blackhole Tue Feb 23 20:04:44 EST 2010 + _________________________ version + ipsec --version Linux Openswan U2.6.master-201008.git-g6cebcb2a-dirty/K2.6.26-2-amd64 (netkey) See `ipsec --copyright' for copyright information. + _________________________ /proc/version + cat /proc/version Linux version 2.6.26-2-amd64 (Debian 2.6.26-21lenny3) (dannf@debian.org) (gcc version 4.1.3 20080704 (prerelease) (Debian 4.1.2-25)) #1 SMP Thu Feb 11 00:59:32 UTC 2010 + _________________________ /proc/net/ipsec_eroute + test -r /proc/net/ipsec_eroute + _________________________ netstat-rn + netstat -nr + head -n 100 Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br0 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 br0 + _________________________ /proc/net/ipsec_spi + test -r /proc/net/ipsec_spi + _________________________ /proc/net/ipsec_spigrp + test -r /proc/net/ipsec_spigrp + _________________________ /proc/net/ipsec_tncfg + test -r /proc/net/ipsec_tncfg + _________________________ /proc/net/pfkey + test -r /proc/net/pfkey + cat /proc/net/pfkey sk RefCnt Rmem Wmem User Inode + _________________________ ip-xfrm-state + ip xfrm state src 192.168.1.3 dst 64.34.173.20 proto esp spi 0xde1a974f reqid 16385 mode transport replay-window 32 auth hmac(sha1) 0x07b9faa212b57efb386071aa8cdbfbd3437ef00a enc cbc(aes) 0x5e9eb3742333ab7c4bf1cd3eacab85b7 encap type espinudp sport 4500 dport 4500 addr 0.0.0.0 sel src 0.0.0.0/0 dst 0.0.0.0/0 src 64.34.173.20 dst 192.168.1.3 proto esp spi 0xb24174fc reqid 16385 mode transport replay-window 32 auth hmac(sha1) 0xe6dbdff962d5e5a1b284a0ef20c3f5ace4fc2a83 enc cbc(aes) 0x239eb4732fcefd038c93bf1d8a770bee encap type espinudp sport 4500 dport 4500 addr 0.0.0.0 sel src 0.0.0.0/0 dst 0.0.0.0/0 + _________________________ ip-xfrm-policy + ip xfrm policy src 64.34.173.20/32 dst 192.168.1.3/32 proto udp sport 1701 dport 1701 dir in priority 2080 tmpl src 0.0.0.0 dst 0.0.0.0 proto esp reqid 16385 mode transport src 192.168.1.3/32 dst 64.34.173.20/32 proto udp sport 1701 dport 1701 dir out priority 2080 tmpl src 0.0.0.0 dst 0.0.0.0 proto esp reqid 16385 mode transport + _________________________ /proc/crypto + test -r /proc/crypto + cat /proc/crypto name : authenc(hmac(sha1),cbc(aes)) driver : authenc(hmac(sha1-generic),cbc(aes-asm)) module : authenc priority : 2000 refcnt : 3 type : aead async : yes blocksize : 16 ivsize : 16 maxauthsize : 20 geniv : name : cbc(aes) driver : cbc(aes-asm) module : crypto_blkcipher priority : 200 refcnt : 3 type : givcipher async : yes blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 16 geniv : chainiv name : sha512 driver : sha512-generic module : sha512_generic priority : 0 refcnt : 1 type : digest blocksize : 128 digestsize : 64 name : sha384 driver : sha384-generic module : sha512_generic priority : 0 refcnt : 1 type : digest blocksize : 128 digestsize : 48 name : deflate driver : deflate-generic module : deflate priority : 0 refcnt : 1 type : compression name : rfc3686(ctr(aes)) driver : rfc3686(ctr(aes-asm)) module : ctr priority : 200 refcnt : 1 type : blkcipher blocksize : 1 min keysize : 20 max keysize : 36 ivsize : 8 geniv : seqiv name : ctr(aes) driver : ctr(aes-asm) module : ctr priority : 200 refcnt : 1 type : blkcipher blocksize : 1 min keysize : 16 max keysize : 32 ivsize : 16 geniv : name : cbc(twofish) driver : cbc(twofish-generic) module : cbc priority : 100 refcnt : 1 type : blkcipher blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 16 geniv : name : twofish driver : twofish-generic module : twofish priority : 100 refcnt : 1 type : cipher blocksize : 16 min keysize : 16 max keysize : 32 name : cbc(camellia) driver : cbc(camellia-generic) module : cbc priority : 100 refcnt : 1 type : blkcipher blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 16 geniv : name : camellia driver : camellia-generic module : camellia priority : 100 refcnt : 1 type : cipher blocksize : 16 min keysize : 16 max keysize : 32 name : cbc(serpent) driver : cbc(serpent-generic) module : cbc priority : 0 refcnt : 1 type : blkcipher blocksize : 16 min keysize : 0 max keysize : 32 ivsize : 16 geniv : name : tnepres driver : tnepres-generic module : serpent priority : 0 refcnt : 1 type : cipher blocksize : 16 min keysize : 0 max keysize : 32 name : serpent driver : serpent-generic module : serpent priority : 0 refcnt : 1 type : cipher blocksize : 16 min keysize : 0 max keysize : 32 name : cbc(aes) driver : cbc(aes-asm) module : cbc priority : 200 refcnt : 3 type : blkcipher blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 16 geniv : name : cbc(blowfish) driver : cbc(blowfish-generic) module : cbc priority : 0 refcnt : 1 type : blkcipher blocksize : 8 min keysize : 4 max keysize : 56 ivsize : 8 geniv : name : blowfish driver : blowfish-generic module : blowfish priority : 0 refcnt : 1 type : cipher blocksize : 8 min keysize : 4 max keysize : 56 name : cbc(des3_ede) driver : cbc(des3_ede-generic) module : cbc priority : 0 refcnt : 1 type : blkcipher blocksize : 8 min keysize : 24 max keysize : 24 ivsize : 8 geniv : name : cbc(des) driver : cbc(des-generic) module : cbc priority : 0 refcnt : 1 type : blkcipher blocksize : 8 min keysize : 8 max keysize : 8 ivsize : 8 geniv : name : des3_ede driver : des3_ede-generic module : des_generic priority : 0 refcnt : 1 type : cipher blocksize : 8 min keysize : 24 max keysize : 24 name : des driver : des-generic module : des_generic priority : 0 refcnt : 1 type : cipher blocksize : 8 min keysize : 8 max keysize : 8 name : xcbc(aes) driver : xcbc(aes-asm) module : xcbc priority : 200 refcnt : 1 type : hash blocksize : 16 digestsize : 16 name : aes driver : aes-asm module : aes_x86_64 priority : 200 refcnt : 3 type : cipher blocksize : 16 min keysize : 16 max keysize : 32 name : aes driver : aes-generic module : aes_generic priority : 100 refcnt : 1 type : cipher blocksize : 16 min keysize : 16 max keysize : 32 name : hmac(sha256) driver : hmac(sha256-generic) module : kernel priority : 0 refcnt : 1 type : hash blocksize : 64 digestsize : 32 name : sha256 driver : sha256-generic module : sha256_generic priority : 0 refcnt : 1 type : digest blocksize : 64 digestsize : 32 name : sha224 driver : sha224-generic module : sha256_generic priority : 0 refcnt : 1 type : digest blocksize : 64 digestsize : 28 name : hmac(sha1) driver : hmac(sha1-generic) module : kernel priority : 0 refcnt : 3 type : hash blocksize : 64 digestsize : 20 name : sha1 driver : sha1-generic module : sha1_generic priority : 0 refcnt : 3 type : digest blocksize : 64 digestsize : 20 name : hmac(md5) driver : hmac(md5-generic) module : kernel priority : 0 refcnt : 1 type : hash blocksize : 64 digestsize : 16 name : compress_null driver : compress_null-generic module : crypto_null priority : 0 refcnt : 1 type : compression name : digest_null driver : digest_null-generic module : crypto_null priority : 0 refcnt : 1 type : digest blocksize : 1 digestsize : 0 name : ecb(cipher_null) driver : ecb-cipher_null module : crypto_null priority : 100 refcnt : 1 type : blkcipher blocksize : 1 min keysize : 0 max keysize : 0 ivsize : 0 geniv : name : cipher_null driver : cipher_null-generic module : crypto_null priority : 0 refcnt : 1 type : cipher blocksize : 1 min keysize : 0 max keysize : 0 name : md5 driver : md5-generic module : kernel priority : 0 refcnt : 1 type : digest blocksize : 64 digestsize : 16 + __________________________/proc/sys/net/core/xfrm-star /usr/lib/ipsec/barf: line 191: __________________________/proc/sys/net/core/xfrm-star: No such file or directory + for i in '/proc/sys/net/core/xfrm_*' + echo -n '/proc/sys/net/core/xfrm_acq_expires: ' /proc/sys/net/core/xfrm_acq_expires: + cat /proc/sys/net/core/xfrm_acq_expires 30 + for i in '/proc/sys/net/core/xfrm_*' + echo -n '/proc/sys/net/core/xfrm_aevent_etime: ' /proc/sys/net/core/xfrm_aevent_etime: + cat /proc/sys/net/core/xfrm_aevent_etime 10 + for i in '/proc/sys/net/core/xfrm_*' + echo -n '/proc/sys/net/core/xfrm_aevent_rseqth: ' /proc/sys/net/core/xfrm_aevent_rseqth: + cat /proc/sys/net/core/xfrm_aevent_rseqth 2 + for i in '/proc/sys/net/core/xfrm_*' + echo -n '/proc/sys/net/core/xfrm_larval_drop: ' /proc/sys/net/core/xfrm_larval_drop: + cat /proc/sys/net/core/xfrm_larval_drop 0 + _________________________ /proc/sys/net/ipsec-star + test -d /proc/sys/net/ipsec + _________________________ ipsec/status + ipsec auto --status 000 using kernel interface: netkey 000 interface lo/lo ::1 000 interface lo/lo 127.0.0.1 000 interface lo/lo 127.0.0.1 000 interface br0/br0 192.168.1.3 000 interface br0/br0 192.168.1.3 000 %myid = (none) 000 debug none 000 000 virtual_private (%priv): 000 - allowed 0 subnets: 000 - disallowed 0 subnets: 000 WARNING: Either virtual_private= was not specified, or there was a syntax 000 error in that line. 'left/rightsubnet=%priv' will not work! 000 000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64, keysizemax=64 000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192, keysizemax=192 000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8, keysizemin=40, keysizemax=448 000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0, keysizemax=0 000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: id=13, name=ESP_AES_CTR, ivlen=8, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: id=14, name=ESP_AES_CCM_A, ivlen=8, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: id=15, name=ESP_AES_CCM_B, ivlen=8, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: id=16, name=ESP_AES_CCM_C, ivlen=8, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: id=18, name=ESP_AES_GCM_A, ivlen=8, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: id=19, name=ESP_AES_GCM_B, ivlen=8, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: id=20, name=ESP_AES_GCM_C, ivlen=8, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: id=22, name=ESP_CAMELLIA, ivlen=8, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8, keysizemin=128, keysizemax=256 000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128 000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160 000 algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256, keysizemin=256, keysizemax=256 000 algorithm ESP auth attr: id=9, name=AUTH_ALGORITHM_AES_CBC, keysizemin=128, keysizemax=128 000 algorithm ESP auth attr: id=251, name=(null), keysizemin=0, keysizemax=0 000 000 algorithm IKE encrypt: id=0, name=(null), blocksize=16, keydeflen=131 000 algorithm IKE encrypt: id=3, name=OAKLEY_BLOWFISH_CBC, blocksize=8, keydeflen=128 000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8, keydeflen=192 000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16, keydeflen=128 000 algorithm IKE encrypt: id=65004, name=OAKLEY_SERPENT_CBC, blocksize=16, keydeflen=128 000 algorithm IKE encrypt: id=65005, name=OAKLEY_TWOFISH_CBC, blocksize=16, keydeflen=128 000 algorithm IKE encrypt: id=65289, name=OAKLEY_TWOFISH_CBC_SSH, blocksize=16, keydeflen=128 000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16 000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20 000 algorithm IKE hash: id=4, name=OAKLEY_SHA2_256, hashsize=32 000 algorithm IKE hash: id=6, name=OAKLEY_SHA2_512, hashsize=64 000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024 000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536 000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048 000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072 000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096 000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144 000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192 000 000 stats db_ops: {curr_cnt, total_cnt, maxsz} :context={0,0,0} trans={0,0,0} attrs={0,0,0} 000 000 "wonderproxy-client": 192.168.1.3[+S=C]:17/1701...64.34.173.20<64.34.173.20>[+S=C]:17/1701; erouted; eroute owner: #2 000 "wonderproxy-client": myip=unset; hisip=unset; 000 "wonderproxy-client": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3 000 "wonderproxy-client": policy: PSK+ENCRYPT+UP+IKEv2ALLOW+lKOD+rKOD; prio: 32,32; interface: br0; 000 "wonderproxy-client": newest ISAKMP SA: #1; newest IPsec SA: #2; 000 "wonderproxy-client": IKE algorithm newest: AES_CBC_128-SHA1-MODP2048 000 000 #2: "wonderproxy-client":4500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 28090s; newest IPSEC; eroute owner; isakmp#1; idle; import:admin initiate 000 #2: "wonderproxy-client" esp.de1a974f@64.34.173.20 esp.b24174fc@192.168.1.3 ref=0 refhim=4294901761 000 #1: "wonderproxy-client":4500 STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 2678s; newest ISAKMP; lastdpd=-1s(seq in:0 out:0); idle; import:admin initiate 000 + _________________________ ifconfig-a + ifconfig -a br0 Link encap:Ethernet HWaddr 00:1e:8c:6d:0a:af inet addr:192.168.1.3 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::21e:8cff:fe6d:aaf/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:237948 errors:0 dropped:0 overruns:0 frame:0 TX packets:116789 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:335834349 (320.2 MiB) TX bytes:10258547 (9.7 MiB) eth0 Link encap:Ethernet HWaddr 00:1e:8c:6d:0a:af UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B) Interrupt:252 Base address:0xe000 eth1 Link encap:Ethernet HWaddr 00:1e:8c:6d:35:a7 inet6 addr: fe80::21e:8cff:fe6d:35a7/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:237960 errors:0 dropped:0 overruns:0 frame:0 TX packets:116787 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:339172506 (323.4 MiB) TX bytes:10733791 (10.2 MiB) Interrupt:253 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:64 errors:0 dropped:0 overruns:0 frame:0 TX packets:64 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:3920 (3.8 KiB) TX bytes:3920 (3.8 KiB) + _________________________ ip-addr-list + ip addr list 1: lo: mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: mtu 1500 qdisc pfifo_fast state DOWN qlen 1000 link/ether 00:1e:8c:6d:0a:af brd ff:ff:ff:ff:ff:ff 3: eth1: mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000 link/ether 00:1e:8c:6d:35:a7 brd ff:ff:ff:ff:ff:ff inet6 fe80::21e:8cff:fe6d:35a7/64 scope link valid_lft forever preferred_lft forever 4: br0: mtu 1500 qdisc noqueue state UNKNOWN link/ether 00:1e:8c:6d:0a:af brd ff:ff:ff:ff:ff:ff inet 192.168.1.3/24 brd 192.168.1.255 scope global br0 inet6 fe80::21e:8cff:fe6d:aaf/64 scope link valid_lft forever preferred_lft forever + _________________________ ip-route-list + ip route list 192.168.1.0/24 dev br0 proto kernel scope link src 192.168.1.3 default via 192.168.1.1 dev br0 + _________________________ ip-rule-list + ip rule list 0: from all lookup local 32766: from all lookup main 32767: from all lookup default + _________________________ ipsec_verify + ipsec verify --nocolour Checking your system to see if IPsec got installed and started correctly: Version check and ipsec on-path [OK] Linux Openswan U2.6.master-201008.git-g6cebcb2a-dirty/K2.6.26-2-amd64 (netkey) Checking for IPsec support in kernel [OK] NETKEY detected, testing for disabled ICMP send_redirects [OK] NETKEY detected, testing for disabled ICMP accept_redirects [OK] Checking for RSA private key (/etc/ipsec.secrets) [OK] Checking that pluto is running [OK] Pluto listening for IKE on udp 500 [OK] Pluto listening for NAT-T on udp 4500 [OK] Two or more interfaces found, checking IP forwarding [OK] Checking NAT and MASQUERADEing [OK] Checking for 'ip' command [OK] Checking for 'iptables' command [OK] Opportunistic Encryption Support [DISABLED] + _________________________ mii-tool + '[' -x /sbin/mii-tool ']' + /sbin/mii-tool -v SIOCGMIIPHY on 'eth0' failed: Operation not supported SIOCGMIIPHY on 'eth1' failed: Operation not supported no MII interfaces found + _________________________ ipsec/directory + ipsec --directory /usr/lib/ipsec + _________________________ hostname/fqdn + hostname --fqdn blackhole.roberts.lan + _________________________ hostname/ipaddress + hostname --ip-address 192.168.1.3 + _________________________ uptime + uptime 20:04:44 up 1:19, 4 users, load average: 0.15, 0.23, 0.21 + _________________________ ps + ps alxwf + egrep -i 'ppid|pluto|ipsec|klips' F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME COMMAND 0 0 7296 6767 20 0 10184 1416 wait S+ pts/0 0:00 | \_ /bin/sh /usr/lib/ipsec/barf 0 0 7375 7296 20 0 3872 608 pipe_w S+ pts/0 0:00 | \_ egrep -i ppid|pluto|ipsec|klips 1 0 7199 1 20 0 8908 496 wait S pts/0 0:00 /bin/bash /usr/lib/ipsec/_plutorun --debug --uniqueids yes --force_busy no --nocrsend no --strictcrlpolicy no --nat_traversal yes --keep_alive --protostack netkey --force_keepalive no --disable_port_floating no --virtual_private --crlcheckinterval 0 --ocspuri --nhelpers --dump --opts --stderrlog --wait no --pre --post --log daemon.error --plutorestartoncrash true --pid /var/run/pluto/pluto.pid 1 0 7201 7199 20 0 8908 656 wait S pts/0 0:00 \_ /bin/bash /usr/lib/ipsec/_plutorun --debug --uniqueids yes --force_busy no --nocrsend no --strictcrlpolicy no --nat_traversal yes --keep_alive --protostack netkey --force_keepalive no --disable_port_floating no --virtual_private --crlcheckinterval 0 --ocspuri --nhelpers --dump --opts --stderrlog --wait no --pre --post --log daemon.error --plutorestartoncrash true --pid /var/run/pluto/pluto.pid 4 0 7204 7201 20 0 65280 3320 - S pts/0 0:00 | \_ /usr/lib/ipsec/pluto --nofork --secretsfile /etc/ipsec.secrets --ipsecdir /etc/ipsec.d --use-netkey --uniqueids --nat_traversal 1 0 7208 7204 30 10 65268 1040 - SN pts/0 0:00 | \_ pluto helper # 0 1 0 7209 7204 30 10 65268 1160 - SN pts/0 0:00 | \_ pluto helper # 1 1 0 7211 7204 30 10 65268 1192 - SN pts/0 0:00 | \_ pluto helper # 2 0 0 7254 7204 20 0 5772 384 - S pts/0 0:00 | \_ _pluto_adns 0 0 7202 7199 20 0 8864 1228 pipe_w S pts/0 0:00 \_ /bin/sh /usr/lib/ipsec/_plutoload --wait no --post 0 0 7200 1 20 0 3780 588 pipe_w S pts/0 0:00 logger -s -p daemon.error -t ipsec__plutorun + _________________________ ipsec/showdefaults + ipsec showdefaults routephys=br0 routevirt=none routeaddr=192.168.1.3 routenexthop=192.168.1.1 + _________________________ ipsec/conf + ipsec _include /etc/ipsec.conf + ipsec _keycensor #< /etc/ipsec.conf 1 # /etc/ipsec.conf - Openswan IPsec configuration file version 2.0 # basic configuration config setup oe=off nat_traversal=yes protostack=netkey # connections conn wonderproxy-client authby=secret pfs=no rekey=yes keyingtries=3 type=transport left=%defaultroute leftprotoport=17/1701 right=64.34.173.20 rightprotoport=17/1701 forceencaps=yes auto=add + _________________________ ipsec/secrets + ipsec _include /etc/ipsec.secrets + ipsec _secretcensor #< /etc/ipsec.secrets 1 # RCSID $Id: ipsec.secrets.proto,v 1.3.6.1 2005-09-28 13:59:14 paul Exp $ # This file holds shared secrets or RSA private keys for inter-Pluto # authentication. See ipsec_pluto(8) manpage, and HTML documentation. # RSA private key for this host, authenticating it to any other host # which knows the public part. Suitable public keys, for ipsec.conf, DNS, # or configuration of other implementations, can be extracted conveniently # with "[sums to ef67...]". : RSA /etc/ipsec.d/private/blackholeKey.pem : PSK "[sums to 97a5...]" + _________________________ ipsec/listall + ipsec auto --listall 000 000 List of Public Keys: 000 000 List of Pre-shared secrets (from /etc/ipsec.secrets) 000 10: PSK (none) (none) 000 9: RSA (none) (none) + '[' /etc/ipsec.d/policies ']' + for policy in '$POLICIES/*' ++ basename /etc/ipsec.d/policies/block + base=block + _________________________ ipsec/policies/block + cat /etc/ipsec.d/policies/block # This file defines the set of CIDRs (network/mask-length) to which # communication should never be allowed. # # See /usr/share/doc/openswan/policygroups.html for details. # # $Id: block.in,v 1.4 2003/02/17 02:22:15 mcr Exp $ # + for policy in '$POLICIES/*' ++ basename /etc/ipsec.d/policies/clear + base=clear + _________________________ ipsec/policies/clear + cat /etc/ipsec.d/policies/clear # This file defines the set of CIDRs (network/mask-length) to which # communication should always be in the clear. # # See /usr/share/doc/openswan/policygroups.html for details. # # root name servers should be in the clear 192.58.128.30/32 198.41.0.4/32 192.228.79.201/32 192.33.4.12/32 128.8.10.90/32 192.203.230.10/32 192.5.5.241/32 192.112.36.4/32 128.63.2.53/32 192.36.148.17/32 193.0.14.129/32 199.7.83.42/32 202.12.27.33/32 + for policy in '$POLICIES/*' ++ basename /etc/ipsec.d/policies/clear-or-private + base=clear-or-private + _________________________ ipsec/policies/clear-or-private + cat /etc/ipsec.d/policies/clear-or-private # This file defines the set of CIDRs (network/mask-length) to which # we will communicate in the clear, or, if the other side initiates IPSEC, # using encryption. This behaviour is also called "Opportunistic Responder". # # See /usr/share/doc/openswan/policygroups.html for details. # # $Id: clear-or-private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $ # + for policy in '$POLICIES/*' ++ basename /etc/ipsec.d/policies/private + base=private + _________________________ ipsec/policies/private + cat /etc/ipsec.d/policies/private # This file defines the set of CIDRs (network/mask-length) to which # communication should always be private (i.e. encrypted). # See /usr/share/doc/openswan/policygroups.html for details. # # $Id: private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $ # + for policy in '$POLICIES/*' ++ basename /etc/ipsec.d/policies/private-or-clear + base=private-or-clear + _________________________ ipsec/policies/private-or-clear + cat /etc/ipsec.d/policies/private-or-clear # This file defines the set of CIDRs (network/mask-length) to which # communication should be private, if possible, but in the clear otherwise. # # If the target has a TXT (later IPSECKEY) record that specifies # authentication material, we will require private (i.e. encrypted) # communications. If no such record is found, communications will be # in the clear. # # See /usr/share/doc/openswan/policygroups.html for details. # # $Id: private-or-clear.in,v 1.5 2003/02/17 02:22:15 mcr Exp $ # 0.0.0.0/0 + _________________________ ipsec/ls-libdir + ls -l /usr/lib/ipsec total 2140 -rwxr-xr-x 1 root root 7032 Feb 22 19:13 _copyright -rwxr-xr-x 1 root root 2379 Feb 22 19:12 _include -rwxr-xr-x 1 root root 1475 Feb 22 19:12 _keycensor -rwxr-xr-x 1 root root 11064 Feb 22 19:13 _pluto_adns -rwxr-xr-x 1 root root 2632 Feb 22 19:12 _plutoload -rwxr-xr-x 1 root root 8207 Feb 22 19:13 _plutorun -rwxr-xr-x 1 root root 12943 Feb 22 19:12 _realsetup -rwxr-xr-x 1 root root 1975 Feb 22 19:12 _secretcensor -rwxr-xr-x 1 root root 8567 Feb 22 19:13 _startklips -rwxr-xr-x 1 root root 6036 Feb 22 19:13 _startnetkey -rwxr-xr-x 1 root root 4868 Feb 22 19:12 _updown -rwxr-xr-x 1 root root 14028 Feb 22 19:13 _updown.klips -rwxr-xr-x 1 root root 11745 Feb 22 19:13 _updown.mast -rwxr-xr-x 1 root root 8680 Feb 22 19:13 _updown.netkey -rwxr-xr-x 1 root root 185384 Feb 22 19:13 addconn -rwxr-xr-x 1 root root 6015 Feb 22 19:12 auto -rwxr-xr-x 1 root root 10816 Feb 22 19:13 barf -rwxr-xr-x 1 root root 86696 Feb 22 19:13 eroute -rwxr-xr-x 1 root root 21816 Feb 22 19:13 ikeping -rwxr-xr-x 1 root root 64808 Feb 22 19:13 klipsdebug -rwxr-xr-x 1 root root 2591 Feb 22 19:12 look -rwxr-xr-x 1 root root 2182 Feb 22 19:13 newhostkey -rwxr-xr-x 1 root root 57768 Feb 22 19:13 pf_key -rwxr-xr-x 1 root root 882608 Feb 22 19:13 pluto -rwxr-xr-x 1 root root 11160 Feb 22 19:13 ranbits -rwxr-xr-x 1 root root 20880 Feb 22 19:13 rsasigkey -rwxr-xr-x 1 root root 766 Feb 22 19:13 secrets lrwxrwxrwx 1 root root 17 Feb 22 19:16 setup -> /etc/init.d/ipsec -rwxr-xr-x 1 root root 1054 Feb 22 19:13 showdefaults -rwxr-xr-x 1 root root 232120 Feb 22 19:13 showhostkey -rwxr-xr-x 1 root root 23528 Feb 22 19:13 showpolicy -rwxr-xr-x 1 root root 140968 Feb 22 19:13 spi -rwxr-xr-x 1 root root 74296 Feb 22 19:13 spigrp -rwxr-xr-x 1 root root 69864 Feb 22 19:13 tncfg -rwxr-xr-x 1 root root 13400 Feb 22 19:13 verify -rwxr-xr-x 1 root root 53536 Feb 22 19:13 whack + _________________________ ipsec/ls-execdir + ls -l /usr/lib/ipsec total 2140 -rwxr-xr-x 1 root root 7032 Feb 22 19:13 _copyright -rwxr-xr-x 1 root root 2379 Feb 22 19:12 _include -rwxr-xr-x 1 root root 1475 Feb 22 19:12 _keycensor -rwxr-xr-x 1 root root 11064 Feb 22 19:13 _pluto_adns -rwxr-xr-x 1 root root 2632 Feb 22 19:12 _plutoload -rwxr-xr-x 1 root root 8207 Feb 22 19:13 _plutorun -rwxr-xr-x 1 root root 12943 Feb 22 19:12 _realsetup -rwxr-xr-x 1 root root 1975 Feb 22 19:12 _secretcensor -rwxr-xr-x 1 root root 8567 Feb 22 19:13 _startklips -rwxr-xr-x 1 root root 6036 Feb 22 19:13 _startnetkey -rwxr-xr-x 1 root root 4868 Feb 22 19:12 _updown -rwxr-xr-x 1 root root 14028 Feb 22 19:13 _updown.klips -rwxr-xr-x 1 root root 11745 Feb 22 19:13 _updown.mast -rwxr-xr-x 1 root root 8680 Feb 22 19:13 _updown.netkey -rwxr-xr-x 1 root root 185384 Feb 22 19:13 addconn -rwxr-xr-x 1 root root 6015 Feb 22 19:12 auto -rwxr-xr-x 1 root root 10816 Feb 22 19:13 barf -rwxr-xr-x 1 root root 86696 Feb 22 19:13 eroute -rwxr-xr-x 1 root root 21816 Feb 22 19:13 ikeping -rwxr-xr-x 1 root root 64808 Feb 22 19:13 klipsdebug -rwxr-xr-x 1 root root 2591 Feb 22 19:12 look -rwxr-xr-x 1 root root 2182 Feb 22 19:13 newhostkey -rwxr-xr-x 1 root root 57768 Feb 22 19:13 pf_key -rwxr-xr-x 1 root root 882608 Feb 22 19:13 pluto -rwxr-xr-x 1 root root 11160 Feb 22 19:13 ranbits -rwxr-xr-x 1 root root 20880 Feb 22 19:13 rsasigkey -rwxr-xr-x 1 root root 766 Feb 22 19:13 secrets lrwxrwxrwx 1 root root 17 Feb 22 19:16 setup -> /etc/init.d/ipsec -rwxr-xr-x 1 root root 1054 Feb 22 19:13 showdefaults -rwxr-xr-x 1 root root 232120 Feb 22 19:13 showhostkey -rwxr-xr-x 1 root root 23528 Feb 22 19:13 showpolicy -rwxr-xr-x 1 root root 140968 Feb 22 19:13 spi -rwxr-xr-x 1 root root 74296 Feb 22 19:13 spigrp -rwxr-xr-x 1 root root 69864 Feb 22 19:13 tncfg -rwxr-xr-x 1 root root 13400 Feb 22 19:13 verify -rwxr-xr-x 1 root root 53536 Feb 22 19:13 whack + _________________________ /proc/net/dev + cat /proc/net/dev Inter-| Receive | Transmit face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed lo: 3920 64 0 0 0 0 0 0 3920 64 0 0 0 0 0 0 eth0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 eth1:339172938 237964 0 0 0 0 0 0 10734137 116791 0 0 0 0 0 0 br0:335834725 237952 0 0 0 0 0 4004 10258877 116793 0 0 0 0 0 0 + _________________________ /proc/net/route + cat /proc/net/route Iface Destination Gateway Flags RefCnt Use Metric Mask MTU Window IRTT br0 0001A8C0 00000000 0001 0 0 0 00FFFFFF 0 0 0 br0 00000000 0101A8C0 0003 0 0 0 00000000 0 0 0 + _________________________ /proc/sys/net/ipv4/ip_no_pmtu_disc + cat /proc/sys/net/ipv4/ip_no_pmtu_disc 0 + _________________________ /proc/sys/net/ipv4/ip_forward + cat /proc/sys/net/ipv4/ip_forward 1 + _________________________ /proc/sys/net/ipv4/tcp_ecn + cat /proc/sys/net/ipv4/tcp_ecn 0 + _________________________ /proc/sys/net/ipv4/conf/star-rp_filter + cd /proc/sys/net/ipv4/conf + egrep '^' all/rp_filter br0/rp_filter default/rp_filter eth0/rp_filter eth1/rp_filter lo/rp_filter all/rp_filter:0 br0/rp_filter:0 default/rp_filter:0 eth0/rp_filter:0 eth1/rp_filter:0 lo/rp_filter:0 + _________________________ /proc/sys/net/ipv4/conf/star-star-redirects + cd /proc/sys/net/ipv4/conf + egrep '^' all/accept_redirects all/secure_redirects all/send_redirects br0/accept_redirects br0/secure_redirects br0/send_redirects default/accept_redirects default/secure_redirects default/send_redirects eth0/accept_redirects eth0/secure_redirects eth0/send_redirects eth1/accept_redirects eth1/secure_redirects eth1/send_redirects lo/accept_redirects lo/secure_redirects lo/send_redirects all/accept_redirects:0 all/secure_redirects:1 all/send_redirects:0 br0/accept_redirects:1 br0/secure_redirects:1 br0/send_redirects:1 default/accept_redirects:0 default/secure_redirects:1 default/send_redirects:0 eth0/accept_redirects:0 eth0/secure_redirects:1 eth0/send_redirects:0 eth1/accept_redirects:0 eth1/secure_redirects:1 eth1/send_redirects:0 lo/accept_redirects:1 lo/secure_redirects:1 lo/send_redirects:1 + _________________________ /proc/sys/net/ipv4/tcp_window_scaling + cat /proc/sys/net/ipv4/tcp_window_scaling 1 + _________________________ /proc/sys/net/ipv4/tcp_adv_win_scale + cat /proc/sys/net/ipv4/tcp_adv_win_scale 2 + _________________________ uname-a + uname -a Linux blackhole 2.6.26-2-amd64 #1 SMP Thu Feb 11 00:59:32 UTC 2010 x86_64 GNU/Linux + _________________________ config-built-with + test -r /proc/config_built_with + _________________________ distro-release + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release + test -f /etc/redhat-release + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release + test -f /etc/debian-release + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release + test -f /etc/SuSE-release + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release + test -f /etc/mandrake-release + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release + test -f /etc/mandriva-release + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release + test -f /etc/gentoo-release + _________________________ /proc/net/ipsec_version + test -r /proc/net/ipsec_version + test -r /proc/net/pfkey ++ uname -r + echo 'NETKEY (2.6.26-2-amd64) support detected ' NETKEY (2.6.26-2-amd64) support detected + _________________________ iptables + test -r /sbin/iptables + iptables -L -v -n Chain INPUT (policy ACCEPT 3617 packets, 958K bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 4422 packets, 505K bytes) pkts bytes target prot opt in out source destination + _________________________ iptables-nat + iptables -t nat -L -v -n Chain PREROUTING (policy ACCEPT 384 packets, 20674 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 411 packets, 27812 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 411 packets, 27812 bytes) pkts bytes target prot opt in out source destination + _________________________ iptables-mangle + iptables -t mangle -L -v -n Chain PREROUTING (policy ACCEPT 3996 packets, 978K bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 3617 packets, 958K bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 4422 packets, 505K bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 4422 packets, 505K bytes) pkts bytes target prot opt in out source destination + _________________________ /proc/modules + test -f /proc/modules + cat /proc/modules xfrm_user 24832 2 - Live 0xffffffffa0394000 ah6 10368 0 - Live 0xffffffffa0390000 ah4 9344 0 - Live 0xffffffffa038c000 esp6 10624 0 - Live 0xffffffffa0388000 esp4 10752 2 - Live 0xffffffffa0384000 xfrm4_mode_beet 7168 0 - Live 0xffffffffa037d000 xfrm4_tunnel 6912 0 - Live 0xffffffffa037a000 xfrm4_mode_tunnel 6912 0 - Live 0xffffffffa0374000 xfrm4_mode_transport 6400 4 - Live 0xffffffffa0371000 xfrm6_mode_transport 6400 0 - Live 0xffffffffa036e000 xfrm6_mode_ro 6272 0 - Live 0xffffffffa036b000 xfrm6_mode_beet 6784 0 - Live 0xffffffffa0368000 xfrm6_mode_tunnel 6912 0 - Live 0xffffffffa0365000 ipcomp 10636 0 - Live 0xffffffffa0361000 ipcomp6 10892 0 - Live 0xffffffffa035d000 xfrm6_tunnel 13344 1 ipcomp6, Live 0xffffffffa0358000 af_key 32536 0 - Live 0xffffffffa02a1000 iptable_mangle 7424 0 - Live 0xffffffffa0be7000 iptable_nat 9872 0 - Live 0xffffffffa0be3000 nf_nat 23192 1 iptable_nat, Live 0xffffffffa0bdc000 nf_conntrack_ipv4 19352 3 iptable_nat,nf_nat, Live 0xffffffffa0bd6000 nf_conntrack 71440 3 iptable_nat,nf_nat,nf_conntrack_ipv4, Live 0xffffffffa0bc3000 iptable_filter 7424 0 - Live 0xffffffffa0bc0000 ip_tables 21520 3 iptable_mangle,iptable_nat,iptable_filter, Live 0xffffffffa0bb9000 x_tables 25224 2 iptable_nat,ip_tables, Live 0xffffffffa0bb1000 authenc 9984 2 - Live 0xffffffffa0bad000 nvidia 8105072 34 - Live 0xffffffffa03f1000 (P) bridge 53544 0 - Live 0xffffffffa03e2000 pppoe 14976 0 - Live 0xffffffffa03dd000 pppox 7960 1 pppoe, Live 0xffffffffa03da000 ppp_generic 27816 2 pppoe,pppox, Live 0xffffffffa03d2000 slhc 10240 1 ppp_generic, Live 0xffffffffa03ce000 ppdev 11656 0 - Live 0xffffffffa03ca000 lp 14724 0 - Live 0xffffffffa03c5000 powernow_k8 17156 0 - Live 0xffffffffa03bf000 cpufreq_userspace 8452 0 - Live 0xffffffffa03bb000 cpufreq_powersave 6400 0 - Live 0xffffffffa03b8000 cpufreq_conservative 11784 0 - Live 0xffffffffa03b4000 cpufreq_ondemand 11792 4 - Live 0xffffffffa03b0000 cpufreq_stats 9120 0 - Live 0xffffffffa03ac000 freq_table 9344 3 powernow_k8,cpufreq_ondemand,cpufreq_stats, Live 0xffffffffa03a8000 ccm 12928 0 - Live 0xffffffffa03a3000 ecb 7296 0 - Live 0xffffffffa03a0000 sha512_generic 9600 0 - Live 0xffffffffa039c000 aead 11904 4 esp6,esp4,authenc,ccm, Live 0xffffffffa0380000 tunnel4 7824 1 xfrm4_tunnel, Live 0xffffffffa0377000 tunnel6 7824 1 xfrm6_tunnel, Live 0xffffffffa0355000 ipv6 288456 43 ah6,esp6,xfrm6_mode_beet,xfrm6_mode_tunnel,ipcomp6,xfrm6_tunnel,tunnel6, Live 0xffffffffa030d000 rng_core 8968 0 - Live 0xffffffffa0309000 deflate 7424 0 - Live 0xffffffffa0306000 zlib_deflate 23960 1 deflate, Live 0xffffffffa02ff000 zlib_inflate 18944 1 deflate, Live 0xffffffffa02f9000 ctr 8832 0 - Live 0xffffffffa02f5000 twofish 11136 0 - Live 0xffffffffa02f1000 twofish_common 18560 1 twofish, Live 0xffffffffa02eb000 camellia 23424 0 - Live 0xffffffffa02e4000 serpent 22912 0 - Live 0xffffffffa02dd000 blowfish 13056 0 - Live 0xffffffffa02d8000 des_generic 21376 0 - Live 0xffffffffa02d1000 cbc 7936 2 - Live 0xffffffffa02ce000 aes_x86_64 12416 2 - Live 0xffffffffa02c9000 aes_generic 32552 1 aes_x86_64, Live 0xffffffffa02c0000 xcbc 8968 0 - Live 0xffffffffa02bc000 sha256_generic 13696 0 - Live 0xffffffffa02b7000 sha1_generic 6912 2 - Live 0xffffffffa02b4000 crypto_null 7680 0 - Live 0xffffffffa02b1000 crypto_blkcipher 21636 8 authenc,ccm,ecb,ctr,cbc,crypto_null, Live 0xffffffffa02aa000 fuse 53184 1 - Live 0xffffffffa0293000 sbp2 25356 0 - Live 0xffffffffa028b000 loop 19468 0 - Live 0xffffffffa0285000 snd_emu10k1_synth 10752 0 - Live 0xffffffffa0281000 snd_emux_synth 36864 1 snd_emu10k1_synth, Live 0xffffffffa0277000 snd_seq_virmidi 10112 1 snd_emux_synth, Live 0xffffffffa0273000 snd_seq_midi_emul 10496 1 snd_emux_synth, Live 0xffffffffa026f000 snd_emu10k1 141152 3 snd_emu10k1_synth, Live 0xffffffffa024b000 snd_seq_midi 11072 0 - Live 0xffffffffa0247000 snd_seq_midi_event 11904 2 snd_seq_virmidi,snd_seq_midi, Live 0xffffffffa0243000 snd_rawmidi 26784 3 snd_seq_virmidi,snd_emu10k1,snd_seq_midi, Live 0xffffffffa023b000 firmware_class 12544 1 snd_emu10k1, Live 0xffffffffa0236000 snd_ac97_codec 115416 1 snd_emu10k1, Live 0xffffffffa0218000 ac97_bus 6272 1 snd_ac97_codec, Live 0xffffffffa0215000 snd_pcm 81800 3 snd_emu10k1,snd_ac97_codec, Live 0xffffffffa0200000 snd_page_alloc 13072 2 snd_emu10k1,snd_pcm, Live 0xffffffffa01fb000 snd_util_mem 8960 2 snd_emux_synth,snd_emu10k1, Live 0xffffffffa01f7000 snd_hwdep 12040 2 snd_emux_synth,snd_emu10k1, Live 0xffffffffa01f3000 snd_seq 54304 5 snd_emux_synth,snd_seq_virmidi,snd_seq_midi_emul,snd_seq_midi,snd_seq_midi_event, Live 0xffffffffa01e4000 snd_timer 25744 3 snd_emu10k1,snd_pcm,snd_seq, Live 0xffffffffa01dc000 snd_seq_device 11668 6 snd_emu10k1_synth,snd_emux_synth,snd_emu10k1,snd_seq_midi,snd_rawmidi,snd_seq, Live 0xffffffffa01d8000 snd 63688 13 snd_emux_synth,snd_seq_virmidi,snd_emu10k1,snd_rawmidi,snd_ac97_codec,snd_pcm,snd_hwdep,snd_seq,snd_timer,snd_seq_device, Live 0xffffffffa01c7000 parport_pc 31016 1 - Live 0xffffffffa01be000 parport 41776 3 ppdev,lp,parport_pc, Live 0xffffffffa01b2000 emu10k1_gp 7552 0 - Live 0xffffffffa00c9000 pcspkr 7040 0 - Live 0xffffffffa0088000 psmouse 42268 0 - Live 0xffffffffa01a6000 i2c_nforce2 10752 0 - Live 0xffffffffa01a2000 gameport 17040 2 emu10k1_gp, Live 0xffffffffa019c000 soundcore 12064 1 snd, Live 0xffffffffa0198000 serio_raw 9988 0 - Live 0xffffffffa0194000 i2c_core 27936 2 nvidia,i2c_nforce2, Live 0xffffffffa018c000 button 11680 0 - Live 0xffffffffa0188000 evdev 14208 4 - Live 0xffffffffa0183000 ext3 125072 2 - Live 0xffffffffa0163000 jbd 51240 1 ext3, Live 0xffffffffa0155000 mbcache 12804 1 ext3, Live 0xffffffffa0150000 usb_storage 95936 0 - Live 0xffffffffa0137000 ide_cd_mod 36360 0 - Live 0xffffffffa012d000 cdrom 37928 1 ide_cd_mod, Live 0xffffffffa0122000 sd_mod 29376 5 - Live 0xffffffffa0119000 usbhid 45792 0 - Live 0xffffffffa010c000 hid 41792 1 usbhid, Live 0xffffffffa0100000 ff_memless 9224 1 usbhid, Live 0xffffffffa00fc000 ata_generic 10116 0 - Live 0xffffffffa00f8000 sata_nv 28680 3 - Live 0xffffffffa00ef000 ohci1394 32692 0 - Live 0xffffffffa00e4000 ieee1394 93944 2 sbp2,ohci1394, Live 0xffffffffa00cc000 libata 165600 2 ata_generic,sata_nv, Live 0xffffffffa009f000 forcedeth 54032 0 - Live 0xffffffffa0090000 amd74xx 13448 0 [permanent], Live 0xffffffffa008b000 scsi_mod 161016 4 sbp2,usb_storage,sd_mod,libata, Live 0xffffffffa005f000 ohci_hcd 25092 0 - Live 0xffffffffa0055000 ehci_hcd 36108 0 - Live 0xffffffffa0049000 dock 14112 1 libata, Live 0xffffffffa0042000 ide_pci_generic 9220 0 [permanent], Live 0xffffffffa003e000 ide_core 128284 3 ide_cd_mod,amd74xx,ide_pci_generic, Live 0xffffffffa001d000 thermal 22688 0 - Live 0xffffffffa0016000 processor 42304 2 powernow_k8,thermal, Live 0xffffffffa000a000 fan 9352 0 - Live 0xffffffffa0006000 thermal_sys 17728 3 thermal,processor,fan, Live 0xffffffffa0000000 + _________________________ /proc/meminfo + cat /proc/meminfo MemTotal: 3547136 kB MemFree: 2280448 kB Buffers: 87620 kB Cached: 544616 kB SwapCached: 0 kB Active: 701168 kB Inactive: 425716 kB SwapTotal: 2048276 kB SwapFree: 2048276 kB Dirty: 228 kB Writeback: 0 kB AnonPages: 494692 kB Mapped: 134828 kB Slab: 63176 kB SReclaimable: 47144 kB SUnreclaim: 16032 kB PageTables: 15044 kB NFS_Unstable: 0 kB Bounce: 0 kB WritebackTmp: 0 kB CommitLimit: 3821844 kB Committed_AS: 1098520 kB VmallocTotal: 34359738367 kB VmallocUsed: 117364 kB VmallocChunk: 34359610363 kB HugePages_Total: 0 HugePages_Free: 0 HugePages_Rsvd: 0 HugePages_Surp: 0 Hugepagesize: 2048 kB + _________________________ /proc/net/ipsec-ls + test -f /proc/net/ipsec_version + _________________________ usr/src/linux/.config + test -f /proc/config.gz ++ uname -r + test -f /lib/modules/2.6.26-2-amd64/build/.config + echo 'no .config file found, cannot list kernel properties' no .config file found, cannot list kernel properties + _________________________ etc/syslog.conf + _________________________ etc/syslog-ng/syslog-ng.conf + cat /etc/syslog-ng/syslog-ng.conf cat: /etc/syslog-ng/syslog-ng.conf: No such file or directory + cat /etc/syslog.conf cat: /etc/syslog.conf: No such file or directory + _________________________ etc/resolv.conf + cat /etc/resolv.conf domain roberts.lan search roberts.lan nameserver 192.168.1.1 nameserver 4.2.2.1 + _________________________ lib/modules-ls + ls -ltr /lib/modules total 4 drwxr-xr-x 4 root root 4096 Feb 14 20:24 2.6.26-2-amd64 + _________________________ fipscheck + cat /proc/sys/crypto/fips_enabled cat: /proc/sys/crypto/fips_enabled: No such file or directory + _________________________ /proc/ksyms-netif_rx + test -r /proc/ksyms + test -r /proc/kallsyms + egrep netif_rx /proc/kallsyms ffffffff803baf5d T netif_rx ffffffff803bb188 T netif_rx_ni ffffffff803baf5d u netif_rx [ppp_generic] ffffffff803baf5d u netif_rx [ipv6] ffffffff803baf5d u netif_rx [forcedeth] + _________________________ lib/modules-netif_rx + modulegoo kernel/net/ipv4/ipip.o netif_rx + set +x 2.6.26-2-amd64: + _________________________ kern.debug + test -f /var/log/kern.debug + _________________________ klog + sed -n '55,$p' /var/log/syslog + case "$1" in + egrep -i 'ipsec|klips|pluto' + cat Feb 23 20:02:49 blackhole ipsec_setup: Starting Openswan IPsec U2.6.master-201008.git-g6cebcb2a-dirty/K2.6.26-2-amd64... Feb 23 20:02:49 blackhole ipsec_setup: Using NETKEY(XFRM) stack Feb 23 20:02:50 blackhole ipsec_setup: ...Openswan IPsec started Feb 23 20:02:50 blackhole ipsec__plutorun: adjusting ipsec.d to /etc/ipsec.d Feb 23 20:02:50 blackhole pluto: adjusting ipsec.d to /etc/ipsec.d Feb 23 20:02:51 blackhole ipsec__plutorun: 002 added connection description "wonderproxy-client" Feb 23 20:02:51 blackhole ipsec__plutorun: 003 NAT-Traversal: Trying new style NAT-T Feb 23 20:02:51 blackhole ipsec__plutorun: 003 NAT-Traversal: ESPINUDP(1) setup failed for new style NAT-T family IPv4 (errno=19) Feb 23 20:02:51 blackhole ipsec__plutorun: 003 NAT-Traversal: Trying old style NAT-T + _________________________ plog + sed -n '1754,$p' /var/log/auth.log + egrep -i pluto + case "$1" in + cat Feb 23 20:02:50 blackhole ipsec__plutorun: Starting Pluto subsystem... Feb 23 20:02:50 blackhole pluto[7204]: Starting Pluto (Openswan Version 2.6.master-201008.git-g6cebcb2a-dirty; Vendor ID OEH{gTnEDqgk) pid:7204 Feb 23 20:02:50 blackhole pluto[7204]: Setting NAT-Traversal port-4500 floating to on Feb 23 20:02:50 blackhole pluto[7204]: port floating activation criteria nat_t=1/port_float=1 Feb 23 20:02:50 blackhole pluto[7204]: NAT-Traversal support [enabled] Feb 23 20:02:50 blackhole pluto[7204]: using /dev/urandom as source of random entropy Feb 23 20:02:50 blackhole pluto[7204]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0) Feb 23 20:02:50 blackhole pluto[7204]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0) Feb 23 20:02:50 blackhole pluto[7204]: ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0) Feb 23 20:02:50 blackhole pluto[7204]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0) Feb 23 20:02:50 blackhole pluto[7204]: ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0) Feb 23 20:02:50 blackhole pluto[7204]: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0) Feb 23 20:02:50 blackhole pluto[7204]: ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0) Feb 23 20:02:50 blackhole pluto[7204]: starting up 3 cryptographic helpers Feb 23 20:02:50 blackhole pluto[7204]: started helper pid=7208 (fd:7) Feb 23 20:02:50 blackhole pluto[7208]: using /dev/urandom as source of random entropy Feb 23 20:02:50 blackhole pluto[7209]: using /dev/urandom as source of random entropy Feb 23 20:02:50 blackhole pluto[7204]: started helper pid=7209 (fd:8) Feb 23 20:02:50 blackhole pluto[7204]: started helper pid=7211 (fd:9) Feb 23 20:02:50 blackhole pluto[7211]: using /dev/urandom as source of random entropy Feb 23 20:02:50 blackhole pluto[7204]: Using Linux 2.6 IPsec interface code on 2.6.26-2-amd64 (experimental code) Feb 23 20:02:51 blackhole pluto[7204]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names Feb 23 20:02:51 blackhole pluto[7204]: ike_alg_register_enc(): Activating : Ok (ret=0) Feb 23 20:02:51 blackhole pluto[7204]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names Feb 23 20:02:51 blackhole pluto[7204]: ike_alg_add(): ERROR: Algorithm already exists Feb 23 20:02:51 blackhole pluto[7204]: ike_alg_register_enc(): Activating : FAILED (ret=-17) Feb 23 20:02:51 blackhole pluto[7204]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names Feb 23 20:02:51 blackhole pluto[7204]: ike_alg_add(): ERROR: Algorithm already exists Feb 23 20:02:51 blackhole pluto[7204]: ike_alg_register_enc(): Activating : FAILED (ret=-17) Feb 23 20:02:51 blackhole pluto[7204]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names Feb 23 20:02:51 blackhole pluto[7204]: ike_alg_add(): ERROR: Algorithm already exists Feb 23 20:02:51 blackhole pluto[7204]: ike_alg_register_enc(): Activating : FAILED (ret=-17) Feb 23 20:02:51 blackhole pluto[7204]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names Feb 23 20:02:51 blackhole pluto[7204]: ike_alg_add(): ERROR: Algorithm already exists Feb 23 20:02:51 blackhole pluto[7204]: ike_alg_register_enc(): Activating : FAILED (ret=-17) Feb 23 20:02:51 blackhole pluto[7204]: ike_alg_register_enc(): WARNING: enc alg=0 not found in constants.c:oakley_enc_names Feb 23 20:02:51 blackhole pluto[7204]: ike_alg_add(): ERROR: Algorithm already exists Feb 23 20:02:51 blackhole pluto[7204]: ike_alg_register_enc(): Activating : FAILED (ret=-17) Feb 23 20:02:51 blackhole pluto[7204]: Changed path to directory '/etc/ipsec.d/cacerts' Feb 23 20:02:51 blackhole pluto[7204]: Changed path to directory '/etc/ipsec.d/aacerts' Feb 23 20:02:51 blackhole pluto[7204]: Changed path to directory '/etc/ipsec.d/ocspcerts' Feb 23 20:02:51 blackhole pluto[7204]: Changing to directory '/etc/ipsec.d/crls' Feb 23 20:02:51 blackhole pluto[7204]: Warning: empty directory Feb 23 20:02:51 blackhole pluto[7204]: added connection description "wonderproxy-client" Feb 23 20:02:51 blackhole pluto[7204]: listening for IKE messages Feb 23 20:02:51 blackhole pluto[7204]: NAT-Traversal: Trying new style NAT-T Feb 23 20:02:51 blackhole pluto[7204]: NAT-Traversal: ESPINUDP(1) setup failed for new style NAT-T family IPv4 (errno=19) Feb 23 20:02:51 blackhole pluto[7204]: NAT-Traversal: Trying old style NAT-T Feb 23 20:02:51 blackhole pluto[7204]: adding interface br0/br0 192.168.1.3:500 Feb 23 20:02:51 blackhole pluto[7204]: adding interface br0/br0 192.168.1.3:4500 Feb 23 20:02:51 blackhole pluto[7204]: adding interface lo/lo 127.0.0.1:500 Feb 23 20:02:51 blackhole pluto[7204]: adding interface lo/lo 127.0.0.1:4500 Feb 23 20:02:51 blackhole pluto[7204]: adding interface lo/lo ::1:500 Feb 23 20:02:51 blackhole pluto[7204]: loading secrets from "/etc/ipsec.secrets" Feb 23 20:02:51 blackhole pluto[7204]: loaded private key file '/etc/ipsec.d/private/blackholeKey.pem' (1679 bytes) Feb 23 20:02:51 blackhole pluto[7204]: loaded private key for keyid: PPK_RSA:AwEAAb5vJ Feb 23 20:03:20 blackhole pluto[7204]: "wonderproxy-client" #1: initiating Main Mode Feb 23 20:03:20 blackhole pluto[7204]: "wonderproxy-client" #1: received Vendor ID payload [Openswan (this version) 2.6.master-201008.git-g6cebcb2a-dirty ] Feb 23 20:03:20 blackhole pluto[7204]: "wonderproxy-client" #1: received Vendor ID payload [Dead Peer Detection] Feb 23 20:03:20 blackhole pluto[7204]: "wonderproxy-client" #1: received Vendor ID payload [RFC 3947] method set to=109 Feb 23 20:03:20 blackhole pluto[7204]: "wonderproxy-client" #1: enabling possible NAT-traversal with method 4 Feb 23 20:03:20 blackhole pluto[7204]: "wonderproxy-client" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Feb 23 20:03:20 blackhole pluto[7204]: "wonderproxy-client" #1: STATE_MAIN_I2: sent MI2, expecting MR2 Feb 23 20:03:20 blackhole pluto[7204]: "wonderproxy-client" #1: NAT-Traversal: Result using RFC 3947 (NAT-Traversal): both are NATed Feb 23 20:03:20 blackhole pluto[7204]: "wonderproxy-client" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Feb 23 20:03:20 blackhole pluto[7204]: "wonderproxy-client" #1: STATE_MAIN_I3: sent MI3, expecting MR3 Feb 23 20:03:20 blackhole pluto[7204]: "wonderproxy-client" #1: received Vendor ID payload [CAN-IKEv2] Feb 23 20:03:20 blackhole pluto[7204]: "wonderproxy-client" #1: Main mode peer ID is ID_IPV4_ADDR: '64.34.173.20' Feb 23 20:03:20 blackhole pluto[7204]: "wonderproxy-client" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4 Feb 23 20:03:20 blackhole pluto[7204]: "wonderproxy-client" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=aes_128 prf=oakley_sha group=modp2048} Feb 23 20:03:20 blackhole pluto[7204]: "wonderproxy-client" #2: initiating Quick Mode PSK+ENCRYPT+UP+IKEv2ALLOW {using isakmp#1 msgid:5e062a85 proposal=defaults pfsgroup=no-pfs} Feb 23 20:03:20 blackhole pluto[7204]: "wonderproxy-client" #2: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2 Feb 23 20:03:20 blackhole pluto[7204]: "wonderproxy-client" #2: STATE_QUICK_I2: sent QI2, IPsec SA established transport mode {ESP/NAT=>0xde1a974f <0xb24174fc xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=64.34.173.20:4500 DPD=none} + _________________________ date + date Tue Feb 23 20:04:45 EST 2010