Hi,
I'm just getting started with IPsec, FreeS/WAN and SSH Sentinel and I've
tried a lot of different things, yet nothing seems to help.
First, my network topography:
[On the Left Side]
<< Internal LAN >> -- Gateway, Firewall, FreeS/WAN server -- ISP
Gateway
192.168.1.2-60 -- 208.241.157.38 -- 208.241.157.33
[On the Right Side]
RR Cable Modem -- SMB Router -- Me (Win2K Workstation)
?? -- 66.57.8.199 -- 192.168.2.30
I've followed the directions from ssh.com, in setting up a shared key for
SSH Sentinel & in the ipsec.secrets file:
http://www.ssh.com/products/sentinel/SSH-Sentinel-Examples.pdf
So when I tried to connect, I saw these messages in the log:
Apr 24 12:00:53 central Pluto[3210]: "journalistic-jasonhome" 66.57.8.199
#1: ignoring informational payload, type IPSEC_INITIAL_CONTACT
Apr 24 12:00:53 central Pluto[3210]: "journalistic-jasonhome" 66.57.8.199
#1: no suitable connection for peer '192.168.2.30'
I found a mention in the FAQ about that (which still didn't clear the issue
with me) - it got me to thinking that perhaps IPsec was getting confused
that the request was coming from one IP address, while it was really some
other IP address. I also saw somewhere in the list archives that you can
put "rightfirewall=yes" in the ipsec.conf file - I tried that and same
result. So I took the router out of the topography, hooking up my
workstation directly to the RR cable modem, and tried the same thing, this
time getting a different message:
Apr 24 10:29:20 central Pluto[2593]: packet from 66.26.242.131:500:
Informational Exchange is for an unknown (expired?) SA
Apr 24 10:29:29 central Pluto[2593]: packet from 66.26.242.131:500: ignoring
Vendor ID payload
Apr 24 10:29:29 central Pluto[2593]: "journalistic-jasonhome" 66.26.242.131
#1: responding to Main Mode from unknown peer 66.26.242.131
Apr 24 10:29:30 central Pluto[2593]: "journalistic-jasonhome" 66.26.242.131
#1: ignoring informational payload, type IPSEC_INITIAL_CONTACT
Apr 24 10:29:30 central Pluto[2593]: "journalistic-jasonhome" 66.26.242.131
#1: sent MR3, ISAKMP SA established
Apr 24 10:29:30 central Pluto[2593]: "journalistic-jasonhome" 66.26.242.131
#2: we require PFS but Quick I1 SA specifies no GROUP_DESCRIPTION
Apr 24 10:29:31 central Pluto[2593]: "journalistic-jasonhome" 66.26.242.131
#1: Quick Mode I1 message is unacceptable because it uses a previously used
Message ID 0xaf07d2c4 (perhaps this is a duplicated packet)
Apr 24 10:29:55 central last message repeated 4 times
I'm not comfortable with taking the router out of the equation, though - I'd
like the solution to keep the router there, so others in my workgroup can
share other services (internet and printer).
I have a feeling I'm missing something, but I don't know what it is. I've
pasted below output from 'ipsec barf' for better context. I appreciate your
time and assistance. :)
Cheers,
Jason
-- 'ipsec barf' output --
central
Wed Apr 24 12:06:06 EDT 2002
+ _________________________ version
+ ipsec --version
Linux FreeS/WAN 1.97
See `ipsec --copyright' for copyright information.
+ _________________________ proc/version
+ cat /proc/version
Linux version 2.4.18 (root_at_central) (gcc version 2.95.3 20010315 (release))
#9 SMP Tue Apr 23 09:39:25 EDT 2002
+ _________________________ proc/net/ipsec_eroute
+ sort +3 /proc/net/ipsec_eroute
+ _________________________ proc/net/ipsec_spi
+ cat /proc/net/ipsec_spi
+ _________________________ proc/net/ipsec_spigrp
+ cat /proc/net/ipsec_spigrp
+ _________________________ netstart-rn
+ netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt
Iface
208.241.157.32 0.0.0.0 255.255.255.224 U 40 0 0
eth0
208.241.157.32 0.0.0.0 255.255.255.224 U 40 0 0
ipsec0
192.168.1.0 0.0.0.0 255.255.255.0 U 40 0 0
eth1
0.0.0.0 208.241.157.33 0.0.0.0 UG 40 0 0
eth0
+ _________________________ proc/net/ipsec_tncfg
+ cat /proc/net/ipsec_tncfg
ipsec0 -> eth0 mtu=16260(1500) -> 1500
ipsec1 -> NULL mtu=0(0) -> 0
ipsec2 -> NULL mtu=0(0) -> 0
ipsec3 -> NULL mtu=0(0) -> 0
+ _________________________ proc/net/pf_key
+ cat /proc/net/pf_key
sock pid socket next prev e n p sndbf Flags Type St
c11c8380 3210 c321d380 0 0 0 0 2 65535 00000000 3 1
+ _________________________ proc/net/pf_key-star
+ cd /proc/net
+ egrep '^' pf_key_registered pf_key_supported
pf_key_registered:satype socket pid sk
pf_key_registered: 2 c321d380 3210 c11c8380
pf_key_registered: 3 c321d380 3210 c11c8380
pf_key_registered: 9 c321d380 3210 c11c8380
pf_key_registered: 10 c321d380 3210 c11c8380
pf_key_supported:satype exttype alg_id ivlen minbits maxbits
pf_key_supported: 2 14 3 0 160 160
pf_key_supported: 2 14 2 0 128 128
pf_key_supported: 3 15 3 128 168 168
pf_key_supported: 3 14 3 0 160 160
pf_key_supported: 3 14 2 0 128 128
pf_key_supported: 9 15 1 0 32 32
pf_key_supported: 10 15 2 0 1 1
+ _________________________ proc/sys/net/ipsec-star
+ cd /proc/sys/net/ipsec
+ egrep '^' debug_ah debug_eroute debug_esp debug_ipcomp debug_netlink
debug_pfkey debug_radij debug_rcv debug_spi debug_tunnel debug_verbose
debug_xform icmp inbound_policy_check tos
debug_ah:0
debug_eroute:0
debug_esp:0
debug_ipcomp:0
debug_netlink:0
debug_pfkey:0
debug_radij:0
debug_rcv:0
debug_spi:0
debug_tunnel:0
debug_verbose:0
debug_xform:0
icmp:1
inbound_policy_check:1
tos:1
+ _________________________ ipsec/status
+ ipsec auto --status
000 interface ipsec0/eth0 208.241.157.38
000
000 "journalistic-jasonhome":
192.168.1.0/24===208.241.157.38---208.241.157.33...%any
000 "journalistic-jasonhome": ike_life: 14400s; ipsec_life: 3600s;
rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
000 "journalistic-jasonhome": policy:
PSK+ENCRYPT+TUNNEL+PFS+DISABLEARRIVALCHECK; interface: eth0; unrouted
000 "journalistic-jasonhome": newest ISAKMP SA: #0; newest IPsec SA: #0;
eroute owner: #0
000
+ _________________________ ifconfig-a
+ ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:40:33:A1:74:59
inet addr:208.241.157.38 Bcast:208.241.157.63
Mask:255.255.255.224
IPX/Ethernet II addr:00000021:004033A17459
IPX/Ethernet 802.2 addr:00000020:004033A17459
IPX/Ethernet 802.3 addr:5CDF0306:004033A17459
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:91681 errors:0 dropped:0 overruns:0 frame:0
TX packets:34515 errors:0 dropped:0 overruns:0 carrier:0
collisions:395
RX bytes:15200911 (14.4 Mb) TX bytes:8831388 (8.4 Mb)
eth1 Link encap:Ethernet HWaddr 00:E0:7D:74:2E:6C
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
IPX/Ethernet 802.2 addr:02000000:00E07D742E6C
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:21198 errors:0 dropped:0 overruns:0 frame:0
TX packets:25042 errors:0 dropped:0 overruns:0 carrier:0
collisions:13
RX bytes:6979763 (6.6 Mb) TX bytes:6440878 (6.1 Mb)
ipddp0 Link encap:UNSPEC HWaddr
00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
BROADCAST NOARP MULTICAST MTU:585 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
ipsec0 Link encap:Ethernet HWaddr 00:40:33:A1:74:59
inet addr:208.241.157.38 Mask:255.255.255.224
UP RUNNING NOARP MTU:16260 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
ipsec1 Link encap:IPIP Tunnel HWaddr
NOARP MTU:0 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
ipsec2 Link encap:IPIP Tunnel HWaddr
NOARP MTU:0 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
ipsec3 Link encap:IPIP Tunnel HWaddr
NOARP MTU:0 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:52 errors:0 dropped:0 overruns:0 frame:0
TX packets:52 errors:0 dropped:0 overruns:0 carrier:0
collisions:0
RX bytes:4392 (4.2 Kb) TX bytes:4392 (4.2 Kb)
tunl0 Link encap:IPIP Tunnel HWaddr
NOARP MTU:1480 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
+ _________________________ ipsec/directory
+ ipsec --directory
/usr/local/lib/ipsec
+ _________________________ hostname/fqdn
+ hostname --fqdn
central.journalistic.com
+ _________________________ hostname/ipaddress
+ hostname --ip-address
208.241.157.38
+ _________________________ uptime
+ uptime
12:06pm up 1 day, 2:23, 2 users, load average: 0.68, 0.73, 0.72
+ _________________________ ps
+ ps alxwf
+ egrep -i 'ppid|pluto|ipsec|klips'
F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME COMMAND
000 0 3383 2647 9 0 2152 952 wait4 S pts/0 0:00
\_ /bin/sh /usr/local/sbin/ipsec barf
000 0 3384 3383 17 0 2180 1012 wait4 S pts/0 0:00
\_ /bin/sh /usr/local/lib/ipsec/barf
040 0 3431 3384 16 0 2180 1012 - R pts/0 0:00
\_ /bin/sh /usr/local/lib/ipsec/barf
040 0 3203 1 9 0 2176 992 wait4 S pts/0 0:00 /bin/sh
/usr/local/lib/ipsec/_plutorun --debug none --uniqueids
040 0 3205 3203 9 0 2176 996 wait4 S pts/0 0:00 \_
/bin/sh /usr/local/lib/ipsec/_plutorun --debug none --uniqu
100 0 3210 3205 9 0 1944 920 do_sel S pts/0 0:00 | \_
/usr/local/lib/ipsec/pluto --nofork --debug-none --uniq
000 0 3211 3210 9 0 1352 304 do_sel S pts/0 0:00 |
\_ _pluto_adns 7 10
000 0 3206 3203 8 0 2160 992 pipe_w S pts/0 0:00 \_
/bin/sh /usr/local/lib/ipsec/_plutoload --load %search --st
000 0 3204 1 9 0 1284 384 pipe_w S pts/0 0:00
logger -p daemon.error -t ipsec__plutorun
+ _________________________ ipsec/showdefaults
+ ipsec showdefaults
routephys=eth0
routephys=eth0
routevirt=ipsec0
routevirt=ipsec0
routeaddr=208.241.157.38
routeaddr=208.241.157.38
routenexthop=208.241.157.33
routenexthop=208.241.157.33
defaultroutephys=eth0
defaultroutevirt=ipsec0
defaultrouteaddr=208.241.157.38
defaultroutenexthop=208.241.157.33
+ _________________________ ipsec/conf
+ ipsec _include /etc/ipsec.conf
+ ipsec _keycensor
#< /etc/ipsec.conf 1
# /etc/ipsec.conf - FreeS/WAN IPsec configuration file
# More elaborate and more varied sample configurations can be found
# in FreeS/WAN's doc/examples file, and in the HTML documentation.
# basic configuration
config setup
# THIS SETTING MUST BE CORRECT or almost nothing will work;
# %defaultroute is okay for most simple cases.
interfaces=%defaultroute
# Debug-logging controls: "none" for (almost) none, "all" for lots.
klipsdebug=none
plutodebug=none
# Use auto= parameters in conn descriptions to control startup actions.
plutoload=%search
plutostart=%search
# Close down old connection when new one using same ID shows up.
uniqueids=yes
# defaults for subsequent connection descriptions
# (these defaults will soon go away)
conn %default
# JWP: put '0' back when done testing
keyingtries=0
#keyingtries=1
authby=secret
# connection description for opportunistic encryption
# (requires KEY record in your DNS reverse map; see doc/opportunism.howto)
conn journalistic-jasonhome
type=tunnel
left=%defaultroute
leftsubnet=192.168.1.0/24
right=%any
rightfirewall=yes
keyexchange=ike
ikelifetime=240m
keylife=60m
pfs=yes
compress=no
authby=secret
auto=add
+ _________________________ ipsec/secrets
+ ipsec _include /etc/ipsec.secrets
+ ipsec _secretcensor
#< /etc/ipsec.secrets 1
# This file holds shared secrets or RSA private keys for inter-Pluto
# authentication. See ipsec_pluto(8) manpage, and HTML documentation.
# Got this from ssh.com/products/sentinel/SSH-Sentinel-Examples.pdf
208.241.157.38 %any: PSK "[sums to 1390...]"
# RSA private key for this host, authenticating it to any other host
# which knows the public part. Suitable public keys, for ipsec.conf, DNS,
# or configuration of other implementations, can be extracted conveniently
# with "[sums to ef67...]".
: RSA {
# RSA 2192 bits central Mon Apr 22 17:24:08 2002
# for signatures only, UNSAFE FOR ENCRYPTION
#pubkey=[keyid AQPCWACHn]
#IN KEY 0x4200 4 1 [keyid AQPCWACHn]
# (0x4200 = auth-only host-level, 4 = IPSec, 1 = RSA)
Modulus: [...]
PublicExponent: [...]
# everything after this point is secret
PrivateExponent: [...]
Prime1: [...]
Prime2: [...]
Exponent1: [...]
Exponent2: [...]
Coefficient: [...]
}
# do not change the indenting of that "[sums to 7d9d...]"
+ _________________________ ipsec/ls-dir
+ ls -l /usr/local/lib/ipsec
total 3572
-rwxr-xr-x 1 root root 11085 Apr 23 09:03 _confread
-rwxr-xr-x 1 root root 11085 Apr 22 17:24 _confread.old
-rwxr-xr-x 1 root root 37408 Apr 23 09:03 _copyright
-rwxr-xr-x 1 root root 37408 Apr 22 17:24 _copyright.old
-rwxr-xr-x 1 root root 2163 Apr 23 09:03 _include
-rwxr-xr-x 1 root root 2163 Apr 22 17:24 _include.old
-rwxr-xr-x 1 root root 1472 Apr 23 09:03 _keycensor
-rwxr-xr-x 1 root root 1472 Apr 22 17:24 _keycensor.old
-rwxr-xr-x 1 root root 60744 Apr 23 09:03 _pluto_adns
-rwxr-xr-x 1 root root 60744 Apr 22 17:24 _pluto_adns.old
-rwxr-xr-x 1 root root 3495 Apr 23 09:03 _plutoload
-rwxr-xr-x 1 root root 3495 Apr 22 17:24 _plutoload.old
-rwxr-xr-x 1 root root 4265 Apr 23 09:03 _plutorun
-rwxr-xr-x 1 root root 4265 Apr 22 17:24 _plutorun.old
-rwxr-xr-x 1 root root 7294 Apr 23 09:03 _realsetup
-rwxr-xr-x 1 root root 7294 Apr 22 17:24 _realsetup.old
-rwxr-xr-x 1 root root 1971 Apr 23 09:03 _secretcensor
-rwxr-xr-x 1 root root 1971 Apr 22 17:24 _secretcensor.old
-rwxr-xr-x 1 root root 6839 Apr 23 09:03 _startklips
-rwxr-xr-x 1 root root 6839 Apr 22 17:24 _startklips.old
-rwxr-xr-x 1 root root 5014 Apr 23 09:03 _updown
-rwxr-xr-x 1 root root 5014 Apr 22 17:24 _updown.old
-rwxr-xr-x 1 root root 10912 Apr 23 09:03 auto
-rwxr-xr-x 1 root root 10912 Apr 22 17:24 auto.old
-rwxr-xr-x 1 root root 7132 Apr 23 09:03 barf
-rwxr-xr-x 1 root root 7132 Apr 22 17:24 barf.old
-rwxr-xr-x 1 root root 197972 Apr 23 09:03 eroute
-rwxr-xr-x 1 root root 87365 Apr 23 09:03 ikeping
-rwxr-xr-x 1 root root 87365 Apr 22 17:24 ikeping.old
-rwxr-xr-x 1 root root 2915 Apr 23 09:03 ipsec
-rwxr-xr-x 1 root root 2915 Apr 22 17:24 ipsec.old
-rw-r--r-- 1 root root 1950 Apr 23 09:03 ipsec_pr.template
-rwxr-xr-x 1 root root 139707 Apr 23 09:03 klipsdebug
-rwxr-xr-x 1 root root 2437 Apr 23 09:03 look
-rwxr-xr-x 1 root root 2437 Apr 22 17:24 look.old
-rwxr-xr-x 1 root root 16157 Apr 23 09:03 manual
-rwxr-xr-x 1 root root 16157 Apr 22 17:24 manual.old
-rwxr-xr-x 1 root root 1847 Apr 23 09:03 newhostkey
-rwxr-xr-x 1 root root 1847 Apr 22 17:24 newhostkey.old
-rwxr-xr-x 1 root root 115926 Apr 23 09:03 pf_key
-rwxr-xr-x 1 root root 757464 Apr 23 09:03 pluto
-rwxr-xr-x 1 root root 757464 Apr 22 17:24 pluto.old
-rwxr-xr-x 1 root root 43905 Apr 23 09:03 ranbits
-rwxr-xr-x 1 root root 43905 Apr 22 17:24 ranbits.old
-rwxr-xr-x 1 root root 69522 Apr 23 09:03 rsasigkey
-rwxr-xr-x 1 root root 69522 Apr 22 17:24 rsasigkey.old
-rwxr-xr-x 1 root root 16671 Apr 23 09:03 send-pr
-rwxr-xr-x 1 root root 16671 Apr 22 17:24 send-pr.old
lrwxrwxrwx 1 root root 22 Apr 23 09:03 setup ->
/etc/rc.d/init.d/ipsec
-rwxr-xr-x 1 root root 1041 Apr 23 09:03 showdefaults
-rwxr-xr-x 1 root root 1041 Apr 22 17:24 showdefaults.old
-rwxr-xr-x 1 root root 3484 Apr 23 09:03 showhostkey
-rwxr-xr-x 1 root root 3484 Apr 22 17:24 showhostkey.old
-rwxr-xr-x 1 root root 225616 Apr 23 09:03 spi
-rwxr-xr-x 1 root root 174919 Apr 23 09:03 spigrp
-rwxr-xr-x 1 root root 56414 Apr 23 09:03 tncfg
-rwxr-xr-x 1 root root 124175 Apr 23 09:03 whack
-rwxr-xr-x 1 root root 124175 Apr 22 17:24 whack.old
+ _________________________ ipsec/updowns
++ ls /usr/local/lib/ipsec
++ egrep updown
+ cat /usr/local/lib/ipsec/_updown
#! /bin/sh
# default updown script
# Copyright (C) 2000, 2001 D. Hugh Redelmeier, Henry Spencer
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 2 of the License, or (at your
# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
# for more details.
#
# RCSID $Id: _updown,v 1.19 2002/03/25 18:04:42 henry Exp $
# CAUTION: Installing a new version of FreeS/WAN will install a new
# copy of this script, wiping out any custom changes you make. If
# you need changes, make a copy of this under another name, and customize
# that, and use the (left/right)updown parameters in ipsec.conf to make
# FreeS/WAN use yours instead of this default one.
# check interface version
case "$PLUTO_VERSION" in
1.[0]) # Older Pluto?!? Play it safe, script may be using new features.
echo "$0: obsolete interface version \`$PLUTO_VERSION'," >&2
echo "$0: called by obsolete Pluto?" >&2
exit 2
;;
1.*) ;;
*) echo "$0: unknown interface version \`$PLUTO_VERSION'" >&2
exit 2
;;
esac
# check parameter(s)
case "$1:$*" in
':') # no parameters
;;
ipfwadm:ipfwadm) # due to (left/right)firewall; for default script only
;;
custom:*) # custom parameters (see above CAUTION comment)
;;
*) echo "$0: unknown parameters \`$*'" >&2
exit 2
;;
esac
# utility functions for route manipulation
# Meddling with this stuff should not be necessary and requires great care.
uproute() {
doroute add
}
downroute() {
doroute del
}
doroute() {
parms="-net $PLUTO_PEER_CLIENT_NET netmask $PLUTO_PEER_CLIENT_MASK"
parms2="dev $PLUTO_INTERFACE gw $PLUTO_NEXT_HOP"
case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in
"0.0.0.0/0.0.0.0")
# horrible kludge for obscure routing bug with opportunistic
it="route $1 -net 0.0.0.0 netmask 128.0.0.0 $parms2 &&
route $1 -net 128.0.0.0 netmask 128.0.0.0 $parms2"
;;
*) it="route $1 $parms $parms2"
;;
esac
eval $it
st=$?
if test $st -ne 0
then
# route has already given its own cryptic message
echo "$0: \`$it' failed" >&2
if test " $1 $st" = " add 7"
then
# another totally undocumented interface -- 7 and
# "SIOCADDRT: Network is unreachable" means that
# the gateway isn't reachable.
echo "$0: (incorrect or missing nexthop setting??)" >&2
fi
fi
return $st
}
# the big choice
case "$PLUTO_VERB:$1" in
prepare-host:*|prepare-client:*)
# delete possibly-existing route (preliminary to adding a route)
case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in
"0.0.0.0/0.0.0.0")
# horrible kludge for obscure routing bug with opportunistic
it="route del -net 0.0.0.0 netmask 128.0.0.0 2>&1 ;
route del -net 128.0.0.0 netmask 128.0.0.0 2>&1"
;;
*)
it="route del -net $PLUTO_PEER_CLIENT_NET \
netmask $PLUTO_PEER_CLIENT_MASK 2>&1"
;;
esac
oops="`eval $it`"
status="$?"
if test " $oops" = " " -a " $status" != " 0"
then
oops="silent error, exit status $status"
fi
case "$oops" in
'SIOCDELRT: No such process'*)
# This is what route (currently -- not documented!) gives
# for "could not find such a route".
oops=
status=0
;;
esac
if test " $oops" != " " -o " $status" != " 0"
then
echo "$0: \`$it' failed ($oops)" >&2
fi
exit $status
;;
route-host:*|route-client:*)
# connection to me or my client subnet being routed
uproute
;;
unroute-host:*|unroute-client:*)
# connection to me or my client subnet being unrouted
downroute
;;
up-host:*)
# connection to me coming up
# If you are doing a custom version, firewall commands go here.
;;
down-host:*)
# connection to me going down
# If you are doing a custom version, firewall commands go here.
;;
up-client:)
# connection to my client subnet coming up
# If you are doing a custom version, firewall commands go here.
;;
down-client:)
# connection to my client subnet going down
# If you are doing a custom version, firewall commands go here.
;;
up-client:ipfwadm)
# connection to client subnet, with (left/right)firewall=yes, coming up
# This is used only by the default updown script, not by your custom
# ones, so do not mess with it; see CAUTION comment up at top.
ipfwadm -F -i accept -b -S $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \
-D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK
;;
down-client:ipfwadm)
# connection to client subnet, with (left/right)firewall=yes, going down
# This is used only by the default updown script, not by your custom
# ones, so do not mess with it; see CAUTION comment up at top.
ipfwadm -F -d accept -b -S $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \
-D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK
;;
*) echo "$0: unknown verb \`$PLUTO_VERB' or parameter \`$1'" >&2
exit 1
;;
esac
+ cat /usr/local/lib/ipsec/_updown.old
#! /bin/sh
# default updown script
# Copyright (C) 2000, 2001 D. Hugh Redelmeier, Henry Spencer
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 2 of the License, or (at your
# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
# for more details.
#
# RCSID $Id: _updown,v 1.19 2002/03/25 18:04:42 henry Exp $
# CAUTION: Installing a new version of FreeS/WAN will install a new
# copy of this script, wiping out any custom changes you make. If
# you need changes, make a copy of this under another name, and customize
# that, and use the (left/right)updown parameters in ipsec.conf to make
# FreeS/WAN use yours instead of this default one.
# check interface version
case "$PLUTO_VERSION" in
1.[0]) # Older Pluto?!? Play it safe, script may be using new features.
echo "$0: obsolete interface version \`$PLUTO_VERSION'," >&2
echo "$0: called by obsolete Pluto?" >&2
exit 2
;;
1.*) ;;
*) echo "$0: unknown interface version \`$PLUTO_VERSION'" >&2
exit 2
;;
esac
# check parameter(s)
case "$1:$*" in
':') # no parameters
;;
ipfwadm:ipfwadm) # due to (left/right)firewall; for default script only
;;
custom:*) # custom parameters (see above CAUTION comment)
;;
*) echo "$0: unknown parameters \`$*'" >&2
exit 2
;;
esac
# utility functions for route manipulation
# Meddling with this stuff should not be necessary and requires great care.
uproute() {
doroute add
}
downroute() {
doroute del
}
doroute() {
parms="-net $PLUTO_PEER_CLIENT_NET netmask $PLUTO_PEER_CLIENT_MASK"
parms2="dev $PLUTO_INTERFACE gw $PLUTO_NEXT_HOP"
case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in
"0.0.0.0/0.0.0.0")
# horrible kludge for obscure routing bug with opportunistic
it="route $1 -net 0.0.0.0 netmask 128.0.0.0 $parms2 &&
route $1 -net 128.0.0.0 netmask 128.0.0.0 $parms2"
;;
*) it="route $1 $parms $parms2"
;;
esac
eval $it
st=$?
if test $st -ne 0
then
# route has already given its own cryptic message
echo "$0: \`$it' failed" >&2
if test " $1 $st" = " add 7"
then
# another totally undocumented interface -- 7 and
# "SIOCADDRT: Network is unreachable" means that
# the gateway isn't reachable.
echo "$0: (incorrect or missing nexthop setting??)" >&2
fi
fi
return $st
}
# the big choice
case "$PLUTO_VERB:$1" in
prepare-host:*|prepare-client:*)
# delete possibly-existing route (preliminary to adding a route)
case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in
"0.0.0.0/0.0.0.0")
# horrible kludge for obscure routing bug with opportunistic
it="route del -net 0.0.0.0 netmask 128.0.0.0 2>&1 ;
route del -net 128.0.0.0 netmask 128.0.0.0 2>&1"
;;
*)
it="route del -net $PLUTO_PEER_CLIENT_NET \
netmask $PLUTO_PEER_CLIENT_MASK 2>&1"
;;
esac
oops="`eval $it`"
status="$?"
if test " $oops" = " " -a " $status" != " 0"
then
oops="silent error, exit status $status"
fi
case "$oops" in
'SIOCDELRT: No such process'*)
# This is what route (currently -- not documented!) gives
# for "could not find such a route".
oops=
status=0
;;
esac
if test " $oops" != " " -o " $status" != " 0"
then
echo "$0: \`$it' failed ($oops)" >&2
fi
exit $status
;;
route-host:*|route-client:*)
# connection to me or my client subnet being routed
uproute
;;
unroute-host:*|unroute-client:*)
# connection to me or my client subnet being unrouted
downroute
;;
up-host:*)
# connection to me coming up
# If you are doing a custom version, firewall commands go here.
;;
down-host:*)
# connection to me going down
# If you are doing a custom version, firewall commands go here.
;;
up-client:)
# connection to my client subnet coming up
# If you are doing a custom version, firewall commands go here.
;;
down-client:)
# connection to my client subnet going down
# If you are doing a custom version, firewall commands go here.
;;
up-client:ipfwadm)
# connection to client subnet, with (left/right)firewall=yes, coming up
# This is used only by the default updown script, not by your custom
# ones, so do not mess with it; see CAUTION comment up at top.
ipfwadm -F -i accept -b -S $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \
-D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK
;;
down-client:ipfwadm)
# connection to client subnet, with (left/right)firewall=yes, going down
# This is used only by the default updown script, not by your custom
# ones, so do not mess with it; see CAUTION comment up at top.
ipfwadm -F -d accept -b -S $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \
-D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK
;;
*) echo "$0: unknown verb \`$PLUTO_VERB' or parameter \`$1'" >&2
exit 1
;;
esac
+ _________________________ proc/net/dev
+ cat /proc/net/dev
Inter-| Receive | Transmit
face |bytes packets errs drop fifo frame compressed multicast|bytes
packets errs drop fifo colls carrier compressed
lo: 4392 52 0 0 0 0 0 0 4392
52 0 0 0 0 0 0
eth0:15200911 91681 0 0 0 0 0 64216 8831388
34515 0 0 0 395 0 0
eth1: 6979763 21198 0 0 0 0 0 68 6440878
25042 0 0 0 13 0 0
ipddp0: 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0
tunl0: 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0
ipsec0: 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0
ipsec1: 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0
ipsec2: 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0
ipsec3: 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0
+ _________________________ proc/net/route
+ cat /proc/net/route
Iface Destination Gateway Flags RefCnt Use Metric Mask MTU Window IRTT
eth0 209DF1D0 00000000 0001 0 0 0 E0FFFFFF 40 0 0
ipsec0 209DF1D0 00000000 0001 0 0 0 E0FFFFFF 40 0 0
eth1 0001A8C0 00000000 0001 0 0 0 00FFFFFF 40 0 0
eth0 00000000 219DF1D0 0003 0 0 1 00000000 40 0 0
+ _________________________ proc/sys/net/ipv4/ip_forward
+ cat /proc/sys/net/ipv4/ip_forward
1
+ _________________________ proc/sys/net/ipv4/conf/star-rp_filter
+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/rp_filter default/rp_filter eth0/rp_filter eth1/rp_filter
ipsec0/rp_filter lo/rp_filter
all/rp_filter:0
default/rp_filter:0
eth0/rp_filter:0
eth1/rp_filter:0
ipsec0/rp_filter:0
lo/rp_filter:0
+ _________________________ uname-a
+ uname -a
Linux central 2.4.18 #9 SMP Tue Apr 23 09:39:25 EDT 2002 i586 unknown
+ _________________________ redhat-release
+ test -r /etc/redhat-release
+ _________________________ proc/net/ipsec_version
+ cat /proc/net/ipsec_version
FreeS/WAN version: 1.97
+ _________________________ iptables/list
+ iptables -L -v -n
Chain INPUT (policy DROP 214 packets, 33486 bytes)
pkts bytes target prot opt in out source
destination
417 200K ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp spt:68 dpt:67
1 84 ACCEPT all -- eth1 * 0.0.0.0/0
192.168.1.1
179 58629 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp spt:500 dpt:500
0 0 ACCEPT esp -- * * 0.0.0.0/0
0.0.0.0/0
5410 356K ACCEPT all -- eth0 * 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
1212 158K ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source
destination
10433 2764K ACCEPT all -- eth0 eth1 0.0.0.0/0
0.0.0.0/0 state RELATED,ESTABLISHED
10842 1042K ACCEPT all -- eth1 eth0 0.0.0.0/0
0.0.0.0/0
Chain OUTPUT (policy DROP 12 packets, 840 bytes)
pkts bytes target prot opt in out source
destination
0 0 ACCEPT udp -- * * 0.0.0.0/0
192.168.0.1 udp spt:67 dpt:67
4551 648K ACCEPT all -- * eth0 0.0.0.0/0
0.0.0.0/0
7 3540 ACCEPT all -- * eth1 0.0.0.0/0
0.0.0.0/0
0 0 ACCEPT udp -- * * 0.0.0.0/0
0.0.0.0/0 udp spt:500 dpt:500
0 0 ACCEPT esp -- * * 0.0.0.0/0
0.0.0.0/0
52 4392 ACCEPT all -- * * 0.0.0.0/0
0.0.0.0/0
+ _________________________ ipchains/list
+ ipchains -L -v -n
/usr/local/lib/ipsec/barf: ipchains: command not found
+ _________________________ ipfwadm/forward
+ ipfwadm -F -l -n -e
/usr/local/lib/ipsec/barf: ipfwadm: command not found
+ _________________________ ipfwadm/input
+ ipfwadm -I -l -n -e
/usr/local/lib/ipsec/barf: ipfwadm: command not found
+ _________________________ ipfwadm/output
+ ipfwadm -O -l -n -e
/usr/local/lib/ipsec/barf: ipfwadm: command not found
+ _________________________ iptables/nat
+ iptables -t nat -L -v -n
Chain PREROUTING (policy ACCEPT 4413 packets, 569K bytes)
pkts bytes target prot opt in out source
destination
Chain POSTROUTING (policy ACCEPT 11 packets, 790 bytes)
pkts bytes target prot opt in out source
destination
2473 176K MASQUERADE all -- * eth0 0.0.0.0/0
0.0.0.0/0
Chain OUTPUT (policy ACCEPT 23 packets, 1630 bytes)
pkts bytes target prot opt in out source
destination
+ _________________________ ipchains/masq
+ ipchains -M -L -v -n
/usr/local/lib/ipsec/barf: ipchains: command not found
+ _________________________ ipfwadm/masq
+ ipfwadm -M -l -n -e
/usr/local/lib/ipsec/barf: ipfwadm: command not found
+ _________________________ iptables/mangle
+ iptables -t mangle -L -v -n
Chain PREROUTING (policy ACCEPT 36900 packets, 7006K bytes)
pkts bytes target prot opt in out source
destination
Chain INPUT (policy ACCEPT 7572 packets, 854K bytes)
pkts bytes target prot opt in out source
destination
Chain FORWARD (policy ACCEPT 29328 packets, 6152K bytes)
pkts bytes target prot opt in out source
destination
Chain OUTPUT (policy ACCEPT 4622 packets, 657K bytes)
pkts bytes target prot opt in out source
destination
Chain POSTROUTING (policy ACCEPT 33936 packets, 6808K bytes)
pkts bytes target prot opt in out source
destination
+ _________________________ proc/modules
+ cat /proc/modules
+ _________________________ proc/meminfo
+ cat /proc/meminfo
total: used: free: shared: buffers: cached:
Mem: 58933248 25382912 33550336 0 1032192 16875520
Swap: 123858944 0 123858944
MemTotal: 57552 kB
MemFree: 32764 kB
MemShared: 0 kB
Buffers: 1008 kB
Cached: 16480 kB
SwapCached: 0 kB
Active: 13336 kB
Inactive: 7828 kB
HighTotal: 0 kB
HighFree: 0 kB
LowTotal: 57552 kB
LowFree: 32764 kB
SwapTotal: 120956 kB
SwapFree: 120956 kB
+ _________________________ dev/ipsec-ls
+ ls -l '/dev/ipsec*'
ls: /dev/ipsec*: No such file or directory
+ _________________________ proc/net/ipsec-ls
+ ls -l /proc/net/ipsec_eroute /proc/net/ipsec_klipsdebug
/proc/net/ipsec_spi /proc/net/ipsec_spigrp /proc/net/ipsec_tncfg
/proc/net/ipsec_version
-r--r--r-- 1 root root 0 Apr 24 12:06
/proc/net/ipsec_eroute
-r--r--r-- 1 root root 0 Apr 24 12:06
/proc/net/ipsec_klipsdebug
-r--r--r-- 1 root root 0 Apr 24 12:06 /proc/net/ipsec_spi
-r--r--r-- 1 root root 0 Apr 24 12:06
/proc/net/ipsec_spigrp
-r--r--r-- 1 root root 0 Apr 24 12:06
/proc/net/ipsec_tncfg
-r--r--r-- 1 root root 0 Apr 24 12:06
/proc/net/ipsec_version
+ _________________________ usr/src/linux/.config
+ test -f /usr/src/linux/.config
+ egrep 'IP|NETLINK' /usr/src/linux/.config
# CONFIG_MWINCHIPC6 is not set
# CONFIG_MWINCHIP2 is not set
# CONFIG_MWINCHIP3D is not set
CONFIG_SYSVIPC=y
# CONFIG_MD_MULTIPATH is not set
# CONFIG_NETLINK_DEV is not set
CONFIG_IP_MULTICAST=y
CONFIG_IP_ADVANCED_ROUTER=y
CONFIG_IP_MULTIPLE_TABLES=y
# CONFIG_IP_ROUTE_FWMARK is not set
CONFIG_IP_ROUTE_NAT=y
# CONFIG_IP_ROUTE_MULTIPATH is not set
# CONFIG_IP_ROUTE_TOS is not set
CONFIG_IP_ROUTE_VERBOSE=y
# CONFIG_IP_ROUTE_LARGE_TABLES is not set
# CONFIG_IP_PNP is not set
CONFIG_NET_IPIP=y
# CONFIG_NET_IPGRE is not set
# CONFIG_IP_MROUTE is not set
# IP: Netfilter Configuration
CONFIG_IP_NF_CONNTRACK=y
CONFIG_IP_NF_FTP=y
# CONFIG_IP_NF_IRC is not set
# CONFIG_IP_NF_QUEUE is not set
CONFIG_IP_NF_IPTABLES=y
# CONFIG_IP_NF_MATCH_LIMIT is not set
CONFIG_IP_NF_MATCH_MAC=y
# CONFIG_IP_NF_MATCH_MARK is not set
# CONFIG_IP_NF_MATCH_MULTIPORT is not set
# CONFIG_IP_NF_MATCH_TOS is not set
# CONFIG_IP_NF_MATCH_AH_ESP is not set
# CONFIG_IP_NF_MATCH_LENGTH is not set
# CONFIG_IP_NF_MATCH_TTL is not set
# CONFIG_IP_NF_MATCH_TCPMSS is not set
CONFIG_IP_NF_MATCH_STATE=y
# CONFIG_IP_NF_MATCH_UNCLEAN is not set
# CONFIG_IP_NF_MATCH_OWNER is not set
CONFIG_IP_NF_FILTER=y
CONFIG_IP_NF_TARGET_REJECT=y
CONFIG_IP_NF_TARGET_MIRROR=y
CONFIG_IP_NF_NAT=y
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=y
CONFIG_IP_NF_TARGET_REDIRECT=y
# CONFIG_IP_NF_NAT_SNMP_BASIC is not set
CONFIG_IP_NF_NAT_FTP=y
CONFIG_IP_NF_MANGLE=y
CONFIG_IP_NF_TARGET_TOS=y
# CONFIG_IP_NF_TARGET_MARK is not set
CONFIG_IP_NF_TARGET_LOG=y
# CONFIG_IP_NF_TARGET_ULOG is not set
# CONFIG_IP_NF_TARGET_TCPMSS is not set
# CONFIG_IPV6 is not set
CONFIG_IPX=y
CONFIG_IPX_INTERN=y
CONFIG_IPSEC=y
CONFIG_IPSEC_IPIP=y
CONFIG_IPSEC_AH=y
CONFIG_IPSEC_AUTH_HMAC_MD5=y
CONFIG_IPSEC_AUTH_HMAC_SHA1=y
CONFIG_IPSEC_ESP=y
CONFIG_IPSEC_ENC_3DES=y
CONFIG_IPSEC_IPCOMP=y
CONFIG_IPSEC_DEBUG=y
# CONFIG_IDEDMA_PCI_WIP is not set
# CONFIG_IDE_CHIPSETS is not set
# CONFIG_SCSI_IPS is not set
CONFIG_IPDDP=y
# CONFIG_IPDDP_ENCAP is not set
CONFIG_IPDDP_DECAP=y
# CONFIG_TULIP is not set
# CONFIG_HIPPI is not set
# CONFIG_PLIP is not set
# CONFIG_SLIP is not set
# CONFIG_USB_SERIAL_IPAQ is not set
+ _________________________ etc/syslog.conf
+ cat /etc/syslog.conf
# Begin /etc/syslog.conf
auth,authpriv.* -/var/log/auth.log
*.*:auth,authpriv.none -/var/log/sys.log
daemon.* -/var/log/daemon.log
kern.* -/var/log/kern.log
mail.* -/var/log/mail.log
user.* -/var/log/user.log
#*.emerg *
# End /etc/syslog.conf
+ _________________________ lib/modules-ls
+ ls -ltr /lib/modules
total 4
drwxr-xr-x 4 root root 4096 Apr 23 09:41 2.4.18
+ _________________________ proc/ksyms-netif_rx
+ egrep netif_rx /proc/ksyms
c020eadc netif_rx_Rsmp_4b180a7d
+ _________________________ lib/modules-netif_rx
+ modulegoo kernel/net/ipv4/ipip.o netif_rx
+ set +x
2.4.18:
+ _________________________ kern.debug
+ test -f /var/log/kern.debug
+ _________________________ klog
+ sed -n '28867,$p' /var/log/kern.log
+ egrep -i 'ipsec|klips|pluto'
+ cat
Apr 23 09:42:22 central kernel: klips_info:ipsec_init: KLIPS startup,
FreeS/WAN IPSec version: 1.97
Apr 23 15:56:34 central kernel: IPSEC EVENT: KLIPS device ipsec0 shut down.
Apr 23 17:47:23 central kernel: IPSEC EVENT: KLIPS device ipsec0 shut down.
Apr 23 23:07:16 central kernel: IPSEC EVENT: KLIPS device ipsec0 shut down.
Apr 24 09:21:22 central kernel: IPSEC EVENT: KLIPS device ipsec0 shut down.
Apr 24 09:47:51 central kernel: IPSEC EVENT: KLIPS device ipsec0 shut down.
Apr 24 10:03:33 central kernel: IPSEC EVENT: KLIPS device ipsec0 shut down.
Apr 24 10:09:24 central kernel: IPSEC EVENT: KLIPS device ipsec0 shut down.
Apr 24 10:17:49 central kernel: IPSEC EVENT: KLIPS device ipsec0 shut down.
Apr 24 10:19:34 central kernel: IPSEC EVENT: KLIPS device ipsec0 shut down.
Apr 24 10:20:55 central kernel: IPSEC EVENT: KLIPS device ipsec0 shut down.
Apr 24 10:29:16 central kernel: IPSEC EVENT: KLIPS device ipsec0 shut down.
Apr 24 11:56:07 central kernel: IPSEC EVENT: KLIPS device ipsec0 shut down.
Apr 24 11:59:08 central kernel: IPSEC EVENT: KLIPS device ipsec0 shut down.
Apr 24 12:00:42 central kernel: IPSEC EVENT: KLIPS device ipsec0 shut down.
+ _________________________ plog
+ sed -n '1808,$p' /var/log/auth.log
+ egrep -i pluto
+ cat
Apr 24 12:00:44 central ipsec__plutorun: Starting Pluto subsystem...
Apr 24 12:00:44 central Pluto[3210]: Starting Pluto (FreeS/WAN Version 1.97)
Apr 24 12:00:45 central Pluto[3210]: added connection description
"journalistic-jasonhome"
Apr 24 12:00:45 central Pluto[3210]: listening for IKE messages
Apr 24 12:00:45 central Pluto[3210]: adding interface ipsec0/eth0
208.241.157.38
Apr 24 12:00:45 central Pluto[3210]: loading secrets from
"/etc/ipsec.secrets"
Apr 24 12:00:49 central Pluto[3210]: packet from 66.57.8.199:500: ignoring
Vendor ID payload
Apr 24 12:00:49 central Pluto[3210]: "journalistic-jasonhome" 66.57.8.199
#1: responding to Main Mode from unknown peer 66.57.8.199
Apr 24 12:00:50 central Pluto[3210]: "journalistic-jasonhome" 66.57.8.199
#1: ignoring informational payload, type IPSEC_INITIAL_CONTACT
Apr 24 12:00:50 central Pluto[3210]: "journalistic-jasonhome" 66.57.8.199
#1: no suitable connection for peer '192.168.2.30'
Apr 24 12:00:51 central Pluto[3210]: "journalistic-jasonhome" 66.57.8.199
#1: ignoring informational payload, type IPSEC_INITIAL_CONTACT
Apr 24 12:00:51 central Pluto[3210]: "journalistic-jasonhome" 66.57.8.199
#1: no suitable connection for peer '192.168.2.30'
Apr 24 12:00:53 central Pluto[3210]: "journalistic-jasonhome" 66.57.8.199
#1: ignoring informational payload, type IPSEC_INITIAL_CONTACT
Apr 24 12:00:53 central Pluto[3210]: "journalistic-jasonhome" 66.57.8.199
#1: no suitable connection for peer '192.168.2.30'
Apr 24 12:00:57 central Pluto[3210]: "journalistic-jasonhome" 66.57.8.199
#1: ignoring informational payload, type IPSEC_INITIAL_CONTACT
Apr 24 12:00:57 central Pluto[3210]: "journalistic-jasonhome" 66.57.8.199
#1: no suitable connection for peer '192.168.2.30'
Apr 24 12:01:00 central Pluto[3210]: "journalistic-jasonhome" 66.57.8.199
#1: ignoring informational payload, type IPSEC_INITIAL_CONTACT
Apr 24 12:01:00 central Pluto[3210]: "journalistic-jasonhome" 66.57.8.199
#1: no suitable connection for peer '192.168.2.30'
Apr 24 12:02:00 central Pluto[3210]: "journalistic-jasonhome" 66.57.8.199
#1: max number of retransmissions (2) reached STATE_MAIN_R2
Apr 24 12:02:00 central Pluto[3210]: "journalistic-jasonhome" 66.57.8.199:
deleting connection "journalistic-jasonhome" instance with peer 66.57.8.199
+ _________________________ date
+ date
Wed Apr 24 12:06:08 EDT 2002
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:19:54 CEST