[Users] Re: hi...im from germany

• Next message: Andreas Steffen: "Re: [Users] Re: hi...im from germany"
• Previous message: Andreas Steffen: "Re: [Users] x509 Certs AND PSKs for Road Warriors"
• Next in thread: Andreas Steffen: "Re: [Users] Re: hi...im from germany"
• Reply: Andreas Steffen: "Re: [Users] Re: hi...im from germany"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hallo,

danke für die Antwort.

Hier ist die Ausgabe von ipsec barf....bitte um Hilfe ;(

----------------------------------------------------------------------------------

Fri Jul 19 15:02:19 UTC 2002
+ _________________________ version
+
+ ipsec --version
Linux FreeS/WAN U1.97/K1.91
See `ipsec --copyright' for copyright information.
+ _________________________ proc/version
+
+ cat /proc/version
Linux version 2.2.19-3-LEAF-RAID (root_at_debian) (gcc version 2.7.2.3) #4
Sat Dec 1 17:27:59 CST 2001
+ _________________________ proc/net/ipsec_eroute
+
+ sort +3 /proc/net/ipsec_eroute
sort: +3: No such file or directory
+ cat /proc/net/ipsec_eroute
+ _________________________ proc/net/ipsec_spi
+
+ cat /proc/net/ipsec_spi
esp0xd3e3d007_at_214.150.69.254 ESP_3DES_HMAC_MD5: dir=in
src=195.122.124.165 iv_bits=64bits iv=0x0de1c4608b3620c3 ooowin=64
alen=128 aklen=128 eklen=192 life(c,s,h)=add(57,0,0)
esp0xd3e3d006_at_214.150.69.254 ESP_3DES_HMAC_MD5: dir=in
src=195.122.124.165 iv_bits=64bits iv=0x9eef1507fbd3ebc8 ooowin=64
alen=128 aklen=128 eklen=192 life(c,s,h)=add(60,0,0)
tun0x19c5_at_214.150.69.254 IPIP: dir=in src=195.122.124.165
life(c,s,h)=add(57,0,0)
tun0x19c4_at_214.150.69.254 IPIP: dir=in src=195.122.124.165
life(c,s,h)=add(60,0,0)
+ _________________________ proc/net/ipsec_spigrp
+
+ cat /proc/net/ipsec_spigrp
tun0x19c5_at_214.150.69.254 esp0xd3e3d007_at_214.150.69.254
tun0x19c4_at_214.150.69.254 esp0xd3e3d006_at_214.150.69.254
+ _________________________ ip/route
+
+ ip route
213.149.68.224/27 dev eth0 proto kernel scope link src 214.150.69.254
213.149.68.224/27 dev ipsec0 proto kernel scope link src
214.150.69.254
192.168.31.0/24 via 214.150.69.250 dev ipsec0
192.168.30.0/24 via 214.150.69.250 dev ipsec0
192.168.11.0/24 via 192.168.1.31 dev eth1
192.168.10.0/24 via 192.168.1.31 dev eth1
192.168.0.0/20 dev eth1 proto kernel scope link src 192.168.1.1
default via 214.150.69.250 dev eth0
+ _________________________ proc/net/ipsec_tncfg
+
+ cat /proc/net/ipsec_tncfg
ipsec0 -> eth0 mtu=16260(1500) -> 1500
ipsec1 -> NULL mtu=0(0) -> 0
ipsec2 -> NULL mtu=0(0) -> 0
ipsec3 -> NULL mtu=0(0) -> 0
+ _________________________ proc/net/pf_key
+
+ cat /proc/net/pf_key
    sock pid socket next prev e n p sndbf Flags Type
St
c37d5040 1959 c33aeff0 0 0 0 0 2 32767 00000000 3
1
+ _________________________ proc/net/pf_key-star
+
+ cd /proc/net
+ egrep ^ pf_key_registered pf_key_supported
pf_key_registered:satype socket pid sk
pf_key_registered: 2 c33aeff0 1959 c37d5040
pf_key_registered: 3 c33aeff0 1959 c37d5040
pf_key_registered: 9 c33aeff0 1959 c37d5040
pf_key_registered: 10 c33aeff0 1959 c37d5040
pf_key_supported:satype exttype alg_id ivlen minbits maxbits
pf_key_supported: 2 14 3 0 160 160
pf_key_supported: 2 14 2 0 128 128
pf_key_supported: 3 15 3 128 168 168
pf_key_supported: 3 14 3 0 160 160
pf_key_supported: 3 14 2 0 128 128
pf_key_supported: 9 15 4 0 128 128
pf_key_supported: 9 15 3 0 32 128
pf_key_supported: 9 15 2 0 128 32
pf_key_supported: 9 15 1 0 32 32
pf_key_supported: 10 15 2 0 1 1
+ _________________________ proc/sys/net/ipsec-star
+
+ cd /proc/sys/net/ipsec
+ egrep ^ debug_ah debug_eroute debug_esp debug_ipcomp debug_netlink
debug_pfkey debug_radij debug_rcv debug_spi debug_tunnel debug_verbose
debug_xform icmp inbound_policy_check tos
debug_ah:0
debug_eroute:0
debug_esp:0
debug_ipcomp:0
debug_netlink:0
debug_pfkey:0
debug_radij:0
debug_rcv:0
debug_spi:0
debug_tunnel:0
debug_verbose:0
debug_xform:0
icmp:1
inbound_policy_check:1
tos:1
1: lo: <LOOPBACK,UP> mtu 3924 qdisc noqueue
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 brd 127.255.255.255 scope global lo
2: ipsec0: <NOARP,UP> mtu 16260 qdisc pfifo_fast qlen 10
    link/ether 00:e0:7d:8f:82:52 brd ff:ff:ff:ff:ff:ff
    inet 214.150.69.254/27 brd 213.149.68.255 scope global ipsec0
3: ipsec1: <NOARP> mtu 0 qdisc noop qlen 10
    link/ipip
4: ipsec2: <NOARP> mtu 0 qdisc noop qlen 10
    link/ipip
5: ipsec3: <NOARP> mtu 0 qdisc noop qlen 10
    link/ipip
6: brg0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop
    link/ether fe:fd:07:00:f7:ce brd ff:ff:ff:ff:ff:ff
7: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
    link/ether 00:e0:7d:8f:82:52 brd ff:ff:ff:ff:ff:ff
    inet 214.150.69.254/27 brd 213.149.68.255 scope global eth0
8: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
    link/ether 00:40:f6:34:e5:b6 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.1/20 brd 192.168.15.255 scope global eth1
+ _________________________ ipsec/directory
+
+ ipsec --directory
/lib/ipsec
+ _________________________ hostname/fqdn
+
+ hostname -f
leipzig.private.network
+ _________________________ hostname/ipaddress
+
+ hostname -i
192.168.1.1
+ _________________________ uptime
+
+ uptime
 15:02:19 up 0 Days (3h), load average: 0.41 0.13 0.03
+ _________________________ ps
+
+ ps alxwf
+ egrep -i ppid|pluto|ipsec|klips
 1951 root S sh /lib/ipsec/_plutorun --debug none --uniqueids yes
--dump
 1952 root S logger -p daemon.error -t ipsec__plutorun
 1955 root S sh /lib/ipsec/_plutorun --debug none --uniqueids yes
--dump
 1956 root S sh /lib/ipsec/_plutoload --load %search --start
%search --w
 1957 root S sh /lib/ipsec/_plutorun --debug none --uniqueids yes
--dump
 1959 root S /lib/ipsec/pluto --nofork --debug-none --uniqueids
 1964 root S _pluto_adns 7 10
 2323 root S sh /sbin/ipsec barf
 2324 root S sh /lib/ipsec/barf
 2368 root R sh /lib/ipsec/barf
+ _________________________ ipsec/showdefaults
+
+ ipsec showdefaults
routephys=eth0
routephys=eth0
routevirt=ipsec0
routevirt=ipsec0
routeaddr=214.150.69.254
routeaddr=214.150.69.254
routenexthop=214.150.69.250
routenexthop=214.150.69.250
defaultroutephys=eth0
defaultroutevirt=ipsec0
defaultrouteaddr=214.150.69.254
defaultroutenexthop=214.150.69.250
+ _________________________ ipsec/conf
+
+ ipsec _include /etc/ipsec.conf
+ ipsec _keycensor

#< /etc/ipsec.conf 1
# fuer alle verbindungen gilt:
# left = leipzig

config setup
        interfaces=%defaultroute
        klipsdebug=none
        plutodebug=none
        plutoload=%search
        plutostart=%search
        uniqueids=yes

conn %default
        keyingtries=0
        authby=rsasig
        left=214.150.69.254
        leftsubnet=192.168.0.0/20
        leftnexthop=214.150.69.250
        
conn k-l
        right=195.122.124.165
        rightsubnet=192.168.30.0/24
        rightnexthop=195.122.124.162
        rightrsasigkey=%cert
        rightcert=vpn-c06.pem
        rightfirewall=yes
        leftrsasigkey=%cert
        leftcert=vpn-c00.pem
        leftfirewall=yes
        type=tunnel
        keyexchange=ike
        pfs=yes
        auto=start
        
        
conn b-l
        right=195.122.124.165
        rightsubnet=192.168.31.0/24
        rightnexthop=195.122.124.162
        rightrsasigkey=%cert
        rightcert=vpn-c06.pem
        rightfirewall=yes
        leftrsasigkey=%cert
        leftcert=vpn-c00.pem
        leftfirewall=yes
        type=tunnel
        keyexchange=ike
        pfs=yes
        auto=start

conn l-hr
        right=%any
        rightrsasigkey=%cert
        leftrsasigkey=%cert
        leftcert=vpn-c00.pem
        type=tunnel
        keyexchange=ike
        pfs=yes
        auto=add
        
+ _________________________ ipsec/secrets
+
+ ipsec _include /etc/ipsec.secrets
+ ipsec _secretcensor

#< /etc/ipsec.secrets 1
# This file holds shared secrets or RSA private keys for inter-Pluto
# authentication. See ipsec_pluto(8) manpage, and HTML documentation.

# RSA private key for this host, authenticating it to any other host
# which knows the public part. Suitable public keys, for ipsec.conf,
DNS,
# or configuration of other implementations, can be extracted
conveniently
md5sum: not found
# with "[sums to #...]".
md5sum: not found
: RSA vpn-k00.pem "[sums to :...]"
+ _________________________ ipsec/ls-dir
+
+ ls -l /lib/ipsec
-rwxr-xr-x 1 501 501 11110 Apr 21 17:07 _confread
-rwxr-xr-x 1 501 501 4132 Apr 21 20:49 _copyright
-rwxr-xr-x 1 501 501 2163 Apr 21 17:07 _include
-rwxr-xr-x 1 501 501 1472 Apr 21 17:07 _keycensor
-rwxr-xr-x 1 501 501 9356 Apr 21 20:49 _pluto_adns
-rwxr-xr-x 1 501 501 3495 Apr 21 17:07 _plutoload
-rwxr-xr-x 1 501 501 4265 Apr 21 17:07 _plutorun
-rwxr-xr-x 1 501 501 7435 Apr 21 20:50 _realsetup
-rwxr-xr-x 1 501 501 1971 Apr 21 17:07 _secretcensor
-rwxr-xr-x 1 501 501 7636 Apr 21 20:50 _startklips
-rwxr-xr-x 1 501 501 7575 Apr 21 20:50 _updown
-rwxr-xr-x 1 501 501 12491 Apr 21 17:07 auto
-rwxr-xr-x 1 501 501 7106 Apr 23 17:25 barf
-rwxr-xr-x 1 501 501 59360 Apr 21 20:49 eroute
-rwxr-xr-x 1 501 501 18020 Apr 21 20:49 ikeping
-rwxr-xr-x 1 501 501 2905 Apr 21 16:59 ipsec
-rw-r--r-- 1 501 501 1950 Apr 21 17:07
ipsec_pr.template
-rwxr-xr-x 1 501 501 41308 Apr 21 20:49 klipsdebug
-rwxr-xr-x 1 501 501 2649 Apr 22 09:57 look
-rwxr-xr-x 1 501 501 16157 Apr 21 17:07 manual
-rwxr-xr-x 1 501 501 1847 Apr 21 17:07 newhostkey
-rwxr-xr-x 1 501 501 34556 Apr 21 20:49 pf_key
-rwxr-xr-x 1 501 501 347412 Apr 21 20:49 pluto
-rwxr-xr-x 1 501 501 6484 Apr 21 20:49 ranbits
-rwxr-xr-x 1 501 501 64220 Apr 21 20:49 rsasigkey
-rwxr-xr-x 1 501 501 16641 Apr 21 17:07 send-pr
lrwxrwxrwx 1 root root 17 Jul 19 11:29 setup ->
/etc/init.d/ipsec
-rwxr-xr-x 1 501 501 1041 Apr 21 17:07 showdefaults
-rwxr-xr-x 1 501 501 3484 Apr 21 17:07 showhostkey
-rwxr-xr-x 1 501 501 68812 Apr 21 20:49 spi
-rwxr-xr-x 1 501 501 51208 Apr 21 20:49 spigrp
-rwxr-xr-x 1 501 501 9544 Apr 21 20:49 tncfg
-rwxr-xr-x 1 501 501 32888 Apr 21 20:49 whack
+ _________________________ ipsec/updowns
+
+ ls /lib/ipsec
+ egrep updown
+ cat /lib/ipsec/_updown
#! /bin/sh
# default updown script
# Copyright (C) 2000, 2001 D. Hugh Redelmeier, Henry Spencer
#
# This program is free software; you can redistribute it and/or modify
it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 2 of the License, or (at your
# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY
# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
License
# for more details.
#
# RCSID $Id: _updown,v 1.19 2002/03/25 18:04:42 henry Exp $

# CAUTION: Installing a new version of FreeS/WAN will install a new
# copy of this script, wiping out any custom changes you make. If
# you need changes, make a copy of this under another name, and
customize
# that, and use the (left/right)updown parameters in ipsec.conf to make
# FreeS/WAN use yours instead of this default one.

# check interface version
case "$PLUTO_VERSION" in
1.[0]) # Older Pluto?!? Play it safe, script may be using new features.
        echo "$0: obsolete interface version \`$PLUTO_VERSION'," >&2
        echo "$0: called by obsolete Pluto?" >&2
        exit 2
        ;;
1.*) ;;
*) echo "$0: unknown interface version \`$PLUTO_VERSION'" >&2
        exit 2
        ;;
esac

# check parameter(s)
case "$1:$*" in
':') # no parameters
        ;;
ipfwadm:ipfwadm) # due to (left/right)firewall; for default script only
        ;;
custom:*) # custom parameters (see above CAUTION comment)
        ;;
*) echo "$0: unknown parameters \`$*'" >&2
        exit 2
        ;;
esac

# utility functions for route manipulation
# Meddling with this stuff should not be necessary and requires great
care.
uproute() {
        doroute add
}
downroute() {
        doroute del
}
# <CTC> convert to iproute2 - add mask2bits function
#-------------------------------------------------------------------------
# mask2bits function, returns the number of bits in the netmask
parameter.
# borrowed from http://www.stearns.org/samlib/samlib-0.1/samlib
#-------------------------------------------------------------------------
#No external apps needed.
mask2bits () {
        case $1 in
        255.255.255.255) echo 32 ;;
        255.255.255.254) echo 31 ;;
        255.255.255.252) echo 30 ;;
        255.255.255.248) echo 29 ;;
        255.255.255.240) echo 28 ;;
        255.255.255.224) echo 27 ;;
        255.255.255.192) echo 26 ;;
        255.255.255.128) echo 25 ;;
        255.255.255.0) echo 24 ;;
        255.255.254.0) echo 23 ;;
        255.255.252.0) echo 22 ;;
        255.255.248.0) echo 21 ;;
        255.255.240.0) echo 20 ;;
        255.255.224.0) echo 19 ;;
        255.255.192.0) echo 18 ;;
        255.255.128.0) echo 17 ;;
        255.255.0.0) echo 16 ;;
        255.254.0.0) echo 15 ;;
        255.252.0.0) echo 14 ;;
        255.248.0.0) echo 13 ;;
        255.240.0.0) echo 12 ;;
        255.224.0.0) echo 11 ;;
        255.192.0.0) echo 10 ;;
        255.128.0.0) echo 9 ;;
        255.0.0.0) echo 8 ;;
        254.0.0.0) echo 7 ;;
        252.0.0.0) echo 6 ;;
        248.0.0.0) echo 5 ;;
        240.0.0.0) echo 4 ;;
        224.0.0.0) echo 3 ;;
        192.0.0.0) echo 2 ;;
        128.0.0.0) echo 1 ;;
        0.0.0.0) echo 0 ;;
        *) echo 32 ;;
        esac
} #End of mask2bits
doroute() {
# parms2="dev $PLUTO_INTERFACE gw $PLUTO_NEXT_HOP"
# parms="-net $PLUTO_PEER_CLIENT_NET netmask $PLUTO_PEER_CLIENT_MASK"
        PLUTO_PEER_CLIENT_BITS=`mask2bits $PLUTO_PEER_CLIENT_MASK`
        parms="$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_BITS"
        parms2="dev $PLUTO_INTERFACE via $PLUTO_NEXT_HOP"
        case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in
        "0.0.0.0/0.0.0.0")
                # horrible kludge for obscure routing bug with opportunistic
# it="route $1 -net 0.0.0.0 netmask 128.0.0.0 $parms2 &&
# route $1 -net 128.0.0.0 netmask 128.0.0.0 $parms2"
                it="ip route $1 0.0.0.0/1 $parms2 &&"
                it="$it ip route $1 128.0.0.0/1 $parms2"
                ;;
# *) it="route $1 $parms $parms2"
        *) it="ip route $1 $parms $parms2"
                ;;
        esac
        eval $it
        st=$?
        if test $st -ne 0
        then
                # route has already given its own cryptic message
                echo "$0: \`$it' failed" >&2
                if test " $1 $st" = " add 7"
                then
                        # another totally undocumented interface -- 7 and
                        # "SIOCADDRT: Network is unreachable" means that
                        # the gateway isn't reachable.
                        echo "$0: (incorrect or missing nexthop setting??)" >&2
                fi
        fi
        return $st
}

# the big choice
case "$PLUTO_VERB:$1" in
prepare-host:*|prepare-client:*)
        # delete possibly-existing route (preliminary to adding a route)
        case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in
        "0.0.0.0/0.0.0.0")
                # horrible kludge for obscure routing bug with opportunistic
# it="route del -net 0.0.0.0 netmask 128.0.0.0 2>&1 ;
# route del -net 128.0.0.0 netmask 128.0.0.0 2>&1"
                it="ip route del 0.0.0.0/1 2>&1 ; ip route del 128.0.0.0/1 2>&1"
                ;;
        *)
# it="route del -net $PLUTO_PEER_CLIENT_NET \
# netmask $PLUTO_PEER_CLIENT_MASK 2>&1"
                PLUTO_PEER_CLIENT_BITS=`mask2bits $PLUTO_PEER_CLIENT_MASK`
                parms="$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_BITS"
                it="ip route del $parms 2>&1"
                ;;
        esac
        oops="`eval $it`"
        status="$?"
        if test " $oops" = " " -a " $status" != " 0"
        then
                oops="silent error, exit status $status"
        fi
        case "$oops" in
# <CTC> iproute2 gives a _different_ incomprehensible answer
# 'SIOCDELRT: No such process'*)
        'RTNETLINK answers: No such process'*)
# </CTC>
                # This is what route (currently -- not documented!) gives
                # for "could not find such a route".
                oops=
                status=0
                ;;
        esac
        if test " $oops" != " " -o " $status" != " 0"
        then
                echo "$0: \`$it' failed ($oops)" >&2
        fi
        exit $status
        ;;
route-host:*|route-client:*)
        # connection to me or my client subnet being routed
        uproute
        ;;
unroute-host:*|unroute-client:*)
        # connection to me or my client subnet being unrouted
        downroute
        ;;
up-host:*)
        # connection to me coming up
        # If you are doing a custom version, firewall commands go here.
        ;;
down-host:*)
        # connection to me going down
        # If you are doing a custom version, firewall commands go here.
        ;;
up-client:)
        # connection to my client subnet coming up
        # If you are doing a custom version, firewall commands go here.
        ;;
down-client:)
        # connection to my client subnet going down
        # If you are doing a custom version, firewall commands go here.
        ;;
up-client:ipfwadm)
        # connection to client subnet, with (left/right)firewall=yes, coming up
        # This is used only by the default updown script, not by your custom
        # ones, so do not mess with it; see CAUTION comment up at top.
# <CTC> replace with iptables commands
# ipfwadm -F -i accept -b -S $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK
\
# -D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK
        iptables -I FORWARD 1 -s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \
                -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK -j ACCEPT
        iptables -I FORWARD 1 -d $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \
                -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK -j ACCEPT
# </CTC>
        ;;
down-client:ipfwadm)
        # connection to client subnet, with (left/right)firewall=yes, going
down
        # This is used only by the default updown script, not by your custom
        # ones, so do not mess with it; see CAUTION comment up at top.
# <CTC> replace with iptables commands
# ipfwadm -F -d accept -b -S $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK
\
# -D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK
        iptables -D FORWARD 1 -s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \
                -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK -j ACCEPT
        iptables -D FORWARD 1 -d $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \
                -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK -j ACCEPT
# </CTC>
        ;;
*) echo "$0: unknown verb \`$PLUTO_VERB' or parameter \`$1'" >&2
        exit 1
        ;;
esac
+ _________________________ proc/net/dev
+
+ cat /proc/net/dev
Inter-| Receive |
Transmit
 face |bytes packets errs drop fifo frame compressed
multicast|bytes packets errs drop fifo colls carrier compressed
    lo: 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0
ipsec0: 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0
ipsec1: 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0
ipsec2: 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0
ipsec3: 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0
  brg0: 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0
  eth0: 917794 2670 0 0 0 0 0 0
917598 2670 0 0 0 0 0 0
  eth1: 1269200 13053 0 0 0 0 0 0
17544 277 0 0 0 0 0 0
+ _________________________ proc/net/route
+
+ cat /proc/net/route
Iface Destination Gateway
        Flags RefCnt Use Metric Mask MTU Window IRTT
eth0 E04495D5 00000000 0001 0 0 0 E0FFFFFF 0 0 0
ipsec0 E04495D5 00000000 0001 0 0 0 E0FFFFFF 0 0 0
ipsec0 001FA8C0 FE4495D5 0003 0 0 0 00FFFFFF 0 0 0
ipsec0 001EA8C0 FE4495D5 0003 0 0 0 00FFFFFF 0 0 0
eth1 000BA8C0 1F01A8C0 0003 0 0 0 00FFFFFF 0 0 0
eth1 000AA8C0 1F01A8C0 0003 0 0 0 00FFFFFF 0 0 0
eth1 0000A8C0 00000000 0001 0 0 0 00F0FFFF 0 0 0
eth0 00000000 FE4495D5 0003 0 0 0 00000000 0 0 0
+ _________________________ proc/sys/net/ipv4/ip_forward
+
+ cat /proc/sys/net/ipv4/ip_forward
1
+ _________________________ proc/sys/net/ipv4/conf/star-rp_filter
+
+ cd /proc/sys/net/ipv4/conf
+ egrep ^ all/rp_filter default/rp_filter eth0/rp_filter eth1/rp_filter
ipsec0/rp_filter lo/rp_filter
all/rp_filter:1
default/rp_filter:1
eth0/rp_filter:0
eth1/rp_filter:1
ipsec0/rp_filter:0
lo/rp_filter:0
+ _________________________ uname-a
+
+ uname -a
Linux leipzig 2.2.19-3-LEAF-RAID #4 Sat Dec 1 17:27:59 CST 2001 i386
unknown
+ _________________________ redhat-release
+
+ test -r /etc/redhat-release
+ _________________________ proc/net/ipsec_version
+
+ cat /proc/net/ipsec_version
FreeS/WAN version: 1.91
+ _________________________ iptables/list
+
+ iptables -L -v -n
iptables: not found
+ _________________________ ipchains/list
+
+ ipchains -L -v -n
Chain input (policy DENY: 0 packets, 0 bytes):
 pkts bytes target prot opt tosa tosx ifname mark
outsize source destination ports
    0 0 ACCEPT all ------ 0xFF 0x00
* 192.168.11.0/24
192.168.0.0/20 n/a
    0 0 ACCEPT all ------ 0xFF 0x00
* 192.168.0.0/20
192.168.11.0/24 n/a
    0 0 ACCEPT all ------ 0xFF 0x00
* 192.168.10.0/24
192.168.0.0/20 n/a
    0 0 ACCEPT all ------ 0xFF 0x00
* 192.168.0.0/20
192.168.10.0/24 n/a
    0 0 DENY icmp ----l- 0xFF 0x00
* 0.0.0.0/0
0.0.0.0/0 5 -> *
    0 0 DENY icmp ----l- 0xFF 0x00
* 0.0.0.0/0
0.0.0.0/0 13 -> *
    0 0 DENY icmp ----l- 0xFF 0x00
* 0.0.0.0/0
0.0.0.0/0 14 -> *
    0 0 DENY all ----l- 0xFF 0x00
eth0 0.0.0.0
0.0.0.0/0 n/a
    0 0 DENY all ----l- 0xFF 0x00
eth0 255.255.255.255
0.0.0.0/0 n/a
    0 0 DENY all ----l- 0xFF 0x00
eth0 127.0.0.0/8
0.0.0.0/0 n/a
    0 0 DENY all ----l- 0xFF 0x00
eth0 224.0.0.0/4
0.0.0.0/0 n/a
    0 0 DENY all ----l- 0xFF 0x00
eth0 10.0.0.0/8
0.0.0.0/0 n/a
    0 0 DENY all ----l- 0xFF 0x00
eth0 172.16.0.0/12
0.0.0.0/0 n/a
    0 0 DENY all ----l- 0xFF 0x00
eth0 192.168.0.0/16
0.0.0.0/0 n/a
    0 0 DENY all ----l- 0xFF 0x00
eth0 0.0.0.0/8
0.0.0.0/0 n/a
    0 0 DENY all ----l- 0xFF 0x00
eth0 128.0.0.0/16
0.0.0.0/0 n/a
    0 0 DENY all ----l- 0xFF 0x00
eth0 191.255.0.0/16
0.0.0.0/0 n/a
    0 0 DENY all ----l- 0xFF 0x00
eth0 192.0.0.0/24
0.0.0.0/0 n/a
    0 0 DENY all ----l- 0xFF 0x00
eth0 223.255.255.0/24
0.0.0.0/0 n/a
    0 0 DENY all ----l- 0xFF 0x00
eth0 240.0.0.0/4
0.0.0.0/0 n/a
    0 0 DENY all ----l- 0xFF 0x00
eth0 192.168.1.0/24
0.0.0.0/0 n/a
    0 0 DENY all ----l- 0xFF 0x00
eth0 192.168.10.0/24
0.0.0.0/0 n/a
    0 0 DENY all ----l- 0xFF 0x00
eth0 192.168.11.0/24
0.0.0.0/0 n/a
    0 0 DENY all ----l- 0xFF 0x00
eth0 214.150.69.254
0.0.0.0/0 n/a
    0 0 REJECT all ----l- 0xFF 0x00
eth0 0.0.0.0/0
127.0.0.0/8 n/a
    0 0 REJECT all ----l- 0xFF 0x00
eth0 0.0.0.0/0
192.168.1.0/24 n/a
    0 0 REJECT all ----l- 0xFF 0x00
eth0 0.0.0.0/0
192.168.10.0/24 n/a
    0 0 REJECT all ----l- 0xFF 0x00
eth0 0.0.0.0/0
192.168.11.0/24 n/a
    0 0 REJECT tcp ------ 0xFF 0x00
eth0 0.0.0.0/0
0.0.0.0/0 * -> 137
    0 0 REJECT tcp ------ 0xFF 0x00
eth0 0.0.0.0/0
0.0.0.0/0 * -> 135
    0 0 REJECT udp ------ 0xFF 0x00
eth0 0.0.0.0/0
0.0.0.0/0 * -> 137
    0 0 REJECT udp ------ 0xFF 0x00
eth0 0.0.0.0/0
0.0.0.0/0 * -> 135
    0 0 REJECT tcp ------ 0xFF 0x00
eth0 0.0.0.0/0
0.0.0.0/0 * -> 138:139
    0 0 REJECT udp ------ 0xFF 0x00
eth0 0.0.0.0/0
0.0.0.0/0 * -> 138
    0 0 REJECT udp ------ 0xFF 0x00
eth0 0.0.0.0/0
0.0.0.0/0 137:138 -> *
    0 0 REJECT udp ------ 0xFF 0x00
eth0 0.0.0.0/0
0.0.0.0/0 135 -> *
    0 0 REJECT tcp ------ 0xFF 0x00
eth0 0.0.0.0/0
0.0.0.0/0 137:139 -> *
    0 0 REJECT tcp ------ 0xFF 0x00
eth0 0.0.0.0/0
0.0.0.0/0 135 -> *
    0 0 ACCEPT 50 ------ 0xFF 0x00
eth0 0.0.0.0/0
0.0.0.0/0 n/a
    0 0 ACCEPT 51 ------ 0xFF 0x00
eth0 0.0.0.0/0
0.0.0.0/0 n/a
    0 0 REJECT tcp ------ 0xFF 0x00
eth0 0.0.0.0/0
0.0.0.0/0 * -> 113
    0 0 ACCEPT tcp ------ 0xFF 0x00
eth0 0.0.0.0/0
0.0.0.0/0 * -> 1024:65535
    0 0 REJECT udp ----l- 0xFF 0x00
eth0 0.0.0.0/0
0.0.0.0/0 * -> 161:162
    0 0 ACCEPT udp ------ 0xFF 0x00
eth0 0.0.0.0/0
0.0.0.0/0 * -> 53
    0 0 ACCEPT udp ------ 0xFF 0x00
eth0 0.0.0.0/0
0.0.0.0/0 * -> 68
 2172 855K ACCEPT udp ------ 0xFF 0x00
eth0 0.0.0.0/0
0.0.0.0/0 * -> 500
    0 0 DENY udp ------ 0xFF 0x00
eth0 0.0.0.0/0
0.0.0.0/0 * -> 67
    0 0 ACCEPT udp ------ 0xFF 0x00
eth0 0.0.0.0/0
0.0.0.0/0 * -> 1024:65535
   21 3192 ACCEPT icmp ------ 0xFF 0x00
eth0 0.0.0.0/0
0.0.0.0/0 * -> *
    0 0 ACCEPT ospf ------ 0xFF 0x00
eth0 0.0.0.0/0
0.0.0.0/0 n/a
    0 0 DENY all ----l- 0xFF 0x00
eth0 0.0.0.0/0
0.0.0.0/0 n/a
    0 0 REJECT udp ----l- 0xFF 0x00
* 0.0.0.0/0
0.0.0.0/0 * -> 161:162
    0 0 REJECT udp ----l- 0xFF 0x00
* 0.0.0.0/0
0.0.0.0/0 161:162 -> *
12790 1074K ACCEPT all ------ 0xFF 0x00
* 0.0.0.0/0
0.0.0.0/0 n/a
Chain forward (policy DENY: 0 packets, 0 bytes):
 pkts bytes target prot opt tosa tosx ifname mark
outsize source destination ports
    0 0 ACCEPT all ------ 0xFF 0x00
* 192.168.11.0/24
192.168.0.0/20 n/a
    0 0 ACCEPT all ------ 0xFF 0x00
* 192.168.0.0/20
192.168.11.0/24 n/a
    0 0 ACCEPT all ------ 0xFF 0x00
* 192.168.10.0/24
192.168.0.0/20 n/a
    0 0 ACCEPT all ------ 0xFF 0x00
* 192.168.0.0/20
192.168.10.0/24 n/a
    0 0 DENY icmp ----l- 0xFF 0x00
* 0.0.0.0/0
0.0.0.0/0 5 -> *
   14 1176 MASQ all ------ 0xFF 0x00
eth0 192.168.1.0/24
0.0.0.0/0 n/a
    0 0 MASQ all ------ 0xFF 0x00
eth0 192.168.10.0/24
0.0.0.0/0 n/a
    0 0 MASQ all ------ 0xFF 0x00
eth0 192.168.11.0/24
0.0.0.0/0 n/a
12776 1073K DENY all ------ 0xFF 0x00
* 0.0.0.0/0
0.0.0.0/0 n/a
Chain output (policy DENY: 0 packets, 0 bytes):
 pkts bytes target prot opt tosa tosx ifname mark
outsize source destination ports
 2207 860K fairq all ------ 0xFF 0x00
* 0.0.0.0/0
0.0.0.0/0 n/a
    0 0 DENY all ----l- 0xFF 0x00
eth0 0.0.0.0
0.0.0.0/0 n/a
    0 0 DENY all ----l- 0xFF 0x00
eth0 255.255.255.255
0.0.0.0/0 n/a
    0 0 DENY all ----l- 0xFF 0x00
eth0 127.0.0.0/8
0.0.0.0/0 n/a
    0 0 DENY all ----l- 0xFF 0x00
eth0 224.0.0.0/4
0.0.0.0/0 n/a
    0 0 DENY all ----l- 0xFF 0x00
eth0 10.0.0.0/8
0.0.0.0/0 n/a
    0 0 DENY all ----l- 0xFF 0x00
eth0 172.16.0.0/12
0.0.0.0/0 n/a
    0 0 DENY all ----l- 0xFF 0x00
eth0 192.168.0.0/16
0.0.0.0/0 n/a
    0 0 DENY all ----l- 0xFF 0x00
eth0 0.0.0.0/8
0.0.0.0/0 n/a
    0 0 DENY all ----l- 0xFF 0x00
eth0 128.0.0.0/16
0.0.0.0/0 n/a
    0 0 DENY all ----l- 0xFF 0x00
eth0 191.255.0.0/16
0.0.0.0/0 n/a
    0 0 DENY all ----l- 0xFF 0x00
eth0 192.0.0.0/24
0.0.0.0/0 n/a
    0 0 DENY all ----l- 0xFF 0x00
eth0 223.255.255.0/24
0.0.0.0/0 n/a
    0 0 DENY all ----l- 0xFF 0x00
eth0 240.0.0.0/4
0.0.0.0/0 n/a
    0 0 DENY all ------ 0xFF 0x00
eth0 192.168.1.0/24
0.0.0.0/0 n/a
    0 0 DENY all ------ 0xFF 0x00
eth0 192.168.10.0/24
0.0.0.0/0 n/a
    0 0 DENY all ------ 0xFF 0x00
eth0 192.168.11.0/24
0.0.0.0/0 n/a
    0 0 REJECT tcp ------ 0xFF 0x00
eth0 0.0.0.0/0
0.0.0.0/0 * -> 137
    0 0 REJECT tcp ------ 0xFF 0x00
eth0 0.0.0.0/0
0.0.0.0/0 * -> 135
    0 0 REJECT udp ------ 0xFF 0x00
eth0 0.0.0.0/0
0.0.0.0/0 * -> 137
    0 0 REJECT udp ------ 0xFF 0x00
eth0 0.0.0.0/0
0.0.0.0/0 * -> 135
    0 0 REJECT tcp ------ 0xFF 0x00
eth0 0.0.0.0/0
0.0.0.0/0 * -> 138:139
    0 0 REJECT udp ------ 0xFF 0x00
eth0 0.0.0.0/0
0.0.0.0/0 * -> 138
    0 0 REJECT udp ------ 0xFF 0x00
eth0 0.0.0.0/0
0.0.0.0/0 137:138 -> *
    0 0 REJECT udp ------ 0xFF 0x00
eth0 0.0.0.0/0
0.0.0.0/0 135 -> *
    0 0 REJECT tcp ------ 0xFF 0x00
eth0 0.0.0.0/0
0.0.0.0/0 137:139 -> *
    0 0 REJECT tcp ------ 0xFF 0x00
eth0 0.0.0.0/0
0.0.0.0/0 135 -> *
 2207 860K ACCEPT all ------ 0xFF 0x00
* 0.0.0.0/0
0.0.0.0/0 n/a
Chain fairq (1 references):
 pkts bytes target prot opt tosa tosx ifname mark
outsize source destination ports
    0 0 RETURN ospf ------ 0xFF 0x00 *
0x1 0.0.0.0/0 0.0.0.0/0 n/a
    0 0 RETURN ospf ------ 0xFF 0x00 *
0x1 0.0.0.0/0 0.0.0.0/0 n/a
    0 0 RETURN udp ------ 0xFF 0x00 *
0x1 0.0.0.0/0 0.0.0.0/0 * ->
520
    0 0 RETURN udp ------ 0xFF 0x00 *
0x1 0.0.0.0/0 0.0.0.0/0 520
-> *
    0 0 RETURN tcp ------ 0xFF 0x00 *
0x1 0.0.0.0/0 0.0.0.0/0 * ->
179
    0 0 RETURN tcp ------ 0xFF 0x00 *
0x1 0.0.0.0/0 0.0.0.0/0 179
-> *
    0 0 RETURN tcp ------ 0xFF 0x00 *
0x1 0.0.0.0/0 0.0.0.0/0 * ->
53
    0 0 RETURN tcp ------ 0xFF 0x00 *
0x1 0.0.0.0/0 0.0.0.0/0 53 ->
*
    0 0 RETURN udp ------ 0xFF 0x00 *
0x1 0.0.0.0/0 0.0.0.0/0 * ->
53
    0 0 RETURN udp ------ 0xFF 0x00 *
0x1 0.0.0.0/0 0.0.0.0/0 53 ->
*
    0 0 RETURN tcp ------ 0xFF 0x00 *
0x2 0.0.0.0/0 0.0.0.0/0 * ->
23
    0 0 RETURN tcp ------ 0xFF 0x00 *
0x2 0.0.0.0/0 0.0.0.0/0 23 ->
*
    0 0 RETURN tcp ------ 0xFF 0x00 *
0x2 0.0.0.0/0 0.0.0.0/0 * ->
22
    0 0 RETURN tcp ------ 0xFF 0x00 *
0x2 0.0.0.0/0 0.0.0.0/0 22 ->
*
+ _________________________ ipfwadm/forward
+
+ ipfwadm -F -l -n -e
ipfwadm: not found
+ _________________________ ipfwadm/input
+
+ ipfwadm -I -l -n -e
ipfwadm: not found
+ _________________________ ipfwadm/output
+
+ ipfwadm -O -l -n -e
ipfwadm: not found
+ _________________________ iptables/nat
+
+ iptables -t nat -L -v -n
iptables: not found
+ _________________________ ipchains/masq
+
+ ipchains -M -L -v -n
IP masquerading entries
+ _________________________ ipfwadm/masq
+
+ ipfwadm -M -l -n -e
ipfwadm: not found
+ _________________________ iptables/mangle
+
+ iptables -t mangle -L -v -n
iptables: not found
+ _________________________ proc/modules
+
+ cat /proc/modules
ip_masq_user 3708 0 (unused)
ip_masq_portfw 2416 1
ip_masq_mfw 3196 0 (unused)
ip_masq_ftp 3576 0 (unused)
ip_masq_autofw 2476 0 (unused)
rtl8139 10852 2
8390 6236 0
pci-scan 2296 0 [rtl8139]
isofs 17692 0
ide-cd 22672 0
cdrom 26712 0 [ide-cd]
+ _________________________ proc/meminfo
+
+ cat /proc/meminfo
        total: used: free: shared: buffers: cached:
Mem: 64561152 15704064 48857088 6406144 6123520 4513792
Swap: 0 0 0
MemTotal: 63048 kB
MemFree: 47712 kB
MemShared: 6256 kB
Buffers: 5980 kB
Cached: 4408 kB
SwapTotal: 0 kB
SwapFree: 0 kB
+ _________________________ dev/ipsec-ls
+
+ ls -l /dev/ipsec*
ls: /dev/ipsec*: No such file or directory
+ _________________________ proc/net/ipsec-ls
+
+ ls -l /proc/net/ipsec_eroute /proc/net/ipsec_klipsdebug
/proc/net/ipsec_spi /proc/net/ipsec_spigrp /proc/net/ipsec_tncfg
/proc/net/ipsec_version
-r--r--r-- 1 root root 0 Jul 19 15:02
/proc/net/ipsec_eroute
-r--r--r-- 1 root root 0 Jul 19 15:02
/proc/net/ipsec_klipsdebug
-r--r--r-- 1 root root 0 Jul 19 15:02
/proc/net/ipsec_spi
-r--r--r-- 1 root root 0 Jul 19 15:02
/proc/net/ipsec_spigrp
-r--r--r-- 1 root root 0 Jul 19 15:02
/proc/net/ipsec_tncfg
-r--r--r-- 1 root root 0 Jul 19 15:02
/proc/net/ipsec_version
+ _________________________ usr/src/linux/.config
+
+ test -f /usr/src/linux/.config
+ _________________________ etc/syslog.conf
+
+ cat /etc/syslog.conf
# /etc/syslog.conf Configuration file for syslogd.
#
# For more information see syslog.conf(5)
# manpage.

#
# Log everything remotely. The other machine must run syslog with '-r'.
# WARNING: Doing this is unsecure and can open you up to a DoS attack.
#

#*.* @host.ip.address-or-name.here

#
# First some standard logfiles. Log by facility.
#

auth,authpriv.* /var/log/auth.log
*.*;auth,authpriv.none -/var/log/syslog
daemon.* -/var/log/daemon.log
kern.* -/var/log/kern.log
#cron.* /var/log/cron.log

#lpr.* -/var/log/lpr.log
#mail.* /var/log/mail.log
#user.* -/var/log/user.log
#uucp.* -/var/log/uucp.log

#
# Some `catch-all' logfiles.
#
*.=debug;\
        auth,authpriv.none;\
        news.none;mail.none -/var/log/debug
*.=info;*.=notice;*.=warn;\
        auth,authpriv.none;\
        cron,daemon.none;\
        mail,news.none -/var/log/messages
#
# Emergencies are sent to everybody logged in.
#
*.emerg *

#ppp
local2.* -/var/log/ppp.log

#portslave
local6.* -/var/log/pslave.log
+ _________________________ lib/modules-ls
+
+ ls -ltr /lib/modules
-rw-r--r-- 1 root src 5344 Dec 4 2001 pci-scan.o
-rw-r--r-- 1 root src 6516 Dec 4 2001 ip_masq_ftp.o
-rw-r--r-- 1 root src 8352 Dec 4 2001 ip_masq_dplay.o
-rw-r--r-- 1 root src 9268 Dec 4 2001 8390.o
-rw-r--r-- 1 root src 7864 Dec 4 2001 ip_masq_user.o
-rw-r--r-- 1 root src 4856 Dec 4 2001 ip_masq_portfw.o
-rw-r--r-- 1 root src 4744 Dec 4 2001 ip_masq_mms.o
-rw-r--r-- 1 root src 6364 Dec 4 2001 ip_masq_mfw.o
-rw-r--r-- 1 root src 11468 Dec 4 2001 ip_masq_ipsec.o
-rw-r--r-- 1 root src 4908 Dec 4 2001 ip_masq_autofw.o
-rwxr-xr-x 1 root root 7060 Feb 5 09:21 ne2k-pci.o
-rw-r--r-- 1 root root 15644 Feb 22 19:19 rtl8139.o
-rwxr-xr-x 1 root root 9744 Feb 28 09:32 ne.o
+ _________________________ proc/ksyms-netif_rx
+
+ egrep netif_rx /proc/ksyms
c0150d10 netif_rx
+ _________________________ lib/modules-netif_rx
+
+ modulegoo kernel/net/ipv4/ipip.o netif_rx
+ set +x
+ _________________________ kern.debug
+
+ test -f /var/log/kern.debug
+ _________________________ klog
+
+ sed -n 162,$p /var/log/syslog
+ egrep -i ipsec|klips|pluto
+ cat
Jul 19 11:31:47 leipzig ipsec_setup: Starting FreeS/WAN IPsec
U1.97/K1.91...
Jul 19 11:31:47 leipzig ipsec_setup: KLIPS debug `none'
Jul 19 11:31:48 leipzig ipsec_setup: KLIPS ipsec0 on eth0
214.150.69.254/27 broadcast 213.149.68.255
Jul 19 11:31:48 leipzig ipsec_setup: ...FreeS/WAN IPsec started
Jul 19 11:33:30 leipzig ipsec__plutorun: 104 "k-l" #1: STATE_MAIN_I1:
initiate
Jul 19 11:33:30 leipzig ipsec__plutorun: 010 "k-l" #1: STATE_MAIN_I1:
retransmission; will wait 20s for response
Jul 19 11:33:30 leipzig ipsec__plutorun: 010 "k-l" #1: STATE_MAIN_I1:
retransmission; will wait 40s for response
Jul 19 11:33:30 leipzig ipsec__plutorun: 106 "k-l" #1: STATE_MAIN_I2:
sent MI2, expecting MR2
Jul 19 11:33:30 leipzig ipsec__plutorun: 108 "k-l" #1: STATE_MAIN_I3:
sent MI3, expecting MR3
Jul 19 11:33:30 leipzig ipsec__plutorun: 004 "k-l" #1: STATE_MAIN_I4:
ISAKMP SA established
Jul 19 11:33:30 leipzig ipsec__plutorun: 112 "k-l" #4: STATE_QUICK_I1:
initiate
Jul 19 11:33:30 leipzig ipsec__plutorun: 003 "k-l" #4: up-client command
exited with status 127
Jul 19 11:33:30 leipzig ipsec__plutorun: 032 "k-l" #4: STATE_QUICK_I1:
internal error
Jul 19 11:33:30 leipzig ipsec__plutorun: 003 ERROR: "k-l" #4: pfkey
write() of SADB_X_ADDFLOW message 26 for flow tun.1005_at_195.122.124.165
failed. Errno 14: Bad address
Jul 19 11:33:30 leipzig ipsec__plutorun: 032 "k-l" #4: STATE_QUICK_I1:
internal error
Jul 19 11:33:30 leipzig ipsec__plutorun: 010 "k-l" #4: STATE_QUICK_I1:
retransmission; will wait 20s for response
Jul 19 11:33:30 leipzig ipsec__plutorun: 003 ERROR: "k-l" #4: pfkey
write() of SADB_X_ADDFLOW message 35 for flow tun.1007_at_195.122.124.165
failed. Errno 14: Bad address
Jul 19 11:33:30 leipzig ipsec__plutorun: 032 "k-l" #4: STATE_QUICK_I1:
internal error
Jul 19 11:33:30 leipzig ipsec__plutorun: 010 "k-l" #4: STATE_QUICK_I1:
retransmission; will wait 40s for response
Jul 19 11:33:30 leipzig ipsec__plutorun: 031 "k-l" #4: max number of
retransmissions (2) reached STATE_QUICK_I1. No acceptable response to
our first Quick Mode message: perhaps peer likes no proposal
Jul 19 11:33:30 leipzig ipsec__plutorun: 000 "k-l" #4: starting keying
attempt 2 of an unlimited number, but releasing whack
Jul 19 11:33:30 leipzig ipsec__plutorun: ...could not start conn "k-l"
Jul 19 11:34:40 leipzig ipsec__plutorun: 112 "b-l" #8: STATE_QUICK_I1:
initiate
Jul 19 11:34:40 leipzig ipsec__plutorun: 003 "b-l" #8: up-client command
exited with status 127
Jul 19 11:34:40 leipzig ipsec__plutorun: 032 "b-ld" #8: STATE_QUICK_I1:
internal error
Jul 19 11:34:40 leipzig ipsec__plutorun: 003 ERROR: "b-l" #8: pfkey
write() of SADB_X_ADDFLOW message 70 for flow tun.100f_at_195.122.124.165
failed. Errno 14: Bad address
Jul 19 11:34:40 leipzig ipsec__plutorun: 032 "b-l" #8: STATE_QUICK_I1:
internal error
Jul 19 11:34:40 leipzig ipsec__plutorun: 010 "b-l" #8: STATE_QUICK_I1:
retransmission; will wait 20s for response
Jul 19 11:34:40 leipzig ipsec__plutorun: 010 "b-l" #8: STATE_QUICK_I1:
retransmission; will wait 40s for response
Jul 19 11:34:40 leipzig ipsec__plutorun: 003 ERROR: "b-l" #8: pfkey
write() of SADB_X_ADDFLOW message 97 for flow tun.1015_at_195.122.124.165
failed. Errno 14: Bad address
Jul 19 11:34:40 leipzig ipsec__plutorun: 032 "b-l" #8: STATE_QUICK_I1:
internal error
Jul 19 11:34:40 leipzig ipsec__plutorun: 031 "b-l" #8: max number of
retransmissions (2) reached STATE_QUICK_I1. No acceptable response to
our first Quick Mode message: perhaps peer likes no proposal
Jul 19 11:34:40 leipzig ipsec__plutorun: 000 "b-l" #8: starting keying
attempt 2 of an unlimited number, but releasing whack
Jul 19 11:34:40 leipzig ipsec__plutorun: ...could not start conn "b-l"
+ _________________________ plog
+
+ sed -n 54,$p /var/log/auth.log
+ egrep -i pluto
+ cat
Jul 19 11:31:48 leipzig ipsec__plutorun: Starting Pluto subsystem...
Jul 19 11:31:48 leipzig Pluto[1959]: Starting Pluto (FreeS/WAN Version
1.97)
Jul 19 11:31:48 leipzig Pluto[1959]: including X.509 patch (Version
0.9.10)
Jul 19 11:31:48 leipzig Pluto[1959]: Changing to directory
'/etc/ipsec.d/cacerts'
Jul 19 11:31:48 leipzig Pluto[1959]: loaded cacert file 'rootca-c.pem'
(1635 bytes)
Jul 19 11:31:48 leipzig Pluto[1959]: Changing to directory
'/etc/ipsec.d/crls'
Jul 19 11:31:48 leipzig Pluto[1959]: loaded crl file 'crl.pem' (690
bytes)
Jul 19 11:31:48 leipzig Pluto[1959]: loaded my default X.509 cert file
'/etc/x509cert.der' (1074 bytes)
Jul 19 11:31:48 leipzig Pluto[1959]: loaded host cert file
'/etc/ipsec.d/vpn-c00.pem' (4460 bytes)
Jul 19 11:31:48 leipzig Pluto[1959]: loaded host cert file
'/etc/ipsec.d/vpn-c06.pem' (4456 bytes)
Jul 19 11:31:48 leipzig Pluto[1959]: added connection description "k-l"
Jul 19 11:31:48 leipzig Pluto[1959]: loaded host cert file
'/etc/ipsec.d/vpn-c00.pem' (4460 bytes)
Jul 19 11:31:48 leipzig Pluto[1959]: added connection description "l-hr"
Jul 19 11:31:49 leipzig Pluto[1959]: loaded host cert file
'/etc/ipsec.d/vpn-c00.pem' (4460 bytes)
Jul 19 11:31:49 leipzig Pluto[1959]: loaded host cert file
'/etc/ipsec.d/vpn-c06.pem' (4456 bytes)
Jul 19 11:31:49 leipzig Pluto[1959]: added connection description "b-l"
Jul 19 11:31:49 leipzig Pluto[1959]: listening for IKE messages
Jul 19 11:31:49 leipzig Pluto[1959]: adding interface ipsec0/eth0
214.150.69.254
Jul 19 11:31:49 leipzig Pluto[1959]: loading secrets from
"/etc/ipsec.secrets"
Jul 19 11:31:49 leipzig Pluto[1959]: loaded private key file
'/etc/ipsec.d/private/vpn-k00.pem' (963 bytes)
Jul 19 11:31:49 leipzig Pluto[1959]: "k-l" #1: initiating Main Mode
Jul 19 11:31:49 leipzig Pluto[1959]: some IKE message we sent has been
rejected with ECONNREFUSED (kernel supplied no details)
Jul 19 11:31:59 leipzig Pluto[1959]: some IKE message we sent has been
rejected with ECONNREFUSED (kernel supplied no details)
Jul 19 11:32:00 leipzig Pluto[1959]: "k-l" #2: responding to Main Mode
Jul 19 11:32:00 leipzig Pluto[1959]: "k-l" #2: Peer ID is
ID_DER_ASN1_DN: 'C=DE, ST=Sachsen, O=test, OU=IT, CN=test,
E=test_at_test.de'
Jul 19 11:32:00 leipzig Pluto[1959]: "k-l" #2: sent MR3, ISAKMP SA
established
Jul 19 11:32:01 leipzig Pluto[1959]: "k-l" #3: responding to Quick Mode
Jul 19 11:32:11 leipzig Pluto[1959]: "k-l" #3: discarding duplicate
packet; already STATE_QUICK_R1
Jul 19 11:32:19 leipzig Pluto[1959]: "k-l" #1: Peer ID is
ID_DER_ASN1_DN: 'C=DE, ST=Sachsen, O=test, OU=IT, CN=test,
E=test_at_test.de'
Jul 19 11:32:19 leipzig Pluto[1959]: "k-l" #1: ISAKMP SA established
Jul 19 11:32:19 leipzig Pluto[1959]: "k-l" #4: initiating Quick Mode
RSASIG+ENCRYPT+TUNNEL+PFS+DISABLEARRIVALCHECK
Jul 19 11:32:20 leipzig Pluto[1959]: "k-l" #4: up-client output:
iptables: not found
Jul 19 11:32:20 leipzig Pluto[1959]: "k-l" #4: up-client output:
iptables: not found
Jul 19 11:32:20 leipzig Pluto[1959]: "k-l" #4: up-client command exited
with status 127
Jul 19 11:32:30 leipzig Pluto[1959]: ERROR: "k-l" #4: pfkey write() of
SADB_X_ADDFLOW message 26 for flow tun.1005_at_195.122.124.165 failed.
Errno 14: Bad address
Jul 19 11:32:30 leipzig Pluto[1959]: | 02 0e 00 09 16 00 00 00 1a 00
00 00 a7 07 00 00
Jul 19 11:32:30 leipzig Pluto[1959]: | 02 00 01 00 00 00 10 05 00 00
00 00 02 00 00 00
Jul 19 11:32:30 leipzig Pluto[1959]: | 03 00 05 00 00 00 00 00 02 00
00 00 d5 95 44 fd
Jul 19 11:32:30 leipzig Pluto[1959]: | 00 00 00 00 00 00 00 00 03 00
06 00 00 00 00 00
Jul 19 11:32:30 leipzig Pluto[1959]: | 02 00 01 f4 c2 79 7b a4 00 00
00 00 00 00 00 00
Jul 19 11:32:30 leipzig Pluto[1959]: | 03 00 15 00 00 00 00 00 02 00
00 00 c0 a8 00 00
Jul 19 11:32:30 leipzig Pluto[1959]: | a4 f0 ff bf 00 00 00 00 03 00
16 00 00 00 00 00
Jul 19 11:32:30 leipzig Pluto[1959]: | 02 00 00 00 c0 a8 1e 00 a4 f0
ff bf 00 00 00 00
Jul 19 11:32:30 leipzig Pluto[1959]: | 03 00 17 00 00 00 00 00 02 00
00 00 ff ff f0 00
Jul 19 11:32:30 leipzig Pluto[1959]: | 36 36 36 36 36 36 36 36 03 00
18 00 00 00 00 00
Jul 19 11:32:30 leipzig Pluto[1959]: | 02 00 00 00 ff ff ff 00 e8 29
43 ac 36 36 36 36
Jul 19 11:32:31 leipzig Pluto[1959]: "k-l" #3: discarding duplicate
packet; already STATE_QUICK_R1
Jul 19 11:32:49 leipzig Pluto[1959]: ERROR: "k-l" #4: pfkey write() of
SADB_X_ADDFLOW message 35 for flow tun.1007_at_195.122.124.165 failed.
Errno 14: Bad address
Jul 19 11:32:49 leipzig Pluto[1959]: | 02 0e 00 09 16 00 00 00 23 00
00 00 a7 07 00 00
Jul 19 11:32:49 leipzig Pluto[1959]: | 02 00 01 00 00 00 10 07 00 00
00 00 02 00 00 00
Jul 19 11:32:49 leipzig Pluto[1959]: | 03 00 05 00 00 00 00 00 02 00
00 00 d5 95 44 fd
Jul 19 11:32:49 leipzig Pluto[1959]: | 00 00 00 00 00 00 00 00 03 00
06 00 00 00 00 00
Jul 19 11:32:49 leipzig Pluto[1959]: | 02 00 01 f4 c2 79 7b a4 00 00
00 00 00 00 00 00
Jul 19 11:32:49 leipzig Pluto[1959]: | 03 00 15 00 00 00 00 00 02 00
00 00 c0 a8 00 00
Jul 19 11:32:49 leipzig Pluto[1959]: | a4 f0 ff bf 00 00 00 00 03 00
16 00 00 00 00 00
Jul 19 11:32:49 leipzig Pluto[1959]: | 02 00 00 00 c0 a8 1e 00 a4 f0
ff bf 00 00 00 00
Jul 19 11:32:49 leipzig Pluto[1959]: | 03 00 17 00 00 00 00 00 02 00
00 00 ff ff f0 00
Jul 19 11:32:49 leipzig Pluto[1959]: | 36 36 36 36 36 36 36 36 03 00
18 00 00 00 00 00
Jul 19 11:32:49 leipzig Pluto[1959]: | 02 00 00 00 ff ff ff 00 e8 29
43 ac 36 36 36 36
Jul 19 11:33:11 leipzig Pluto[1959]: "k-l" #3: max number of
retransmissions (2) reached STATE_QUICK_R1
Jul 19 11:33:11 leipzig Pluto[1959]: "k-l" #5: responding to Quick Mode
Jul 19 11:33:11 leipzig Pluto[1959]: "b-l" #6: responding to Quick Mode
Jul 19 11:33:22 leipzig Pluto[1959]: "b-l" #6: discarding duplicate
packet; already STATE_QUICK_R1
Jul 19 11:33:22 leipzig Pluto[1959]: "k-l" #5: discarding duplicate
packet; already STATE_QUICK_R1
Jul 19 11:33:30 leipzig Pluto[1959]: "k-l" #4: max number of
retransmissions (2) reached STATE_QUICK_I1. No acceptable response to
our first Quick Mode message: perhaps peer likes no proposal
Jul 19 11:33:30 leipzig Pluto[1959]: "k-l" #4: starting keying attempt 2
of an unlimited number, but releasing whack
Jul 19 11:33:30 leipzig Pluto[1959]: "k-l" #7: initiating Quick Mode
RSASIG+ENCRYPT+TUNNEL+PFS+DISABLEARRIVALCHECK to replace #4
Jul 19 11:33:30 leipzig Pluto[1959]: "b-l" #8: initiating Quick Mode
RSASIG+ENCRYPT+TUNNEL+PFS+DISABLEARRIVALCHECK
Jul 19 11:33:30 leipzig Pluto[1959]: ERROR: "k-l" #7: pfkey write() of
SADB_X_ADDFLOW message 51 for flow tun.100b_at_195.122.124.165 failed.
Errno 14: Bad address
Jul 19 11:33:30 leipzig Pluto[1959]: | 02 0e 00 09 16 00 00 00 33 00
00 00 a7 07 00 00
Jul 19 11:33:30 leipzig Pluto[1959]: | 02 00 01 00 00 00 10 0b 00 00
00 00 02 00 00 00
Jul 19 11:33:30 leipzig Pluto[1959]: | 03 00 05 00 00 00 00 00 02 00
00 00 d5 95 44 fd
Jul 19 11:33:30 leipzig Pluto[1959]: | 00 00 00 00 00 00 00 00 03 00
06 00 00 00 00 00
Jul 19 11:33:30 leipzig Pluto[1959]: | 02 00 01 f4 c2 79 7b a4 00 00
00 00 00 00 00 00
Jul 19 11:33:30 leipzig Pluto[1959]: | 03 00 15 00 00 00 00 00 02 00
00 00 c0 a8 00 00
Jul 19 11:33:30 leipzig Pluto[1959]: | a4 f0 ff bf 00 00 00 00 03 00
16 00 00 00 00 00
Jul 19 11:33:30 leipzig Pluto[1959]: | 02 00 00 00 c0 a8 1e 00 a4 f0
ff bf 00 00 00 00
Jul 19 11:33:30 leipzig Pluto[1959]: | 03 00 17 00 00 00 00 00 02 00
00 00 ff ff f0 00
Jul 19 11:33:30 leipzig Pluto[1959]: | 36 36 36 36 36 36 36 36 03 00
18 00 00 00 00 00
Jul 19 11:33:30 leipzig Pluto[1959]: | 02 00 00 00 ff ff ff 00 47 1d
8f c3 36 36 36 36
Jul 19 11:33:30 leipzig Pluto[1959]: "b-l" #8: up-client output:
iptables: not found
Jul 19 11:33:30 leipzig Pluto[1959]: "b-l" #8: up-client output:
iptables: not found
Jul 19 11:33:30 leipzig Pluto[1959]: "b-l" #8: up-client command exited
with status 127
Jul 19 11:33:40 leipzig Pluto[1959]: ERROR: "b-l" #8: pfkey write() of
SADB_X_ADDFLOW message 70 for flow tun.100f_at_195.122.124.165 failed.
Errno 14: Bad address
Jul 19 11:33:40 leipzig Pluto[1959]: | 02 0e 00 09 16 00 00 00 46 00
00 00 a7 07 00 00
Jul 19 11:33:40 leipzig Pluto[1959]: | 02 00 01 00 00 00 10 0f 00 00
00 00 02 00 00 00
Jul 19 11:33:40 leipzig Pluto[1959]: | 03 00 05 00 00 00 00 00 02 00
00 00 d5 95 44 fd
Jul 19 11:33:40 leipzig Pluto[1959]: | 00 00 00 00 00 00 00 00 03 00
06 00 00 00 00 00
Jul 19 11:33:40 leipzig Pluto[1959]: | 02 00 01 f4 c2 79 7b a4 00 00
00 00 00 00 00 00
Jul 19 11:33:40 leipzig Pluto[1959]: | 03 00 15 00 00 00 00 00 02 00
00 00 c0 a8 00 00
Jul 19 11:33:40 leipzig Pluto[1959]: | a4 f0 ff bf 00 00 00 00 03 00
16 00 00 00 00 00
Jul 19 11:33:40 leipzig Pluto[1959]: | 02 00 00 00 c0 a8 1f 00 a4 f0
ff bf 00 00 00 00
Jul 19 11:33:40 leipzig Pluto[1959]: | 03 00 17 00 00 00 00 00 02 00
00 00 ff ff f0 00
Jul 19 11:33:40 leipzig Pluto[1959]: | 36 36 36 36 36 36 36 36 03 00
18 00 00 00 00 00
Jul 19 11:33:40 leipzig Pluto[1959]: | 02 00 00 00 ff ff ff 00 47 1d
8f c3 36 36 36 36
Jul 19 11:33:41 leipzig Pluto[1959]: ERROR: "k-l" #7: pfkey write() of
SADB_X_ADDFLOW message 79 for flow tun.1011_at_195.122.124.165 failed.
Errno 14: Bad address
Jul 19 11:33:41 leipzig Pluto[1959]: | 02 0e 00 09 16 00 00 00 4f 00
00 00 a7 07 00 00
Jul 19 11:33:41 leipzig Pluto[1959]: | 02 00 01 00 00 00 10 11 00 00
00 00 02 00 00 00
Jul 19 11:33:41 leipzig Pluto[1959]: | 03 00 05 00 00 00 00 00 02 00
00 00 d5 95 44 fd
Jul 19 11:33:41 leipzig Pluto[1959]: | 00 00 00 00 00 00 00 00 03 00
06 00 00 00 00 00
Jul 19 11:33:41 leipzig Pluto[1959]: | 02 00 01 f4 c2 79 7b a4 00 00
00 00 00 00 00 00
Jul 19 11:33:41 leipzig Pluto[1959]: | 03 00 15 00 00 00 00 00 02 00
00 00 c0 a8 00 00
Jul 19 11:33:41 leipzig Pluto[1959]: | a4 f0 ff bf 00 00 00 00 03 00
16 00 00 00 00 00
Jul 19 11:33:41 leipzig Pluto[1959]: | 02 00 00 00 c0 a8 1e 00 a4 f0
ff bf 00 00 00 00
Jul 19 11:33:41 leipzig Pluto[1959]: | 03 00 17 00 00 00 00 00 02 00
00 00 ff ff f0 00
Jul 19 11:33:41 leipzig Pluto[1959]: | 36 36 36 36 36 36 36 36 03 00
18 00 00 00 00 00
Jul 19 11:33:41 leipzig Pluto[1959]: | 02 00 00 00 ff ff ff 00 47 1d
8f c3 36 36 36 36
Jul 19 11:33:42 leipzig Pluto[1959]: "k-l" #5: discarding duplicate
packet; already STATE_QUICK_R1
Jul 19 11:33:42 leipzig Pluto[1959]: "b-l" #6: discarding duplicate
packet; already STATE_QUICK_R1
Jul 19 11:34:01 leipzig Pluto[1959]: ERROR: "k-l" #7: pfkey write() of
SADB_X_ADDFLOW message 88 for flow tun.1013_at_195.122.124.165 failed.
Errno 14: Bad address
Jul 19 11:34:01 leipzig Pluto[1959]: | 02 0e 00 09 16 00 00 00 58 00
00 00 a7 07 00 00
Jul 19 11:34:01 leipzig Pluto[1959]: | 02 00 01 00 00 00 10 13 00 00
00 00 02 00 00 00
Jul 19 11:34:01 leipzig Pluto[1959]: | 03 00 05 00 00 00 00 00 02 00
00 00 d5 95 44 fd
Jul 19 11:34:01 leipzig Pluto[1959]: | 00 00 00 00 00 00 00 00 03 00
06 00 00 00 00 00
Jul 19 11:34:01 leipzig Pluto[1959]: | 02 00 01 f4 c2 79 7b a4 00 00
00 00 00 00 00 00
Jul 19 11:34:01 leipzig Pluto[1959]: | 03 00 15 00 00 00 00 00 02 00
00 00 c0 a8 00 00
Jul 19 11:34:01 leipzig Pluto[1959]: | a4 f0 ff bf 00 00 00 00 03 00
16 00 00 00 00 00
Jul 19 11:34:01 leipzig Pluto[1959]: | 02 00 00 00 c0 a8 1e 00 a4 f0
ff bf 00 00 00 00
Jul 19 11:34:01 leipzig Pluto[1959]: | 03 00 17 00 00 00 00 00 02 00
00 00 ff ff f0 00
Jul 19 11:34:01 leipzig Pluto[1959]: | 36 36 36 36 36 36 36 36 03 00
18 00 00 00 00 00
Jul 19 11:34:01 leipzig Pluto[1959]: | 02 00 00 00 ff ff ff 00 47 1d
8f c3 36 36 36 36
Jul 19 11:34:01 leipzig Pluto[1959]: ERROR: "b-l" #8: pfkey write() of
SADB_X_ADDFLOW message 97 for flow tun.1015_at_195.122.124.165 failed.
Errno 14: Bad address
Jul 19 11:34:01 leipzig Pluto[1959]: | 02 0e 00 09 16 00 00 00 61 00
00 00 a7 07 00 00
Jul 19 11:34:01 leipzig Pluto[1959]: | 02 00 01 00 00 00 10 15 00 00
00 00 02 00 00 00
Jul 19 11:34:01 leipzig Pluto[1959]: | 03 00 05 00 00 00 00 00 02 00
00 00 d5 95 44 fd
Jul 19 11:34:01 leipzig Pluto[1959]: | 00 00 00 00 00 00 00 00 03 00
06 00 00 00 00 00
Jul 19 11:34:01 leipzig Pluto[1959]: | 02 00 01 f4 c2 79 7b a4 00 00
00 00 00 00 00 00
Jul 19 11:34:01 leipzig Pluto[1959]: | 03 00 15 00 00 00 00 00 02 00
00 00 c0 a8 00 00
Jul 19 11:34:01 leipzig Pluto[1959]: | a4 f0 ff bf 00 00 00 00 03 00
16 00 00 00 00 00
Jul 19 11:34:01 leipzig Pluto[1959]: | 02 00 00 00 c0 a8 1f 00 a4 f0
ff bf 00 00 00 00
Jul 19 11:34:01 leipzig Pluto[1959]: | 03 00 17 00 00 00 00 00 02 00
00 00 ff ff f0 00
Jul 19 11:34:01 leipzig Pluto[1959]: | 36 36 36 36 36 36 36 36 03 00
18 00 00 00 00 00
Jul 19 11:34:01 leipzig Pluto[1959]: | 02 00 00 00 ff ff ff 00 47 1d
8f c3 36 36 36 36
Jul 19 11:34:21 leipzig Pluto[1959]: "k-l" #5: max number of
retransmissions (2) reached STATE_QUICK_R1
Jul 19 11:34:22 leipzig Pluto[1959]: "b-l" #9: responding to Quick Mode
Jul 19 11:34:22 leipzig Pluto[1959]: "b-l" #6: max number of
retransmissions (2) reached STATE_QUICK_R1
Jul 19 11:34:22 leipzig Pluto[1959]: "k-l" #10: responding to Quick Mode
Jul 19 11:34:31 leipzig Pluto[1959]: "k-l" #10: discarding duplicate
packet; already STATE_QUICK_R1
Jul 19 11:34:31 leipzig Pluto[1959]: "b-l" #9: discarding duplicate
packet; already STATE_QUICK_R1
Jul 19 11:34:40 leipzig Pluto[1959]: "b-l" #8: max number of
retransmissions (2) reached STATE_QUICK_I1. No acceptable response to
our first Quick Mode message: perhaps peer likes no proposal
Jul 19 11:34:40 leipzig Pluto[1959]: "b-l" #8: starting keying attempt 2
of an unlimited number, but releasing whack
Jul 19 11:34:40 leipzig Pluto[1959]: "b-l" #11: initiating Quick Mode
RSASIG+ENCRYPT+TUNNEL+PFS+DISABLEARRIVALCHECK to replace #8
Jul 19 11:34:40 leipzig Pluto[1959]: "k-l" #7: max number of
retransmissions (2) reached STATE_QUICK_I1. No acceptable response to
our first Quick Mode message: perhaps peer likes no proposal
Jul 19 11:34:40 leipzig Pluto[1959]: "k-l" #7: starting keying attempt 3
of an unlimited number
Jul 19 11:34:40 leipzig Pluto[1959]: "k-l" #12: initiating Quick Mode
RSASIG+ENCRYPT+TUNNEL+PFS+DISABLEARRIVALCHECK to replace #7
Jul 19 11:34:41 leipzig Pluto[1959]: ERROR: "b-l" #11: pfkey write() of
SADB_X_ADDFLOW message 114 for flow tun.1019_at_195.122.124.165 failed.
Errno 14: Bad address
Jul 19 11:34:41 leipzig Pluto[1959]: | 02 0e 00 09 16 00 00 00 72 00
00 00 a7 07 00 00
Jul 19 11:34:41 leipzig Pluto[1959]: | 02 00 01 00 00 00 10 19 00 00
00 00 02 00 00 00
Jul 19 11:34:41 leipzig Pluto[1959]: | 03 00 05 00 00 00 00 00 02 00
00 00 d5 95 44 fd
Jul 19 11:34:41 leipzig Pluto[1959]: | 00 00 00 00 00 00 00 00 03 00
06 00 00 00 00 00
Jul 19 11:34:41 leipzig Pluto[1959]: | 02 00 01 f4 c2 79 7b a4 00 00
00 00 00 00 00 00
Jul 19 11:34:41 leipzig Pluto[1959]: | 03 00 15 00 00 00 00 00 02 00
00 00 c0 a8 00 00
Jul 19 11:34:41 leipzig Pluto[1959]: | a4 f0 ff bf 00 00 00 00 03 00
16 00 00 00 00 00
Jul 19 11:34:41 leipzig Pluto[1959]: | 02 00 00 00 c0 a8 1f 00 a4 f0
ff bf 00 00 00 00
Jul 19 11:34:41 leipzig Pluto[1959]: | 03 00 17 00 00 00 00 00 02 00
00 00 ff ff f0 00
Jul 19 11:34:41 leipzig Pluto[1959]: | 36 36 36 36 36 36 36 36 03 00
18 00 00 00 00 00
Jul 19 11:34:41 leipzig Pluto[1959]: | 02 00 00 00 ff ff ff 00 47 1d
8f c3 36 36 36 36
Jul 19 11:34:41 leipzig Pluto[1959]: ERROR: "k-l" #12: pfkey write() of
SADB_X_ADDFLOW message 123 for flow tun.101b_at_195.122.124.165 failed.
Errno 14: Bad address
Jul 19 11:34:41 leipzig Pluto[1959]: | 02 0e 00 09 16 00 00 00 7b 00
00 00 a7 07 00 00
Jul 19 11:34:41 leipzig Pluto[1959]: | 02 00 01 00 00 00 10 1b 00 00
00 00 02 00 00 00
Jul 19 11:34:41 leipzig Pluto[1959]: | 03 00 05 00 00 00 00 00 02 00
00 00 d5 95 44 fd
Jul 19 11:34:41 leipzig Pluto[1959]: | 00 00 00 00 00 00 00 00 03 00
06 00 00 00 00 00
Jul 19 11:34:41 leipzig Pluto[1959]: | 02 00 01 f4 c2 79 7b a4 00 00
00 00 00 00 00 00
Jul 19 11:34:41 leipzig Pluto[1959]: | 03 00 15 00 00 00 00 00 02 00
00 00 c0 a8 00 00
Jul 19 11:34:41 leipzig Pluto[1959]: | a4 f0 ff bf 00 00 00 00 03 00
16 00 00 00 00 00
Jul 19 11:34:41 leipzig Pluto[1959]: | 02 00 00 00 c0 a8 1e 00 a4 f0
ff bf 00 00 00 00
Jul 19 11:34:41 leipzig Pluto[1959]: | 03 00 17 00 00 00 00 00 02 00
00 00 ff ff f0 00
Jul 19 11:34:41 leipzig Pluto[1959]: | 36 36 36 36 36 36 36 36 03 00
18 00 00 00 00 00
Jul 19 11:34:41 leipzig Pluto[1959]: | 02 00 00 00 ff ff ff 00 47 1d
8f c3 36 36 36 36
Jul 19 11:34:51 leipzig Pluto[1959]: ERROR: "k-l" #12: pfkey write() of
SADB_X_ADDFLOW message 132 for flow tun.101d_at_195.122.124.165 failed.
Errno 14: Bad address
Jul 19 11:34:51 leipzig Pluto[1959]: | 02 0e 00 09 16 00 00 00 84 00
00 00 a7 07 00 00
Jul 19 11:34:51 leipzig Pluto[1959]: | 02 00 01 00 00 00 10 1d 00 00
00 00 02 00 00 00
Jul 19 11:34:51 leipzig Pluto[1959]: | 03 00 05 00 00 00 00 00 02 00
00 00 d5 95 44 fd
Jul 19 11:34:51 leipzig Pluto[1959]: | 00 00 00 00 00 00 00 00 03 00
06 00 00 00 00 00
Jul 19 11:34:51 leipzig Pluto[1959]: | 02 00 01 f4 c2 79 7b a4 00 00
00 00 00 00 00 00
Jul 19 11:34:51 leipzig Pluto[1959]: | 03 00 15 00 00 00 00 00 02 00
00 00 c0 a8 00 00
Jul 19 11:34:51 leipzig Pluto[1959]: | a4 f0 ff bf 00 00 00 00 03 00
16 00 00 00 00 00
Jul 19 11:34:51 leipzig Pluto[1959]: | 02 00 00 00 c0 a8 1e 00 a4 f0
ff bf 00 00 00 00
Jul 19 11:34:51 leipzig Pluto[1959]: | 03 00 17 00 00 00 00 00 02 00
00 00 ff ff f0 00
Jul 19 11:34:51 leipzig Pluto[1959]: | 36 36 36 36 36 36 36 36 03 00
18 00 00 00 00 00
Jul 19 11:34:51 leipzig Pluto[1959]: | 02 00 00 00 ff ff ff 00 47 1d
8f c3 36 36 36 36
Jul 19 11:34:51 leipzig Pluto[1959]: ERROR: "b-l" #11: pfkey write() of
SADB_X_ADDFLOW message 141 for flow tun.101f_at_195.122.124.165 failed.
Errno 14: Bad address
Jul 19 11:34:51 leipzig Pluto[1959]: | 02 0e 00 09 16 00 00 00 8d 00
00 00 a7 07 00 00
Jul 19 11:34:51 leipzig Pluto[1959]: | 02 00 01 00 00 00 10 1f 00 00
00 00 02 00 00 00
Jul 19 11:34:51 leipzig Pluto[1959]: | 03 00 05 00 00 00 00 00 02 00
00 00 d5 95 44 fd
Jul 19 11:34:51 leipzig Pluto[1959]: | 00 00 00 00 00 00 00 00 03 00
06 00 00 00 00 00
Jul 19 11:34:51 leipzig Pluto[1959]: | 02 00 01 f4 c2 79 7b a4 00 00
00 00 00 00 00 00
Jul 19 11:34:51 leipzig Pluto[1959]: | 03 00 15 00 00 00 00 00 02 00
00 00 c0 a8 00 00
Jul 19 11:34:51 leipzig Pluto[1959]: | a4 f0 ff bf 00 00 00 00 03 00
16 00 00 00 00 00
Jul 19 11:34:51 leipzig Pluto[1959]: | 02 00 00 00 c0 a8 1f 00 a4 f0
ff bf 00 00 00 00
Jul 19 11:34:51 leipzig Pluto[1959]: | 03 00 17 00 00 00 00 00 02 00
00 00 ff ff f0 00
Jul 19 11:34:51 leipzig Pluto[1959]: | 36 36 36 36 36 36 36 36 03 00
18 00 00 00 00 00
Jul 19 11:34:51 leipzig Pluto[1959]: | 02 00 00 00 ff ff ff 00 47 1d
8f c3 36 36 36 36
Jul 19 11:34:51 leipzig Pluto[1959]: "b-l" #9: discarding duplicate
packet; already STATE_QUICK_R1
Jul 19 11:34:51 leipzig Pluto[1959]: "k-l" #10: discarding duplicate
packet; already STATE_QUICK_R1
Jul 19 11:35:10 leipzig Pluto[1959]: ERROR: "b-l" #11: pfkey write() of
SADB_X_ADDFLOW message 150 for flow tun.1021_at_195.122.124.165 failed.
Errno 14: Bad address
Jul 19 11:35:10 leipzig Pluto[1959]: | 02 0e 00 09 16 00 00 00 96 00
00 00 a7 07 00 00
Jul 19 11:35:10 leipzig Pluto[1959]: | 02 00 01 00 00 00 10 21 00 00
00 00 02 00 00 00
Jul 19 11:35:10 leipzig Pluto[1959]: | 03 00 05 00 00 00 00 00 02 00
00 00 d5 95 44 fd
Jul 19 11:35:10 leipzig Pluto[1959]: | 00 00 00 00 00 00 00 00 03 00
06 00 00 00 00 00
Jul 19 11:35:10 leipzig Pluto[1959]: | 02 00 01 f4 c2 79 7b a4 00 00
00 00 00 00 00 00
Jul 19 11:35:10 leipzig Pluto[1959]: | 03 00 15 00 00 00 00 00 02 00
00 00 c0 a8 00 00
Jul 19 11:35:10 leipzig Pluto[1959]: | a4 f0 ff bf 00 00 00 00 03 00
16 00 00 00 00 00
Jul 19 11:35:10 leipzig Pluto[1959]: | 02 00 00 00 c0 a8 1f 00 a4 f0
ff bf 00 00 00 00
Jul 19 11:35:10 leipzig Pluto[1959]: | 03 00 17 00 00 00 00 00 02 00
00 00 ff ff f0 00
Jul 19 11:35:10 leipzig Pluto[1959]: | 36 36 36 36 36 36 36 36 03 00
18 00 00 00 00 00
Jul 19 11:35:10 leipzig Pluto[1959]: | 02 00 00 00 ff ff ff 00 47 1d
8f c3 36 36 36 36
Jul 19 11:35:10 leipzig Pluto[1959]: ERROR: "k-l" #12: pfkey write() of
SADB_X_ADDFLOW message 159 for flow tun.1023_at_195.122.124.165 failed.
Errno 14: Bad address
Jul 19 11:35:10 leipzig Pluto[1959]: | 02 0e 00 09 16 00 00 00 9f 00
00 00 a7 07 00 00
Jul 19 11:35:10 leipzig Pluto[1959]: | 02 00 01 00 00 00 10 23 00 00
00 00 02 00 00 00
Jul 19 11:35:10 leipzig Pluto[1959]: | 03 00 05 00 00 00 00 00 02 00
00 00 d5 95 44 fd
Jul 19 11:35:10 leipzig Pluto[1959]: | 00 00 00 00 00 00 00 00 03 00
06 00 00 00 00 00
Jul 19 11:35:10 leipzig Pluto[1959]: | 02 00 01 f4 c2 79 7b a4 00 00
00 00 00 00 00 00
Jul 19 11:35:10 leipzig Pluto[1959]: | 03 00 15 00 00 00 00 00 02 00
00 00 c0 a8 00 00
Jul 19 11:35:10 leipzig Pluto[1959]: | a4 f0 ff bf 00 00 00 00 03 00
16 00 00 00 00 00
Jul 19 11:35:10 leipzig Pluto[1959]: | 02 00 00 00 c0 a8 1e 00 a4 f0
ff bf 00 00 00 00
Jul 19 11:35:10 leipzig Pluto[1959]: | 03 00 17 00 00 00 00 00 02 00
00 00 ff ff f0 00
Jul 19 11:35:10 leipzig Pluto[1959]: | 36 36 36 36 36 36 36 36 03 00
18 00 00 00 00 00
Jul 19 11:35:10 leipzig Pluto[1959]: | 02 00 00 00 ff ff ff 00 47 1d
8f c3 36 36 36 36
Jul 19 11:35:31 leipzig Pluto[1959]: "k-ld" #13: responding to Quick
Mode
Jul 19 11:35:32 leipzig Pluto[1959]: "k-l" #10: max number of
retransmissions (2) reached STATE_QUICK_R1
Jul 19 11:35:32 leipzig Pluto[1959]: "b-l" #9: max number of
retransmissions (2) reached STATE_QUICK_R1
Jul 19 11:35:32 leipzig Pluto[1959]: "b-l" #14: responding to Quick Mode
Jul 19 11:35:42 leipzig Pluto[1959]: "b-l" #14: discarding duplicate
packet; already STATE_QUICK_R1
Jul 19 11:35:42 leipzig Pluto[1959]: "k-l" #13: discarding duplicate
packet; already STATE_QUICK_R1
Jul 19 11:35:50 leipzig Pluto[1959]: "b-l" #11: max number of
retransmissions (2) reached STATE_QUICK_I1. No acceptable response to
our first Quick Mode message: perhaps peer likes no proposal
Jul 19 11:35:50 leipzig Pluto[1959]: "b-l" #11: starting keying attempt
3 of an unlimited number
Jul 19 11:35:50 leipzig Pluto[1959]: "b-l" #15: initiating Quick Mode
RSASIG+ENCRYPT+TUNNEL+PFS+DISABLEARRIVALCHECK to replace #11
Jul 19 11:35:50 leipzig Pluto[1959]: ERROR: "b-l" #15: pfkey write() of
SADB_X_ADDFLOW message 176 for flow tun.1027_at_195.122.124.165 failed.
Errno 14: Bad address
Jul 19 11:35:50 leipzig Pluto[1959]: | 02 0e 00 09 16 00 00 00 b0 00
00 00 a7 07 00 00
Jul 19 11:35:50 leipzig Pluto[1959]: | 02 00 01 00 00 00 10 27 00 00
00 00 02 00 00 00
Jul 19 11:35:50 leipzig Pluto[1959]: | 03 00 05 00 00 00 00 00 02 00
00 00 d5 95 44 fd
Jul 19 11:35:50 leipzig Pluto[1959]: | 00 00 00 00 00 00 00 00 03 00
06 00 00 00 00 00
Jul 19 11:35:50 leipzig Pluto[1959]: | 02 00 01 f4 c2 79 7b a4 00 00
00 00 00 00 00 00
Jul 19 11:35:50 leipzig Pluto[1959]: | 03 00 15 00 00 00 00 00 02 00
00 00 c0 a8 00 00

Am Die, 2002-07-16 um 19.18 schrieb Claudia Schmeing:
> -----BEGIN PGP SIGNED MESSAGE-----
>
> Hi Micha,
>
>
> Just got to my mail after the weekend. I'll write you back in English
> because it's better than my German. ;-)
>
> I am actually no longer the list support person for FreeS/WAN,
> (I'm working on the documentation now) but will have a look at this anyway.
>
> Please send the output of ipsec barf from both ends so that I will have
> more information. If the other end is not FreeS/WAN, please send as much
> info about it as you can.
>
> Please cc: users_at_lists.freeswan.org.
>
> And thank-you for the complement.
>
>
> Claudia
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.3ia
> Charset: noconv
>
> iQCVAwUBPTRVcXDIYXPDEHodAQGwVwP+MQCXAlSgYHuJ0fBztdh5ES7FUqyf/Ups
> stMMPIDFDaZPUg/hvxbeXk79rHBXm1bdvYP+0eCBI1bhNqeUTdXoGVXin9WLaBJx
> xjzI/iK48HdhNhul/XnJlyP1x80Jho6W9bOTKIgQXtVVoa5SvARiBCOWREZyX/ed
> hL1vaJCziy4=
> =Uysa
> -----END PGP SIGNATURE-----
>

_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users

• Next message: Andreas Steffen: "Re: [Users] Re: hi...im from germany"
• Previous message: Andreas Steffen: "Re: [Users] x509 Certs AND PSKs for Road Warriors"
• Next in thread: Andreas Steffen: "Re: [Users] Re: hi...im from germany"
• Reply: Andreas Steffen: "Re: [Users] Re: hi...im from germany"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Mon Jul 29 2002 - 05:20:25 CEST