From: hburbano_at_gcintl.com
Date: Tue Oct 29 2002 - 21:51:00 CET
Hello, in my last mail, I included a wrong output of execute the barf command.
I am running Freeswan vers 1.97, all appears to be right, but I can't to do ping.
Maybe you could help me to find if something is wrong.
inet-arriba
Wed Oct 30 04:36:28 ECT 2002
+ _________________________ version
+ ipsec --version
Linux FreeS/WAN 1.97
See `ipsec --copyright' for copyright information.
+ _________________________ proc/version
+ cat /proc/version
Linux version 2.4.9-13 (bhcompile_at_stripples.devel.redhat.com) (gcc version 2.96 20000731 (Red Hat Linux 7.1 2.96-98)) #1 Tue Oct 30 20:05:14 EST 2001
+ _________________________ proc/net/ipsec_eroute
+ sort +3 /proc/net/ipsec_eroute
0 192.168.1.0/24 -> 192.168.2.0/24 => tun0x1002_at_208.164.186.1
+ _________________________ proc/net/ipsec_spi
+ cat /proc/net/ipsec_spi
esp0x2e5b5ad1_at_208.164.186.2 ESP_3DES_HMAC_MD5: dir=in src=208.164.186.1 iv_bits=64bits iv=0xc5f351f0a1fe2be5 ooowin=64 alen=128 aklen=128 eklen=192 life(c,s,h)=addtime(10838,0,0)
esp0xf2099cd3_at_208.164.186.1 ESP_3DES_HMAC_MD5: dir=out src=208.164.186.2 iv_bits=64bits iv=0xcf24f57fc213520e ooowin=64 alen=128 aklen=128 eklen=192 life(c,s,h)=addtime(10838,0,0)
tun0x1002_at_208.164.186.1 IPIP: dir=out src=208.164.186.2 life(c,s,h)=addtime(10838,0,0)
tun0x1001_at_208.164.186.2 IPIP: dir=in src=208.164.186.1 policy=192.168.2.0/24->192.168.1.0/24 flags=0x8<> life(c,s,h)=addtime(10838,0,0)
+ _________________________ proc/net/ipsec_spigrp
+ cat /proc/net/ipsec_spigrp
tun0x1002_at_208.164.186.1 esp0xf2099cd3_at_208.164.186.1
tun0x1001_at_208.164.186.2 esp0x2e5b5ad1_at_208.164.186.2
+ _________________________ netstart-rn
+ netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.2.0 208.164.186.1 255.255.255.0 UG 40 0 0 ipsec0
192.168.1.0 0.0.0.0 255.255.255.0 U 40 0 0 eth1
208.164.186.0 0.0.0.0 255.255.255.0 U 40 0 0 eth0
208.164.186.0 0.0.0.0 255.255.255.0 U 40 0 0 ipsec0
127.0.0.0 0.0.0.0 255.0.0.0 U 40 0 0 lo
+ _________________________ proc/net/ipsec_tncfg
+ cat /proc/net/ipsec_tncfg
ipsec0 -> eth0 mtu=16260(1500) -> 1500
ipsec1 -> NULL mtu=0(0) -> 0
ipsec2 -> NULL mtu=0(0) -> 0
ipsec3 -> NULL mtu=0(0) -> 0
+ _________________________ proc/net/pf_key
+ cat /proc/net/pf_key
sock pid socket next prev e n p sndbf Flags Type St
c2ec8580 5023 c34b2d54 0 0 0 0 2 65535 00000000 3 1
+ _________________________ proc/net/pf_key-star
+ cd /proc/net
+ egrep '^' pf_key_registered pf_key_supported
pf_key_registered:satype socket pid sk
pf_key_registered: 2 c34b2d54 5023 c2ec8580
pf_key_registered: 3 c34b2d54 5023 c2ec8580
pf_key_registered: 9 c34b2d54 5023 c2ec8580
pf_key_registered: 10 c34b2d54 5023 c2ec8580
pf_key_supported:satype exttype alg_id ivlen minbits maxbits
pf_key_supported: 2 14 3 0 160 160
pf_key_supported: 2 14 2 0 128 128
pf_key_supported: 3 15 3 128 168 168
pf_key_supported: 3 14 3 0 160 160
pf_key_supported: 3 14 2 0 128 128
pf_key_supported: 9 15 4 0 128 128
pf_key_supported: 9 15 3 0 32 128
pf_key_supported: 9 15 2 0 128 32
pf_key_supported: 9 15 1 0 32 32
pf_key_supported: 10 15 2 0 1 1
+ _________________________ proc/sys/net/ipsec-star
+ cd /proc/sys/net/ipsec
+ egrep '^' debug_ah debug_eroute debug_esp debug_ipcomp debug_netlink debug_pfkey debug_radij debug_rcv debug_spi debug_tunnel debug_verbose debug_xform icmp inbound_policy_check tos
debug_ah:0
debug_eroute:0
debug_esp:0
debug_ipcomp:0
debug_netlink:0
debug_pfkey:0
debug_radij:0
debug_rcv:0
debug_spi:0
debug_tunnel:0
debug_verbose:0
debug_xform:0
icmp:1
inbound_policy_check:1
tos:1
+ _________________________ ipsec/status
+ ipsec auto --status
000 interface ipsec0/eth0 208.164.186.2
000
000 "gci": 192.168.1.0/24===208.164.186.2...208.164.186.1===192.168.2.0/24
000 "gci": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
000 "gci": policy: RSASIG+ENCRYPT+TUNNEL+PFS; interface: eth0; erouted
000 "gci": newest ISAKMP SA: #1; newest IPsec SA: #2; eroute owner: #2
000
000 #2: "gci" STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 27997s; newest IPSEC; eroute owner
000 #2: "gci" esp.f2099cd3_at_208.164.186.1 esp.2e5b5ad1_at_208.164.186.2 tun.1002_at_208.164.186.1 tun.1001_at_208.164.186.2
000 #1: "gci" STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 2791s; newest ISAKMP
+ _________________________ ifconfig-a
+ ifconfig -a
cipcb0 Link encap:IPIP Tunnel HWaddr
POINTOPOINT NOARP MTU:1442 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
eth0 Link encap:Ethernet HWaddr 00:08:9B:81:A0:87
inet addr:208.164.186.2 Bcast:208.164.186.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1427 errors:0 dropped:0 overruns:0 frame:0
TX packets:1580 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:107492 (104.9 Kb) TX bytes:117604 (114.8 Kb)
Interrupt:5 Base address:0xdc00
eth1 Link encap:Ethernet HWaddr 00:08:9B:13:3A:74
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3499 errors:0 dropped:0 overruns:0 frame:0
TX packets:3158 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:259017 (252.9 Kb) TX bytes:327444 (319.7 Kb)
Interrupt:10 Base address:0xd800 Memory:dfffc000-dfffc038
ipsec0 Link encap:Ethernet HWaddr 00:08:9B:81:A0:87
inet addr:208.164.186.2 Mask:255.255.255.0
UP RUNNING NOARP MTU:16260 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:10
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
ipsec1 Link encap:IPIP Tunnel HWaddr
NOARP MTU:0 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:10
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
ipsec2 Link encap:IPIP Tunnel HWaddr
NOARP MTU:0 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:10
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
ipsec3 Link encap:IPIP Tunnel HWaddr
NOARP MTU:0 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:10
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:212 errors:0 dropped:0 overruns:0 frame:0
TX packets:212 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:13764 (13.4 Kb) TX bytes:13764 (13.4 Kb)
+ _________________________ ipsec/directory
+ ipsec --directory
/usr/local/ipsec
+ _________________________ hostname/fqdn
+ hostname --fqdn
inet-arriba.mydomain.local
+ _________________________ hostname/ipaddress
+ hostname --ip-address
192.168.1.1
+ _________________________ uptime
+ uptime
4:36am up 3:04, 0 users, load average: 0.00, 0.00, 0.00
+ _________________________ ps
+ ps alxwf
+ egrep -i 'ppid|pluto|ipsec|klips'
F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME COMMAND
040 0 5014 1 9 0 1968 936 wait4 S ? 0:00 /bin/sh /usr/local/ipsec/_plutorun --debug none --uniqueids yes
040 0 5015 5014 9 0 1968 936 wait4 S ? 0:00 \_ /bin/sh /usr/local/ipsec/_plutorun --debug none --uniqueids
100 0 5023 5015 8 0 1972 928 do_sel S ? 0:00 | \_ /usr/local/ipsec/pluto --nofork --debug-none --uniqueid
000 0 5024 5023 9 0 1424 316 do_sel S ? 0:00 | \_ _pluto_adns 8 11
000 0 5016 5014 8 0 1948 912 pipe_w S ? 0:00 \_ /bin/sh /usr/local/ipsec/_plutoload --load %search --start
000 0 5017 1 9 0 1364 500 pipe_w S ? 0:00 logger -p daemon.error -t ipsec__plutorun
000 0 5145 5144 9 0 1988 952 wait4 S ? 0:00 \_ sh -c ipsec barf > /home/administrator/ipsec.d/barf 2>/tmp/
000 0 5146 5145 10 0 1952 904 wait4 S ? 0:00 \_ /bin/sh /usr/local/sbin/ipsec barf
000 0 5147 5146 16 0 1984 956 wait4 S ? 0:00 \_ /bin/sh /usr/local/ipsec/barf
040 0 5187 5147 15 0 1984 956 - R ? 0:00 \_ /bin/sh /usr/local/ipsec/barf
+ _________________________ ipsec/showdefaults
+ ipsec showdefaults
#dr: no default route
# no default route
# no default route
+ _________________________ ipsec/conf
+ ipsec _include /home/etc/ipsec.conf
+ ipsec _keycensor
#< /home/etc/ipsec.conf 1
# /etc/ipsec.conf - FreeS/WAN IPsec configuration file
# More elaborate and more varied sample configurations can be found
# in FreeS/WAN's doc/examples file, and in the HTML documentation.
# basic configuration
config setup
# THIS SETTING MUST BE CORRECT or almost nothing will work;
# %defaultroute is okay for most simple cases.
interfaces="ipsec0=eth0"
# Debug-logging controls: "none" for (almost) none, "all" for lots.
klipsdebug=none
plutodebug=none
# Use auto= parameters in conn descriptions to control startup actions.
plutoload=%search
plutostart=%search
# Close down old connection when new one using same ID shows up.
uniqueids=yes
# defaults for subsequent connection descriptions
# (mostly to fix internal defaults which, in retrospect, were badly chosen)
conn %default
keyingtries=0
disablearrivalcheck=no
authby=rsasig
leftrsasigkey=%dns
rightrsasigkey=%dns
# connection description for (experimental!) opportunistic encryption
# (requires KEY record in your DNS reverse map; see doc/opportunism.howto)
conn me-to-anyone
left=%defaultroute
right=%opportunistic
keylife=1h
rekey=no
# uncomment this next line to enable it
#auto=route
# sample VPN connection
conn sample
# Left security gateway, subnet behind it, next hop toward right.
left=10.0.0.1
leftsubnet=172.16.0.0/24
leftnexthop=10.22.33.44
# Right security gateway, subnet behind it, next hop toward left.
right=10.12.12.1
rightsubnet=192.168.0.0/24
rightnexthop=10.101.102.103
# To authorize this connection, but not actually start it, at startup,
# uncomment this.
#auto=add
# Include everything else in the /etc/ipsec.d/ dir, remember
# to issue a 'service ipsec restart' to re-incorporate any
# changes to the configs.
#include /etc/ipsec.d/*.conf
#< /home/administrator/ipsec.d/gci.conf 1
# GCI IPSEC configuration
conn gci
type=tunnel
left=208.164.186.2
leftsubnet=192.168.1.0/24
#leftnexthop=208.164.186.1
right=208.164.186.1
rightsubnet=192.168.2.0/24
#rightnexthop=208.164.186.2
authby=rsasig
leftrsasigkey=[keyid AQObttxwX]
rightrsasigkey=[keyid AQOEufUsl]
auto=start
#> /home/etc/ipsec.conf 59
+ _________________________ ipsec/secrets
+ ipsec _include /home/etc/ipsec.secrets
+ ipsec _secretcensor
#< /home/etc/ipsec.secrets 1
# RCSID : secrets.proto,v 1.14 2001/05/23 15:12:37 henry Exp $
# RCSID : secrets.proto,v 1.14 2001/05/23 15:12:37 henry Exp $
# This file holds shared secrets or RSA private keys for inter-Pluto
# authentication. See ipsec_pluto(8) manpage, and HTML documentation.
# RSA private key for this host, authenticating it to any other host
# which knows the public part. Suitable public keys, for ipsec.conf, DNS,
# or configuration of other implementations, can be extracted conveniently
# with "[sums to ef67...]".
: RSA {
# RSA 2048 bits INETserver.nwbox.int Fri Jul 19 03:28:16 2002
# for signatures only, UNSAFE FOR ENCRYPTION
#pubkey=[keyid AQNpTyz0S]
#IN KEY 0x4200 4 1 [keyid AQNpTyz0S]
# (0x4200 = auth-only host-level, 4 = IPSec, 1 = RSA)
Modulus: [...]
PublicExponent: [...]
# everything after this point is secret
PrivateExponent: [...]
Prime1: [...]
Prime2: [...]
Exponent1: [...]
Exponent2: [...]
Coefficient: [...]
}
# do not change the indenting of that "[sums to 7d9d...]"
#include user-added bits
#include /etc/ipsec.d/*.secrets
#< /home/administrator/ipsec.d/gci.secrets 1
208.164.186.1 208.164.186.2: RSA {
# RSA 1024 bits inet-arriba Fri Oct 25 06:33:51 2002
# for signatures only, UNSAFE FOR ENCRYPTION
#pubkey=[keyid AQObttxwX]
#IN KEY 0x4200 4 1 [keyid AQObttxwX]
# (0x4200 = auth-only host-level, 4 = IPSec, 1 = RSA)
Modulus: [...]
PublicExponent: [...]
# everything after this point is secret
PrivateExponent: [...]
Prime1: [...]
Prime2: [...]
Exponent1: [...]
Exponent2: [...]
Coefficient: [...]
}
#> /home/etc/ipsec.secrets 32
+ _________________________ ipsec/ls-dir
+ ls -l /usr/local/ipsec
total 2460
-rwxr-xr-x 1 root root 11085 Apr 16 2002 _confread
-rwxr-xr-x 1 root root 46773 Apr 16 2002 _copyright
-rwxr-xr-x 1 root root 2163 Apr 16 2002 _include
-rwxr-xr-x 1 root root 1472 Apr 16 2002 _keycensor
-rwxr-xr-x 1 root root 69301 Apr 16 2002 _pluto_adns
-rwxr-xr-x 1 root root 3495 Apr 16 2002 _plutoload
-rwxr-xr-x 1 root root 4265 Apr 16 2002 _plutorun
-rwxr-xr-x 1 root root 7294 Apr 16 2002 _realsetup
-rwxr-xr-x 1 root root 1971 Apr 16 2002 _secretcensor
-rwxr-xr-x 1 root root 6839 Apr 16 2002 _startklips
-rwxr-xr-x 1 root root 5281 Oct 30 04:16 _updown
-rwxr-xr-x 1 root root 5014 Oct 30 04:15 _updown.old
-rwxr-xr-x 1 root root 10912 Apr 16 2002 auto
-rwxr-xr-x 1 root root 7132 Apr 16 2002 barf
-rwxr-xr-x 1 root root 225945 Apr 16 2002 eroute
-rwxr-xr-x 1 root root 98468 Apr 16 2002 ikeping
-rwxr-xr-x 1 root root 2916 Oct 8 23:42 ipsec
-rw-r--r-- 1 root root 1950 Apr 16 2002 ipsec_pr.template
-rwxr-xr-x 1 root root 161630 Apr 16 2002 klipsdebug
-rwxr-xr-x 1 root root 2437 Apr 16 2002 look
-rwxr-xr-x 1 root root 16157 Apr 16 2002 manual
-rwxr-xr-x 1 root root 1847 Apr 16 2002 newhostkey
-rwxr-xr-x 1 root root 140189 Apr 16 2002 pf_key
-rwxr-xr-x 1 root root 790088 Apr 16 2002 pluto
-rwxr-xr-x 1 root root 53082 Apr 16 2002 ranbits
-rwxr-xr-x 1 root root 76550 Apr 16 2002 rsasigkey
-rwxr-xr-x 1 root root 16659 Oct 8 23:43 send-pr
lrwxrwxrwx 1 root root 22 Oct 29 20:32 setup -> /etc/rc.d/init.d/ipsec
-rwxr-xr-x 1 root root 1041 Apr 16 2002 showdefaults
-rwxr-xr-x 1 root root 3484 Apr 16 2002 showhostkey
-rwxr-xr-x 1 root root 246954 Apr 16 2002 spi
-rwxr-xr-x 1 root root 202778 Apr 16 2002 spigrp
-rwxr-xr-x 1 root root 71231 Apr 16 2002 tncfg
-rwxr-xr-x 1 root root 17032 Apr 16 2002 uml_netjig
-rwxr-xr-x 1 root root 135837 Apr 16 2002 whack
+ _________________________ ipsec/updowns
++ ls /usr/local/ipsec
++ egrep updown
+ cat /usr/local/ipsec/_updown
#! /bin/sh
# default updown script
# Copyright (C) 2000, 2001 D. Hugh Redelmeier, Henry Spencer
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 2 of the License, or (at your
# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
# for more details.
#
# RCSID $Id: _updown,v 1.19 2002/03/25 18:04:42 henry Exp $
# CAUTION: Installing a new version of FreeS/WAN will install a new
# copy of this script, wiping out any custom changes you make. If
# you need changes, make a copy of this under another name, and customize
# that, and use the (left/right)updown parameters in ipsec.conf to make
# FreeS/WAN use yours instead of this default one.
# check interface version
case "$PLUTO_VERSION" in
1.[0]) # Older Pluto?!? Play it safe, script may be using new features.
echo "$0: obsolete interface version \`$PLUTO_VERSION'," >&2
echo "$0: called by obsolete Pluto?" >&2
exit 2
;;
1.*) ;;
*) echo "$0: unknown interface version \`$PLUTO_VERSION'" >&2
exit 2
;;
esac
# check parameter(s)
case "$1:$*" in
':') # no parameters
;;
ipfwadm:ipfwadm) # due to (left/right)firewall; for default script only
;;
custom:*) # custom parameters (see above CAUTION comment)
;;
*) echo "$0: unknown parameters \`$*'" >&2
exit 2
;;
esac
# utility functions for route manipulation
# Meddling with this stuff should not be necessary and requires great care.
uproute() {
doroute add
}
downroute() {
doroute del
}
doroute() {
parms="-net $PLUTO_PEER_CLIENT_NET netmask $PLUTO_PEER_CLIENT_MASK"
parms2="dev $PLUTO_INTERFACE gw $PLUTO_NEXT_HOP"
case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in
"0.0.0.0/0.0.0.0")
# horrible kludge for obscure routing bug with opportunistic
it="route $1 -net 0.0.0.0 netmask 128.0.0.0 $parms2 &&
route $1 -net 128.0.0.0 netmask 128.0.0.0 $parms2"
;;
*) it="route $1 $parms $parms2"
;;
esac
eval $it
st=$?
if test $st -ne 0
then
# route has already given its own cryptic message
echo "$0: \`$it' failed" >&2
if test " $1 $st" = " add 7"
then
# another totally undocumented interface -- 7 and
# "SIOCADDRT: Network is unreachable" means that
# the gateway isn't reachable.
echo "$0: (incorrect or missing nexthop setting??)" >&2
fi
fi
return $st
}
# the big choice
case "$PLUTO_VERB:$1" in
prepare-host:*|prepare-client:*)
# delete possibly-existing route (preliminary to adding a route)
case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in
"0.0.0.0/0.0.0.0")
# horrible kludge for obscure routing bug with opportunistic
it="route del -net 0.0.0.0 netmask 128.0.0.0 2>&1 ;
route del -net 128.0.0.0 netmask 128.0.0.0 2>&1"
;;
*)
it="route del -net $PLUTO_PEER_CLIENT_NET \
netmask $PLUTO_PEER_CLIENT_MASK 2>&1"
;;
esac
oops="`eval $it`"
status="$?"
if test " $oops" = " " -a " $status" != " 0"
then
oops="silent error, exit status $status"
fi
case "$oops" in
'SIOCDELRT: No such process'*)
# This is what route (currently -- not documented!) gives
# for "could not find such a route".
oops=
status=0
;;
esac
if test " $oops" != " " -o " $status" != " 0"
then
echo "$0: \`$it' failed ($oops)" >&2
fi
exit $status
;;
route-host:*|route-client:*)
# connection to me or my client subnet being routed
uproute
;;
unroute-host:*|unroute-client:*)
# connection to me or my client subnet being unrouted
downroute
;;
up-host:*)
# connection to me coming up
# If you are doing a custom version, firewall commands go here.
;;
down-host:*)
# connection to me going down
# If you are doing a custom version, firewall commands go here.
;;
up-client:)
# connection to my client subnet coming up
# If you are doing a custom version, firewall commands go here.
;;
down-client:)
# connection to my client subnet going down
# If you are doing a custom version, firewall commands go here.
;;
up-client:ipfwadm)
# connection to client subnet, with (left/right)firewall=yes, coming up
# This is used only by the default updown script, not by your custom
# ones, so do not mess with it; see CAUTION comment up at top.
#ipfwadm -F -i accept -b -S $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \
# -D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK
iptables -A FORWARD -s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK -j ACCEPT
;;
down-client:ipfwadm)
# connection to client subnet, with (left/right)firewall=yes, going down
# This is used only by the default updown script, not by your custom
# ones, so do not mess with it; see CAUTION comment up at top.
#ipfwadm -F -d accept -b -S $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \
# -D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK
iptables -D FORWARD -s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK -j ACCEPT
;;
*) echo "$0: unknown verb \`$PLUTO_VERB' or parameter \`$1'" >&2
exit 1
;;
esac
+ cat /usr/local/ipsec/_updown.old
#! /bin/sh
# default updown script
# Copyright (C) 2000, 2001 D. Hugh Redelmeier, Henry Spencer
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 2 of the License, or (at your
# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
# for more details.
#
# RCSID $Id: _updown,v 1.19 2002/03/25 18:04:42 henry Exp $
# CAUTION: Installing a new version of FreeS/WAN will install a new
# copy of this script, wiping out any custom changes you make. If
# you need changes, make a copy of this under another name, and customize
# that, and use the (left/right)updown parameters in ipsec.conf to make
# FreeS/WAN use yours instead of this default one.
# check interface version
case "$PLUTO_VERSION" in
1.[0]) # Older Pluto?!? Play it safe, script may be using new features.
echo "$0: obsolete interface version \`$PLUTO_VERSION'," >&2
echo "$0: called by obsolete Pluto?" >&2
exit 2
;;
1.*) ;;
*) echo "$0: unknown interface version \`$PLUTO_VERSION'" >&2
exit 2
;;
esac
# check parameter(s)
case "$1:$*" in
':') # no parameters
;;
ipfwadm:ipfwadm) # due to (left/right)firewall; for default script only
;;
custom:*) # custom parameters (see above CAUTION comment)
;;
*) echo "$0: unknown parameters \`$*'" >&2
exit 2
;;
esac
# utility functions for route manipulation
# Meddling with this stuff should not be necessary and requires great care.
uproute() {
doroute add
}
downroute() {
doroute del
}
doroute() {
parms="-net $PLUTO_PEER_CLIENT_NET netmask $PLUTO_PEER_CLIENT_MASK"
parms2="dev $PLUTO_INTERFACE gw $PLUTO_NEXT_HOP"
case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in
"0.0.0.0/0.0.0.0")
# horrible kludge for obscure routing bug with opportunistic
it="route $1 -net 0.0.0.0 netmask 128.0.0.0 $parms2 &&
route $1 -net 128.0.0.0 netmask 128.0.0.0 $parms2"
;;
*) it="route $1 $parms $parms2"
;;
esac
eval $it
st=$?
if test $st -ne 0
then
# route has already given its own cryptic message
echo "$0: \`$it' failed" >&2
if test " $1 $st" = " add 7"
then
# another totally undocumented interface -- 7 and
# "SIOCADDRT: Network is unreachable" means that
# the gateway isn't reachable.
echo "$0: (incorrect or missing nexthop setting??)" >&2
fi
fi
return $st
}
# the big choice
case "$PLUTO_VERB:$1" in
prepare-host:*|prepare-client:*)
# delete possibly-existing route (preliminary to adding a route)
case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in
"0.0.0.0/0.0.0.0")
# horrible kludge for obscure routing bug with opportunistic
it="route del -net 0.0.0.0 netmask 128.0.0.0 2>&1 ;
route del -net 128.0.0.0 netmask 128.0.0.0 2>&1"
;;
*)
it="route del -net $PLUTO_PEER_CLIENT_NET \
netmask $PLUTO_PEER_CLIENT_MASK 2>&1"
;;
esac
oops="`eval $it`"
status="$?"
if test " $oops" = " " -a " $status" != " 0"
then
oops="silent error, exit status $status"
fi
case "$oops" in
'SIOCDELRT: No such process'*)
# This is what route (currently -- not documented!) gives
# for "could not find such a route".
oops=
status=0
;;
esac
if test " $oops" != " " -o " $status" != " 0"
then
echo "$0: \`$it' failed ($oops)" >&2
fi
exit $status
;;
route-host:*|route-client:*)
# connection to me or my client subnet being routed
uproute
;;
unroute-host:*|unroute-client:*)
# connection to me or my client subnet being unrouted
downroute
;;
up-host:*)
# connection to me coming up
# If you are doing a custom version, firewall commands go here.
;;
down-host:*)
# connection to me going down
# If you are doing a custom version, firewall commands go here.
;;
up-client:)
# connection to my client subnet coming up
# If you are doing a custom version, firewall commands go here.
;;
down-client:)
# connection to my client subnet going down
# If you are doing a custom version, firewall commands go here.
;;
up-client:ipfwadm)
# connection to client subnet, with (left/right)firewall=yes, coming up
# This is used only by the default updown script, not by your custom
# ones, so do not mess with it; see CAUTION comment up at top.
ipfwadm -F -i accept -b -S $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \
-D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK
;;
down-client:ipfwadm)
# connection to client subnet, with (left/right)firewall=yes, going down
# This is used only by the default updown script, not by your custom
# ones, so do not mess with it; see CAUTION comment up at top.
ipfwadm -F -d accept -b -S $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \
-D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK
;;
*) echo "$0: unknown verb \`$PLUTO_VERB' or parameter \`$1'" >&2
exit 1
;;
esac
+ _________________________ proc/net/dev
+ cat /proc/net/dev
Inter-| Receive | Transmit
face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed
lo: 13764 212 0 0 0 0 0 0 13764 212 0 0 0 0 0 0
eth0: 107566 1428 0 0 0 0 0 0 117678 1581 0 0 0 0 0 0
eth1: 259077 3499 0 0 0 0 0 0 327518 3158 0 0 0 0 0 0
cipcb0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
ipsec0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
ipsec1: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
ipsec2: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
ipsec3: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
+ _________________________ proc/net/route
+ cat /proc/net/route
Iface Destination Gateway Flags RefCnt Use Metric Mask MTU Window IRTT
ipsec0 0002A8C0 01BAA4D0 0003 0 0 0 00FFFFFF 40 0 0
eth1 0001A8C0 00000000 0001 0 0 0 00FFFFFF 40 0 0
eth0 00BAA4D0 00000000 0001 0 0 0 00FFFFFF 40 0 0
ipsec0 00BAA4D0 00000000 0001 0 0 0 00FFFFFF 40 0 0
lo 0000007F 00000000 0001 0 0 0 000000FF 40 0 0
+ _________________________ proc/sys/net/ipv4/ip_forward
+ cat /proc/sys/net/ipv4/ip_forward
1
+ _________________________ proc/sys/net/ipv4/conf/star-rp_filter
+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/rp_filter default/rp_filter eth0/rp_filter eth1/rp_filter ipsec0/rp_filter lo/rp_filter
all/rp_filter:0
default/rp_filter:1
eth0/rp_filter:0
eth1/rp_filter:1
ipsec0/rp_filter:0
lo/rp_filter:1
+ _________________________ uname-a
+ uname -a
Linux inet-arriba 2.4.9-13 #1 Tue Oct 30 20:05:14 EST 2001 i686 unknown
+ _________________________ redhat-release
+ test -r /etc/redhat-release
+ _________________________ proc/net/ipsec_version
+ cat /proc/net/ipsec_version
FreeS/WAN version: 1.97
+ _________________________ iptables/list
+ iptables -L -v -n
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
980 59717 ACCEPT all -- eth1 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- ppp+ * 0.0.0.0/0 0.0.0.0/0
0 0 DROP all -- * * 224.0.0.0/4 0.0.0.0/0
0 0 DROP all -- * * 255.255.255.255 0.0.0.0/0
0 0 DROP all -- * * 0.0.0.0/0 0.0.0.0
0 0 DROP all -- * * 240.0.0.0/5 0.0.0.0/0
0 0 DROP all -- * * 127.0.0.0/8 0.0.0.0/0
0 0 DROP all -- * * 169.254.0.0/16 0.0.0.0/0
0 0 DROP all -- * * 192.0.2.0/24 0.0.0.0/0
0 0 DROP all -- * * 224.0.0.0/3 0.0.0.0/0
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:68 dpt:67
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spts:32769:65535 dpts:33434:33523
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:53 dpts:1024:65535
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:53 dpts:1024:65535 flags:!0x16/0x02
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spts:1024:65535 dpt:53
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:53 dpt:53
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:110
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:110 dpts:1024:65535 flags:!0x16/0x02
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:25
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:25 dpts:1024:65535 flags:!0x16/0x02
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:21
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:20 flags:!0x16/0x02
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:21 dpts:1024:65535 flags:!0x16/0x02
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:20 dpts:1024:65535
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:80 dpts:1024:65535 flags:!0x16/0x02
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:443
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:443 dpts:1024:65535 flags:!0x16/0x02
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:161 dpts:1024:65535
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 4
3 252 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 11
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 12
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpts:1024:1100
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:1720
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spts:1024:65535 dpts:5000:5001
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:1720 dpts:1024:65535
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:6062 dpts:1024:65535
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:11030:11040 dpts:1024:65535
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:6061
17 3892 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:500 dpt:500
0 0 ACCEPT esp -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
924 55440 ACCEPT all -- eth1 * 192.168.1.0/24 0.0.0.0/0 state NEW
0 0 ACCEPT all -- * * 192.168.1.0/24 0.0.0.0/0
916 54960 ACCEPT all -- * * !192.168.1.0/24 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT all -- ppp+ * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * ppp+ 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy DROP 14 packets, 2856 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- * lo 0.0.0.0/0 0.0.0.0/0
962 56951 ACCEPT all -- * eth1 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- * ppp+ 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:67 dpt:68
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spts:32769:65535 dpts:33434:33523
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spts:1024:65535 dpt:53
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:53
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:53 dpts:1024:65535
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:53 dpt:53
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:110 dpts:1024:65535 flags:!0x16/0x02
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:110
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:25 dpts:1024:65535 flags:!0x16/0x02
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:25
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:21 dpts:1024:65535 flags:!0x16/0x02
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:20 dpts:1024:65535
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:21
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:20 flags:!0x16/0x02
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:80 dpts:1024:65535 flags:!0x16/0x02
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:443 dpts:1024:65535 flags:!0x16/0x02
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:443
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spts:1024:65535 dpt:161
4 928 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3 code 4
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 4
3 252 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 12
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:1100 dpts:1024:65535
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:1720 dpts:1024:65535
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spts:1024:6000 dpts:1024:65535
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:1720
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpt:6062
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spts:1024:65535 dpts:11030:11040
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:6061 dpts:1024:65535
17 3680 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:500 dpt:500
0 0 ACCEPT esp -- * * 0.0.0.0/0 0.0.0.0/0
+ _________________________ ipchains/list
+ ipchains -L -v -n
/usr/local/ipsec/barf: ipchains: command not found
+ _________________________ ipfwadm/forward
+ ipfwadm -F -l -n -e
/usr/local/ipsec/barf: ipfwadm: command not found
+ _________________________ ipfwadm/input
+ ipfwadm -I -l -n -e
/usr/local/ipsec/barf: ipfwadm: command not found
+ _________________________ ipfwadm/output
+ ipfwadm -O -l -n -e
/usr/local/ipsec/barf: ipfwadm: command not found
+ _________________________ iptables/nat
+ iptables -t nat -L -v -n
Chain PREROUTING (policy ACCEPT 7713 packets, 979K bytes)
pkts bytes target prot opt in out source destination
0 0 REDIRECT tcp -- ppp+ * 0.0.0.0/0 !192.168.1.10 tcp dpt:80 redir ports 3128
0 0 REDIRECT tcp -- eth1 * 0.0.0.0/0 !192.168.1.10 tcp dpt:80 redir ports 3128
Chain POSTROUTING (policy ACCEPT 57 packets, 4771 bytes)
pkts bytes target prot opt in out source destination
918 55221 MASQUERADE all -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 238 packets, 19397 bytes)
pkts bytes target prot opt in out source destination
+ _________________________ ipchains/masq
+ ipchains -M -L -v -n
/usr/local/ipsec/barf: ipchains: command not found
+ _________________________ ipfwadm/masq
+ ipfwadm -M -l -n -e
/usr/local/ipsec/barf: ipfwadm: command not found
+ _________________________ iptables/mangle
+ iptables -t mangle -L -v -n
Chain PREROUTING (policy ACCEPT 9069 packets, 1095K bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 1304 packets, 87731 bytes)
pkts bytes target prot opt in out source destination
+ _________________________ proc/modules
+ cat /proc/modules
ipsec 242624 2
cls_u32 5060 1
sch_tbf 2688 1
sch_cbq 11744 1
ipt_state 1024 2 (autoclean)
iptable_mangle 2176 0 (autoclean) (unused)
ipt_MASQUERADE 1664 1 (autoclean)
ipt_REDIRECT 1152 2 (autoclean)
iptable_nat 16628 0 (autoclean) [ipt_MASQUERADE ipt_REDIRECT]
ip_conntrack 15980 2 (autoclean) [ipt_state ipt_MASQUERADE ipt_REDIRECT iptable_nat]
iptable_filter 2144 0 (autoclean) (unused)
ip_tables 10976 8 [ipt_state iptable_mangle ipt_MASQUERADE ipt_REDIRECT iptable_nat iptable_filter]
lp 6624 0 (unused)
parport_pc 14180 1
parport 24608 1 [lp parport_pc]
cipcb 29888 0 (unused)
ixj 169604 0 (unused)
phonedev 2816 1 [ixj]
e100 75704 1
sis900 11588 1
acm 5312 0 (unused)
ext3 59808 4 (autoclean)
jbd 39076 4 (autoclean) [ext3]
usb-ohci 18144 0 (unused)
usbcore 49920 1 [acm usb-ohci]
ramfs 4192 1
+ _________________________ proc/meminfo
+ cat /proc/meminfo
total: used: free: shared: buffers: cached:
Mem: 261341184 239558656 21782528 0 32460800 176168960
Swap: 268410880 0 268410880
MemTotal: 255216 kB
MemFree: 21272 kB
MemShared: 0 kB
Buffers: 31700 kB
Cached: 172040 kB
SwapCached: 0 kB
Active: 58904 kB
Inact_dirty: 144836 kB
Inact_clean: 0 kB
Inact_target: 65536 kB
HighTotal: 0 kB
HighFree: 0 kB
LowTotal: 255216 kB
LowFree: 21272 kB
SwapTotal: 262120 kB
SwapFree: 262120 kB
+ _________________________ dev/ipsec-ls
+ ls -l '/dev/ipsec*'
ls: /dev/ipsec*: No such file or directory
+ _________________________ proc/net/ipsec-ls
+ ls -l /proc/net/ipsec_eroute /proc/net/ipsec_klipsdebug /proc/net/ipsec_spi /proc/net/ipsec_spigrp /proc/net/ipsec_tncfg /proc/net/ipsec_version
-r--r--r-- 1 root root 0 Oct 30 04:36 /proc/net/ipsec_eroute
-r--r--r-- 1 root root 0 Oct 30 04:36 /proc/net/ipsec_klipsdebug
-r--r--r-- 1 root root 0 Oct 30 04:36 /proc/net/ipsec_spi
-r--r--r-- 1 root root 0 Oct 30 04:36 /proc/net/ipsec_spigrp
-r--r--r-- 1 root root 0 Oct 30 04:36 /proc/net/ipsec_tncfg
-r--r--r-- 1 root root 0 Oct 30 04:36 /proc/net/ipsec_version
+ _________________________ usr/src/linux/.config
+ test -f /usr/src/linux/.config
+ _________________________ etc/syslog.conf
+ cat /etc/syslog.conf
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console
# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;authpriv.none;cron.none /var/log/messages
# The authpriv file has restricted access.
authpriv.* /var/log/secure
# Log all the mail messages in one place.
mail.* /var/log/maillog
# Log cron stuff
cron.* /var/log/cron
# Everybody gets emergency messages, plus log them on another machine.
*.emerg *
# Save mail and news errors of level err and higher in a special file.
uucp,news.crit /var/log/spooler
# DHCP
local4.* /var/log/dhcp.log
# PPP
local5.* /var/log/ppp.log
# Save boot messages also to boot.log
local7.* /var/log/boot.log
+ _________________________ lib/modules-ls
+ ls -ltr /lib/modules
total 1
drwxr-xr-x 3 root root 1024 Jul 11 00:36 2.4.9-13
+ _________________________ proc/ksyms-netif_rx
+ egrep netif_rx /proc/ksyms
c01c56b8 netif_rx_Rb80f6255
+ _________________________ lib/modules-netif_rx
+ modulegoo kernel/net/ipv4/ipip.o netif_rx
+ set +x
/usr/local/ipsec/barf: nm: command not found
+ _________________________ kern.debug
+ test -f /var/log/kern.debug
+ _________________________ klog
+ sed -n '1051,$p' /var/log/messages
+ egrep -i 'ipsec|klips|pluto'
+ cat
Oct 30 04:32:41 inet-arriba ipsec_setup: Starting FreeS/WAN IPsec 1.97...
Oct 30 04:32:41 inet-arriba ipsec_setup: KLIPS debug `none'
Oct 30 04:32:41 inet-arriba ipsec_setup: KLIPS ipsec0 on eth0 208.164.186.2/255.255.255.0 broadcast 208.164.186.255
Oct 30 04:32:41 inet-arriba ipsec_setup: ...FreeS/WAN IPsec started
Oct 30 04:32:42 inet-arriba ipsec__plutorun: 104 "gci" #1: STATE_MAIN_I1: initiate
Oct 30 04:32:42 inet-arriba ipsec__plutorun: 106 "gci" #1: STATE_MAIN_I2: sent MI2, expecting MR2
Oct 30 04:32:42 inet-arriba ipsec__plutorun: 108 "gci" #1: STATE_MAIN_I3: sent MI3, expecting MR3
Oct 30 04:32:42 inet-arriba ipsec__plutorun: 004 "gci" #1: STATE_MAIN_I4: ISAKMP SA established
Oct 30 04:32:42 inet-arriba ipsec__plutorun: 112 "gci" #2: STATE_QUICK_I1: initiate
Oct 30 04:32:42 inet-arriba ipsec__plutorun: 004 "gci" #2: STATE_QUICK_I2: sent QI2, IPsec SA established
+ _________________________ plog
+ sed -n '1007,$p' /var/log/secure
+ egrep -i pluto
+ cat
Oct 30 04:32:41 inet-arriba ipsec__plutorun: Starting Pluto subsystem...
Oct 30 04:32:41 inet-arriba Pluto[5023]: Starting Pluto (FreeS/WAN Version 1.97)
Oct 30 04:32:41 inet-arriba Pluto[5023]: added connection description "gci"
Oct 30 04:32:41 inet-arriba Pluto[5023]: listening for IKE messages
Oct 30 04:32:41 inet-arriba Pluto[5023]: adding interface ipsec0/eth0 208.164.186.2
Oct 30 04:32:41 inet-arriba Pluto[5023]: loading secrets from "/etc/ipsec.secrets"
Oct 30 04:32:41 inet-arriba Pluto[5023]: loading secrets from "/home/administrator/ipsec.d/gci.secrets"
Oct 30 04:32:41 inet-arriba Pluto[5023]: "gci" #1: initiating Main Mode
Oct 30 04:32:41 inet-arriba Pluto[5023]: "gci" #1: ISAKMP SA established
Oct 30 04:32:41 inet-arriba Pluto[5023]: "gci" #2: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS
Oct 30 04:32:42 inet-arriba Pluto[5023]: "gci" #2: sent QI2, IPsec SA established
+ _________________________ date
+ date
Wed Oct 30 04:36:29 ECT 2002
Eng. Henry Burbano
Senior Programmer
GCI CORP.
_______________________________________________
Users mailing list
Users_at_lists.freeswan.org
http://lists.freeswan.org/mailman/listinfo/users
This archive was generated by hypermail 2.1.5 : Wed Oct 30 2002 - 05:20:34 CET