cross Wed Dec 18 14:52:25 CET 2002 + _________________________ version + ipsec --version Linux FreeS/WAN 1.97 See `ipsec --copyright' for copyright information. + _________________________ proc/version + cat /proc/version Linux version 2.4.18-3custom (root@cross) (gcc version 2.96 20000731 (Red Hat Linux 7.3 2.96-110)) #3 vie may 10 19:01:27 CEST 2002 + _________________________ proc/net/ipsec_eroute + sort +3 /proc/net/ipsec_eroute 80 192.168.0.0/16 -> 192.168.101.0/24 => tun0x1002@80.34.201.6 287 217.70.2.128/25 -> 192.168.101.0/24 => tun0x1006@80.34.201.6 0 192.168.0.0/16 -> 192.168.50.0/24 => %trap + _________________________ proc/net/ipsec_spi + cat /proc/net/ipsec_spi tun0x1004@80.34.201.6 IPIP: dir=out src=217.70.2.19 life(c,s,h)=bytes(80447,0,0)addtime(494,0,0)usetime(498,0,0)packets(337,0,0) idle=607 tun0x1002@80.34.201.6 IPIP: dir=out src=217.70.2.19 life(c,s,h)=bytes(20455,0,0)addtime(194,0,0)usetime(216,0,0)packets(80,0,0) idle=157 esp0x4b6437a3@217.70.2.19 ESP_3DES_HMAC_MD5: dir=in src=80.34.201.6 iv_bits=64bits iv=0xad5d43e4e63611d0 ooowin=64 seq=294 bit=0xffffffffffffffff max_seq_diff=2 alen=128 aklen=128 eklen=192 life(c,s,h)=bytes(25094,0,0)addtime(984,0,0)usetime(985,0,0)packets(294,0,0) idle=0 esp0x4b6437a2@217.70.2.19 ESP_3DES_HMAC_MD5: dir=in src=80.34.201.6 iv_bits=64bits iv=0x1ce22b196370f246 ooowin=64 seq=352 bit=0xffffffffffffffff max_seq_diff=1 alen=128 aklen=128 eklen=192 life(c,s,h)=bytes(29168,0,0)addtime(494,0,0)usetime(498,0,0)packets(352,0,0) idle=607 esp0x4b6437a1@217.70.2.19 ESP_3DES_HMAC_MD5: dir=in src=80.34.201.6 iv_bits=64bits iv=0x13920894144ac354 ooowin=64 seq=205 bit=0xffffffffffffffff max_seq_diff=1 alen=128 aklen=128 eklen=192 life(c,s,h)=bytes(47791,0,0)addtime(194,0,0)usetime(216,0,0)packets(205,0,0) idle=26 tun0x1005@217.70.2.19 IPIP: dir=in src=80.34.201.6 policy=192.168.101.0/24->217.70.2.128/25 flags=0x8<> life(c,s,h)=bytes(25094,0,0)addtime(984,0,0)usetime(985,0,0)packets(294,0,0) idle=0 tun0x1003@217.70.2.19 IPIP: dir=in src=80.34.201.6 policy=192.168.101.0/24->217.70.2.128/25 flags=0x8<> life(c,s,h)=bytes(29168,0,0)addtime(494,0,0)usetime(498,0,0)packets(352,0,0) idle=607 tun0x1001@217.70.2.19 IPIP: dir=in src=80.34.201.6 policy=192.168.101.0/24->192.168.0.0/16 flags=0x8<> life(c,s,h)=bytes(47791,0,0)addtime(194,0,0)usetime(216,0,0)packets(205,0,0) idle=26 esp0x2b1152f4@80.34.201.6 ESP_3DES_HMAC_MD5: dir=out src=217.70.2.19 iv_bits=64bits iv=0x3f1c6eed68165e5e ooowin=64 seq=287 alen=128 aklen=128 eklen=192 life(c,s,h)=bytes(41080,0,0)addtime(984,0,0)usetime(985,0,0)packets(287,0,0) idle=0 esp0x2b1152f3@80.34.201.6 ESP_3DES_HMAC_MD5: dir=out src=217.70.2.19 iv_bits=64bits iv=0x770fb470ed3591a5 ooowin=64 seq=337 alen=128 aklen=128 eklen=192 life(c,s,h)=bytes(92032,0,0)addtime(494,0,0)usetime(498,0,0)packets(337,0,0) idle=607 esp0x2b1152f2@80.34.201.6 ESP_3DES_HMAC_MD5: dir=out src=217.70.2.19 iv_bits=64bits iv=0x9740817adeac4dfc ooowin=64 seq=80 alen=128 aklen=128 eklen=192 life(c,s,h)=bytes(23264,0,0)addtime(194,0,0)usetime(216,0,0)packets(80,0,0) idle=157 tun0x1006@80.34.201.6 IPIP: dir=out src=217.70.2.19 life(c,s,h)=bytes(31205,0,0)addtime(984,0,0)usetime(985,0,0)packets(287,0,0) idle=0 + _________________________ proc/net/ipsec_spigrp + cat /proc/net/ipsec_spigrp tun0x1004@80.34.201.6 esp0x2b1152f3@80.34.201.6 tun0x1002@80.34.201.6 esp0x2b1152f2@80.34.201.6 tun0x1005@217.70.2.19 esp0x4b6437a3@217.70.2.19 tun0x1003@217.70.2.19 esp0x4b6437a2@217.70.2.19 tun0x1001@217.70.2.19 esp0x4b6437a1@217.70.2.19 tun0x1006@80.34.201.6 esp0x2b1152f4@80.34.201.6 + _________________________ netstart-rn + netstat -nr Kernel IP routing table Destination Gateway Genmask Flags MSS Window irtt Iface 217.70.2.16 0.0.0.0 255.255.255.240 U 40 0 0 eth0 217.70.2.16 0.0.0.0 255.255.255.240 U 40 0 0 eth0 217.70.2.16 0.0.0.0 255.255.255.240 U 40 0 0 ipsec0 217.70.6.0 0.0.0.0 255.255.255.224 U 40 0 0 eth0 217.70.2.0 0.0.0.0 255.255.255.224 U 40 0 0 eth0 192.168.100.0 0.0.0.0 255.255.255.0 U 40 0 0 eth3 192.168.101.0 217.70.2.17 255.255.255.0 UG 40 0 0 ipsec0 192.168.117.0 192.168.100.3 255.255.255.0 UG 40 0 0 eth3 195.76.222.0 192.168.112.254 255.255.255.0 UG 40 0 0 eth3 192.168.21.0 0.0.0.0 255.255.255.0 U 40 0 0 eth2 192.168.102.0 0.0.0.0 255.255.255.0 U 40 0 0 eth1 192.168.70.0 192.168.100.3 255.255.255.0 UG 40 0 0 eth3 192.168.103.0 0.0.0.0 255.255.255.0 U 40 0 0 eth2 192.168.50.0 217.70.2.17 255.255.255.0 UG 40 0 0 ipsec0 192.168.112.0 0.0.0.0 255.255.255.0 U 40 0 0 eth3 192.168.15.0 0.0.0.0 255.255.255.0 U 40 0 0 eth3 192.168.108.0 0.0.0.0 255.255.255.0 U 40 0 0 eth1 192.168.109.0 0.0.0.0 255.255.255.0 U 40 0 0 eth1 192.168.110.0 0.0.0.0 255.255.255.0 U 40 0 0 eth3 192.168.111.0 0.0.0.0 255.255.255.0 U 40 0 0 eth1 192.168.104.0 0.0.0.0 255.255.255.0 U 40 0 0 eth3 192.168.252.0 192.168.100.3 255.255.255.0 UG 40 0 0 eth3 192.168.106.0 0.0.0.0 255.255.255.0 U 40 0 0 eth2 192.168.107.0 0.0.0.0 255.255.255.0 U 40 0 0 eth3 172.16.0.0 192.168.100.3 255.255.0.0 UG 40 0 0 eth3 127.0.0.0 0.0.0.0 255.0.0.0 U 40 0 0 lo 0.0.0.0 217.70.2.17 0.0.0.0 UG 40 0 0 eth0 + _________________________ proc/net/ipsec_tncfg + cat /proc/net/ipsec_tncfg ipsec0 -> eth0 mtu=16260(1443) -> 1500 ipsec1 -> NULL mtu=0(0) -> 0 ipsec2 -> NULL mtu=0(0) -> 0 ipsec3 -> NULL mtu=0(0) -> 0 + _________________________ proc/net/pf_key + cat /proc/net/pf_key sock pid socket next prev e n p sndbf Flags Type St cf94c000 2567 ce592ca4 0 0 0 0 2 65535 00000000 3 1 + _________________________ proc/net/pf_key-star + cd /proc/net + egrep '^' pf_key_registered pf_key_supported pf_key_registered:satype socket pid sk pf_key_registered: 2 ce592ca4 2567 cf94c000 pf_key_registered: 3 ce592ca4 2567 cf94c000 pf_key_registered: 9 ce592ca4 2567 cf94c000 pf_key_registered: 10 ce592ca4 2567 cf94c000 pf_key_supported:satype exttype alg_id ivlen minbits maxbits pf_key_supported: 2 14 3 0 160 160 pf_key_supported: 2 14 2 0 128 128 pf_key_supported: 3 15 3 128 168 168 pf_key_supported: 3 14 3 0 160 160 pf_key_supported: 3 14 2 0 128 128 pf_key_supported: 9 15 4 0 128 128 pf_key_supported: 9 15 3 0 32 128 pf_key_supported: 9 15 2 0 128 32 pf_key_supported: 9 15 1 0 32 32 pf_key_supported: 10 15 2 0 1 1 + _________________________ proc/sys/net/ipsec-star + cd /proc/sys/net/ipsec + egrep '^' debug_ah debug_eroute debug_esp debug_ipcomp debug_netlink debug_pfkey debug_radij debug_rcv debug_spi debug_tunnel debug_verbose debug_xform icmp inbound_policy_check tos debug_ah:0 debug_eroute:0 debug_esp:0 debug_ipcomp:0 debug_netlink:0 debug_pfkey:0 debug_radij:0 debug_rcv:0 debug_spi:0 debug_tunnel:0 debug_verbose:0 debug_xform:0 icmp:1 inbound_policy_check:1 tos:1 + _________________________ ipsec/status + ipsec auto --status 000 interface ipsec0/eth0 217.70.2.19 000 000 "fwmad-reg": 217.70.2.128/25===217.70.2.19[@cross.cast-info.es]---217.70.2.17...80.34.201.1---80.34.201.6[@fwmad.cast-info.es]===192.168.101.0/24 000 "fwmad-reg": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0 000 "fwmad-reg": policy: RSASIG+ENCRYPT+TUNNEL+PFS; interface: eth0; erouted 000 "fwmad-reg": newest ISAKMP SA: #0; newest IPsec SA: #7; eroute owner: #7 000 "manresa_tuset": 192.168.0.0/16===217.70.2.19[@cross.cast-info.es]---217.70.2.17...217.126.235.193---217.126.235.212[@manresa-vpn.cast-info.es]===192.168.50.0/24 000 "manresa_tuset": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0 000 "manresa_tuset": policy: RSASIG+ENCRYPT+TUNNEL+PFS; interface: eth0; trap erouted 000 "manresa_tuset": newest ISAKMP SA: #0; newest IPsec SA: #0; eroute owner: #0 000 "fwmad": 192.168.0.0/16===217.70.2.19[@cross.cast-info.es]---217.70.2.17...80.34.201.1---80.34.201.6[@fwmad.cast-info.es]===192.168.101.0/24 000 "fwmad": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0 000 "fwmad": policy: RSASIG+ENCRYPT+TUNNEL+PFS; interface: eth0; erouted 000 "fwmad": newest ISAKMP SA: #2; newest IPsec SA: #3; eroute owner: #3 000 "fwmad-backup": 192.168.0.0/16===217.70.2.19[@cross.cast-info.es]---217.70.2.17...217.70.1.249---217.70.1.250[@fwmad.cast-info.es]===192.168.101.0/24 000 "fwmad-backup": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0 000 "fwmad-backup": policy: RSASIG+ENCRYPT+TUNNEL+PFS; interface: eth0; unrouted 000 "fwmad-backup": newest ISAKMP SA: #0; newest IPsec SA: #0; eroute owner: #0 000 "fwmad-reg-backup": 217.70.2.128/25===217.70.2.19[@cross.cast-info.es]---217.70.2.17...217.70.1.249---217.70.1.250[@fwmad.cast-info.es]===192.168.101.0/24 000 "fwmad-reg-backup": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0 000 "fwmad-reg-backup": policy: RSASIG+ENCRYPT+TUNNEL+PFS; interface: eth0; unrouted 000 "fwmad-reg-backup": newest ISAKMP SA: #0; newest IPsec SA: #0; eroute owner: #0 000 000 #7: "fwmad-reg" STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 27274s; newest IPSEC; eroute owner 000 #7: "fwmad-reg" esp.2b1152f4@80.34.201.6 esp.4b6437a3@217.70.2.19 tun.1006@80.34.201.6 tun.1005@217.70.2.19 000 #5: "fwmad-reg" STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 26660s 000 #5: "fwmad-reg" esp.2b1152f3@80.34.201.6 esp.4b6437a2@217.70.2.19 tun.1004@80.34.201.6 tun.1003@217.70.2.19 000 #2: "fwmad" STATE_MAIN_R3 (sent MR3, ISAKMP SA established); EVENT_SA_REPLACE in 1936s; newest ISAKMP 000 #6: "manresa_tuset" STATE_MAIN_I1 (sent MI1, expecting MR1); EVENT_RETRANSMIT in 26s 000 #3: "fwmad" STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 26657s; newest IPSEC; eroute owner 000 #3: "fwmad" esp.2b1152f2@80.34.201.6 esp.4b6437a1@217.70.2.19 tun.1002@80.34.201.6 tun.1001@217.70.2.19 000 #1: "fwmad" STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 1494s + _________________________ ifconfig-a + ifconfig -a eth0 Link encap:Ethernet HWaddr 00:C0:26:6F:90:57 inet addr:217.70.2.19 Bcast:217.70.2.31 Mask:255.255.255.240 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:45460 errors:0 dropped:0 overruns:0 frame:0 TX packets:46902 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:12761016 (12.1 Mb) TX bytes:4693233 (4.4 Mb) Interrupt:11 Base address:0x2000 eth0:1 Link encap:Ethernet HWaddr 00:C0:26:6F:90:57 inet addr:217.70.6.1 Bcast:217.70.6.31 Mask:255.255.255.224 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:11 Base address:0x2000 eth0:2 Link encap:Ethernet HWaddr 00:C0:26:6F:90:57 inet addr:217.70.6.2 Bcast:217.70.6.31 Mask:255.255.255.224 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:11 Base address:0x2000 eth0:3 Link encap:Ethernet HWaddr 00:C0:26:6F:90:57 inet addr:217.70.6.3 Bcast:217.70.6.31 Mask:255.255.255.224 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:11 Base address:0x2000 eth0:4 Link encap:Ethernet HWaddr 00:C0:26:6F:90:57 inet addr:217.70.6.4 Bcast:217.70.6.31 Mask:255.255.255.224 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:11 Base address:0x2000 eth0:5 Link encap:Ethernet HWaddr 00:C0:26:6F:90:57 inet addr:217.70.6.5 Bcast:217.70.6.31 Mask:255.255.255.224 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:11 Base address:0x2000 eth0:6 Link encap:Ethernet HWaddr 00:C0:26:6F:90:57 inet addr:217.70.6.6 Bcast:217.70.6.31 Mask:255.255.255.224 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:11 Base address:0x2000 eth0:7 Link encap:Ethernet HWaddr 00:C0:26:6F:90:57 inet addr:217.70.6.7 Bcast:217.70.6.31 Mask:255.255.255.224 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:11 Base address:0x2000 eth0:8 Link encap:Ethernet HWaddr 00:C0:26:6F:90:57 inet addr:217.70.6.8 Bcast:217.70.6.31 Mask:255.255.255.224 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:11 Base address:0x2000 eth0:9 Link encap:Ethernet HWaddr 00:C0:26:6F:90:57 inet addr:217.70.6.9 Bcast:217.70.6.31 Mask:255.255.255.224 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:11 Base address:0x2000 eth0:10 Link encap:Ethernet HWaddr 00:C0:26:6F:90:57 inet addr:217.70.6.10 Bcast:217.70.6.31 Mask:255.255.255.224 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:11 Base address:0x2000 eth0:11 Link encap:Ethernet HWaddr 00:C0:26:6F:90:57 inet addr:217.70.6.11 Bcast:217.70.6.31 Mask:255.255.255.224 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:11 Base address:0x2000 eth0:12 Link encap:Ethernet HWaddr 00:C0:26:6F:90:57 inet addr:217.70.6.12 Bcast:217.70.6.31 Mask:255.255.255.224 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:11 Base address:0x2000 eth0:13 Link encap:Ethernet HWaddr 00:C0:26:6F:90:57 inet addr:217.70.6.13 Bcast:217.70.6.31 Mask:255.255.255.224 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:11 Base address:0x2000 eth0:14 Link encap:Ethernet HWaddr 00:C0:26:6F:90:57 inet addr:217.70.6.14 Bcast:217.70.6.31 Mask:255.255.255.224 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:11 Base address:0x2000 eth0:15 Link encap:Ethernet HWaddr 00:C0:26:6F:90:57 inet addr:217.70.6.15 Bcast:217.70.6.31 Mask:255.255.255.224 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:11 Base address:0x2000 eth0:16 Link encap:Ethernet HWaddr 00:C0:26:6F:90:57 inet addr:217.70.6.16 Bcast:217.70.6.31 Mask:255.255.255.224 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:11 Base address:0x2000 eth0:17 Link encap:Ethernet HWaddr 00:C0:26:6F:90:57 inet addr:217.70.6.17 Bcast:217.70.6.31 Mask:255.255.255.224 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:11 Base address:0x2000 eth0:18 Link encap:Ethernet HWaddr 00:C0:26:6F:90:57 inet addr:217.70.6.18 Bcast:217.70.6.31 Mask:255.255.255.224 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:11 Base address:0x2000 eth0:19 Link encap:Ethernet HWaddr 00:C0:26:6F:90:57 inet addr:217.70.6.19 Bcast:217.70.6.31 Mask:255.255.255.224 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:11 Base address:0x2000 eth0:20 Link encap:Ethernet HWaddr 00:C0:26:6F:90:57 inet addr:217.70.6.20 Bcast:217.70.6.31 Mask:255.255.255.224 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:11 Base address:0x2000 eth0:21 Link encap:Ethernet HWaddr 00:C0:26:6F:90:57 inet addr:217.70.6.21 Bcast:217.70.6.31 Mask:255.255.255.224 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:11 Base address:0x2000 eth0:22 Link encap:Ethernet HWaddr 00:C0:26:6F:90:57 inet addr:217.70.6.22 Bcast:217.70.6.31 Mask:255.255.255.224 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:11 Base address:0x2000 eth0:23 Link encap:Ethernet HWaddr 00:C0:26:6F:90:57 inet addr:217.70.6.23 Bcast:217.70.6.31 Mask:255.255.255.224 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:11 Base address:0x2000 eth0:24 Link encap:Ethernet HWaddr 00:C0:26:6F:90:57 inet addr:217.70.6.24 Bcast:217.70.6.31 Mask:255.255.255.224 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:11 Base address:0x2000 eth0:25 Link encap:Ethernet HWaddr 00:C0:26:6F:90:57 inet addr:217.70.6.25 Bcast:217.70.6.31 Mask:255.255.255.224 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:11 Base address:0x2000 eth0:26 Link encap:Ethernet HWaddr 00:C0:26:6F:90:57 inet addr:217.70.6.26 Bcast:217.70.6.31 Mask:255.255.255.224 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:11 Base address:0x2000 eth0:27 Link encap:Ethernet HWaddr 00:C0:26:6F:90:57 inet addr:217.70.6.27 Bcast:217.70.6.31 Mask:255.255.255.224 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:11 Base address:0x2000 eth0:28 Link encap:Ethernet HWaddr 00:C0:26:6F:90:57 inet addr:217.70.6.28 Bcast:217.70.6.31 Mask:255.255.255.224 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:11 Base address:0x2000 eth0:29 Link encap:Ethernet HWaddr 00:C0:26:6F:90:57 inet addr:217.70.6.29 Bcast:217.70.6.31 Mask:255.255.255.224 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:11 Base address:0x2000 eth0:30 Link encap:Ethernet HWaddr 00:C0:26:6F:90:57 inet addr:217.70.6.30 Bcast:217.70.6.31 Mask:255.255.255.224 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:11 Base address:0x2000 eth1 Link encap:Ethernet HWaddr 00:C0:26:6F:BE:C4 inet addr:192.168.102.1 Bcast:192.168.102.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:239397 errors:0 dropped:0 overruns:0 frame:0 TX packets:312885 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:49792953 (47.4 Mb) TX bytes:288019900 (274.6 Mb) Interrupt:9 Base address:0x4000 eth1:1 Link encap:Ethernet HWaddr 00:C0:26:6F:BE:C4 inet addr:192.168.108.1 Bcast:192.168.108.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:9 Base address:0x4000 eth1:2 Link encap:Ethernet HWaddr 00:C0:26:6F:BE:C4 inet addr:192.168.109.1 Bcast:192.168.109.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:9 Base address:0x4000 eth1:3 Link encap:Ethernet HWaddr 00:C0:26:6F:BE:C4 inet addr:192.168.111.1 Bcast:192.168.111.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:9 Base address:0x4000 eth2 Link encap:Ethernet HWaddr 00:A0:D2:A5:A5:74 inet addr:192.168.103.1 Bcast:192.168.103.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:13112 errors:0 dropped:0 overruns:0 frame:0 TX packets:9083 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:1866088 (1.7 Mb) TX bytes:2241575 (2.1 Mb) Interrupt:12 Base address:0x9000 eth2:1 Link encap:Ethernet HWaddr 00:A0:D2:A5:A5:74 inet addr:192.168.21.1 Bcast:192.168.21.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:12 Base address:0x9000 eth2:2 Link encap:Ethernet HWaddr 00:A0:D2:A5:A5:74 inet addr:192.168.106.1 Bcast:192.168.106.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:12 Base address:0x9000 eth3 Link encap:Ethernet HWaddr 00:C0:26:6F:81:2C inet addr:192.168.104.1 Bcast:192.168.104.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:301863 errors:0 dropped:0 overruns:0 frame:0 TX packets:227770 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:100 RX bytes:280177702 (267.1 Mb) TX bytes:49244635 (46.9 Mb) Interrupt:10 Base address:0xb000 eth3:1 Link encap:Ethernet HWaddr 00:C0:26:6F:81:2C inet addr:192.168.107.1 Bcast:192.168.107.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:10 Base address:0xb000 eth3:2 Link encap:Ethernet HWaddr 00:C0:26:6F:81:2C inet addr:192.168.100.1 Bcast:192.168.100.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:10 Base address:0xb000 eth3:3 Link encap:Ethernet HWaddr 00:C0:26:6F:81:2C inet addr:192.168.15.1 Bcast:192.168.15.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:10 Base address:0xb000 eth3:4 Link encap:Ethernet HWaddr 00:C0:26:6F:81:2C inet addr:192.168.110.1 Bcast:192.168.110.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:10 Base address:0xb000 eth3:5 Link encap:Ethernet HWaddr 00:C0:26:6F:81:2C inet addr:192.168.112.1 Bcast:192.168.112.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 Interrupt:10 Base address:0xb000 ipsec0 Link encap:Ethernet HWaddr 00:C0:26:6F:90:57 inet addr:217.70.2.19 Mask:255.255.255.240 UP RUNNING NOARP MTU:16260 Metric:1 RX packets:958 errors:0 dropped:107 overruns:0 frame:0 TX packets:704 errors:0 dropped:26 overruns:0 carrier:0 collisions:0 txqueuelen:10 RX bytes:85033 (83.0 Kb) TX bytes:166232 (162.3 Kb) ipsec1 Link encap:IPIP Tunnel HWaddr NOARP MTU:0 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:10 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) ipsec2 Link encap:IPIP Tunnel HWaddr NOARP MTU:0 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:10 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) ipsec3 Link encap:IPIP Tunnel HWaddr NOARP MTU:0 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:10 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:1062 errors:0 dropped:0 overruns:0 frame:0 TX packets:1062 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:118944 (116.1 Kb) TX bytes:118944 (116.1 Kb) + _________________________ ipsec/directory + ipsec --directory /usr/local/lib/ipsec + _________________________ hostname/fqdn + hostname --fqdn cross.cast-info.es + _________________________ hostname/ipaddress + hostname --ip-address 217.70.2.20 + _________________________ uptime + uptime 2:52pm up 26 min, 1 user, load average: 0.00, 0.00, 0.00 + _________________________ ps + ps alxwf + egrep -i 'ppid|pluto|ipsec|klips' F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME COMMAND 000 0 3095 2828 16 0 2220 988 wait4 S pts/0 0:00 \_ /bin/sh /usr/local/sbin/ipsec barf 000 0 3096 3095 18 0 2236 1024 wait4 S pts/0 0:00 \_ /bin/sh /usr/local/lib/ipsec/barf 000 0 3136 3096 19 0 1480 436 pipe_w S pts/0 0:00 \_ grep -E -i ppid|pluto|ipsec|klips 040 0 2558 1 19 0 1976 912 wait4 S ? 0:00 /bin/sh /usr/local/lib/ipsec/_plutorun --debug none --uniqueids 040 0 2563 2558 19 0 1976 912 wait4 S ? 0:00 \_ /bin/sh /usr/local/lib/ipsec/_plutorun --debug none --uniqu 100 0 2567 2563 15 0 1996 924 schedu S ? 0:00 | \_ /usr/local/lib/ipsec/pluto --nofork --debug-none --uniq 000 0 2570 2567 20 0 1408 280 schedu S ? 0:00 | \_ _pluto_adns 7 10 000 0 2564 2558 15 0 1956 896 pipe_w S ? 0:00 \_ /bin/sh /usr/local/lib/ipsec/_plutoload --load %search --st 000 0 2559 1 15 0 1356 464 pipe_w S ? 0:00 logger -p daemon.error -t ipsec__plutorun + _________________________ ipsec/showdefaults + ipsec showdefaults routephys=eth0 routephys=eth0 routevirt=ipsec0 routevirt=ipsec0 routeaddr=217.70.2.19 routeaddr=217.70.2.19 routenexthop=217.70.2.17 routenexthop=217.70.2.17 defaultroutephys=eth0 defaultroutevirt=ipsec0 defaultrouteaddr=217.70.2.19 defaultroutenexthop=217.70.2.17 + _________________________ ipsec/conf + ipsec _include /etc/ipsec.conf + ipsec _keycensor #< /etc/ipsec.conf 1 # /etc/ipsec.conf - FreeS/WAN IPsec configuration file # More elaborate and more varied sample configurations can be found # in FreeS/WAN's doc/examples file, and in the HTML documentation. # basic configuration config setup # THIS SETTING MUST BE CORRECT or almost nothing will work; # %defaultroute is okay for most simple cases. interfaces=%defaultroute # Debug-logging controls: "none" for (almost) none, "all" for lots. klipsdebug=none plutodebug=none # Use auto= parameters in conn descriptions to control startup actions. plutoload=%search plutostart=%search # Close down old connection when new one using same ID shows up. uniqueids=yes # defaults for subsequent connection descriptions # (mostly to fix internal defaults which, in retrospect, were badly chosen) conn %default keyingtries=0 disablearrivalcheck=no authby=rsasig leftrsasigkey=%dns rightrsasigkey=%dns # connection description for (experimental!) opportunistic encryption # (requires KEY record in your DNS reverse map; see doc/opportunism.howto) #conn me-to-anyone # left=%defaultroute # right=%opportunistic # keylife=1h # rekey=no # # uncomment this next line to enable it # auto=add # sample VPN connection #conn sample # # Left security gateway, subnet behind it, next hop toward right. # left=10.0.0.1 # leftsubnet=172.16.0.0/24 # leftnexthop=10.22.33.44 # # Right security gateway, subnet behind it, next hop toward left. # right=10.12.12.1 # rightsubnet=192.168.0.0/24 # rightnexthop=10.101.102.103 # # To authorize this connection, but not actually start it, at startup, # # uncomment this. # #auto=add conn fwmad leftid=@cross.cast-info.es leftsubnet=192.168.0.0/16 leftnexthop=217.70.2.17 left=217.70.2.19 rightid=@fwmad.cast-info.es right=80.34.201.6 rightnexthop=80.34.201.1 rightsubnet=192.168.101.0/24 auto=start # RSA 2192 bits cross Fri May 10 18:57:59 2002 leftrsasigkey=[keyid AQOFCq09G] # RSA 2048 bits fwmad Tue Mar 12 18:02:05 2002 rightrsasigkey=[keyid AQOlAN6nl] conn fwmad-reg leftid=@cross.cast-info.es leftsubnet=217.70.2.128/25 leftnexthop=217.70.2.17 left=217.70.2.19 rightid=@fwmad.cast-info.es right=80.34.201.6 rightnexthop=80.34.201.1 rightsubnet=192.168.101.0/24 auto=start # RSA 2192 bits cross Fri May 10 18:57:59 2002 leftrsasigkey=[keyid AQOFCq09G] # RSA 2048 bits fwmad Tue Mar 12 18:02:05 2002 rightrsasigkey=[keyid AQOlAN6nl] conn fwmad-backup leftid=@cross.cast-info.es leftsubnet=192.168.0.0/16 leftnexthop=217.70.2.17 left=217.70.2.19 rightid=@fwmad.cast-info.es right=217.70.1.250 rightnexthop=217.70.1.249 rightsubnet=192.168.101.0/24 auto=add # RSA 2192 bits cross Fri May 10 18:57:59 2002 leftrsasigkey=[keyid AQOFCq09G] # RSA 2048 bits fwmad Tue Mar 12 18:02:05 2002 rightrsasigkey=[keyid AQOlAN6nl] conn fwmad-reg-backup leftid=@cross.cast-info.es leftsubnet=217.70.2.128/25 leftnexthop=217.70.2.17 left=217.70.2.19 rightid=@fwmad.cast-info.es right=217.70.1.250 rightnexthop=217.70.1.249 rightsubnet=192.168.101.0/24 auto=add # RSA 2192 bits cross Fri May 10 18:57:59 2002 leftrsasigkey=[keyid AQOFCq09G] # RSA 2048 bits fwmad Tue Mar 12 18:02:05 2002 rightrsasigkey=[keyid AQOlAN6nl] conn manresa_tuset leftid=@cross.cast-info.es leftsubnet=192.168.0.0/16 leftnexthop=217.70.2.17 left=217.70.2.19 rightid=@manresa-vpn.cast-info.es right=217.126.235.212 rightsubnet=192.168.50.0/24 rightnexthop=217.126.235.193 leftrsasigkey=[keyid AQOFCq09G] rightrsasigkey=[keyid AQOKHhOX5] auto=start + _________________________ ipsec/secrets + ipsec _include /etc/ipsec.secrets + ipsec _secretcensor #< /etc/ipsec.secrets 1 # This file holds shared secrets or RSA private keys for inter-Pluto # authentication. See ipsec_pluto(8) manpage, and HTML documentation. # RSA private key for this host, authenticating it to any other host # which knows the public part. Suitable public keys, for ipsec.conf, DNS, # or configuration of other implementations, can be extracted conveniently # with "[sums to ef67...]". : RSA { # RSA 2192 bits cross Fri May 10 18:57:59 2002 # for signatures only, UNSAFE FOR ENCRYPTION #pubkey=[keyid AQOFCq09G] #IN KEY 0x4200 4 1 [keyid AQOFCq09G] # (0x4200 = auth-only host-level, 4 = IPSec, 1 = RSA) Modulus: [...] PublicExponent: [...] # everything after this point is secret PrivateExponent: [...] Prime1: [...] Prime2: [...] Exponent1: [...] Exponent2: [...] Coefficient: [...] } # do not change the indenting of that "[sums to 7d9d...]" + _________________________ ipsec/ls-dir + ls -l /usr/local/lib/ipsec total 2480 -rwxr-xr-x 1 root root 11085 May 10 2002 _confread -rwxr-xr-x 1 root root 46381 May 10 2002 _copyright -rwxr-xr-x 1 root root 2163 May 10 2002 _include -rwxr-xr-x 1 root root 1472 May 10 2002 _keycensor -rwxr-xr-x 1 root root 69785 May 10 2002 _pluto_adns -rwxr-xr-x 1 root root 3495 May 10 2002 _plutoload -rwxr-xr-x 1 root root 4265 May 10 2002 _plutorun -rwxr-xr-x 1 root root 7294 May 10 2002 _realsetup -rwxr-xr-x 1 root root 1971 May 10 2002 _secretcensor -rwxr-xr-x 1 root root 6839 May 10 2002 _startklips -rwxr-xr-x 1 root root 5014 May 10 2002 _updown -rwxr-xr-x 1 root root 10912 May 10 2002 auto -rwxr-xr-x 1 root root 7132 May 10 2002 barf -rwxr-xr-x 1 root root 225293 May 10 2002 eroute -rwxr-xr-x 1 root root 97920 May 10 2002 ikeping -rwxr-xr-x 1 root root 2915 May 10 2002 ipsec -rw-r--r-- 1 root root 1950 May 10 2002 ipsec_pr.template -rwxr-xr-x 1 root root 161918 May 10 2002 klipsdebug -rwxr-xr-x 1 root root 2437 May 10 2002 look -rwxr-xr-x 1 root root 16157 May 10 2002 manual -rwxr-xr-x 1 root root 1847 May 10 2002 newhostkey -rwxr-xr-x 1 root root 139769 May 10 2002 pf_key -rwxr-xr-x 1 root root 787836 May 10 2002 pluto -rwxr-xr-x 1 root root 52702 May 10 2002 ranbits -rwxr-xr-x 1 root root 77786 May 10 2002 rsasigkey -rwxr-xr-x 1 root root 16671 May 10 2002 send-pr lrwxrwxrwx 1 root root 22 May 10 2002 setup -> /etc/rc.d/init.d/ipsec -rwxr-xr-x 1 root root 1041 May 10 2002 showdefaults -rwxr-xr-x 1 root root 3484 May 10 2002 showhostkey -rwxr-xr-x 1 root root 246302 May 10 2002 spi -rwxr-xr-x 1 root root 202034 May 10 2002 spigrp -rwxr-xr-x 1 root root 71159 May 10 2002 tncfg -rwxr-xr-x 1 root root 135333 May 10 2002 whack + _________________________ ipsec/updowns ++ ls /usr/local/lib/ipsec ++ egrep updown + cat /usr/local/lib/ipsec/_updown #! /bin/sh # default updown script # Copyright (C) 2000, 2001 D. Hugh Redelmeier, Henry Spencer # # This program is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by the # Free Software Foundation; either version 2 of the License, or (at your # option) any later version. See . # # This program is distributed in the hope that it will be useful, but # WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License # for more details. # # RCSID $Id: _updown,v 1.19 2002/03/25 18:04:42 henry Exp $ # CAUTION: Installing a new version of FreeS/WAN will install a new # copy of this script, wiping out any custom changes you make. If # you need changes, make a copy of this under another name, and customize # that, and use the (left/right)updown parameters in ipsec.conf to make # FreeS/WAN use yours instead of this default one. # check interface version case "$PLUTO_VERSION" in 1.[0]) # Older Pluto?!? Play it safe, script may be using new features. echo "$0: obsolete interface version \`$PLUTO_VERSION'," >&2 echo "$0: called by obsolete Pluto?" >&2 exit 2 ;; 1.*) ;; *) echo "$0: unknown interface version \`$PLUTO_VERSION'" >&2 exit 2 ;; esac # check parameter(s) case "$1:$*" in ':') # no parameters ;; ipfwadm:ipfwadm) # due to (left/right)firewall; for default script only ;; custom:*) # custom parameters (see above CAUTION comment) ;; *) echo "$0: unknown parameters \`$*'" >&2 exit 2 ;; esac # utility functions for route manipulation # Meddling with this stuff should not be necessary and requires great care. uproute() { doroute add } downroute() { doroute del } doroute() { parms="-net $PLUTO_PEER_CLIENT_NET netmask $PLUTO_PEER_CLIENT_MASK" parms2="dev $PLUTO_INTERFACE gw $PLUTO_NEXT_HOP" case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in "0.0.0.0/0.0.0.0") # horrible kludge for obscure routing bug with opportunistic it="route $1 -net 0.0.0.0 netmask 128.0.0.0 $parms2 && route $1 -net 128.0.0.0 netmask 128.0.0.0 $parms2" ;; *) it="route $1 $parms $parms2" ;; esac eval $it st=$? if test $st -ne 0 then # route has already given its own cryptic message echo "$0: \`$it' failed" >&2 if test " $1 $st" = " add 7" then # another totally undocumented interface -- 7 and # "SIOCADDRT: Network is unreachable" means that # the gateway isn't reachable. echo "$0: (incorrect or missing nexthop setting??)" >&2 fi fi return $st } # the big choice case "$PLUTO_VERB:$1" in prepare-host:*|prepare-client:*) # delete possibly-existing route (preliminary to adding a route) case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in "0.0.0.0/0.0.0.0") # horrible kludge for obscure routing bug with opportunistic it="route del -net 0.0.0.0 netmask 128.0.0.0 2>&1 ; route del -net 128.0.0.0 netmask 128.0.0.0 2>&1" ;; *) it="route del -net $PLUTO_PEER_CLIENT_NET \ netmask $PLUTO_PEER_CLIENT_MASK 2>&1" ;; esac oops="`eval $it`" status="$?" if test " $oops" = " " -a " $status" != " 0" then oops="silent error, exit status $status" fi case "$oops" in 'SIOCDELRT: No such process'*) # This is what route (currently -- not documented!) gives # for "could not find such a route". oops= status=0 ;; esac if test " $oops" != " " -o " $status" != " 0" then echo "$0: \`$it' failed ($oops)" >&2 fi exit $status ;; route-host:*|route-client:*) # connection to me or my client subnet being routed uproute ;; unroute-host:*|unroute-client:*) # connection to me or my client subnet being unrouted downroute ;; up-host:*) # connection to me coming up # If you are doing a custom version, firewall commands go here. ;; down-host:*) # connection to me going down # If you are doing a custom version, firewall commands go here. ;; up-client:) # connection to my client subnet coming up # If you are doing a custom version, firewall commands go here. ;; down-client:) # connection to my client subnet going down # If you are doing a custom version, firewall commands go here. ;; up-client:ipfwadm) # connection to client subnet, with (left/right)firewall=yes, coming up # This is used only by the default updown script, not by your custom # ones, so do not mess with it; see CAUTION comment up at top. ipfwadm -F -i accept -b -S $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \ -D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK ;; down-client:ipfwadm) # connection to client subnet, with (left/right)firewall=yes, going down # This is used only by the default updown script, not by your custom # ones, so do not mess with it; see CAUTION comment up at top. ipfwadm -F -d accept -b -S $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \ -D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK ;; *) echo "$0: unknown verb \`$PLUTO_VERB' or parameter \`$1'" >&2 exit 1 ;; esac + _________________________ proc/net/dev + cat /proc/net/dev Inter-| Receive | Transmit face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed lo: 118944 1062 0 0 0 0 0 0 118944 1062 0 0 0 0 0 0 eth0:12762887 45466 0 0 0 0 0 0 4694190 46910 0 0 0 0 0 0 eth1:49797848 239466 0 0 0 0 0 0 288224858 313024 0 0 0 0 0 0 eth2: 1872829 13122 0 0 0 0 0 0 2248192 9092 0 0 0 0 0 0 eth3:280387894 302008 0 0 0 0 0 0 49255520 227844 0 0 0 0 0 0 ipsec0: 85033 958 0 107 0 0 0 0 166232 704 0 26 0 0 0 0 ipsec1: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ipsec2: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ipsec3: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 + _________________________ proc/net/route + cat /proc/net/route Iface Destination Gateway Flags RefCnt Use Metric Mask MTU Window IRTT eth0 100246D9 00000000 0001 0 0 0 F0FFFFFF 40 0 0 eth0 100246D9 00000000 0001 0 0 0 F0FFFFFF 40 0 0 ipsec0 100246D9 00000000 0001 0 0 0 F0FFFFFF 40 0 0 eth0 000646D9 00000000 0001 0 0 0 E0FFFFFF 40 0 0 eth0 000246D9 00000000 0001 0 0 0 E0FFFFFF 40 0 0 eth3 0064A8C0 00000000 0001 0 0 0 00FFFFFF 40 0 0 ipsec0 0065A8C0 110246D9 0003 0 0 0 00FFFFFF 40 0 0 eth3 0075A8C0 0364A8C0 0003 0 0 0 00FFFFFF 40 0 0 eth3 00DE4CC3 FE70A8C0 0003 0 0 0 00FFFFFF 40 0 0 eth2 0015A8C0 00000000 0001 0 0 0 00FFFFFF 40 0 0 eth1 0066A8C0 00000000 0001 0 0 0 00FFFFFF 40 0 0 eth3 0046A8C0 0364A8C0 0003 0 0 0 00FFFFFF 40 0 0 eth2 0067A8C0 00000000 0001 0 0 0 00FFFFFF 40 0 0 ipsec0 0032A8C0 110246D9 0003 0 0 0 00FFFFFF 40 0 0 eth3 0070A8C0 00000000 0001 0 0 0 00FFFFFF 40 0 0 eth3 000FA8C0 00000000 0001 0 0 0 00FFFFFF 40 0 0 eth1 006CA8C0 00000000 0001 0 0 0 00FFFFFF 40 0 0 eth1 006DA8C0 00000000 0001 0 0 0 00FFFFFF 40 0 0 eth3 006EA8C0 00000000 0001 0 0 0 00FFFFFF 40 0 0 eth1 006FA8C0 00000000 0001 0 0 0 00FFFFFF 40 0 0 eth3 0068A8C0 00000000 0001 0 0 0 00FFFFFF 40 0 0 eth3 00FCA8C0 0364A8C0 0003 0 0 0 00FFFFFF 40 0 0 eth2 006AA8C0 00000000 0001 0 0 0 00FFFFFF 40 0 0 eth3 006BA8C0 00000000 0001 0 0 0 00FFFFFF 40 0 0 eth3 000010AC 0364A8C0 0003 0 0 0 0000FFFF 40 0 0 lo 0000007F 00000000 0001 0 0 0 000000FF 40 0 0 eth0 00000000 110246D9 0003 0 0 0 00000000 40 0 0 + _________________________ proc/sys/net/ipv4/ip_forward + cat /proc/sys/net/ipv4/ip_forward 1 + _________________________ proc/sys/net/ipv4/conf/star-rp_filter + cd /proc/sys/net/ipv4/conf + egrep '^' all/rp_filter default/rp_filter eth0/rp_filter eth1/rp_filter eth2/rp_filter eth3/rp_filter ipsec0/rp_filter lo/rp_filter all/rp_filter:0 default/rp_filter:1 eth0/rp_filter:1 eth1/rp_filter:1 eth2/rp_filter:1 eth3/rp_filter:1 ipsec0/rp_filter:1 lo/rp_filter:1 + _________________________ uname-a + uname -a Linux cross 2.4.18-3custom #3 vie may 10 19:01:27 CEST 2002 i686 unknown + _________________________ redhat-release + test -r /etc/redhat-release + cat /etc/redhat-release Red Hat Linux release 7.3 (Valhalla) + _________________________ proc/net/ipsec_version + cat /proc/net/ipsec_version FreeS/WAN version: 1.97 + _________________________ iptables/list + iptables -L -v -n Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 1727 188K ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 6874 652K ACCEPT all -- * * 192.168.21.0/24 0.0.0.0/0 47 12504 ACCEPT all -- * * 192.168.108.0/24 0.0.0.0/0 0 0 ACCEPT all -- * * 217.70.2.17 0.0.0.0/0 0 0 ACCEPT all -- * * 217.70.1.121 0.0.0.0/0 55 7340 ACCEPT all -- * * 80.34.201.6 0.0.0.0/0 0 0 ACCEPT all -- * * 217.126.235.212 0.0.0.0/0 4 144 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 limit: avg 1/sec burst 5 0 0 ACCEPT icmp -- * * 192.168.0.0/16 0.0.0.0/0 limit: avg 1/sec burst 5 0 0 DROP tcp -- * * 0.0.0.0/0 217.70.2.19 tcp dpt:22 762 133K DROP all -- * * 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy ACCEPT 33857 packets, 2385K bytes) pkts bytes target prot opt in out source destination 1211 59952 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x16/0x02 limit: avg 1/sec burst 5 245 9824 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x17/0x04 limit: avg 1/sec burst 5 535 47902 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8 limit: avg 1/sec burst 5 554K 332M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED 0 0 ACCEPT all -- * * 192.168.108.0/24 172.16.0.0/16 0 0 ACCEPT all -- * * 217.70.1.252 172.16.0.0/16 0 0 DROP tcp -- * * 192.168.0.0/16 172.16.0.0/16 0 0 ACCEPT all -- * * 217.70.1.121 192.168.0.0/16 0 0 DROP all -- * * 217.70.1.0/24 192.168.0.0/16 0 0 LOG tcp -- * * !192.168.108.0/24 0.0.0.0/0 tcp dpts:6600:6699 LOG flags 0 level 4 prefix `NAPSTER:' 0 0 DROP tcp -- * * !192.168.108.0/24 0.0.0.0/0 tcp dpts:6600:6699 0 0 ACCEPT all -- * * 192.168.21.158 217.70.2.148 0 0 ACCEPT all -- * * 217.70.2.148 192.168.21.158 Chain OUTPUT (policy ACCEPT 7792 packets, 886K bytes) pkts bytes target prot opt in out source destination + _________________________ ipchains/list + ipchains -L -v -n ipchains: Incompatible with this kernel + _________________________ ipfwadm/forward + ipfwadm -F -l -n -e Generic IP Firewall Chains not in this kernel + _________________________ ipfwadm/input + ipfwadm -I -l -n -e Generic IP Firewall Chains not in this kernel + _________________________ ipfwadm/output + ipfwadm -O -l -n -e Generic IP Firewall Chains not in this kernel + _________________________ iptables/nat + iptables -t nat -L -v -n Chain PREROUTING (policy ACCEPT 9755 packets, 1046K bytes) pkts bytes target prot opt in out source destination 0 0 DNAT tcp -- * * 0.0.0.0/0 217.70.6.19 to:192.168.21.158 0 0 DNAT tcp -- * * 0.0.0.0/0 217.70.6.15 multiport dports 80,8080 to:192.168.21.20 Chain POSTROUTING (policy ACCEPT 1252 packets, 95673 bytes) pkts bytes target prot opt in out source destination 0 0 MASQUERADE all -- * * 192.168.15.93 192.168.70.0/24 1973 325K ACCEPT all -- * * 192.168.0.0/16 192.168.0.0/16 0 0 MASQUERADE all -- * * 217.70.2.142 192.168.70.0/24 0 0 MASQUERADE all -- * * 192.168.108.0/24 192.168.117.0/24 0 0 MASQUERADE all -- * * 217.70.0.5 192.168.117.0/24 4 224 SNAT tcp -- * * 192.168.108.0/24 !192.168.0.0/16 multiport dports 20,21,22,23,25,110,1723,6667 to:217.70.6.1 20 960 SNAT tcp -- * * 192.168.107.0/24 !192.168.0.0/16 multiport dports 20,21,25,53,110,443,554,1024,1080 to:217.70.6.7 0 0 SNAT tcp -- * * 192.168.107.0/24 !192.168.0.0/16 multiport dports 1090,1755,5000,5498,5500,5501,7000,7001,7070 to:217.70.6.7 0 0 SNAT all -- * * 192.168.21.0/24 217.70.0.22 to:217.70.6.1 0 0 SNAT tcp -- * * 192.168.21.114 61.22.121.22 multiport dports 80,443 to:217.70.6.1 0 0 SNAT tcp -- * * 192.168.21.159 61.22.121.22 multiport dports 80,443 to:217.70.6.1 0 0 SNAT tcp -- * * 192.168.21.114 80.32.96.225 tcp dpt:4994 to:217.70.6.1 0 0 SNAT tcp -- * * 192.168.21.159 80.32.96.225 tcp dpt:4994 to:217.70.6.1 0 0 SNAT tcp -- * * 192.168.21.20 143.216.21.3 tcp dpt:210 to:217.70.6.1 0 0 SNAT tcp -- * * 192.168.21.20 163.1.13.199 tcp dpt:210 to:217.70.6.1 0 0 SNAT tcp -- * * 192.168.21.20 157.88.95.190 tcp dpt:210 to:217.70.6.1 0 0 SNAT tcp -- * * 192.168.21.102 143.216.21.3 tcp dpt:210 to:217.70.6.1 0 0 SNAT tcp -- * * 192.168.21.102 163.1.13.199 tcp dpt:210 to:217.70.6.1 0 0 SNAT tcp -- * * 192.168.21.102 157.88.95.190 tcp dpt:210 to:217.70.6.1 0 0 SNAT tcp -- * * 192.168.21.134 143.216.21.3 tcp dpt:210 to:217.70.6.1 0 0 SNAT tcp -- * * 192.168.21.134 163.1.13.199 tcp dpt:210 to:217.70.6.1 0 0 SNAT tcp -- * * 192.168.21.134 157.88.95.190 tcp dpt:210 to:217.70.6.1 0 0 SNAT tcp -- * * 192.168.21.20 194.224.209.226 tcp dpt:2210 to:217.70.6.1 0 0 SNAT tcp -- * * 192.168.21.134 194.224.209.226 tcp dpt:2210 to:217.70.6.1 0 0 SNAT tcp -- * * 192.168.21.20 62.81.252.178 tcp dpt:210 to:217.70.6.1 0 0 SNAT tcp -- * * 192.168.21.102 62.81.252.178 tcp dpt:210 to:217.70.6.1 0 0 SNAT tcp -- * * 192.168.21.134 62.81.252.178 tcp dpt:210 to:217.70.6.1 0 0 SNAT tcp -- * * 192.168.21.20 194.179.95.247 tcp dpt:23 to:217.70.6.3 0 0 SNAT tcp -- * * 192.168.21.20 194.179.95.229 tcp dpt:23 to:217.70.6.3 0 0 SNAT tcp -- * * 192.168.21.20 194.179.95.253 tcp dpt:23 to:217.70.6.3 0 0 SNAT tcp -- * * 192.168.21.20 192.64.44.1 tcp dpt:23 to:217.70.6.3 0 0 SNAT tcp -- * * 192.168.21.100 195.76.222.0/24 to:192.168.112.1 0 0 SNAT tcp -- * * 192.168.110.2 195.76.222.0/24 to:192.168.112.1 0 0 SNAT tcp -- * * 192.168.21.201 195.76.222.0/24 to:192.168.112.1 0 0 SNAT all -- * * 192.168.21.100 !192.168.0.0/16 to:217.70.6.1 0 0 SNAT all -- * * 192.168.21.200 !192.168.0.0/16 to:217.70.6.1 20 1155 SNAT all -- * * 192.168.21.201 !192.168.0.0/16 to:217.70.6.1 19 988 SNAT all -- * * 192.168.21.130 !192.168.0.0/16 to:217.70.6.1 12 576 SNAT all -- * * 192.168.21.90 !192.168.0.0/16 to:217.70.6.1 0 0 SNAT tcp -- * * 192.168.21.91 !192.168.0.0/16 multiport dports 20,21 to:217.70.6.7 0 0 SNAT tcp -- * * 192.168.21.47 !192.168.0.0/16 to:217.70.6.1 40 1926 SNAT tcp -- * * 192.168.21.49 !192.168.0.0/16 to:217.70.6.1 0 0 SNAT tcp -- * * 192.168.21.54 !192.168.0.0/16 to:217.70.6.1 0 0 SNAT tcp -- * * 192.168.21.60 !192.168.0.0/16 to:217.70.6.1 7 336 SNAT tcp -- * * 192.168.21.66 !192.168.0.0/16 to:217.70.6.1 0 0 SNAT tcp -- * * 192.168.21.129 !192.168.0.0/16 to:217.70.6.1 0 0 SNAT tcp -- * * 192.168.21.130 !192.168.0.0/16 to:217.70.6.1 7 310 SNAT tcp -- * * 192.168.21.141 !192.168.0.0/16 to:217.70.6.1 0 0 SNAT tcp -- * * 192.168.109.245 !192.168.0.0/16 to:217.70.6.1 0 0 SNAT tcp -- * * 192.168.103.8 0.0.0.0/0 tcp dpt:7020 to:217.70.6.1 0 0 SNAT tcp -- * * 192.168.103.7 0.0.0.0/0 tcp dpt:7020 to:217.70.6.1 0 0 SNAT tcp -- * * 192.168.103.6 0.0.0.0/0 tcp dpt:7020 to:217.70.6.1 0 0 SNAT tcp -- * * 192.168.103.5 0.0.0.0/0 tcp dpt:7020 to:217.70.6.1 0 0 SNAT all -- * * 192.168.103.5 195.77.220.209 to:217.70.6.1 0 0 SNAT tcp -- * * 192.168.103.4 217.70.2.142 tcp dpt:1433 to:217.70.6.1 0 0 SNAT tcp -- * * 192.168.103.4 0.0.0.0/0 tcp dpt:1201 to:217.70.6.12 1 124 SNAT all -- * * 192.168.103.3 !192.168.0.0/16 to:217.70.6.1 0 0 SNAT all -- * * 192.168.103.2 !192.168.0.0/16 to:217.70.6.1 8 399 SNAT all -- * * 192.168.109.33 !192.168.0.0/16 to:217.70.6.1 0 0 SNAT tcp -- * * 192.168.103.12 217.70.2.71 tcp dpt:5900 to:217.70.6.1 14 1107 SNAT all -- * * 192.168.15.93 0.0.0.0/0 to:217.70.6.1 0 0 SNAT all -- * * 192.168.110.16 0.0.0.0/0 to:217.70.6.1 721 59400 SNAT all -- * * 217.70.0.20 192.168.70.0/24 to:192.168.100.1 0 0 SNAT all -- * * 217.70.0.5 192.168.70.0/24 to:192.168.100.1 0 0 ACCEPT all -- * * 192.168.21.158 217.70.2.148 0 0 SNAT all -- * * 192.168.21.158 !192.168.0.0/16 to:217.70.6.19 17 1201 SNAT all -- * * 192.168.21.20 !192.168.0.0/16 to:217.70.6.15 Chain OUTPUT (policy ACCEPT 40 packets, 8149 bytes) pkts bytes target prot opt in out source destination + _________________________ ipchains/masq + ipchains -M -L -v -n ipchains: cannot open file `/proc/net/ip_masquerade' + _________________________ ipfwadm/masq + ipfwadm -M -l -n -e Generic IP Firewall Chains not in this kernel + _________________________ iptables/mangle + iptables -t mangle -L -v -n Chain PREROUTING (policy ACCEPT 599K packets, 336M bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 9469 packets, 992K bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 589K packets, 335M bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 7886 packets, 902K bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 597K packets, 336M bytes) pkts bytes target prot opt in out source destination + _________________________ proc/modules + cat /proc/modules ipsec 248384 2 autofs 11012 0 (autoclean) (unused) 8139too 15712 4 mii 1964 0 [8139too] ipt_multiport 1152 7 (autoclean) ipt_LOG 4224 1 (autoclean) ipt_limit 1568 5 (autoclean) ipt_state 1024 2 usb-uhci 24004 0 (unused) usbcore 70272 1 [usb-uhci] + _________________________ proc/meminfo + cat /proc/meminfo total: used: free: shared: buffers: cached: Mem: 262705152 35147776 227557376 0 6795264 18780160 Swap: 715587584 0 715587584 MemTotal: 256548 kB MemFree: 222224 kB MemShared: 0 kB Buffers: 6636 kB Cached: 18340 kB SwapCached: 0 kB Active: 27612 kB Inact_dirty: 220 kB Inact_clean: 152 kB Inact_target: 5596 kB HighTotal: 0 kB HighFree: 0 kB LowTotal: 256548 kB LowFree: 222224 kB SwapTotal: 698816 kB SwapFree: 698816 kB Committed_AS: 4088 kB + _________________________ dev/ipsec-ls + ls -l '/dev/ipsec*' ls: /dev/ipsec*: No such file or directory + _________________________ proc/net/ipsec-ls + ls -l /proc/net/ipsec_eroute /proc/net/ipsec_klipsdebug /proc/net/ipsec_spi /proc/net/ipsec_spigrp /proc/net/ipsec_tncfg /proc/net/ipsec_version -r--r--r-- 1 root root 0 Dec 18 14:52 /proc/net/ipsec_eroute -r--r--r-- 1 root root 0 Dec 18 14:52 /proc/net/ipsec_klipsdebug -r--r--r-- 1 root root 0 Dec 18 14:52 /proc/net/ipsec_spi -r--r--r-- 1 root root 0 Dec 18 14:52 /proc/net/ipsec_spigrp -r--r--r-- 1 root root 0 Dec 18 14:52 /proc/net/ipsec_tncfg -r--r--r-- 1 root root 0 Dec 18 14:52 /proc/net/ipsec_version + _________________________ usr/src/linux/.config + test -f /usr/src/linux/.config + egrep 'IP|NETLINK' /usr/src/linux/.config # CONFIG_MWINCHIPC6 is not set # CONFIG_MWINCHIP2 is not set # CONFIG_MWINCHIP3D is not set CONFIG_SYSVIPC=y CONFIG_MD_MULTIPATH=m CONFIG_NETLINK_DEV=y CONFIG_IP_MULTICAST=y CONFIG_IP_ADVANCED_ROUTER=y CONFIG_IP_MULTIPLE_TABLES=y CONFIG_IP_ROUTE_FWMARK=y CONFIG_IP_ROUTE_NAT=y CONFIG_IP_ROUTE_MULTIPATH=y CONFIG_IP_ROUTE_TOS=y CONFIG_IP_ROUTE_VERBOSE=y # CONFIG_IP_ROUTE_LARGE_TABLES is not set # CONFIG_IP_PNP is not set CONFIG_NET_IPIP=m CONFIG_NET_IPGRE=m CONFIG_NET_IPGRE_BROADCAST=y CONFIG_IP_MROUTE=y # CONFIG_IP_PIMSM_V1 is not set # CONFIG_IP_PIMSM_V2 is not set # IP: Netfilter Configuration CONFIG_IP_NF_CONNTRACK=y CONFIG_IP_NF_FTP=y CONFIG_IP_NF_IRC=m CONFIG_IP_NF_QUEUE=m CONFIG_IP_NF_IPTABLES=y CONFIG_IP_NF_MATCH_LIMIT=m CONFIG_IP_NF_MATCH_MAC=m CONFIG_IP_NF_MATCH_MARK=m CONFIG_IP_NF_MATCH_MULTIPORT=m CONFIG_IP_NF_MATCH_TOS=m CONFIG_IP_NF_MATCH_AH_ESP=m CONFIG_IP_NF_MATCH_LENGTH=m CONFIG_IP_NF_MATCH_TTL=m CONFIG_IP_NF_MATCH_TCPMSS=m CONFIG_IP_NF_MATCH_STATE=m # CONFIG_IP_NF_MATCH_UNCLEAN is not set CONFIG_IP_NF_MATCH_OWNER=m CONFIG_IP_NF_FILTER=y CONFIG_IP_NF_TARGET_REJECT=y CONFIG_IP_NF_TARGET_MIRROR=m CONFIG_IP_NF_NAT=y CONFIG_IP_NF_NAT_NEEDED=y CONFIG_IP_NF_TARGET_MASQUERADE=y CONFIG_IP_NF_TARGET_REDIRECT=y CONFIG_IP_NF_NAT_SNMP_BASIC=m CONFIG_IP_NF_NAT_IRC=m CONFIG_IP_NF_NAT_FTP=y CONFIG_IP_NF_MANGLE=y CONFIG_IP_NF_TARGET_TOS=m CONFIG_IP_NF_TARGET_MARK=m CONFIG_IP_NF_TARGET_LOG=m # CONFIG_IP_NF_TARGET_ULOG is not set CONFIG_IP_NF_TARGET_TCPMSS=m # IP: Virtual Server Configuration CONFIG_IP_VS=m # CONFIG_IP_VS_DEBUG is not set CONFIG_IP_VS_TAB_BITS=16 CONFIG_IP_VS_RR=m CONFIG_IP_VS_WRR=m CONFIG_IP_VS_LC=m CONFIG_IP_VS_WLC=m CONFIG_IP_VS_LBLC=m CONFIG_IP_VS_LBLCR=m CONFIG_IP_VS_DH=m CONFIG_IP_VS_SH=m CONFIG_IP_VS_FTP=m CONFIG_IPV6=m # IPv6: Netfilter Configuration # CONFIG_IP6_NF_QUEUE is not set # CONFIG_IP6_NF_IPTABLES is not set # CONFIG_IPX is not set CONFIG_IPSEC=m CONFIG_IPSEC_IPIP=y CONFIG_IPSEC_AH=y CONFIG_IPSEC_AUTH_HMAC_MD5=y CONFIG_IPSEC_AUTH_HMAC_SHA1=y CONFIG_IPSEC_ESP=y CONFIG_IPSEC_ENC_3DES=y CONFIG_IPSEC_IPCOMP=y CONFIG_IPSEC_DEBUG=y # CONFIG_IDEDMA_PCI_WIP is not set # CONFIG_IDE_CHIPSETS is not set # CONFIG_SCSI_IPS is not set # CONFIG_TULIP is not set # CONFIG_HIPPI is not set # CONFIG_PLIP is not set # CONFIG_SLIP is not set # CONFIG_SERIAL_MULTIPORT is not set # CONFIG_INPUT_GRIP is not set # CONFIG_USB_SERIAL_IPAQ is not set CONFIG_CIPE=m + _________________________ etc/syslog.conf + cat /etc/syslog.conf # Log all kernel messages to the console. # Logging much else clutters up the screen. #kern.* /dev/console # Log anything (except mail) of level info or higher. # Don't log private authentication messages! *.info;mail.none;authpriv.none;cron.none /var/log/messages # The authpriv file has restricted access. authpriv.* /var/log/secure # Log all the mail messages in one place. mail.* /var/log/maillog # Log cron stuff cron.* /var/log/cron # Everybody gets emergency messages *.emerg * # Save news errors of level crit and higher in a special file. uucp,news.crit /var/log/spooler # Save boot messages also to boot.log local7.* /var/log/boot.log # Mensajes de IPTables kern.warning /var/log/firewall + _________________________ lib/modules-ls + ls -ltr /lib/modules total 8 drwxr-xr-x 4 root root 4096 May 10 2002 2.4.18-3 drwxr-xr-x 4 root root 4096 May 10 2002 2.4.18-3custom + _________________________ proc/ksyms-netif_rx + egrep netif_rx /proc/ksyms c01cc720 netif_rx_R58a8d267 + _________________________ lib/modules-netif_rx + modulegoo kernel/net/ipv4/ipip.o netif_rx + set +x 2.4.18-3: U netif_rx_R35fec680 2.4.18-3custom: U netif_rx_R58a8d267 + _________________________ kern.debug + test -f /var/log/kern.debug + _________________________ klog + sed -n '630,$p' /var/log/messages + egrep -i 'ipsec|klips|pluto' + cat dic 18 14:29:08 cross ipsec_setup: Starting FreeS/WAN IPsec 1.97... Dec 18 14:29:08 cross kernel: klips_info:ipsec_init: KLIPS startup, FreeS/WAN IPSec version: 1.97 Dec 18 14:29:08 cross ipsec_setup: KLIPS debug `none' Dec 18 14:29:08 cross ipsec_setup: KLIPS ipsec0 on eth0 217.70.2.19/255.255.255.240 broadcast 217.70.2.31 dic 18 14:29:08 cross ipsec_setup: WARNING: eth0 has route filtering turned on, KLIPS may not work dic 18 14:29:08 cross ipsec_setup: (/proc/sys/net/ipv4/conf/eth0/rp_filter = `1', should be 0) Dec 18 14:29:08 cross ipsec_setup: ...FreeS/WAN IPsec started Dec 18 14:29:11 cross ipsec__plutorun: 104 "fwmad" #1: STATE_MAIN_I1: initiate Dec 18 14:29:11 cross ipsec__plutorun: 106 "fwmad" #1: STATE_MAIN_I2: sent MI2, expecting MR2 Dec 18 14:29:11 cross ipsec__plutorun: 108 "fwmad" #1: STATE_MAIN_I3: sent MI3, expecting MR3 Dec 18 14:29:11 cross ipsec__plutorun: 004 "fwmad" #1: STATE_MAIN_I4: ISAKMP SA established Dec 18 14:29:11 cross ipsec__plutorun: 112 "fwmad" #3: STATE_QUICK_I1: initiate Dec 18 14:29:11 cross ipsec__plutorun: 004 "fwmad" #3: STATE_QUICK_I2: sent QI2, IPsec SA established Dec 18 14:42:21 cross ipsec__plutorun: 104 "manresa_tuset" #4: STATE_MAIN_I1: initiate Dec 18 14:42:21 cross ipsec__plutorun: 010 "manresa_tuset" #4: STATE_MAIN_I1: retransmission; will wait 20s for response Dec 18 14:42:21 cross ipsec__plutorun: 010 "manresa_tuset" #4: STATE_MAIN_I1: retransmission; will wait 40s for response Dec 18 14:42:21 cross ipsec__plutorun: 031 "manresa_tuset" #4: max number of retransmissions (20) reached STATE_MAIN_I1. No acceptable response to our first IKE message Dec 18 14:42:21 cross ipsec__plutorun: 000 "manresa_tuset" #4: starting keying attempt 2 of an unlimited number, but releasing whack Dec 18 14:42:21 cross ipsec__plutorun: ...could not start conn "manresa_tuset" Dec 18 14:42:21 cross ipsec__plutorun: 112 "fwmad-reg" #7: STATE_QUICK_I1: initiate Dec 18 14:42:21 cross ipsec__plutorun: 004 "fwmad-reg" #7: STATE_QUICK_I2: sent QI2, IPsec SA established + _________________________ plog + sed -n '5912,$p' /var/log/secure + egrep -i pluto + cat Dec 18 14:29:08 cross ipsec__plutorun: Starting Pluto subsystem... Dec 18 14:29:08 cross Pluto[2567]: Starting Pluto (FreeS/WAN Version 1.97) Dec 18 14:29:08 cross Pluto[2567]: added connection description "fwmad-reg-backup" Dec 18 14:29:09 cross Pluto[2567]: added connection description "fwmad" Dec 18 14:29:09 cross Pluto[2567]: added connection description "manresa_tuset" Dec 18 14:29:09 cross Pluto[2567]: added connection description "fwmad-reg" Dec 18 14:29:09 cross Pluto[2567]: added connection description "fwmad-backup" Dec 18 14:29:09 cross Pluto[2567]: listening for IKE messages Dec 18 14:29:09 cross Pluto[2567]: adding interface ipsec0/eth0 217.70.2.19 Dec 18 14:29:09 cross Pluto[2567]: loading secrets from "/etc/ipsec.secrets" Dec 18 14:29:09 cross Pluto[2567]: "fwmad" #1: initiating Main Mode Dec 18 14:29:10 cross Pluto[2567]: "fwmad" #2: responding to Main Mode Dec 18 14:29:10 cross Pluto[2567]: "fwmad" #1: ISAKMP SA established Dec 18 14:29:10 cross Pluto[2567]: "fwmad" #3: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS Dec 18 14:29:11 cross Pluto[2567]: "fwmad" #2: sent MR3, ISAKMP SA established Dec 18 14:29:11 cross Pluto[2567]: "fwmad" #3: sent QI2, IPsec SA established Dec 18 14:29:11 cross Pluto[2567]: "manresa_tuset" #4: initiating Main Mode Dec 18 14:29:11 cross Pluto[2567]: ERROR: asynchronous network error report on eth0 for message to 217.126.235.212 port 500, complainant 217.126.235.212: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Dec 18 14:31:01 cross Pluto[2567]: ERROR: asynchronous network error report on eth0 for message to 217.126.235.212 port 500, complainant 217.126.235.212: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Dec 18 14:31:41 cross Pluto[2567]: ERROR: asynchronous network error report on eth0 for message to 217.126.235.212 port 500, complainant 217.126.235.212: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Dec 18 14:33:41 cross Pluto[2567]: ERROR: asynchronous network error report on eth0 for message to 217.126.235.212 port 500, complainant 217.126.235.212: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Dec 18 14:34:11 cross Pluto[2567]: "fwmad-reg" #5: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS Dec 18 14:34:11 cross Pluto[2567]: "fwmad-reg" #5: sent QI2, IPsec SA established Dec 18 14:34:21 cross Pluto[2567]: ERROR: asynchronous network error report on eth0 for message to 217.126.235.212 port 500, complainant 217.126.235.212: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Dec 18 14:35:01 cross Pluto[2567]: ERROR: asynchronous network error report on eth0 for message to 217.126.235.212 port 500, complainant 217.126.235.212: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Dec 18 14:42:21 cross Pluto[2567]: "manresa_tuset" #4: max number of retransmissions (20) reached STATE_MAIN_I1. No acceptable response to our first IKE message Dec 18 14:42:21 cross Pluto[2567]: "manresa_tuset" #4: starting keying attempt 2 of an unlimited number, but releasing whack Dec 18 14:42:21 cross Pluto[2567]: "manresa_tuset" #6: initiating Main Mode to replace #4 Dec 18 14:42:21 cross Pluto[2567]: "fwmad-reg" #7: initiating Quick Mode RSASIG+ENCRYPT+TUNNEL+PFS Dec 18 14:42:21 cross Pluto[2567]: ERROR: asynchronous network error report on eth0 for message to 217.126.235.212 port 500, complainant 217.126.235.212: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] Dec 18 14:42:21 cross Pluto[2567]: "fwmad-reg" #7: sent QI2, IPsec SA established Dec 18 14:42:32 cross Pluto[2567]: ERROR: asynchronous network error report on eth0 for message to 217.126.235.212 port 500, complainant 217.126.235.212: No route to host [errno 113, origin ICMP type 3 code 1 (not authenticated)] + _________________________ date + date Wed Dec 18 14:52:26 CET 2002