lanner505g Sun Aug 8 22:35:05 CDT 2010 + _________________________ version + ipsec --version Usage: ipsec setup {start|stop|restart|reload|force-reload|condrestart|try-restart|status|version} + _________________________ /proc/version + cat /proc/version Linux version 2.6.32.17-phaeton (root@Ubuntu-10) (gcc version 4.4.3 (GCC) ) #1 SMP Fri Aug 6 17:57:24 BST 2010 + _________________________ /proc/net/ipsec_eroute + test -r /proc/net/ipsec_eroute + sort -sg -k 3 /proc/net/ipsec_eroute + _________________________ netstat-rn + netstat -nr + head -n 100 Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth3 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 ipsec0 192.168.12.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2 192.168.11.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 192.168.10.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth3 + _________________________ /proc/net/ipsec_spi + test -r /proc/net/ipsec_spi + cat /proc/net/ipsec_spi tun0x1004@192.168.1.40 IPIP: dir=out src=192.168.1.50 life(c,s,h)=addtime(14145,0,0) natencap=none natsport=0 natdport=0 refcount=3 ref=20 refhim=0 esp0x6eafb879@192.168.1.50 ESP_3DES_HMAC_MD5: dir=in src=192.168.1.40 iv_bits=64bits iv=0xaa4ea295b6e74174 ooowin=64 alen=128 aklen=128 eklen=192 life(c,s,h)=addtime(14145,0,0) natencap=none natsport=0 natdport=0 refcount=3 ref=25 refhim=20 esp0x372baa92@192.168.1.40 ESP_3DES_HMAC_MD5: dir=out src=192.168.1.50 iv_bits=64bits iv=0xfc25703fbbb38910 ooowin=64 alen=128 aklen=128 eklen=192 life(c,s,h)=addtime(14145,0,0) natencap=none natsport=0 natdport=0 refcount=3 ref=26 refhim=0 tun0x1003@192.168.1.50 IPIP: dir=in src=192.168.1.40 life(c,s,h)=addtime(14145,0,0) natencap=none natsport=0 natdport=0 refcount=3 ref=24 refhim=20 + _________________________ /proc/net/ipsec_spigrp + test -r /proc/net/ipsec_spigrp + cat /proc/net/ipsec_spigrp tun0x1004@192.168.1.40 esp0x372baa92@192.168.1.40 esp0x6eafb879@192.168.1.50 tun0x1003@192.168.1.50 esp0x372baa92@192.168.1.40 tun0x1003@192.168.1.50 + _________________________ /proc/net/ipsec_tncfg + test -r /proc/net/ipsec_tncfg + cat /proc/net/ipsec_tncfg ipsec0 -> eth3 mtu=16260(1500) -> 1500 ipsec1 -> NULL mtu=0(0) -> 0 + _________________________ /proc/net/pfkey + test -r /proc/net/pfkey + _________________________ /proc/crypto + test -r /proc/crypto + cat /proc/crypto name : sha256 driver : sha256-generic module : sha256_generic priority : 0 refcnt : 1 selftest : passed type : shash blocksize : 64 digestsize : 32 name : sha224 driver : sha224-generic module : sha256_generic priority : 0 refcnt : 1 selftest : passed type : shash blocksize : 64 digestsize : 28 name : sha512 driver : sha512-generic module : sha512_generic priority : 0 refcnt : 1 selftest : passed type : shash blocksize : 128 digestsize : 64 name : sha384 driver : sha384-generic module : sha512_generic priority : 0 refcnt : 1 selftest : passed type : shash blocksize : 128 digestsize : 48 name : cbc(des3_ede) driver : cbc(des3_ede-generic) module : cbc priority : 0 refcnt : 3 selftest : passed type : blkcipher blocksize : 8 min keysize : 24 max keysize : 24 ivsize : 8 geniv : name : des3_ede driver : des3_ede-generic module : des_generic priority : 0 refcnt : 3 selftest : passed type : cipher blocksize : 8 min keysize : 24 max keysize : 24 name : des driver : des-generic module : des_generic priority : 0 refcnt : 1 selftest : passed type : cipher blocksize : 8 min keysize : 8 max keysize : 8 name : cbc(blowfish) driver : cbc(blowfish-generic) module : cbc priority : 0 refcnt : 1 selftest : passed type : blkcipher blocksize : 8 min keysize : 4 max keysize : 56 ivsize : 8 geniv : name : blowfish driver : blowfish-generic module : blowfish priority : 0 refcnt : 1 selftest : passed type : cipher blocksize : 8 min keysize : 4 max keysize : 56 name : cbc(cast5) driver : cbc(cast5-generic) module : cbc priority : 0 refcnt : 1 selftest : passed type : blkcipher blocksize : 8 min keysize : 5 max keysize : 16 ivsize : 8 geniv : name : cast5 driver : cast5-generic module : cast5 priority : 0 refcnt : 1 selftest : passed type : cipher blocksize : 8 min keysize : 5 max keysize : 16 name : cbc(serpent) driver : cbc(serpent-generic) module : cbc priority : 0 refcnt : 1 selftest : passed type : blkcipher blocksize : 16 min keysize : 0 max keysize : 32 ivsize : 16 geniv : name : tnepres driver : tnepres-generic module : serpent priority : 0 refcnt : 1 selftest : passed type : cipher blocksize : 16 min keysize : 0 max keysize : 32 name : serpent driver : serpent-generic module : serpent priority : 0 refcnt : 1 selftest : passed type : cipher blocksize : 16 min keysize : 0 max keysize : 32 name : cbc(twofish) driver : cbc(twofish-generic) module : cbc priority : 100 refcnt : 1 selftest : passed type : blkcipher blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 16 geniv : name : twofish driver : twofish-generic module : twofish priority : 100 refcnt : 1 selftest : passed type : cipher blocksize : 16 min keysize : 16 max keysize : 32 name : cbc(aes) driver : cbc(aes-asm) module : cbc priority : 200 refcnt : 1 selftest : passed type : blkcipher blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 16 geniv : name : aes driver : aes-asm module : aes_i586 priority : 200 refcnt : 1 selftest : passed type : cipher blocksize : 16 min keysize : 16 max keysize : 32 name : aes driver : aes-generic module : aes_generic priority : 100 refcnt : 1 selftest : passed type : cipher blocksize : 16 min keysize : 16 max keysize : 32 name : stdrng driver : krng module : kernel priority : 200 refcnt : 1 selftest : passed type : rng seedsize : 0 name : md5 driver : md5-generic module : kernel priority : 0 refcnt : 1 selftest : passed type : shash blocksize : 64 digestsize : 16 + __________________________/proc/sys/net/core/xfrm-star /usr/libexec/ipsec/barf: line 191: __________________________/proc/sys/net/core/xfrm-star: No such file or directory + for i in '/proc/sys/net/core/xfrm_*' + echo -n '/proc/sys/net/core/xfrm_acq_expires: ' /proc/sys/net/core/xfrm_acq_expires: + cat /proc/sys/net/core/xfrm_acq_expires 30 + for i in '/proc/sys/net/core/xfrm_*' + echo -n '/proc/sys/net/core/xfrm_aevent_etime: ' /proc/sys/net/core/xfrm_aevent_etime: + cat /proc/sys/net/core/xfrm_aevent_etime 10 + for i in '/proc/sys/net/core/xfrm_*' + echo -n '/proc/sys/net/core/xfrm_aevent_rseqth: ' /proc/sys/net/core/xfrm_aevent_rseqth: + cat /proc/sys/net/core/xfrm_aevent_rseqth 2 + for i in '/proc/sys/net/core/xfrm_*' + echo -n '/proc/sys/net/core/xfrm_larval_drop: ' /proc/sys/net/core/xfrm_larval_drop: + cat /proc/sys/net/core/xfrm_larval_drop 1 + _________________________ /proc/sys/net/ipsec-star + test -d /proc/sys/net/ipsec + cd /proc/sys/net/ipsec + egrep '^' debug_ah debug_eroute debug_esp debug_ipcomp debug_mast debug_netlink debug_pfkey debug_radij debug_rcv debug_spi debug_tunnel debug_verbose debug_xform debug_xmit icmp inbound_policy_check tos debug_ah:0 debug_eroute:0 debug_esp:0 debug_ipcomp:0 debug_mast:0 debug_netlink:0 debug_pfkey:0 debug_radij:0 debug_rcv:0 debug_spi:0 debug_tunnel:0 debug_verbose:0 debug_xform:0 debug_xmit:0 icmp:1 inbound_policy_check:1 tos:1 + _________________________ ipsec/status + ipsec auto --status Usage: ipsec setup {start|stop|restart|reload|force-reload|condrestart|try-restart|status|version} + _________________________ ifconfig-a + ifconfig -a eth0 Link encap:Ethernet HWaddr 00:90:0B:17:F2:EC inet addr:192.168.10.1 Bcast:192.168.10.255 Mask:255.255.255.0 inet6 addr: fe80::290:bff:fe17:f2ec/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:558 errors:0 dropped:0 overruns:0 frame:0 TX packets:231 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:75853 (74.0 Kb) TX bytes:47293 (46.1 Kb) Memory:fe7e0000-fe800000 eth1 Link encap:Ethernet HWaddr 00:90:0B:17:F2:ED inet addr:192.168.11.1 Bcast:192.168.11.255 Mask:255.255.255.0 UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) Memory:fe8e0000-fe900000 eth2 Link encap:Ethernet HWaddr 00:90:0B:17:F2:EE inet addr:192.168.12.1 Bcast:192.168.12.255 Mask:255.255.255.0 UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) Memory:fe9e0000-fea00000 eth3 Link encap:Ethernet HWaddr 00:90:0B:17:F2:EF inet addr:192.168.1.50 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::290:bff:fe17:f2ef/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:10119 errors:0 dropped:0 overruns:0 frame:0 TX packets:1925 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1021359 (997.4 Kb) TX bytes:484966 (473.5 Kb) Memory:feae0000-feb00000 eth4 Link encap:Ethernet HWaddr 00:90:0B:17:F2:F0 BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) eth5 Link encap:Ethernet HWaddr 00:90:0B:17:F2:F1 BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) ipsec0 Link encap:Ethernet HWaddr 00:90:0B:17:F2:EF inet addr:192.168.1.50 Mask:255.255.255.0 inet6 addr: fe80::290:bff:fe17:f2ef/64 Scope:Link UP RUNNING NOARP MTU:16260 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:6 overruns:0 carrier:0 collisions:0 txqueuelen:10 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) ipsec1 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 NOARP MTU:0 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:10 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:1907 errors:0 dropped:0 overruns:0 frame:0 TX packets:1907 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:122367 (119.4 Kb) TX bytes:122367 (119.4 Kb) mast0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 inet addr:192.168.1.50 Mask:255.255.255.255 UP RUNNING NOARP MTU:1452 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:10 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) teql0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 NOARP MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) + _________________________ ip-addr-list + ip addr list 1: lo: mtu 16436 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: mtu 1500 qdisc pfifo_fast state UP qlen 100 link/ether 00:90:0b:17:f2:ec brd ff:ff:ff:ff:ff:ff inet 192.168.10.1/24 brd 192.168.10.255 scope global eth0 inet6 fe80::290:bff:fe17:f2ec/64 scope link valid_lft forever preferred_lft forever 3: eth1: mtu 1500 qdisc pfifo_fast state DOWN qlen 1000 link/ether 00:90:0b:17:f2:ed brd ff:ff:ff:ff:ff:ff inet 192.168.11.1/24 brd 192.168.11.255 scope global eth1 4: eth2: mtu 1500 qdisc pfifo_fast state DOWN qlen 1000 link/ether 00:90:0b:17:f2:ee brd ff:ff:ff:ff:ff:ff inet 192.168.12.1/24 brd 192.168.12.255 scope global eth2 5: eth4: mtu 1500 qdisc noop state DOWN qlen 1000 link/ether 00:90:0b:17:f2:f0 brd ff:ff:ff:ff:ff:ff 6: eth3: mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:90:0b:17:f2:ef brd ff:ff:ff:ff:ff:ff inet 192.168.1.50/24 brd 192.168.1.255 scope global eth3 inet6 fe80::290:bff:fe17:f2ef/64 scope link valid_lft forever preferred_lft forever 7: eth5: mtu 1500 qdisc noop state DOWN qlen 1000 link/ether 00:90:0b:17:f2:f1 brd ff:ff:ff:ff:ff:ff 8: ipsec0: mtu 16260 qdisc pfifo_fast state UNKNOWN qlen 10 link/ether 00:90:0b:17:f2:ef brd ff:ff:ff:ff:ff:ff inet 192.168.1.50/24 brd 192.168.1.255 scope global ipsec0 inet6 fe80::290:bff:fe17:f2ef/64 scope link valid_lft forever preferred_lft forever 9: ipsec1: mtu 0 qdisc noop state DOWN qlen 10 link/void 10: mast0: mtu 1452 qdisc pfifo_fast state UNKNOWN qlen 10 link/[65534] inet 192.168.1.50/32 scope global mast0 11: teql0: mtu 1500 qdisc noop state DOWN qlen 100 link/void + _________________________ ip-route-list + ip route list 192.168.1.0/24 dev eth3 proto kernel scope link src 192.168.1.50 192.168.1.0/24 dev ipsec0 proto kernel scope link src 192.168.1.50 192.168.12.0/24 dev eth2 proto kernel scope link src 192.168.12.1 192.168.11.0/24 dev eth1 proto kernel scope link src 192.168.11.1 192.168.10.0/24 dev eth0 proto kernel scope link src 192.168.10.1 default via 192.168.1.1 dev eth3 + _________________________ ip-rule-list + ip rule list 0: from all lookup local 32765: from all fwmark 0x80000000/0x80000000 lookup 50 32766: from all lookup main 32767: from all lookup default + _________________________ ipsec_verify + ipsec verify --nocolour Usage: ipsec setup {start|stop|restart|reload|force-reload|condrestart|try-restart|status|version} + _________________________ mii-tool + '[' -x /sbin/mii-tool ']' + '[' -x /usr/sbin/mii-tool ']' + mii-tool -v /usr/libexec/ipsec/barf: line 222: mii-tool: command not found + _________________________ ipsec/directory + ipsec --directory Usage: ipsec setup {start|stop|restart|reload|force-reload|condrestart|try-restart|status|version} + _________________________ hostname/fqdn + hostname --fqdn lanner505g + _________________________ hostname/ipaddress + hostname --ip-address 192.168.10.1 + _________________________ uptime + uptime 22:35:05 up 1 day, 9:22, 1 user, load average: 0.00, 0.00, 0.00 + _________________________ ps + ps alxwf + egrep -i 'ppid|pluto|ipsec|klips' F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME COMMAND 0 0 11370 11093 20 0 2684 1244 wait S+ pts/0 0:00 \_ /bin/sh /usr/libexec/ipsec/barf 0 0 11420 11370 20 0 1780 508 pipe_w S+ pts/0 0:00 \_ egrep -i ppid|pluto|ipsec|klips 1 0 6107 1 20 0 2752 480 wait S ? 0:00 /bin/sh /usr/lib/ipsec/_plutorun --debug --uniqueids yes --force_busy no --nocrsend no --strictcrlpolicy no --nat_traversal no --keep_alive --protostack auto --force_keepalive no --disable_port_floating no --virtual_private --crlcheckinterval 0 --ocspuri --nhelpers --dump --opts --stderrlog --wait no --pre --post --log daemon.error --plutorestartoncrash true --pid /var/run/pluto/pluto.pid 1 0 6109 6107 20 0 2752 624 wait S ? 0:00 \_ /bin/sh /usr/lib/ipsec/_plutorun --debug --uniqueids yes --force_busy no --nocrsend no --strictcrlpolicy no --nat_traversal no --keep_alive --protostack auto --force_keepalive no --disable_port_floating no --virtual_private --crlcheckinterval 0 --ocspuri --nhelpers --dump --opts --stderrlog --wait no --pre --post --log daemon.error --plutorestartoncrash true --pid /var/run/pluto/pluto.pid 4 0 6113 6109 20 0 3168 1564 poll_s S ? 0:00 | \_ /usr/libexec/ipsec/pluto --nofork --secretsfile /usr/etc/ipsec.secrets --ipsecdir /usr/etc/ipsec.d --use-auto --uniqueids 1 0 6116 6113 30 10 3164 724 unix_s SN ? 0:00 | \_ pluto helper # 0 0 0 6118 6113 20 0 1644 328 poll_s S ? 0:00 | \_ _pluto_adns 0 0 6110 6107 20 0 2716 1260 pipe_w S ? 0:00 \_ /bin/sh /usr/lib/ipsec/_plutoload --wait no --post 0 0 6108 1 20 0 1696 564 pipe_w S ? 0:00 logger -s -p daemon.error -t ipsec__plutorun + _________________________ ipsec/showdefaults + ipsec showdefaults Usage: ipsec setup {start|stop|restart|reload|force-reload|condrestart|try-restart|status|version} + _________________________ ipsec/conf + ipsec _include /etc/ipsec.conf + ipsec _keycensor Usage: ipsec setup {start|stop|restart|reload|force-reload|condrestart|try-restart|status|version} + _________________________ ipsec/secrets + ipsec _include /etc/ipsec.secrets + ipsec _secretcensor Usage: ipsec setup {start|stop|restart|reload|force-reload|condrestart|try-restart|status|version} + _________________________ ipsec/listall + ipsec auto --listall Usage: ipsec setup {start|stop|restart|reload|force-reload|condrestart|try-restart|status|version} + '[' ']' + _________________________ ipsec/ls-libdir + ls -l /usr/local/lib/ipsec ls: cannot access /usr/local/lib/ipsec: No such file or directory + _________________________ ipsec/ls-execdir + ls -l /usr/local/libexec/ipsec ls: cannot access /usr/local/libexec/ipsec: No such file or directory + _________________________ /proc/net/dev + cat /proc/net/dev Inter-| Receive | Transmit face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed lo: 122367 1907 0 0 0 0 0 0 122367 1907 0 0 0 0 0 0 eth0: 75853 558 0 0 0 0 0 0 47293 231 0 0 0 0 0 0 eth1: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 eth2: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 eth4: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 eth3: 1021359 10119 0 0 0 0 0 0 484966 1925 0 0 0 0 0 0 eth5: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ipsec0: 0 0 0 0 0 0 0 0 0 0 0 6 0 0 0 0 ipsec1: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 mast0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 teql0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 + _________________________ /proc/net/route + cat /proc/net/route Iface Destination Gateway Flags RefCnt Use Metric Mask MTU Window IRTT eth3 0001A8C0 00000000 0001 0 0 0 00FFFFFF 0 0 0 ipsec0 0001A8C0 00000000 0001 0 0 0 00FFFFFF 0 0 0 eth2 000CA8C0 00000000 0001 0 0 0 00FFFFFF 0 0 0 eth1 000BA8C0 00000000 0001 0 0 0 00FFFFFF 0 0 0 eth0 000AA8C0 00000000 0001 0 0 0 00FFFFFF 0 0 0 eth3 00000000 0101A8C0 0003 0 0 0 00000000 0 0 0 + _________________________ /proc/sys/net/ipv4/ip_no_pmtu_disc + cat /proc/sys/net/ipv4/ip_no_pmtu_disc 0 + _________________________ /proc/sys/net/ipv4/ip_forward + cat /proc/sys/net/ipv4/ip_forward 1 + _________________________ /proc/sys/net/ipv4/tcp_ecn + cat /proc/sys/net/ipv4/tcp_ecn 0 + _________________________ /proc/sys/net/ipv4/conf/star-rp_filter + cd /proc/sys/net/ipv4/conf + egrep '^' all/rp_filter default/rp_filter eth0/rp_filter eth1/rp_filter eth2/rp_filter eth3/rp_filter eth4/rp_filter eth5/rp_filter ipsec0/rp_filter ipsec1/rp_filter lo/rp_filter mast0/rp_filter teql0/rp_filter all/rp_filter:0 default/rp_filter:0 eth0/rp_filter:0 eth1/rp_filter:0 eth2/rp_filter:0 eth3/rp_filter:0 eth4/rp_filter:0 eth5/rp_filter:0 ipsec0/rp_filter:0 ipsec1/rp_filter:0 lo/rp_filter:0 mast0/rp_filter:0 teql0/rp_filter:0 + _________________________ /proc/sys/net/ipv4/conf/star-star-redirects + cd /proc/sys/net/ipv4/conf + egrep '^' all/accept_redirects all/secure_redirects all/send_redirects default/accept_redirects default/secure_redirects default/send_redirects eth0/accept_redirects eth0/secure_redirects eth0/send_redirects eth1/accept_redirects eth1/secure_redirects eth1/send_redirects eth2/accept_redirects eth2/secure_redirects eth2/send_redirects eth3/accept_redirects eth3/secure_redirects eth3/send_redirects eth4/accept_redirects eth4/secure_redirects eth4/send_redirects eth5/accept_redirects eth5/secure_redirects eth5/send_redirects ipsec0/accept_redirects ipsec0/secure_redirects ipsec0/send_redirects ipsec1/accept_redirects ipsec1/secure_redirects ipsec1/send_redirects lo/accept_redirects lo/secure_redirects lo/send_redirects mast0/accept_redirects mast0/secure_redirects mast0/send_redirects teql0/accept_redirects teql0/secure_redirects teql0/send_redirects all/accept_redirects:0 all/secure_redirects:1 all/send_redirects:1 default/accept_redirects:0 default/secure_redirects:1 default/send_redirects:1 eth0/accept_redirects:0 eth0/secure_redirects:1 eth0/send_redirects:1 eth1/accept_redirects:0 eth1/secure_redirects:1 eth1/send_redirects:1 eth2/accept_redirects:0 eth2/secure_redirects:1 eth2/send_redirects:1 eth3/accept_redirects:0 eth3/secure_redirects:1 eth3/send_redirects:1 eth4/accept_redirects:0 eth4/secure_redirects:1 eth4/send_redirects:1 eth5/accept_redirects:0 eth5/secure_redirects:1 eth5/send_redirects:1 ipsec0/accept_redirects:0 ipsec0/secure_redirects:1 ipsec0/send_redirects:1 ipsec1/accept_redirects:0 ipsec1/secure_redirects:1 ipsec1/send_redirects:1 lo/accept_redirects:0 lo/secure_redirects:1 lo/send_redirects:1 mast0/accept_redirects:0 mast0/secure_redirects:1 mast0/send_redirects:1 teql0/accept_redirects:0 teql0/secure_redirects:1 teql0/send_redirects:1 + _________________________ /proc/sys/net/ipv4/tcp_window_scaling + cat /proc/sys/net/ipv4/tcp_window_scaling 1 + _________________________ /proc/sys/net/ipv4/tcp_adv_win_scale + cat /proc/sys/net/ipv4/tcp_adv_win_scale 2 + _________________________ uname-a + uname -a Linux lanner505g 2.6.32.17-phaeton #1 SMP Fri Aug 6 17:57:24 BST 2010 i686 GNU/Linux + _________________________ config-built-with + test -r /proc/config_built_with + _________________________ distro-release + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release + test -f /etc/redhat-release + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release + test -f /etc/debian-release + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release + test -f /etc/SuSE-release + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release + test -f /etc/mandrake-release + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release + test -f /etc/mandriva-release + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release + test -f /etc/gentoo-release + _________________________ /proc/net/ipsec_version + test -r /proc/net/ipsec_version + cat /proc/net/ipsec_version Openswan version: 2.6.28 + _________________________ iptables + test -r /sbin/iptables + iptables -L -v -n Chain INPUT (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ipblock all -- ppp0 * 0.0.0.0/0 0.0.0.0/0 0 0 ipblock all -- ippp0 * 0.0.0.0/0 0.0.0.0/0 5047 625K ipblock all -- eth3 * 0.0.0.0/0 0.0.0.0/0 7121 769K timedaccess all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 advnet all -- ppp0 * 0.0.0.0/0 0.0.0.0/0 0 0 advnet all -- ippp0 * 0.0.0.0/0 0.0.0.0/0 5047 625K advnet all -- eth3 * 0.0.0.0/0 0.0.0.0/0 0 0 spoof all -- ppp0 * 0.0.0.0/0 0.0.0.0/0 0 0 spoof all -- ippp0 * 0.0.0.0/0 0.0.0.0/0 5047 625K spoof all -- eth3 * 0.0.0.0/0 0.0.0.0/0 1843 117K ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0 231 26800 ACCEPT all -- eth0 * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- eth2 * 0.0.0.0/0 0.0.0.0/0 5047 625K secin all -- * * 0.0.0.0/0 0.0.0.0/0 5047 625K block all -- * * 0.0.0.0/0 0.0.0.0/0 3498 432K LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 3498 432K REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable Chain FORWARD (policy DROP 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 lldrop all -- * * 169.254.0.0/16 0.0.0.0/0 0 0 lldrop all -- * * 0.0.0.0/0 169.254.0.0/16 0 0 ipblock all -- ppp0 * 0.0.0.0/0 0.0.0.0/0 0 0 ipblock all -- ippp0 * 0.0.0.0/0 0.0.0.0/0 85 24333 ipblock all -- eth3 * 0.0.0.0/0 0.0.0.0/0 333 61520 timedaccess all -- * * 0.0.0.0/0 0.0.0.0/0 333 61520 secout all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- eth0 eth0 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT all -- eth1 eth1 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT all -- eth2 eth2 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT all -- * ppp0 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT all -- ppp0 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 outbound all -- * ppp0 0.0.0.0/0 0.0.0.0/0 state NEW 0 0 ACCEPT all -- * ippp0 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT all -- ippp0 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 outbound all -- * ippp0 0.0.0.0/0 0.0.0.0/0 state NEW 105 23309 ACCEPT all -- * eth3 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 85 24333 ACCEPT all -- eth3 * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 130 13294 outbound all -- * eth3 0.0.0.0/0 0.0.0.0/0 state NEW 0 0 portfwf all -- ppp0 * 0.0.0.0/0 0.0.0.0/0 0 0 portfwf all -- ippp0 * 0.0.0.0/0 0.0.0.0/0 0 0 portfwf all -- eth3 * 0.0.0.0/0 0.0.0.0/0 0 0 portfwf all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0x1 0 0 portfwf all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0x2 0 0 portfwf all -- * * 0.0.0.0/0 0.0.0.0/0 mark match 0x3 0 0 ACCEPT all -- eth1 eth0 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT all -- eth0 eth1 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED 0 0 dmzholes all -- eth1 eth0 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- eth2 eth0 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT all -- eth0 eth2 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED 0 0 dmzholes all -- eth2 eth0 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- eth1 eth2 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT all -- eth2 eth1 0.0.0.0/0 0.0.0.0/0 state NEW,RELATED,ESTABLISHED 0 0 dmzholes all -- eth1 eth2 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- eth0 ipsec0 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- ipsec0 eth0 0.0.0.0/0 0.0.0.0/0 0 0 MINIUPNPD all -- ppp0 !ppp0 0.0.0.0/0 0.0.0.0/0 0 0 MINIUPNPD all -- ippp0 !ippp0 0.0.0.0/0 0.0.0.0/0 0 0 MINIUPNPD all -- eth3 !eth3 0.0.0.0/0 0.0.0.0/0 15 796 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 15 796 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable Chain OUTPUT (policy ACCEPT 3124 packets, 523K bytes) pkts bytes target prot opt in out source destination Chain MINIUPNPD (3 references) pkts bytes target prot opt in out source destination Chain advnet (3 references) pkts bytes target prot opt in out source destination Chain allows (1 references) pkts bytes target prot opt in out source destination Chain badtraffic (1 references) pkts bytes target prot opt in out source destination Chain block (1 references) pkts bytes target prot opt in out source destination 1449 181K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT all -- eth0 * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- eth2 * 0.0.0.0/0 0.0.0.0/0 3598 445K xtaccess all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ipsec all -- ppp0 * 0.0.0.0/0 0.0.0.0/0 0 0 ipsec all -- ippp0 * 0.0.0.0/0 0.0.0.0/0 3571 443K ipsec all -- eth3 * 0.0.0.0/0 0.0.0.0/0 0 0 siprtpports all -- ppp0 * 0.0.0.0/0 0.0.0.0/0 0 0 siprtpports all -- ippp0 * 0.0.0.0/0 0.0.0.0/0 3498 432K siprtpports all -- eth3 * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT icmp -- ppp0 * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT icmp -- ippp0 * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT icmp -- eth3 * 0.0.0.0/0 192.168.1.0/24 3498 432K badtraffic all -- * * 0.0.0.0/0 0.0.0.0/0 Chain dmzholes (3 references) pkts bytes target prot opt in out source destination Chain ipblock (6 references) pkts bytes target prot opt in out source destination Chain ipsec (3 references) pkts bytes target prot opt in out source destination 73 11344 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:500 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:4500 0 0 ACCEPT esp -- * * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT ah -- * * 0.0.0.0/0 0.0.0.0/0 Chain lldrop (2 references) pkts bytes target prot opt in out source destination 0 0 LOG all -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 4 0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain outbound (3 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 130 13294 allows all -- * * 0.0.0.0/0 0.0.0.0/0 130 13294 outgreen all -- eth0 * 0.0.0.0/0 0.0.0.0/0 0 0 outorange all -- eth1 * 0.0.0.0/0 0.0.0.0/0 0 0 outpurple all -- eth2 * 0.0.0.0/0 0.0.0.0/0 Chain outgreen (1 references) pkts bytes target prot opt in out source destination 128 13082 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain outorange (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain outpurple (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 Chain portfwf (6 references) pkts bytes target prot opt in out source destination Chain secin (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- ipsec0 * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- mast0 * 0.0.0.0/0 0.0.0.0/0 Chain secout (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- ipsec0 * 0.0.0.0/0 0.0.0.0/0 0 0 ACCEPT all -- mast0 * 0.0.0.0/0 0.0.0.0/0 Chain siprtpports (3 references) pkts bytes target prot opt in out source destination Chain spoof (3 references) pkts bytes target prot opt in out source destination 0 0 DROP all -- * * 192.168.10.0/24 0.0.0.0/0 0 0 DROP all -- * * 192.168.11.0/24 0.0.0.0/0 0 0 DROP all -- * * 192.168.12.0/24 0.0.0.0/0 Chain timedaccess (2 references) pkts bytes target prot opt in out source destination Chain timedaction (0 references) pkts bytes target prot opt in out source destination 0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0 0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable Chain xtaccess (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT tcp -- ppp0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:113 0 0 ACCEPT tcp -- ippp0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:113 0 0 ACCEPT tcp -- eth3 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:113 0 0 ACCEPT tcp -- ppp0 * 192.168.1.0/24 0.0.0.0/0 tcp dpt:441 0 0 ACCEPT tcp -- ippp0 * 192.168.1.0/24 0.0.0.0/0 tcp dpt:441 23 1380 ACCEPT tcp -- eth3 * 192.168.1.0/24 0.0.0.0/0 tcp dpt:441 0 0 ACCEPT tcp -- ppp0 * 192.168.1.0/24 0.0.0.0/0 tcp dpt:222 0 0 ACCEPT tcp -- ippp0 * 192.168.1.0/24 0.0.0.0/0 tcp dpt:222 4 232 ACCEPT tcp -- eth3 * 192.168.1.0/24 0.0.0.0/0 tcp dpt:222 + _________________________ iptables-nat + iptables -t nat -L -v -n Chain PREROUTING (policy ACCEPT 3652 packets, 451K bytes) pkts bytes target prot opt in out source destination 3654 451K portfw all -- * * 0.0.0.0/0 0.0.0.0/0 62 6373 jmpsquid all -- eth0 * 0.0.0.0/0 0.0.0.0/0 0 0 jmpsquid all -- eth2 * 0.0.0.0/0 0.0.0.0/0 62 6373 jmpim all -- eth0 * 0.0.0.0/0 0.0.0.0/0 0 0 jmpim all -- eth2 * 0.0.0.0/0 0.0.0.0/0 62 6373 jmpp3scan all -- eth0 * 0.0.0.0/0 0.0.0.0/0 0 0 jmpp3scan all -- eth2 * 0.0.0.0/0 0.0.0.0/0 62 6373 jmpsip all -- eth0 * 0.0.0.0/0 0.0.0.0/0 0 0 jmpsip all -- eth2 * 0.0.0.0/0 0.0.0.0/0 0 0 MINIUPNPD all -- ppp0 * 0.0.0.0/0 0.0.0.0/0 0 0 MINIUPNPD all -- ippp0 * 0.0.0.0/0 0.0.0.0/0 3592 445K MINIUPNPD all -- eth3 * 0.0.0.0/0 0.0.0.0/0 Chain POSTROUTING (policy ACCEPT 908 packets, 57109 bytes) pkts bytes target prot opt in out source destination 0 0 MASQUERADE all -- * ppp0 0.0.0.0/0 0.0.0.0/0 0 0 MASQUERADE all -- * ippp0 0.0.0.0/0 0.0.0.0/0 92 6551 MASQUERADE all -- * eth3 0.0.0.0/0 0.0.0.0/0 0 0 SNAT all -- * eth0 0.0.0.0/0 0.0.0.0/0 mark match 0x1 to:192.168.10.1 0 0 SNAT all -- * eth1 0.0.0.0/0 0.0.0.0/0 mark match 0x2 to:192.168.11.1 0 0 SNAT all -- * eth2 0.0.0.0/0 0.0.0.0/0 mark match 0x3 to:192.168.12.1 Chain OUTPUT (policy ACCEPT 982 packets, 62389 bytes) pkts bytes target prot opt in out source destination Chain MINIUPNPD (3 references) pkts bytes target prot opt in out source destination Chain im (1 references) pkts bytes target prot opt in out source destination Chain jmpim (2 references) pkts bytes target prot opt in out source destination 5 530 RETURN all -- * * 0.0.0.0/0 10.0.0.0/8 0 0 RETURN all -- * * 0.0.0.0/0 172.16.0.0/12 46 4431 RETURN all -- * * 0.0.0.0/0 192.168.0.0/16 0 0 RETURN all -- * * 0.0.0.0/0 169.254.0.0/16 11 1412 im all -- * * 0.0.0.0/0 0.0.0.0/0 Chain jmpp3scan (2 references) pkts bytes target prot opt in out source destination 5 530 RETURN all -- * * 0.0.0.0/0 10.0.0.0/8 0 0 RETURN all -- * * 0.0.0.0/0 172.16.0.0/12 46 4431 RETURN all -- * * 0.0.0.0/0 192.168.0.0/16 0 0 RETURN all -- * * 0.0.0.0/0 169.254.0.0/16 11 1412 p3scan all -- * * 0.0.0.0/0 0.0.0.0/0 Chain jmpsip (2 references) pkts bytes target prot opt in out source destination 5 530 RETURN all -- * * 0.0.0.0/0 10.0.0.0/8 0 0 RETURN all -- * * 0.0.0.0/0 172.16.0.0/12 46 4431 RETURN all -- * * 0.0.0.0/0 192.168.0.0/16 0 0 RETURN all -- * * 0.0.0.0/0 169.254.0.0/16 11 1412 sip all -- * * 0.0.0.0/0 0.0.0.0/0 Chain jmpsquid (2 references) pkts bytes target prot opt in out source destination 5 530 RETURN all -- * * 0.0.0.0/0 10.0.0.0/8 0 0 RETURN all -- * * 0.0.0.0/0 172.16.0.0/12 46 4431 RETURN all -- * * 0.0.0.0/0 192.168.0.0/16 0 0 RETURN all -- * * 0.0.0.0/0 169.254.0.0/16 11 1412 squid all -- * * 0.0.0.0/0 0.0.0.0/0 Chain p3scan (1 references) pkts bytes target prot opt in out source destination Chain portfw (1 references) pkts bytes target prot opt in out source destination Chain sip (1 references) pkts bytes target prot opt in out source destination Chain squid (1 references) pkts bytes target prot opt in out source destination + _________________________ iptables-mangle + iptables -t mangle -L -v -n Chain PREROUTING (policy ACCEPT 1239 packets, 121K bytes) pkts bytes target prot opt in out source destination 7428 828K IPSEC all -- * * 0.0.0.0/0 0.0.0.0/0 7454 830K portfwb all -- * * 0.0.0.0/0 0.0.0.0/0 7454 830K prerouting-1 all -- * * 0.0.0.0/0 0.0.0.0/0 7454 830K prerouting-2 all -- * * 0.0.0.0/0 0.0.0.0/0 Chain INPUT (policy ACCEPT 1239 packets, 121K bytes) pkts bytes target prot opt in out source destination 7121 769K account all -- * * 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 333 61520 account all -- * * 0.0.0.0/0 0.0.0.0/0 333 61520 trafficforward all -- * * 0.0.0.0/0 0.0.0.0/0 Chain OUTPUT (policy ACCEPT 632 packets, 63423 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:4500 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:4500 198 31984 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:500 0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:500 2972 505K IPSEC all -- * * 0.0.0.0/0 0.0.0.0/0 3001 508K account all -- * * 0.0.0.0/0 0.0.0.0/0 3001 508K trafficoutput all -- * * 0.0.0.0/0 0.0.0.0/0 Chain POSTROUTING (policy ACCEPT 652 packets, 66535 bytes) pkts bytes target prot opt in out source destination 3517 601K postrouting-1 all -- * * 0.0.0.0/0 0.0.0.0/0 3517 601K postrouting-2 all -- * * 0.0.0.0/0 0.0.0.0/0 3517 601K trafficpostrouting all -- * * 0.0.0.0/0 0.0.0.0/0 Chain IPSEC (2 references) pkts bytes target prot opt in out source destination 10400 1333K NEW_IPSEC_CONN all -- * * 0.0.0.0/0 0.0.0.0/0 Chain NEW_IPSEC_CONN (1 references) pkts bytes target prot opt in out source destination 0 0 MARK all -- * * 192.168.10.0/24 192.168.4.0/24 MARK set 0x80140000 Chain account (3 references) pkts bytes target prot opt in out source destination 10455 1338K ACCOUNT all -- * * 0.0.0.0/0 0.0.0.0/0 ACCOUNT addr 192.168.10.0/24 tname GREEN 10455 1338K ACCOUNT all -- * * 0.0.0.0/0 0.0.0.0/0 ACCOUNT addr 192.168.11.0/24 tname ORANGE 10455 1338K ACCOUNT all -- * * 0.0.0.0/0 0.0.0.0/0 ACCOUNT addr 192.168.12.0/24 tname PURPLE 10455 1338K ACCOUNT all -- * * 0.0.0.0/0 0.0.0.0/0 ACCOUNT addr 192.168.1.0/24 tname RED Chain portfwb (1 references) pkts bytes target prot opt in out source destination 0 0 MARK all -- eth0 * 0.0.0.0/0 192.168.1.50 MARK set 0x1 0 0 MARK all -- eth1 * 0.0.0.0/0 192.168.1.50 MARK set 0x2 0 0 MARK all -- eth2 * 0.0.0.0/0 192.168.1.50 MARK set 0x3 Chain postrouting-1 (1 references) pkts bytes target prot opt in out source destination 143 39851 RETURN all -- * eth0 0.0.0.0/0 0.0.0.0/0 0 0 RETURN all -- * eth1 0.0.0.0/0 0.0.0.0/0 0 0 RETURN all -- * eth2 0.0.0.0/0 0.0.0.0/0 Chain postrouting-2 (1 references) pkts bytes target prot opt in out source destination 0 0 RETURN all -- * ppp0 0.0.0.0/0 0.0.0.0/0 0 0 RETURN all -- * ippp0 0.0.0.0/0 0.0.0.0/0 1531 444K RETURN all -- * eth3 0.0.0.0/0 0.0.0.0/0 Chain prerouting-1 (1 references) pkts bytes target prot opt in out source destination 479 63987 RETURN all -- eth0 * 0.0.0.0/0 0.0.0.0/0 0 0 RETURN all -- eth1 * 0.0.0.0/0 0.0.0.0/0 0 0 RETURN all -- eth2 * 0.0.0.0/0 0.0.0.0/0 Chain prerouting-2 (1 references) pkts bytes target prot opt in out source destination 0 0 RETURN all -- ppp0 * 0.0.0.0/0 0.0.0.0/0 0 0 RETURN all -- ippp0 * 0.0.0.0/0 0.0.0.0/0 5132 650K RETURN all -- eth3 * 0.0.0.0/0 0.0.0.0/0 Chain trafficforward (1 references) pkts bytes target prot opt in out source destination Chain trafficoutput (1 references) pkts bytes target prot opt in out source destination Chain trafficpostrouting (1 references) pkts bytes target prot opt in out source destination + _________________________ /proc/modules + test -f /proc/modules + cat /proc/modules ccm 5719 0 - Live 0xf9c44000 ecb 1429 0 - Live 0xf9c39000 xcbc 1947 0 - Live 0xf9c2f000 sha256_generic 11141 0 - Live 0xf9c23000 sha512_generic 6393 0 - Live 0xf9c16000 ipv6 197493 20 - Live 0xf8cca000 nf_nat_pptp 1534 0 - Live 0xf8c0c000 nf_nat_proto_gre 889 1 nf_nat_pptp, Live 0xf8c02000 nf_conntrack_pptp 2787 1 nf_nat_pptp, Live 0xf8bf8000 nf_conntrack_proto_gre 2643 1 nf_conntrack_pptp, Live 0xf8bed000 nf_nat_ftp 1263 0 - Live 0xf8be2000 nf_conntrack_ftp 3924 1 nf_nat_ftp, Live 0xf8bd8000 nf_nat_irc 838 0 - Live 0xf8bcd000 nf_conntrack_irc 2331 1 nf_nat_irc, Live 0xf8bc4000 xt_CONNMARK 959 0 - Live 0xf8bb9000 xt_MARK 625 4 - Live 0xf8bb0000 xt_mac 679 0 - Live 0xf8ba7000 xt_length 808 0 - Live 0xf8b9e000 xt_tcpudp 1734 15 - Live 0xf8b95000 xt_mark 621 6 - Live 0xf8b8b000 xt_ipp2p 5477 0 - Live 0xf8b81000 xt_dscp 1139 0 - Live 0xf8b76000 xt_connmark 819 0 - Live 0xf8b6d000 xt_multiport 1799 0 - Live 0xf8b64000 xt_state 935 19 - Live 0xf8b5a000 xt_DSCP 1475 0 - Live 0xf8b51000 xt_CLASSIFY 625 0 - Live 0xf8b47000 xt_ACCOUNT 7145 4 - Live 0xf8b3d000 compat_xtables 2385 2 xt_ipp2p,xt_ACCOUNT, Live 0xf8b31000 ipt_MASQUERADE 1098 3 - Live 0xf8b26000 ipt_REDIRECT 775 0 - Live 0xf8b1c000 ipt_REJECT 1554 3 - Live 0xf8b13000 ipt_LOG 3614 3 - Live 0xf8b09000 iptable_mangle 1245 1 - Live 0xf8aff000 iptable_nat 2682 1 - Live 0xf8af5000 nf_nat 10013 7 nf_nat_pptp,nf_nat_proto_gre,nf_nat_ftp,nf_nat_irc,ipt_MASQUERADE,ipt_REDIRECT,iptable_nat, Live 0xf8ae7000 nf_conntrack_ipv4 7315 22 iptable_nat,nf_nat, Live 0xf8ad7000 nf_conntrack 36770 14 nf_nat_pptp,nf_conntrack_pptp,nf_conntrack_proto_gre,nf_nat_ftp,nf_conntrack_ftp,nf_nat_irc,nf_conntrack_irc,xt_CONNMARK,xt_connmark,xt_state,ipt_MASQUERADE,iptable_nat,nf_nat,nf_conntrack_ipv4, Live 0xf8abb000 nf_defrag_ipv4 791 1 nf_conntrack_ipv4, Live 0xf8aa0000 iptable_filter 1002 1 - Live 0xf8a97000 ip_tables 7339 3 iptable_mangle,iptable_nat,iptable_filter, Live 0xf8a8c000 x_tables 8207 19 xt_CONNMARK,xt_MARK,xt_mac,xt_length,xt_tcpudp,xt_mark,xt_dscp,xt_connmark,xt_multiport,xt_state,xt_DSCP,xt_CLASSIFY,compat_xtables,ipt_MASQUERADE,ipt_REDIRECT,ipt_REJECT,ipt_LOG,iptable_nat,ip_tables, Live 0xf8a7b000 sch_teql 3128 0 - Live 0xf8a6d000 sch_tbf 2906 0 - Live 0xf8a62000 sch_sfq 3938 0 - Live 0xf8a58000 sch_red 3170 0 - Live 0xf8a4d000 sch_prio 2683 0 - Live 0xf8a43000 sch_htb 10158 0 - Live 0xf8a37000 sch_hfsc 12901 0 - Live 0xf8a27000 sch_gred 4525 0 - Live 0xf8a18000 sch_dsmark 3387 0 - Live 0xf8a0d000 sch_cbq 11839 0 - Live 0xf8a00000 cls_u32 4500 0 - Live 0xf89f2000 cls_tcindex 3354 0 - Live 0xf89e7000 cls_route 3997 0 - Live 0xf89dd000 cls_fw 2671 0 - Live 0xf89d3000 cls_flow 4674 0 - Live 0xf89c8000 cls_basic 2668 0 - Live 0xf89bd000 ppp_async 5095 0 - Live 0xf89b2000 crc_ccitt 1039 1 ppp_async, Live 0xf8775000 ppp_synctty 4139 0 - Live 0xf876b000 ppp_generic 15265 2 ppp_async,ppp_synctty, Live 0xf875c000 slhc 3546 1 ppp_generic, Live 0xf874c000 des_generic 15383 2 - Live 0xf8742000 blowfish 7096 0 - Live 0xf86ed000 cast5 15229 0 - Live 0xf86e2000 serpent 17351 0 - Live 0xf86ac000 twofish 5301 0 - Live 0xf867b000 twofish_common 12416 1 twofish, Live 0xf866e000 aes_i586 6836 0 - Live 0xf85e9000 aes_generic 25738 1 aes_i586, Live 0xf85d3000 cbc 2007 2 - Live 0xf85bd000 ipsec 309732 2 - Live 0xf8964000 nls_cp437 4501 0 - Live 0xf85b2000 vfat 6197 0 - Live 0xf856f000 msdos 4838 0 - Live 0xf8565000 fat 33929 2 vfat,msdos, Live 0xf852b000 ext3 90806 3 - Live 0xf84f3000 jbd 29837 1 ext3, Live 0xf843a000 mbcache 3878 1 ext3, Live 0xf83be000 usbhid 19120 0 - Live 0xf83b7000 hid 49958 1 usbhid, Live 0xf846d000 sg 19503 0 - Live 0xf8322000 sd_mod 21737 5 - Live 0xf8338000 ata_generic 2027 0 - Live 0xf82e4000 pata_acpi 2004 0 - Live 0xf82de000 ata_piix 17253 4 - Live 0xf8247000 libata 113476 3 ata_generic,pata_acpi,ata_piix, Live 0xf8388000 scsi_mod 104042 3 sg,sd_mod,libata, Live 0xf8306000 ppdev 4022 0 - Live 0xf85fe000 evdev 5676 0 - Live 0xf85ec000 intel_agp 19277 1 - Live 0xf85db000 ide_pci_generic 1936 0 - Live 0xf85c0000 iTCO_wdt 7991 0 - Live 0xf8572000 parport_pc 15815 0 - Live 0xf855f000 e1000 76717 0 - Live 0xf8538000 parport 22558 2 ppdev,parport_pc, Live 0xf850d000 uhci_hcd 15974 0 - Live 0xf84ce000 agpgart 19548 1 intel_agp, Live 0xf84b8000 thermal 9334 0 - Live 0xf8452000 i2c_i801 6233 0 - Live 0xf8443000 button 3693 0 - Live 0xf8437000 ehci_hcd 26684 0 - Live 0xf8425000 piix 3587 0 - Live 0xf83b4000 e1000e 96898 0 - Live 0xf8366000 ide_core 56628 2 ide_pci_generic,piix, Live 0xf8328000 psmouse 32661 0 - Live 0xf82fc000 pcspkr 1231 0 - Live 0xf82e7000 processor 22785 0 - Live 0xf82d6000 serio_raw 2938 0 - Live 0xf82c2000 usbcore 97662 4 usbhid,uhci_hcd,ehci_hcd, Live 0xf8295000 i2c_core 12206 1 i2c_i801, Live 0xf825e000 rng_core 2276 0 - Live 0xf824e000 thermal_sys 9520 2 thermal,processor, Live 0xf820b000 + _________________________ /proc/meminfo + cat /proc/meminfo MemTotal: 2064464 kB MemFree: 1679700 kB Buffers: 126064 kB Cached: 83636 kB SwapCached: 0 kB Active: 240112 kB Inactive: 120020 kB Active(anon): 150448 kB Inactive(anon): 196 kB Active(file): 89664 kB Inactive(file): 119824 kB Unevictable: 0 kB Mlocked: 0 kB HighTotal: 1177352 kB HighFree: 938804 kB LowTotal: 887112 kB LowFree: 740896 kB SwapTotal: 2064456 kB SwapFree: 2064456 kB Dirty: 176 kB Writeback: 0 kB AnonPages: 150484 kB Mapped: 6736 kB Shmem: 212 kB Slab: 14164 kB SReclaimable: 7252 kB SUnreclaim: 6912 kB KernelStack: 688 kB PageTables: 1132 kB NFS_Unstable: 0 kB Bounce: 0 kB WritebackTmp: 0 kB CommitLimit: 3096688 kB Committed_AS: 176816 kB VmallocTotal: 122880 kB VmallocUsed: 5776 kB VmallocChunk: 78464 kB HugePages_Total: 0 HugePages_Free: 0 HugePages_Rsvd: 0 HugePages_Surp: 0 Hugepagesize: 2048 kB DirectMap4k: 911352 kB DirectMap2M: 0 kB + _________________________ /proc/net/ipsec-ls + test -f /proc/net/ipsec_version + ls -l /proc/net/ipsec_eroute /proc/net/ipsec_klipsdebug /proc/net/ipsec_spi /proc/net/ipsec_spigrp /proc/net/ipsec_tncfg /proc/net/ipsec_version lrwxrwxrwx 1 root root 16 Aug 8 22:35 /proc/net/ipsec_eroute -> ipsec/eroute/all lrwxrwxrwx 1 root root 16 Aug 8 22:35 /proc/net/ipsec_klipsdebug -> ipsec/klipsdebug lrwxrwxrwx 1 root root 13 Aug 8 22:35 /proc/net/ipsec_spi -> ipsec/spi/all lrwxrwxrwx 1 root root 16 Aug 8 22:35 /proc/net/ipsec_spigrp -> ipsec/spigrp/all lrwxrwxrwx 1 root root 11 Aug 8 22:35 /proc/net/ipsec_tncfg -> ipsec/tncfg lrwxrwxrwx 1 root root 13 Aug 8 22:35 /proc/net/ipsec_version -> ipsec/version + _________________________ usr/src/linux/.config + test -f /proc/config.gz ++ uname -r + test -f /lib/modules/2.6.32.17-phaeton/build/.config + echo 'no .config file found, cannot list kernel properties' no .config file found, cannot list kernel properties + _________________________ etc/syslog.conf + _________________________ etc/syslog-ng/syslog-ng.conf + cat /etc/syslog-ng/syslog-ng.conf cat: /etc/syslog-ng/syslog-ng.conf: No such file or directory + cat /etc/syslog.conf # Log all kernel messages to the console. # Logging much else clutters up the screen. #kern.* /var/log/kernel # Log anything (except mail) of level info or higher. # Don't log private authentication messages! *.info;mail.none;authpriv.none /var/log/messages # The authpriv file has restricted access. authpriv.* /var/log/secure # Log all the mail messages in one place. mail.* /var/log/maillog # Everybody gets emergency messages, plus log them on another # machine. *.emerg * # Save mail and news errors of level err and higher in a # special file. uucp,news.crit /var/log/spooler # Save boot messages also to boot.log local7.* /var/log/boot.log *.* /dev/tty12+ _________________________ etc/resolv.conf + cat /etc/resolv.conf nameserver 127.0.0.1 + _________________________ lib/modules-ls + ls -ltr /lib/modules total 4 drwxr-xr-x 4 root 40 4096 Aug 7 21:15 2.6.32.17-phaeton + _________________________ fipscheck + cat /proc/sys/crypto/fips_enabled cat: /proc/sys/crypto/fips_enabled: No such file or directory + _________________________ /proc/ksyms-netif_rx + test -r /proc/ksyms + test -r /proc/kallsyms + egrep netif_rx /proc/kallsyms c11be895 T netif_rx c11bf3f1 T netif_rx_ni + _________________________ lib/modules-netif_rx + modulegoo kernel/net/ipv4/ipip.o netif_rx + set +x 2.6.32.17-phaeton: + _________________________ kern.debug + test -f /var/log/kern.debug + _________________________ klog + sed -n '11919,$p' /var/log/messages + egrep -i 'ipsec|klips|pluto' + case "$1" in + cat Aug 8 18:39:12 lanner505g ipsec_setup: Starting Openswan IPsec 2.6.28... Aug 8 18:39:12 lanner505g ipsec_setup: Using KLIPS/legacy stack Aug 8 18:39:12 lanner505g ipsec_setup: KLIPS debug `none' Aug 8 18:39:12 lanner505g ipsec_setup: KLIPS ipsec0 on eth3 192.168.1.50/255.255.255.0 broadcast 192.168.1.255 Aug 8 18:39:12 lanner505g ipsec__plutorun: adjusting ipsec.d to /usr/etc/ipsec.d Aug 8 18:39:12 lanner505g pluto: adjusting ipsec.d to /usr/etc/ipsec.d Aug 8 18:39:12 lanner505g ipsec_setup: ...Openswan IPsec started Aug 8 18:39:12 lanner505g ipsec__plutorun: 002 added connection description "phaeton2phaeton" Aug 8 18:39:12 lanner505g ipsec__plutorun: 104 "phaeton2phaeton" #1: STATE_MAIN_I1: initiate + _________________________ plog + sed -n '20952,$p' /var/log/secure + egrep -i pluto + case "$1" in + cat Aug 8 18:39:12 lanner505g ipsec__plutorun: Starting Pluto subsystem... Aug 8 18:39:12 lanner505g pluto[6113]: Starting Pluto (Openswan Version 2.6.28; Vendor ID OEQ{O\177nez{CQ) pid:6113 Aug 8 18:39:12 lanner505g pluto[6113]: SAref support [enabled] Aug 8 18:39:12 lanner505g pluto[6113]: SAbind support [enabled] Aug 8 18:39:12 lanner505g pluto[6113]: Setting NAT-Traversal port-4500 floating to off Aug 8 18:39:12 lanner505g pluto[6113]: port floating activation criteria nat_t=0/port_float=1 Aug 8 18:39:12 lanner505g pluto[6113]: NAT-Traversal support [disabled] Aug 8 18:39:12 lanner505g pluto[6113]: using /dev/urandom as source of random entropy Aug 8 18:39:12 lanner505g pluto[6113]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0) Aug 8 18:39:12 lanner505g pluto[6113]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0) Aug 8 18:39:12 lanner505g pluto[6113]: ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0) Aug 8 18:39:12 lanner505g pluto[6113]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0) Aug 8 18:39:12 lanner505g pluto[6113]: ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0) Aug 8 18:39:12 lanner505g pluto[6113]: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0) Aug 8 18:39:12 lanner505g pluto[6113]: ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0) Aug 8 18:39:12 lanner505g pluto[6113]: starting up 1 cryptographic helpers Aug 8 18:39:12 lanner505g pluto[6113]: started helper pid=6116 (fd:5) Aug 8 18:39:12 lanner505g pluto[6116]: using /dev/urandom as source of random entropy Aug 8 18:39:12 lanner505g pluto[6113]: Kernel interface auto-pick Aug 8 18:39:12 lanner505g pluto[6113]: No Kernel NETKEY interface detected Aug 8 18:39:12 lanner505g pluto[6113]: Using KLIPSng (mast) IPsec interface code on 2.6.32.17-phaeton Aug 8 18:39:12 lanner505g pluto[6113]: Changed path to directory '/usr/etc/ipsec.d/cacerts' Aug 8 18:39:12 lanner505g pluto[6113]: Changed path to directory '/usr/etc/ipsec.d/aacerts' Aug 8 18:39:12 lanner505g pluto[6113]: Changed path to directory '/usr/etc/ipsec.d/ocspcerts' Aug 8 18:39:12 lanner505g pluto[6113]: Changing to directory '/usr/etc/ipsec.d/crls' Aug 8 18:39:12 lanner505g pluto[6113]: Warning: empty directory Aug 8 18:39:12 lanner505g pluto[6113]: added connection description "phaeton2phaeton" Aug 8 18:39:12 lanner505g pluto[6113]: listening for IKE messages Aug 8 18:39:12 lanner505g pluto[6113]: found mast0 device already present Aug 8 18:39:12 lanner505g pluto[6113]: device mast0 already in use Aug 8 18:39:12 lanner505g pluto[6113]: | useful mast device 0 Aug 8 18:39:12 lanner505g pluto[6113]: adding interface mast0/eth3 192.168.1.50:500 (fd=12) Aug 8 18:39:12 lanner505g pluto[6113]: adding interface mast0/eth2 192.168.12.1:500 (fd=13) Aug 8 18:39:12 lanner505g pluto[6113]: adding interface mast0/eth1 192.168.11.1:500 (fd=14) Aug 8 18:39:12 lanner505g pluto[6113]: adding interface mast0/eth0 192.168.10.1:500 (fd=15) Aug 8 18:39:12 lanner505g pluto[6113]: | useful mast device 0 Aug 8 18:39:12 lanner505g pluto[6113]: | useful mast device 0 Aug 8 18:39:12 lanner505g pluto[6113]: loading secrets from "/usr/etc/ipsec.secrets" Aug 8 18:39:12 lanner505g pluto[6113]: | mast_shunt_eroute called Aug 8 18:39:12 lanner505g pluto[6113]: "phaeton2phaeton" #1: initiating Main Mode Aug 8 18:39:12 lanner505g pluto[6113]: "phaeton2phaeton" #1: received Vendor ID payload [Openswan (this version) 2.6.28 ] Aug 8 18:39:12 lanner505g pluto[6113]: "phaeton2phaeton" #1: received Vendor ID payload [Dead Peer Detection] Aug 8 18:39:12 lanner505g pluto[6113]: "phaeton2phaeton" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2 Aug 8 18:39:12 lanner505g pluto[6113]: "phaeton2phaeton" #1: STATE_MAIN_I2: sent MI2, expecting MR2 Aug 8 18:39:12 lanner505g pluto[6113]: "phaeton2phaeton" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3 Aug 8 18:39:12 lanner505g pluto[6113]: "phaeton2phaeton" #1: STATE_MAIN_I3: sent MI3, expecting MR3 Aug 8 18:39:12 lanner505g pluto[6113]: "phaeton2phaeton" #1: received Vendor ID payload [CAN-IKEv2] Aug 8 18:39:13 lanner505g pluto[6113]: "phaeton2phaeton" #1: Main mode peer ID is ID_IPV4_ADDR: '192.168.1.40' Aug 8 18:39:13 lanner505g pluto[6113]: "phaeton2phaeton" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4 Aug 8 18:39:13 lanner505g pluto[6113]: "phaeton2phaeton" #1: STATE_MAIN_I4: ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536} Aug 8 18:39:13 lanner505g pluto[6113]: "phaeton2phaeton" #2: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW {using isakmp#1 msgid:95e26774 proposal=3DES(3)_192-MD5(1)_128 pfsgroup=OAKLEY_GROUP_MODP1536} Aug 8 18:39:13 lanner505g pluto[6113]: "phaeton2phaeton" #2: spddel-client output: /usr/lib/ipsec/_updown.mast: doroute `iptables -t mangle -D NEW_IPSEC_CONN --src 192.168.10.0/255.255.255.0 --dst 192.168.4.0/255.255.255.0 -j MARK --set-mark 0x80140000' failed (iptables: No chain/target/match by that name.) Aug 8 18:39:13 lanner505g pluto[6113]: "phaeton2phaeton" #2: spddel-client command exited with status 1 Aug 8 18:39:13 lanner505g pluto[6113]: "phaeton2phaeton" #2: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2 Aug 8 18:39:13 lanner505g pluto[6113]: "phaeton2phaeton" #2: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0x1b3588dd <0x6eafb878 xfrm=3DES_0-HMAC_MD5 NATOA=none NATD=none DPD=none} Aug 8 18:39:18 lanner505g pluto[6113]: "phaeton2phaeton" #1: received Delete SA payload: replace IPSEC State #2 in 10 seconds Aug 8 18:39:18 lanner505g pluto[6113]: "phaeton2phaeton" #1: received and ignored informational message Aug 8 18:39:18 lanner505g pluto[6113]: "phaeton2phaeton" #1: received Delete SA payload: deleting ISAKMP State #1 Aug 8 18:39:18 lanner505g pluto[6113]: packet from 192.168.1.40:500: received and ignored informational message Aug 8 18:39:20 lanner505g pluto[6113]: packet from 192.168.1.40:500: received Vendor ID payload [Openswan (this version) 2.6.28 ] Aug 8 18:39:20 lanner505g pluto[6113]: packet from 192.168.1.40:500: received Vendor ID payload [Dead Peer Detection] Aug 8 18:39:20 lanner505g pluto[6113]: "phaeton2phaeton" #3: responding to Main Mode Aug 8 18:39:20 lanner505g pluto[6113]: "phaeton2phaeton" #3: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Aug 8 18:39:20 lanner505g pluto[6113]: "phaeton2phaeton" #3: STATE_MAIN_R1: sent MR1, expecting MI2 Aug 8 18:39:20 lanner505g pluto[6113]: "phaeton2phaeton" #3: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 Aug 8 18:39:20 lanner505g pluto[6113]: "phaeton2phaeton" #3: STATE_MAIN_R2: sent MR2, expecting MI3 Aug 8 18:39:20 lanner505g pluto[6113]: "phaeton2phaeton" #3: Main mode peer ID is ID_IPV4_ADDR: '192.168.1.40' Aug 8 18:39:20 lanner505g pluto[6113]: "phaeton2phaeton" #3: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3 Aug 8 18:39:20 lanner505g pluto[6113]: "phaeton2phaeton" #3: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536} Aug 8 18:39:20 lanner505g pluto[6113]: "phaeton2phaeton" #3: the peer proposed: 192.168.10.0/24:0/0 -> 192.168.4.0/24:0/0 Aug 8 18:39:20 lanner505g pluto[6113]: "phaeton2phaeton" #4: responding to Quick Mode proposal {msgid:66ff643f} Aug 8 18:39:20 lanner505g pluto[6113]: "phaeton2phaeton" #4: us: 192.168.10.0/24===192.168.1.50<192.168.1.50>[+S=C]---192.168.1.1 Aug 8 18:39:20 lanner505g pluto[6113]: "phaeton2phaeton" #4: them: 192.168.1.1---192.168.1.40<192.168.1.40>[+S=C]===192.168.4.0/24 Aug 8 18:39:20 lanner505g pluto[6113]: "phaeton2phaeton" #4: keeping refhim=20 during rekey Aug 8 18:39:20 lanner505g pluto[6113]: "phaeton2phaeton" #4: transition from state STATE_QUICK_R0 to state STATE_QUICK_R1 Aug 8 18:39:20 lanner505g pluto[6113]: "phaeton2phaeton" #4: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 Aug 8 18:39:20 lanner505g pluto[6113]: "phaeton2phaeton" #4: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2 Aug 8 18:39:20 lanner505g pluto[6113]: "phaeton2phaeton" #4: STATE_QUICK_R2: IPsec SA established tunnel mode {ESP=>0x372baa92 <0x6eafb879 xfrm=3DES_0-HMAC_MD5 NATOA=none NATD=none DPD=none} Aug 8 19:24:18 lanner505g pluto[6113]: packet from 192.168.1.40:500: received Vendor ID payload [Openswan (this version) 2.6.28 ] Aug 8 19:24:18 lanner505g pluto[6113]: packet from 192.168.1.40:500: received Vendor ID payload [Dead Peer Detection] Aug 8 19:24:18 lanner505g pluto[6113]: "phaeton2phaeton" #5: responding to Main Mode Aug 8 19:24:18 lanner505g pluto[6113]: "phaeton2phaeton" #5: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Aug 8 19:24:18 lanner505g pluto[6113]: "phaeton2phaeton" #5: STATE_MAIN_R1: sent MR1, expecting MI2 Aug 8 19:24:18 lanner505g pluto[6113]: "phaeton2phaeton" #5: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 Aug 8 19:24:18 lanner505g pluto[6113]: "phaeton2phaeton" #5: STATE_MAIN_R2: sent MR2, expecting MI3 Aug 8 19:24:18 lanner505g pluto[6113]: "phaeton2phaeton" #5: Main mode peer ID is ID_IPV4_ADDR: '192.168.1.40' Aug 8 19:24:18 lanner505g pluto[6113]: "phaeton2phaeton" #5: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3 Aug 8 19:24:18 lanner505g pluto[6113]: "phaeton2phaeton" #5: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536} Aug 8 19:39:19 lanner505g pluto[6113]: "phaeton2phaeton" #3: received Delete SA payload: deleting ISAKMP State #3 Aug 8 19:39:19 lanner505g pluto[6113]: packet from 192.168.1.40:500: received and ignored informational message Aug 8 20:09:31 lanner505g pluto[6113]: packet from 192.168.1.40:500: received Vendor ID payload [Openswan (this version) 2.6.28 ] Aug 8 20:09:31 lanner505g pluto[6113]: packet from 192.168.1.40:500: received Vendor ID payload [Dead Peer Detection] Aug 8 20:09:31 lanner505g pluto[6113]: "phaeton2phaeton" #6: responding to Main Mode Aug 8 20:09:31 lanner505g pluto[6113]: "phaeton2phaeton" #6: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Aug 8 20:09:31 lanner505g pluto[6113]: "phaeton2phaeton" #6: STATE_MAIN_R1: sent MR1, expecting MI2 Aug 8 20:09:31 lanner505g pluto[6113]: "phaeton2phaeton" #6: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 Aug 8 20:09:31 lanner505g pluto[6113]: "phaeton2phaeton" #6: STATE_MAIN_R2: sent MR2, expecting MI3 Aug 8 20:09:31 lanner505g pluto[6113]: "phaeton2phaeton" #6: Main mode peer ID is ID_IPV4_ADDR: '192.168.1.40' Aug 8 20:09:31 lanner505g pluto[6113]: "phaeton2phaeton" #6: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3 Aug 8 20:09:31 lanner505g pluto[6113]: "phaeton2phaeton" #6: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536} Aug 8 20:24:17 lanner505g pluto[6113]: "phaeton2phaeton" #5: received Delete SA payload: deleting ISAKMP State #5 Aug 8 20:24:17 lanner505g pluto[6113]: packet from 192.168.1.40:500: received and ignored informational message Aug 8 20:55:17 lanner505g pluto[6113]: packet from 192.168.1.40:500: received Vendor ID payload [Openswan (this version) 2.6.28 ] Aug 8 20:55:17 lanner505g pluto[6113]: packet from 192.168.1.40:500: received Vendor ID payload [Dead Peer Detection] Aug 8 20:55:17 lanner505g pluto[6113]: "phaeton2phaeton" #7: responding to Main Mode Aug 8 20:55:17 lanner505g pluto[6113]: "phaeton2phaeton" #7: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Aug 8 20:55:17 lanner505g pluto[6113]: "phaeton2phaeton" #7: STATE_MAIN_R1: sent MR1, expecting MI2 Aug 8 20:55:17 lanner505g pluto[6113]: "phaeton2phaeton" #7: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 Aug 8 20:55:17 lanner505g pluto[6113]: "phaeton2phaeton" #7: STATE_MAIN_R2: sent MR2, expecting MI3 Aug 8 20:55:17 lanner505g pluto[6113]: "phaeton2phaeton" #7: Main mode peer ID is ID_IPV4_ADDR: '192.168.1.40' Aug 8 20:55:17 lanner505g pluto[6113]: "phaeton2phaeton" #7: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3 Aug 8 20:55:17 lanner505g pluto[6113]: "phaeton2phaeton" #7: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536} Aug 8 21:09:31 lanner505g pluto[6113]: "phaeton2phaeton" #6: received Delete SA payload: deleting ISAKMP State #6 Aug 8 21:09:31 lanner505g pluto[6113]: packet from 192.168.1.40:500: received and ignored informational message Aug 8 21:38:12 lanner505g pluto[6113]: packet from 192.168.1.40:500: received Vendor ID payload [Openswan (this version) 2.6.28 ] Aug 8 21:38:12 lanner505g pluto[6113]: packet from 192.168.1.40:500: received Vendor ID payload [Dead Peer Detection] Aug 8 21:38:12 lanner505g pluto[6113]: "phaeton2phaeton" #8: responding to Main Mode Aug 8 21:38:12 lanner505g pluto[6113]: "phaeton2phaeton" #8: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Aug 8 21:38:12 lanner505g pluto[6113]: "phaeton2phaeton" #8: STATE_MAIN_R1: sent MR1, expecting MI2 Aug 8 21:38:12 lanner505g pluto[6113]: "phaeton2phaeton" #8: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 Aug 8 21:38:12 lanner505g pluto[6113]: "phaeton2phaeton" #8: STATE_MAIN_R2: sent MR2, expecting MI3 Aug 8 21:38:12 lanner505g pluto[6113]: "phaeton2phaeton" #8: Main mode peer ID is ID_IPV4_ADDR: '192.168.1.40' Aug 8 21:38:12 lanner505g pluto[6113]: "phaeton2phaeton" #8: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3 Aug 8 21:38:12 lanner505g pluto[6113]: "phaeton2phaeton" #8: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536} Aug 8 21:55:16 lanner505g pluto[6113]: "phaeton2phaeton" #7: received Delete SA payload: deleting ISAKMP State #7 Aug 8 21:55:16 lanner505g pluto[6113]: packet from 192.168.1.40:500: received and ignored informational message Aug 8 22:28:23 lanner505g pluto[6113]: packet from 192.168.1.40:500: received Vendor ID payload [Openswan (this version) 2.6.28 ] Aug 8 22:28:23 lanner505g pluto[6113]: packet from 192.168.1.40:500: received Vendor ID payload [Dead Peer Detection] Aug 8 22:28:23 lanner505g pluto[6113]: "phaeton2phaeton" #9: responding to Main Mode Aug 8 22:28:23 lanner505g pluto[6113]: "phaeton2phaeton" #9: transition from state STATE_MAIN_R0 to state STATE_MAIN_R1 Aug 8 22:28:23 lanner505g pluto[6113]: "phaeton2phaeton" #9: STATE_MAIN_R1: sent MR1, expecting MI2 Aug 8 22:28:23 lanner505g pluto[6113]: "phaeton2phaeton" #9: transition from state STATE_MAIN_R1 to state STATE_MAIN_R2 Aug 8 22:28:23 lanner505g pluto[6113]: "phaeton2phaeton" #9: STATE_MAIN_R2: sent MR2, expecting MI3 Aug 8 22:28:23 lanner505g pluto[6113]: "phaeton2phaeton" #9: Main mode peer ID is ID_IPV4_ADDR: '192.168.1.40' Aug 8 22:28:23 lanner505g pluto[6113]: "phaeton2phaeton" #9: transition from state STATE_MAIN_R2 to state STATE_MAIN_R3 Aug 8 22:28:23 lanner505g pluto[6113]: "phaeton2phaeton" #9: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=OAKLEY_PRESHARED_KEY cipher=oakley_3des_cbc_192 prf=oakley_md5 group=modp1536} + _________________________ date + date Sun Aug 8 22:35:05 CDT 2010