[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openswan-users
Subject:    Re: [Openswan Users] SA Established, no ping
From:       Nick Howitt <n1ck.h0w1tt () gmail ! com>
Date:       2013-05-07 7:34:49
Message-ID: 95a4f4f6cf7960fc4dadaafb77ae3938 () howitts ! poweredbyclear ! com
[Download RAW message or body]

Add left/rightsourceip to your conns

Nick

On 2013-05-07 02:34,
Patrick Naubert wrote:

> Rescued from the Spam bucket. Please remember
to subscribe to the mailing list before posting to it.
> 
> Begin
forwarded message:
> 
> FROM: "serzer@gmail.com" <serzer@gmail.com>
> 
SUBJECT: SA ESTABLISHED, NO PING
> 
> DATE: 3 May, 2013 8:59:36 PM EDT
> 

> TO: users@lists.openswan.org
> 
> Hello, I am trying to establish
connection between my mikrotik router and CentOS 6.4 server
> 
> Looks
like ipsec tunnel is establishing, but i am not able to ping my router:

> 
> [root@ks3307690 ~]# ping 192.168.0.1
> PING 192.168.0.1
(192.168.0.1) 56(84) bytes of data.
> ^C
> --- 192.168.0.1 ping
statistics ---
> 3 packets transmitted, 0 received, 100% packet loss,
time 2285ms
> 
> [root@ks3307690 ~]# traceroute 192.168.0.1
> 
traceroute to 192.168.0.1 (192.168.0.1), 30 hops max, 60 byte packets
> 
1 178.32.223.253 (178.32.223.253) 0.842 ms^C
> 
> here is the barf log:

> 
> [root@ks3307690 ~]# ipsec barf
> ks3307690.kimsufi.com [4]
> Sat
May 4 02:55:49 CEST 2013
> + _________________________ version
> +
ipsec --version
> Linux Openswan U2.6.32/K2.6.32-358.6.1.el6.x86_64
(netkey)
> See `ipsec --copyright' for copyright information.
> +
_________________________ /proc/version
> + cat /proc/version
> Linux
version 2.6.32-358.6.1.el6.x86_64 (mockbuild@c6b9.bsys.dev.centos.org)
(gcc version 4.4.7 20120313 (Red Hat 4.4.7-3) (GCC) ) #1 SMP Tue Apr 23
19:29:00 UTC 2013
> + _________________________ /proc/net/ipsec_eroute

> + test -r /proc/net/ipsec_eroute
> + _________________________
netstat-rn
> + netstat -nr
> + head -n 100
> Kernel IP routing table

> Destination Gateway Genmask Flags MSS Window irtt Iface
> 
178.32.223.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
> 0.0.0.0
178.32.223.254 0.0.0.0 UG 0 0 0 eth0
> + _________________________
/proc/net/ipsec_spi
> + test -r /proc/net/ipsec_spi
> +
_________________________ /proc/net/ipsec_spigrp
> + test -r
/proc/net/ipsec_spigrp
> + _________________________
/proc/net/ipsec_tncfg
> + test -r /proc/net/ipsec_tncfg
> +
_________________________ /proc/net/pfkey
> + test -r /proc/net/pfkey

> + cat /proc/net/pfkey
> sk RefCnt Rmem Wmem User Inode
> +
_________________________ ip-xfrm-state
> + ip xfrm state
> src
82.198.121.45 dst 179.34.222.31
> proto esp spi 0x743427d2 reqid 16389
mode tunnel
> replay-window 32 flag 20
> auth hmac(sha1)
0x0ec98333b7b35011dd556775706927fb24bc91b4
> enc cbc(des3_ede)
0x5acc8c5560d040f567ead8e79977da51e0c50db968e4aa15
> src 179.34.222.31
dst 82.198.121.45
> proto esp spi 0x01eea26a reqid 16389 mode tunnel
> 
replay-window 32 flag 20
> auth hmac(sha1)
0x2564bcea5b8774578011ab4ab09bd9323f436f16
> enc cbc(des3_ede)
0x059e52c2b2dd0dbca0342ff5be47c5a908f1be5bb4de6447
> +
_________________________ ip-xfrm-policy
> + ip xfrm policy
> src
192.168.1.0/24 [5] dst 192.168.0.0/24 [6]
> dir out priority 2344 ptype
main
> tmpl src 179.34.222.31 dst 82.198.121.45
> proto esp reqid
16389 mode tunnel
> src 192.168.0.0/24 [6] dst 192.168.1.0/24 [5]
> 
dir fwd priority 2344 ptype main
> tmpl src 82.198.121.45 dst
179.34.222.31
> proto esp reqid 16389 mode tunnel
> src 192.168.0.0/24
[6] dst 192.168.1.0/24 [5]
> dir in priority 2344 ptype main
> tmpl
src 82.198.121.45 dst 179.34.222.31
> proto esp reqid 16389 mode tunnel

> src ::/0 dst ::/0
> dir 4 priority 0 ptype main
> src ::/0 dst ::/0

> dir 3 priority 0 ptype main
> src ::/0 dst ::/0
> dir 4 priority 0
ptype main
> src ::/0 dst ::/0
> dir 3 priority 0 ptype main
> src
0.0.0.0/0 [7] dst 0.0.0.0/0 [7]
> dir 4 priority 0 ptype main
> src
0.0.0.0/0 [7] dst 0.0.0.0/0 [7]
> dir 3 priority 0 ptype main
> src
0.0.0.0/0 [7] dst 0.0.0.0/0 [7]
> dir 4 priority 0 ptype main
> src
0.0.0.0/0 [7] dst 0.0.0.0/0 [7]
> dir 3 priority 0 ptype main
> src
0.0.0.0/0 [7] dst 0.0.0.0/0 [7]
> dir 4 priority 0 ptype main
> src
0.0.0.0/0 [7] dst 0.0.0.0/0 [7]
> dir 3 priority 0 ptype main
> src
0.0.0.0/0 [7] dst 0.0.0.0/0 [7]
> dir 4 priority 0 ptype main
> src
0.0.0.0/0 [7] dst 0.0.0.0/0 [7]
> dir 3 priority 0 ptype main
> +
_________________________ /proc/crypto
> + test -r /proc/crypto
> +
cat /proc/crypto
> name : authenc(hmac(sha1),cbc(des3_ede))
> driver :
authenc(hmac(sha1-generic),cbc(des3_ede-generic))
> module : authenc
> 
priority : 0
> refcnt : 3
> selftest : passed
> type : aead
> async
> no
> blocksize : 8
> ivsize : 8
> maxauthsize : 20
> geniv :
<built-in>
> 
> name : cbc(des3_ede)
> driver : cbc(des3_ede-generic)

> module : kernel
> priority : 0
> refcnt : 3
> selftest : passed
> 
type : givcipher
> async : no
> blocksize : 8
> min keysize : 24
> 
max keysize : 24
> ivsize : 8
> geniv : eseqiv
> 
> name : deflate
> 
driver : deflate-generic
> module : deflate
> priority : 0
> refcnt :
1
> selftest : passed
> type : compression
> 
> name :
rfc3686(ctr(aes))
> driver : rfc3686(ctr(aes-asm))
> module : ctr
> 
priority : 200
> refcnt : 1
> selftest : passed
> type : blkcipher
> 
blocksize : 1
> min keysize : 20
> max keysize : 36
> ivsize : 8
> 
geniv : seqiv
> 
> name : ctr(aes)
> driver : ctr(aes-asm)
> module :
ctr
> priority : 200
> refcnt : 1
> selftest : passed
> type :
blkcipher
> blocksize : 1
> min keysize : 16
> max keysize : 32
> 
ivsize : 16
> geniv : chainiv
> 
> name : cbc(twofish)
> driver :
cbc(twofish-asm)
> module : cbc
> priority : 200
> refcnt : 1
> 
selftest : passed
> type : blkcipher
> blocksize : 16
> min keysize :
16
> max keysize : 32
> ivsize : 16
> geniv : <default>
> 
> name :
cbc(camellia)
> driver : cbc(camellia-generic)
> module : cbc
> 
priority : 100
> refcnt : 1
> selftest : passed
> type : blkcipher
> 
blocksize : 16
> min keysize : 16
> max keysize : 32
> ivsize : 16
> 
geniv : <default>
> 
> name : camellia
> driver : camellia-generic
> 
module : camellia
> priority : 100
> refcnt : 1
> selftest : passed

> type : cipher
> blocksize : 16
> min keysize : 16
> max keysize :
32
> 
> name : cbc(serpent)
> driver : cbc(serpent-generic)
> module
> cbc
> priority : 0
> refcnt : 1
> selftest : passed
> type :
blkcipher
> blocksize : 16
> min keysize : 0
> max keysize : 32
> 
ivsize : 16
> geniv : <default>
> 
> name : cbc(aes)
> driver :
cbc(aes-asm)
> module : cbc
> priority : 200
> refcnt : 1
> selftest
> passed
> type : blkcipher
> blocksize : 16
> min keysize : 16
> 
max keysize : 32
> ivsize : 16
> geniv : <default>
> 
> name :
cbc(blowfish)
> driver : cbc(blowfish-generic)
> module : cbc
> 
priority : 0
> refcnt : 1
> selftest : passed
> type : blkcipher
> 
blocksize : 8
> min keysize : 4
> max keysize : 56
> ivsize : 8
> 
geniv : <default>
> 
> name : cbc(cast5)
> driver : cbc(cast5-generic)

> module : cbc
> priority : 0
> refcnt : 1
> selftest : passed
> 
type : blkcipher
> blocksize : 8
> min keysize : 5
> max keysize : 16

> ivsize : 8
> geniv : <default>
> 
> name : cast5
> driver :
cast5-generic
> module : cast5
> priority : 0
> refcnt : 1
> 
selftest : passed
> type : cipher
> blocksize : 8
> min keysize : 5

> max keysize : 16
> 
> name : cbc(des3_ede)
> driver :
cbc(des3_ede-generic)
> module : cbc
> priority : 0
> refcnt : 3
> 
selftest : passed
> type : blkcipher
> blocksize : 8
> min keysize :
24
> max keysize : 24
> ivsize : 8
> geniv : <default>
> 
> name :
cbc(des)
> driver : cbc(des-generic)
> module : cbc
> priority : 0
> 
refcnt : 1
> selftest : passed
> type : blkcipher
> blocksize : 8
> 
min keysize : 8
> max keysize : 8
> ivsize : 8
> geniv : <default>
> 

> name : xcbc(aes)
> driver : xcbc(aes-asm)
> module : xcbc
> 
priority : 200
> refcnt : 1
> selftest : passed
> type : shash
> 
blocksize : 16
> digestsize : 16
> 
> name : hmac(rmd160)
> driver :
hmac(rmd160-generic)
> module : kernel
> priority : 0
> refcnt : 1
> 
selftest : passed
> type : shash
> blocksize : 64
> digestsize : 20

> 
> name : rmd160
> driver : rmd160-generic
> module : rmd160
> 
priority : 0
> refcnt : 1
> selftest : passed
> type : shash
> 
blocksize : 64
> digestsize : 20
> 
> name : hmac(sha512)
> driver :
hmac(sha512-generic)
> module : kernel
> priority : 0
> refcnt : 1
> 
selftest : passed
> type : shash
> blocksize : 128
> digestsize : 64

> 
> name : hmac(sha384)
> driver : hmac(sha384-generic)
> module :
kernel
> priority : 0
> refcnt : 1
> selftest : passed
> type :
shash
> blocksize : 128
> digestsize : 48
> 
> name : hmac(sha256)
> 
driver : hmac(sha256-generic)
> module : kernel
> priority : 0
> 
refcnt : 1
> selftest : passed
> type : shash
> blocksize : 64
> 
digestsize : 32
> 
> name : hmac(sha1)
> driver : hmac(sha1-generic)

> module : kernel
> priority : 0
> refcnt : 5
> selftest : passed
> 
type : shash
> blocksize : 64
> digestsize : 20
> 
> name : hmac(md5)

> driver : hmac(md5-generic)
> module : kernel
> priority : 0
> 
refcnt : 1
> selftest : passed
> type : shash
> blocksize : 64
> 
digestsize : 16
> 
> name : compress_null
> driver :
compress_null-generic
> module : crypto_null
> priority : 0
> refcnt
> 1
> selftest : passed
> type : compression
> 
> name : digest_null

> driver : digest_null-generic
> module : crypto_null
> priority : 0

> refcnt : 1
> selftest : passed
> type : shash
> blocksize : 1
> 
digestsize : 0
> 
> name : ecb(cipher_null)
> driver : ecb-cipher_null

> module : crypto_null
> priority : 100
> refcnt : 1
> selftest :
passed
> type : blkcipher
> blocksize : 1
> min keysize : 0
> max
keysize : 0
> ivsize : 0
> geniv : <default>
> 
> name : cipher_null

> driver : cipher_null-generic
> module : crypto_null
> priority : 0

> refcnt : 1
> selftest : passed
> type : cipher
> blocksize : 1
> 
min keysize : 0
> max keysize : 0
> 
> name : tnepres
> driver :
tnepres-generic
> module : serpent
> priority : 0
> refcnt : 1
> 
selftest : passed
> type : cipher
> blocksize : 16
> min keysize : 0

> max keysize : 32
> 
> name : serpent
> driver : serpent-generic
> 
module : serpent
> priority : 0
> refcnt : 1
> selftest : passed
> 
type : cipher
> blocksize : 16
> min keysize : 0
> max keysize : 32

> 
> name : blowfish
> driver : blowfish-generic
> module : blowfish

> priority : 0
> refcnt : 1
> selftest : passed
> type : cipher
> 
blocksize : 8
> min keysize : 4
> max keysize : 56
> 
> name :
twofish
> driver : twofish-asm
> module : twofish_x86_64
> priority :
200
> refcnt : 1
> selftest : passed
> type : cipher
> blocksize :
16
> min keysize : 16
> max keysize : 32
> 
> name : sha256
> driver
> sha256-generic
> module : sha256_generic
> priority : 0
> refcnt :
1
> selftest : passed
> type : shash
> blocksize : 64
> digestsize :
32
> 
> name : sha224
> driver : sha224-generic
> module :
sha256_generic
> priority : 0
> refcnt : 1
> selftest : passed
> 
type : shash
> blocksize : 64
> digestsize : 28
> 
> name : sha512
> 
driver : sha512-generic
> module : sha512_generic
> priority : 0
> 
refcnt : 1
> selftest : passed
> type : shash
> blocksize : 128
> 
digestsize : 64
> 
> name : sha384
> driver : sha384-generic
> module
> sha512_generic
> priority : 0
> refcnt : 1
> selftest : passed
> 
type : shash
> blocksize : 128
> digestsize : 48
> 
> name : des3_ede

> driver : des3_ede-generic
> module : des_generic
> priority : 0
> 
refcnt : 3
> selftest : passed
> type : cipher
> blocksize : 8
> min
keysize : 24
> max keysize : 24
> 
> name : des
> driver :
des-generic
> module : des_generic
> priority : 0
> refcnt : 1
> 
selftest : passed
> type : cipher
> blocksize : 8
> min keysize : 8

> max keysize : 8
> 
> name : aes
> driver : aes-asm
> module :
aes_x86_64
> priority : 200
> refcnt : 1
> selftest : passed
> type
> cipher
> blocksize : 16
> min keysize : 16
> max keysize : 32
> 
> 
name : aes
> driver : aes-generic
> module : aes_generic
> priority :
100
> refcnt : 1
> selftest : passed
> type : cipher
> blocksize :
16
> min keysize : 16
> max keysize : 32
> 
> name : stdrng
> driver
> krng
> module : kernel
> priority : 200
> refcnt : 2
> selftest :
passed
> type : rng
> seedsize : 0
> 
> name : crc32c
> driver :
crc32c-generic
> module : kernel
> priority : 100
> refcnt : 1
> 
selftest : passed
> type : shash
> blocksize : 1
> digestsize : 4
> 

> name : sha1
> driver : sha1-generic
> module : kernel
> priority :
0
> refcnt : 3
> selftest : passed
> type : shash
> blocksize : 64

> digestsize : 20
> 
> name : md5
> driver : md5-generic
> module :
kernel
> priority : 0
> refcnt : 1
> selftest : passed
> type :
shash
> blocksize : 64
> digestsize : 16
> 
> +
__________________________/proc/sys/net/core/xfrm-star
> 
/usr/libexec/ipsec/barf: line 190:
__________________________/proc/sys/net/core/xfrm-star: No such file or
directory
> + for i in '/proc/sys/net/core/xfrm_*'
> + echo -n
'/proc/sys/net/core/xfrm_acq_expires: '
> 
/proc/sys/net/core/xfrm_acq_expires: + cat
/proc/sys/net/core/xfrm_acq_expires
> 30
> + for i in
'/proc/sys/net/core/xfrm_*'
> + echo -n
'/proc/sys/net/core/xfrm_aevent_etime: '
> 
/proc/sys/net/core/xfrm_aevent_etime: + cat
/proc/sys/net/core/xfrm_aevent_etime
> 10
> + for i in
'/proc/sys/net/core/xfrm_*'
> + echo -n
'/proc/sys/net/core/xfrm_aevent_rseqth: '
> 
/proc/sys/net/core/xfrm_aevent_rseqth: + cat
/proc/sys/net/core/xfrm_aevent_rseqth
> 2
> + for i in
'/proc/sys/net/core/xfrm_*'
> + echo -n
'/proc/sys/net/core/xfrm_larval_drop: '
> 
/proc/sys/net/core/xfrm_larval_drop: + cat
/proc/sys/net/core/xfrm_larval_drop
> 1
> + _________________________
/proc/sys/net/ipsec-star
> + test -d /proc/sys/net/ipsec
> +
_________________________ ipsec/status
> + ipsec auto --status
> 000
using kernel interface: netkey
> 000 interface eth0/eth0
2001:41d0:8:e242::1
> 000 interface lo/lo ::1
> 000 interface lo/lo
127.0.0.1
> 000 interface lo/lo 127.0.0.1
> 000 interface eth0/eth0
179.34.222.31
> 000 interface eth0/eth0 179.34.222.31
> 000 %myid (none)
> 000 debug none
> 000
> 000 virtual_private (%priv):
> 000 -
allowed 0 subnets:
> 000 - disallowed 0 subnets:
> 000 WARNING: Either
virtual_private= is not specified, or there is a syntax
> 000 error in
that line. 'left/rightsubnet=vhost:%priv' will not work!
> 000 WARNING:
Disallowed subnets in virtual_private= is empty. If you have
> 000
private address space in internal use, it should be excluded!
> 000
> 
000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemind,
keysizemaxd
> 000 algorithm ESP encrypt: id=3, name=ESP_3DES,
ivlen=8, keysizemin2, keysizemax2
> 000 algorithm ESP encrypt:
id=6, name=ESP_CAST, ivlen=8, keysizemin@, keysizemax8
> 000
algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8, keysizemin@,
keysizemaxD8
> 000 algorithm ESP encrypt: id, name=ESP_NULL,
ivlen=0, keysizemin=0, keysizemax=0
> 000 algorithm ESP encrypt: id,
name=ESP_AES, ivlen=8, keysizemin8, keysizemax%6
> 000 algorithm
ESP encrypt: id, name=ESP_AES_CTR, ivlen=8, keysizemin8,
keysizemax%6
> 000 algorithm ESP encrypt: id, name=ESP_AES_CCM_A,
ivlen=8, keysizemin8, keysizemax%6
> 000 algorithm ESP encrypt:
id, name=ESP_AES_CCM_B, ivlen=8, keysizemin8, keysizemax%6
> 
000 algorithm ESP encrypt: id, name=ESP_AES_CCM_C, ivlen=8,
keysizemin8, keysizemax%6
> 000 algorithm ESP encrypt: id,
name=ESP_AES_GCM_A, ivlen=8, keysizemin8, keysizemax%6
> 000
algorithm ESP encrypt: id, name=ESP_AES_GCM_B, ivlen=8,
keysizemin8, keysizemax%6
> 000 algorithm ESP encrypt: id ,
name=ESP_AES_GCM_C, ivlen=8, keysizemin8, keysizemax%6
> 000
algorithm ESP encrypt: id", name=ESP_CAMELLIA, ivlen=8,
keysizemin8, keysizemax%6
> 000 algorithm ESP encrypt: id%2,
name=ESP_SERPENT, ivlen=8, keysizemin8, keysizemax%6
> 000
algorithm ESP encrypt: id%3, name=ESP_TWOFISH, ivlen=8,
keysizemin8, keysizemax%6
> 000 algorithm ESP auth attr: id=1,
name=AUTH_ALGORITHM_HMAC_MD5, keysizemin8, keysizemax8
> 000
algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1,
keysizemin0, keysizemax0
> 000 algorithm ESP auth attr: id=5,
name=AUTH_ALGORITHM_HMAC_SHA2_256, keysizemin%6, keysizemax%6
> 000
algorithm ESP auth attr: id=6, name=AUTH_ALGORITHM_HMAC_SHA2_384,
keysizemin84, keysizemax84
> 000 algorithm ESP auth attr: id=7,
name=AUTH_ALGORITHM_HMAC_SHA2_512, keysizeminQ2, keysizemaxQ2
> 000
algorithm ESP auth attr: id=8, name=AUTH_ALGORITHM_HMAC_RIPEMD,
keysizemin0, keysizemax0
> 000 algorithm ESP auth attr: id=9,
name=AUTH_ALGORITHM_AES_CBC, keysizemin8, keysizemax8
> 000
algorithm ESP auth attr: id%1, name=(null), keysizemin=0, keysizemax=0

> 000
> 000 algorithm IKE encrypt: id=0, name=(null), blocksize,
keydeflen1
> 000 algorithm IKE encrypt: id=3,
name=OAKLEY_BLOWFISH_CBC, blocksize=8, keydeflen8
> 000 algorithm
IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8, keydeflen2
> 
000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize,
keydeflen8
> 000 algorithm IKE encrypt: ide004,
name=OAKLEY_SERPENT_CBC, blocksize, keydeflen8
> 000 algorithm
IKE encrypt: ide005, name=OAKLEY_TWOFISH_CBC, blocksize,
keydeflen8
> 000 algorithm IKE encrypt: ide289,
name=OAKLEY_TWOFISH_CBC_SSH, blocksize, keydeflen8
> 000
algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize
> 000 algorithm
IKE hash: id=2, name=OAKLEY_SHA1, hashsize 
> 000 algorithm IKE hash:
id=4, name=OAKLEY_SHA2_256, hashsize2
> 000 algorithm IKE hash: id=6,
name=OAKLEY_SHA2_512, hashsized
> 000 algorithm IKE dh group: id=2,
name=OAKLEY_GROUP_MODP1024, bits24
> 000 algorithm IKE dh group:
id=5, name=OAKLEY_GROUP_MODP1536, bits36
> 000 algorithm IKE dh
group: id, name=OAKLEY_GROUP_MODP2048, bits 48
> 000 algorithm IKE
dh group: id, name=OAKLEY_GROUP_MODP3072, bits072
> 000 algorithm
IKE dh group: id, name=OAKLEY_GROUP_MODP4096, bits@96
> 000
algorithm IKE dh group: id, name=OAKLEY_GROUP_MODP6144, bitsa44
> 
000 algorithm IKE dh group: id, name=OAKLEY_GROUP_MODP8192, bits�92

> 000 algorithm IKE dh group: id", name=OAKLEY_GROUP_DH22, bits24

> 000 algorithm IKE dh group: id#, name=OAKLEY_GROUP_DH23, bits 48

> 000 algorithm IKE dh group: id$, name=OAKLEY_GROUP_DH24, bits 48

> 000
> 000 stats db_ops: {curr_cnt, total_cnt, maxsz}
> context={0,0,0} trans={0,0,0} attrs={0,0,0}
> 000
> 000 "mikrotik":
192.168.1.0/24==9.34.222.31
[8]<179.34.222.31>[+S=C]...192.168.0.1---82.198.121.45<82.198.121.45>[+S=C]==2.168.0.0/24
 [6]; erouted; eroute owner: #7
> 000 "mikrotik": myip=unset;
hisip=unset;
> 000 "mikrotik": ike_life: 3600s; ipsec_life: 28800s;
rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
> 000 "mikrotik":
policy: PSK+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW+SAREFTRACK+lKOD+rKOD; prio:
24,24; interface: eth0;
> 000 "mikrotik": newest ISAKMP SA: #6; newest
IPsec SA: #7;
> 000 "mikrotik": IKE algorithm newest:
3DES_CBC_192-SHA1-MODP1024
> 000
> 000 #7: "mikrotik":500
STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in
27750s; newest IPSEC; eroute owner; isakmp#6; idle; import:admin
initiate
> 000 #7: "mikrotik" esp.1eea26a@82.198.121.45
esp.743427d2@179.34.222.31 tun.0@82.198.121.45 tun.0@179.34.222.31 ref=0
refhimB94901761
> 000 #6: "mikrotik":500 STATE_MAIN_I4 (ISAKMP SA
established); EVENT_SA_REPLACE in 2625s; newest ISAKMP; lastdpd=-1s(seq
in:0 out:0); idle; import:admin initiate
> 000
> +
_________________________ ifconfig-a
> + ifconfig -a
> eth0 Link
encap:Ethernet HWaddr 4C:72:B9:D1:C4:25
> inet addr:179.34.222.31
Bcast:178.32.223.255 Mask:255.255.255.0
> inet6 addr:
2001:41d0:8:e242::1/64 Scope:Global
> inet6 addr:
fe80::4e72:b9ff:fed1:c425/64 Scope:Link
> UP BROADCAST RUNNING
MULTICAST MTU:1500 Metric:1
> RX packets:17969 errors:0 dropped:0
overruns:0 frame:0
> TX packets:48900 errors:0 dropped:0 overruns:0
carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:1532137 (1.4 MiB)
TX bytes:14568681 (13.8 MiB)
> Interrupt:20 Memory:fe500000-fe520000
> 

> lo Link encap:Local Loopback
> inet addr:127.0.0.1 Mask:255.0.0.0
> 
inet6 addr: ::1/128 Scope:Host
> UP LOOPBACK RUNNING MTU:16436 Metric:1

> RX packets:248 errors:0 dropped:0 overruns:0 frame:0
> TX
packets:248 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0
txqueuelen:0
> RX bytes:39867 (38.9 KiB) TX bytes:39867 (38.9 KiB)
> 

> + _________________________ ip-addr-list
> + ip addr list
> 1: lo:
<LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
> 
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
> inet
127.0.0.1/8 [9] scope host lo
> inet6 ::1/128 scope host
> valid_lft
forever preferred_lft forever
> 2: eth0:
<BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP
qlen 1000
> link/ether 4c:72:b9:d1:c4:25 brd ff:ff:ff:ff:ff:ff
> inet
179.34.222.31/24 [10] brd 178.32.223.255 scope global eth0
> inet6
2001:41d0:8:e242::1/64 scope global
> valid_lft forever preferred_lft
forever
> inet6 fe80::4e72:b9ff:fed1:c425/64 scope link
> valid_lft
forever preferred_lft forever
> + _________________________
ip-route-list
> + ip route list
> 178.32.223.0/24 [11] dev eth0 proto
kernel scope link src 179.34.222.31
> default via 178.32.223.254 dev
eth0
> + _________________________ ip-rule-list
> + ip rule list
> 0:
from all lookup local
> 32766: from all lookup main
> 32767: from all
lookup default
> + _________________________ ipsec_verify
> + ipsec
verify --nocolour
> Checking your system to see if IPsec got installed
and started correctly:
> Version check and ipsec on-path [OK]
> Linux
Openswan U2.6.32/K2.6.32-358.6.1.el6.x86_64 (netkey)
> Checking for
IPsec support in kernel [OK]
> SAref kernel support [N/A]
> NETKEY:
Testing for disabled ICMP send_redirects [OK]
> NETKEY detected,
testing for disabled ICMP accept_redirects [OK]
> Testing against
enforced SElinux mode [OK]
> Checking that pluto is running [OK]
> 
Pluto listening for IKE on udp 500 [OK]
> Pluto listening for NAT-T on
udp 4500 [OK]
> Checking for 'ip' command [OK]
> Checking /bin/sh is
not /bin/dash [OK]
> Checking for 'iptables' command [OK]
> 
Opportunistic Encryption Support [DISABLED]
> +
_________________________ mii-tool
> + '[' -x /sbin/mii-tool ']'
> +
/sbin/mii-tool -v
> No interface specified
> usage: /sbin/mii-tool
[-VvRrwl] [-A media,... | -F media] <interface> ...
> -V, --version
display version information
> -v, --verbose more verbose output
> -R,
--reset reset MII to poweron state
> -r, --restart restart
autonegotiation
> -w, --watch monitor for link status changes
> -l,
--log with -w, write events to syslog
> -A, --advertise=media,...
advertise only specified media
> -F, --force=media force specified
media technology
> media: 100baseT4, 100baseTx-FD, 100baseTx-HD,
10baseT-FD, 10baseT-HD,
> (to advertise both HD and FD) 100baseTx,
10baseT
> + _________________________ ipsec/directory
> + ipsec
--directory
> /usr/libexec/ipsec
> + _________________________
hostname/fqdn
> + hostname --fqdn
> ks3307690.kimsufi.com [4]
> +
_________________________ hostname/ipaddress
> + hostname --ip-address

> 179.34.222.31
> + _________________________ uptime
> + uptime
> 
02:55:49 up 1:09, 2 users, load average: 0.06, 0.03, 0.00
> +
_________________________ ps
> + ps alxwf
> + egrep -i
'ppid|pluto|ipsec|klips'
> F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY
TIME COMMAND
> 4 0 7913 1701 20 0 106064 1480 wait S+ pts/0 0:00 | _
/bin/sh /usr/libexec/ipsec/barf
> 0 0 7978 7913 20 0 4148 672 pipe_w S+
pts/0 0:00 | _ egrep -i ppid|pluto|ipsec|klips
> 1 0 4897 1 20 0 9192
524 wait S pts/0 0:00 /bin/sh /usr/libexec/ipsec/_plutorun --debug
--uniqueids yes --force_busy no --nocrsend no --strictcrlpolicy no
--nat_traversal yes --keep_alive --protostack netkey --force_keepalive
no --disable_port_floating no --virtual_private oe=off --listen
--crlcheckinterval 0 --ocspuri --nhelpers --secctx_attr_value --dump
--opts --stderrlog --wait no --pre --post --log daemon.error
--plutorestartoncrash true --pid /var/run/pluto/pluto.pid
> 1 0 4899
4897 20 0 9192 692 wait S pts/0 0:00 _ /bin/sh
/usr/libexec/ipsec/_plutorun --debug --uniqueids yes --force_busy no
--nocrsend no --strictcrlpolicy no --nat_traversal yes --keep_alive
--protostack netkey --force_keepalive no --disable_port_floating no
--virtual_private oe=off --listen --crlcheckinterval 0 --ocspuri
--nhelpers --secctx_attr_value --dump --opts --stderrlog --wait no --pre
--post --log daemon.error --plutorestartoncrash true --pid
/var/run/pluto/pluto.pid
> 4 0 4903 4899 20 0 313724 7860 poll_s Sl
pts/0 0:00 | _ /usr/libexec/ipsec/pluto --nofork --secretsfile
/etc/ipsec.secrets --ipsecdir /etc/ipsec.d --use-netkey --uniqueids
--nat_traversal --virtual_private oe=off
> 0 0 4934 4903 20 0 6080 404
poll_s S pts/0 0:00 | _ _pluto_adns
> 0 0 4900 4897 20 0 9192 1316
pipe_w S pts/0 0:00 _ /bin/sh /usr/libexec/ipsec/_plutoload --wait no
--post
> 0 0 4898 1 20 0 4056 664 pipe_w S pts/0 0:00 logger -s -p
daemon.error -t ipsec__plutorun
> + _________________________
ipsec/showdefaults
> + ipsec showdefaults
> routephys=eth0
> 
routevirt=none
> routeaddr9.34.222.31
> routenexthop8.32.223.254

> + _________________________ ipsec/conf
> + ipsec _include
/etc/ipsec.conf
> + ipsec _keycensor
> 
> #< /etc/ipsec.conf 1
> #
/etc/ipsec.conf - Openswan IPsec configuration file
> #
> # Manual:
ipsec.conf.5
> #
> # Please place your own config files in
/etc/ipsec.d/ ending in .conf
> 
> version 2.0 # conforms to second
version of ipsec.conf specification
> 
> # basic configuration
> 
config setup
> # Debug-logging controls: "none" for (almost) none,
"all" for lots.
> # klipsdebug=none
> # plutodebug="control parsing"

> # For Red Hat Enterprise Linux and Fedora, leave protostack=netkey
> 
#protostack=klips
> interfaces=%defaultroute
> protostack=netkey
> 
> 
nat_traversal=yes
> virtual_private> oe=off
> # Enable this if you
see "failed to find any available worker"
> # nhelpers=0
> 
> conn
mikrotik
> left9.34.222.31
> leftsubnet2.168.1.0/24 [5]
> 
#leftnexthop=%defaultroute
> 
> right�.198.121.45
> 
rightsubnet2.168.0.0/24 [6]
> rightnexthop2.168.0.1
> 
> 
type=tunnel
> authby=secret
> auto=start
> #You may put your
configuration (.conf) file in the "/etc/ipsec.d/" and uncomment this.
> 
#include /etc/ipsec.d/*.conf
> + _________________________
ipsec/secrets
> + ipsec _include /etc/ipsec.secrets
> + ipsec
_secretcensor
> 
> #< /etc/ipsec.secrets 1
> #:cannot open
configuration file '/etc/ipsec.d/*.secrets'
> 
> #> /etc/ipsec.secrets
2
> 179.34.222.31 82.198.121.45 [12]: PSK "[sums to 354c...]"
> +
_________________________ ipsec/listall
> + ipsec auto --listall
> 000

> 000 List of Public Keys:
> 000
> 000 List of Pre-shared secrets
(from /etc/ipsec.secrets)
> 000 2: PSK 82.198.121.45 179.34.222.31
> +
'[' /etc/ipsec.d/policies ']'
> + for policy in '$POLICIES/*'
> ++
basename /etc/ipsec.d/policies/block
> + base=block
> +
_________________________ ipsec/policies/block
> + cat
/etc/ipsec.d/policies/block
> # This file defines the set of CIDRs
(network/mask-length) to which
> # communication should never be
allowed.
> #
> # See /usr/share/doc/openswan/policygroups.html for
details.
> #
> # $Id: block.in [13],v 1.4 2003/02/17 02:22:15 mcr Exp
$
> #
> 
> + for policy in '$POLICIES/*'
> ++ basename
/etc/ipsec.d/policies/clear
> + base=clear
> +
_________________________ ipsec/policies/clear
> + cat
/etc/ipsec.d/policies/clear
> # This file defines the set of CIDRs
(network/mask-length) to which
> # communication should always be in
the clear.
> #
> # See /usr/share/doc/openswan/policygroups.html for
details.
> #
> 
> # root name servers should be in the clear
> 
192.58.128.30/32 [14]
> 198.41.0.4/32 [15]
> 192.228.79.201/32 [16]
> 
192.33.4.12/32 [17]
> 128.8.10.90/32 [18]
> 192.203.230.10/32 [19]
> 
192.5.5.241/32 [20]
> 192.112.36.4/32 [21]
> 128.63.2.53/32 [22]
> 
192.36.148.17/32 [23]
> 193.0.14.129/32 [24]
> 199.7.83.42/32 [25]
> 
202.12.27.33/32 [26]
> + for policy in '$POLICIES/*'
> ++ basename
/etc/ipsec.d/policies/clear-or-private
> + base=clear-or-private
> +
_________________________ ipsec/policies/clear-or-private
> + cat
/etc/ipsec.d/policies/clear-or-private
> # This file defines the set of
CIDRs (network/mask-length) to which
> # we will communicate in the
clear, or, if the other side initiates IPSEC,
> # using encryption.
This behaviour is also called "Opportunistic Responder".
> #
> # See
/usr/share/doc/openswan/policygroups.html for details.
> #
> # $Id:
clear-or-private.in [27],v 1.4 2003/02/17 02:22:15 mcr Exp $
> #
> +
for policy in '$POLICIES/*'
> ++ basename /etc/ipsec.d/policies/private

> + base=private
> + _________________________ ipsec/policies/private

> + cat /etc/ipsec.d/policies/private
> # This file defines the set of
CIDRs (network/mask-length) to which
> # communication should always be
private (i.e. encrypted).
> # See
/usr/share/doc/openswan/policygroups.html for details.
> #
> # $Id:
private.in [28],v 1.4 2003/02/17 02:22:15 mcr Exp $
> #
> + for policy
in '$POLICIES/*'
> ++ basename /etc/ipsec.d/policies/private-or-clear

> + base=private-or-clear
> + _________________________
ipsec/policies/private-or-clear
> + cat
/etc/ipsec.d/policies/private-or-clear
> # This file defines the set of
CIDRs (network/mask-length) to which
> # communication should be
private, if possible, but in the clear otherwise.
> #
> # If the
target has a TXT (later IPSECKEY) record that specifies
> #
authentication material, we will require private (i.e. encrypted)
> #
communications. If no such record is found, communications will be
> #
in the clear.
> #
> # See /usr/share/doc/openswan/policygroups.html
for details.
> #
> # $Id: private-or-clear.in [29],v 1.5 2003/02/17
02:22:15 mcr Exp $
> #
> 
> 0.0.0.0/0 [7]
> +
_________________________ ipsec/ls-libdir
> + ls -l /usr/libexec/ipsec

> total 2676
> -rwxr-xr-x. 1 root root 10592 Sep 24 2012 _copyright
> 
-rwxr-xr-x. 1 root root 2430 Sep 24 2012 _include
> -rwxr-xr-x. 1 root
root 1475 Sep 24 2012 _keycensor
> -rwxr-xr-x. 1 root root 14528 Sep 24
2012 _pluto_adns
> -rwxr-xr-x. 1 root root 2567 Sep 24 2012 _plutoload

> -rwxr-xr-x. 1 root root 8474 Sep 24 2012 _plutorun
> -rwxr-xr-x. 1
root root 13671 Sep 24 2012 _realsetup
> -rwxr-xr-x. 1 root root 1975
Sep 24 2012 _secretcensor
> -rwxr-xr-x. 1 root root 11507 Sep 24 2012
_startklips
> -rwxr-xr-x. 1 root root 6096 Sep 24 2012 _startnetkey
> 
-rwxr-xr-x. 1 root root 4923 Sep 24 2012 _updown
> -rwxr-xr-x. 1 root
root 16227 Sep 24 2012 _updown.klips
> -rwxr-xr-x. 1 root root 16583
Sep 24 2012 _updown.mast
> -rwxr-xr-x. 1 root root 13745 Sep 24 2012
_updown.netkey
> -rwxr-xr-x. 1 root root 226704 Sep 24 2012 addconn
> 
-rwxr-xr-x. 1 root root 6015 Sep 24 2012 auto
> -rwxr-xr-x. 1 root root
10978 Sep 24 2012 barf
> -rwxr-xr-x. 1 root root 93840 Sep 24 2012
eroute
> -rwxr-xr-x. 1 root root 26736 Sep 24 2012 ikeping
> 
-rwxr-xr-x. 1 root root 69552 Sep 24 2012 klipsdebug
> -rwxr-xr-x. 1
root root 2455 Sep 24 2012 look
> -rwxr-xr-x. 1 root root 2189 Sep 24
2012 newhostkey
> -rwxr-xr-x. 1 root root 64976 Sep 24 2012 pf_key
> 
-rwxr-xr-x. 1 root root 1093328 Sep 24 2012 pluto
> -rwxr-xr-x. 1 root
root 12349 Sep 24 2012 policy
> -rwxr-xr-x. 1 root root 10576 Sep 24
2012 ranbits
> -rwxr-xr-x. 1 root root 27376 Sep 24 2012 rsasigkey
> 
-rwxr-xr-x. 1 root root 704 Sep 24 2012 secrets
> lrwxrwxrwx. 1 root
root 30 May 4 01:15 setup -> ../../../etc/rc.d/init.d/ipsec
> 
-rwxr-xr-x. 1 root root 1126 Sep 24 2012 showdefaults
> -rwxr-xr-x. 1
root root 267584 Sep 24 2012 showhostkey
> -rwxr-xr-x. 1 root root
26736 Sep 24 2012 showpolicy
> -rwxr-xr-x. 1 root root 176552 Sep 24
2012 spi
> -rwxr-xr-x. 1 root root 81504 Sep 24 2012 spigrp
> 
-rwxr-xr-x. 1 root root 77032 Sep 24 2012 tncfg
> -rwxr-xr-x. 1 root
root 14828 Sep 24 2012 verify
> -rwxr-xr-x. 1 root root 59904 Sep 24
2012 whack
> + _________________________ ipsec/ls-execdir
> + ls -l
/usr/libexec/ipsec
> total 2676
> -rwxr-xr-x. 1 root root 10592 Sep 24
2012 _copyright
> -rwxr-xr-x. 1 root root 2430 Sep 24 2012 _include
> 
-rwxr-xr-x. 1 root root 1475 Sep 24 2012 _keycensor
> -rwxr-xr-x. 1
root root 14528 Sep 24 2012 _pluto_adns
> -rwxr-xr-x. 1 root root 2567
Sep 24 2012 _plutoload
> -rwxr-xr-x. 1 root root 8474 Sep 24 2012
_plutorun
> -rwxr-xr-x. 1 root root 13671 Sep 24 2012 _realsetup
> 
-rwxr-xr-x. 1 root root 1975 Sep 24 2012 _secretcensor
> -rwxr-xr-x. 1
root root 11507 Sep 24 2012 _startklips
> -rwxr-xr-x. 1 root root 6096
Sep 24 2012 _startnetkey
> -rwxr-xr-x. 1 root root 4923 Sep 24 2012
_updown
> -rwxr-xr-x. 1 root root 16227 Sep 24 2012 _updown.klips
> 
-rwxr-xr-x. 1 root root 16583 Sep 24 2012 _updown.mast
> -rwxr-xr-x. 1
root root 13745 Sep 24 2012 _updown.netkey
> -rwxr-xr-x. 1 root root
226704 Sep 24 2012 addconn
> -rwxr-xr-x. 1 root root 6015 Sep 24 2012
auto
> -rwxr-xr-x. 1 root root 10978 Sep 24 2012 barf
> -rwxr-xr-x. 1
root root 93840 Sep 24 2012 eroute
> -rwxr-xr-x. 1 root root 26736 Sep
24 2012 ikeping
> -rwxr-xr-x. 1 root root 69552 Sep 24 2012 klipsdebug

> -rwxr-xr-x. 1 root root 2455 Sep 24 2012 look
> -rwxr-xr-x. 1 root
root 2189 Sep 24 2012 newhostkey
> -rwxr-xr-x. 1 root root 64976 Sep 24
2012 pf_key
> -rwxr-xr-x. 1 root root 1093328 Sep 24 2012 pluto
> 
-rwxr-xr-x. 1 root root 12349 Sep 24 2012 policy
> -rwxr-xr-x. 1 root
root 10576 Sep 24 2012 ranbits
> -rwxr-xr-x. 1 root root 27376 Sep 24
2012 rsasigkey
> -rwxr-xr-x. 1 root root 704 Sep 24 2012 secrets
> 
lrwxrwxrwx. 1 root root 30 May 4 01:15 setup ->
../../../etc/rc.d/init.d/ipsec
> -rwxr-xr-x. 1 root root 1126 Sep 24
2012 showdefaults
> -rwxr-xr-x. 1 root root 267584 Sep 24 2012
showhostkey
> -rwxr-xr-x. 1 root root 26736 Sep 24 2012 showpolicy
> 
-rwxr-xr-x. 1 root root 176552 Sep 24 2012 spi
> -rwxr-xr-x. 1 root
root 81504 Sep 24 2012 spigrp
> -rwxr-xr-x. 1 root root 77032 Sep 24
2012 tncfg
> -rwxr-xr-x. 1 root root 14828 Sep 24 2012 verify
> 
-rwxr-xr-x. 1 root root 59904 Sep 24 2012 whack
> +
_________________________ /proc/net/dev
> + cat /proc/net/dev
> 
Inter-| Receive | Transmit
> face |bytes packets errs drop fifo frame
compressed multicast|bytes packets errs drop fifo colls carrier
compressed
> lo: 40474 252 0 0 0 0 0 0 40474 252 0 0 0 0 0 0
> eth0:
1532197 17970 0 0 0 0 0 41 14568681 48900 0 0 0 0 0 0
> +
_________________________ /proc/net/route
> + cat /proc/net/route
> 
Iface Destination Gateway Flags RefCnt Use Metric Mask MTU Window IRTT

> eth0 00DF20B2 00000000 0001 0 0 0 00FFFFFF 0 0 0
> eth0 00000000
FEDF20B2 0003 0 0 0 00000000 0 0 0
> + _________________________
/proc/sys/net/ipv4/ip_no_pmtu_disc
> + cat
/proc/sys/net/ipv4/ip_no_pmtu_disc
> 0
> + _________________________
/proc/sys/net/ipv4/ip_forward
> + cat /proc/sys/net/ipv4/ip_forward
> 
1
> + _________________________ /proc/sys/net/ipv4/tcp_ecn
> + cat
/proc/sys/net/ipv4/tcp_ecn
> 2
> + _________________________
/proc/sys/net/ipv4/conf/star-rp_filter
> + cd /proc/sys/net/ipv4/conf

> + egrep '^' all/rp_filter default/rp_filter eth0/rp_filter
lo/rp_filter
> all/rp_filter:0
> default/rp_filter:0
> 
eth0/rp_filter:0
> lo/rp_filter:0
> + _________________________
/proc/sys/net/ipv4/conf/star-star-redirects
> + cd
/proc/sys/net/ipv4/conf
> + egrep '^' all/accept_redirects
all/secure_redirects all/send_redirects default/accept_redirects
default/secure_redirects default/send_redirects eth0/accept_redirects
eth0/secure_redirects eth0/send_redirects lo/accept_redirects
lo/secure_redirects lo/send_redirects
> all/accept_redirects:0
> 
all/secure_redirects:1
> all/send_redirects:0
> 
default/accept_redirects:0
> default/secure_redirects:1
> 
default/send_redirects:0
> eth0/accept_redirects:0
> 
eth0/secure_redirects:1
> eth0/send_redirects:0
> 
lo/accept_redirects:0
> lo/secure_redirects:1
> lo/send_redirects:0
> 
+ _________________________ /proc/sys/net/ipv4/tcp_window_scaling
> +
cat /proc/sys/net/ipv4/tcp_window_scaling
> 1
> +
_________________________ /proc/sys/net/ipv4/tcp_adv_win_scale
> + cat
/proc/sys/net/ipv4/tcp_adv_win_scale
> 2
> + _________________________
uname-a
> + uname -a
> Linux ks3307690.kimsufi.com [4]
2.6.32-358.6.1.el6.x86_64 #1 SMP Tue Apr 23 19:29:00 UTC 2013 x86_64
x86_64 x86_64 GNU/Linux
> + _________________________ config-built-with

> + test -r /proc/config_built_with
> + _________________________
distro-release
> + for distro in /etc/redhat-release
/etc/debian-release /etc/SuSE-release /etc/mandrake-release
/etc/mandriva-release /etc/gentoo-release
> + test -f
/etc/redhat-release
> + cat /etc/redhat-release
> CentOS release 6.4
(Final)
> + for distro in /etc/redhat-release /etc/debian-release
/etc/SuSE-release /etc/mandrake-release /etc/mandriva-release
/etc/gentoo-release
> + test -f /etc/debian-release
> + for distro in
/etc/redhat-release /etc/debian-release /etc/SuSE-release
/etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
> +
test -f /etc/SuSE-release
> + for distro in /etc/redhat-release
/etc/debian-release /etc/SuSE-release /etc/mandrake-release
/etc/mandriva-release /etc/gentoo-release
> + test -f
/etc/mandrake-release
> + for distro in /etc/redhat-release
/etc/debian-release /etc/SuSE-release /etc/mandrake-release
/etc/mandriva-release /etc/gentoo-release
> + test -f
/etc/mandriva-release
> + for distro in /etc/redhat-release
/etc/debian-release /etc/SuSE-release /etc/mandrake-release
/etc/mandriva-release /etc/gentoo-release
> + test -f
/etc/gentoo-release
> + _________________________
/proc/net/ipsec_version
> + test -r /proc/net/ipsec_version
> + test
-r /proc/net/pfkey
> ++ uname -r
> + echo 'NETKEY
(2.6.32-358.6.1.el6.x86_64) support detected '
> NETKEY
(2.6.32-358.6.1.el6.x86_64) support detected
> +
_________________________ iptables
> + test -r /sbin/iptables-save
> +
iptables-save
> # Generated by iptables-save v1.4.7 on Sat May 4
02:55:49 2013
> *mangle
> > PREROUTING ACCEPT [4726:242681]
> > INPUT
ACCEPT [4725:242553]
> > FORWARD ACCEPT [0:0]
> > OUTPUT ACCEPT
[12292:3653325]
> > POSTROUTING ACCEPT [12292:3653325]
> COMMIT
> #
Completed on Sat May 4 02:55:49 2013
> # Generated by iptables-save
v1.4.7 on Sat May 4 02:55:49 2013
> *nat
> > PREROUTING ACCEPT
[22:2083]
> > POSTROUTING ACCEPT [14:1473]
> > OUTPUT ACCEPT [221:34157]

> -A POSTROUTING -o eth0 -j MASQUERADE
> COMMIT
> # Completed on Sat
May 4 02:55:49 2013
> + _________________________ iptables-nat
> +
iptables-save -t nat
> # Generated by iptables-save v1.4.7 on Sat May 4
02:55:49 2013
> *nat
> > PREROUTING ACCEPT [22:2083]
> > POSTROUTING
ACCEPT [14:1473]
> > OUTPUT ACCEPT [221:34157]
> -A POSTROUTING -o eth0
-j MASQUERADE
> COMMIT
> # Completed on Sat May 4 02:55:49 2013
> +
_________________________ iptables-mangle
> + iptables-save -t mangle

> # Generated by iptables-save v1.4.7 on Sat May 4 02:55:49 2013
> 
*mangle
> > PREROUTING ACCEPT [4726:242681]
> > INPUT ACCEPT
[4725:242553]
> > FORWARD ACCEPT [0:0]
> > OUTPUT ACCEPT [12292:3653325]

> > POSTROUTING ACCEPT [12292:3653325]
> COMMIT
> # Completed on Sat
May 4 02:55:49 2013
> + _________________________ /proc/modules
> +
test -f /proc/modules
> + cat /proc/modules
> ipt_MASQUERADE 2466 1 -
Live 0xffffffffa0331000
> iptable_mangle 3349 0 - Live
0xffffffffa0326000
> iptable_nat 6158 1 - Live 0xffffffffa03df000
> 
nf_nat 22759 2 ipt_MASQUERADE,iptable_nat, Live 0xffffffffa03d4000
> 
nf_conntrack_ipv4 9506 3 iptable_nat,nf_nat, Live 0xffffffffa03cd000
> 
nf_defrag_ipv4 1483 1 nf_conntrack_ipv4, Live 0xffffffffa031e000
> 
ip_tables 17831 2 iptable_mangle,iptable_nat, Live 0xffffffffa03c4000
> 
bluetooth 99239 0 - Live 0xffffffffa03a0000
> rfkill 19255 1 bluetooth,
Live 0xffffffffa0396000
> ah6 5191 0 - Live 0xffffffffa030a000
> ah4
4320 0 - Live 0xffffffffa0305000
> esp6 4979 0 - Live
0xffffffffa0300000
> esp4 5358 2 - Live 0xffffffffa02f0000
> 
xfrm4_mode_beet 2069 0 - Live 0xffffffffa02ec000
> xfrm4_tunnel 1981 0
- Live 0xffffffffa02dc000
> xfrm4_mode_tunnel 2002 4 - Live
0xffffffffa02d6000
> xfrm4_mode_transport 1449 0 - Live
0xffffffffa02d0000
> xfrm6_mode_transport 1545 0 - Live
0xffffffffa02ca000
> xfrm6_mode_ro 1318 0 - Live 0xffffffffa02c4000
> 
xfrm6_mode_beet 2020 0 - Live 0xffffffffa02bc000
> xfrm6_mode_tunnel
1906 2 - Live 0xffffffffa02ad000
> ipcomp 2073 0 - Live
0xffffffffa02a3000
> ipcomp6 2138 0 - Live 0xffffffffa015a000
> 
xfrm6_tunnel 7969 1 ipcomp6, Live 0xffffffffa0285000
> af_key 29685 0 -
Live 0xffffffffa026c000
> authenc 6651 2 - Live 0xffffffffa0374000
> 
deflate 2107 0 - Live 0xffffffffa0370000
> zlib_deflate 21629 1
deflate, Live 0xffffffffa0367000
> ctr 4063 0 - Live 0xffffffffa0363000

> camellia 18334 0 - Live 0xffffffffa035b000
> cast5 15242 0 - Live
0xffffffffa0354000
> rmd160 8154 0 - Live 0xffffffffa034f000
> 
crypto_null 2952 0 - Live 0xffffffffa034b000
> ccm 8247 0 - Live
0xffffffffa0345000
> serpent 18455 0 - Live 0xffffffffa033d000
> 
blowfish 7884 0 - Live 0xffffffffa0338000
> twofish_x86_64 5297 0 -
Live 0xffffffffa0333000
> twofish_common 14633 1 twofish_x86_64, Live
0xffffffffa032c000
> ecb 2209 0 - Live 0xffffffffa0328000
> xcbc 2849
0 - Live 0xffffffffa0324000
> cbc 3083 2 - Live 0xffffffffa0320000
> 
sha256_generic 10361 0 - Live 0xffffffffa031a000
> sha512_generic 4974
0 - Live 0xffffffffa0315000
> des_generic 16604 2 - Live
0xffffffffa030d000
> cryptd 8006 0 - Live 0xffffffffa02fa000
> 
aes_x86_64 7961 0 - Live 0xffffffffa02f5000
> aes_generic 27609 1
aes_x86_64, Live 0xffffffffa02e2000
> tunnel4 2943 1 xfrm4_tunnel, Live
0xffffffffa02c2000
> xfrm_ipcomp 4610 2 ipcomp,ipcomp6, Live
0xffffffffa0275000
> tunnel6 2714 1 xfrm6_tunnel, Live
0xffffffffa0042000
> ip6t_REJECT 4628 2 - Live 0xffffffffa02b7000
> 
nf_conntrack_ipv6 8748 2 - Live 0xffffffffa02b0000
> nf_defrag_ipv6
11182 1 nf_conntrack_ipv6, Live 0xffffffffa02a9000
> xt_state 1492 2 -
Live 0xffffffffa015e000
> nf_conntrack 79645 6
ipt_MASQUERADE,iptable_nat,nf_nat,nf_conntrack_ipv4,nf_conntrack_ipv6,xt_state,
Live 0xffffffffa0288000
> ip6table_filter 2889 1 - Live
0xffffffffa0055000
> ip6_tables 19458 1 ip6table_filter, Live
0xffffffffa027f000
> ipv6 321454 40
ah6,esp6,xfrm6_mode_beet,xfrm6_mode_tunnel,ipcomp6,xfrm6_tunnel,tunnel6,ip6t_REJECT,nf_conntrack_ipv6,nf_defrag_ipv6,
 Live 0xffffffffa021c000
> sg 29350 0 - Live 0xffffffffa0151000
> 
serio_raw 4594 0 - Live 0xffffffffa0032000
> i2c_i801 11167 0 - Live
0xffffffffa0019000
> xhci_hcd 142149 0 - Live 0xffffffffa01ef000
> 
iTCO_wdt 14990 0 - Live 0xffffffffa00bb000
> iTCO_vendor_support 3088 1
iTCO_wdt, Live 0xffffffffa0037000
> ext3 232456 2 - Live
0xffffffffa01b5000
> jbd 79071 1 ext3, Live 0xffffffffa01a0000
> 
mbcache 8193 1 ext3, Live 0xffffffffa004d000
> raid1 31657 2 - Live
0xffffffffa00a4000
> sd_mod 38976 8 - Live 0xffffffffa0099000
> 
crc_t10dif 1541 1 sd_mod, Live 0xffffffffa0023000
> ahci 41127 6 - Live
0xffffffffa0145000
> e1000e 253849 0 - Live 0xffffffffa0161000
> wmi
6287 0 - Live 0xffffffffa0016000
> i915 537570 1 - Live
0xffffffffa00c0000
> drm_kms_helper 40087 1 i915, Live
0xffffffffa00b0000
> drm 265638 2 i915,drm_kms_helper, Live
0xffffffffa0057000
> i2c_algo_bit 5935 1 i915, Live 0xffffffffa0052000

> i2c_core 31084 5 i2c_i801,i915,drm_kms_helper,drm,i2c_algo_bit, Live
0xffffffffa0044000
> video 20674 1 i915, Live 0xffffffffa0039000
> 
output 2409 1 video, Live 0xffffffffa0035000
> dm_mirror 14133 0 - Live
0xffffffffa002d000
> dm_region_hash 12085 1 dm_mirror, Live
0xffffffffa0026000
> dm_log 9930 2 dm_mirror,dm_region_hash, Live
0xffffffffa001f000
> dm_mod 82839 2 dm_mirror,dm_log, Live
0xffffffffa0000000
> + _________________________ /proc/meminfo
> + cat
/proc/meminfo
> MemTotal: 8089016 kB
> MemFree: 7839892 kB
> Buffers:
8560 kB
> Cached: 61384 kB
> SwapCached: 0 kB
> Active: 61012 kB
> 
Inactive: 46064 kB
> Active(anon): 37288 kB
> Inactive(anon): 3540 kB

> Active(file): 23724 kB
> Inactive(file): 42524 kB
> Unevictable: 0
kB
> Mlocked: 0 kB
> SwapTotal: 8386544 kB
> SwapFree: 8386544 kB
> 
Dirty: 4 kB
> Writeback: 0 kB
> AnonPages: 37224 kB
> Mapped: 10824
kB
> Shmem: 3688 kB
> Slab: 64536 kB
> SReclaimable: 11388 kB
> 
SUnreclaim: 53148 kB
> KernelStack: 1104 kB
> PageTables: 2464 kB
> 
NFS_Unstable: 0 kB
> Bounce: 0 kB
> WritebackTmp: 0 kB
> CommitLimit:
12431052 kB
> Committed_AS: 191160 kB
> VmallocTotal: 34359738367 kB

> VmallocUsed: 366072 kB
> VmallocChunk: 34359366644 kB
> 
HardwareCorrupted: 0 kB
> AnonHugePages: 16384 kB
> HugePages_Total: 0

> HugePages_Free: 0
> HugePages_Rsvd: 0
> HugePages_Surp: 0
> 
Hugepagesize: 2048 kB
> DirectMap4k: 8192 kB
> DirectMap2M: 8288256 kB

> + _________________________ /proc/net/ipsec-ls
> + test -f
/proc/net/ipsec_version
> + _________________________
usr/src/linux/.config
> + test -f /proc/config.gz
> ++ uname -r
> +
test -f /lib/modules/2.6.32-358.6.1.el6.x86_64/build/.config
> + echo
'no .config file found, cannot list kernel properties'
> no .config
file found, cannot list kernel properties
> + _________________________
etc/syslog.conf
> + _________________________
etc/syslog-ng/syslog-ng.conf
> + cat /etc/syslog-ng/syslog-ng.conf
> 
cat: /etc/syslog-ng/syslog-ng.conf: No such file or directory
> + cat
/etc/syslog.conf
> cat: /etc/syslog.conf: No such file or directory
> 
+ _________________________ etc/resolv.conf
> + cat /etc/resolv.conf
> 
nameserver 127.0.0.1
> nameserver 213.186.33.99
> search ovh.net [30]

> + _________________________ lib/modules-ls
> + ls -ltr /lib/modules

> total 8
> drwxr-xr-x. 7 root root 4096 May 4 01:05
2.6.32-358.6.1.el6.x86_64
> + _________________________ fipscheck
> +
cat /proc/sys/crypto/fips_enabled
> 0
> + _________________________
/proc/ksyms-netif_rx
> + test -r /proc/ksyms
> + test -r
/proc/kallsyms
> + egrep netif_rx /proc/kallsyms
> ffffffff8144d2b0 T
netif_rx
> ffffffff8144d520 T netif_rx_ni
> ffffffff814611e0 t
ftrace_raw_output_netif_rx
> ffffffff81461750 t
ftrace_profile_disable_netif_rx
> ffffffff81461770 t
ftrace_raw_unreg_event_netif_rx
> ffffffff81461e10 t
ftrace_profile_enable_netif_rx
> ffffffff81461e30 t
ftrace_raw_reg_event_netif_rx
> ffffffff81462700 t
ftrace_raw_init_event_netif_rx
> ffffffff81462e20 t
ftrace_profile_netif_rx
> ffffffff81463760 t ftrace_raw_event_netif_rx

> ffffffff818162d2 r __tpstrtab_netif_rx
> ffffffff81829720 r
__ksymtab_netif_rx_ni
> ffffffff81829730 r __ksymtab_netif_rx
> 
ffffffff818395e8 r __kcrctab_netif_rx_ni
> ffffffff818395f0 r
__kcrctab_netif_rx
> ffffffff81853fb4 r __kstrtab_netif_rx_ni
> 
ffffffff81853fc0 r __kstrtab_netif_rx
> ffffffff81b186a0 d
ftrace_event_type_netif_rx
> ffffffff81bcddc0 D __tracepoint_netif_rx

> ffffffff81bf8250 d event_netif_rx
> + _________________________
lib/modules-netif_rx
> + modulegoo kernel/net/ipv4/ipip.o netif_rx
> +
set +x
> 2.6.32-358.6.1.el6.x86_64:
> + _________________________
kern.debug
> + test -f /var/log/kern.debug
> +
_________________________ klog
> + sed -n '1542,$p' /var/log/messages

> + egrep -i 'ipsec|klips|pluto'
> + case "$1" in
> + cat
> May 4
02:09:47 ks3307690 ipsec_setup: Starting Openswan IPsec
U2.6.32/K2.6.32-358.6.1.el6.x86_64...
> May 4 02:09:47 ks3307690
ipsec_setup: Using NETKEY(XFRM) stack
> May 4 02:09:47 ks3307690
ipsec_setup: /usr/libexec/ipsec/addconn Non-fips mode set in
/proc/sys/crypto/fips_enabled
> May 4 02:09:47 ks3307690 ipsec_setup:
...Openswan IPsec started
> May 4 02:09:47 ks3307690 ipsec__plutorun:
/usr/libexec/ipsec/addconn Non-fips mode set in
/proc/sys/crypto/fips_enabled
> May 4 02:09:47 ks3307690
ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d
> May 4 02:09:47
ks3307690 pluto: adjusting ipsec.d to /etc/ipsec.d
> May 4 02:09:47
ks3307690 ipsec__plutorun: /usr/libexec/ipsec/addconn Non-fips mode set
in /proc/sys/crypto/fips_enabled
> May 4 02:09:47 ks3307690
ipsec__plutorun: /usr/libexec/ipsec/addconn Non-fips mode set in
/proc/sys/crypto/fips_enabled
> May 4 02:09:47 ks3307690
ipsec__plutorun: 002 added connection description "mikrotik"
> May 4
02:09:47 ks3307690 ipsec__plutorun: 003 no secrets filename matched
"/etc/ipsec.d/*.secrets"
> May 4 02:09:47 ks3307690 ipsec__plutorun:
104 "mikrotik" #1: STATE_MAIN_I1: initiate
> +
_________________________ plog
> + sed -n '889,$p' /var/log/secure
> +
egrep -i pluto
> + case "$1" in
> + cat
> May 4 02:09:47 ks3307690
ipsec__plutorun: Starting Pluto subsystem...
> May 4 02:09:47 ks3307690
pluto[4903]: nss directory plutomain: /etc/ipsec.d
> May 4 02:09:47
ks3307690 pluto[4903]: NSS Initialized
> May 4 02:09:47 ks3307690
pluto[4903]: Non-fips mode set in /proc/sys/crypto/fips_enabled
> May 4
02:09:47 ks3307690 pluto[4903]: Starting Pluto (Openswan Version 2.6.32;
Vendor ID OEhyLdACecfa) pid:4903
> May 4 02:09:47 ks3307690
pluto[4903]: Non-fips mode set in /proc/sys/crypto/fips_enabled
> May 4
02:09:47 ks3307690 pluto[4903]: LEAK_DETECTIVE support [disabled]
> May
4 02:09:47 ks3307690 pluto[4903]: OCF support for IKE [disabled]
> May
4 02:09:47 ks3307690 pluto[4903]: SAref support [disabled]: Protocol not
available
> May 4 02:09:47 ks3307690 pluto[4903]: SAbind support
[disabled]: Protocol not available
> May 4 02:09:47 ks3307690
pluto[4903]: NSS support [enabled]
> May 4 02:09:47 ks3307690
pluto[4903]: HAVE_STATSD notification support not compiled in
> May 4
02:09:47 ks3307690 pluto[4903]: Setting NAT-Traversal port-4500 floating
to on
> May 4 02:09:47 ks3307690 pluto[4903]: port floating activation
criteria nat_t=1/port_float=1
> May 4 02:09:47 ks3307690 pluto[4903]:
NAT-Traversal support [enabled]
> May 4 02:09:47 ks3307690 pluto[4903]:
1 bad entries in virtual_private - none loaded
> May 4 02:09:47
ks3307690 pluto[4903]: ike_alg_register_enc(): Activating
OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
> May 4 02:09:47 ks3307690
pluto[4903]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok
(ret=0)
> May 4 02:09:47 ks3307690 pluto[4903]: ike_alg_register_enc():
Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
> May 4 02:09:47 ks3307690
pluto[4903]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok
(ret=0)
> May 4 02:09:47 ks3307690 pluto[4903]: ike_alg_register_enc():
Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
> May 4 02:09:47 ks3307690
pluto[4903]: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok
(ret=0)
> May 4 02:09:47 ks3307690 pluto[4903]:
ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
> May 4
02:09:47 ks3307690 pluto[4903]: starting up 3 cryptographic helpers
> 
May 4 02:09:47 ks3307690 pluto[4903]: started helper (thread)
pid0013406775040 (fd:10)
> May 4 02:09:47 ks3307690 pluto[4903]:
started helper (thread) pid0013396285184 (fd:12)
> May 4 02:09:47
ks3307690 pluto[4903]: started helper (thread) pid0013316601600
(fd:14)
> May 4 02:09:47 ks3307690 pluto[4903]: Using Linux 2.6 IPsec
interface code on 2.6.32-358.6.1.el6.x86_64 (experimental code)
> May 4
02:09:47 ks3307690 pluto[4903]: ike_alg_register_enc(): Activating
aes_ccm_8: Ok (ret=0)
> May 4 02:09:47 ks3307690 pluto[4903]:
ike_alg_add(): ERROR: Algorithm already exists
> May 4 02:09:47
ks3307690 pluto[4903]: ike_alg_register_enc(): Activating aes_ccm_12:
FAILED (ret=-17)
> May 4 02:09:47 ks3307690 pluto[4903]: ike_alg_add():
ERROR: Algorithm already exists
> May 4 02:09:47 ks3307690 pluto[4903]:
ike_alg_register_enc(): Activating aes_ccm_16: FAILED (ret=-17)
> May 4
02:09:47 ks3307690 pluto[4903]: ike_alg_add(): ERROR: Algorithm already
exists
> May 4 02:09:47 ks3307690 pluto[4903]: ike_alg_register_enc():
Activating aes_gcm_8: FAILED (ret=-17)
> May 4 02:09:47 ks3307690
pluto[4903]: ike_alg_add(): ERROR: Algorithm already exists
> May 4
02:09:47 ks3307690 pluto[4903]: ike_alg_register_enc(): Activating
aes_gcm_12: FAILED (ret=-17)
> May 4 02:09:47 ks3307690 pluto[4903]:
ike_alg_add(): ERROR: Algorithm already exists
> May 4 02:09:47
ks3307690 pluto[4903]: ike_alg_register_enc(): Activating aes_gcm_16:
FAILED (ret=-17)
> May 4 02:09:47 ks3307690 pluto[4903]: Could not
change to directory '/etc/ipsec.d/cacerts': /
> May 4 02:09:47
ks3307690 pluto[4903]: Could not change to directory
'/etc/ipsec.d/aacerts': /
> May 4 02:09:47 ks3307690 pluto[4903]: Could
not change to directory '/etc/ipsec.d/ocspcerts': /
> May 4 02:09:47
ks3307690 pluto[4903]: Could not change to directory '/etc/ipsec.d/crls'

> May 4 02:09:47 ks3307690 pluto[4903]: | selinux support is enabled.

> May 4 02:09:47 ks3307690 pluto[4903]: added connection description
"mikrotik"
> May 4 02:09:47 ks3307690 pluto[4903]: listening for IKE
messages
> May 4 02:09:47 ks3307690 pluto[4903]: adding interface
eth0/eth0 179.34.222.31:500 [31]
> May 4 02:09:47 ks3307690
pluto[4903]: adding interface eth0/eth0 179.34.222.31:4500 [32]
> May 4
02:09:47 ks3307690 pluto[4903]: adding interface lo/lo 127.0.0.1:500
[33]
> May 4 02:09:47 ks3307690 pluto[4903]: adding interface lo/lo
127.0.0.1:4500 [34]
> May 4 02:09:47 ks3307690 pluto[4903]: adding
interface lo/lo ::1:500
> May 4 02:09:47 ks3307690 pluto[4903]: adding
interface eth0/eth0 2001:41d0:8:e242::1:500
> May 4 02:09:47 ks3307690
pluto[4903]: loading secrets from "/etc/ipsec.secrets"
> May 4 02:09:47
ks3307690 pluto[4903]: no secrets filename matched
"/etc/ipsec.d/*.secrets"
> May 4 02:09:47 ks3307690 pluto[4903]:
"mikrotik" #1: initiating Main Mode
> May 4 02:09:47 ks3307690
pluto[4903]: "mikrotik" #1: received Vendor ID payload [Dead Peer
Detection]
> May 4 02:09:47 ks3307690 pluto[4903]: "mikrotik" #1:
transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
> May 4
02:09:47 ks3307690 pluto[4903]: "mikrotik" #1: STATE_MAIN_I2: sent MI2,
expecting MR2
> May 4 02:09:48 ks3307690 pluto[4903]: "mikrotik" #1:
transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
> May 4
02:09:48 ks3307690 pluto[4903]: "mikrotik" #1: STATE_MAIN_I3: sent MI3,
expecting MR3
> May 4 02:09:48 ks3307690 pluto[4903]: "mikrotik" #1:
next payload type of ISAKMP Hash Payload has an unknown value: 184
> 
May 4 02:09:48 ks3307690 pluto[4903]: "mikrotik" #1: malformed payload
in packet
> May 4 02:09:48 ks3307690 pluto[4903]: | payload malformed
after IV
> May 4 02:09:48 ks3307690 pluto[4903]: | d5 e9 80 46 c0 88 41
e9
> May 4 02:09:48 ks3307690 pluto[4903]: "mikrotik" #1: sending
notification PAYLOAD_MALFORMED to 82.198.121.45:500 [35]
> May 4
02:09:48 ks3307690 pluto[4903]: "mikrotik" #1: byte 2 of ISAKMP Hash
Payload must be zero, but is not
> May 4 02:09:48 ks3307690
pluto[4903]: "mikrotik" #1: malformed payload in packet
> May 4
02:09:48 ks3307690 pluto[4903]: "mikrotik" #1: Main mode peer ID is
ID_IPV4_ADDR: '82.198.121.45'
> May 4 02:09:48 ks3307690 pluto[4903]:
"mikrotik" #1: transition from state STATE_MAIN_I3 to state
STATE_MAIN_I4
> May 4 02:09:48 ks3307690 pluto[4903]: "mikrotik" #1:
STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY
cipher=oakley_3des_cbc_192 prf=oakley_sha group=modp1024}
> May 4
02:09:48 ks3307690 pluto[4903]: "mikrotik" #2: initiating Quick Mode
PSK+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW+SAREFTRACK {using isakmp#1
msgid:121009cf proposal�faults pfsgroup=OAKLEY_GROUP_MODP1024}
> May
4 02:09:48 ks3307690 pluto[4903]: "mikrotik" #2: transition from state
STATE_QUICK_I1 to state STATE_QUICK_I2
> May 4 02:09:48 ks3307690
pluto[4903]: "mikrotik" #2: STATE_QUICK_I2: sent QI2, IPsec SA
established tunnel mode {ESP=>0x08ab66a0 <0xc0d22436
xfrm=ES_0-HMAC_SHA1 NATOA=none NATD=none DPD=none}
> May 4 02:10:08
ks3307690 pluto[4903]: "mikrotik" #3: initiating Quick Mode
PSK+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW+SAREFTRACK {using isakmp#1
msgid:8eb8d24a proposal�faults pfsgroup=OAKLEY_GROUP_MODP1024}
> May
4 02:10:08 ks3307690 pluto[4903]: "mikrotik" #3: transition from state
STATE_QUICK_I1 to state STATE_QUICK_I2
> May 4 02:10:08 ks3307690
pluto[4903]: "mikrotik" #3: STATE_QUICK_I2: sent QI2, IPsec SA
established tunnel mode {ESP=>0x03d0e567 <0x8b2ece14
xfrm=ES_0-HMAC_SHA1 NATOA=none NATD=none DPD=none}
> May 4 02:48:10
ks3307690 pluto[4903]: "mikrotik": terminating SAs using this connection

> May 4 02:48:10 ks3307690 pluto[4903]: "mikrotik" #3: deleting state
(STATE_QUICK_I2)
> May 4 02:48:10 ks3307690 pluto[4903]: "mikrotik" #2:
deleting state (STATE_QUICK_I2)
> May 4 02:48:10 ks3307690 pluto[4903]:
"mikrotik" #1: deleting state (STATE_MAIN_I4)
> May 4 02:48:18
ks3307690 pluto[4903]: "mikrotik" #4: initiating Main Mode
> May 4
02:48:18 ks3307690 pluto[4903]: "mikrotik" #4: received Vendor ID
payload [Dead Peer Detection]
> May 4 02:48:18 ks3307690 pluto[4903]:
"mikrotik" #4: transition from state STATE_MAIN_I1 to state
STATE_MAIN_I2
> May 4 02:48:18 ks3307690 pluto[4903]: "mikrotik" #4:
STATE_MAIN_I2: sent MI2, expecting MR2
> May 4 02:48:18 ks3307690
pluto[4903]: "mikrotik" #4: transition from state STATE_MAIN_I2 to state
STATE_MAIN_I3
> May 4 02:48:18 ks3307690 pluto[4903]: "mikrotik" #4:
STATE_MAIN_I3: sent MI3, expecting MR3
> May 4 02:48:19 ks3307690
pluto[4903]: "mikrotik" #4: Main mode peer ID is ID_IPV4_ADDR:
'82.198.121.45'
> May 4 02:48:19 ks3307690 pluto[4903]: "mikrotik" #4:
transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
> May 4
02:48:19 ks3307690 pluto[4903]: "mikrotik" #4: STATE_MAIN_I4: ISAKMP SA
established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192
prf=oakley_sha group=modp1024}
> May 4 02:48:19 ks3307690 pluto[4903]:
"mikrotik" #5: initiating Quick Mode
PSK+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW+SAREFTRACK {using isakmp#4
msgid:3eac258b proposal�faults pfsgroup=OAKLEY_GROUP_MODP1024}
> May
4 02:48:19 ks3307690 pluto[4903]: "mikrotik" #5: transition from state
STATE_QUICK_I1 to state STATE_QUICK_I2
> May 4 02:48:19 ks3307690
pluto[4903]: "mikrotik" #5: STATE_QUICK_I2: sent QI2, IPsec SA
established tunnel mode {ESP=>0x06fb8921 <0x112666f8
xfrm=ES_0-HMAC_SHA1 NATOA=none NATD=none DPD=none}
> May 4 02:50:11
ks3307690 pluto[4903]: "mikrotik": deleting connection
> May 4 02:50:11
ks3307690 pluto[4903]: "mikrotik" #5: deleting state (STATE_QUICK_I2)
> 
May 4 02:50:11 ks3307690 pluto[4903]: "mikrotik" #4: deleting state
(STATE_MAIN_I4)
> May 4 02:50:11 ks3307690 pluto[4903]: added
connection description "mikrotik"
> May 4 02:50:19 ks3307690
pluto[4903]: "mikrotik" #6: initiating Main Mode
> May 4 02:50:20
ks3307690 pluto[4903]: "mikrotik" #6: received Vendor ID payload [Dead
Peer Detection]
> May 4 02:50:20 ks3307690 pluto[4903]: "mikrotik" #6:
transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
> May 4
02:50:20 ks3307690 pluto[4903]: "mikrotik" #6: STATE_MAIN_I2: sent MI2,
expecting MR2
> May 4 02:50:20 ks3307690 pluto[4903]: "mikrotik" #6:
transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
> May 4
02:50:20 ks3307690 pluto[4903]: "mikrotik" #6: STATE_MAIN_I3: sent MI3,
expecting MR3
> May 4 02:50:20 ks3307690 pluto[4903]: "mikrotik" #6:
Main mode peer ID is ID_IPV4_ADDR: '82.198.121.45'
> May 4 02:50:20
ks3307690 pluto[4903]: "mikrotik" #6: transition from state
STATE_MAIN_I3 to state STATE_MAIN_I4
> May 4 02:50:20 ks3307690
pluto[4903]: "mikrotik" #6: STATE_MAIN_I4: ISAKMP SA established
{auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha
group=modp1024}
> May 4 02:50:20 ks3307690 pluto[4903]: "mikrotik" #7:
initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW+SAREFTRACK
{using isakmp#6 msgid:aae4f37f proposal�faults
pfsgroup=OAKLEY_GROUP_MODP1024}
> May 4 02:50:20 ks3307690 pluto[4903]:
"mikrotik" #7: transition from state STATE_QUICK_I1 to state
STATE_QUICK_I2
> May 4 02:50:20 ks3307690 pluto[4903]: "mikrotik" #7:
STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode
{ESP=>0x01eea26a <0x743427d2 xfrm=ES_0-HMAC_SHA1 NATOA=none NATD=none
DPD=none}
> + _________________________ date
> + date
> Sat May 4
02:55:49 CEST 2013
> 
> Is it possible to solve this problem?
> Thanks
in advance.
> 
> _______________________________________________
> 
Users@lists.openswan.org
> 
https://lists.openswan.org/mailman/listinfo/users [1]
> Micropayments:
https://flattr.com/thing/38387/IPsec-for-Linux-made-easy [2]
> Building
and Integrating Virtual Private Networks with Openswan:
> 
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n(3155
[3]


Links:
------
[1]
https://lists.openswan.org/mailman/listinfo/users
[2]
https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
[3]
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n(3155
[4]
http://ks3307690.kimsufi.com/
[5] http://192.168.1.0/24
[6]
http://192.168.0.0/24
[7] http://0.0.0.0/0
[8]
http://192.168.1.0/24==9.34.222.31
[9] http://127.0.0.1/8
[10]
http://179.34.222.31/24
[11] http://178.32.223.0/24
[12]
http://82.198.121.45/
[13] http://block.in/
[14]
http://192.58.128.30/32
[15] http://198.41.0.4/32
[16]
http://192.228.79.201/32
[17] http://192.33.4.12/32
[18]
http://128.8.10.90/32
[19] http://192.203.230.10/32
[20]
http://192.5.5.241/32
[21] http://192.112.36.4/32
[22]
http://128.63.2.53/32
[23] http://192.36.148.17/32
[24]
http://193.0.14.129/32
[25] http://199.7.83.42/32
[26]
http://202.12.27.33/32
[27] http://clear-or-private.in/
[28]
http://private.in/
[29] http://private-or-clear.in/
[30]
http://ovh.net/
[31] http://179.34.222.31:500/
[32]
http://179.34.222.31:4500/
[33] http://127.0.0.1:500/
[34]
http://127.0.0.1:4500/
[35] http://82.198.121.45:500/


[Attachment #3 (unknown)]

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN">
<html><body style='font-family: Arial,Helvetica,sans-serif'>
<p>Add left/rightsourceip to your conns</p>
<p>&nbsp;</p>
<p>Nick</p>
<p>On 2013-05-07 02:34, Patrick Naubert wrote:</p>
<blockquote type="cite" style="padding-left:5px; border-left:#1010ff 2px solid; \
margin-left:5px; width:100%"><!-- html ignored --><!-- head ignored --><!-- meta \
ignored -->Rescued from the Spam bucket. &nbsp;Please remember to subscribe to the \
mailing list before posting to it.<br /> <div><br />
<div>Begin forwarded message:</div>
<br class="Apple-interchange-newline" />
<div>
<div style="margin: 0px;"><span style="color: #7f7f7f;"><strong>From: \
</strong></span>"<a href="mailto:serzer@gmail.com">serzer@gmail.com</a>" &lt;<a \
href="mailto:serzer@gmail.com">serzer@gmail.com</a>&gt;</div> <div style="margin: \
0px;"><span style="font-size: medium; color: rgba;"><strong>Subject: \
</strong></span><span style="font-size: medium;"><strong>SA Established, no \
ping</strong><br /></span></div> <div style="margin: 0px;"><span style="font-size: \
medium; color: rgba;"><strong>Date: </strong></span><span style="font-size: \
medium;">3 May, 2013 8:59:36 PM EDT<br /></span></div> <div style="margin: \
0px;"><span style="font-size: medium; color: rgba;"><strong>To: </strong></span><span \
style="font-size: medium;"><a \
href="mailto:users@lists.openswan.org">users@lists.openswan.org</a><br \
/></span></div> <br /><br />
<div dir="ltr">Hello, I am trying to establish connection between my mikrotik router \
and CentOS 6.4 server<br clear="all" /> <div>&nbsp;</div>
<div>Looks like ipsec tunnel is establishing, but i am not able to ping my \
router:</div> <div>&nbsp;</div>
<div>
<div>[root@ks3307690 ~]# ping 192.168.0.1</div>
<div>PING 192.168.0.1 (192.168.0.1) 56(84) bytes of data.</div>
<div>^C</div>
<div>--- 192.168.0.1 ping statistics ---</div>
<div>3 packets transmitted, 0 received, 100% packet loss, time 2285ms</div>
<div>&nbsp;</div>
<div>
<div>[root@ks3307690 ~]# traceroute 192.168.0.1</div>
<div>traceroute to 192.168.0.1 (192.168.0.1), 30 hops max, 60 byte packets</div>
<div>&nbsp;1 &nbsp;178.32.223.253 (178.32.223.253) &nbsp;0.842 ms^C</div>
<div>&nbsp;</div>
<div>here is the barf log:</div>
<div>
<div>[root@ks3307690 ~]# ipsec barf</div>
<div><a href="http://ks3307690.kimsufi.com/">ks3307690.kimsufi.com</a></div>
<div>Sat May &nbsp;4 02:55:49 CEST 2013</div>
<div>+ _________________________ version</div>
<div>+ ipsec --version</div>
<div>Linux Openswan U2.6.32/K2.6.32-358.6.1.el6.x86_64 (netkey)</div>
<div>See `ipsec --copyright' for copyright information.</div>
<div>+ _________________________ /proc/version</div>
<div>+ cat /proc/version</div>
<div>Linux version 2.6.32-358.6.1.el6.x86_64 (<a \
href="mailto:mockbuild@c6b9.bsys.dev.centos.org">mockbuild@c6b9.bsys.dev.centos.org</a>) \
(gcc version 4.4.7 20120313 (Red Hat 4.4.7-3) (GCC) ) #1 SMP Tue Apr 23 19:29:00 UTC \
2013</div> <div>+ _________________________ /proc/net/ipsec_eroute</div>
<div>+ test -r /proc/net/ipsec_eroute</div>
<div>+ _________________________ netstat-rn</div>
<div>+ netstat -nr</div>
<div>+ head -n 100</div>
<div>Kernel IP routing table</div>
<div>Destination &nbsp; &nbsp; Gateway &nbsp; &nbsp; &nbsp; &nbsp; Genmask &nbsp; \
&nbsp; &nbsp; &nbsp; Flags &nbsp; MSS Window &nbsp;irtt Iface</div> <div>178.32.223.0 \
&nbsp; &nbsp;0.0.0.0 &nbsp; &nbsp; &nbsp; &nbsp; 255.255.255.0 &nbsp; U &nbsp; &nbsp; \
&nbsp; &nbsp; 0 0 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;0 eth0</div> <div>0.0.0.0 &nbsp; \
&nbsp; &nbsp; &nbsp; 178.32.223.254 &nbsp;0.0.0.0 &nbsp; &nbsp; &nbsp; &nbsp; UG \
&nbsp; &nbsp; &nbsp; &nbsp;0 0 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;0 eth0</div> <div>+ \
_________________________ /proc/net/ipsec_spi</div> <div>+ test -r \
/proc/net/ipsec_spi</div> <div>+ _________________________ \
/proc/net/ipsec_spigrp</div> <div>+ test -r /proc/net/ipsec_spigrp</div>
<div>+ _________________________ /proc/net/ipsec_tncfg</div>
<div>+ test -r /proc/net/ipsec_tncfg</div>
<div>+ _________________________ /proc/net/pfkey</div>
<div>+ test -r /proc/net/pfkey</div>
<div>+ cat /proc/net/pfkey</div>
<div>sk &nbsp; &nbsp; &nbsp; RefCnt Rmem &nbsp; Wmem &nbsp; User &nbsp; Inode</div>
<div>+ _________________________ ip-xfrm-state</div>
<div>+ ip xfrm state</div>
<div>src 82.198.121.45 dst 179.34.222.31</div>
<div>&nbsp; &nbsp; &nbsp; &nbsp; proto esp spi 0x743427d2 reqid 16389 mode \
tunnel</div> <div>&nbsp; &nbsp; &nbsp; &nbsp; replay-window 32 flag 20</div>
<div>&nbsp; &nbsp; &nbsp; &nbsp; auth hmac(sha1) \
0x0ec98333b7b35011dd556775706927fb24bc91b4</div> <div>&nbsp; &nbsp; &nbsp; &nbsp; enc \
cbc(des3_ede) 0x5acc8c5560d040f567ead8e79977da51e0c50db968e4aa15</div> <div>src \
179.34.222.31 dst 82.198.121.45</div> <div>&nbsp; &nbsp; &nbsp; &nbsp; proto esp spi \
0x01eea26a reqid 16389 mode tunnel</div> <div>&nbsp; &nbsp; &nbsp; &nbsp; \
replay-window 32 flag 20</div> <div>&nbsp; &nbsp; &nbsp; &nbsp; auth hmac(sha1) \
0x2564bcea5b8774578011ab4ab09bd9323f436f16</div> <div>&nbsp; &nbsp; &nbsp; &nbsp; enc \
cbc(des3_ede) 0x059e52c2b2dd0dbca0342ff5be47c5a908f1be5bb4de6447</div> <div>+ \
_________________________ ip-xfrm-policy</div> <div>+ ip xfrm policy</div>
<div>src <a href="http://192.168.1.0/24">192.168.1.0/24</a> dst <a \
href="http://192.168.0.0/24">192.168.0.0/24</a></div> <div>&nbsp; &nbsp; &nbsp; \
&nbsp; dir out priority 2344 ptype main</div> <div>&nbsp; &nbsp; &nbsp; &nbsp; tmpl \
src 179.34.222.31 dst 82.198.121.45</div> <div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; \
&nbsp; &nbsp; &nbsp; proto esp reqid 16389 mode tunnel</div> <div>src <a \
href="http://192.168.0.0/24">192.168.0.0/24</a> dst <a \
href="http://192.168.1.0/24">192.168.1.0/24</a></div> <div>&nbsp; &nbsp; &nbsp; \
&nbsp; dir fwd priority 2344 ptype main</div> <div>&nbsp; &nbsp; &nbsp; &nbsp; tmpl \
src 82.198.121.45 dst 179.34.222.31</div> <div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; \
&nbsp; &nbsp; &nbsp; proto esp reqid 16389 mode tunnel</div> <div>src <a \
href="http://192.168.0.0/24">192.168.0.0/24</a> dst <a \
href="http://192.168.1.0/24">192.168.1.0/24</a></div> <div>&nbsp; &nbsp; &nbsp; \
&nbsp; dir in priority 2344 ptype main</div> <div>&nbsp; &nbsp; &nbsp; &nbsp; tmpl \
src 82.198.121.45 dst 179.34.222.31</div> <div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; \
&nbsp; &nbsp; &nbsp; proto esp reqid 16389 mode tunnel</div> <div>src ::/0 dst \
::/0</div> <div>&nbsp; &nbsp; &nbsp; &nbsp; dir 4 priority 0 ptype main</div>
<div>src ::/0 dst ::/0</div>
<div>&nbsp; &nbsp; &nbsp; &nbsp; dir 3 priority 0 ptype main</div>
<div>src ::/0 dst ::/0</div>
<div>&nbsp; &nbsp; &nbsp; &nbsp; dir 4 priority 0 ptype main</div>
<div>src ::/0 dst ::/0</div>
<div>&nbsp; &nbsp; &nbsp; &nbsp; dir 3 priority 0 ptype main</div>
<div>src <a href="http://0.0.0.0/0">0.0.0.0/0</a> dst <a \
href="http://0.0.0.0/0">0.0.0.0/0</a></div> <div>&nbsp; &nbsp; &nbsp; &nbsp; dir 4 \
priority 0 ptype main</div> <div>src <a href="http://0.0.0.0/0">0.0.0.0/0</a> dst <a \
href="http://0.0.0.0/0">0.0.0.0/0</a></div> <div>&nbsp; &nbsp; &nbsp; &nbsp; dir 3 \
priority 0 ptype main</div> <div>src <a href="http://0.0.0.0/0">0.0.0.0/0</a> dst <a \
href="http://0.0.0.0/0">0.0.0.0/0</a></div> <div>&nbsp; &nbsp; &nbsp; &nbsp; dir 4 \
priority 0 ptype main</div> <div>src <a href="http://0.0.0.0/0">0.0.0.0/0</a> dst <a \
href="http://0.0.0.0/0">0.0.0.0/0</a></div> <div>&nbsp; &nbsp; &nbsp; &nbsp; dir 3 \
priority 0 ptype main</div> <div>src <a href="http://0.0.0.0/0">0.0.0.0/0</a> dst <a \
href="http://0.0.0.0/0">0.0.0.0/0</a></div> <div>&nbsp; &nbsp; &nbsp; &nbsp; dir 4 \
priority 0 ptype main</div> <div>src <a href="http://0.0.0.0/0">0.0.0.0/0</a> dst <a \
href="http://0.0.0.0/0">0.0.0.0/0</a></div> <div>&nbsp; &nbsp; &nbsp; &nbsp; dir 3 \
priority 0 ptype main</div> <div>src <a href="http://0.0.0.0/0">0.0.0.0/0</a> dst <a \
href="http://0.0.0.0/0">0.0.0.0/0</a></div> <div>&nbsp; &nbsp; &nbsp; &nbsp; dir 4 \
priority 0 ptype main</div> <div>src <a href="http://0.0.0.0/0">0.0.0.0/0</a> dst <a \
href="http://0.0.0.0/0">0.0.0.0/0</a></div> <div>&nbsp; &nbsp; &nbsp; &nbsp; dir 3 \
priority 0 ptype main</div> <div>+ _________________________ /proc/crypto</div>
<div>+ test -r /proc/crypto</div>
<div>+ cat /proc/crypto</div>
<div>name &nbsp; &nbsp; &nbsp; &nbsp; : authenc(hmac(sha1),cbc(des3_ede))</div>
<div>driver &nbsp; &nbsp; &nbsp; : \
authenc(hmac(sha1-generic),cbc(des3_ede-generic))</div> <div>module &nbsp; &nbsp; \
&nbsp; : authenc</div> <div>priority &nbsp; &nbsp; : 0</div>
<div>refcnt &nbsp; &nbsp; &nbsp; : 3</div>
<div>selftest &nbsp; &nbsp; : passed</div>
<div>type &nbsp; &nbsp; &nbsp; &nbsp; : aead</div>
<div>async &nbsp; &nbsp; &nbsp; &nbsp;: no</div>
<div>blocksize &nbsp; &nbsp;: 8</div>
<div>ivsize &nbsp; &nbsp; &nbsp; : 8</div>
<div>maxauthsize &nbsp;: 20</div>
<div>geniv &nbsp; &nbsp; &nbsp; &nbsp;: &lt;built-in&gt;</div>
<div>&nbsp;</div>
<div>name &nbsp; &nbsp; &nbsp; &nbsp; : cbc(des3_ede)</div>
<div>driver &nbsp; &nbsp; &nbsp; : cbc(des3_ede-generic)</div>
<div>module &nbsp; &nbsp; &nbsp; : kernel</div>
<div>priority &nbsp; &nbsp; : 0</div>
<div>refcnt &nbsp; &nbsp; &nbsp; : 3</div>
<div>selftest &nbsp; &nbsp; : passed</div>
<div>type &nbsp; &nbsp; &nbsp; &nbsp; : givcipher</div>
<div>async &nbsp; &nbsp; &nbsp; &nbsp;: no</div>
<div>blocksize &nbsp; &nbsp;: 8</div>
<div>min keysize &nbsp;: 24</div>
<div>max keysize &nbsp;: 24</div>
<div>ivsize &nbsp; &nbsp; &nbsp; : 8</div>
<div>geniv &nbsp; &nbsp; &nbsp; &nbsp;: eseqiv</div>
<div>&nbsp;</div>
<div>name &nbsp; &nbsp; &nbsp; &nbsp; : deflate</div>
<div>driver &nbsp; &nbsp; &nbsp; : deflate-generic</div>
<div>module &nbsp; &nbsp; &nbsp; : deflate</div>
<div>priority &nbsp; &nbsp; : 0</div>
<div>refcnt &nbsp; &nbsp; &nbsp; : 1</div>
<div>selftest &nbsp; &nbsp; : passed</div>
<div>type &nbsp; &nbsp; &nbsp; &nbsp; : compression</div>
<div>&nbsp;</div>
<div>name &nbsp; &nbsp; &nbsp; &nbsp; : rfc3686(ctr(aes))</div>
<div>driver &nbsp; &nbsp; &nbsp; : rfc3686(ctr(aes-asm))</div>
<div>module &nbsp; &nbsp; &nbsp; : ctr</div>
<div>priority &nbsp; &nbsp; : 200</div>
<div>refcnt &nbsp; &nbsp; &nbsp; : 1</div>
<div>selftest &nbsp; &nbsp; : passed</div>
<div>type &nbsp; &nbsp; &nbsp; &nbsp; : blkcipher</div>
<div>blocksize &nbsp; &nbsp;: 1</div>
<div>min keysize &nbsp;: 20</div>
<div>max keysize &nbsp;: 36</div>
<div>ivsize &nbsp; &nbsp; &nbsp; : 8</div>
<div>geniv &nbsp; &nbsp; &nbsp; &nbsp;: seqiv</div>
<div>&nbsp;</div>
<div>name &nbsp; &nbsp; &nbsp; &nbsp; : ctr(aes)</div>
<div>driver &nbsp; &nbsp; &nbsp; : ctr(aes-asm)</div>
<div>module &nbsp; &nbsp; &nbsp; : ctr</div>
<div>priority &nbsp; &nbsp; : 200</div>
<div>refcnt &nbsp; &nbsp; &nbsp; : 1</div>
<div>selftest &nbsp; &nbsp; : passed</div>
<div>type &nbsp; &nbsp; &nbsp; &nbsp; : blkcipher</div>
<div>blocksize &nbsp; &nbsp;: 1</div>
<div>min keysize &nbsp;: 16</div>
<div>max keysize &nbsp;: 32</div>
<div>ivsize &nbsp; &nbsp; &nbsp; : 16</div>
<div>geniv &nbsp; &nbsp; &nbsp; &nbsp;: chainiv</div>
<div>&nbsp;</div>
<div>name &nbsp; &nbsp; &nbsp; &nbsp; : cbc(twofish)</div>
<div>driver &nbsp; &nbsp; &nbsp; : cbc(twofish-asm)</div>
<div>module &nbsp; &nbsp; &nbsp; : cbc</div>
<div>priority &nbsp; &nbsp; : 200</div>
<div>refcnt &nbsp; &nbsp; &nbsp; : 1</div>
<div>selftest &nbsp; &nbsp; : passed</div>
<div>type &nbsp; &nbsp; &nbsp; &nbsp; : blkcipher</div>
<div>blocksize &nbsp; &nbsp;: 16</div>
<div>min keysize &nbsp;: 16</div>
<div>max keysize &nbsp;: 32</div>
<div>ivsize &nbsp; &nbsp; &nbsp; : 16</div>
<div>geniv &nbsp; &nbsp; &nbsp; &nbsp;: &lt;default&gt;</div>
<div>&nbsp;</div>
<div>name &nbsp; &nbsp; &nbsp; &nbsp; : cbc(camellia)</div>
<div>driver &nbsp; &nbsp; &nbsp; : cbc(camellia-generic)</div>
<div>module &nbsp; &nbsp; &nbsp; : cbc</div>
<div>priority &nbsp; &nbsp; : 100</div>
<div>refcnt &nbsp; &nbsp; &nbsp; : 1</div>
<div>selftest &nbsp; &nbsp; : passed</div>
<div>type &nbsp; &nbsp; &nbsp; &nbsp; : blkcipher</div>
<div>blocksize &nbsp; &nbsp;: 16</div>
<div>min keysize &nbsp;: 16</div>
<div>max keysize &nbsp;: 32</div>
<div>ivsize &nbsp; &nbsp; &nbsp; : 16</div>
<div>geniv &nbsp; &nbsp; &nbsp; &nbsp;: &lt;default&gt;</div>
<div>&nbsp;</div>
<div>name &nbsp; &nbsp; &nbsp; &nbsp; : camellia</div>
<div>driver &nbsp; &nbsp; &nbsp; : camellia-generic</div>
<div>module &nbsp; &nbsp; &nbsp; : camellia</div>
<div>priority &nbsp; &nbsp; : 100</div>
<div>refcnt &nbsp; &nbsp; &nbsp; : 1</div>
<div>selftest &nbsp; &nbsp; : passed</div>
<div>type &nbsp; &nbsp; &nbsp; &nbsp; : cipher</div>
<div>blocksize &nbsp; &nbsp;: 16</div>
<div>min keysize &nbsp;: 16</div>
<div>max keysize &nbsp;: 32</div>
<div>&nbsp;</div>
<div>name &nbsp; &nbsp; &nbsp; &nbsp; : cbc(serpent)</div>
<div>driver &nbsp; &nbsp; &nbsp; : cbc(serpent-generic)</div>
<div>module &nbsp; &nbsp; &nbsp; : cbc</div>
<div>priority &nbsp; &nbsp; : 0</div>
<div>refcnt &nbsp; &nbsp; &nbsp; : 1</div>
<div>selftest &nbsp; &nbsp; : passed</div>
<div>type &nbsp; &nbsp; &nbsp; &nbsp; : blkcipher</div>
<div>blocksize &nbsp; &nbsp;: 16</div>
<div>min keysize &nbsp;: 0</div>
<div>max keysize &nbsp;: 32</div>
<div>ivsize &nbsp; &nbsp; &nbsp; : 16</div>
<div>geniv &nbsp; &nbsp; &nbsp; &nbsp;: &lt;default&gt;</div>
<div>&nbsp;</div>
<div>name &nbsp; &nbsp; &nbsp; &nbsp; : cbc(aes)</div>
<div>driver &nbsp; &nbsp; &nbsp; : cbc(aes-asm)</div>
<div>module &nbsp; &nbsp; &nbsp; : cbc</div>
<div>priority &nbsp; &nbsp; : 200</div>
<div>refcnt &nbsp; &nbsp; &nbsp; : 1</div>
<div>selftest &nbsp; &nbsp; : passed</div>
<div>type &nbsp; &nbsp; &nbsp; &nbsp; : blkcipher</div>
<div>blocksize &nbsp; &nbsp;: 16</div>
<div>min keysize &nbsp;: 16</div>
<div>max keysize &nbsp;: 32</div>
<div>ivsize &nbsp; &nbsp; &nbsp; : 16</div>
<div>geniv &nbsp; &nbsp; &nbsp; &nbsp;: &lt;default&gt;</div>
<div>&nbsp;</div>
<div>name &nbsp; &nbsp; &nbsp; &nbsp; : cbc(blowfish)</div>
<div>driver &nbsp; &nbsp; &nbsp; : cbc(blowfish-generic)</div>
<div>module &nbsp; &nbsp; &nbsp; : cbc</div>
<div>priority &nbsp; &nbsp; : 0</div>
<div>refcnt &nbsp; &nbsp; &nbsp; : 1</div>
<div>selftest &nbsp; &nbsp; : passed</div>
<div>type &nbsp; &nbsp; &nbsp; &nbsp; : blkcipher</div>
<div>blocksize &nbsp; &nbsp;: 8</div>
<div>min keysize &nbsp;: 4</div>
<div>max keysize &nbsp;: 56</div>
<div>ivsize &nbsp; &nbsp; &nbsp; : 8</div>
<div>geniv &nbsp; &nbsp; &nbsp; &nbsp;: &lt;default&gt;</div>
<div>&nbsp;</div>
<div>name &nbsp; &nbsp; &nbsp; &nbsp; : cbc(cast5)</div>
<div>driver &nbsp; &nbsp; &nbsp; : cbc(cast5-generic)</div>
<div>module &nbsp; &nbsp; &nbsp; : cbc</div>
<div>priority &nbsp; &nbsp; : 0</div>
<div>refcnt &nbsp; &nbsp; &nbsp; : 1</div>
<div>selftest &nbsp; &nbsp; : passed</div>
<div>type &nbsp; &nbsp; &nbsp; &nbsp; : blkcipher</div>
<div>blocksize &nbsp; &nbsp;: 8</div>
<div>min keysize &nbsp;: 5</div>
<div>max keysize &nbsp;: 16</div>
<div>ivsize &nbsp; &nbsp; &nbsp; : 8</div>
<div>geniv &nbsp; &nbsp; &nbsp; &nbsp;: &lt;default&gt;</div>
<div>&nbsp;</div>
<div>name &nbsp; &nbsp; &nbsp; &nbsp; : cast5</div>
<div>driver &nbsp; &nbsp; &nbsp; : cast5-generic</div>
<div>module &nbsp; &nbsp; &nbsp; : cast5</div>
<div>priority &nbsp; &nbsp; : 0</div>
<div>refcnt &nbsp; &nbsp; &nbsp; : 1</div>
<div>selftest &nbsp; &nbsp; : passed</div>
<div>type &nbsp; &nbsp; &nbsp; &nbsp; : cipher</div>
<div>blocksize &nbsp; &nbsp;: 8</div>
<div>min keysize &nbsp;: 5</div>
<div>max keysize &nbsp;: 16</div>
<div>&nbsp;</div>
<div>name &nbsp; &nbsp; &nbsp; &nbsp; : cbc(des3_ede)</div>
<div>driver &nbsp; &nbsp; &nbsp; : cbc(des3_ede-generic)</div>
<div>module &nbsp; &nbsp; &nbsp; : cbc</div>
<div>priority &nbsp; &nbsp; : 0</div>
<div>refcnt &nbsp; &nbsp; &nbsp; : 3</div>
<div>selftest &nbsp; &nbsp; : passed</div>
<div>type &nbsp; &nbsp; &nbsp; &nbsp; : blkcipher</div>
<div>blocksize &nbsp; &nbsp;: 8</div>
<div>min keysize &nbsp;: 24</div>
<div>max keysize &nbsp;: 24</div>
<div>ivsize &nbsp; &nbsp; &nbsp; : 8</div>
<div>geniv &nbsp; &nbsp; &nbsp; &nbsp;: &lt;default&gt;</div>
<div>&nbsp;</div>
<div>name &nbsp; &nbsp; &nbsp; &nbsp; : cbc(des)</div>
<div>driver &nbsp; &nbsp; &nbsp; : cbc(des-generic)</div>
<div>module &nbsp; &nbsp; &nbsp; : cbc</div>
<div>priority &nbsp; &nbsp; : 0</div>
<div>refcnt &nbsp; &nbsp; &nbsp; : 1</div>
<div>selftest &nbsp; &nbsp; : passed</div>
<div>type &nbsp; &nbsp; &nbsp; &nbsp; : blkcipher</div>
<div>blocksize &nbsp; &nbsp;: 8</div>
<div>min keysize &nbsp;: 8</div>
<div>max keysize &nbsp;: 8</div>
<div>ivsize &nbsp; &nbsp; &nbsp; : 8</div>
<div>geniv &nbsp; &nbsp; &nbsp; &nbsp;: &lt;default&gt;</div>
<div>&nbsp;</div>
<div>name &nbsp; &nbsp; &nbsp; &nbsp; : xcbc(aes)</div>
<div>driver &nbsp; &nbsp; &nbsp; : xcbc(aes-asm)</div>
<div>module &nbsp; &nbsp; &nbsp; : xcbc</div>
<div>priority &nbsp; &nbsp; : 200</div>
<div>refcnt &nbsp; &nbsp; &nbsp; : 1</div>
<div>selftest &nbsp; &nbsp; : passed</div>
<div>type &nbsp; &nbsp; &nbsp; &nbsp; : shash</div>
<div>blocksize &nbsp; &nbsp;: 16</div>
<div>digestsize &nbsp; : 16</div>
<div>&nbsp;</div>
<div>name &nbsp; &nbsp; &nbsp; &nbsp; : hmac(rmd160)</div>
<div>driver &nbsp; &nbsp; &nbsp; : hmac(rmd160-generic)</div>
<div>module &nbsp; &nbsp; &nbsp; : kernel</div>
<div>priority &nbsp; &nbsp; : 0</div>
<div>refcnt &nbsp; &nbsp; &nbsp; : 1</div>
<div>selftest &nbsp; &nbsp; : passed</div>
<div>type &nbsp; &nbsp; &nbsp; &nbsp; : shash</div>
<div>blocksize &nbsp; &nbsp;: 64</div>
<div>digestsize &nbsp; : 20</div>
<div>&nbsp;</div>
<div>name &nbsp; &nbsp; &nbsp; &nbsp; : rmd160</div>
<div>driver &nbsp; &nbsp; &nbsp; : rmd160-generic</div>
<div>module &nbsp; &nbsp; &nbsp; : rmd160</div>
<div>priority &nbsp; &nbsp; : 0</div>
<div>refcnt &nbsp; &nbsp; &nbsp; : 1</div>
<div>selftest &nbsp; &nbsp; : passed</div>
<div>type &nbsp; &nbsp; &nbsp; &nbsp; : shash</div>
<div>blocksize &nbsp; &nbsp;: 64</div>
<div>digestsize &nbsp; : 20</div>
<div>&nbsp;</div>
<div>name &nbsp; &nbsp; &nbsp; &nbsp; : hmac(sha512)</div>
<div>driver &nbsp; &nbsp; &nbsp; : hmac(sha512-generic)</div>
<div>module &nbsp; &nbsp; &nbsp; : kernel</div>
<div>priority &nbsp; &nbsp; : 0</div>
<div>refcnt &nbsp; &nbsp; &nbsp; : 1</div>
<div>selftest &nbsp; &nbsp; : passed</div>
<div>type &nbsp; &nbsp; &nbsp; &nbsp; : shash</div>
<div>blocksize &nbsp; &nbsp;: 128</div>
<div>digestsize &nbsp; : 64</div>
<div>&nbsp;</div>
<div>name &nbsp; &nbsp; &nbsp; &nbsp; : hmac(sha384)</div>
<div>driver &nbsp; &nbsp; &nbsp; : hmac(sha384-generic)</div>
<div>module &nbsp; &nbsp; &nbsp; : kernel</div>
<div>priority &nbsp; &nbsp; : 0</div>
<div>refcnt &nbsp; &nbsp; &nbsp; : 1</div>
<div>selftest &nbsp; &nbsp; : passed</div>
<div>type &nbsp; &nbsp; &nbsp; &nbsp; : shash</div>
<div>blocksize &nbsp; &nbsp;: 128</div>
<div>digestsize &nbsp; : 48</div>
<div>&nbsp;</div>
<div>name &nbsp; &nbsp; &nbsp; &nbsp; : hmac(sha256)</div>
<div>driver &nbsp; &nbsp; &nbsp; : hmac(sha256-generic)</div>
<div>module &nbsp; &nbsp; &nbsp; : kernel</div>
<div>priority &nbsp; &nbsp; : 0</div>
<div>refcnt &nbsp; &nbsp; &nbsp; : 1</div>
<div>selftest &nbsp; &nbsp; : passed</div>
<div>type &nbsp; &nbsp; &nbsp; &nbsp; : shash</div>
<div>blocksize &nbsp; &nbsp;: 64</div>
<div>digestsize &nbsp; : 32</div>
<div>&nbsp;</div>
<div>name &nbsp; &nbsp; &nbsp; &nbsp; : hmac(sha1)</div>
<div>driver &nbsp; &nbsp; &nbsp; : hmac(sha1-generic)</div>
<div>module &nbsp; &nbsp; &nbsp; : kernel</div>
<div>priority &nbsp; &nbsp; : 0</div>
<div>refcnt &nbsp; &nbsp; &nbsp; : 5</div>
<div>selftest &nbsp; &nbsp; : passed</div>
<div>type &nbsp; &nbsp; &nbsp; &nbsp; : shash</div>
<div>blocksize &nbsp; &nbsp;: 64</div>
<div>digestsize &nbsp; : 20</div>
<div>&nbsp;</div>
<div>name &nbsp; &nbsp; &nbsp; &nbsp; : hmac(md5)</div>
<div>driver &nbsp; &nbsp; &nbsp; : hmac(md5-generic)</div>
<div>module &nbsp; &nbsp; &nbsp; : kernel</div>
<div>priority &nbsp; &nbsp; : 0</div>
<div>refcnt &nbsp; &nbsp; &nbsp; : 1</div>
<div>selftest &nbsp; &nbsp; : passed</div>
<div>type &nbsp; &nbsp; &nbsp; &nbsp; : shash</div>
<div>blocksize &nbsp; &nbsp;: 64</div>
<div>digestsize &nbsp; : 16</div>
<div>&nbsp;</div>
<div>name &nbsp; &nbsp; &nbsp; &nbsp; : compress_null</div>
<div>driver &nbsp; &nbsp; &nbsp; : compress_null-generic</div>
<div>module &nbsp; &nbsp; &nbsp; : crypto_null</div>
<div>priority &nbsp; &nbsp; : 0</div>
<div>refcnt &nbsp; &nbsp; &nbsp; : 1</div>
<div>selftest &nbsp; &nbsp; : passed</div>
<div>type &nbsp; &nbsp; &nbsp; &nbsp; : compression</div>
<div>&nbsp;</div>
<div>name &nbsp; &nbsp; &nbsp; &nbsp; : digest_null</div>
<div>driver &nbsp; &nbsp; &nbsp; : digest_null-generic</div>
<div>module &nbsp; &nbsp; &nbsp; : crypto_null</div>
<div>priority &nbsp; &nbsp; : 0</div>
<div>refcnt &nbsp; &nbsp; &nbsp; : 1</div>
<div>selftest &nbsp; &nbsp; : passed</div>
<div>type &nbsp; &nbsp; &nbsp; &nbsp; : shash</div>
<div>blocksize &nbsp; &nbsp;: 1</div>
<div>digestsize &nbsp; : 0</div>
<div>&nbsp;</div>
<div>name &nbsp; &nbsp; &nbsp; &nbsp; : ecb(cipher_null)</div>
<div>driver &nbsp; &nbsp; &nbsp; : ecb-cipher_null</div>
<div>module &nbsp; &nbsp; &nbsp; : crypto_null</div>
<div>priority &nbsp; &nbsp; : 100</div>
<div>refcnt &nbsp; &nbsp; &nbsp; : 1</div>
<div>selftest &nbsp; &nbsp; : passed</div>
<div>type &nbsp; &nbsp; &nbsp; &nbsp; : blkcipher</div>
<div>blocksize &nbsp; &nbsp;: 1</div>
<div>min keysize &nbsp;: 0</div>
<div>max keysize &nbsp;: 0</div>
<div>ivsize &nbsp; &nbsp; &nbsp; : 0</div>
<div>geniv &nbsp; &nbsp; &nbsp; &nbsp;: &lt;default&gt;</div>
<div>&nbsp;</div>
<div>name &nbsp; &nbsp; &nbsp; &nbsp; : cipher_null</div>
<div>driver &nbsp; &nbsp; &nbsp; : cipher_null-generic</div>
<div>module &nbsp; &nbsp; &nbsp; : crypto_null</div>
<div>priority &nbsp; &nbsp; : 0</div>
<div>refcnt &nbsp; &nbsp; &nbsp; : 1</div>
<div>selftest &nbsp; &nbsp; : passed</div>
<div>type &nbsp; &nbsp; &nbsp; &nbsp; : cipher</div>
<div>blocksize &nbsp; &nbsp;: 1</div>
<div>min keysize &nbsp;: 0</div>
<div>max keysize &nbsp;: 0</div>
<div>&nbsp;</div>
<div>name &nbsp; &nbsp; &nbsp; &nbsp; : tnepres</div>
<div>driver &nbsp; &nbsp; &nbsp; : tnepres-generic</div>
<div>module &nbsp; &nbsp; &nbsp; : serpent</div>
<div>priority &nbsp; &nbsp; : 0</div>
<div>refcnt &nbsp; &nbsp; &nbsp; : 1</div>
<div>selftest &nbsp; &nbsp; : passed</div>
<div>type &nbsp; &nbsp; &nbsp; &nbsp; : cipher</div>
<div>blocksize &nbsp; &nbsp;: 16</div>
<div>min keysize &nbsp;: 0</div>
<div>max keysize &nbsp;: 32</div>
<div>&nbsp;</div>
<div>name &nbsp; &nbsp; &nbsp; &nbsp; : serpent</div>
<div>driver &nbsp; &nbsp; &nbsp; : serpent-generic</div>
<div>module &nbsp; &nbsp; &nbsp; : serpent</div>
<div>priority &nbsp; &nbsp; : 0</div>
<div>refcnt &nbsp; &nbsp; &nbsp; : 1</div>
<div>selftest &nbsp; &nbsp; : passed</div>
<div>type &nbsp; &nbsp; &nbsp; &nbsp; : cipher</div>
<div>blocksize &nbsp; &nbsp;: 16</div>
<div>min keysize &nbsp;: 0</div>
<div>max keysize &nbsp;: 32</div>
<div>&nbsp;</div>
<div>name &nbsp; &nbsp; &nbsp; &nbsp; : blowfish</div>
<div>driver &nbsp; &nbsp; &nbsp; : blowfish-generic</div>
<div>module &nbsp; &nbsp; &nbsp; : blowfish</div>
<div>priority &nbsp; &nbsp; : 0</div>
<div>refcnt &nbsp; &nbsp; &nbsp; : 1</div>
<div>selftest &nbsp; &nbsp; : passed</div>
<div>type &nbsp; &nbsp; &nbsp; &nbsp; : cipher</div>
<div>blocksize &nbsp; &nbsp;: 8</div>
<div>min keysize &nbsp;: 4</div>
<div>max keysize &nbsp;: 56</div>
<div>&nbsp;</div>
<div>name &nbsp; &nbsp; &nbsp; &nbsp; : twofish</div>
<div>driver &nbsp; &nbsp; &nbsp; : twofish-asm</div>
<div>module &nbsp; &nbsp; &nbsp; : twofish_x86_64</div>
<div>priority &nbsp; &nbsp; : 200</div>
<div>refcnt &nbsp; &nbsp; &nbsp; : 1</div>
<div>selftest &nbsp; &nbsp; : passed</div>
<div>type &nbsp; &nbsp; &nbsp; &nbsp; : cipher</div>
<div>blocksize &nbsp; &nbsp;: 16</div>
<div>min keysize &nbsp;: 16</div>
<div>max keysize &nbsp;: 32</div>
<div>&nbsp;</div>
<div>name &nbsp; &nbsp; &nbsp; &nbsp; : sha256</div>
<div>driver &nbsp; &nbsp; &nbsp; : sha256-generic</div>
<div>module &nbsp; &nbsp; &nbsp; : sha256_generic</div>
<div>priority &nbsp; &nbsp; : 0</div>
<div>refcnt &nbsp; &nbsp; &nbsp; : 1</div>
<div>selftest &nbsp; &nbsp; : passed</div>
<div>type &nbsp; &nbsp; &nbsp; &nbsp; : shash</div>
<div>blocksize &nbsp; &nbsp;: 64</div>
<div>digestsize &nbsp; : 32</div>
<div>&nbsp;</div>
<div>name &nbsp; &nbsp; &nbsp; &nbsp; : sha224</div>
<div>driver &nbsp; &nbsp; &nbsp; : sha224-generic</div>
<div>module &nbsp; &nbsp; &nbsp; : sha256_generic</div>
<div>priority &nbsp; &nbsp; : 0</div>
<div>refcnt &nbsp; &nbsp; &nbsp; : 1</div>
<div>selftest &nbsp; &nbsp; : passed</div>
<div>type &nbsp; &nbsp; &nbsp; &nbsp; : shash</div>
<div>blocksize &nbsp; &nbsp;: 64</div>
<div>digestsize &nbsp; : 28</div>
<div>&nbsp;</div>
<div>name &nbsp; &nbsp; &nbsp; &nbsp; : sha512</div>
<div>driver &nbsp; &nbsp; &nbsp; : sha512-generic</div>
<div>module &nbsp; &nbsp; &nbsp; : sha512_generic</div>
<div>priority &nbsp; &nbsp; : 0</div>
<div>refcnt &nbsp; &nbsp; &nbsp; : 1</div>
<div>selftest &nbsp; &nbsp; : passed</div>
<div>type &nbsp; &nbsp; &nbsp; &nbsp; : shash</div>
<div>blocksize &nbsp; &nbsp;: 128</div>
<div>digestsize &nbsp; : 64</div>
<div>&nbsp;</div>
<div>name &nbsp; &nbsp; &nbsp; &nbsp; : sha384</div>
<div>driver &nbsp; &nbsp; &nbsp; : sha384-generic</div>
<div>module &nbsp; &nbsp; &nbsp; : sha512_generic</div>
<div>priority &nbsp; &nbsp; : 0</div>
<div>refcnt &nbsp; &nbsp; &nbsp; : 1</div>
<div>selftest &nbsp; &nbsp; : passed</div>
<div>type &nbsp; &nbsp; &nbsp; &nbsp; : shash</div>
<div>blocksize &nbsp; &nbsp;: 128</div>
<div>digestsize &nbsp; : 48</div>
<div>&nbsp;</div>
<div>name &nbsp; &nbsp; &nbsp; &nbsp; : des3_ede</div>
<div>driver &nbsp; &nbsp; &nbsp; : des3_ede-generic</div>
<div>module &nbsp; &nbsp; &nbsp; : des_generic</div>
<div>priority &nbsp; &nbsp; : 0</div>
<div>refcnt &nbsp; &nbsp; &nbsp; : 3</div>
<div>selftest &nbsp; &nbsp; : passed</div>
<div>type &nbsp; &nbsp; &nbsp; &nbsp; : cipher</div>
<div>blocksize &nbsp; &nbsp;: 8</div>
<div>min keysize &nbsp;: 24</div>
<div>max keysize &nbsp;: 24</div>
<div>&nbsp;</div>
<div>name &nbsp; &nbsp; &nbsp; &nbsp; : des</div>
<div>driver &nbsp; &nbsp; &nbsp; : des-generic</div>
<div>module &nbsp; &nbsp; &nbsp; : des_generic</div>
<div>priority &nbsp; &nbsp; : 0</div>
<div>refcnt &nbsp; &nbsp; &nbsp; : 1</div>
<div>selftest &nbsp; &nbsp; : passed</div>
<div>type &nbsp; &nbsp; &nbsp; &nbsp; : cipher</div>
<div>blocksize &nbsp; &nbsp;: 8</div>
<div>min keysize &nbsp;: 8</div>
<div>max keysize &nbsp;: 8</div>
<div>&nbsp;</div>
<div>name &nbsp; &nbsp; &nbsp; &nbsp; : aes</div>
<div>driver &nbsp; &nbsp; &nbsp; : aes-asm</div>
<div>module &nbsp; &nbsp; &nbsp; : aes_x86_64</div>
<div>priority &nbsp; &nbsp; : 200</div>
<div>refcnt &nbsp; &nbsp; &nbsp; : 1</div>
<div>selftest &nbsp; &nbsp; : passed</div>
<div>type &nbsp; &nbsp; &nbsp; &nbsp; : cipher</div>
<div>blocksize &nbsp; &nbsp;: 16</div>
<div>min keysize &nbsp;: 16</div>
<div>max keysize &nbsp;: 32</div>
<div>&nbsp;</div>
<div>name &nbsp; &nbsp; &nbsp; &nbsp; : aes</div>
<div>driver &nbsp; &nbsp; &nbsp; : aes-generic</div>
<div>module &nbsp; &nbsp; &nbsp; : aes_generic</div>
<div>priority &nbsp; &nbsp; : 100</div>
<div>refcnt &nbsp; &nbsp; &nbsp; : 1</div>
<div>selftest &nbsp; &nbsp; : passed</div>
<div>type &nbsp; &nbsp; &nbsp; &nbsp; : cipher</div>
<div>blocksize &nbsp; &nbsp;: 16</div>
<div>min keysize &nbsp;: 16</div>
<div>max keysize &nbsp;: 32</div>
<div>&nbsp;</div>
<div>name &nbsp; &nbsp; &nbsp; &nbsp; : stdrng</div>
<div>driver &nbsp; &nbsp; &nbsp; : krng</div>
<div>module &nbsp; &nbsp; &nbsp; : kernel</div>
<div>priority &nbsp; &nbsp; : 200</div>
<div>refcnt &nbsp; &nbsp; &nbsp; : 2</div>
<div>selftest &nbsp; &nbsp; : passed</div>
<div>type &nbsp; &nbsp; &nbsp; &nbsp; : rng</div>
<div>seedsize &nbsp; &nbsp; : 0</div>
<div>&nbsp;</div>
<div>name &nbsp; &nbsp; &nbsp; &nbsp; : crc32c</div>
<div>driver &nbsp; &nbsp; &nbsp; : crc32c-generic</div>
<div>module &nbsp; &nbsp; &nbsp; : kernel</div>
<div>priority &nbsp; &nbsp; : 100</div>
<div>refcnt &nbsp; &nbsp; &nbsp; : 1</div>
<div>selftest &nbsp; &nbsp; : passed</div>
<div>type &nbsp; &nbsp; &nbsp; &nbsp; : shash</div>
<div>blocksize &nbsp; &nbsp;: 1</div>
<div>digestsize &nbsp; : 4</div>
<div>&nbsp;</div>
<div>name &nbsp; &nbsp; &nbsp; &nbsp; : sha1</div>
<div>driver &nbsp; &nbsp; &nbsp; : sha1-generic</div>
<div>module &nbsp; &nbsp; &nbsp; : kernel</div>
<div>priority &nbsp; &nbsp; : 0</div>
<div>refcnt &nbsp; &nbsp; &nbsp; : 3</div>
<div>selftest &nbsp; &nbsp; : passed</div>
<div>type &nbsp; &nbsp; &nbsp; &nbsp; : shash</div>
<div>blocksize &nbsp; &nbsp;: 64</div>
<div>digestsize &nbsp; : 20</div>
<div>&nbsp;</div>
<div>name &nbsp; &nbsp; &nbsp; &nbsp; : md5</div>
<div>driver &nbsp; &nbsp; &nbsp; : md5-generic</div>
<div>module &nbsp; &nbsp; &nbsp; : kernel</div>
<div>priority &nbsp; &nbsp; : 0</div>
<div>refcnt &nbsp; &nbsp; &nbsp; : 1</div>
<div>selftest &nbsp; &nbsp; : passed</div>
<div>type &nbsp; &nbsp; &nbsp; &nbsp; : shash</div>
<div>blocksize &nbsp; &nbsp;: 64</div>
<div>digestsize &nbsp; : 16</div>
<div>&nbsp;</div>
<div>+ __________________________/proc/sys/net/core/xfrm-star</div>
<div>/usr/libexec/ipsec/barf: line 190: \
__________________________/proc/sys/net/core/xfrm-star: No such file or \
directory</div> <div>+ for i in '/proc/sys/net/core/xfrm_*'</div>
<div>+ echo -n '/proc/sys/net/core/xfrm_acq_expires: '</div>
<div>/proc/sys/net/core/xfrm_acq_expires: + cat \
/proc/sys/net/core/xfrm_acq_expires</div> <div>30</div>
<div>+ for i in '/proc/sys/net/core/xfrm_*'</div>
<div>+ echo -n '/proc/sys/net/core/xfrm_aevent_etime: '</div>
<div>/proc/sys/net/core/xfrm_aevent_etime: + cat \
/proc/sys/net/core/xfrm_aevent_etime</div> <div>10</div>
<div>+ for i in '/proc/sys/net/core/xfrm_*'</div>
<div>+ echo -n '/proc/sys/net/core/xfrm_aevent_rseqth: '</div>
<div>/proc/sys/net/core/xfrm_aevent_rseqth: + cat \
/proc/sys/net/core/xfrm_aevent_rseqth</div> <div>2</div>
<div>+ for i in '/proc/sys/net/core/xfrm_*'</div>
<div>+ echo -n '/proc/sys/net/core/xfrm_larval_drop: '</div>
<div>/proc/sys/net/core/xfrm_larval_drop: + cat \
/proc/sys/net/core/xfrm_larval_drop</div> <div>1</div>
<div>+ _________________________ /proc/sys/net/ipsec-star</div>
<div>+ test -d /proc/sys/net/ipsec</div>
<div>+ _________________________ ipsec/status</div>
<div>+ ipsec auto --status</div>
<div>000 using kernel interface: netkey</div>
<div>000 interface eth0/eth0 2001:41d0:8:e242::1</div>
<div>000 interface lo/lo ::1</div>
<div>000 interface lo/lo 127.0.0.1</div>
<div>000 interface lo/lo 127.0.0.1</div>
<div>000 interface eth0/eth0 179.34.222.31</div>
<div>000 interface eth0/eth0 179.34.222.31</div>
<div>000 %myid = (none)</div>
<div>000 debug none</div>
<div>000</div>
<div>000 virtual_private (%priv):</div>
<div>000 - allowed 0 subnets:</div>
<div>000 - disallowed 0 subnets:</div>
<div>000 WARNING: Either virtual_private= is not specified, or there is a \
syntax</div> <div>000 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;error in that line. \
'left/rightsubnet=vhost:%priv' will not work!</div> <div>000 WARNING: Disallowed \
subnets in virtual_private= is empty. If you have</div> <div>000 &nbsp; &nbsp; &nbsp; \
&nbsp; &nbsp;private address space in internal use, it should be excluded!</div> \
<div>000</div> <div>000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, \
keysizemin=64, keysizemax=64</div> <div>000 algorithm ESP encrypt: id=3, \
name=ESP_3DES, ivlen=8, keysizemin=192, keysizemax=192</div> <div>000 algorithm ESP \
encrypt: id=6, name=ESP_CAST, ivlen=8, keysizemin=40, keysizemax=128</div> <div>000 \
algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8, keysizemin=40, \
keysizemax=448</div> <div>000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, \
keysizemin=0, keysizemax=0</div> <div>000 algorithm ESP encrypt: id=12, name=ESP_AES, \
ivlen=8, keysizemin=128, keysizemax=256</div> <div>000 algorithm ESP encrypt: id=13, \
name=ESP_AES_CTR, ivlen=8, keysizemin=128, keysizemax=256</div> <div>000 algorithm \
ESP encrypt: id=14, name=ESP_AES_CCM_A, ivlen=8, keysizemin=128, keysizemax=256</div> \
<div>000 algorithm ESP encrypt: id=15, name=ESP_AES_CCM_B, ivlen=8, keysizemin=128, \
keysizemax=256</div> <div>000 algorithm ESP encrypt: id=16, name=ESP_AES_CCM_C, \
ivlen=8, keysizemin=128, keysizemax=256</div> <div>000 algorithm ESP encrypt: id=18, \
name=ESP_AES_GCM_A, ivlen=8, keysizemin=128, keysizemax=256</div> <div>000 algorithm \
ESP encrypt: id=19, name=ESP_AES_GCM_B, ivlen=8, keysizemin=128, keysizemax=256</div> \
<div>000 algorithm ESP encrypt: id=20, name=ESP_AES_GCM_C, ivlen=8, keysizemin=128, \
keysizemax=256</div> <div>000 algorithm ESP encrypt: id=22, name=ESP_CAMELLIA, \
ivlen=8, keysizemin=128, keysizemax=256</div> <div>000 algorithm ESP encrypt: id=252, \
name=ESP_SERPENT, ivlen=8, keysizemin=128, keysizemax=256</div> <div>000 algorithm \
ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8, keysizemin=128, keysizemax=256</div> \
<div>000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, \
keysizemax=128</div> <div>000 algorithm ESP auth attr: id=2, \
name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160</div> <div>000 \
algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256, keysizemin=256, \
keysizemax=256</div> <div>000 algorithm ESP auth attr: id=6, \
name=AUTH_ALGORITHM_HMAC_SHA2_384, keysizemin=384, keysizemax=384</div> <div>000 \
algorithm ESP auth attr: id=7, name=AUTH_ALGORITHM_HMAC_SHA2_512, keysizemin=512, \
keysizemax=512</div> <div>000 algorithm ESP auth attr: id=8, \
name=AUTH_ALGORITHM_HMAC_RIPEMD, keysizemin=160, keysizemax=160</div> <div>000 \
algorithm ESP auth attr: id=9, name=AUTH_ALGORITHM_AES_CBC, keysizemin=128, \
keysizemax=128</div> <div>000 algorithm ESP auth attr: id=251, name=(null), \
keysizemin=0, keysizemax=0</div> <div>000</div>
<div>000 algorithm IKE encrypt: id=0, name=(null), blocksize=16, keydeflen=131</div>
<div>000 algorithm IKE encrypt: id=3, name=OAKLEY_BLOWFISH_CBC, blocksize=8, \
keydeflen=128</div> <div>000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, \
blocksize=8, keydeflen=192</div> <div>000 algorithm IKE encrypt: id=7, \
name=OAKLEY_AES_CBC, blocksize=16, keydeflen=128</div> <div>000 algorithm IKE \
encrypt: id=65004, name=OAKLEY_SERPENT_CBC, blocksize=16, keydeflen=128</div> \
<div>000 algorithm IKE encrypt: id=65005, name=OAKLEY_TWOFISH_CBC, blocksize=16, \
keydeflen=128</div> <div>000 algorithm IKE encrypt: id=65289, \
name=OAKLEY_TWOFISH_CBC_SSH, blocksize=16, keydeflen=128</div> <div>000 algorithm IKE \
hash: id=1, name=OAKLEY_MD5, hashsize=16</div> <div>000 algorithm IKE hash: id=2, \
name=OAKLEY_SHA1, hashsize=20</div> <div>000 algorithm IKE hash: id=4, \
name=OAKLEY_SHA2_256, hashsize=32</div> <div>000 algorithm IKE hash: id=6, \
name=OAKLEY_SHA2_512, hashsize=64</div> <div>000 algorithm IKE dh group: id=2, \
name=OAKLEY_GROUP_MODP1024, bits=1024</div> <div>000 algorithm IKE dh group: id=5, \
name=OAKLEY_GROUP_MODP1536, bits=1536</div> <div>000 algorithm IKE dh group: id=14, \
name=OAKLEY_GROUP_MODP2048, bits=2048</div> <div>000 algorithm IKE dh group: id=15, \
name=OAKLEY_GROUP_MODP3072, bits=3072</div> <div>000 algorithm IKE dh group: id=16, \
name=OAKLEY_GROUP_MODP4096, bits=4096</div> <div>000 algorithm IKE dh group: id=17, \
name=OAKLEY_GROUP_MODP6144, bits=6144</div> <div>000 algorithm IKE dh group: id=18, \
name=OAKLEY_GROUP_MODP8192, bits=8192</div> <div>000 algorithm IKE dh group: id=22, \
name=OAKLEY_GROUP_DH22, bits=1024</div> <div>000 algorithm IKE dh group: id=23, \
name=OAKLEY_GROUP_DH23, bits=2048</div> <div>000 algorithm IKE dh group: id=24, \
name=OAKLEY_GROUP_DH24, bits=2048</div> <div>000</div>
<div>000 stats db_ops: {curr_cnt, total_cnt, maxsz} :context={0,0,0} trans={0,0,0} \
attrs={0,0,0}</div> <div>000</div>
<div>000 "mikrotik": <a \
href="http://192.168.1.0/24===179.34.222.31">192.168.1.0/24===179.34.222.31</a>&lt;179 \
.34.222.31&gt;[+S=C]...192.168.0.1---82.198.121.45&lt;82.198.121.45&gt;[+S=C]===<a \
href="http://192.168.0.0/24">192.168.0.0/24</a>; erouted; eroute owner: #7</div> \
<div>000 "mikrotik": &nbsp; &nbsp; myip=unset; hisip=unset;</div> <div>000 \
"mikrotik": &nbsp; ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; \
rekey_fuzz: 100%; keyingtries: 0</div> <div>000 "mikrotik": &nbsp; policy: \
PSK+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW+SAREFTRACK+lKOD+rKOD; prio: 24,24; interface: \
eth0;</div> <div>000 "mikrotik": &nbsp; newest ISAKMP SA: #6; newest IPsec SA: \
#7;</div> <div>000 "mikrotik": &nbsp; IKE algorithm newest: \
3DES_CBC_192-SHA1-MODP1024</div> <div>000</div>
<div>000 #7: "mikrotik":500 STATE_QUICK_I2 (sent QI2, IPsec SA established); \
EVENT_SA_REPLACE in 27750s; newest IPSEC; eroute owner; isakmp#6; idle; import:admin \
initiate</div> <div>000 #7: "mikrotik" <a \
href="mailto:esp.1eea26a@82.198.121.45">esp.1eea26a@82.198.121.45</a> <a \
href="mailto:esp.743427d2@179.34.222.31">esp.743427d2@179.34.222.31</a> <a \
href="mailto:tun.0@82.198.121.45">tun.0@82.198.121.45</a> <a \
href="mailto:tun.0@179.34.222.31">tun.0@179.34.222.31</a> ref=0 \
refhim=4294901761</div> <div>000 #6: "mikrotik":500 STATE_MAIN_I4 (ISAKMP SA \
established); EVENT_SA_REPLACE in 2625s; newest ISAKMP; lastdpd=-1s(seq in:0 out:0); \
idle; import:admin initiate</div> <div>000</div>
<div>+ _________________________ ifconfig-a</div>
<div>+ ifconfig -a</div>
<div>eth0 &nbsp; &nbsp; &nbsp;Link encap:Ethernet &nbsp;HWaddr \
4C:72:B9:D1:C4:25</div> <div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; inet \
addr:179.34.222.31 &nbsp;Bcast:178.32.223.255 &nbsp;Mask:255.255.255.0</div> \
<div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; inet6 addr: 2001:41d0:8:e242::1/64 \
Scope:Global</div> <div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; inet6 addr: \
fe80::4e72:b9ff:fed1:c425/64 Scope:Link</div> <div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; \
UP BROADCAST RUNNING MULTICAST &nbsp;MTU:1500 &nbsp;Metric:1</div> <div>&nbsp; &nbsp; \
&nbsp; &nbsp; &nbsp; RX packets:17969 errors:0 dropped:0 overruns:0 frame:0</div> \
<div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; TX packets:48900 errors:0 dropped:0 \
overruns:0 carrier:0</div> <div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; collisions:0 \
txqueuelen:1000</div> <div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; RX bytes:1532137 (1.4 \
MiB) &nbsp;TX bytes:14568681 (13.8 MiB)</div> <div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; \
Interrupt:20 Memory:fe500000-fe520000</div> <div>&nbsp;</div>
<div>lo &nbsp; &nbsp; &nbsp; &nbsp;Link encap:Local Loopback</div>
<div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; inet addr:127.0.0.1 \
&nbsp;Mask:255.0.0.0</div> <div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; inet6 addr: \
::1/128 Scope:Host</div> <div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; UP LOOPBACK RUNNING \
&nbsp;MTU:16436 &nbsp;Metric:1</div> <div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; RX \
packets:248 errors:0 dropped:0 overruns:0 frame:0</div> <div>&nbsp; &nbsp; &nbsp; \
&nbsp; &nbsp; TX packets:248 errors:0 dropped:0 overruns:0 carrier:0</div> \
<div>&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; collisions:0 txqueuelen:0</div> <div>&nbsp; \
&nbsp; &nbsp; &nbsp; &nbsp; RX bytes:39867 (38.9 KiB) &nbsp;TX bytes:39867 (38.9 \
KiB)</div> <div>&nbsp;</div>
<div>+ _________________________ ip-addr-list</div>
<div>+ ip addr list</div>
<div>1: lo: &lt;LOOPBACK,UP,LOWER_UP&gt; mtu 16436 qdisc noqueue state UNKNOWN</div>
<div>&nbsp; &nbsp; link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00</div>
<div>&nbsp; &nbsp; inet <a href="http://127.0.0.1/8">127.0.0.1/8</a> scope host \
lo</div> <div>&nbsp; &nbsp; inet6 ::1/128 scope host</div>
<div>&nbsp; &nbsp; &nbsp; &nbsp;valid_lft forever preferred_lft forever</div>
<div>2: eth0: &lt;BROADCAST,MULTICAST,UP,LOWER_UP&gt; mtu 1500 qdisc pfifo_fast state \
UP qlen 1000</div> <div>&nbsp; &nbsp; link/ether 4c:72:b9:d1:c4:25 brd \
ff:ff:ff:ff:ff:ff</div> <div>&nbsp; &nbsp; inet <a \
href="http://179.34.222.31/24">179.34.222.31/24</a> brd 178.32.223.255 scope global \
eth0</div> <div>&nbsp; &nbsp; inet6 2001:41d0:8:e242::1/64 scope global</div>
<div>&nbsp; &nbsp; &nbsp; &nbsp;valid_lft forever preferred_lft forever</div>
<div>&nbsp; &nbsp; inet6 fe80::4e72:b9ff:fed1:c425/64 scope link</div>
<div>&nbsp; &nbsp; &nbsp; &nbsp;valid_lft forever preferred_lft forever</div>
<div>+ _________________________ ip-route-list</div>
<div>+ ip route list</div>
<div><a href="http://178.32.223.0/24">178.32.223.0/24</a> dev eth0 &nbsp;proto kernel \
&nbsp;scope link &nbsp;src 179.34.222.31</div> <div>default via 178.32.223.254 dev \
eth0</div> <div>+ _________________________ ip-rule-list</div>
<div>+ ip rule list</div>
<div>0: &nbsp; &nbsp; &nbsp;from all lookup local</div>
<div>32766: &nbsp;from all lookup main</div>
<div>32767: &nbsp;from all lookup default</div>
<div>+ _________________________ ipsec_verify</div>
<div>+ ipsec verify --nocolour</div>
<div>Checking your system to see if IPsec got installed and started correctly:</div>
<div>Version check and ipsec on-path &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; \
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; [OK]</div> <div>Linux \
Openswan U2.6.32/K2.6.32-358.6.1.el6.x86_64 (netkey)</div> <div>Checking for IPsec \
support in kernel &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; \
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;[OK]</div> <div>&nbsp;SAref kernel support &nbsp; \
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; \
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; [N/A]</div> \
<div>&nbsp;NETKEY: &nbsp;Testing for disabled ICMP send_redirects &nbsp; &nbsp; \
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp;[OK]</div> <div>NETKEY detected, testing for \
disabled ICMP accept_redirects &nbsp; &nbsp; [OK]</div> <div>Testing against enforced \
SElinux mode &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; \
&nbsp; &nbsp; &nbsp; [OK]</div> <div>Checking that pluto is running &nbsp; &nbsp; \
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; \
&nbsp; &nbsp; &nbsp;[OK]</div> <div>&nbsp;Pluto listening for IKE on udp 500 &nbsp; \
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; \
&nbsp; [OK]</div> <div>&nbsp;Pluto listening for NAT-T on udp 4500 &nbsp; &nbsp; \
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; \
&nbsp;[OK]</div> <div>Checking for 'ip' command &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; \
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; \
&nbsp; &nbsp; [OK]</div> <div>Checking /bin/sh is not /bin/dash &nbsp; &nbsp; &nbsp; \
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; \
[OK]</div> <div>Checking for 'iptables' command &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; \
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; \
[OK]</div> <div>Opportunistic Encryption Support &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; \
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; \
&nbsp;[DISABLED]</div> <div>+ _________________________ mii-tool</div>
<div>+ '[' -x /sbin/mii-tool ']'</div>
<div>+ /sbin/mii-tool -v</div>
<div>No interface specified</div>
<div>usage: /sbin/mii-tool [-VvRrwl] [-A media,... | -F media] &lt;interface&gt; \
...</div> <div>&nbsp; &nbsp; &nbsp; &nbsp;-V, --version &nbsp; &nbsp; &nbsp; &nbsp; \
&nbsp; &nbsp; &nbsp; display version information</div> <div>&nbsp; &nbsp; &nbsp; \
&nbsp;-v, --verbose &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; more verbose \
output</div> <div>&nbsp; &nbsp; &nbsp; &nbsp;-R, --reset &nbsp; &nbsp; &nbsp; &nbsp; \
&nbsp; &nbsp; &nbsp; &nbsp; reset MII to poweron state</div> <div>&nbsp; &nbsp; \
&nbsp; &nbsp;-r, --restart &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; restart \
autonegotiation</div> <div>&nbsp; &nbsp; &nbsp; &nbsp;-w, --watch &nbsp; &nbsp; \
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; monitor for link status changes</div> \
<div>&nbsp; &nbsp; &nbsp; &nbsp;-l, --log &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; \
&nbsp; &nbsp; &nbsp; with -w, write events to syslog</div> <div>&nbsp; &nbsp; &nbsp; \
&nbsp;-A, --advertise=media,... &nbsp; advertise only specified media</div> \
<div>&nbsp; &nbsp; &nbsp; &nbsp;-F, --force=media &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; \
force specified media technology</div> <div>media: 100baseT4, 100baseTx-FD, \
100baseTx-HD, 10baseT-FD, 10baseT-HD,</div> <div>&nbsp; &nbsp; &nbsp; &nbsp;(to \
advertise both HD and FD) 100baseTx, 10baseT</div> <div>+ _________________________ \
ipsec/directory</div> <div>+ ipsec --directory</div>
<div>/usr/libexec/ipsec</div>
<div>+ _________________________ hostname/fqdn</div>
<div>+ hostname --fqdn</div>
<div><a href="http://ks3307690.kimsufi.com/">ks3307690.kimsufi.com</a></div>
<div>+ _________________________ hostname/ipaddress</div>
<div>+ hostname --ip-address</div>
<div>179.34.222.31</div>
<div>+ _________________________ uptime</div>
<div>+ uptime</div>
<div>&nbsp;02:55:49 up &nbsp;1:09, &nbsp;2 users, &nbsp;load average: 0.06, 0.03, \
0.00</div> <div>+ _________________________ ps</div>
<div>+ ps alxwf</div>
<div>+ egrep -i 'ppid|pluto|ipsec|klips'</div>
<div>F &nbsp; UID &nbsp; PID &nbsp;PPID PRI &nbsp;NI &nbsp; &nbsp;VSZ &nbsp; RSS \
WCHAN &nbsp;STAT TTY &nbsp; &nbsp; &nbsp; &nbsp;TIME COMMAND</div> <div>4 &nbsp; \
&nbsp; 0 &nbsp;7913 &nbsp;1701 &nbsp;20 &nbsp; 0 106064 &nbsp;1480 wait &nbsp; S+ \
&nbsp; pts/0 &nbsp; &nbsp; &nbsp;0:00 &nbsp;| &nbsp; &nbsp; &nbsp; \_ /bin/sh \
/usr/libexec/ipsec/barf</div> <div>0 &nbsp; &nbsp; 0 &nbsp;7978 &nbsp;7913 &nbsp;20 \
&nbsp; 0 &nbsp; 4148 &nbsp; 672 pipe_w S+ &nbsp; pts/0 &nbsp; &nbsp; &nbsp;0:00 \
&nbsp;| &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; \_ egrep -i ppid|pluto|ipsec|klips</div> \
<div>1 &nbsp; &nbsp; 0 &nbsp;4897 &nbsp; &nbsp; 1 &nbsp;20 &nbsp; 0 &nbsp; 9192 \
&nbsp; 524 wait &nbsp; S &nbsp; &nbsp;pts/0 &nbsp; &nbsp; &nbsp;0:00 /bin/sh \
/usr/libexec/ipsec/_plutorun --debug &nbsp;--uniqueids yes --force_busy no --nocrsend \
no --strictcrlpolicy no --nat_traversal yes --keep_alive &nbsp;--protostack netkey \
--force_keepalive no --disable_port_floating no --virtual_private oe=off --listen \
&nbsp;--crlcheckinterval 0 --ocspuri &nbsp;--nhelpers &nbsp;--secctx_attr_value \
&nbsp;--dump &nbsp;--opts &nbsp;--stderrlog &nbsp;--wait no --pre &nbsp;--post \
&nbsp;--log daemon.error --plutorestartoncrash true --pid \
/var/run/pluto/pluto.pid</div> <div>1 &nbsp; &nbsp; 0 &nbsp;4899 &nbsp;4897 &nbsp;20 \
&nbsp; 0 &nbsp; 9192 &nbsp; 692 wait &nbsp; S &nbsp; &nbsp;pts/0 &nbsp; &nbsp; \
&nbsp;0:00 &nbsp;\_ /bin/sh /usr/libexec/ipsec/_plutorun --debug &nbsp;--uniqueids \
yes --force_busy no --nocrsend no --strictcrlpolicy no --nat_traversal yes \
--keep_alive &nbsp;--protostack netkey --force_keepalive no --disable_port_floating \
no --virtual_private oe=off --listen &nbsp;--crlcheckinterval 0 --ocspuri \
&nbsp;--nhelpers &nbsp;--secctx_attr_value &nbsp;--dump &nbsp;--opts \
&nbsp;--stderrlog &nbsp;--wait no --pre &nbsp;--post &nbsp;--log daemon.error \
--plutorestartoncrash true --pid /var/run/pluto/pluto.pid</div> <div>4 &nbsp; &nbsp; \
0 &nbsp;4903 &nbsp;4899 &nbsp;20 &nbsp; 0 313724 &nbsp;7860 poll_s Sl &nbsp; pts/0 \
&nbsp; &nbsp; &nbsp;0:00 &nbsp;| &nbsp; \_ /usr/libexec/ipsec/pluto --nofork \
--secretsfile /etc/ipsec.secrets --ipsecdir /etc/ipsec.d --use-netkey --uniqueids \
--nat_traversal --virtual_private oe=off</div> <div>0 &nbsp; &nbsp; 0 &nbsp;4934 \
&nbsp;4903 &nbsp;20 &nbsp; 0 &nbsp; 6080 &nbsp; 404 poll_s S &nbsp; &nbsp;pts/0 \
&nbsp; &nbsp; &nbsp;0:00 &nbsp;| &nbsp; &nbsp; &nbsp; \_ _pluto_adns</div> <div>0 \
&nbsp; &nbsp; 0 &nbsp;4900 &nbsp;4897 &nbsp;20 &nbsp; 0 &nbsp; 9192 &nbsp;1316 pipe_w \
S &nbsp; &nbsp;pts/0 &nbsp; &nbsp; &nbsp;0:00 &nbsp;\_ /bin/sh \
/usr/libexec/ipsec/_plutoload --wait no --post</div> <div>0 &nbsp; &nbsp; 0 \
&nbsp;4898 &nbsp; &nbsp; 1 &nbsp;20 &nbsp; 0 &nbsp; 4056 &nbsp; 664 pipe_w S &nbsp; \
&nbsp;pts/0 &nbsp; &nbsp; &nbsp;0:00 logger -s -p daemon.error -t \
ipsec__plutorun</div> <div>+ _________________________ ipsec/showdefaults</div>
<div>+ ipsec showdefaults</div>
<div>routephys=eth0</div>
<div>routevirt=none</div>
<div>routeaddr=179.34.222.31</div>
<div>routenexthop=178.32.223.254</div>
<div>+ _________________________ ipsec/conf</div>
<div>+ ipsec _include /etc/ipsec.conf</div>
<div>+ ipsec _keycensor</div>
<div>&nbsp;</div>
<div>#&lt; /etc/ipsec.conf 1</div>
<div># /etc/ipsec.conf - Openswan IPsec configuration file</div>
<div>#</div>
<div># Manual: &nbsp; &nbsp; ipsec.conf.5</div>
<div>#</div>
<div># Please place your own config files in /etc/ipsec.d/ ending in .conf</div>
<div>&nbsp;</div>
<div>version 2.0 &nbsp; &nbsp; # conforms to second version of ipsec.conf \
specification</div> <div>&nbsp;</div>
<div># basic configuration</div>
<div>config setup</div>
<div>&nbsp; &nbsp; &nbsp; &nbsp; # Debug-logging controls: &nbsp;"none" for (almost) \
none, "all" for lots.</div> <div>&nbsp; &nbsp; &nbsp; &nbsp; # klipsdebug=none</div>
<div>&nbsp; &nbsp; &nbsp; &nbsp; # plutodebug="control parsing"</div>
<div>&nbsp; &nbsp; &nbsp; &nbsp; # For Red Hat Enterprise Linux and Fedora, leave \
protostack=netkey</div> <div>&nbsp; &nbsp; &nbsp; &nbsp; #protostack=klips</div>
<div>&nbsp; &nbsp; &nbsp; &nbsp; interfaces=%defaultroute</div>
<div>&nbsp; &nbsp; &nbsp; &nbsp; protostack=netkey</div>
<div>&nbsp;</div>
<div>&nbsp; &nbsp; &nbsp; &nbsp; nat_traversal=yes</div>
<div>&nbsp; &nbsp; &nbsp; &nbsp; virtual_private=</div>
<div>&nbsp; &nbsp; &nbsp; &nbsp; oe=off</div>
<div>&nbsp; &nbsp; &nbsp; &nbsp; # Enable this if you see "failed to find any \
available worker"</div> <div>&nbsp; &nbsp; &nbsp; &nbsp; # nhelpers=0</div>
<div>&nbsp;</div>
<div>conn mikrotik</div>
<div>&nbsp; &nbsp; &nbsp; &nbsp; left=179.34.222.31</div>
<div>&nbsp; &nbsp; &nbsp; &nbsp; leftsubnet=<a \
href="http://192.168.1.0/24">192.168.1.0/24</a></div> <div>&nbsp; &nbsp; &nbsp; \
&nbsp; #leftnexthop=%defaultroute</div> <div>&nbsp;</div>
<div>&nbsp; &nbsp; &nbsp; &nbsp; right=82.198.121.45</div>
<div>&nbsp; &nbsp; &nbsp; &nbsp; rightsubnet=<a \
href="http://192.168.0.0/24">192.168.0.0/24</a></div> <div>&nbsp; &nbsp; &nbsp; \
&nbsp; rightnexthop=192.168.0.1</div> <div>&nbsp;</div>
<div>&nbsp; &nbsp; &nbsp; &nbsp; type=tunnel</div>
<div>&nbsp; &nbsp; &nbsp; &nbsp; authby=secret</div>
<div>&nbsp; &nbsp; &nbsp; &nbsp; auto=start</div>
<div>#You may put your configuration (.conf) file in the "/etc/ipsec.d/" and \
uncomment this.</div> <div>#include /etc/ipsec.d/*.conf</div>
<div>+ _________________________ ipsec/secrets</div>
<div>+ ipsec _include /etc/ipsec.secrets</div>
<div>+ ipsec _secretcensor</div>
<div>&nbsp;</div>
<div>#&lt; /etc/ipsec.secrets 1</div>
<div>#:cannot open configuration file \'/etc/ipsec.d/*.secrets\'</div>
<div>&nbsp;</div>
<div>#&gt; /etc/ipsec.secrets 2</div>
<div>179.34.222.31 <a href="http://82.198.121.45/">82.198.121.45</a>: PSK "[sums to \
354c...]"</div> <div>+ _________________________ ipsec/listall</div>
<div>+ ipsec auto --listall</div>
<div>000</div>
<div>000 List of Public Keys:</div>
<div>000</div>
<div>000 List of Pre-shared secrets (from /etc/ipsec.secrets)</div>
<div>000 &nbsp; &nbsp; 2: PSK 82.198.121.45 179.34.222.31</div>
<div>+ '[' /etc/ipsec.d/policies ']'</div>
<div>+ for policy in '$POLICIES/*'</div>
<div>++ basename /etc/ipsec.d/policies/block</div>
<div>+ base=block</div>
<div>+ _________________________ ipsec/policies/block</div>
<div>+ cat /etc/ipsec.d/policies/block</div>
<div># This file defines the set of CIDRs (network/mask-length) to which</div>
<div># communication should never be allowed.</div>
<div>#</div>
<div># See /usr/share/doc/openswan/policygroups.html for details.</div>
<div>#</div>
<div># $Id: <a href="http://block.in/">block.in</a>,v 1.4 2003/02/17 02:22:15 mcr Exp \
$</div> <div>#</div>
<div>&nbsp;</div>
<div>+ for policy in '$POLICIES/*'</div>
<div>++ basename /etc/ipsec.d/policies/clear</div>
<div>+ base=clear</div>
<div>+ _________________________ ipsec/policies/clear</div>
<div>+ cat /etc/ipsec.d/policies/clear</div>
<div># This file defines the set of CIDRs (network/mask-length) to which</div>
<div># communication should always be in the clear.</div>
<div>#</div>
<div># See /usr/share/doc/openswan/policygroups.html for details.</div>
<div>#</div>
<div>&nbsp;</div>
<div># root name servers should be in the clear</div>
<div><a href="http://192.58.128.30/32">192.58.128.30/32</a></div>
<div><a href="http://198.41.0.4/32">198.41.0.4/32</a></div>
<div><a href="http://192.228.79.201/32">192.228.79.201/32</a></div>
<div><a href="http://192.33.4.12/32">192.33.4.12/32</a></div>
<div><a href="http://128.8.10.90/32">128.8.10.90/32</a></div>
<div><a href="http://192.203.230.10/32">192.203.230.10/32</a></div>
<div><a href="http://192.5.5.241/32">192.5.5.241/32</a></div>
<div><a href="http://192.112.36.4/32">192.112.36.4/32</a></div>
<div><a href="http://128.63.2.53/32">128.63.2.53/32</a></div>
<div><a href="http://192.36.148.17/32">192.36.148.17/32</a></div>
<div><a href="http://193.0.14.129/32">193.0.14.129/32</a></div>
<div><a href="http://199.7.83.42/32">199.7.83.42/32</a></div>
<div><a href="http://202.12.27.33/32">202.12.27.33/32</a></div>
<div>+ for policy in '$POLICIES/*'</div>
<div>++ basename /etc/ipsec.d/policies/clear-or-private</div>
<div>+ base=clear-or-private</div>
<div>+ _________________________ ipsec/policies/clear-or-private</div>
<div>+ cat /etc/ipsec.d/policies/clear-or-private</div>
<div># This file defines the set of CIDRs (network/mask-length) to which</div>
<div># we will communicate in the clear, or, if the other side initiates IPSEC,</div>
<div># using encryption. &nbsp;This behaviour is also called "Opportunistic \
Responder".</div> <div>#</div>
<div># See /usr/share/doc/openswan/policygroups.html for details.</div>
<div>#</div>
<div># $Id: <a href="http://clear-or-private.in/">clear-or-private.in</a>,v 1.4 \
2003/02/17 02:22:15 mcr Exp $</div> <div>#</div>
<div>+ for policy in '$POLICIES/*'</div>
<div>++ basename /etc/ipsec.d/policies/private</div>
<div>+ base=private</div>
<div>+ _________________________ ipsec/policies/private</div>
<div>+ cat /etc/ipsec.d/policies/private</div>
<div># This file defines the set of CIDRs (network/mask-length) to which</div>
<div># communication should always be private (i.e. encrypted).</div>
<div># See /usr/share/doc/openswan/policygroups.html for details.</div>
<div>#</div>
<div># $Id: <a href="http://private.in/">private.in</a>,v 1.4 2003/02/17 02:22:15 mcr \
Exp $</div> <div>#</div>
<div>+ for policy in '$POLICIES/*'</div>
<div>++ basename /etc/ipsec.d/policies/private-or-clear</div>
<div>+ base=private-or-clear</div>
<div>+ _________________________ ipsec/policies/private-or-clear</div>
<div>+ cat /etc/ipsec.d/policies/private-or-clear</div>
<div># This file defines the set of CIDRs (network/mask-length) to which</div>
<div># communication should be private, if possible, but in the clear \
otherwise.</div> <div>#</div>
<div># If the target has a TXT (later IPSECKEY) record that specifies</div>
<div># authentication material, we will require private (i.e. encrypted)</div>
<div># communications. &nbsp;If no such record is found, communications will be</div>
<div># in the clear.</div>
<div>#</div>
<div># See /usr/share/doc/openswan/policygroups.html for details.</div>
<div>#</div>
<div># $Id: <a href="http://private-or-clear.in/">private-or-clear.in</a>,v 1.5 \
2003/02/17 02:22:15 mcr Exp $</div> <div>#</div>
<div>&nbsp;</div>
<div><a href="http://0.0.0.0/0">0.0.0.0/0</a></div>
<div>+ _________________________ ipsec/ls-libdir</div>
<div>+ ls -l /usr/libexec/ipsec</div>
<div>total 2676</div>
<div>-rwxr-xr-x. 1 root root &nbsp; 10592 Sep 24 &nbsp;2012 _copyright</div>
<div>-rwxr-xr-x. 1 root root &nbsp; &nbsp;2430 Sep 24 &nbsp;2012 _include</div>
<div>-rwxr-xr-x. 1 root root &nbsp; &nbsp;1475 Sep 24 &nbsp;2012 _keycensor</div>
<div>-rwxr-xr-x. 1 root root &nbsp; 14528 Sep 24 &nbsp;2012 _pluto_adns</div>
<div>-rwxr-xr-x. 1 root root &nbsp; &nbsp;2567 Sep 24 &nbsp;2012 _plutoload</div>
<div>-rwxr-xr-x. 1 root root &nbsp; &nbsp;8474 Sep 24 &nbsp;2012 _plutorun</div>
<div>-rwxr-xr-x. 1 root root &nbsp; 13671 Sep 24 &nbsp;2012 _realsetup</div>
<div>-rwxr-xr-x. 1 root root &nbsp; &nbsp;1975 Sep 24 &nbsp;2012 _secretcensor</div>
<div>-rwxr-xr-x. 1 root root &nbsp; 11507 Sep 24 &nbsp;2012 _startklips</div>
<div>-rwxr-xr-x. 1 root root &nbsp; &nbsp;6096 Sep 24 &nbsp;2012 _startnetkey</div>
<div>-rwxr-xr-x. 1 root root &nbsp; &nbsp;4923 Sep 24 &nbsp;2012 _updown</div>
<div>-rwxr-xr-x. 1 root root &nbsp; 16227 Sep 24 &nbsp;2012 _updown.klips</div>
<div>-rwxr-xr-x. 1 root root &nbsp; 16583 Sep 24 &nbsp;2012 _updown.mast</div>
<div>-rwxr-xr-x. 1 root root &nbsp; 13745 Sep 24 &nbsp;2012 _updown.netkey</div>
<div>-rwxr-xr-x. 1 root root &nbsp;226704 Sep 24 &nbsp;2012 addconn</div>
<div>-rwxr-xr-x. 1 root root &nbsp; &nbsp;6015 Sep 24 &nbsp;2012 auto</div>
<div>-rwxr-xr-x. 1 root root &nbsp; 10978 Sep 24 &nbsp;2012 barf</div>
<div>-rwxr-xr-x. 1 root root &nbsp; 93840 Sep 24 &nbsp;2012 eroute</div>
<div>-rwxr-xr-x. 1 root root &nbsp; 26736 Sep 24 &nbsp;2012 ikeping</div>
<div>-rwxr-xr-x. 1 root root &nbsp; 69552 Sep 24 &nbsp;2012 klipsdebug</div>
<div>-rwxr-xr-x. 1 root root &nbsp; &nbsp;2455 Sep 24 &nbsp;2012 look</div>
<div>-rwxr-xr-x. 1 root root &nbsp; &nbsp;2189 Sep 24 &nbsp;2012 newhostkey</div>
<div>-rwxr-xr-x. 1 root root &nbsp; 64976 Sep 24 &nbsp;2012 pf_key</div>
<div>-rwxr-xr-x. 1 root root 1093328 Sep 24 &nbsp;2012 pluto</div>
<div>-rwxr-xr-x. 1 root root &nbsp; 12349 Sep 24 &nbsp;2012 policy</div>
<div>-rwxr-xr-x. 1 root root &nbsp; 10576 Sep 24 &nbsp;2012 ranbits</div>
<div>-rwxr-xr-x. 1 root root &nbsp; 27376 Sep 24 &nbsp;2012 rsasigkey</div>
<div>-rwxr-xr-x. 1 root root &nbsp; &nbsp; 704 Sep 24 &nbsp;2012 secrets</div>
<div>lrwxrwxrwx. 1 root root &nbsp; &nbsp; &nbsp;30 May &nbsp;4 01:15 setup -&gt; \
../../../etc/rc.d/init.d/ipsec</div> <div>-rwxr-xr-x. 1 root root &nbsp; &nbsp;1126 \
Sep 24 &nbsp;2012 showdefaults</div> <div>-rwxr-xr-x. 1 root root &nbsp;267584 Sep 24 \
&nbsp;2012 showhostkey</div> <div>-rwxr-xr-x. 1 root root &nbsp; 26736 Sep 24 \
&nbsp;2012 showpolicy</div> <div>-rwxr-xr-x. 1 root root &nbsp;176552 Sep 24 \
&nbsp;2012 spi</div> <div>-rwxr-xr-x. 1 root root &nbsp; 81504 Sep 24 &nbsp;2012 \
spigrp</div> <div>-rwxr-xr-x. 1 root root &nbsp; 77032 Sep 24 &nbsp;2012 tncfg</div>
<div>-rwxr-xr-x. 1 root root &nbsp; 14828 Sep 24 &nbsp;2012 verify</div>
<div>-rwxr-xr-x. 1 root root &nbsp; 59904 Sep 24 &nbsp;2012 whack</div>
<div>+ _________________________ ipsec/ls-execdir</div>
<div>+ ls -l /usr/libexec/ipsec</div>
<div>total 2676</div>
<div>-rwxr-xr-x. 1 root root &nbsp; 10592 Sep 24 &nbsp;2012 _copyright</div>
<div>-rwxr-xr-x. 1 root root &nbsp; &nbsp;2430 Sep 24 &nbsp;2012 _include</div>
<div>-rwxr-xr-x. 1 root root &nbsp; &nbsp;1475 Sep 24 &nbsp;2012 _keycensor</div>
<div>-rwxr-xr-x. 1 root root &nbsp; 14528 Sep 24 &nbsp;2012 _pluto_adns</div>
<div>-rwxr-xr-x. 1 root root &nbsp; &nbsp;2567 Sep 24 &nbsp;2012 _plutoload</div>
<div>-rwxr-xr-x. 1 root root &nbsp; &nbsp;8474 Sep 24 &nbsp;2012 _plutorun</div>
<div>-rwxr-xr-x. 1 root root &nbsp; 13671 Sep 24 &nbsp;2012 _realsetup</div>
<div>-rwxr-xr-x. 1 root root &nbsp; &nbsp;1975 Sep 24 &nbsp;2012 _secretcensor</div>
<div>-rwxr-xr-x. 1 root root &nbsp; 11507 Sep 24 &nbsp;2012 _startklips</div>
<div>-rwxr-xr-x. 1 root root &nbsp; &nbsp;6096 Sep 24 &nbsp;2012 _startnetkey</div>
<div>-rwxr-xr-x. 1 root root &nbsp; &nbsp;4923 Sep 24 &nbsp;2012 _updown</div>
<div>-rwxr-xr-x. 1 root root &nbsp; 16227 Sep 24 &nbsp;2012 _updown.klips</div>
<div>-rwxr-xr-x. 1 root root &nbsp; 16583 Sep 24 &nbsp;2012 _updown.mast</div>
<div>-rwxr-xr-x. 1 root root &nbsp; 13745 Sep 24 &nbsp;2012 _updown.netkey</div>
<div>-rwxr-xr-x. 1 root root &nbsp;226704 Sep 24 &nbsp;2012 addconn</div>
<div>-rwxr-xr-x. 1 root root &nbsp; &nbsp;6015 Sep 24 &nbsp;2012 auto</div>
<div>-rwxr-xr-x. 1 root root &nbsp; 10978 Sep 24 &nbsp;2012 barf</div>
<div>-rwxr-xr-x. 1 root root &nbsp; 93840 Sep 24 &nbsp;2012 eroute</div>
<div>-rwxr-xr-x. 1 root root &nbsp; 26736 Sep 24 &nbsp;2012 ikeping</div>
<div>-rwxr-xr-x. 1 root root &nbsp; 69552 Sep 24 &nbsp;2012 klipsdebug</div>
<div>-rwxr-xr-x. 1 root root &nbsp; &nbsp;2455 Sep 24 &nbsp;2012 look</div>
<div>-rwxr-xr-x. 1 root root &nbsp; &nbsp;2189 Sep 24 &nbsp;2012 newhostkey</div>
<div>-rwxr-xr-x. 1 root root &nbsp; 64976 Sep 24 &nbsp;2012 pf_key</div>
<div>-rwxr-xr-x. 1 root root 1093328 Sep 24 &nbsp;2012 pluto</div>
<div>-rwxr-xr-x. 1 root root &nbsp; 12349 Sep 24 &nbsp;2012 policy</div>
<div>-rwxr-xr-x. 1 root root &nbsp; 10576 Sep 24 &nbsp;2012 ranbits</div>
<div>-rwxr-xr-x. 1 root root &nbsp; 27376 Sep 24 &nbsp;2012 rsasigkey</div>
<div>-rwxr-xr-x. 1 root root &nbsp; &nbsp; 704 Sep 24 &nbsp;2012 secrets</div>
<div>lrwxrwxrwx. 1 root root &nbsp; &nbsp; &nbsp;30 May &nbsp;4 01:15 setup -&gt; \
../../../etc/rc.d/init.d/ipsec</div> <div>-rwxr-xr-x. 1 root root &nbsp; &nbsp;1126 \
Sep 24 &nbsp;2012 showdefaults</div> <div>-rwxr-xr-x. 1 root root &nbsp;267584 Sep 24 \
&nbsp;2012 showhostkey</div> <div>-rwxr-xr-x. 1 root root &nbsp; 26736 Sep 24 \
&nbsp;2012 showpolicy</div> <div>-rwxr-xr-x. 1 root root &nbsp;176552 Sep 24 \
&nbsp;2012 spi</div> <div>-rwxr-xr-x. 1 root root &nbsp; 81504 Sep 24 &nbsp;2012 \
spigrp</div> <div>-rwxr-xr-x. 1 root root &nbsp; 77032 Sep 24 &nbsp;2012 tncfg</div>
<div>-rwxr-xr-x. 1 root root &nbsp; 14828 Sep 24 &nbsp;2012 verify</div>
<div>-rwxr-xr-x. 1 root root &nbsp; 59904 Sep 24 &nbsp;2012 whack</div>
<div>+ _________________________ /proc/net/dev</div>
<div>+ cat /proc/net/dev</div>
<div>Inter-| &nbsp; Receive &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; \
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; \
&nbsp; &nbsp; &nbsp; &nbsp;| &nbsp;Transmit</div> <div>&nbsp;face |bytes &nbsp; \
&nbsp;packets errs drop fifo frame compressed multicast|bytes &nbsp; &nbsp;packets \
errs drop fifo colls carrier compressed</div> <div>&nbsp; &nbsp; lo: &nbsp; 40474 \
&nbsp; &nbsp; 252 &nbsp; &nbsp;0 &nbsp; &nbsp;0 &nbsp; &nbsp;0 &nbsp; &nbsp; 0 &nbsp; \
&nbsp; &nbsp; &nbsp; &nbsp;0 &nbsp; &nbsp; &nbsp; &nbsp; 0 &nbsp; &nbsp;40474 &nbsp; \
&nbsp; 252 &nbsp; &nbsp;0 &nbsp; &nbsp;0 &nbsp; &nbsp;0 &nbsp; &nbsp; 0 &nbsp; &nbsp; \
&nbsp; 0 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;0</div> <div>&nbsp; eth0: 1532197 &nbsp; \
17970 &nbsp; &nbsp;0 &nbsp; &nbsp;0 &nbsp; &nbsp;0 &nbsp; &nbsp; 0 &nbsp; &nbsp; \
&nbsp; &nbsp; &nbsp;0 &nbsp; &nbsp; &nbsp; &nbsp;41 14568681 &nbsp; 48900 &nbsp; \
&nbsp;0 &nbsp; &nbsp;0 &nbsp; &nbsp;0 &nbsp; &nbsp; 0 &nbsp; &nbsp; &nbsp; 0 &nbsp; \
&nbsp; &nbsp; &nbsp; &nbsp;0</div> <div>+ _________________________ \
/proc/net/route</div> <div>+ cat /proc/net/route</div>
<div>Iface &nbsp; Destination &nbsp; &nbsp; Gateway &nbsp; &nbsp; &nbsp; &nbsp; Flags \
&nbsp; RefCnt &nbsp;Use &nbsp; &nbsp; Metric &nbsp;Mask &nbsp; &nbsp; &nbsp; &nbsp; \
&nbsp; &nbsp;MTU &nbsp; &nbsp; Window &nbsp;IRTT &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; \
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;</div> <div>eth0 &nbsp; \
&nbsp;00DF20B2 &nbsp; &nbsp; &nbsp; &nbsp;00000000 &nbsp; &nbsp; &nbsp; &nbsp;0001 \
&nbsp; &nbsp;0 &nbsp; &nbsp; &nbsp; 0 &nbsp; &nbsp; &nbsp; 0 &nbsp; &nbsp; &nbsp; \
00FFFFFF &nbsp; &nbsp; &nbsp; &nbsp;0 &nbsp; &nbsp; &nbsp; 0 &nbsp; &nbsp; &nbsp; 0 \
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; \
&nbsp;&nbsp;</div> <div>eth0 &nbsp; &nbsp;00000000 &nbsp; &nbsp; &nbsp; \
&nbsp;FEDF20B2 &nbsp; &nbsp; &nbsp; &nbsp;0003 &nbsp; &nbsp;0 &nbsp; &nbsp; &nbsp; 0 \
&nbsp; &nbsp; &nbsp; 0 &nbsp; &nbsp; &nbsp; 00000000 &nbsp; &nbsp; &nbsp; &nbsp;0 \
&nbsp; &nbsp; &nbsp; 0 &nbsp; &nbsp; &nbsp; 0 &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; \
&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;&nbsp;</div> <div>+ \
_________________________ /proc/sys/net/ipv4/ip_no_pmtu_disc</div> <div>+ cat \
/proc/sys/net/ipv4/ip_no_pmtu_disc</div> <div>0</div>
<div>+ _________________________ /proc/sys/net/ipv4/ip_forward</div>
<div>+ cat /proc/sys/net/ipv4/ip_forward</div>
<div>1</div>
<div>+ _________________________ /proc/sys/net/ipv4/tcp_ecn</div>
<div>+ cat /proc/sys/net/ipv4/tcp_ecn</div>
<div>2</div>
<div>+ _________________________ /proc/sys/net/ipv4/conf/star-rp_filter</div>
<div>+ cd /proc/sys/net/ipv4/conf</div>
<div>+ egrep '^' all/rp_filter default/rp_filter eth0/rp_filter lo/rp_filter</div>
<div>all/rp_filter:0</div>
<div>default/rp_filter:0</div>
<div>eth0/rp_filter:0</div>
<div>lo/rp_filter:0</div>
<div>+ _________________________ /proc/sys/net/ipv4/conf/star-star-redirects</div>
<div>+ cd /proc/sys/net/ipv4/conf</div>
<div>+ egrep '^' all/accept_redirects all/secure_redirects all/send_redirects \
default/accept_redirects default/secure_redirects default/send_redirects \
eth0/accept_redirects eth0/secure_redirects eth0/send_redirects lo/accept_redirects \
lo/secure_redirects lo/send_redirects</div> <div>all/accept_redirects:0</div>
<div>all/secure_redirects:1</div>
<div>all/send_redirects:0</div>
<div>default/accept_redirects:0</div>
<div>default/secure_redirects:1</div>
<div>default/send_redirects:0</div>
<div>eth0/accept_redirects:0</div>
<div>eth0/secure_redirects:1</div>
<div>eth0/send_redirects:0</div>
<div>lo/accept_redirects:0</div>
<div>lo/secure_redirects:1</div>
<div>lo/send_redirects:0</div>
<div>+ _________________________ /proc/sys/net/ipv4/tcp_window_scaling</div>
<div>+ cat /proc/sys/net/ipv4/tcp_window_scaling</div>
<div>1</div>
<div>+ _________________________ /proc/sys/net/ipv4/tcp_adv_win_scale</div>
<div>+ cat /proc/sys/net/ipv4/tcp_adv_win_scale</div>
<div>2</div>
<div>+ _________________________ uname-a</div>
<div>+ uname -a</div>
<div>Linux <a href="http://ks3307690.kimsufi.com/">ks3307690.kimsufi.com</a> \
2.6.32-358.6.1.el6.x86_64 #1 SMP Tue Apr 23 19:29:00 UTC 2013 x86_64 x86_64 x86_64 \
GNU/Linux</div> <div>+ _________________________ config-built-with</div>
<div>+ test -r /proc/config_built_with</div>
<div>+ _________________________ distro-release</div>
<div>+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release \
/etc/mandrake-release /etc/mandriva-release /etc/gentoo-release</div> <div>+ test -f \
/etc/redhat-release</div> <div>+ cat /etc/redhat-release</div>
<div>CentOS release 6.4 (Final)</div>
<div>+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release \
/etc/mandrake-release /etc/mandriva-release /etc/gentoo-release</div> <div>+ test -f \
/etc/debian-release</div> <div>+ for distro in /etc/redhat-release \
/etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release \
/etc/gentoo-release</div> <div>+ test -f /etc/SuSE-release</div>
<div>+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release \
/etc/mandrake-release /etc/mandriva-release /etc/gentoo-release</div> <div>+ test -f \
/etc/mandrake-release</div> <div>+ for distro in /etc/redhat-release \
/etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release \
/etc/gentoo-release</div> <div>+ test -f /etc/mandriva-release</div>
<div>+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release \
/etc/mandrake-release /etc/mandriva-release /etc/gentoo-release</div> <div>+ test -f \
/etc/gentoo-release</div> <div>+ _________________________ \
/proc/net/ipsec_version</div> <div>+ test -r /proc/net/ipsec_version</div>
<div>+ test -r /proc/net/pfkey</div>
<div>++ uname -r</div>
<div>+ echo 'NETKEY (2.6.32-358.6.1.el6.x86_64) support detected '</div>
<div>NETKEY (2.6.32-358.6.1.el6.x86_64) support detected</div>
<div>+ _________________________ iptables</div>
<div>+ test -r /sbin/iptables-save</div>
<div>+ iptables-save</div>
<div># Generated by iptables-save v1.4.7 on Sat May &nbsp;4 02:55:49 2013</div>
<div>*mangle</div>
<div>:PREROUTING ACCEPT [4726:242681]</div>
<div>:INPUT ACCEPT [4725:242553]</div>
<div>:FORWARD ACCEPT [0:0]</div>
<div>:OUTPUT ACCEPT [12292:3653325]</div>
<div>:POSTROUTING ACCEPT [12292:3653325]</div>
<div>COMMIT</div>
<div># Completed on Sat May &nbsp;4 02:55:49 2013</div>
<div># Generated by iptables-save v1.4.7 on Sat May &nbsp;4 02:55:49 2013</div>
<div>*nat</div>
<div>:PREROUTING ACCEPT [22:2083]</div>
<div>:POSTROUTING ACCEPT [14:1473]</div>
<div>:OUTPUT ACCEPT [221:34157]</div>
<div>-A POSTROUTING -o eth0 -j MASQUERADE</div>
<div>COMMIT</div>
<div># Completed on Sat May &nbsp;4 02:55:49 2013</div>
<div>+ _________________________ iptables-nat</div>
<div>+ iptables-save -t nat</div>
<div># Generated by iptables-save v1.4.7 on Sat May &nbsp;4 02:55:49 2013</div>
<div>*nat</div>
<div>:PREROUTING ACCEPT [22:2083]</div>
<div>:POSTROUTING ACCEPT [14:1473]</div>
<div>:OUTPUT ACCEPT [221:34157]</div>
<div>-A POSTROUTING -o eth0 -j MASQUERADE</div>
<div>COMMIT</div>
<div># Completed on Sat May &nbsp;4 02:55:49 2013</div>
<div>+ _________________________ iptables-mangle</div>
<div>+ iptables-save -t mangle</div>
<div># Generated by iptables-save v1.4.7 on Sat May &nbsp;4 02:55:49 2013</div>
<div>*mangle</div>
<div>:PREROUTING ACCEPT [4726:242681]</div>
<div>:INPUT ACCEPT [4725:242553]</div>
<div>:FORWARD ACCEPT [0:0]</div>
<div>:OUTPUT ACCEPT [12292:3653325]</div>
<div>:POSTROUTING ACCEPT [12292:3653325]</div>
<div>COMMIT</div>
<div># Completed on Sat May &nbsp;4 02:55:49 2013</div>
<div>+ _________________________ /proc/modules</div>
<div>+ test -f /proc/modules</div>
<div>+ cat /proc/modules</div>
<div>ipt_MASQUERADE 2466 1 - Live 0xffffffffa0331000</div>
<div>iptable_mangle 3349 0 - Live 0xffffffffa0326000</div>
<div>iptable_nat 6158 1 - Live 0xffffffffa03df000</div>
<div>nf_nat 22759 2 ipt_MASQUERADE,iptable_nat, Live 0xffffffffa03d4000</div>
<div>nf_conntrack_ipv4 9506 3 iptable_nat,nf_nat, Live 0xffffffffa03cd000</div>
<div>nf_defrag_ipv4 1483 1 nf_conntrack_ipv4, Live 0xffffffffa031e000</div>
<div>ip_tables 17831 2 iptable_mangle,iptable_nat, Live 0xffffffffa03c4000</div>
<div>bluetooth 99239 0 - Live 0xffffffffa03a0000</div>
<div>rfkill 19255 1 bluetooth, Live 0xffffffffa0396000</div>
<div>ah6 5191 0 - Live 0xffffffffa030a000</div>
<div>ah4 4320 0 - Live 0xffffffffa0305000</div>
<div>esp6 4979 0 - Live 0xffffffffa0300000</div>
<div>esp4 5358 2 - Live 0xffffffffa02f0000</div>
<div>xfrm4_mode_beet 2069 0 - Live 0xffffffffa02ec000</div>
<div>xfrm4_tunnel 1981 0 - Live 0xffffffffa02dc000</div>
<div>xfrm4_mode_tunnel 2002 4 - Live 0xffffffffa02d6000</div>
<div>xfrm4_mode_transport 1449 0 - Live 0xffffffffa02d0000</div>
<div>xfrm6_mode_transport 1545 0 - Live 0xffffffffa02ca000</div>
<div>xfrm6_mode_ro 1318 0 - Live 0xffffffffa02c4000</div>
<div>xfrm6_mode_beet 2020 0 - Live 0xffffffffa02bc000</div>
<div>xfrm6_mode_tunnel 1906 2 - Live 0xffffffffa02ad000</div>
<div>ipcomp 2073 0 - Live 0xffffffffa02a3000</div>
<div>ipcomp6 2138 0 - Live 0xffffffffa015a000</div>
<div>xfrm6_tunnel 7969 1 ipcomp6, Live 0xffffffffa0285000</div>
<div>af_key 29685 0 - Live 0xffffffffa026c000</div>
<div>authenc 6651 2 - Live 0xffffffffa0374000</div>
<div>deflate 2107 0 - Live 0xffffffffa0370000</div>
<div>zlib_deflate 21629 1 deflate, Live 0xffffffffa0367000</div>
<div>ctr 4063 0 - Live 0xffffffffa0363000</div>
<div>camellia 18334 0 - Live 0xffffffffa035b000</div>
<div>cast5 15242 0 - Live 0xffffffffa0354000</div>
<div>rmd160 8154 0 - Live 0xffffffffa034f000</div>
<div>crypto_null 2952 0 - Live 0xffffffffa034b000</div>
<div>ccm 8247 0 - Live 0xffffffffa0345000</div>
<div>serpent 18455 0 - Live 0xffffffffa033d000</div>
<div>blowfish 7884 0 - Live 0xffffffffa0338000</div>
<div>twofish_x86_64 5297 0 - Live 0xffffffffa0333000</div>
<div>twofish_common 14633 1 twofish_x86_64, Live 0xffffffffa032c000</div>
<div>ecb 2209 0 - Live 0xffffffffa0328000</div>
<div>xcbc 2849 0 - Live 0xffffffffa0324000</div>
<div>cbc 3083 2 - Live 0xffffffffa0320000</div>
<div>sha256_generic 10361 0 - Live 0xffffffffa031a000</div>
<div>sha512_generic 4974 0 - Live 0xffffffffa0315000</div>
<div>des_generic 16604 2 - Live 0xffffffffa030d000</div>
<div>cryptd 8006 0 - Live 0xffffffffa02fa000</div>
<div>aes_x86_64 7961 0 - Live 0xffffffffa02f5000</div>
<div>aes_generic 27609 1 aes_x86_64, Live 0xffffffffa02e2000</div>
<div>tunnel4 2943 1 xfrm4_tunnel, Live 0xffffffffa02c2000</div>
<div>xfrm_ipcomp 4610 2 ipcomp,ipcomp6, Live 0xffffffffa0275000</div>
<div>tunnel6 2714 1 xfrm6_tunnel, Live 0xffffffffa0042000</div>
<div>ip6t_REJECT 4628 2 - Live 0xffffffffa02b7000</div>
<div>nf_conntrack_ipv6 8748 2 - Live 0xffffffffa02b0000</div>
<div>nf_defrag_ipv6 11182 1 nf_conntrack_ipv6, Live 0xffffffffa02a9000</div>
<div>xt_state 1492 2 - Live 0xffffffffa015e000</div>
<div>nf_conntrack 79645 6 \
ipt_MASQUERADE,iptable_nat,nf_nat,nf_conntrack_ipv4,nf_conntrack_ipv6,xt_state, Live \
0xffffffffa0288000</div> <div>ip6table_filter 2889 1 - Live 0xffffffffa0055000</div>
<div>ip6_tables 19458 1 ip6table_filter, Live 0xffffffffa027f000</div>
<div>ipv6 321454 40 ah6,esp6,xfrm6_mode_beet,xfrm6_mode_tunnel,ipcomp6,xfrm6_tunnel,tunnel6,ip6t_REJECT,nf_conntrack_ipv6,nf_defrag_ipv6, \
Live 0xffffffffa021c000</div> <div>sg 29350 0 - Live 0xffffffffa0151000</div>
<div>serio_raw 4594 0 - Live 0xffffffffa0032000</div>
<div>i2c_i801 11167 0 - Live 0xffffffffa0019000</div>
<div>xhci_hcd 142149 0 - Live 0xffffffffa01ef000</div>
<div>iTCO_wdt 14990 0 - Live 0xffffffffa00bb000</div>
<div>iTCO_vendor_support 3088 1 iTCO_wdt, Live 0xffffffffa0037000</div>
<div>ext3 232456 2 - Live 0xffffffffa01b5000</div>
<div>jbd 79071 1 ext3, Live 0xffffffffa01a0000</div>
<div>mbcache 8193 1 ext3, Live 0xffffffffa004d000</div>
<div>raid1 31657 2 - Live 0xffffffffa00a4000</div>
<div>sd_mod 38976 8 - Live 0xffffffffa0099000</div>
<div>crc_t10dif 1541 1 sd_mod, Live 0xffffffffa0023000</div>
<div>ahci 41127 6 - Live 0xffffffffa0145000</div>
<div>e1000e 253849 0 - Live 0xffffffffa0161000</div>
<div>wmi 6287 0 - Live 0xffffffffa0016000</div>
<div>i915 537570 1 - Live 0xffffffffa00c0000</div>
<div>drm_kms_helper 40087 1 i915, Live 0xffffffffa00b0000</div>
<div>drm 265638 2 i915,drm_kms_helper, Live 0xffffffffa0057000</div>
<div>i2c_algo_bit 5935 1 i915, Live 0xffffffffa0052000</div>
<div>i2c_core 31084 5 i2c_i801,i915,drm_kms_helper,drm,i2c_algo_bit, Live \
0xffffffffa0044000</div> <div>video 20674 1 i915, Live 0xffffffffa0039000</div>
<div>output 2409 1 video, Live 0xffffffffa0035000</div>
<div>dm_mirror 14133 0 - Live 0xffffffffa002d000</div>
<div>dm_region_hash 12085 1 dm_mirror, Live 0xffffffffa0026000</div>
<div>dm_log 9930 2 dm_mirror,dm_region_hash, Live 0xffffffffa001f000</div>
<div>dm_mod 82839 2 dm_mirror,dm_log, Live 0xffffffffa0000000</div>
<div>+ _________________________ /proc/meminfo</div>
<div>+ cat /proc/meminfo</div>
<div>MemTotal: &nbsp; &nbsp; &nbsp; &nbsp;8089016 kB</div>
<div>MemFree: &nbsp; &nbsp; &nbsp; &nbsp; 7839892 kB</div>
<div>Buffers: &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;8560 kB</div>
<div>Cached: &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;61384 kB</div>
<div>SwapCached: &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;0 kB</div>
<div>Active: &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;61012 kB</div>
<div>Inactive: &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;46064 kB</div>
<div>Active(anon): &nbsp; &nbsp; &nbsp;37288 kB</div>
<div>Inactive(anon): &nbsp; &nbsp; 3540 kB</div>
<div>Active(file): &nbsp; &nbsp; &nbsp;23724 kB</div>
<div>Inactive(file): &nbsp; &nbsp;42524 kB</div>
<div>Unevictable: &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 0 kB</div>
<div>Mlocked: &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 0 kB</div>
<div>SwapTotal: &nbsp; &nbsp; &nbsp; 8386544 kB</div>
<div>SwapFree: &nbsp; &nbsp; &nbsp; &nbsp;8386544 kB</div>
<div>Dirty: &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 4 kB</div>
<div>Writeback: &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; 0 kB</div>
<div>AnonPages: &nbsp; &nbsp; &nbsp; &nbsp; 37224 kB</div>
<div>Mapped: &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;10824 kB</div>
<div>Shmem: &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;3688 kB</div>
<div>Slab: &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;64536 kB</div>
<div>SReclaimable: &nbsp; &nbsp; &nbsp;11388 kB</div>
<div>SUnreclaim: &nbsp; &nbsp; &nbsp; &nbsp;53148 kB</div>
<div>KernelStack: &nbsp; &nbsp; &nbsp; &nbsp;1104 kB</div>
<div>PageTables: &nbsp; &nbsp; &nbsp; &nbsp; 2464 kB</div>
<div>NFS_Unstable: &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;0 kB</div>
<div>Bounce: &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;0 kB</div>
<div>WritebackTmp: &nbsp; &nbsp; &nbsp; &nbsp; &nbsp;0 kB</div>
<div>CommitLimit: &nbsp; &nbsp;12431052 kB</div>
<div>Committed_AS: &nbsp; &nbsp; 191160 kB</div>
<div>VmallocTotal: &nbsp; 34359738367 kB</div>
<div>VmallocUsed: &nbsp; &nbsp; &nbsp;366072 kB</div>
<div>VmallocChunk: &nbsp; 34359366644 kB</div>
<div>HardwareCorrupted: &nbsp; &nbsp; 0 kB</div>
<div>AnonHugePages: &nbsp; &nbsp; 16384 kB</div>
<div>HugePages_Total: &nbsp; &nbsp; &nbsp; 0</div>
<div>HugePages_Free: &nbsp; &nbsp; &nbsp; &nbsp;0</div>
<div>HugePages_Rsvd: &nbsp; &nbsp; &nbsp; &nbsp;0</div>
<div>HugePages_Surp: &nbsp; &nbsp; &nbsp; &nbsp;0</div>
<div>Hugepagesize: &nbsp; &nbsp; &nbsp; 2048 kB</div>
<div>DirectMap4k: &nbsp; &nbsp; &nbsp; &nbsp;8192 kB</div>
<div>DirectMap2M: &nbsp; &nbsp; 8288256 kB</div>
<div>+ _________________________ /proc/net/ipsec-ls</div>
<div>+ test -f /proc/net/ipsec_version</div>
<div>+ _________________________ usr/src/linux/.config</div>
<div>+ test -f /proc/config.gz</div>
<div>++ uname -r</div>
<div>+ test -f /lib/modules/2.6.32-358.6.1.el6.x86_64/build/.config</div>
<div>+ echo 'no .config file found, cannot list kernel properties'</div>
<div>no .config file found, cannot list kernel properties</div>
<div>+ _________________________ etc/syslog.conf</div>
<div>+ _________________________ etc/syslog-ng/syslog-ng.conf</div>
<div>+ cat /etc/syslog-ng/syslog-ng.conf</div>
<div>cat: /etc/syslog-ng/syslog-ng.conf: No such file or directory</div>
<div>+ cat /etc/syslog.conf</div>
<div>cat: /etc/syslog.conf: No such file or directory</div>
<div>+ _________________________ etc/resolv.conf</div>
<div>+ cat /etc/resolv.conf</div>
<div>nameserver 127.0.0.1</div>
<div>nameserver 213.186.33.99</div>
<div>search <a href="http://ovh.net/">ovh.net</a></div>
<div>+ _________________________ lib/modules-ls</div>
<div>+ ls -ltr /lib/modules</div>
<div>total 8</div>
<div>drwxr-xr-x. 7 root root 4096 May &nbsp;4 01:05 2.6.32-358.6.1.el6.x86_64</div>
<div>+ _________________________ fipscheck</div>
<div>+ cat /proc/sys/crypto/fips_enabled</div>
<div>0</div>
<div>+ _________________________ /proc/ksyms-netif_rx</div>
<div>+ test -r /proc/ksyms</div>
<div>+ test -r /proc/kallsyms</div>
<div>+ egrep netif_rx /proc/kallsyms</div>
<div>ffffffff8144d2b0 T netif_rx</div>
<div>ffffffff8144d520 T netif_rx_ni</div>
<div>ffffffff814611e0 t ftrace_raw_output_netif_rx</div>
<div>ffffffff81461750 t ftrace_profile_disable_netif_rx</div>
<div>ffffffff81461770 t ftrace_raw_unreg_event_netif_rx</div>
<div>ffffffff81461e10 t ftrace_profile_enable_netif_rx</div>
<div>ffffffff81461e30 t ftrace_raw_reg_event_netif_rx</div>
<div>ffffffff81462700 t ftrace_raw_init_event_netif_rx</div>
<div>ffffffff81462e20 t ftrace_profile_netif_rx</div>
<div>ffffffff81463760 t ftrace_raw_event_netif_rx</div>
<div>ffffffff818162d2 r __tpstrtab_netif_rx</div>
<div>ffffffff81829720 r __ksymtab_netif_rx_ni</div>
<div>ffffffff81829730 r __ksymtab_netif_rx</div>
<div>ffffffff818395e8 r __kcrctab_netif_rx_ni</div>
<div>ffffffff818395f0 r __kcrctab_netif_rx</div>
<div>ffffffff81853fb4 r __kstrtab_netif_rx_ni</div>
<div>ffffffff81853fc0 r __kstrtab_netif_rx</div>
<div>ffffffff81b186a0 d ftrace_event_type_netif_rx</div>
<div>ffffffff81bcddc0 D __tracepoint_netif_rx</div>
<div>ffffffff81bf8250 d event_netif_rx</div>
<div>+ _________________________ lib/modules-netif_rx</div>
<div>+ modulegoo kernel/net/ipv4/ipip.o netif_rx</div>
<div>+ set +x</div>
<div>2.6.32-358.6.1.el6.x86_64:</div>
<div>+ _________________________ kern.debug</div>
<div>+ test -f /var/log/kern.debug</div>
<div>+ _________________________ klog</div>
<div>+ sed -n '1542,$p' /var/log/messages</div>
<div>+ egrep -i 'ipsec|klips|pluto'</div>
<div>+ case "$1" in</div>
<div>+ cat</div>
<div>May &nbsp;4 02:09:47 ks3307690 ipsec_setup: Starting Openswan IPsec \
U2.6.32/K2.6.32-358.6.1.el6.x86_64...</div> <div>May &nbsp;4 02:09:47 ks3307690 \
ipsec_setup: Using NETKEY(XFRM) stack</div> <div>May &nbsp;4 02:09:47 ks3307690 \
ipsec_setup: /usr/libexec/ipsec/addconn Non-fips mode set in \
/proc/sys/crypto/fips_enabled</div> <div>May &nbsp;4 02:09:47 ks3307690 ipsec_setup: \
...Openswan IPsec started</div> <div>May &nbsp;4 02:09:47 ks3307690 ipsec__plutorun: \
/usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled</div> \
<div>May &nbsp;4 02:09:47 ks3307690 ipsec__plutorun: adjusting ipsec.d to \
/etc/ipsec.d</div> <div>May &nbsp;4 02:09:47 ks3307690 pluto: adjusting ipsec.d to \
/etc/ipsec.d</div> <div>May &nbsp;4 02:09:47 ks3307690 ipsec__plutorun: \
/usr/libexec/ipsec/addconn Non-fips mode set in /proc/sys/crypto/fips_enabled</div> \
<div>May &nbsp;4 02:09:47 ks3307690 ipsec__plutorun: /usr/libexec/ipsec/addconn \
Non-fips mode set in /proc/sys/crypto/fips_enabled</div> <div>May &nbsp;4 02:09:47 \
ks3307690 ipsec__plutorun: 002 added connection description "mikrotik"</div> <div>May \
&nbsp;4 02:09:47 ks3307690 ipsec__plutorun: 003 no secrets filename matched \
"/etc/ipsec.d/*.secrets"</div> <div>May &nbsp;4 02:09:47 ks3307690 ipsec__plutorun: \
104 "mikrotik" #1: STATE_MAIN_I1: initiate</div> <div>+ _________________________ \
plog</div> <div>+ sed -n '889,$p' /var/log/secure</div>
<div>+ egrep -i pluto</div>
<div>+ case "$1" in</div>
<div>+ cat</div>
<div>May &nbsp;4 02:09:47 ks3307690 ipsec__plutorun: Starting Pluto \
subsystem...</div> <div>May &nbsp;4 02:09:47 ks3307690 pluto[4903]: nss directory \
plutomain: /etc/ipsec.d</div> <div>May &nbsp;4 02:09:47 ks3307690 pluto[4903]: NSS \
Initialized</div> <div>May &nbsp;4 02:09:47 ks3307690 pluto[4903]: Non-fips mode set \
in /proc/sys/crypto/fips_enabled</div> <div>May &nbsp;4 02:09:47 ks3307690 \
pluto[4903]: Starting Pluto (Openswan Version 2.6.32; Vendor ID OEhyLdACecfa) \
pid:4903</div> <div>May &nbsp;4 02:09:47 ks3307690 pluto[4903]: Non-fips mode set in \
/proc/sys/crypto/fips_enabled</div> <div>May &nbsp;4 02:09:47 ks3307690 pluto[4903]: \
LEAK_DETECTIVE support [disabled]</div> <div>May &nbsp;4 02:09:47 ks3307690 \
pluto[4903]: OCF support for IKE [disabled]</div> <div>May &nbsp;4 02:09:47 ks3307690 \
pluto[4903]: SAref support [disabled]: Protocol not available</div> <div>May &nbsp;4 \
02:09:47 ks3307690 pluto[4903]: SAbind support [disabled]: Protocol not \
available</div> <div>May &nbsp;4 02:09:47 ks3307690 pluto[4903]: NSS support \
[enabled]</div> <div>May &nbsp;4 02:09:47 ks3307690 pluto[4903]: HAVE_STATSD \
notification support not compiled in</div> <div>May &nbsp;4 02:09:47 ks3307690 \
pluto[4903]: Setting NAT-Traversal port-4500 floating to on</div> <div>May &nbsp;4 \
02:09:47 ks3307690 pluto[4903]: &nbsp; &nbsp;port floating activation criteria \
nat_t=1/port_float=1</div> <div>May &nbsp;4 02:09:47 ks3307690 pluto[4903]: &nbsp; \
&nbsp;NAT-Traversal support &nbsp;[enabled]</div> <div>May &nbsp;4 02:09:47 ks3307690 \
pluto[4903]: 1 bad entries in virtual_private - none loaded</div> <div>May &nbsp;4 \
02:09:47 ks3307690 pluto[4903]: ike_alg_register_enc(): Activating \
OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)</div> <div>May &nbsp;4 02:09:47 ks3307690 \
pluto[4903]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)</div> \
<div>May &nbsp;4 02:09:47 ks3307690 pluto[4903]: ike_alg_register_enc(): Activating \
OAKLEY_SERPENT_CBC: Ok (ret=0)</div> <div>May &nbsp;4 02:09:47 ks3307690 pluto[4903]: \
ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)</div> <div>May &nbsp;4 \
02:09:47 ks3307690 pluto[4903]: ike_alg_register_enc(): Activating \
OAKLEY_BLOWFISH_CBC: Ok (ret=0)</div> <div>May &nbsp;4 02:09:47 ks3307690 \
pluto[4903]: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)</div> \
<div>May &nbsp;4 02:09:47 ks3307690 pluto[4903]: ike_alg_register_hash(): Activating \
OAKLEY_SHA2_256: Ok (ret=0)</div> <div>May &nbsp;4 02:09:47 ks3307690 pluto[4903]: \
starting up 3 cryptographic helpers</div> <div>May &nbsp;4 02:09:47 ks3307690 \
pluto[4903]: started helper (thread) pid=140013406775040 (fd:10)</div> <div>May \
&nbsp;4 02:09:47 ks3307690 pluto[4903]: started helper (thread) pid=140013396285184 \
(fd:12)</div> <div>May &nbsp;4 02:09:47 ks3307690 pluto[4903]: started helper \
(thread) pid=140013316601600 (fd:14)</div> <div>May &nbsp;4 02:09:47 ks3307690 \
pluto[4903]: Using Linux 2.6 IPsec interface code on 2.6.32-358.6.1.el6.x86_64 \
(experimental code)</div> <div>May &nbsp;4 02:09:47 ks3307690 pluto[4903]: \
ike_alg_register_enc(): Activating aes_ccm_8: Ok (ret=0)</div> <div>May &nbsp;4 \
02:09:47 ks3307690 pluto[4903]: ike_alg_add(): ERROR: Algorithm already exists</div> \
<div>May &nbsp;4 02:09:47 ks3307690 pluto[4903]: ike_alg_register_enc(): Activating \
aes_ccm_12: FAILED (ret=-17)</div> <div>May &nbsp;4 02:09:47 ks3307690 pluto[4903]: \
ike_alg_add(): ERROR: Algorithm already exists</div> <div>May &nbsp;4 02:09:47 \
ks3307690 pluto[4903]: ike_alg_register_enc(): Activating aes_ccm_16: FAILED \
(ret=-17)</div> <div>May &nbsp;4 02:09:47 ks3307690 pluto[4903]: ike_alg_add(): \
ERROR: Algorithm already exists</div> <div>May &nbsp;4 02:09:47 ks3307690 \
pluto[4903]: ike_alg_register_enc(): Activating aes_gcm_8: FAILED (ret=-17)</div> \
<div>May &nbsp;4 02:09:47 ks3307690 pluto[4903]: ike_alg_add(): ERROR: Algorithm \
already exists</div> <div>May &nbsp;4 02:09:47 ks3307690 pluto[4903]: \
ike_alg_register_enc(): Activating aes_gcm_12: FAILED (ret=-17)</div> <div>May \
&nbsp;4 02:09:47 ks3307690 pluto[4903]: ike_alg_add(): ERROR: Algorithm already \
exists</div> <div>May &nbsp;4 02:09:47 ks3307690 pluto[4903]: ike_alg_register_enc(): \
Activating aes_gcm_16: FAILED (ret=-17)</div> <div>May &nbsp;4 02:09:47 ks3307690 \
pluto[4903]: Could not change to directory '/etc/ipsec.d/cacerts': /</div> <div>May \
&nbsp;4 02:09:47 ks3307690 pluto[4903]: Could not change to directory \
'/etc/ipsec.d/aacerts': /</div> <div>May &nbsp;4 02:09:47 ks3307690 pluto[4903]: \
Could not change to directory '/etc/ipsec.d/ocspcerts': /</div> <div>May &nbsp;4 \
02:09:47 ks3307690 pluto[4903]: Could not change to directory \
'/etc/ipsec.d/crls'</div> <div>May &nbsp;4 02:09:47 ks3307690 pluto[4903]: | selinux \
support is enabled.</div> <div>May &nbsp;4 02:09:47 ks3307690 pluto[4903]: added \
connection description "mikrotik"</div> <div>May &nbsp;4 02:09:47 ks3307690 \
pluto[4903]: listening for IKE messages</div> <div>May &nbsp;4 02:09:47 ks3307690 \
pluto[4903]: adding interface eth0/eth0 <a \
href="http://179.34.222.31:500/">179.34.222.31:500</a></div> <div>May &nbsp;4 \
02:09:47 ks3307690 pluto[4903]: adding interface eth0/eth0 <a \
href="http://179.34.222.31:4500/">179.34.222.31:4500</a></div> <div>May &nbsp;4 \
02:09:47 ks3307690 pluto[4903]: adding interface lo/lo <a \
href="http://127.0.0.1:500/">127.0.0.1:500</a></div> <div>May &nbsp;4 02:09:47 \
ks3307690 pluto[4903]: adding interface lo/lo <a \
href="http://127.0.0.1:4500/">127.0.0.1:4500</a></div> <div>May &nbsp;4 02:09:47 \
ks3307690 pluto[4903]: adding interface lo/lo ::1:500</div> <div>May &nbsp;4 02:09:47 \
ks3307690 pluto[4903]: adding interface eth0/eth0 2001:41d0:8:e242::1:500</div> \
<div>May &nbsp;4 02:09:47 ks3307690 pluto[4903]: loading secrets from \
"/etc/ipsec.secrets"</div> <div>May &nbsp;4 02:09:47 ks3307690 pluto[4903]: no \
secrets filename matched "/etc/ipsec.d/*.secrets"</div> <div>May &nbsp;4 02:09:47 \
ks3307690 pluto[4903]: "mikrotik" #1: initiating Main Mode</div> <div>May &nbsp;4 \
02:09:47 ks3307690 pluto[4903]: "mikrotik" #1: received Vendor ID payload [Dead Peer \
Detection]</div> <div>May &nbsp;4 02:09:47 ks3307690 pluto[4903]: "mikrotik" #1: \
transition from state STATE_MAIN_I1 to state STATE_MAIN_I2</div> <div>May &nbsp;4 \
02:09:47 ks3307690 pluto[4903]: "mikrotik" #1: STATE_MAIN_I2: sent MI2, expecting \
MR2</div> <div>May &nbsp;4 02:09:48 ks3307690 pluto[4903]: "mikrotik" #1: transition \
from state STATE_MAIN_I2 to state STATE_MAIN_I3</div> <div>May &nbsp;4 02:09:48 \
ks3307690 pluto[4903]: "mikrotik" #1: STATE_MAIN_I3: sent MI3, expecting MR3</div> \
<div>May &nbsp;4 02:09:48 ks3307690 pluto[4903]: "mikrotik" #1: next payload type of \
ISAKMP Hash Payload has an unknown value: 184</div> <div>May &nbsp;4 02:09:48 \
ks3307690 pluto[4903]: "mikrotik" #1: malformed payload in packet</div> <div>May \
&nbsp;4 02:09:48 ks3307690 pluto[4903]: | payload malformed after IV</div> <div>May \
&nbsp;4 02:09:48 ks3307690 pluto[4903]: | &nbsp; d5 e9 80 46 &nbsp;c0 88 41 e9</div> \
<div>May &nbsp;4 02:09:48 ks3307690 pluto[4903]: "mikrotik" #1: sending notification \
PAYLOAD_MALFORMED to <a href="http://82.198.121.45:500/">82.198.121.45:500</a></div> \
<div>May &nbsp;4 02:09:48 ks3307690 pluto[4903]: "mikrotik" #1: byte 2 of ISAKMP Hash \
Payload must be zero, but is not</div> <div>May &nbsp;4 02:09:48 ks3307690 \
pluto[4903]: "mikrotik" #1: malformed payload in packet</div> <div>May &nbsp;4 \
02:09:48 ks3307690 pluto[4903]: "mikrotik" #1: Main mode peer ID is ID_IPV4_ADDR: \
'82.198.121.45'</div> <div>May &nbsp;4 02:09:48 ks3307690 pluto[4903]: "mikrotik" #1: \
transition from state STATE_MAIN_I3 to state STATE_MAIN_I4</div> <div>May &nbsp;4 \
02:09:48 ks3307690 pluto[4903]: "mikrotik" #1: STATE_MAIN_I4: ISAKMP SA established \
{auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha \
group=modp1024}</div> <div>May &nbsp;4 02:09:48 ks3307690 pluto[4903]: "mikrotik" #2: \
initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW+SAREFTRACK {using isakmp#1 \
msgid:121009cf proposal=defaults pfsgroup=OAKLEY_GROUP_MODP1024}</div> <div>May \
&nbsp;4 02:09:48 ks3307690 pluto[4903]: "mikrotik" #2: transition from state \
STATE_QUICK_I1 to state STATE_QUICK_I2</div> <div>May &nbsp;4 02:09:48 ks3307690 \
pluto[4903]: "mikrotik" #2: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel \
mode {ESP=&gt;0x08ab66a0 &lt;0xc0d22436 xfrm=3DES_0-HMAC_SHA1 NATOA=none NATD=none \
DPD=none}</div> <div>May &nbsp;4 02:10:08 ks3307690 pluto[4903]: "mikrotik" #3: \
initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW+SAREFTRACK {using isakmp#1 \
msgid:8eb8d24a proposal=defaults pfsgroup=OAKLEY_GROUP_MODP1024}</div> <div>May \
&nbsp;4 02:10:08 ks3307690 pluto[4903]: "mikrotik" #3: transition from state \
STATE_QUICK_I1 to state STATE_QUICK_I2</div> <div>May &nbsp;4 02:10:08 ks3307690 \
pluto[4903]: "mikrotik" #3: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel \
mode {ESP=&gt;0x03d0e567 &lt;0x8b2ece14 xfrm=3DES_0-HMAC_SHA1 NATOA=none NATD=none \
DPD=none}</div> <div>May &nbsp;4 02:48:10 ks3307690 pluto[4903]: "mikrotik": \
terminating SAs using this connection</div> <div>May &nbsp;4 02:48:10 ks3307690 \
pluto[4903]: "mikrotik" #3: deleting state (STATE_QUICK_I2)</div> <div>May &nbsp;4 \
02:48:10 ks3307690 pluto[4903]: "mikrotik" #2: deleting state (STATE_QUICK_I2)</div> \
<div>May &nbsp;4 02:48:10 ks3307690 pluto[4903]: "mikrotik" #1: deleting state \
(STATE_MAIN_I4)</div> <div>May &nbsp;4 02:48:18 ks3307690 pluto[4903]: "mikrotik" #4: \
initiating Main Mode</div> <div>May &nbsp;4 02:48:18 ks3307690 pluto[4903]: \
"mikrotik" #4: received Vendor ID payload [Dead Peer Detection]</div> <div>May \
&nbsp;4 02:48:18 ks3307690 pluto[4903]: "mikrotik" #4: transition from state \
STATE_MAIN_I1 to state STATE_MAIN_I2</div> <div>May &nbsp;4 02:48:18 ks3307690 \
pluto[4903]: "mikrotik" #4: STATE_MAIN_I2: sent MI2, expecting MR2</div> <div>May \
&nbsp;4 02:48:18 ks3307690 pluto[4903]: "mikrotik" #4: transition from state \
STATE_MAIN_I2 to state STATE_MAIN_I3</div> <div>May &nbsp;4 02:48:18 ks3307690 \
pluto[4903]: "mikrotik" #4: STATE_MAIN_I3: sent MI3, expecting MR3</div> <div>May \
&nbsp;4 02:48:19 ks3307690 pluto[4903]: "mikrotik" #4: Main mode peer ID is \
ID_IPV4_ADDR: '82.198.121.45'</div> <div>May &nbsp;4 02:48:19 ks3307690 pluto[4903]: \
"mikrotik" #4: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4</div> \
<div>May &nbsp;4 02:48:19 ks3307690 pluto[4903]: "mikrotik" #4: STATE_MAIN_I4: ISAKMP \
SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha \
group=modp1024}</div> <div>May &nbsp;4 02:48:19 ks3307690 pluto[4903]: "mikrotik" #5: \
initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW+SAREFTRACK {using isakmp#4 \
msgid:3eac258b proposal=defaults pfsgroup=OAKLEY_GROUP_MODP1024}</div> <div>May \
&nbsp;4 02:48:19 ks3307690 pluto[4903]: "mikrotik" #5: transition from state \
STATE_QUICK_I1 to state STATE_QUICK_I2</div> <div>May &nbsp;4 02:48:19 ks3307690 \
pluto[4903]: "mikrotik" #5: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel \
mode {ESP=&gt;0x06fb8921 &lt;0x112666f8 xfrm=3DES_0-HMAC_SHA1 NATOA=none NATD=none \
DPD=none}</div> <div>May &nbsp;4 02:50:11 ks3307690 pluto[4903]: "mikrotik": deleting \
connection</div> <div>May &nbsp;4 02:50:11 ks3307690 pluto[4903]: "mikrotik" #5: \
deleting state (STATE_QUICK_I2)</div> <div>May &nbsp;4 02:50:11 ks3307690 \
pluto[4903]: "mikrotik" #4: deleting state (STATE_MAIN_I4)</div> <div>May &nbsp;4 \
02:50:11 ks3307690 pluto[4903]: added connection description "mikrotik"</div> \
<div>May &nbsp;4 02:50:19 ks3307690 pluto[4903]: "mikrotik" #6: initiating Main \
Mode</div> <div>May &nbsp;4 02:50:20 ks3307690 pluto[4903]: "mikrotik" #6: received \
Vendor ID payload [Dead Peer Detection]</div> <div>May &nbsp;4 02:50:20 ks3307690 \
pluto[4903]: "mikrotik" #6: transition from state STATE_MAIN_I1 to state \
STATE_MAIN_I2</div> <div>May &nbsp;4 02:50:20 ks3307690 pluto[4903]: "mikrotik" #6: \
STATE_MAIN_I2: sent MI2, expecting MR2</div> <div>May &nbsp;4 02:50:20 ks3307690 \
pluto[4903]: "mikrotik" #6: transition from state STATE_MAIN_I2 to state \
STATE_MAIN_I3</div> <div>May &nbsp;4 02:50:20 ks3307690 pluto[4903]: "mikrotik" #6: \
STATE_MAIN_I3: sent MI3, expecting MR3</div> <div>May &nbsp;4 02:50:20 ks3307690 \
pluto[4903]: "mikrotik" #6: Main mode peer ID is ID_IPV4_ADDR: '82.198.121.45'</div> \
<div>May &nbsp;4 02:50:20 ks3307690 pluto[4903]: "mikrotik" #6: transition from state \
STATE_MAIN_I3 to state STATE_MAIN_I4</div> <div>May &nbsp;4 02:50:20 ks3307690 \
pluto[4903]: "mikrotik" #6: STATE_MAIN_I4: ISAKMP SA established \
{auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_sha \
group=modp1024}</div> <div>May &nbsp;4 02:50:20 ks3307690 pluto[4903]: "mikrotik" #7: \
initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW+SAREFTRACK {using isakmp#6 \
msgid:aae4f37f proposal=defaults pfsgroup=OAKLEY_GROUP_MODP1024}</div> <div>May \
&nbsp;4 02:50:20 ks3307690 pluto[4903]: "mikrotik" #7: transition from state \
STATE_QUICK_I1 to state STATE_QUICK_I2</div> <div>May &nbsp;4 02:50:20 ks3307690 \
pluto[4903]: "mikrotik" #7: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel \
mode {ESP=&gt;0x01eea26a &lt;0x743427d2 xfrm=3DES_0-HMAC_SHA1 NATOA=none NATD=none \
DPD=none}</div> <div>+ _________________________ date</div>
<div>+ date</div>
<div>Sat May &nbsp;4 02:55:49 CEST 2013</div>
<div>&nbsp;</div>
<div>&nbsp;</div>
<div>Is it possible to solve this problem?</div>
<div>Thanks in advance.</div>
</div>
</div>
</div>
</div>
<br /><br /></div>
</div>
<br /><!-- html ignored --><br />
<pre>_______________________________________________
<a href="mailto:Users@lists.openswan.org">Users@lists.openswan.org</a>
<a href="https://lists.openswan.org/mailman/listinfo/users">https://lists.openswan.org/mailman/listinfo/users</a>
                
Micropayments: <a href="https://flattr.com/thing/38387/IPsec-for-Linux-made-easy">https://flattr.com/thing/38387/IPsec-for-Linux-made-easy</a>
 Building and Integrating Virtual Private Networks with Openswan:
<a href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155</a>
 </pre>
</blockquote>
</body></html>



[prev in list] [next in list] [prev in thread] [next in thread]