Note: This archive passes through spamassassin. Every mail marked with the subject "*****SPAM*****" has exceed a certain threshold of spam-like behaviour.

[Users] Packets coming from different source now?

From: Michael P. Blinn (mblinn_at_peopleplaces.org)
Date: Wed Mar 27 2002 - 22:27:36 CET

Next message: Jason A. Pattie: "[Users] SSHSentinel and OpenSSL generated X.509 certificates"
Previous message: Stephen J Bevan: "Re: [Users] Securing specific ports with freeswan"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hullo! I recently changed my freeswan gateway boxes' configurations, and
though everything is still working, strange things are afoot. Now packets
coming into one gateway from the opposite LAN appear to be coming from the
gateway. It this a kernel-level configuration issue (masq options?) or a
manifestation of something I've inadvertantly altered on the bind side of
things?
-Michael Blinn

output of ipsec barf:

mail
Wed Mar 27 16:23:33 EST 2002
+ _________________________ version
+ ipsec --version
Linux FreeS/WAN 1.95
See `ipsec --copyright' for copyright information.
+ _________________________ proc/version
+ cat /proc/version
Linux version 2.2.20 (root_at_mail) (gcc version 2.95.4 (Debian prerelease)) #2
Fri Mar 1 17:08:40 EST 2002
+ _________________________ proc/net/ipsec_eroute
+ sort +1 /proc/net/ipsec_eroute
615 192.168.168.0/24 -> 192.168.169.0/24 =>
tun0x102e_at_216.12.13.169
352 216.12.68.11/32 -> 192.168.169.0/24 =>
tun0x1030_at_216.12.13.169
44851 192.168.168.0/24 -> 216.12.13.169/32 =>
tun0x102c_at_216.12.13.169
50769 216.12.68.11/32 -> 216.12.13.169/32 =>
tun0x1032_at_216.12.13.169
+ _________________________ proc/net/ipsec_spi
+ cat /proc/net/ipsec_spi
tun0x1032_at_216.12.13.169 IPIP: dir=out src=216.12.68.11
life(c,s,h)=bytes(1013434,0,0)addtime(427793,0,0)usetime(428087,0,0)packets(
2498,0,0) idle=158
tun0x1030_at_216.12.13.169 IPIP: dir=out src=216.12.68.11
life(c,s,h)=bytes(80129,0,0)addtime(427407,0,0)usetime(427525,0,0)packets(35
2,0,0) idle=90
tun0x102e_at_216.12.13.169 IPIP: dir=out src=216.12.68.11
life(c,s,h)=bytes(81359,0,0)addtime(427361,0,0)usetime(427399,0,0)packets(61
5,0,0) idle=53
tun0x102c_at_216.12.13.169 IPIP: dir=out src=216.12.68.11
life(c,s,h)=bytes(33931860,0,0)addtime(427207,0,0)usetime(427211,0,0)packets
(44851,0,0) idle=3
comp0x8aa2_at_216.12.68.11 COMP_DEFLATE: dir=in src=216.12.13.169
life(c,s,h)=addtime(427793,0,0) ratio=338237:256623
comp0x8aa1_at_216.12.68.11 COMP_DEFLATE: dir=in src=216.12.13.169
life(c,s,h)=addtime(427407,0,0) ratio=10236:4789
comp0x8aa0_at_216.12.68.11 COMP_DEFLATE: dir=in src=216.12.13.169
life(c,s,h)=addtime(427361,0,0) ratio=115033:108976
comp0x8a9f_at_216.12.68.11 COMP_DEFLATE: dir=in src=216.12.13.169
life(c,s,h)=addtime(427207,0,0) ratio=5015423:4468465
esp0xad78ef15_at_216.12.13.169 ESP_3DES_HMAC_MD5: dir=out src=216.12.68.11
iv_bits=64bits iv=0x55ab5bef2e6dc363 ooowin=64 seq=2498 alen=128 aklen=128
eklen=192
life(c,s,h)=bytes(694912,0,0)addtime(427793,0,0)usetime(428087,0,0)packets(2
498,0,0) idle=158
esp0xad78ef14_at_216.12.13.169 ESP_3DES_HMAC_MD5: dir=out src=216.12.68.11
iv_bits=64bits iv=0xaf981a9df9ae4a9e ooowin=64 seq=352 alen=128 aklen=128
eklen=192
life(c,s,h)=bytes(63496,0,0)addtime(427407,0,0)usetime(427525,0,0)packets(35
2,0,0) idle=90
esp0xad78ef13_at_216.12.13.169 ESP_3DES_HMAC_MD5: dir=out src=216.12.68.11
iv_bits=64bits iv=0x7c8b738369eb9d67 ooowin=64 seq=615 alen=128 aklen=128
eklen=192
life(c,s,h)=bytes(96968,0,0)addtime(427361,0,0)usetime(427399,0,0)packets(61
5,0,0) idle=53
esp0xad78ef12_at_216.12.13.169 ESP_3DES_HMAC_MD5: dir=out src=216.12.68.11
iv_bits=64bits iv=0x8ded2f5447b2f54c ooowin=64 seq=44851 alen=128 aklen=128
eklen=192
life(c,s,h)=bytes(11836536,0,0)addtime(427207,0,0)usetime(427211,0,0)packets
(44851,0,0) idle=3
comp0x6055_at_216.12.13.169 COMP_DEFLATE: dir=out src=216.12.68.11
life(c,s,h)=bytes(1013434,0,0)addtime(427793,0,0)usetime(428087,0,0)packets(
2498,0,0) idle=158 ratio=1013434:610370
comp0x6054_at_216.12.13.169 COMP_DEFLATE: dir=out src=216.12.68.11
life(c,s,h)=bytes(80129,0,0)addtime(427407,0,0)usetime(427525,0,0)packets(35
2,0,0) idle=90 ratio=80129:51745
comp0x6053_at_216.12.13.169 COMP_DEFLATE: dir=out src=216.12.68.11
life(c,s,h)=bytes(81359,0,0)addtime(427361,0,0)usetime(427399,0,0)packets(61
5,0,0) idle=53 ratio=81359:75957
comp0x6052_at_216.12.13.169 COMP_DEFLATE: dir=out src=216.12.68.11
life(c,s,h)=bytes(33931860,0,0)addtime(427207,0,0)usetime(427211,0,0)packets
(44851,0,0) idle=3 ratio=33931860:10305392
esp0x6639d666_at_216.12.68.11 ESP_3DES_HMAC_MD5: dir=in src=216.12.13.169
iv_bits=64bits iv=0x94ac000392ae353c ooowin=64 seq=2255
bit=0xffffffffffffffff alen=128 aklen=128 eklen=192
life(c,s,h)=bytes(256623,0,0)addtime(427793,0,0)usetime(428087,0,0)packets(2
255,0,0) idle=158
esp0x6639d665_at_216.12.68.11 ESP_3DES_HMAC_MD5: dir=in src=216.12.13.169
iv_bits=64bits iv=0x391e1ba439493799 ooowin=64 seq=34 bit=0x3ffffffff
alen=128 aklen=128 eklen=192
life(c,s,h)=bytes(4789,0,0)addtime(427407,0,0)usetime(427789,0,0)packets(34,
0,0) idle=799
esp0x6639d664_at_216.12.68.11 ESP_3DES_HMAC_MD5: dir=in src=216.12.13.169
iv_bits=64bits iv=0x437d14ba5d2e932c ooowin=64 seq=638
bit=0xffffffffffffffef max_seq_diff=2 alen=128 aklen=128 eklen=192
life(c,s,h)=bytes(108976,0,0)addtime(427361,0,0)usetime(427399,0,0)packets(6
10,0,0) idle=53
esp0x6639d663_at_216.12.68.11 ESP_3DES_HMAC_MD5: dir=in src=216.12.13.169
iv_bits=64bits iv=0xd1cad9a14a5da305 ooowin=64 seq=42530
bit=0xffffffffffffffff max_seq_diff=2 alen=128 aklen=128 eklen=192
life(c,s,h)=bytes(4468465,0,0)addtime(427207,0,0)usetime(427211,0,0)packets(
42511,0,0) idle=3
tun0x1031_at_216.12.68.11 IPIP: dir=in src=216.12.13.169
life(c,s,h)=bytes(256623,0,0)addtime(427793,0,0)usetime(428087,0,0)packets(2
255,0,0) idle=158
tun0x102f_at_216.12.68.11 IPIP: dir=in src=216.12.13.169
life(c,s,h)=bytes(4789,0,0)addtime(427407,0,0)usetime(427789,0,0)packets(34,
0,0) idle=799
tun0x102d_at_216.12.68.11 IPIP: dir=in src=216.12.13.169
life(c,s,h)=bytes(108976,0,0)addtime(427361,0,0)usetime(427399,0,0)packets(6
10,0,0) idle=53
tun0x102b_at_216.12.68.11 IPIP: dir=in src=216.12.13.169
life(c,s,h)=bytes(4468465,0,0)addtime(427207,0,0)usetime(427211,0,0)packets(
42511,0,0) idle=3
+ _________________________ proc/net/ipsec_spigrp
+ cat /proc/net/ipsec_spigrp
tun0x1032_at_216.12.13.169 comp0x6055_at_216.12.13.169 esp0xad78ef15_at_216.12.13.169
tun0x1030_at_216.12.13.169 comp0x6054_at_216.12.13.169 esp0xad78ef14_at_216.12.13.169
tun0x102e_at_216.12.13.169 comp0x6053_at_216.12.13.169 esp0xad78ef13_at_216.12.13.169
tun0x102c_at_216.12.13.169 comp0x6052_at_216.12.13.169 esp0xad78ef12_at_216.12.13.169
tun0x1031_at_216.12.68.11 comp0x8aa2_at_216.12.68.11 esp0x6639d666_at_216.12.68.11
tun0x102f_at_216.12.68.11 comp0x8aa1_at_216.12.68.11 esp0x6639d665_at_216.12.68.11
tun0x102d_at_216.12.68.11 comp0x8aa0_at_216.12.68.11 esp0x6639d664_at_216.12.68.11
tun0x102b_at_216.12.68.11 comp0x8a9f_at_216.12.68.11 esp0x6639d663_at_216.12.68.11
+ _________________________ netstart-rn
+ netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt
Iface
216.12.13.169 216.12.68.1 255.255.255.255 UGH 0 0 0
ipsec0
216.12.68.0 0.0.0.0 255.255.255.0 U 0 0 0
eth0
216.12.68.0 0.0.0.0 255.255.255.0 U 0 0 0
ipsec0
192.168.168.0 0.0.0.0 255.255.255.0 U 0 0 0
eth1
192.168.169.0 216.12.68.1 255.255.255.0 UG 0 0 0
ipsec0
0.0.0.0 216.12.68.1 0.0.0.0 UG 0 0 0
eth0
+ _________________________ proc/net/ipsec_tncfg
+ cat /proc/net/ipsec_tncfg
ipsec0 -> eth0 mtu=16260(1443) -> 1500
ipsec1 -> NULL mtu=0(0) -> 0
ipsec2 -> NULL mtu=0(0) -> 0
ipsec3 -> NULL mtu=0(0) -> 0
+ _________________________ proc/net/pf_key
+ cat /proc/net/pf_key
    sock pid socket next prev e n p sndbf Flags Type St
c340bc40 232 c2e3bdb8 0 0 0 0 2 65535 00000000 3 1
+ _________________________ proc/net/pf_key-star
+ cd /proc/net
+ egrep '^' pf_key_registered pf_key_supported
pf_key_registered:satype socket pid sk
pf_key_registered: 2 c2e3bdb8 232 c340bc40
pf_key_registered: 3 c2e3bdb8 232 c340bc40
pf_key_registered: 9 c2e3bdb8 232 c340bc40
pf_key_registered: 10 c2e3bdb8 232 c340bc40
pf_key_supported:satype exttype alg_id ivlen minbits maxbits
pf_key_supported: 2 14 3 0 160 160
pf_key_supported: 2 14 2 0 128 128
pf_key_supported: 3 15 3 128 168 168
pf_key_supported: 3 14 3 0 160 160
pf_key_supported: 3 14 2 0 128 128
pf_key_supported: 9 15 1 0 32 32
pf_key_supported: 10 15 2 0 1 1
+ _________________________ proc/sys/net/ipsec-star
+ cd /proc/sys/net/ipsec
+ egrep '^' debug_ah debug_eroute debug_esp debug_ipcomp debug_netlink
debug_pfkey debug_radij debug_rcv debug_spi debug_tunnel debug_verbose
debug_xform icmp inbound_policy_check tos
debug_ah:0
debug_eroute:0
debug_esp:0
debug_ipcomp:0
debug_netlink:0
debug_pfkey:0
debug_radij:0
debug_rcv:0
debug_spi:0
debug_tunnel:0
debug_verbose:0
debug_xform:0
icmp:0
inbound_policy_check:1
tos:1
+ _________________________ ipsec/status
+ ipsec auto --status
000 interface ipsec0/eth0 216.12.68.11
000
000 "snet-cville":
192.168.168.0/24===216.12.68.11[@mail.peopleplaces.org]---216.12.68.1...216.
12.13.1---216.12.13.169[@cvserver.peopleplaces.org]
000 "snet-cville": ike_life: 3600s; ipsec_life: 86400s; rekey_margin:
540s; rekey_fuzz: 100%; keyingtries: 1
000 "snet-cville": policy:
RSASIG+ENCRYPT+COMPRESS+TUNNEL+PFS+DISABLEARRIVALCHECK; interface: eth0;
erouted
000 "snet-cville": newest ISAKMP SA: #0; newest IPsec SA: #149; eroute
owner: #149
000 "snet-cvnet":
192.168.168.0/24===216.12.68.11[@mail.peopleplaces.org]---216.12.68.1...216.
12.13.1---216.12.13.169[@cvserver.peopleplaces.org]===192.168.169.0/24
000 "snet-cvnet": ike_life: 3600s; ipsec_life: 86400s; rekey_margin: 540s;
rekey_fuzz: 100%; keyingtries: 1
000 "snet-cvnet": policy:
RSASIG+ENCRYPT+COMPRESS+TUNNEL+PFS+DISABLEARRIVALCHECK; interface: eth0;
erouted
000 "snet-cvnet": newest ISAKMP SA: #0; newest IPsec SA: #150; eroute
owner: #150
000 "staunton-charlottesville":
216.12.68.11[@mail.peopleplaces.org]---216.12.68.1...216.12.13.1---216.12.13
.169[@cvserver.peopleplaces.org]
000 "staunton-charlottesville": ike_life: 3600s; ipsec_life: 86400s;
rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 1
000 "staunton-charlottesville": policy:
RSASIG+ENCRYPT+COMPRESS+TUNNEL+PFS+DISABLEARRIVALCHECK; interface: eth0;
erouted
000 "staunton-charlottesville": newest ISAKMP SA: #0; newest IPsec SA:
#152; eroute owner: #152
000 "staunton-cvnet":
216.12.68.11[@mail.peopleplaces.org]---216.12.68.1...216.12.13.1---216.12.13
.169[@cvserver.peopleplaces.org]===192.168.169.0/24
000 "staunton-cvnet": ike_life: 3600s; ipsec_life: 86400s; rekey_margin:
540s; rekey_fuzz: 100%; keyingtries: 1
000 "staunton-cvnet": policy:
RSASIG+ENCRYPT+COMPRESS+TUNNEL+PFS+DISABLEARRIVALCHECK; interface: eth0;
erouted
000 "staunton-cvnet": newest ISAKMP SA: #162; newest IPsec SA: #151;
eroute owner: #151
000 "snet-pygmalion":
192.168.168.0/24===216.12.68.11---216.12.68.1...216.12.68.1---216.12.68.10
000 "snet-pygmalion": ike_life: 3600s; ipsec_life: 28800s; rekey_margin:
540s; rekey_fuzz: 100%; keyingtries: 1
000 "snet-pygmalion": policy: PSK+ENCRYPT+TUNNEL+PFS+DISABLEARRIVALCHECK;
interface: eth0; unrouted
000 "snet-pygmalion": newest ISAKMP SA: #0; newest IPsec SA: #0; eroute
owner: #0
000
000 #162: "staunton-cvnet" STATE_MAIN_R3 (sent MR3, ISAKMP SA established);
EVENT_SA_REPLACE in 636s; newest ISAKMP
000 #152: "staunton-charlottesville" STATE_QUICK_R2 (IPsec SA established);
EVENT_SA_REPLACE in 57304s; newest IPSEC; eroute owner
000 #152: "staunton-charlottesville" esp.ad78ef15_at_216.12.13.169
esp.6639d666_at_216.12.68.11 comp.6055_at_216.12.13.169 comp.8aa2_at_216.12.68.11
tun.1032_at_216.12.13.169 tun.1031_at_216.12.68.11
000 #151: "staunton-cvnet" STATE_QUICK_R2 (IPsec SA established);
EVENT_SA_REPLACE in 56918s; newest IPSEC; eroute owner
000 #151: "staunton-cvnet" esp.ad78ef14_at_216.12.13.169
esp.6639d665_at_216.12.68.11 comp.6054_at_216.12.13.169 comp.8aa1_at_216.12.68.11
tun.1030_at_216.12.13.169 tun.102f_at_216.12.68.11
000 #150: "snet-cvnet" STATE_QUICK_R2 (IPsec SA established);
EVENT_SA_REPLACE in 56872s; newest IPSEC; eroute owner
000 #150: "snet-cvnet" esp.ad78ef13_at_216.12.13.169 esp.6639d664_at_216.12.68.11
comp.6053_at_216.12.13.169 comp.8aa0_at_216.12.68.11 tun.102e_at_216.12.13.169
tun.102d_at_216.12.68.11
000 #149: "snet-cville" STATE_QUICK_R2 (IPsec SA established);
EVENT_SA_REPLACE in 56718s; newest IPSEC; eroute owner
000 #149: "snet-cville" esp.ad78ef12_at_216.12.13.169 esp.6639d663_at_216.12.68.11
comp.6052_at_216.12.13.169 comp.8a9f_at_216.12.68.11 tun.102c_at_216.12.13.169
tun.102b_at_216.12.68.11
+ _________________________ ifconfig-a
+ ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:01:02:EA:C7:BF
          inet addr:216.12.68.11 Bcast:216.12.68.255 Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:3273361 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1312765 errors:0 dropped:0 overruns:0 carrier:1
          collisions:872 txqueuelen:100
          Interrupt:10 Base address:0xe800

eth1 Link encap:Ethernet HWaddr 00:10:5A:19:B3:FA
          inet addr:192.168.168.2 Bcast:192.168.168.255 Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
          RX packets:1385472 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1845807 errors:0 dropped:0 overruns:0 carrier:0
          collisions:8182 txqueuelen:100
          Interrupt:12 Base address:0xec00

ipsec0 Link encap:Ethernet HWaddr 00:01:02:EA:C7:BF
          inet addr:216.12.68.11 Mask:255.255.255.0
          UP RUNNING NOARP MTU:16260 Metric:1
          RX packets:231376 errors:0 dropped:1 overruns:0 frame:0
          TX packets:253846 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:10

ipsec1 Link encap:IPIP Tunnel HWaddr
          NOARP MTU:0 Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:10

ipsec2 Link encap:IPIP Tunnel HWaddr
          NOARP MTU:0 Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:10

ipsec3 Link encap:IPIP Tunnel HWaddr
          NOARP MTU:0 Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:10

lo Link encap:Local Loopback
          inet addr:127.0.0.1 Mask:255.0.0.0
          UP LOOPBACK RUNNING MTU:3924 Metric:1
          RX packets:303907 errors:0 dropped:0 overruns:0 frame:0
          TX packets:303907 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0

tunl0 Link encap:IPIP Tunnel HWaddr
          NOARP MTU:1480 Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0

+ _________________________ ipsec/directory
+ ipsec --directory
/usr/local/lib/ipsec
+ _________________________ hostname/fqdn
+ hostname --fqdn
peopleplaces.org
+ _________________________ hostname/ipaddress
+ hostname --ip-address
192.168.168.2
+ _________________________ uptime
+ uptime
4:23pm up 5 days, 6:50, 2 users, load average: 0.08, 0.02, 0.01
+ _________________________ ps
+ ps alxw
+ egrep -i 'ppid|pluto|ipsec|klips'
Warning: /boot/System.map has an incorrect kernel version.
Warning: /System.map has an incorrect kernel version.
F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME COMMAND
140 0 232 1 0 0 1916 924 12ddd0 S ? 0:10
/usr/local/lib/ipsec/pluto --debug-none --uniqueids
000 0 9664 28254 0 0 2116 980 1163d7 S pts/0 0:00 sh
/usr/local/sbin/ipsec barf
000 0 9665 9664 9 0 2144 1036 1163d7 S pts/0 0:00 sh
/usr/local/lib/ipsec/barf
000 0 9733 9665 9 0 1412 516 12a99d S pts/0 0:00
egrep -i ppid|pluto|ipsec|klips
+ _________________________ ipsec/showdefaults
+ ipsec showdefaults
#dr: no default route
# no default route
# no default route
+ _________________________ ipsec/conf
+ ipsec _include /etc/ipsec.conf
+ ipsec _keycensor

#< /etc/ipsec.conf 1
# /etc/ipsec.conf - FreeS/WAN IPSEC configuration file

# More elaborate and more varied sample configurations can be found
# in FreeS/WAN's doc/examples file.

# basic configuration
config setup
# THIS SETTING MUST BE CORRECT or almost nothing will work;
# %defaultroute is okay for most simple cases.
interfaces="ipsec0=eth0"
# Debug-logging controls: "none" for (almost) none, "all" for lots.
klipsdebug=none
plutodebug=none
# Use auto= parameters in conn descriptions to control startup actions.
plutoload=%search
plutostart=%search
plutowait=no
# Close down old connection when new one using same ID shows up.
uniqueids=yes

# defaults for subsequent connection descriptions
conn %default
# How persistent to be in (re)keying negotiations (0 means very).
keyingtries=1
keylife=24h

# What the hell is this?
conn snet-cvnet
auto=start
compress=yes
left=216.12.13.169
leftfirewall=yes
leftnexthop=216.12.13.1
leftsubnet=192.168.169.0/24
right=216.12.68.11
rightfirewall=yes
rightnexthop=216.12.68.1
rightsubnet=192.168.168.0/24
authby=rsasig
leftrsasigkey=[sums to 2dd2...]
leftid=@cvserver.peopleplaces.org
rightrsasigkey=[sums to bdbc...]
rightid=@mail.peopleplaces.org

conn staunton-charlottesville
auto=start
compress=yes
left=216.12.13.169
leftnexthop=216.12.13.1
right=216.12.68.11
rightnexthop=216.12.68.1
authby=rsasig
leftrsasigkey=[sums to 2dd2...]
leftid=@cvserver.peopleplaces.org
rightrsasigkey=[sums to bdbc...]
rightid=@mail.peopleplaces.org

conn staunton-cvnet
auto=start
compress=yes
left=216.12.13.169
leftnexthop=216.12.13.1
leftfirewall=yes
leftsubnet=192.168.169.0/24
right=216.12.68.11
rightnexthop=216.12.68.1
authby=rsasig
leftrsasigkey=[sums to 2dd2...]
leftid=@cvserver.peopleplaces.org
rightrsasigkey=[sums to bdbc...]
rightid=@mail.peopleplaces.org

conn snet-cville
auto=start
compress=yes
left=216.12.13.169
leftnexthop=216.12.13.1
right=216.12.68.11
rightnexthop=216.12.68.1
rightfirewall=yes
rightsubnet=192.168.168.0/24
authby=rsasig
leftrsasigkey=[sums to 2dd2...]
leftid=@cvserver.peopleplaces.org
rightrsasigkey=[sums to bdbc...]
rightid=@mail.peopleplaces.org

conn snet-pygmalion
auto=add
keyingtries=1
keylife=8h
lifetime=8h
pfs=yes
authby=secret
type=tunnel
left=216.12.68.10
leftnexthop=216.12.68.1
right=216.12.68.11
rightnexthop=216.12.68.1
rightfirewall=yes
rightsubnet=192.168.168.0/24

#conn staunton-pygmalion
# auto=add
# type=tunnel
# keyingtries=1
# keylife=8h
# lifetime=8h
# pfs=yes
# authby=secret
# left=216.12.68.10
# leftnexthop=216.12.68.1
# right=216.12.68.11
# rightnexthop=216.12.68.1

# sample connection
#conn sample
# Left security gateway, subnet behind it, next hop toward right.
#left=10.0.0.1
#leftsubnet=172.16.0.0/24
#leftnexthop=10.22.33.44
# Right security gateway, subnet behind it, next hop toward left.
#right=10.12.12.1
#rightsubnet=192.168.0.0/24
#rightnexthop=10.101.102.103
# To authorize this connection, but not actually start it, at startup,
# uncomment this.
#auto=add
+ _________________________ ipsec/secrets
+ ipsec _include /etc/ipsec.secrets
+ ipsec _secretcensor

#< /etc/ipsec.secrets 1
# This file holds shared secrets or RSA private keys for inter-Pluto
# authentication. See ipsec_pluto(8) manpage, and HTML documentation.

# Shared secret (an arbitrary character string, which should be both long
# and hard to guess, enclosed in quotes) for a pair of negotiating hosts.
# Must be same on both; generate on one and copy to the other.
#10.0.0.1 10.12.12.1 : PSK "[sums to d93a...]"

216.12.68.10 216.12.68.11 : PSK "[sums to 390b...]"

# RSA private key for this host, authenticating it to any other host
# which knows the public part. Put ONLY the "[sums to 2f1c...]" part into
connection
# descriptions on the other host(s); it need not be kept secret.
: RSA {
# RSA 1024 bits mail Sat Feb 17 10:00:38 2001
# for signatures only, UNSAFE FOR ENCRYPTION
#pubkey=[sums to bdbc...]
#IN KEY 0x4200 4 1 [sums to fd95...]
# (0x4200 = auth-only host-level, 4 = IPSec, 1 = RSA)
Modulus: [...]
PublicExponent: [...]
# everything after this point is secret
PrivateExponent: [...]
Prime1: [...]
Prime2: [...]
Exponent1: [...]
Exponent2: [...]
Coefficient: [...]
}
# do not change the indenting of that "[sums to 7d9d...]"
+ _________________________ ipsec/ls-dir
+ ls -l /usr/local/lib/ipsec
total 3100
-rwxr-xr-x 1 root staff 11064 Mar 3 10:03 _confread
-rwxr-xr-x 1 root staff 11064 Mar 2 18:47 _confread~
-rwxr-xr-x 1 root staff 31855 Mar 3 10:03 _copyright
-rwxr-xr-x 1 root staff 31855 Mar 2 18:47 _copyright~
-rwxr-xr-x 1 root staff 2163 Mar 3 10:03 _include
-rwxr-xr-x 1 root staff 2163 Mar 2 18:47 _include~
-rwxr-xr-x 1 root staff 1383 Mar 3 10:03 _keycensor
-rwxr-xr-x 1 root staff 1383 Mar 2 18:47 _keycensor~
-rwxr-xr-x 1 root staff 3495 Mar 3 10:03 _plutoload
-rwxr-xr-x 1 root staff 3495 Mar 2 18:47 _plutoload~
-rwxr-xr-x 1 root staff 3622 Mar 3 10:03 _plutorun
-rwxr-xr-x 1 root staff 3622 Mar 2 18:47 _plutorun~
-rwxr-xr-x 1 root staff 7272 Mar 3 10:03 _realsetup
-rwxr-xr-x 1 root staff 7272 Mar 2 18:47 _realsetup~
-rwxr-xr-x 1 root staff 1904 Mar 3 10:03 _secretcensor
-rwxr-xr-x 1 root staff 1904 Mar 2 18:47 _secretcensor~
-rwxr-xr-x 1 root staff 6076 Mar 3 10:03 _startklips
-rwxr-xr-x 1 root staff 6076 Mar 2 18:47 _startklips~
-rwxr-xr-x 1 root staff 5262 Mar 3 10:03 _updown
-rwxr-xr-x 1 root staff 5262 Mar 2 18:47 _updown~
-rwxr-xr-x 1 root staff 10839 Mar 3 10:03 auto
-rwxr-xr-x 1 root staff 10839 Mar 2 18:47 auto~
-rwxr-xr-x 1 root staff 6436 Mar 3 10:03 barf
-rwxr-xr-x 1 root staff 6436 Mar 2 18:47 barf~
-rwxr-xr-x 1 root staff 188805 Mar 3 10:03 eroute
-rwxr-xr-x 1 root staff 2829 Mar 3 10:03 ipsec
-rw-r--r-- 1 root staff 1950 Mar 3 10:03 ipsec_pr.template
-rwxr-xr-x 1 root staff 2829 Mar 2 18:47 ipsec~
-rwxr-xr-x 1 root staff 135570 Mar 3 10:03 klipsdebug
-rwxr-xr-x 1 root staff 2437 Mar 3 10:03 look
-rwxr-xr-x 1 root staff 2437 Mar 2 18:47 look~
-rwxr-xr-x 1 root staff 16172 Mar 3 10:03 manual
-rwxr-xr-x 1 root staff 16172 Mar 2 18:47 manual~
-rwxr-xr-x 1 root staff 1227 Mar 3 10:03 newhostkey
-rwxr-xr-x 1 root staff 1227 Mar 2 18:47 newhostkey~
-rwxr-xr-x 1 root staff 107910 Mar 3 10:03 pf_key
-rwxr-xr-x 1 root staff 728917 Mar 3 10:03 pluto
-rwxr-xr-x 1 root staff 728917 Mar 2 18:47 pluto~
-rwxr-xr-x 1 root staff 37868 Mar 3 10:03 ranbits
-rwxr-xr-x 1 root staff 37868 Mar 2 18:47 ranbits~
-rwxr-xr-x 1 root staff 63669 Mar 3 10:03 rsasigkey
-rwxr-xr-x 1 root staff 63669 Mar 2 18:47 rsasigkey~
-rwxr-xr-x 1 root staff 16671 Mar 3 10:03 send-pr
-rwxr-xr-x 1 root staff 16671 Mar 2 18:47 send-pr~
lrwxrwxrwx 1 root staff 22 Mar 3 10:03 setup ->
/etc/rc.d/init.d/ipsec
-rwxr-xr-x 1 root staff 1041 Mar 3 10:03 showdefaults
-rwxr-xr-x 1 root staff 1041 Mar 2 18:47 showdefaults~
-rwxr-xr-x 1 root staff 3484 Mar 3 10:03 showhostkey
-rwxr-xr-x 1 root staff 3484 Mar 2 18:47 showhostkey~
-rwxr-xr-x 1 root staff 212466 Mar 3 10:03 spi
-rwxr-xr-x 1 root staff 167245 Mar 3 10:03 spigrp
-rwxr-xr-x 1 root staff 50851 Mar 3 10:03 tncfg
-rwxr-xr-x 1 root staff 116204 Mar 3 10:03 whack
-rwxr-xr-x 1 root staff 116204 Mar 2 18:47 whack~
+ _________________________ ipsec/updowns
++ ls /usr/local/lib/ipsec
++ egrep updown
+ cat /usr/local/lib/ipsec/_updown
#! /bin/sh
# default updown script
# Copyright (C) 2000, 2001 D. Hugh Redelmeier, Henry Spencer
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 2 of the License, or (at your
# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
# for more details.
#
# RCSID $Id: _updown,v 1.18 2001/11/09 04:12:19 henry Exp $

# CAUTION: Installing a new version of FreeS/WAN will install a new
# copy of this script, wiping out any custom changes you make. If
# you need changes, make a copy of this under another name, and customize
# that, and use the (left/right)updown parameters in ipsec.conf to make
# FreeS/WAN use yours instead of this default one.

# check interface version
case "$PLUTO_VERSION" in
1.[0]) # Older Pluto?!? Play it safe, script may be using new features.
echo "$0: obsolete interface version \`$PLUTO_VERSION'," >&2
echo "$0: called by obsolete Pluto?" >&2
exit 2
;;
1.*) ;;
*) echo "$0: unknown interface version \`$PLUTO_VERSION'" >&2
exit 2
;;
esac

# check parameter(s)
case "$1:$*" in
':') # no parameters
;;
ipfwadm:ipfwadm) # due to (left/right)firewall; for default script only
;;
custom:*) # custom parameters (see above CAUTION comment)
;;
*) echo "$0: unknown parameters \`$*'" >&2
exit 2
;;
esac

# utility functions for route manipulation
# Meddling with this stuff should not be necessary and requires great care.
uproute() {
doroute add
}
downroute() {
doroute del
}
doroute() {
parms="-net $PLUTO_PEER_CLIENT_NET netmask $PLUTO_PEER_CLIENT_MASK"
parms2="dev $PLUTO_INTERFACE gw $PLUTO_NEXT_HOP"
case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in
"0.0.0.0/0.0.0.0")
  # horrible kludge for obscure routing bug with opportunistic
  it="route $1 -net 0.0.0.0 netmask 128.0.0.0 $parms2 &&"
  it="$it route $1 -net 128.0.0.0 netmask 128.0.0.0 $parms2"
  route $1 -net 0.0.0.0 netmask 128.0.0.0 $parms2 &&
   route $1 -net 128.0.0.0 netmask 128.0.0.0 $parms2
  ;;
*) it="route $1 $parms $parms2"
  route $1 $parms $parms2
  ;;
esac
st=$?
if test $st -ne 0
then
  # route has already given its own cryptic message
  echo "$0: \`$it' failed" >&2
  if test " $1 $st" = " add 7"
  then
   # another totally undocumented interface -- 7 and
   # "SIOCADDRT: Network is unreachable" means that
   # the gateway isn't reachable.
   echo "$0: (incorrect or missing nexthop setting??)" >&2
  fi
fi
return $st
}

# the big choice
case "$PLUTO_VERB:$1" in
prepare-host:*|prepare-client:*)
# delete possibly-existing route (preliminary to adding a route)
case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in
"0.0.0.0/0.0.0.0")
  # horrible kludge for obscure routing bug with opportunistic
  parms1="-net 0.0.0.0 netmask 128.0.0.0"
  parms2="-net 128.0.0.0 netmask 128.0.0.0"
  it="route del $parms1 2>&1 ; route del $parms2 2>&1"
  oops="`route del $parms1 2>&1 ; route del $parms2 2>&1`"
  ;;
*)
  parms="-net $PLUTO_PEER_CLIENT_NET netmask $PLUTO_PEER_CLIENT_MASK"
  it="route del $parms 2>&1"
  oops="`route del $parms 2>&1`"
  ;;
esac
status="$?"
if test " $oops" = " " -a " $status" != " 0"
then
  oops="silent error, exit status $status"
fi
case "$oops" in
'SIOCDELRT: No such process'*)
  # This is what route (currently -- not documented!) gives
  # for "could not find such a route".
  oops=
  status=0
  ;;
esac
if test " $oops" != " " -o " $status" != " 0"
then
  echo "$0: \`$it' failed ($oops)" >&2
fi
exit $status
;;
route-host:*|route-client:*)
# connection to me or my client subnet being routed
uproute
;;
unroute-host:*|unroute-client:*)
# connection to me or my client subnet being unrouted
downroute
;;
up-host:*)
# connection to me coming up
# If you are doing a custom version, firewall commands go here.
;;
down-host:*)
# connection to me going down
# If you are doing a custom version, firewall commands go here.
;;
up-client:)
# connection to my client subnet coming up
# If you are doing a custom version, firewall commands go here.
;;
down-client:)
# connection to my client subnet going down
# If you are doing a custom version, firewall commands go here.
;;
up-client:ipfwadm)
# connection to client subnet, with (left/right)firewall=yes, coming up
# This is used only by the default updown script, not by your custom
# ones, so do not mess with it; see CAUTION comment up at top.
ipfwadm -F -i accept -b -S $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \
  -D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK
;;
down-client:ipfwadm)
# connection to client subnet, with (left/right)firewall=yes, going down
# This is used only by the default updown script, not by your custom
# ones, so do not mess with it; see CAUTION comment up at top.
ipfwadm -F -d accept -b -S $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \
  -D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK
;;
*) echo "$0: unknown verb \`$PLUTO_VERB' or parameter \`$1'" >&2
exit 1
;;
esac
+ _________________________ proc/net/dev
+ cat /proc/net/dev
Inter-| Receive | Transmit
face |bytes packets errs drop fifo frame compressed multicast|bytes
packets errs drop fifo colls carrier compressed
    lo:29526937 303911 0 0 0 0 0 0 29526937
303911 0 0 0 0 0 0
  eth0:2033010551 3273385 0 0 0 0 0 0
217347454 1312781 0 0 0 872 1 0
  eth1:269957200 1385488 0 0 0 0 0 0
2031731330 1845829 0 0 0 8182 0 0
tunl0: 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0
ipsec0:25552610 231378 0 1 0 0 0 0 121582080
253848 0 0 0 0 0 0
ipsec1: 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0
ipsec2: 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0
ipsec3: 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0
+ _________________________ proc/net/route
+ cat /proc/net/route
Iface Destination Gateway Flags RefCnt Use Metric Mask MTU Window IRTT
ipsec0 A90D0CD8 01440CD8 0007 0 0 0 FFFFFFFF 0 0 0
eth0 00440CD8 00000000 0001 0 0 0 00FFFFFF 0 0 0
ipsec0 00440CD8 00000000 0001 0 0 0 00FFFFFF 0 0 0
eth1 00A8A8C0 00000000 0001 0 0 0 00FFFFFF 0 0 0
ipsec0 00A9A8C0 01440CD8 0003 0 0 0 00FFFFFF 0 0 0
eth0 00000000 01440CD8 0003 0 0 0 00000000 0 0 0
+ _________________________ proc/sys/net/ipv4/ip_forward
+ cat /proc/sys/net/ipv4/ip_forward
1
+ _________________________ uname-a
+ uname -a
Linux mail 2.2.20 #2 Fri Mar 1 17:08:40 EST 2002 i586 unknown
+ _________________________ redhat-release
+ test -r /etc/redhat-release
+ _________________________ proc/net/ipsec_version
+ cat /proc/net/ipsec_version
FreeS/WAN version: 1.95
+ _________________________ iptables/list
+ iptables -L -v -n
modprobe: Can't locate module ip_tables
iptables v1.2.5: can't initialize iptables table `filter': iptables who? (do
you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
+ _________________________ ipchains/list
+ ipchains -L -v -n
Chain input (policy ACCEPT: 3004356 packets, 1942815212 bytes):
pkts bytes target prot opt tosa tosx ifname mark outsize
source destination ports
    4 288 ACCEPT all ---f-- 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 n/a
5184K 2279M acctin all ------ 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 n/a
5184K 2279M acctboth all ------ 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 n/a
5184K 2279M inp all ------ 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 n/a
1375K 245M ACCEPT all ------ 0xFF 0x00 *
192.168.168.0/24 0.0.0.0/0 n/a
89618 6742K ACCEPT all ------ 0xFF 0x00 *
192.168.169.0/24 0.0.0.0/0 n/a
378K 53M ACCEPT all ------ 0xFF 0x00 *
216.12.13.169 0.0.0.0/0 n/a
304K 30M ACCEPT all ------ 0xFF 0x00 lo
0.0.0.0/0 0.0.0.0/0 n/a
33941 1327K ACCEPT icmp ------ 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 * -> *
    0 0 ACCEPT udp ------ 0xFF 0x00 eth1
216.12.0.20 216.12.13.169 * -> 53
    0 0 ACCEPT tcp ------ 0xFF 0x00 eth1
216.12.0.20 216.12.13.169 * -> 53
    0 0 ACCEPT udp ------ 0xFF 0x00 *
0.0.0.0/0 216.12.13.169 * -> 110
    0 0 ACCEPT tcp ------ 0xFF 0x00 *
0.0.0.0/0 216.12.13.169 * -> 110
    0 0 ACCEPT udp ------ 0xFF 0x00 *
0.0.0.0/0 216.12.13.169 * -> 80
    0 0 ACCEPT tcp ------ 0xFF 0x00 *
0.0.0.0/0 216.12.13.169 * -> 80
    0 0 ACCEPT udp ------ 0xFF 0x00 *
0.0.0.0/0 216.12.13.169 * -> 25
    0 0 ACCEPT tcp ------ 0xFF 0x00 *
0.0.0.0/0 216.12.13.169 * -> 25
    0 0 ACCEPT udp ------ 0xFF 0x00 *
0.0.0.0/0 216.12.13.169 * -> 22
    0 0 ACCEPT tcp ------ 0xFF 0x00 *
0.0.0.0/0 216.12.13.169 * -> 22
Chain forward (policy ACCEPT: 2737 packets, 95918 bytes):
pkts bytes target prot opt tosa tosx ifname mark outsize
source destination ports
    0 0 ACCEPT all ---f-- 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 n/a
1366K 245M fwd all ------ 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 n/a
996K 70M MASQ tcp ------ 0xFF 0x00 *
192.168.168.0/24 0.0.0.0/0 * -> *
    0 0 - tcp ------ 0x01 0x10 *
192.168.168.0/24 0.0.0.0/0 * -> 80
    0 0 - tcp ------ 0x01 0x10 *
192.168.168.0/24 0.0.0.0/0 * -> 23
    0 0 - tcp ------ 0x01 0x02 *
192.168.168.0/24 0.0.0.0/0 * -> 20
    0 0 - tcp ------ 0x01 0x02 *
192.168.168.0/24 0.0.0.0/0 * -> 119
Chain output (policy ACCEPT: 1025614 packets, 67147286 bytes):
pkts bytes target prot opt tosa tosx ifname mark outsize
source destination ports
    0 0 ACCEPT all ---f-- 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 n/a
3444K 2299M acctout all ------ 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 n/a
3444K 2299M acctboth all ------ 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 n/a
3444K 2299M out all ------ 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 n/a
    0 0 DENY all ------ 0xFF 0x00 *
0.0.0.0/0 199.95.207.0/24 n/a
1834K 2006M ACCEPT all ------ 0xFF 0x00 *
0.0.0.0/0 192.168.168.0/24 n/a
104K 83M ACCEPT all ------ 0xFF 0x00 *
0.0.0.0/0 192.168.169.0/24 n/a
150K 101M ACCEPT all ------ 0xFF 0x00 *
0.0.0.0/0 216.12.13.169 n/a
    0 0 ACCEPT udp ------ 0xFF 0x00 eth1
0.0.0.0/0 216.12.0.20 * -> 53
    0 0 ACCEPT tcp ------ 0xFF 0x00 eth1
0.0.0.0/0 216.12.0.20 * -> 53
    0 0 ACCEPT udp ------ 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 * -> 110
1682 76525 ACCEPT tcp ------ 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 * -> 110
    0 0 ACCEPT udp ------ 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 * -> 80
322K 38M ACCEPT tcp ------ 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 * -> 80
    0 0 ACCEPT udp ------ 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 * -> 25
6955 5574K ACCEPT tcp ------ 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 * -> 25
    0 0 ACCEPT udp ------ 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 * -> 22
    4 176 ACCEPT tcp ------ 0xFF 0x00 *
0.0.0.0/0 0.0.0.0/0 * -> 22
Chain acctin (1 references):
Chain acctout (1 references):
Chain acctboth (2 references):
Chain inp (1 references):
Chain out (1 references):
Chain fwd (1 references):
pkts bytes target prot opt tosa tosx ifname mark outsize
source destination ports
94967 11M ACCEPT all ------ 0xFF 0x00 * 0x270f
216.12.13.169 192.168.168.0/24 n/a
99520 81M ACCEPT all ------ 0xFF 0x00 * 0x270f
192.168.168.0/24 216.12.13.169 n/a
82176 6078K ACCEPT all ------ 0xFF 0x00 * 0x2710
192.168.169.0/24 192.168.168.0/24 n/a
90506 78M ACCEPT all ------ 0xFF 0x00 * 0x2710
192.168.168.0/24 192.168.169.0/24 n/a
Chain IpFwAdM! (0 references):
pkts bytes target prot opt tosa tosx ifname mark outsize
source destination ports
    0 0 - all ------ 0xFF 0x00 * 0x270e
0.0.0.0/0 0.0.0.0/0 n/a
    0 0 - all ------ 0xFF 0x00 * 0x2711
0.0.0.0/0 0.0.0.0/0 n/a
+ _________________________ ipfwadm/forward
+ ipfwadm -F -l -n -e
IP firewall forward rules, default policy: accept
pkts bytes type prot opt tosa tosx ifname ifaddress source
destination ports
194K 92M acc all ---- 0xFF 0x00 * 0.0.0.0
192.168.168.0/24 216.12.13.169 n/a
173K 84M acc all ---- 0xFF 0x00 * 0.0.0.0
192.168.168.0/24 192.168.169.0/24 n/a
+ _________________________ ipfwadm/input
+ ipfwadm -I -l -n -e
IP firewall input rules, default policy: accept
pkts bytes type prot opt tosa tosx ifname ifaddress source
destination ports
+ _________________________ ipfwadm/output
+ ipfwadm -O -l -n -e
IP firewall output rules, default policy: accept
pkts bytes type prot opt tosa tosx ifname ifaddress source
destination ports
+ _________________________ iptables/nat
+ iptables -t nat -L -v -n
modprobe: Can't locate module ip_tables
iptables v1.2.5: can't initialize iptables table `nat': iptables who? (do
you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
+ _________________________ ipchains/masq
+ ipchains -M -L -v -n
IP masquerading entries
prot expire initseq delta prevd source destination
ports
TCP 00:49.68 0 0 0 192.168.168.14 172.133.97.207
3313 (63344) -> 1214
TCP 01:42.67 0 0 0 192.168.168.14 129.2.157.44
3334 (63375) -> 1214
TCP 237:52.85 0 0 0 192.168.168.14 64.4.13.41
1047 (64893) -> 1863
TCP 01:57.55 0 0 0 192.168.168.14 192.168.0.2
3335 (63376) -> 1214
TCP 01:38.82 0 0 0 192.168.168.7 209.225.53.229
3144 (63369) -> 80
TCP 01:56.55 0 0 0 192.168.168.14 192.168.1.1
3330 (63366) -> 1214
TCP 239:56.05 0 0 0 192.168.168.14 146.115.40.29
2971 (62875) -> 1214
TCP 01:11.86 0 0 0 192.168.168.14 66.26.62.251
3318 (63349) -> 1214
TCP 01:34.68 0 0 0 192.168.168.14 172.183.235.119
3328 (63364) -> 1214
TCP 239:53.75 0 0 0 192.168.168.14 64.12.25.118
1048 (64894) -> 5190
TCP 01:54.55 0 0 0 192.168.168.14 192.168.1.101
3336 (63378) -> 1214
TCP 240:00.00 0 0 0 192.168.168.14 208.215.141.134
3199 (63135) -> 80
TCP 239:53.72 0 0 0 192.168.168.14 216.136.233.128
1046 (64892) -> 5050
TCP 01:53.55 0 0 0 192.168.168.14 192.168.1.100
3327 (63363) -> 1214
TCP 01:38.55 0 0 0 192.168.168.14 192.168.1.100
3322 (63360) -> 1214
TCP 01:38.55 0 0 0 192.168.168.14 192.168.1.105
3323 (63361) -> 1214
TCP 01:39.34 0 0 0 192.168.168.7 204.176.177.140
3149 (63374) -> 80
TCP 01:05.79 0 0 0 192.168.168.14 24.49.221.171
3317 (63348) -> 1214
TCP 00:28.11 0 0 0 192.168.168.14 149.159.55.162
3309 (63340) -> 1214
TCP 01:14.04 0 0 0 192.168.168.7 208.184.29.90
3138 (63353) -> 80
TCP 01:38.95 0 0 0 192.168.168.7 208.184.29.90
3145 (63370) -> 80
TCP 00:15.55 0 0 0 192.168.168.14 35.11.172.88
3302 (63333) -> 1214
TCP 01:17.37 0 0 0 192.168.168.14 144.118.208.80
3320 (63358) -> 1214
TCP 01:17.56 0 0 0 192.168.168.14 24.55.24.82
3321 (63359) -> 1214
TCP 01:34.55 0 0 0 192.168.168.14 132.235.156.101
3319 (63351) -> 1214
TCP 01:16.55 0 0 0 192.168.168.14 192.168.1.100
3315 (63346) -> 1214
TCP 01:14.39 0 0 0 192.168.168.7 204.176.177.140
3142 (63357) -> 80
TCP 00:59.54 0 0 0 192.168.168.14 24.184.24.108
3312 (63343) -> 1214
TCP 00:32.54 0 0 0 192.168.168.14 192.168.1.101
3307 (63338) -> 1214
TCP 01:13.94 0 0 0 192.168.168.7 209.225.53.229
3137 (63352) -> 80
TCP 00:32.78 0 0 0 192.168.168.14 209.6.184.29
3310 (63341) -> 1214
TCP 239:54.02 0 0 0 192.168.168.14 64.12.24.242
1049 (64895) -> 5190
TCP 239:56.37 0 0 0 192.168.168.14 213.7.189.226
3316 (63347) -> 22100
TCP 00:54.44 0 0 0 192.168.168.14 192.168.0.19
3311 (63342) -> 1214
TCP 00:16.55 0 0 0 192.168.168.14 192.168.1.1
3303 (63334) -> 1214
TCP 239:58.96 0 0 0 192.168.168.14 141.157.86.198
2979 (62883) -> 1214
TCP 00:21.44 0 0 0 192.168.168.14 192.168.1.12
3305 (63336) -> 1214
TCP 00:37.54 0 0 0 192.168.168.14 192.168.0.2
3308 (63339) -> 1214
TCP 00:20.02 0 0 0 192.168.168.14 68.58.5.50
3306 (63337) -> 1214
TCP 00:02.25 0 0 0 192.168.168.7 139.142.147.38
3146 (63371) -> 80
TCP 239:57.90 0 0 0 192.168.168.14 65.48.84.24
3296 (63327) -> 1214
TCP 00:02.25 0 0 0 192.168.168.7 139.142.147.38
3147 (63372) -> 80
TCP 01:51.29 0 0 0 192.168.168.7 216.12.0.11
3151 (63377) -> 110
TCP 00:05.55 0 0 0 192.168.168.14 67.80.130.40
3298 (63329) -> 1214
TCP 00:09.64 0 0 0 192.168.168.14 213.7.189.226
3128 (63040) -> 22100
+ _________________________ ipfwadm/masq
+ ipfwadm -M -l -n -e
IP masquerading entries
prot expire source destination ports
TCP 00:49.64 mblinn.peopleplaces.org AC8561CF.ipt.aol.com 3313 (63344) ->
1214
TCP 01:42.63 mblinn.peopleplaces.org smithers.student.umd.edu 3334
(63375) -> 1214
TCP 237:52.81 mblinn.peopleplaces.org msgr-ns12.msgr.hotmail.com 1047
(64893) -> 1863
TCP 01:57.51 mblinn.peopleplaces.org 192.168.0.2 3335 (63376) ->
1214
TCP 01:38.78 bsnodg.peopleplaces.org network.east.realmedia.com 3144
(63369) -> www
TCP 01:56.51 mblinn.peopleplaces.org 192.168.1.1 3330 (63366) ->
1214
TCP 239:56.01 mblinn.peopleplaces.org
146-115-40-29.c3-0.bkl-ubr1.sbo-bkl.ma.cable.rcn.com 2971 (62875) -> 1214
TCP 01:11.82 mblinn.peopleplaces.org rdu26-62-251.nc.rr.com 3318 (63349) ->
1214
TCP 01:34.64 mblinn.peopleplaces.org ACB7EB77.ipt.aol.com 3328 (63364) ->
1214
TCP 239:53.71 mblinn.peopleplaces.org 64.12.25.118 1048 (64894) ->
5190
TCP 01:54.51 mblinn.peopleplaces.org 192.168.1.101 3336 (63378) ->
1214
TCP 239:59.96 mblinn.peopleplaces.org 208.215.141.134 3199 (63135) ->
www
TCP 239:53.68 mblinn.peopleplaces.org cs41.msg.sc5.yahoo.com 1046
(64892) -> 5050
TCP 01:53.51 mblinn.peopleplaces.org 192.168.1.100 3327 (63363) ->
1214
TCP 01:38.51 mblinn.peopleplaces.org 192.168.1.100 3322 (63360) ->
1214
TCP 01:38.51 mblinn.peopleplaces.org 192.168.1.105 3323 (63361) ->
1214
TCP 01:39.30 bsnodg.peopleplaces.org m.us.doubleclick.net 3149 (63374) ->
www
TCP 01:05.75 mblinn.peopleplaces.org ny-lancaster2c-171.buf.adelphia.net
3317 (63348) -> 1214
TCP 00:28.07 mblinn.peopleplaces.org d-55-162.dhcp-149-159.indiana.edu 3309
(63340) -> 1214
TCP 01:14.00 bsnodg.peopleplaces.org 208.184.29.90.doubleclick.net 3138
(63353) -> www
TCP 01:38.91 bsnodg.peopleplaces.org 208.184.29.90.doubleclick.net 3145
(63370) -> www
TCP 00:15.51 mblinn.peopleplaces.org kimki4-2.user.msu.edu 3302 (63333) ->
1214
TCP 01:17.33 mblinn.peopleplaces.org n2-208-80.resnet.drexel.edu 3320
(63358) -> 1214
TCP 01:17.52 mblinn.peopleplaces.org vnnyca-2-g3-l2-82.vnnyca.adelphia.net
3321 (63359) -> 1214
TCP 01:34.51 mblinn.peopleplaces.org dhcp-156-101.south-green.ohiou.edu
3319 (63351) -> 1214
TCP 01:16.51 mblinn.peopleplaces.org 192.168.1.100 3315 (63346) ->
1214
TCP 01:14.35 bsnodg.peopleplaces.org m.us.doubleclick.net 3142 (63357) ->
www
TCP 00:59.50 mblinn.peopleplaces.org ool-18b8186c.dyn.optonline.net 3312
(63343) -> 1214
TCP 00:32.50 mblinn.peopleplaces.org 192.168.1.101 3307 (63338) ->
1214
TCP 01:13.90 bsnodg.peopleplaces.org network.east.realmedia.com 3137
(63352) -> www
TCP 00:32.74 mblinn.peopleplaces.org
209-6-184-29.c3-0.wth-ubr1.sbo-wth.ma.cable.rcn.com 3310 (63341) -> 1214
TCP 239:53.98 mblinn.peopleplaces.org 64.12.24.242 1049 (64895) ->
5190
TCP 239:56.33 mblinn.peopleplaces.org Bbde2.pppool.de 3316 (63347) ->
22100
TCP 00:54.40 mblinn.peopleplaces.org 192.168.0.19 3311 (63342) ->
1214
TCP 00:16.51 mblinn.peopleplaces.org 192.168.1.1 3303 (63334) ->
1214
TCP 239:58.92 mblinn.peopleplaces.org 141.157.86.198 2979 (62883) ->
1214
TCP 00:21.40 mblinn.peopleplaces.org 192.168.1.12 3305 (63336) ->
1214
TCP 00:37.50 mblinn.peopleplaces.org 192.168.0.2 3308 (63339) ->
1214
TCP 00:19.98 mblinn.peopleplaces.org pcp938028pcs.cstltn01.in.comcast.net
mysql (63337) -> 1214
TCP 00:02.21 bsnodg.peopleplaces.org
h139-142-147-38.gtcust.grouptelecom.net 3146 (63371) -> www
TCP 239:57.86 mblinn.peopleplaces.org
CPE0080ad71cef0.cpe.net.cable.rogers.com 3296 (63327) -> 1214
TCP 00:02.21 bsnodg.peopleplaces.org
h139-142-147-38.gtcust.grouptelecom.net 3147 (63372) -> www
TCP 01:51.25 bsnodg.peopleplaces.org milo.cfw.com 3151 (63377) ->
pop3
TCP 00:05.51 mblinn.peopleplaces.org ool-43508228.dyn.optonline.net 3298
(63329) -> 1214
TCP 00:09.60 mblinn.peopleplaces.org Bbde2.pppool.de 3128 (63040) ->
22100
+ _________________________ iptables/mangle
+ iptables -t mangle -L -v -n
modprobe: Can't locate module ip_tables
iptables v1.2.5: can't initialize iptables table `mangle': iptables who? (do
you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
+ _________________________ proc/modules
+ cat /proc/modules
ip_masq_irc 2232 0
ip_masq_raudio 3192 0
ip_masq_ftp 3816 0
+ _________________________ proc/meminfo
+ cat /proc/meminfo
        total: used: free: shared: buffers: cached:
Mem: 64786432 63324160 1462272 77492224 5226496 26075136
Swap: 49311744 0 49311744
MemTotal: 63268 kB
MemFree: 1428 kB
MemShared: 75676 kB
Buffers: 5104 kB
Cached: 25464 kB
SwapTotal: 48156 kB
SwapFree: 48156 kB
+ _________________________ dev/ipsec-ls
+ ls -l '/dev/ipsec*'
ls: /dev/ipsec*: No such file or directory
+ _________________________ proc/net/ipsec-ls
+ ls -l /proc/net/ipsec_eroute /proc/net/ipsec_klipsdebug
/proc/net/ipsec_spi /proc/net/ipsec_spigrp /proc/net/ipsec_tncfg
/proc/net/ipsec_version
-r--r--r-- 1 root root 0 Mar 27 16:23
/proc/net/ipsec_eroute
-r--r--r-- 1 root root 0 Mar 27 16:23
/proc/net/ipsec_klipsdebug
-r--r--r-- 1 root root 0 Mar 27 16:23 /proc/net/ipsec_spi
-r--r--r-- 1 root root 0 Mar 27 16:23
/proc/net/ipsec_spigrp
-r--r--r-- 1 root root 0 Mar 27 16:23
/proc/net/ipsec_tncfg
-r--r--r-- 1 root root 0 Mar 27 16:23
/proc/net/ipsec_version
+ _________________________ usr/src/linux/.config
+ test -f /usr/src/linux/.config
+ _________________________ etc/syslog.conf
+ cat /etc/syslog.conf
# /etc/syslog.conf Configuration file for syslogd.
#
# For more information see syslog.conf(5)
# manpage.

#
# First some standard logfiles. Log by facility.
#

auth,authpriv.* /var/log/auth.log
*.*;auth,authpriv.none -/var/log/syslog
#cron.* /var/log/cron.log
daemon.* -/var/log/daemon.log
kern.* -/var/log/kern.log
lpr.* -/var/log/lpr.log
mail.* /var/log/mail.log
user.* -/var/log/user.log
uucp.* -/var/log/uucp.log

#
# Logging for the mail system. Split it up so that
# it is easy to write scripts to parse these files.
#
mail.info -/var/log/mail.info
mail.warn -/var/log/mail.warn
mail.err /var/log/mail.err

# Logging for INN news system
#
news.crit /var/log/news/news.crit
news.err /var/log/news/news.err
news.notice -/var/log/news/news.notice

#
# Some `catch-all' logfiles.
#
*.=debug;\
auth,authpriv.none;\
news.none;mail.none -/var/log/debug
*.=info;*.=notice;*.=warn;\
auth,authpriv.none;\
cron,daemon.none;\
mail,news.none -/var/log/messages

#
# Emergencies are sent to everybody logged in.
#
*.emerg *

#
# I like to have messages displayed on the console, but only on a virtual
# console I usually leave idle.
#
#daemon,mail.*;\
# news.=crit;news.=err;news.=notice;\
# *.=debug;*.=info;\
# *.=notice;*.=warn /dev/tty8

# The named pipe /dev/xconsole is for the `xconsole' utility. To use it,
# you must invoke `xconsole' with the `-file' option:
#
# $ xconsole -file /dev/xconsole [...]
#
# NOTE: adjust the list below, or you'll go crazy if you have a reasonably
# busy site..
#
daemon.*;mail.*;\
news.crit;news.err;news.notice;\
*.=debug;*.=info;\
*.=notice;*.=warn |/dev/xconsole

+ _________________________ kern.debug
+ test -f /var/log/kern.debug
+ _________________________ klog
+ sed -n '3552,$p' /var/log/daemon.log.0
+ egrep -i 'ipsec|klips|pluto'
+ cat
Mar 22 09:33:33 mail ipsec_setup: Starting FreeS/WAN IPSEC 1.95...
Mar 22 09:33:33 mail ipsec_setup: KLIPS debug `none'
Mar 22 09:33:33 mail ipsec_setup: /etc/rc2.d/S20ipsec:
/proc/sys/net/ipsec/no_eroute_pass: No such file or directory
Mar 22 09:33:33 mail ipsec_setup: /etc/rc2.d/S20ipsec:
/proc/sys/net/ipsec/opportunistic: No such file or directory
Mar 22 09:33:33 mail ipsec_setup: KLIPS ipsec0 on eth0
216.12.68.11/255.255.255.0 broadcast 216.12.68.255
Mar 22 09:33:33 mail ipsec_setup: Pluto debug `none'
Mar 22 09:33:37 mail ipsec_setup: 104 "staunton-cvnet" #1: STATE_MAIN_I1:
initiate
Mar 22 09:33:38 mail ipsec_setup: 112 "snet-cville" #5: STATE_QUICK_I1:
initiate
Mar 22 09:33:38 mail ipsec_setup: ...FreeS/WAN IPSEC started
+ _________________________ plog
+ sed -n '4,$p' /var/log/auth.log
+ egrep -i pluto
+ cat
Mar 24 07:19:19 mail Pluto[232]: "staunton-cvnet" #68: initiating Main Mode
to replace #67
Mar 24 07:19:20 mail Pluto[232]: "staunton-cvnet" #68: ISAKMP SA established
Mar 24 08:01:25 mail Pluto[232]: "staunton-cvnet" #69: initiating Main Mode
to replace #68
Mar 24 08:01:25 mail Pluto[232]: "staunton-cvnet" #69: ISAKMP SA established
Mar 24 08:45:24 mail Pluto[232]: "staunton-cvnet" #70: initiating Main Mode
to replace #69
Mar 24 08:45:24 mail Pluto[232]: "staunton-cvnet" #70: ISAKMP SA established
Mar 24 09:02:59 mail Pluto[232]: "staunton-cvnet" #71: initiating Quick Mode
RSASIG+ENCRYPT+COMPRESS+TUNNEL+PFS+DISABLEARRIVALCHECK to replace #36
Mar 24 09:02:59 mail Pluto[232]: "staunton-cvnet" #71: sent QI2, IPsec SA
established
Mar 24 09:03:27 mail Pluto[232]: "snet-cvnet" #72: initiating Quick Mode
RSASIG+ENCRYPT+COMPRESS+TUNNEL+PFS+DISABLEARRIVALCHECK to replace #38
Mar 24 09:03:27 mail Pluto[232]: "snet-cvnet" #72: sent QI2, IPsec SA
established
Mar 24 09:04:32 mail Pluto[232]: "snet-cville" #73: initiating Quick Mode
RSASIG+ENCRYPT+COMPRESS+TUNNEL+PFS+DISABLEARRIVALCHECK to replace #39
Mar 24 09:04:33 mail Pluto[232]: "snet-cville" #73: sent QI2, IPsec SA
established
Mar 24 09:05:20 mail Pluto[232]: "staunton-charlottesville" #74: initiating
Quick Mode RSASIG+ENCRYPT+COMPRESS+TUNNEL+PFS+DISABLEARRIVALCHECK to replace
#37
Mar 24 09:05:20 mail Pluto[232]: "staunton-charlottesville" #74: sent QI2,
IPsec SA established
Mar 24 09:33:03 mail Pluto[232]: "staunton-cvnet" #75: initiating Main Mode
to replace #70
Mar 24 09:33:03 mail Pluto[232]: "staunton-cvnet" #75: ISAKMP SA established
Mar 24 10:17:54 mail Pluto[232]: "staunton-cvnet" #76: initiating Main Mode
to replace #75
Mar 24 10:19:04 mail Pluto[232]: "staunton-cvnet" #76: max number of
retransmissions (2) reached STATE_MAIN_I1. No acceptable response to our
first IKE message
Mar 24 10:33:03 mail Pluto[232]: "staunton-cvnet" #75: ISAKMP SA expired
(LATEST!)
Mar 25 08:46:12 mail Pluto[232]: "staunton-cvnet" #77: responding to Main
Mode
Mar 25 08:46:22 mail Pluto[232]: "staunton-cvnet" #78: responding to Main
Mode
Mar 25 08:46:23 mail Pluto[232]: "staunton-cvnet" #77: sent MR3, ISAKMP SA
established
Mar 25 08:46:23 mail Pluto[232]: "snet-cville" #79: responding to Quick Mode
Mar 25 08:46:23 mail Pluto[232]: "snet-cville" #80: responding to Quick Mode
Mar 25 08:46:23 mail Pluto[232]: "snet-cvnet" #81: responding to Quick Mode
Mar 25 08:46:23 mail Pluto[232]: "staunton-charlottesville" #82: responding
to Quick Mode
Mar 25 08:46:23 mail Pluto[232]: "staunton-cvnet" #83: responding to Quick
Mode
Mar 25 08:46:23 mail Pluto[232]: "snet-cville" #79: IPsec SA established
Mar 25 08:46:23 mail Pluto[232]: "snet-cville" #80: IPsec SA established
Mar 25 08:46:24 mail Pluto[232]: "snet-cvnet" #81: IPsec SA established
Mar 25 08:46:24 mail Pluto[232]: "staunton-charlottesville" #82: IPsec SA
established
Mar 25 08:46:24 mail Pluto[232]: "staunton-cvnet" #83: IPsec SA established
Mar 25 08:47:32 mail Pluto[232]: "staunton-cvnet" #78: max number of
retransmissions (2) reached STATE_MAIN_R1
Mar 25 09:36:41 mail Pluto[232]: "staunton-cvnet" #84: responding to Main
Mode
Mar 25 09:36:41 mail Pluto[232]: "staunton-cvnet" #84: sent MR3, ISAKMP SA
established
Mar 25 10:26:38 mail Pluto[232]: "staunton-cvnet" #85: responding to Main
Mode
Mar 25 10:26:38 mail Pluto[232]: "staunton-cvnet" #85: sent MR3, ISAKMP SA
established
Mar 25 11:16:30 mail Pluto[232]: "staunton-cvnet" #86: responding to Main
Mode
Mar 25 11:16:31 mail Pluto[232]: "staunton-cvnet" #86: sent MR3, ISAKMP SA
established
Mar 25 12:00:45 mail Pluto[232]: "staunton-cvnet" #87: responding to Main
Mode
Mar 25 12:00:45 mail Pluto[232]: "staunton-cvnet" #87: sent MR3, ISAKMP SA
established
Mar 25 12:50:41 mail Pluto[232]: "staunton-cvnet" #88: responding to Main
Mode
Mar 25 12:50:41 mail Pluto[232]: "staunton-cvnet" #88: sent MR3, ISAKMP SA
established
Mar 25 13:41:34 mail Pluto[232]: "staunton-cvnet" #89: responding to Main
Mode
Mar 25 13:41:34 mail Pluto[232]: "staunton-cvnet" #89: sent MR3, ISAKMP SA
established
Mar 25 14:27:39 mail Pluto[232]: "staunton-cvnet" #90: responding to Main
Mode
Mar 25 14:27:40 mail Pluto[232]: "staunton-cvnet" #90: sent MR3, ISAKMP SA
established
Mar 25 15:17:25 mail Pluto[232]: "staunton-cvnet" #91: responding to Main
Mode
Mar 25 15:17:25 mail Pluto[232]: "staunton-cvnet" #91: sent MR3, ISAKMP SA
established
Mar 25 16:00:44 mail Pluto[232]: "staunton-cvnet" #92: responding to Main
Mode
Mar 25 16:00:44 mail Pluto[232]: "staunton-cvnet" #92: sent MR3, ISAKMP SA
established
Mar 25 16:49:00 mail Pluto[232]: "staunton-cvnet" #93: responding to Main
Mode
Mar 25 16:49:00 mail Pluto[232]: "staunton-cvnet" #93: sent MR3, ISAKMP SA
established
Mar 25 17:31:11 mail Pluto[232]: "staunton-cvnet" #94: responding to Main
Mode
Mar 25 17:31:11 mail Pluto[232]: "staunton-cvnet" #94: regenerating DH
private secret to avoid Pluto 1.0 bug handling public value with leading
zero
Mar 25 17:31:11 mail Pluto[232]: "staunton-cvnet" #94: sent MR3, ISAKMP SA
established
Mar 25 18:19:53 mail Pluto[232]: "staunton-cvnet" #95: responding to Main
Mode
Mar 25 18:19:53 mail Pluto[232]: "staunton-cvnet" #95: sent MR3, ISAKMP SA
established
Mar 25 19:03:23 mail Pluto[232]: "staunton-cvnet" #96: responding to Main
Mode
Mar 25 19:03:23 mail Pluto[232]: "staunton-cvnet" #96: sent MR3, ISAKMP SA
established
Mar 25 19:50:20 mail Pluto[232]: "staunton-cvnet" #97: responding to Main
Mode
Mar 25 19:50:21 mail Pluto[232]: "staunton-cvnet" #97: sent MR3, ISAKMP SA
established
Mar 25 20:35:28 mail Pluto[232]: "staunton-cvnet" #98: responding to Main
Mode
Mar 25 20:35:28 mail Pluto[232]: "staunton-cvnet" #98: sent MR3, ISAKMP SA
established
Mar 25 21:19:49 mail Pluto[232]: "staunton-cvnet" #99: responding to Main
Mode
Mar 25 21:19:49 mail Pluto[232]: "staunton-cvnet" #99: sent MR3, ISAKMP SA
established
Mar 25 22:03:52 mail Pluto[232]: "staunton-cvnet" #100: responding to Main
Mode
Mar 25 22:03:52 mail Pluto[232]: "staunton-cvnet" #100: sent MR3, ISAKMP SA
established
Mar 25 22:53:51 mail Pluto[232]: "staunton-cvnet" #101: responding to Main
Mode
Mar 25 22:53:52 mail Pluto[232]: "staunton-cvnet" #101: sent MR3, ISAKMP SA
established
Mar 25 23:42:55 mail Pluto[232]: "staunton-cvnet" #102: responding to Main
Mode
Mar 25 23:42:55 mail Pluto[232]: "staunton-cvnet" #102: sent MR3, ISAKMP SA
established
Mar 26 00:29:00 mail Pluto[232]: "staunton-cvnet" #103: responding to Main
Mode
Mar 26 00:29:00 mail Pluto[232]: "staunton-cvnet" #103: sent MR3, ISAKMP SA
established
Mar 26 01:11:49 mail Pluto[232]: "staunton-cvnet" #104: responding to Main
Mode
Mar 26 01:11:49 mail Pluto[232]: "staunton-cvnet" #104: sent MR3, ISAKMP SA
established
Mar 26 01:57:02 mail Pluto[232]: "staunton-cvnet" #105: responding to Main
Mode
Mar 26 01:57:03 mail Pluto[232]: "staunton-cvnet" #105: sent MR3, ISAKMP SA
established
Mar 26 02:42:24 mail Pluto[232]: "staunton-cvnet" #106: responding to Main
Mode
Mar 26 02:42:24 mail Pluto[232]: "staunton-cvnet" #106: sent MR3, ISAKMP SA
established
Mar 26 03:24:52 mail Pluto[232]: "staunton-cvnet" #107: responding to Main
Mode
Mar 26 03:24:52 mail Pluto[232]: "staunton-cvnet" #107: sent MR3, ISAKMP SA
established
Mar 26 04:13:52 mail Pluto[232]: "staunton-cvnet" #108: responding to Main
Mode
Mar 26 04:13:52 mail Pluto[232]: "staunton-cvnet" #108: sent MR3, ISAKMP SA
established
Mar 26 05:02:38 mail Pluto[232]: "staunton-cvnet" #109: responding to Main
Mode
Mar 26 05:02:39 mail Pluto[232]: "staunton-cvnet" #109: sent MR3, ISAKMP SA
established
Mar 26 05:53:24 mail Pluto[232]: "staunton-cvnet" #110: responding to Main
Mode
Mar 26 05:53:24 mail Pluto[232]: "staunton-cvnet" #110: sent MR3, ISAKMP SA
established
Mar 26 06:37:49 mail Pluto[232]: "staunton-cvnet" #111: responding to Main
Mode
Mar 26 06:37:49 mail Pluto[232]: "staunton-cvnet" #111: sent MR3, ISAKMP SA
established
Mar 26 07:27:42 mail Pluto[232]: "staunton-cvnet" #112: responding to Main
Mode
Mar 26 07:27:42 mail Pluto[232]: "staunton-cvnet" #112: sent MR3, ISAKMP SA
established
Mar 26 08:14:04 mail Pluto[232]: "staunton-cvnet" #113: responding to Main
Mode
Mar 26 08:14:04 mail Pluto[232]: "staunton-cvnet" #113: sent MR3, ISAKMP SA
established
Mar 26 08:29:31 mail Pluto[232]: "snet-cville" #114: responding to Quick
Mode
Mar 26 08:29:31 mail Pluto[232]: "snet-cville" #114: IPsec SA established
Mar 26 08:31:22 mail Pluto[232]: "staunton-cvnet" #115: responding to Quick
Mode
Mar 26 08:31:22 mail Pluto[232]: "staunton-cvnet" #115: IPsec SA established
Mar 26 08:33:00 mail Pluto[232]: "snet-cvnet" #116: responding to Quick Mode
Mar 26 08:33:00 mail Pluto[232]: "snet-cvnet" #116: IPsec SA established
Mar 26 08:37:03 mail Pluto[232]: "staunton-charlottesville" #117: responding
to Quick Mode
Mar 26 08:37:03 mail Pluto[232]: "staunton-charlottesville" #117: IPsec SA
established
Mar 26 08:58:07 mail Pluto[232]: "staunton-cvnet" #118: responding to Main
Mode
Mar 26 08:58:07 mail Pluto[232]: "staunton-cvnet" #118: sent MR3, ISAKMP SA
established
Mar 26 09:42:22 mail Pluto[232]: "staunton-cvnet" #119: responding to Main
Mode
Mar 26 09:42:23 mail Pluto[232]: "staunton-cvnet" #119: sent MR3, ISAKMP SA
established
Mar 26 10:25:10 mail Pluto[232]: "staunton-cvnet" #120: responding to Main
Mode
Mar 26 10:25:10 mail Pluto[232]: "staunton-cvnet" #120: sent MR3, ISAKMP SA
established
Mar 26 11:15:18 mail Pluto[232]: "staunton-cvnet" #121: responding to Main
Mode
Mar 26 11:15:18 mail Pluto[232]: "staunton-cvnet" #121: sent MR3, ISAKMP SA
established
Mar 26 11:58:17 mail Pluto[232]: "staunton-cvnet" #122: responding to Main
Mode
Mar 26 11:58:17 mail Pluto[232]: "staunton-cvnet" #122: sent MR3, ISAKMP SA
established
Mar 26 12:42:23 mail Pluto[232]: "staunton-cvnet" #123: responding to Main
Mode
Mar 26 12:42:24 mail Pluto[232]: "staunton-cvnet" #123: sent MR3, ISAKMP SA
established
Mar 26 13:29:48 mail Pluto[232]: "staunton-cvnet" #124: responding to Main
Mode
Mar 26 13:29:48 mail Pluto[232]: "staunton-cvnet" #124: sent MR3, ISAKMP SA
established
Mar 26 14:12:57 mail Pluto[232]: "staunton-cvnet" #125: responding to Main
Mode
Mar 26 14:12:57 mail Pluto[232]: "staunton-cvnet" #125: sent MR3, ISAKMP SA
established
Mar 26 15:03:45 mail Pluto[232]: "staunton-cvnet" #126: responding to Main
Mode
Mar 26 15:03:45 mail Pluto[232]: "staunton-cvnet" #126: sent MR3, ISAKMP SA
established
Mar 26 15:52:38 mail Pluto[232]: "staunton-cvnet" #127: responding to Main
Mode
Mar 26 15:52:39 mail Pluto[232]: "staunton-cvnet" #127: sent MR3, ISAKMP SA
established
Mar 26 16:40:44 mail Pluto[232]: "staunton-cvnet" #128: responding to Main
Mode
Mar 26 16:40:44 mail Pluto[232]: "staunton-cvnet" #128: sent MR3, ISAKMP SA
established
Mar 26 17:25:38 mail Pluto[232]: "staunton-cvnet" #129: responding to Main
Mode
Mar 26 17:25:38 mail Pluto[232]: "staunton-cvnet" #129: sent MR3, ISAKMP SA
established
Mar 26 18:07:51 mail Pluto[232]: "staunton-cvnet" #130: responding to Main
Mode
Mar 26 18:07:51 mail Pluto[232]: "staunton-cvnet" #130: sent MR3, ISAKMP SA
established
Mar 26 18:57:58 mail Pluto[232]: "staunton-cvnet" #131: responding to Main
Mode
Mar 26 18:57:59 mail Pluto[232]: "staunton-cvnet" #131: sent MR3, ISAKMP SA
established
Mar 26 19:41:52 mail Pluto[232]: "staunton-cvnet" #132: responding to Main
Mode
Mar 26 19:41:52 mail Pluto[232]: "staunton-cvnet" #132: sent MR3, ISAKMP SA
established
Mar 26 20:31:08 mail Pluto[232]: "staunton-cvnet" #133: responding to Main
Mode
Mar 26 20:31:08 mail Pluto[232]: "staunton-cvnet" #133: sent MR3, ISAKMP SA
established
Mar 26 21:16:20 mail Pluto[232]: "staunton-cvnet" #134: responding to Main
Mode
Mar 26 21:16:20 mail Pluto[232]: "staunton-cvnet" #134: sent MR3, ISAKMP SA
established
Mar 26 22:01:01 mail Pluto[232]: "staunton-cvnet" #135: responding to Main
Mode
Mar 26 22:01:02 mail Pluto[232]: "staunton-cvnet" #135: sent MR3, ISAKMP SA
established
Mar 26 22:44:31 mail Pluto[232]: "staunton-cvnet" #136: responding to Main
Mode
Mar 26 22:44:31 mail Pluto[232]: "staunton-cvnet" #136: sent MR3, ISAKMP SA
established
Mar 26 23:33:03 mail Pluto[232]: "staunton-cvnet" #137: responding to Main
Mode
Mar 26 23:33:03 mail Pluto[232]: "staunton-cvnet" #137: sent MR3, ISAKMP SA
established
Mar 27 00:18:11 mail Pluto[232]: "staunton-cvnet" #138: responding to Main
Mode
Mar 27 00:18:11 mail Pluto[232]: "staunton-cvnet" #138: sent MR3, ISAKMP SA
established
Mar 27 01:08:39 mail Pluto[232]: "staunton-cvnet" #139: responding to Main
Mode
Mar 27 01:08:40 mail Pluto[232]: "staunton-cvnet" #139: sent MR3, ISAKMP SA
established
Mar 27 01:54:57 mail Pluto[232]: "staunton-cvnet" #140: responding to Main
Mode
Mar 27 01:54:57 mail Pluto[232]: "staunton-cvnet" #140: sent MR3, ISAKMP SA
established
Mar 27 02:39:50 mail Pluto[232]: "staunton-cvnet" #141: responding to Main
Mode
Mar 27 02:39:50 mail Pluto[232]: "staunton-cvnet" #141: sent MR3, ISAKMP SA
established
Mar 27 03:23:43 mail Pluto[232]: "staunton-cvnet" #142: responding to Main
Mode
Mar 27 03:23:43 mail Pluto[232]: "staunton-cvnet" #142: sent MR3, ISAKMP SA
established
Mar 27 04:08:52 mail Pluto[232]: "staunton-cvnet" #143: responding to Main
Mode
Mar 27 04:08:52 mail Pluto[232]: "staunton-cvnet" #143: sent MR3, ISAKMP SA
established
Mar 27 04:58:07 mail Pluto[232]: "staunton-cvnet" #144: responding to Main
Mode
Mar 27 04:58:08 mail Pluto[232]: "staunton-cvnet" #144: sent MR3, ISAKMP SA
established
Mar 27 05:44:04 mail Pluto[232]: "staunton-cvnet" #145: responding to Main
Mode
Mar 27 05:44:04 mail Pluto[232]: "staunton-cvnet" #145: sent MR3, ISAKMP SA
established
Mar 27 06:31:03 mail Pluto[232]: "staunton-cvnet" #146: responding to Main
Mode
Mar 27 06:31:03 mail Pluto[232]: "staunton-cvnet" #146: sent MR3, ISAKMP SA
established
Mar 27 07:14:36 mail Pluto[232]: "staunton-cvnet" #147: responding to Main
Mode
Mar 27 07:14:36 mail Pluto[232]: "staunton-cvnet" #147: sent MR3, ISAKMP SA
established
Mar 27 08:01:26 mail Pluto[232]: "staunton-cvnet" #148: responding to Main
Mode
Mar 27 08:01:27 mail Pluto[232]: "staunton-cvnet" #148: sent MR3, ISAKMP SA
established
Mar 27 08:13:21 mail Pluto[232]: "snet-cville" #149: responding to Quick
Mode
Mar 27 08:13:21 mail Pluto[232]: "snet-cville" #149: IPsec SA established
Mar 27 08:15:55 mail Pluto[232]: "snet-cvnet" #150: responding to Quick Mode
Mar 27 08:15:55 mail Pluto[232]: "snet-cvnet" #150: IPsec SA established
Mar 27 08:16:41 mail Pluto[232]: "staunton-cvnet" #151: responding to Quick
Mode
Mar 27 08:16:41 mail Pluto[232]: "staunton-cvnet" #151: IPsec SA established
Mar 27 08:23:07 mail Pluto[232]: "staunton-charlottesville" #152: responding
to Quick Mode
Mar 27 08:23:07 mail Pluto[232]: "staunton-charlottesville" #152: IPsec SA
established
Mar 27 08:43:28 mail Pluto[232]: "staunton-cvnet" #153: responding to Main
Mode
Mar 27 08:43:29 mail Pluto[232]: "staunton-cvnet" #153: sent MR3, ISAKMP SA
established
Mar 27 09:33:11 mail Pluto[232]: "staunton-cvnet" #154: responding to Main
Mode
Mar 27 09:33:11 mail Pluto[232]: "staunton-cvnet" #154: sent MR3, ISAKMP SA
established
Mar 27 10:19:44 mail Pluto[232]: "staunton-cvnet" #155: responding to Main
Mode
Mar 27 10:19:44 mail Pluto[232]: "staunton-cvnet" #155: sent MR3, ISAKMP SA
established
Mar 27 11:07:38 mail Pluto[232]: "staunton-cvnet" #156: responding to Main
Mode
Mar 27 11:07:39 mail Pluto[232]: "staunton-cvnet" #156: sent MR3, ISAKMP SA
established
Mar 27 11:57:08 mail Pluto[232]: "staunton-cvnet" #157: responding to Main
Mode
Mar 27 11:57:08 mail Pluto[232]: "staunton-cvnet" #157: sent MR3, ISAKMP SA
established
Mar 27 12:41:33 mail Pluto[232]: "staunton-cvnet" #158: responding to Main
Mode
Mar 27 12:41:33 mail Pluto[232]: "staunton-cvnet" #158: sent MR3, ISAKMP SA
established
Mar 27 13:26:32 mail Pluto[232]: "staunton-cvnet" #159: responding to Main
Mode
Mar 27 13:26:32 mail Pluto[232]: "staunton-cvnet" #159: sent MR3, ISAKMP SA
established
Mar 27 14:09:55 mail Pluto[232]: "staunton-cvnet" #160: responding to Main
Mode
Mar 27 14:09:56 mail Pluto[232]: "staunton-cvnet" #160: sent MR3, ISAKMP SA
established
Mar 27 14:54:34 mail Pluto[232]: "staunton-cvnet" #161: responding to Main
Mode
Mar 27 14:54:34 mail Pluto[232]: "staunton-cvnet" #161: sent MR3, ISAKMP SA
established
Mar 27 15:38:39 mail Pluto[232]: "staunton-cvnet" #162: responding to Main
Mode
Mar 27 15:38:39 mail Pluto[232]: "staunton-cvnet" #162: sent MR3, ISAKMP SA
established
+ _________________________ date
+ date
Wed Mar 27 16:23:39 EST 2002

-----------------
Michael Blinn
IT Guy, People Places, Inc.
mblinn_at_peopleplaces.org
-----------------
...No man is an island, entire of itself; every man is a piece of the
continent, a part of the main. If a clod be washed away by the sea, Europe
is the less, as well as if a promontory were, as well as if a manor of thy
friend's or of thine own were. Any man's death diminishes me, because I am
involved in mankind; and therefore never send to know for whom the bell
tolls; it tolls for thee... - Meditation 17, Devotions Upon Emergent
Occasions, 1624

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

Next message: Jason A. Pattie: "[Users] SSHSentinel and OpenSSL generated X.509 certificates"
Previous message: Stephen J Bevan: "Re: [Users] Securing specific ports with freeswan"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:47 CEST