<div># using encryption. This behaviour is also called "Opportunistic \
Responder".</div> <div>#</div>
<div># See /usr/share/doc/openswan/policygroups.html for details.</div>
<div>#</div>
<div># $Id: <a href="http://clear-or-private.in/">clear-or-private.in</a>,v 1.4 \
2003/02/17 02:22:15 mcr Exp $</div> <div>#</div>
<div>+ for policy in '$POLICIES/*'</div>
<div>++ basename /etc/ipsec.d/policies/private</div>
<div>+ base=private</div>
<div>+ _________________________ ipsec/policies/private</div>
<div>+ cat /etc/ipsec.d/policies/private</div>
<div># This file defines the set of CIDRs (network/mask-length) to which</div>
<div># communication should always be private (i.e. encrypted).</div>
<div># See /usr/share/doc/openswan/policygroups.html for details.</div>
<div>#</div>
<div># $Id: <a href="http://private.in/">private.in</a>,v 1.4 2003/02/17 02:22:15 mcr \
Exp $</div> <div>#</div>
<div>+ for policy in '$POLICIES/*'</div>
<div>++ basename /etc/ipsec.d/policies/private-or-clear</div>
<div>+ base=private-or-clear</div>
<div>+ _________________________ ipsec/policies/private-or-clear</div>
<div>+ cat /etc/ipsec.d/policies/private-or-clear</div>
<div># This file defines the set of CIDRs (network/mask-length) to which</div>
<div># communication should be private, if possible, but in the clear \
otherwise.</div> <div>#</div>
<div># If the target has a TXT (later IPSECKEY) record that specifies</div>
<div># authentication material, we will require private (i.e. encrypted)</div>
<div># communications. If no such record is found, communications will be</div>
<div># in the clear.</div>
<div>#</div>
<div># See /usr/share/doc/openswan/policygroups.html for details.</div>
<div>#</div>
<div># $Id: <a href="http://private-or-clear.in/">private-or-clear.in</a>,v 1.5 \
2003/02/17 02:22:15 mcr Exp $</div> <div>#</div>
<div> </div>
<div><a href="http://0.0.0.0/0">0.0.0.0/0</a></div>
<div>+ _________________________ ipsec/ls-libdir</div>
<div>+ ls -l /usr/libexec/ipsec</div>
<div>total 2676</div>
<div>-rwxr-xr-x. 1 root root 10592 Sep 24 2012 _copyright</div>
<div>-rwxr-xr-x. 1 root root 2430 Sep 24 2012 _include</div>
<div>-rwxr-xr-x. 1 root root 1475 Sep 24 2012 _keycensor</div>
<div>-rwxr-xr-x. 1 root root 14528 Sep 24 2012 _pluto_adns</div>
<div>-rwxr-xr-x. 1 root root 2567 Sep 24 2012 _plutoload</div>
<div>-rwxr-xr-x. 1 root root 8474 Sep 24 2012 _plutorun</div>
<div>-rwxr-xr-x. 1 root root 13671 Sep 24 2012 _realsetup</div>
<div>-rwxr-xr-x. 1 root root 1975 Sep 24 2012 _secretcensor</div>
<div>-rwxr-xr-x. 1 root root 11507 Sep 24 2012 _startklips</div>
<div>-rwxr-xr-x. 1 root root 6096 Sep 24 2012 _startnetkey</div>
<div>-rwxr-xr-x. 1 root root 4923 Sep 24 2012 _updown</div>
<div>-rwxr-xr-x. 1 root root 16227 Sep 24 2012 _updown.klips</div>
<div>-rwxr-xr-x. 1 root root 16583 Sep 24 2012 _updown.mast</div>
<div>-rwxr-xr-x. 1 root root 13745 Sep 24 2012 _updown.netkey</div>
<div>-rwxr-xr-x. 1 root root 226704 Sep 24 2012 addconn</div>
<div>-rwxr-xr-x. 1 root root 6015 Sep 24 2012 auto</div>
<div>-rwxr-xr-x. 1 root root 10978 Sep 24 2012 barf</div>
<div>-rwxr-xr-x. 1 root root 93840 Sep 24 2012 eroute</div>
<div>-rwxr-xr-x. 1 root root 26736 Sep 24 2012 ikeping</div>
<div>-rwxr-xr-x. 1 root root 69552 Sep 24 2012 klipsdebug</div>
<div>-rwxr-xr-x. 1 root root 2455 Sep 24 2012 look</div>
<div>-rwxr-xr-x. 1 root root 2189 Sep 24 2012 newhostkey</div>
<div>-rwxr-xr-x. 1 root root 64976 Sep 24 2012 pf_key</div>
<div>-rwxr-xr-x. 1 root root 1093328 Sep 24 2012 pluto</div>
<div>-rwxr-xr-x. 1 root root 12349 Sep 24 2012 policy</div>
<div>-rwxr-xr-x. 1 root root 10576 Sep 24 2012 ranbits</div>
<div>-rwxr-xr-x. 1 root root 27376 Sep 24 2012 rsasigkey</div>
<div>-rwxr-xr-x. 1 root root 704 Sep 24 2012 secrets</div>
<div>lrwxrwxrwx. 1 root root 30 May 4 01:15 setup -> \
../../../etc/rc.d/init.d/ipsec</div> <div>-rwxr-xr-x. 1 root root 1126 \
Sep 24 2012 showdefaults</div> <div>-rwxr-xr-x. 1 root root 267584 Sep 24 \
2012 showhostkey</div> <div>-rwxr-xr-x. 1 root root 26736 Sep 24 \
2012 showpolicy</div> <div>-rwxr-xr-x. 1 root root 176552 Sep 24 \
2012 spi</div> <div>-rwxr-xr-x. 1 root root 81504 Sep 24 2012 \
spigrp</div> <div>-rwxr-xr-x. 1 root root 77032 Sep 24 2012 tncfg</div>
<div>-rwxr-xr-x. 1 root root 14828 Sep 24 2012 verify</div>
<div>-rwxr-xr-x. 1 root root 59904 Sep 24 2012 whack</div>
<div>+ _________________________ ipsec/ls-execdir</div>
<div>+ ls -l /usr/libexec/ipsec</div>
<div>total 2676</div>
<div>-rwxr-xr-x. 1 root root 10592 Sep 24 2012 _copyright</div>
<div>-rwxr-xr-x. 1 root root 2430 Sep 24 2012 _include</div>
<div>-rwxr-xr-x. 1 root root 1475 Sep 24 2012 _keycensor</div>
<div>-rwxr-xr-x. 1 root root 14528 Sep 24 2012 _pluto_adns</div>
<div>-rwxr-xr-x. 1 root root 2567 Sep 24 2012 _plutoload</div>
<div>-rwxr-xr-x. 1 root root 8474 Sep 24 2012 _plutorun</div>
<div>-rwxr-xr-x. 1 root root 13671 Sep 24 2012 _realsetup</div>
<div>-rwxr-xr-x. 1 root root 1975 Sep 24 2012 _secretcensor</div>
<div>-rwxr-xr-x. 1 root root 11507 Sep 24 2012 _startklips</div>
<div>-rwxr-xr-x. 1 root root 6096 Sep 24 2012 _startnetkey</div>
<div>-rwxr-xr-x. 1 root root 4923 Sep 24 2012 _updown</div>
<div>-rwxr-xr-x. 1 root root 16227 Sep 24 2012 _updown.klips</div>
<div>-rwxr-xr-x. 1 root root 16583 Sep 24 2012 _updown.mast</div>
<div>-rwxr-xr-x. 1 root root 13745 Sep 24 2012 _updown.netkey</div>
<div>-rwxr-xr-x. 1 root root 226704 Sep 24 2012 addconn</div>
<div>-rwxr-xr-x. 1 root root 6015 Sep 24 2012 auto</div>
<div>-rwxr-xr-x. 1 root root 10978 Sep 24 2012 barf</div>
<div>-rwxr-xr-x. 1 root root 93840 Sep 24 2012 eroute</div>
<div>-rwxr-xr-x. 1 root root 26736 Sep 24 2012 ikeping</div>
<div>-rwxr-xr-x. 1 root root 69552 Sep 24 2012 klipsdebug</div>
<div>-rwxr-xr-x. 1 root root 2455 Sep 24 2012 look</div>
<div>-rwxr-xr-x. 1 root root 2189 Sep 24 2012 newhostkey</div>
<div>-rwxr-xr-x. 1 root root 64976 Sep 24 2012 pf_key</div>
<div>-rwxr-xr-x. 1 root root 1093328 Sep 24 2012 pluto</div>
<div>-rwxr-xr-x. 1 root root 12349 Sep 24 2012 policy</div>
<div>-rwxr-xr-x. 1 root root 10576 Sep 24 2012 ranbits</div>
<div>-rwxr-xr-x. 1 root root 27376 Sep 24 2012 rsasigkey</div>
<div>-rwxr-xr-x. 1 root root 704 Sep 24 2012 secrets</div>
<div>lrwxrwxrwx. 1 root root 30 May 4 01:15 setup -> \
../../../etc/rc.d/init.d/ipsec</div> <div>-rwxr-xr-x. 1 root root 1126 \
Sep 24 2012 showdefaults</div> <div>-rwxr-xr-x. 1 root root 267584 Sep 24 \
2012 showhostkey</div> <div>-rwxr-xr-x. 1 root root 26736 Sep 24 \
2012 showpolicy</div> <div>-rwxr-xr-x. 1 root root 176552 Sep 24 \
2012 spi</div> <div>-rwxr-xr-x. 1 root root 81504 Sep 24 2012 \
spigrp</div> <div>-rwxr-xr-x. 1 root root 77032 Sep 24 2012 tncfg</div>
<div>-rwxr-xr-x. 1 root root 14828 Sep 24 2012 verify</div>
<div>-rwxr-xr-x. 1 root root 59904 Sep 24 2012 whack</div>
<div>+ _________________________ /proc/net/dev</div>
<div>+ cat /proc/net/dev</div>
<div>Inter-| Receive \
\
| Transmit</div> <div> face |bytes \
packets errs drop fifo frame compressed multicast|bytes packets \
errs drop fifo colls carrier compressed</div> <div> lo: 40474 \
252 0 0 0 0 \
0 0 40474 \
252 0 0 0 0 \
0 0</div> <div> eth0: 1532197 \
17970 0 0 0 0 \
0 41 14568681 48900 \
0 0 0 0 0 \
0</div> <div>+ _________________________ \
/proc/net/route</div> <div>+ cat /proc/net/route</div>
<div>Iface Destination Gateway Flags \
RefCnt Use Metric Mask \
MTU Window IRTT \
</div> <div>eth0 \
00DF20B2 00000000 0001 \
0 0 0 \
00FFFFFF 0 0 0 \
\
</div> <div>eth0 00000000 \
FEDF20B2 0003 0 0 \
0 00000000 0 \
0 0 \
</div> <div>+ \
_________________________ /proc/sys/net/ipv4/ip_no_pmtu_disc</div> <div>+ cat \
/proc/sys/net/ipv4/ip_no_pmtu_disc</div> <div>0</div>
<div>+ _________________________ /proc/sys/net/ipv4/ip_forward</div>
<div>+ cat /proc/sys/net/ipv4/ip_forward</div>
<div>1</div>
<div>+ _________________________ /proc/sys/net/ipv4/tcp_ecn</div>
<div>+ cat /proc/sys/net/ipv4/tcp_ecn</div>
<div>2</div>
<div>+ _________________________ /proc/sys/net/ipv4/conf/star-rp_filter</div>
<div>+ cd /proc/sys/net/ipv4/conf</div>
<div>+ egrep '^' all/rp_filter default/rp_filter eth0/rp_filter lo/rp_filter</div>
<div>all/rp_filter:0</div>
<div>default/rp_filter:0</div>
<div>eth0/rp_filter:0</div>
<div>lo/rp_filter:0</div>
<div>+ _________________________ /proc/sys/net/ipv4/conf/star-star-redirects</div>
<div>+ cd /proc/sys/net/ipv4/conf</div>
<div>+ egrep '^' all/accept_redirects all/secure_redirects all/send_redirects \
default/accept_redirects default/secure_redirects default/send_redirects \
eth0/accept_redirects eth0/secure_redirects eth0/send_redirects lo/accept_redirects \
lo/secure_redirects lo/send_redirects</div> <div>all/accept_redirects:0</div>
<div>all/secure_redirects:1</div>
<div>all/send_redirects:0</div>
<div>default/accept_redirects:0</div>
<div>default/secure_redirects:1</div>
<div>default/send_redirects:0</div>
<div>eth0/accept_redirects:0</div>
<div>eth0/secure_redirects:1</div>
<div>eth0/send_redirects:0</div>
<div>lo/accept_redirects:0</div>
<div>lo/secure_redirects:1</div>
<div>lo/send_redirects:0</div>
<div>+ _________________________ /proc/sys/net/ipv4/tcp_window_scaling</div>
<div>+ cat /proc/sys/net/ipv4/tcp_window_scaling</div>
<div>1</div>
<div>+ _________________________ /proc/sys/net/ipv4/tcp_adv_win_scale</div>
<div>+ cat /proc/sys/net/ipv4/tcp_adv_win_scale</div>
<div>2</div>
<div>+ _________________________ uname-a</div>
<div>+ uname -a</div>
<div>Linux <a href="http://ks3307690.kimsufi.com/">ks3307690.kimsufi.com</a> \
2.6.32-358.6.1.el6.x86_64 #1 SMP Tue Apr 23 19:29:00 UTC 2013 x86_64 x86_64 x86_64 \
GNU/Linux</div> <div>+ _________________________ config-built-with</div>
<div>+ test -r /proc/config_built_with</div>
<div>+ _________________________ distro-release</div>
<div>+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release \
/etc/mandrake-release /etc/mandriva-release /etc/gentoo-release</div> <div>+ test -f \
/etc/redhat-release</div> <div>+ cat /etc/redhat-release</div>
<div>CentOS release 6.4 (Final)</div>
<div>+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release \
/etc/mandrake-release /etc/mandriva-release /etc/gentoo-release</div> <div>+ test -f \
/etc/debian-release</div> <div>+ for distro in /etc/redhat-release \
/etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release \
/etc/gentoo-release</div> <div>+ test -f /etc/SuSE-release</div>
<div>+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release \
/etc/mandrake-release /etc/mandriva-release /etc/gentoo-release</div> <div>+ test -f \
/etc/mandrake-release</div> <div>+ for distro in /etc/redhat-release \
/etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release \
/etc/gentoo-release</div> <div>+ test -f /etc/mandriva-release</div>
<div>+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release \
/etc/mandrake-release /etc/mandriva-release /etc/gentoo-release</div> <div>+ test -f \
/etc/gentoo-release</div> <div>+ _________________________ \
/proc/net/ipsec_version</div> <div>+ test -r /proc/net/ipsec_version</div>
<div>+ test -r /proc/net/pfkey</div>
<div>++ uname -r</div>
<div>+ echo 'NETKEY (2.6.32-358.6.1.el6.x86_64) support detected '</div>
<div>NETKEY (2.6.32-358.6.1.el6.x86_64) support detected</div>
<div>+ _________________________ iptables</div>
<div>+ test -r /sbin/iptables-save</div>
<div>+ iptables-save</div>
<div># Generated by iptables-save v1.4.7 on Sat May 4 02:55:49 2013</div>
<div>*mangle</div>
<div>:PREROUTING ACCEPT [4726:242681]</div>
<div>:INPUT ACCEPT [4725:242553]</div>
<div>:FORWARD ACCEPT [0:0]</div>
<div>:OUTPUT ACCEPT [12292:3653325]</div>
<div>:POSTROUTING ACCEPT [12292:3653325]</div>
<div>COMMIT</div>
<div># Completed on Sat May 4 02:55:49 2013</div>
<div># Generated by iptables-save v1.4.7 on Sat May 4 02:55:49 2013</div>
<div>*nat</div>
<div>:PREROUTING ACCEPT [22:2083]</div>
<div>:POSTROUTING ACCEPT [14:1473]</div>
<div>:OUTPUT ACCEPT [221:34157]</div>
<div>-A POSTROUTING -o eth0 -j MASQUERADE</div>
<div>COMMIT</div>
<div># Completed on Sat May 4 02:55:49 2013</div>
<div>+ _________________________ iptables-nat</div>
<div>+ iptables-save -t nat</div>
<div># Generated by iptables-save v1.4.7 on Sat May 4 02:55:49 2013</div>
<div>*nat</div>
<div>:PREROUTING ACCEPT [22:2083]</div>
<div>:POSTROUTING ACCEPT [14:1473]</div>
<div>:OUTPUT ACCEPT [221:34157]</div>
<div>-A POSTROUTING -o eth0 -j MASQUERADE</div>
<div>COMMIT</div>
<div># Completed on Sat May 4 02:55:49 2013</div>
<div>+ _________________________ iptables-mangle</div>
<div>+ iptables-save -t mangle</div>
<div># Generated by iptables-save v1.4.7 on Sat May 4 02:55:49 2013</div>
<div>*mangle</div>
<div>:PREROUTING ACCEPT [4726:242681]</div>
<div>:INPUT ACCEPT [4725:242553]</div>
<div>:FORWARD ACCEPT [0:0]</div>
<div>:OUTPUT ACCEPT [12292:3653325]</div>
<div>:POSTROUTING ACCEPT [12292:3653325]</div>
<div>COMMIT</div>
<div># Completed on Sat May 4 02:55:49 2013</div>
<div>+ _________________________ /proc/modules</div>
<div>+ test -f /proc/modules</div>
<div>+ cat /proc/modules</div>
<div>ipt_MASQUERADE 2466 1 - Live 0xffffffffa0331000</div>
<div>iptable_mangle 3349 0 - Live 0xffffffffa0326000</div>
<div>iptable_nat 6158 1 - Live 0xffffffffa03df000</div>
<div>nf_nat 22759 2 ipt_MASQUERADE,iptable_nat, Live 0xffffffffa03d4000</div>
<div>nf_conntrack_ipv4 9506 3 iptable_nat,nf_nat, Live 0xffffffffa03cd000</div>
<div>nf_defrag_ipv4 1483 1 nf_conntrack_ipv4, Live 0xffffffffa031e000</div>
<div>ip_tables 17831 2 iptable_mangle,iptable_nat, Live 0xffffffffa03c4000</div>
<div>bluetooth 99239 0 - Live 0xffffffffa03a0000</div>
<div>rfkill 19255 1 bluetooth, Live 0xffffffffa0396000</div>
<div>ah6 5191 0 - Live 0xffffffffa030a000</div>
<div>ah4 4320 0 - Live 0xffffffffa0305000</div>
<div>esp6 4979 0 - Live 0xffffffffa0300000</div>
<div>esp4 5358 2 - Live 0xffffffffa02f0000</div>
<div>xfrm4_mode_beet 2069 0 - Live 0xffffffffa02ec000</div>
<div>xfrm4_tunnel 1981 0 - Live 0xffffffffa02dc000</div>
<div>xfrm4_mode_tunnel 2002 4 - Live 0xffffffffa02d6000</div>
<div>xfrm4_mode_transport 1449 0 - Live 0xffffffffa02d0000</div>
<div>xfrm6_mode_transport 1545 0 - Live 0xffffffffa02ca000</div>
<div>xfrm6_mode_ro 1318 0 - Live 0xffffffffa02c4000</div>
<div>xfrm6_mode_beet 2020 0 - Live 0xffffffffa02bc000</div>
<div>xfrm6_mode_tunnel 1906 2 - Live 0xffffffffa02ad000</div>
<div>ipcomp 2073 0 - Live 0xffffffffa02a3000</div>
<div>ipcomp6 2138 0 - Live 0xffffffffa015a000</div>
<div>xfrm6_tunnel 7969 1 ipcomp6, Live 0xffffffffa0285000</div>
<div>af_key 29685 0 - Live 0xffffffffa026c000</div>
<div>authenc 6651 2 - Live 0xffffffffa0374000</div>
<div>deflate 2107 0 - Live 0xffffffffa0370000</div>
<div>zlib_deflate 21629 1 deflate, Live 0xffffffffa0367000</div>
<div>ctr 4063 0 - Live 0xffffffffa0363000</div>
<div>camellia 18334 0 - Live 0xffffffffa035b000</div>
<div>cast5 15242 0 - Live 0xffffffffa0354000</div>
<div>rmd160 8154 0 - Live 0xffffffffa034f000</div>
<div>crypto_null 2952 0 - Live 0xffffffffa034b000</div>
<div>ccm 8247 0 - Live 0xffffffffa0345000</div>
<div>serpent 18455 0 - Live 0xffffffffa033d000</div>
<div>blowfish 7884 0 - Live 0xffffffffa0338000</div>
<div>twofish_x86_64 5297 0 - Live 0xffffffffa0333000</div>
<div>twofish_common 14633 1 twofish_x86_64, Live 0xffffffffa032c000</div>
<div>ecb 2209 0 - Live 0xffffffffa0328000</div>
<div>xcbc 2849 0 - Live 0xffffffffa0324000</div>
<div>cbc 3083 2 - Live 0xffffffffa0320000</div>
<div>sha256_generic 10361 0 - Live 0xffffffffa031a000</div>
<div>sha512_generic 4974 0 - Live 0xffffffffa0315000</div>
<div>des_generic 16604 2 - Live 0xffffffffa030d000</div>
<div>cryptd 8006 0 - Live 0xffffffffa02fa000</div>
<div>aes_x86_64 7961 0 - Live 0xffffffffa02f5000</div>
<div>aes_generic 27609 1 aes_x86_64, Live 0xffffffffa02e2000</div>
<div>tunnel4 2943 1 xfrm4_tunnel, Live 0xffffffffa02c2000</div>
<div>xfrm_ipcomp 4610 2 ipcomp,ipcomp6, Live 0xffffffffa0275000</div>
<div>tunnel6 2714 1 xfrm6_tunnel, Live 0xffffffffa0042000</div>
<div>ip6t_REJECT 4628 2 - Live 0xffffffffa02b7000</div>
<div>nf_conntrack_ipv6 8748 2 - Live 0xffffffffa02b0000</div>
<div>nf_defrag_ipv6 11182 1 nf_conntrack_ipv6, Live 0xffffffffa02a9000</div>
<div>xt_state 1492 2 - Live 0xffffffffa015e000</div>
<div>nf_conntrack 79645 6 \
ipt_MASQUERADE,iptable_nat,nf_nat,nf_conntrack_ipv4,nf_conntrack_ipv6,xt_state, Live \
0xffffffffa0288000</div> <div>ip6table_filter 2889 1 - Live 0xffffffffa0055000</div>
<div>ip6_tables 19458 1 ip6table_filter, Live 0xffffffffa027f000</div>
<div>ipv6 321454 40 ah6,esp6,xfrm6_mode_beet,xfrm6_mode_tunnel,ipcomp6,xfrm6_tunnel,tunnel6,ip6t_REJECT,nf_conntrack_ipv6,nf_defrag_ipv6, \
Live 0xffffffffa021c000</div> <div>sg 29350 0 - Live 0xffffffffa0151000</div>
<div>serio_raw 4594 0 - Live 0xffffffffa0032000</div>
<div>i2c_i801 11167 0 - Live 0xffffffffa0019000</div>
<div>xhci_hcd 142149 0 - Live 0xffffffffa01ef000</div>
<div>iTCO_wdt 14990 0 - Live 0xffffffffa00bb000</div>
<div>iTCO_vendor_support 3088 1 iTCO_wdt, Live 0xffffffffa0037000</div>
<div>ext3 232456 2 - Live 0xffffffffa01b5000</div>
<div>jbd 79071 1 ext3, Live 0xffffffffa01a0000</div>
<div>mbcache 8193 1 ext3, Live 0xffffffffa004d000</div>
<div>raid1 31657 2 - Live 0xffffffffa00a4000</div>
<div>sd_mod 38976 8 - Live 0xffffffffa0099000</div>
<div>crc_t10dif 1541 1 sd_mod, Live 0xffffffffa0023000</div>
<div>ahci 41127 6 - Live 0xffffffffa0145000</div>
<div>e1000e 253849 0 - Live 0xffffffffa0161000</div>
<div>wmi 6287 0 - Live 0xffffffffa0016000</div>
<div>i915 537570 1 - Live 0xffffffffa00c0000</div>
<div>drm_kms_helper 40087 1 i915, Live 0xffffffffa00b0000</div>
<div>drm 265638 2 i915,drm_kms_helper, Live 0xffffffffa0057000</div>
<div>i2c_algo_bit 5935 1 i915, Live 0xffffffffa0052000</div>
<div>i2c_core 31084 5 i2c_i801,i915,drm_kms_helper,drm,i2c_algo_bit, Live \
0xffffffffa0044000</div> <div>video 20674 1 i915, Live 0xffffffffa0039000</div>
<div>output 2409 1 video, Live 0xffffffffa0035000</div>
<div>dm_mirror 14133 0 - Live 0xffffffffa002d000</div>
<div>dm_region_hash 12085 1 dm_mirror, Live 0xffffffffa0026000</div>
<div>dm_log 9930 2 dm_mirror,dm_region_hash, Live 0xffffffffa001f000</div>
<div>dm_mod 82839 2 dm_mirror,dm_log, Live 0xffffffffa0000000</div>
<div>+ _________________________ /proc/meminfo</div>
<div>+ cat /proc/meminfo</div>
<div>MemTotal: 8089016 kB</div>
<div>MemFree: 7839892 kB</div>
<div>Buffers: 8560 kB</div>
<div>Cached: 61384 kB</div>
<div>SwapCached: 0 kB</div>
<div>Active: 61012 kB</div>
<div>Inactive: 46064 kB</div>
<div>Active(anon): 37288 kB</div>
<div>Inactive(anon): 3540 kB</div>
<div>Active(file): 23724 kB</div>
<div>Inactive(file): 42524 kB</div>
<div>Unevictable: 0 kB</div>
<div>Mlocked: 0 kB</div>
<div>SwapTotal: 8386544 kB</div>
<div>SwapFree: 8386544 kB</div>
<div>Dirty: 4 kB</div>
<div>Writeback: 0 kB</div>
<div>AnonPages: 37224 kB</div>
<div>Mapped: 10824 kB</div>
<div>Shmem: 3688 kB</div>
<div>Slab: 64536 kB</div>
<div>SReclaimable: 11388 kB</div>
<div>SUnreclaim: 53148 kB</div>
<div>KernelStack: 1104 kB</div>
<div>PageTables: 2464 kB</div>
<div>NFS_Unstable: 0 kB</div>
<div>Bounce: 0 kB</div>
<div>WritebackTmp: 0 kB</div>
<div>CommitLimit: 12431052 kB</div>
<div>Committed_AS: 191160 kB</div>
<div>VmallocTotal: 34359738367 kB</div>
<div>VmallocUsed: 366072 kB</div>
<div>VmallocChunk: 34359366644 kB</div>
<div>HardwareCorrupted: 0 kB</div>
<div>AnonHugePages: 16384 kB</div>
<div>HugePages_Total: 0</div>
<div>HugePages_Free: 0</div>
<div>HugePages_Rsvd: 0</div>
<div>HugePages_Surp: 0</div>
<div>Hugepagesize: 2048 kB</div>
<div>DirectMap4k: 8192 kB</div>
<div>DirectMap2M: 8288256 kB</div>
<div>+ _________________________ /proc/net/ipsec-ls</div>
<div>+ test -f /proc/net/ipsec_version</div>
<div>+ _________________________ usr/src/linux/.config</div>
<div>+ test -f /proc/config.gz</div>
<div>++ uname -r</div>
<div>+ test -f /lib/modules/2.6.32-358.6.1.el6.x86_64/build/.config</div>
<div>+ echo 'no .config file found, cannot list kernel properties'</div>
<div>no .config file found, cannot list kernel properties</div>
<div>+ _________________________ etc/syslog.conf</div>
<div>+ _________________________ etc/syslog-ng/syslog-ng.conf</div>
<div>+ cat /etc/syslog-ng/syslog-ng.conf</div>
<div>cat: /etc/syslog-ng/syslog-ng.conf: No such file or directory</div>
<div>+ cat /etc/syslog.conf</div>
<div>cat: /etc/syslog.conf: No such file or directory</div>
<div>+ _________________________ etc/resolv.conf</div>
<div>+ cat /etc/resolv.conf</div>
<div>nameserver 127.0.0.1</div>
<div>nameserver 213.186.33.99</div>
<div>search <a href="http://ovh.net/">ovh.net</a></div>
<div>+ _________________________ lib/modules-ls</div>
<div>+ ls -ltr /lib/modules</div>
<div>total 8</div>
<div>drwxr-xr-x. 7 root root 4096 May 4 01:05 2.6.32-358.6.1.el6.x86_64</div>
<div>+ _________________________ fipscheck</div>
<div>+ cat /proc/sys/crypto/fips_enabled</div>
<div>0</div>
<div>+ _________________________ /proc/ksyms-netif_rx</div>
<div>+ test -r /proc/ksyms</div>
<div>+ test -r /proc/kallsyms</div>
<div>+ egrep netif_rx /proc/kallsyms</div>
<div>ffffffff8144d2b0 T netif_rx</div>
<div>ffffffff8144d520 T netif_rx_ni</div>
<div>ffffffff814611e0 t ftrace_raw_output_netif_rx</div>
<div>ffffffff81461750 t ftrace_profile_disable_netif_rx</div>
<div>ffffffff81461770 t ftrace_raw_unreg_event_netif_rx</div>
<div>ffffffff81461e10 t ftrace_profile_enable_netif_rx</div>
<div>ffffffff81461e30 t ftrace_raw_reg_event_netif_rx</div>
<div>ffffffff81462700 t ftrace_raw_init_event_netif_rx</div>
<div>ffffffff81462e20 t ftrace_profile_netif_rx</div>
<div>ffffffff81463760 t ftrace_raw_event_netif_rx</div>
<div>ffffffff818162d2 r __tpstrtab_netif_rx</div>
<div>ffffffff81829720 r __ksymtab_netif_rx_ni</div>
<div>ffffffff81829730 r __ksymtab_netif_rx</div>
<div>ffffffff818395e8 r __kcrctab_netif_rx_ni</div>
<div>ffffffff818395f0 r __kcrctab_netif_rx</div>
<div>ffffffff81853fb4 r __kstrtab_netif_rx_ni</div>
<div>ffffffff81853fc0 r __kstrtab_netif_rx</div>
<div>ffffffff81b186a0 d ftrace_event_type_netif_rx</div>
<div>ffffffff81bcddc0 D __tracepoint_netif_rx</div>
<div>ffffffff81bf8250 d event_netif_rx</div>
<div>+ _________________________ lib/modules-netif_rx</div>
<div>+ modulegoo kernel/net/ipv4/ipip.o netif_rx</div>
<div>+ set +x</div>
<div>2.6.32-358.6.1.el6.x86_64:</div>
<div>+ _________________________ kern.debug</div>
<div>+ test -f /var/log/kern.debug</div>
<div>+ _________________________ klog</div>
<div>+ sed -n '1542,$p' /var/log/messages</div>
<div>+ egrep -i 'ipsec|klips|pluto'</div>
<div>+ case "$1" in</div>
<div>+ cat</div>
<div>May 4 02:09:47 ks3307690 ipsec_setup: Starting Openswan IPsec \
U2.6.32/K2.6.32-358.6.1.el6.x86_64...</div> <div>May 4 02:09:47 ks3307690 \
ipsec_setup: Using NETKEY(XFRM) stack</div> <div>May 4 02:09:47 ks3307690 \
ipsec_setup: /usr/libexec/ipsec/addconn Non-fips mode set in \
/proc/sys/crypto/fips_enabled</div> <div>May 4 02:09:47 ks3307690 ipsec_setup: \
...Openswan IPsec started</div> <div>May 4 02:09:47 ks3307690 ipsec__plutorun: \
/usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled</div> \
<div>May 4 02:09:47 ks3307690 ipsec__plutorun: adjusting ipsec.d to \
/etc/ipsec.d</div> <div>May 4 02:09:47 ks3307690 pluto: adjusting ipsec.d to \
/etc/ipsec.d</div> <div>May 4 02:09:47 ks3307690 ipsec__plutorun: \
/usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled</div> \
<div>May 4 02:09:47 ks3307690 ipsec__plutorun: /usr/libexec/ipsec/addconn \
Non-fips mode set in /proc/sys/crypto/fips_enabled</div> <div>May 4 02:09:47 \
ks3307690 ipsec__plutorun: 002 added connection description "mikrotik"</div> <div>May \
4 02:09:47 ks3307690 ipsec__plutorun: 003 no secrets filename matched \
"/etc/ipsec.d/*.secrets"</div> <div>May 4 02:09:47 ks3307690 ipsec__plutorun: \
104 "mikrotik" #1: STATE_MAIN_I1: initiate</div> <div>+ _________________________ \
plog</div> <div>+ sed -n '889,$p' /var/log/secure</div>
<div>+ egrep -i pluto</div>
<div>+ case "$1" in</div>
<div>+ cat</div>
<div>May 4 02:09:47 ks3307690 ipsec__plutorun: Starting Pluto \
subsystem...</div> <div>May 4 02:09:47 ks3307690 pluto[4903]: nss directory \
plutomain: /etc/ipsec.d</div> <div>May 4 02:09:47 ks3307690 pluto[4903]: NSS \
Initialized</div> <div>May 4 02:09:47 ks3307690 pluto[4903]: Non-fips mode set \
in /proc/sys/crypto/fips_enabled</div> <div>May 4 02:09:47 ks3307690 \
pluto[4903]: Starting Pluto (Openswan Version 2.6.32; Vendor ID OEhyLdACecfa) \
pid:4903</div> <div>May 4 02:09:47 ks3307690 pluto[4903]: Non-fips mode set in \
/proc/sys/crypto/fips_enabled</div> <div>May 4 02:09:47 ks3307690 pluto[4903]: \
LEAK_DETECTIVE support [disabled]</div> <div>May 4 02:09:47 ks3307690 \
pluto[4903]: OCF support for IKE [disabled]</div> <div>May 4 02:09:47 ks3307690 \
pluto[4903]: SAref support [disabled]: Protocol not available</div> <div>May 4 \
02:09:47 ks3307690 pluto[4903]: SAbind support [disabled]: Protocol not \
available</div> <div>May 4 02:09:47 ks3307690 pluto[4903]: NSS support \
[enabled]</div> <div>May 4 02:09:47 ks3307690 pluto[4903]: HAVE_STATSD \
notification support not compiled in</div> <div>May 4 02:09:47 ks3307690 \
pluto[4903]: Setting NAT-Traversal port-4500 floating to on</div> <div>May 4 \
02:09:47 ks3307690 pluto[4903]: port floating activation criteria \
nat_t=1/port_float=1</div> <div>May 4 02:09:47 ks3307690 pluto[4903]: \
NAT-Traversal support [enabled]</div> <div>May 4 02:09:47 ks3307690 \
pluto[4903]: 1 bad entries in virtual_private - none loaded</div> <div>May 4 \
02:09:47 ks3307690 pluto[4903]: ike_alg_register_enc(): Activating \
OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)</div> <div>May 4 02:09:47 ks3307690 \
pluto[4903]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)</div> \
<div>May 4 02:09:47 ks3307690 pluto[4903]: ike_alg_register_enc(): Activating \
OAKLEY_SERPENT_CBC: Ok (ret=0)</div> <div>May 4 02:09:47 ks3307690 pluto[4903]: \
ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)</div> <div>May 4 \
02:09:47 ks3307690 pluto[4903]: ike_alg_register_enc(): Activating \
OAKLEY_BLOWFISH_CBC: Ok (ret=0)</div> <div>May 4 02:09:47 ks3307690 \
pluto[4903]: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)</div> \
<div>May 4 02:09:47 ks3307690 pluto[4903]: ike_alg_register_hash(): Activating \
OAKLEY_SHA2_256: Ok (ret=0)</div> <div>May 4 02:09:47 ks3307690 pluto[4903]: \
starting up 3 cryptographic helpers</div> <div>May 4 02:09:47 ks3307690 \
pluto[4903]: started helper (thread) pid=140013406775040 (fd:10)</div> <div>May \
4 02:09:47 ks3307690 pluto[4903]: started helper (thread) pid=140013396285184 \
(fd:12)</div> <div>May 4 02:09:47 ks3307690 pluto[4903]: started helper \
(thread) pid=140013316601600 (fd:14)</div> <div>May 4 02:09:47 ks3307690 \
pluto[4903]: Using Linux 2.6 IPsec interface code on 2.6.32-358.6.1.el6.x86_64 \
(experimental code)</div> <div>May 4 02:09:47 ks3307690 pluto[4903]: \
ike_alg_register_enc(): Activating aes_ccm_8: Ok (ret=0)</div> <div>May 4 \
02:09:47 ks3307690 pluto[4903]: ike_alg_add(): ERROR: Algorithm already exists</div> \
<div>May 4 02:09:47 ks3307690 pluto[4903]: ike_alg_register_enc(): Activating \
aes_ccm_12: FAILED (ret=-17)</div> <div>May 4 02:09:47 ks3307690 pluto[4903]: \
ike_alg_add(): ERROR: Algorithm already exists</div> <div>May 4 02:09:47 \
ks3307690 pluto[4903]: ike_alg_register_enc(): Activating aes_ccm_16: FAILED \
(ret=-17)</div> <div>May 4 02:09:47 ks3307690 pluto[4903]: ike_alg_add(): \
ERROR: Algorithm already exists</div> <div>May 4 02:09:47 ks3307690 \
pluto[4903]: ike_alg_register_enc(): Activating aes_gcm_8: FAILED (ret=-17)</div> \
<div>May 4 02:09:47 ks3307690 pluto[4903]: ike_alg_add(): ERROR: Algorithm \
already exists</div> <div>May 4 02:09:47 ks3307690 pluto[4903]: \
ike_alg_register_enc(): Activating aes_gcm_12: FAILED (ret=-17)</div> <div>May \
4 02:09:47 ks3307690 pluto[4903]: ike_alg_add(): ERROR: Algorithm already \
exists</div> <div>May 4 02:09:47 ks3307690 pluto[4903]: ike_alg_register_enc(): \
Activating aes_gcm_16: FAILED (ret=-17)</div> <div>May 4 02:09:47 ks3307690 \
pluto[4903]: Could not change to directory '/etc/ipsec.d/cacerts': /</div> <div>May \
4 02:09:47 ks3307690 pluto[4903]: Could not change to directory \
'/etc/ipsec.d/aacerts': /</div> <div>May 4 02:09:47 ks3307690 pluto[4903]: \
Could not change to directory '/etc/ipsec.d/ocspcerts': /</div> <div>May 4 \
02:09:47 ks3307690 pluto[4903]: Could not change to directory \
'/etc/ipsec.d/crls'</div> <div>May 4 02:09:47 ks3307690 pluto[4903]: | selinux \
support is enabled.</div> <div>May 4 02:09:47 ks3307690 pluto[4903]: added \
connection description "mikrotik"</div> <div>May 4 02:09:47 ks3307690 \
pluto[4903]: listening for IKE messages</div> <div>May 4 02:09:47 ks3307690 \
pluto[4903]: adding interface eth0/eth0 <a \
href="http://179.34.222.31:500/">179.34.222.31:500</a></div> <div>May 4 \
02:09:47 ks3307690 pluto[4903]: adding interface eth0/eth0 <a \
href="http://179.34.222.31:4500/">179.34.222.31:4500</a></div> <div>May 4 \
02:09:47 ks3307690 pluto[4903]: adding interface lo/lo <a \
href="http://127.0.0.1:500/">127.0.0.1:500</a></div> <div>May 4 02:09:47 \
ks3307690 pluto[4903]: adding interface lo/lo <a \
href="http://127.0.0.1:4500/">127.0.0.1:4500</a></div> <div>May 4 02:09:47 \
ks3307690 pluto[4903]: adding interface lo/lo ::1:500</div> <div>May 4 02:09:47 \
ks3307690 pluto[4903]: adding interface eth0/eth0 2001:41d0:8:e242::1:500</div> \
<div>May 4 02:09:47 ks3307690 pluto[4903]: loading secrets from \
"/etc/ipsec.secrets"</div> <div>May 4 02:09:47 ks3307690 pluto[4903]: no \
secrets filename matched "/etc/ipsec.d/*.secrets"</div> <div>May 4 02:09:47 \
ks3307690 pluto[4903]: "mikrotik" #1: initiating Main Mode</div> <div>May 4 \
02:09:47 ks3307690 pluto[4903]: "mikrotik" #1: received Vendor ID payload [Dead Peer \
Detection]</div> <div>May 4 02:09:47 ks3307690 pluto[4903]: "mikrotik" #1: \
transition from state STATE_MAIN_I1 to state STATE_MAIN_I2</div> <div>May 4 \
02:09:47 ks3307690 pluto[4903]: "mikrotik" #1: STATE_MAIN_I2: sent MI2, expecting \
MR2</div> <div>May 4 02:09:48 ks3307690 pluto[4903]: "mikrotik" #1: transition \
from state STATE_MAIN_I2 to state STATE_MAIN_I3</div> <div>May 4 02:09:48 \
ks3307690 pluto[4903]: "mikrotik" #1: STATE_MAIN_I3: sent MI3, expecting MR3</div> \
<div>May 4 02:09:48 ks3307690 pluto[4903]: "mikrotik" #1: next payload type of \
ISAKMP Hash Payload has an unknown value: 184</div> <div>May 4 02:09:48 \
ks3307690 pluto[4903]: "mikrotik" #1: malformed payload in packet</div> <div>May \
4 02:09:48 ks3307690 pluto[4903]: | payload malformed after IV</div> <div>May \
4 02:09:48 ks3307690 pluto[4903]: | d5 e9 80 46 c0 88 41 e9</div> \
<div>May 4 02:09:48 ks3307690 pluto[4903]: "mikrotik" #1: sending notification \
PAYLOAD_MALFORMED to <a href="http://82.198.121.45:500/">82.198.121.45:500</a></div> \
<div>May 4 02:09:48 ks3307690 pluto[4903]: "mikrotik" #1: byte 2 of ISAKMP Hash \
Payload must be zero, but is not</div> <div>May 4 02:09:48 ks3307690 \
pluto[4903]: "mikrotik" #1: malformed payload in packet</div> <div>May 4 \
02:09:48 ks3307690 pluto[4903]: "mikrotik" #1: Main mode peer ID is ID_IPV4_ADDR: \
'82.198.121.45'</div> <div>May 4 02:09:48 ks3307690 pluto[4903]: "mikrotik" #1: \
transition from state STATE_MAIN_I3 to state STATE_MAIN_I4</div> <div>May 4 \
02:09:48 ks3307690 pluto[4903]: "mikrotik" #1: STATE_MAIN_I4: ISAKMP SA established \
{auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha \
group=modp1024}</div> <div>May 4 02:09:48 ks3307690 pluto[4903]: "mikrotik" #2: \
initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW+SAREFTRACK {using isakmp#1 \
msgid:121009cf proposal=defaults pfsgroup=OAKLEY_GROUP_MODP1024}</div> <div>May \
4 02:09:48 ks3307690 pluto[4903]: "mikrotik" #2: transition from state \
STATE_QUICK_I1 to state STATE_QUICK_I2</div> <div>May 4 02:09:48 ks3307690 \
pluto[4903]: "mikrotik" #2: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel \
mode {ESP=>0x08ab66a0 <0xc0d22436 xfrm=3DES_0-HMAC_SHA1 NATOA=none NATD=none \
DPD=none}</div> <div>May 4 02:10:08 ks3307690 pluto[4903]: "mikrotik" #3: \
initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW+SAREFTRACK {using isakmp#1 \
msgid:8eb8d24a proposal=defaults pfsgroup=OAKLEY_GROUP_MODP1024}</div> <div>May \
4 02:10:08 ks3307690 pluto[4903]: "mikrotik" #3: transition from state \
STATE_QUICK_I1 to state STATE_QUICK_I2</div> <div>May 4 02:10:08 ks3307690 \
pluto[4903]: "mikrotik" #3: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel \
mode {ESP=>0x03d0e567 <0x8b2ece14 xfrm=3DES_0-HMAC_SHA1 NATOA=none NATD=none \
DPD=none}</div> <div>May 4 02:48:10 ks3307690 pluto[4903]: "mikrotik": \
terminating SAs using this connection</div> <div>May 4 02:48:10 ks3307690 \
pluto[4903]: "mikrotik" #3: deleting state (STATE_QUICK_I2)</div> <div>May 4 \
02:48:10 ks3307690 pluto[4903]: "mikrotik" #2: deleting state (STATE_QUICK_I2)</div> \
<div>May 4 02:48:10 ks3307690 pluto[4903]: "mikrotik" #1: deleting state \
(STATE_MAIN_I4)</div> <div>May 4 02:48:18 ks3307690 pluto[4903]: "mikrotik" #4: \
initiating Main Mode</div> <div>May 4 02:48:18 ks3307690 pluto[4903]: \
"mikrotik" #4: received Vendor ID payload [Dead Peer Detection]</div> <div>May \
4 02:48:18 ks3307690 pluto[4903]: "mikrotik" #4: transition from state \
STATE_MAIN_I1 to state STATE_MAIN_I2</div> <div>May 4 02:48:18 ks3307690 \
pluto[4903]: "mikrotik" #4: STATE_MAIN_I2: sent MI2, expecting MR2</div> <div>May \
4 02:48:18 ks3307690 pluto[4903]: "mikrotik" #4: transition from state \
STATE_MAIN_I2 to state STATE_MAIN_I3</div> <div>May 4 02:48:18 ks3307690 \
pluto[4903]: "mikrotik" #4: STATE_MAIN_I3: sent MI3, expecting MR3</div> <div>May \
4 02:48:19 ks3307690 pluto[4903]: "mikrotik" #4: Main mode peer ID is \
ID_IPV4_ADDR: '82.198.121.45'</div> <div>May 4 02:48:19 ks3307690 pluto[4903]: \
"mikrotik" #4: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4</div> \
<div>May 4 02:48:19 ks3307690 pluto[4903]: "mikrotik" #4: STATE_MAIN_I4: ISAKMP \
SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha \
group=modp1024}</div> <div>May 4 02:48:19 ks3307690 pluto[4903]: "mikrotik" #5: \
initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW+SAREFTRACK {using isakmp#4 \
msgid:3eac258b proposal=defaults pfsgroup=OAKLEY_GROUP_MODP1024}</div> <div>May \
4 02:48:19 ks3307690 pluto[4903]: "mikrotik" #5: transition from state \
STATE_QUICK_I1 to state STATE_QUICK_I2</div> <div>May 4 02:48:19 ks3307690 \
pluto[4903]: "mikrotik" #5: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel \
mode {ESP=>0x06fb8921 <0x112666f8 xfrm=3DES_0-HMAC_SHA1 NATOA=none NATD=none \
DPD=none}</div> <div>May 4 02:50:11 ks3307690 pluto[4903]: "mikrotik": deleting \
connection</div> <div>May 4 02:50:11 ks3307690 pluto[4903]: "mikrotik" #5: \
deleting state (STATE_QUICK_I2)</div> <div>May 4 02:50:11 ks3307690 \
pluto[4903]: "mikrotik" #4: deleting state (STATE_MAIN_I4)</div> <div>May 4 \
02:50:11 ks3307690 pluto[4903]: added connection description "mikrotik"</div> \
<div>May 4 02:50:19 ks3307690 pluto[4903]: "mikrotik" #6: initiating Main \
Mode</div> <div>May 4 02:50:20 ks3307690 pluto[4903]: "mikrotik" #6: received \
Vendor ID payload [Dead Peer Detection]</div> <div>May 4 02:50:20 ks3307690 \
pluto[4903]: "mikrotik" #6: transition from state STATE_MAIN_I1 to state \
STATE_MAIN_I2</div> <div>May 4 02:50:20 ks3307690 pluto[4903]: "mikrotik" #6: \
STATE_MAIN_I2: sent MI2, expecting MR2</div> <div>May 4 02:50:20 ks3307690 \
pluto[4903]: "mikrotik" #6: transition from state STATE_MAIN_I2 to state \
STATE_MAIN_I3</div> <div>May 4 02:50:20 ks3307690 pluto[4903]: "mikrotik" #6: \
STATE_MAIN_I3: sent MI3, expecting MR3</div> <div>May 4 02:50:20 ks3307690 \
pluto[4903]: "mikrotik" #6: Main mode peer ID is ID_IPV4_ADDR: '82.198.121.45'</div> \
<div>May 4 02:50:20 ks3307690 pluto[4903]: "mikrotik" #6: transition from state \
STATE_MAIN_I3 to state STATE_MAIN_I4</div> <div>May 4 02:50:20 ks3307690 \
pluto[4903]: "mikrotik" #6: STATE_MAIN_I4: ISAKMP SA established \
{auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha \
group=modp1024}</div> <div>May 4 02:50:20 ks3307690 pluto[4903]: "mikrotik" #7: \
initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW+SAREFTRACK {using isakmp#6 \
msgid:aae4f37f proposal=defaults pfsgroup=OAKLEY_GROUP_MODP1024}</div> <div>May \
4 02:50:20 ks3307690 pluto[4903]: "mikrotik" #7: transition from state \
STATE_QUICK_I1 to state STATE_QUICK_I2</div> <div>May 4 02:50:20 ks3307690 \
pluto[4903]: "mikrotik" #7: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel \
mode {ESP=>0x01eea26a <0x743427d2 xfrm=3DES_0-HMAC_SHA1 NATOA=none NATD=none \
DPD=none}</div> <div>+ _________________________ date</div>
<div>+ date</div>
<div>Sat May 4 02:55:49 CEST 2013</div>
<div> </div>
<div> </div>
<div>Is it possible to solve this problem?</div>
<div>Thanks in advance.</div>
</div>
</div>
</div>
</div>
<br /><br /></div>
</div>
<br /><!-- html ignored --><br />
<pre>_______________________________________________
<a href="mailto:Users@lists.openswan.org">Users@lists.openswan.org</a>
<a href="https://lists.openswan.org/mailman/listinfo/users">https://lists.openswan.org/mailman/listinfo/users</a>
Micropayments: <a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a>
Building and Integrating Virtual Private Networks with Openswan:
<a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a>
</pre>
</blockquote>
</body></html>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic