ipsec initiator mdserver output

1. [root@mdserver ~]# /etc/ipsec.d/show_ipsec_config
2.  
3. # ==== Output of mdserver command: "systemctl stop ipsec"
4.  
5. # ==== Output of mdserver command: "cat /etc/redhat-release"
6. Red Hat Enterprise Linux Server release 7.0 (Maipo)
7.  
8. # ==== Output of mdserver command: "rpm -q libreswan"
9. libreswan-3.8-6.el7_0.x86_64
10.  
11. # ==== Output of mdserver command: "cat /etc/sysconfig/pluto"
12. # Put extra pluto command line options you want here
13. PLUTO_OPTIONS=" "
14. ##IPSEC_INIT_SCRIPT_DEBUG="1"
15. #; # Added by Paul
16.  
17. # ==== Output of mdserver command: "cat /etc/ipsec.conf"
18. config setup
19. plutodebug="all crypt"
20. protostack=netkey
21. dumpdir=/var/run/pluto/
22. virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:100.64.0.0/10,%v6:fd00::/8,%v6:fe80::/10,!%v4:172.31.0.0/20
23. include /etc/ipsec.d/*.conf
24.  
25. # ==== Output of mdserver command: "ls /etc/ipsec.d/*{conf,secrets}"
26. /etc/ipsec.d/amazoncore.conf /etc/ipsec.d/amazoncore.secrets
27.  
28. # ==== Output of mdserver command: "cat /etc/ipsec.d/*conf"
29. conn amazoncore
30. type=tunnel
31. authby=secret
32. auto=start
33. ike=aes256-sha1;modp1536,3des-md5;modp1024
34. forceencaps=yes
35. left=54.66.129.223
36. leftid=@blender
37. leftsourceip=10.1.0.1
38. leftsubnet=10.1.0.0/16
39. right=%defaultroute
40. rightid=@potatoe
41. rightsubnet=10.1.2.0/24
42.  
43. # ==== Output of mdserver command: "sed 's/PSK \".*/PSK \"PRIVATE\"/' /etc/ipsec.d/*.secrets"
44. @blender @potatoe: PSK "PRIVATE"
45.  
46. # ==== Output of mdserver command: "iptables -L -n"
47. Chain INPUT (policy ACCEPT)
48. target prot opt source destination
49.  
50. Chain FORWARD (policy ACCEPT)
51. target prot opt source destination
52.  
53. Chain OUTPUT (policy ACCEPT)
54. target prot opt source destination
55.  
56. # ==== Output of mdserver command: "ip link"
57. 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT
58. link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
59. 2: enp11s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT qlen 1000
60. link/ether 00:21:5e:09:a9:1c brd ff:ff:ff:ff:ff:ff
61. 3: enp11s0f1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN mode DEFAULT qlen 1000
62. link/ether 00:21:5e:09:a9:1e brd ff:ff:ff:ff:ff:ff
63. 4: enp0s29f0u2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN mode DEFAULT qlen 1000
64. link/ether 02:21:5e:0a:a9:1f brd ff:ff:ff:ff:ff:ff
65.  
66. # ==== Output of mdserver command: "ip addr"
67. 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
68. link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
69. inet 127.0.0.1/8 scope host lo
70. valid_lft forever preferred_lft forever
71. inet6 ::1/128 scope host
72. valid_lft forever preferred_lft forever
73. 2: enp11s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
74. link/ether 00:21:5e:09:a9:1c brd ff:ff:ff:ff:ff:ff
75. inet 10.1.2.2/24 brd 10.1.2.255 scope global enp11s0f0
76. valid_lft forever preferred_lft forever
77. inet6 fe80::221:5eff:fe09:a91c/64 scope link
78. valid_lft forever preferred_lft forever
79. 3: enp11s0f1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN qlen 1000
80. link/ether 00:21:5e:09:a9:1e brd ff:ff:ff:ff:ff:ff
81. 4: enp0s29f0u2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
82. link/ether 02:21:5e:0a:a9:1f brd ff:ff:ff:ff:ff:ff
83.  
84. # ==== Output of mdserver command: "ip neigh"
85. fe80::9e97:26ff:fee5:2a26 dev enp11s0f0 lladdr 9c:97:26:e5:2a:26 router STALE
86. 10.1.2.254 dev enp11s0f0 lladdr 9c:97:26:e5:2a:26 REACHABLE
87. 10.1.2.10 dev enp11s0f0 lladdr 00:26:9e:52:e7:4c STALE
88. 10.1.2.17 dev enp11s0f0 lladdr 50:e5:49:6d:d3:f5 STALE
89.  
90. # ==== Output of mdserver command: "ip route"
91. default via 10.1.2.254 dev enp11s0f0 proto static metric 1024
92. 10.1.2.0/24 dev enp11s0f0 proto kernel scope link src 10.1.2.2
93.  
94. # ==== Output of mdserver command: "ip xfrm state"
95.  
96. # ==== Output of mdserver command: "cp -a /var/log/pluto/ipsec.log{,.10305} && > /var/log/pluto/ipsec.log"
97.  
98. # ==== Output of mdserver command: "systemctl start ipsec"
99.  
100. # ==== Output of mdserver command: "ipsec barf"
101. Unable to find KLIPS messages, typically found in /var/log/messages or equivalent. You may need to run Libreswan for the first time; alternatively, your log files have been emptied (ie, logwatch) or we do not understand your logging configuration.
102. mdserver.blueprintconsulting.com
103. Fri Mar 20 14:00:53 EST 2015
104. + _________________________ version
105. + ipsec --version
106. Linux Libreswan 3.8 (netkey) on 3.10.0-123.el7.x86_64
107. + _________________________ /proc/version
108. + cat /proc/version
109. Linux version 3.10.0-123.el7.x86_64 (mockbuild@x86-017.build.eng.bos.redhat.com) (gcc version 4.8.2 20140120 (Red Hat 4.8.2-16) (GCC) ) #1 SMP Mon May 5 11:16:57 EDT 2014
110. + _________________________ /proc/net/ipsec_eroute
111. + test -r /proc/net/ipsec_eroute
112. + _________________________ netstat-rn
113. + netstat -nr
114. + head -n 100
115. Kernel IP routing table
116. Destination Gateway Genmask Flags MSS Window irtt Iface
117. 0.0.0.0 10.1.2.254 0.0.0.0 UG 0 0 0 enp11s0f0
118. 10.1.2.0 0.0.0.0 255.255.255.0 U 0 0 0 enp11s0f0
119. + _________________________ /proc/net/ipsec_spi
120. + test -r /proc/net/ipsec_spi
121. + _________________________ /proc/net/ipsec_spigrp
122. + test -r /proc/net/ipsec_spigrp
123. + _________________________ /proc/net/ipsec_tncfg
124. + test -r /proc/net/ipsec_tncfg
125. + _________________________ /proc/net/pfkey
126. + test -r /proc/net/pfkey
127. + cat /proc/net/pfkey
128. sk RefCnt Rmem Wmem User Inode
129. + _________________________ ip-xfrm-state
130. + ip xfrm state
131. + _________________________ ip-xfrm-policy
132. + ip xfrm policy
133. src ::/0 dst ::/0
134. socket out priority 0 ptype main
135. src ::/0 dst ::/0
136. socket in priority 0 ptype main
137. src 0.0.0.0/0 dst 0.0.0.0/0
138. socket out priority 0 ptype main
139. src 0.0.0.0/0 dst 0.0.0.0/0
140. socket in priority 0 ptype main
141. src 0.0.0.0/0 dst 0.0.0.0/0
142. socket out priority 0 ptype main
143. src 0.0.0.0/0 dst 0.0.0.0/0
144. socket in priority 0 ptype main
145. + _________________________ ip-xfrm-stats
146. + cat /proc/net/xfrm_stat
147. XfrmInError 0
148. XfrmInBufferError 0
149. XfrmInHdrError 0
150. XfrmInNoStates 0
151. XfrmInStateProtoError 0
152. XfrmInStateModeError 0
153. XfrmInStateSeqError 0
154. XfrmInStateExpired 0
155. XfrmInStateMismatch 0
156. XfrmInStateInvalid 0
157. XfrmInTmplMismatch 24490
158. XfrmInNoPols 0
159. XfrmInPolBlock 0
160. XfrmInPolError 0
161. XfrmOutError 0
162. XfrmOutBundleGenError 0
163. XfrmOutBundleCheckError 0
164. XfrmOutNoStates 1
165. XfrmOutStateProtoError 0
166. XfrmOutStateModeError 0
167. XfrmOutStateSeqError 0
168. XfrmOutStateExpired 0
169. XfrmOutPolBlock 0
170. XfrmOutPolDead 0
171. XfrmOutPolError 0
172. XfrmFwdHdrError 0
173. XfrmOutStateInvalid 0
174. + _________________________ ip-l2tp-tunnel
175. + test -d /sys/module/l2tp_core
176. + _________________________ /proc/crypto
177. + test -r /proc/crypto
178. + cat /proc/crypto
179. name : authenc(hmac(sha1),cbc(aes))
180. driver : authenc(hmac(sha1-generic),cbc(aes-asm))
181. module : authenc
182. priority : 2000
183. refcnt : 1
184. selftest : passed
185. type : aead
186. async : no
187. blocksize : 16
188. ivsize : 16
189. maxauthsize : 20
190. geniv : <built-in>
191.  
192. name : cbc(aes)
193. driver : cbc(aes-asm)
194. module : kernel
195. priority : 200
196. refcnt : 1
197. selftest : passed
198. type : givcipher
199. async : no
200. blocksize : 16
201. min keysize : 16
202. max keysize : 32
203. ivsize : 16
204. geniv : eseqiv
205.  
206. name : rfc3686(ctr(aes))
207. driver : rfc3686(ctr(aes-asm))
208. module : kernel
209. priority : 200
210. refcnt : 1
211. selftest : passed
212. type : ablkcipher
213. async : yes
214. blocksize : 1
215. min keysize : 20
216. max keysize : 36
217. ivsize : 8
218. geniv : seqiv
219.  
220. name : ctr(aes)
221. driver : ctr(aes-asm)
222. module : kernel
223. priority : 200
224. refcnt : 1
225. selftest : passed
226. type : givcipher
227. async : yes
228. blocksize : 1
229. min keysize : 16
230. max keysize : 32
231. ivsize : 16
232. geniv : chainiv
233.  
234. name : ctr(aes)
235. driver : ctr(aes-asm)
236. module : kernel
237. priority : 200
238. refcnt : 1
239. selftest : passed
240. type : blkcipher
241. blocksize : 1
242. min keysize : 16
243. max keysize : 32
244. ivsize : 16
245. geniv : chainiv
246.  
247. name : cbc(cast5)
248. driver : cbc(cast5-generic)
249. module : kernel
250. priority : 100
251. refcnt : 1
252. selftest : passed
253. type : blkcipher
254. blocksize : 8
255. min keysize : 5
256. max keysize : 16
257. ivsize : 8
258. geniv : <default>
259.  
260. name : cbc(des3_ede)
261. driver : cbc(des3_ede-generic)
262. module : kernel
263. priority : 0
264. refcnt : 1
265. selftest : passed
266. type : blkcipher
267. blocksize : 8
268. min keysize : 24
269. max keysize : 24
270. ivsize : 8
271. geniv : <default>
272.  
273. name : cbc(des)
274. driver : cbc(des-generic)
275. module : kernel
276. priority : 0
277. refcnt : 1
278. selftest : passed
279. type : blkcipher
280. blocksize : 8
281. min keysize : 8
282. max keysize : 8
283. ivsize : 8
284. geniv : <default>
285.  
286. name : cmac(aes)
287. driver : cmac(aes-asm)
288. module : cmac
289. priority : 200
290. refcnt : 1
291. selftest : passed
292. type : shash
293. blocksize : 16
294. digestsize : 16
295.  
296. name : xcbc(aes)
297. driver : xcbc(aes-asm)
298. module : xcbc
299. priority : 200
300. refcnt : 1
301. selftest : passed
302. type : shash
303. blocksize : 16
304. digestsize : 16
305.  
306. name : hmac(rmd160)
307. driver : hmac(rmd160-generic)
308. module : kernel
309. priority : 0
310. refcnt : 1
311. selftest : passed
312. type : shash
313. blocksize : 64
314. digestsize : 20
315.  
316. name : rmd160
317. driver : rmd160-generic
318. module : rmd160
319. priority : 0
320. refcnt : 1
321. selftest : passed
322. type : shash
323. blocksize : 64
324. digestsize : 20
325.  
326. name : hmac(sha512)
327. driver : hmac(sha512-ssse3)
328. module : kernel
329. priority : 150
330. refcnt : 1
331. selftest : passed
332. type : shash
333. blocksize : 128
334. digestsize : 64
335.  
336. name : hmac(sha384)
337. driver : hmac(sha384-generic)
338. module : kernel
339. priority : 0
340. refcnt : 1
341. selftest : passed
342. type : shash
343. blocksize : 128
344. digestsize : 48
345.  
346. name : hmac(sha256)
347. driver : hmac(sha256-ssse3)
348. module : kernel
349. priority : 150
350. refcnt : 1
351. selftest : passed
352. type : shash
353. blocksize : 64
354. digestsize : 32
355.  
356. name : hmac(md5)
357. driver : hmac(md5-generic)
358. module : kernel
359. priority : 0
360. refcnt : 1
361. selftest : passed
362. type : shash
363. blocksize : 64
364. digestsize : 16
365.  
366. name : digest_null
367. driver : digest_null-generic
368. module : crypto_null
369. priority : 0
370. refcnt : 1
371. selftest : passed
372. type : shash
373. blocksize : 1
374. digestsize : 0
375.  
376. name : compress_null
377. driver : compress_null-generic
378. module : crypto_null
379. priority : 0
380. refcnt : 1
381. selftest : passed
382. type : compression
383.  
384. name : ecb(cipher_null)
385. driver : ecb-cipher_null
386. module : crypto_null
387. priority : 100
388. refcnt : 1
389. selftest : passed
390. type : blkcipher
391. blocksize : 1
392. min keysize : 0
393. max keysize : 0
394. ivsize : 0
395. geniv : <default>
396.  
397. name : cipher_null
398. driver : cipher_null-generic
399. module : crypto_null
400. priority : 0
401. refcnt : 1
402. selftest : passed
403. type : cipher
404. blocksize : 1
405. min keysize : 0
406. max keysize : 0
407.  
408. name : camellia
409. driver : camellia-generic
410. module : camellia_generic
411. priority : 100
412. refcnt : 1
413. selftest : passed
414. type : cipher
415. blocksize : 16
416. min keysize : 16
417. max keysize : 32
418.  
419. name : xts(camellia)
420. driver : xts-camellia-asm
421. module : camellia_x86_64
422. priority : 300
423. refcnt : 1
424. selftest : passed
425. type : blkcipher
426. blocksize : 16
427. min keysize : 32
428. max keysize : 64
429. ivsize : 16
430. geniv : <default>
431.  
432. name : lrw(camellia)
433. driver : lrw-camellia-asm
434. module : camellia_x86_64
435. priority : 300
436. refcnt : 1
437. selftest : passed
438. type : blkcipher
439. blocksize : 16
440. min keysize : 32
441. max keysize : 48
442. ivsize : 16
443. geniv : <default>
444.  
445. name : ctr(camellia)
446. driver : ctr-camellia-asm
447. module : camellia_x86_64
448. priority : 300
449. refcnt : 1
450. selftest : passed
451. type : blkcipher
452. blocksize : 1
453. min keysize : 16
454. max keysize : 32
455. ivsize : 16
456. geniv : <default>
457.  
458. name : cbc(camellia)
459. driver : cbc-camellia-asm
460. module : camellia_x86_64
461. priority : 300
462. refcnt : 1
463. selftest : passed
464. type : blkcipher
465. blocksize : 16
466. min keysize : 16
467. max keysize : 32
468. ivsize : 16
469. geniv : <default>
470.  
471. name : ecb(camellia)
472. driver : ecb-camellia-asm
473. module : camellia_x86_64
474. priority : 300
475. refcnt : 1
476. selftest : passed
477. type : blkcipher
478. blocksize : 16
479. min keysize : 16
480. max keysize : 32
481. ivsize : 0
482. geniv : <default>
483.  
484. name : camellia
485. driver : camellia-asm
486. module : camellia_x86_64
487. priority : 200
488. refcnt : 1
489. selftest : passed
490. type : cipher
491. blocksize : 16
492. min keysize : 16
493. max keysize : 32
494.  
495. name : cast6
496. driver : cast6-generic
497. module : cast6_generic
498. priority : 100
499. refcnt : 1
500. selftest : passed
501. type : cipher
502. blocksize : 16
503. min keysize : 16
504. max keysize : 32
505.  
506. name : cast5
507. driver : cast5-generic
508. module : cast5_generic
509. priority : 100
510. refcnt : 1
511. selftest : passed
512. type : cipher
513. blocksize : 8
514. min keysize : 5
515. max keysize : 16
516.  
517. name : deflate
518. driver : deflate-generic
519. module : deflate
520. priority : 0
521. refcnt : 1
522. selftest : passed
523. type : compression
524.  
525. name : xts(serpent)
526. driver : xts-serpent-sse2
527. module : serpent_sse2_x86_64
528. priority : 400
529. refcnt : 1
530. selftest : passed
531. type : ablkcipher
532. async : yes
533. blocksize : 16
534. min keysize : 0
535. max keysize : 64
536. ivsize : 16
537. geniv : <default>
538.  
539. name : lrw(serpent)
540. driver : lrw-serpent-sse2
541. module : serpent_sse2_x86_64
542. priority : 400
543. refcnt : 1
544. selftest : passed
545. type : ablkcipher
546. async : yes
547. blocksize : 16
548. min keysize : 16
549. max keysize : 48
550. ivsize : 16
551. geniv : <default>
552.  
553. name : ctr(serpent)
554. driver : ctr-serpent-sse2
555. module : serpent_sse2_x86_64
556. priority : 400
557. refcnt : 1
558. selftest : passed
559. type : ablkcipher
560. async : yes
561. blocksize : 1
562. min keysize : 0
563. max keysize : 32
564. ivsize : 16
565. geniv : chainiv
566.  
567. name : cbc(serpent)
568. driver : cbc-serpent-sse2
569. module : serpent_sse2_x86_64
570. priority : 400
571. refcnt : 1
572. selftest : passed
573. type : ablkcipher
574. async : yes
575. blocksize : 16
576. min keysize : 0
577. max keysize : 32
578. ivsize : 16
579. geniv : <default>
580.  
581. name : __ecb-serpent-sse2
582. driver : cryptd(__driver-ecb-serpent-sse2)
583. module : cryptd
584. priority : 50
585. refcnt : 1
586. selftest : passed
587. type : ablkcipher
588. async : yes
589. blocksize : 16
590. min keysize : 0
591. max keysize : 32
592. ivsize : 0
593. geniv : <default>
594.  
595. name : ecb(serpent)
596. driver : ecb-serpent-sse2
597. module : serpent_sse2_x86_64
598. priority : 400
599. refcnt : 1
600. selftest : passed
601. type : ablkcipher
602. async : yes
603. blocksize : 16
604. min keysize : 0
605. max keysize : 32
606. ivsize : 0
607. geniv : <default>
608.  
609. name : __xts-serpent-sse2
610. driver : __driver-xts-serpent-sse2
611. module : serpent_sse2_x86_64
612. priority : 0
613. refcnt : 1
614. selftest : passed
615. type : blkcipher
616. blocksize : 16
617. min keysize : 0
618. max keysize : 64
619. ivsize : 16
620. geniv : <default>
621.  
622. name : __lrw-serpent-sse2
623. driver : __driver-lrw-serpent-sse2
624. module : serpent_sse2_x86_64
625. priority : 0
626. refcnt : 1
627. selftest : passed
628. type : blkcipher
629. blocksize : 16
630. min keysize : 16
631. max keysize : 48
632. ivsize : 16
633. geniv : <default>
634.  
635. name : __ctr-serpent-sse2
636. driver : __driver-ctr-serpent-sse2
637. module : serpent_sse2_x86_64
638. priority : 0
639. refcnt : 1
640. selftest : passed
641. type : blkcipher
642. blocksize : 1
643. min keysize : 0
644. max keysize : 32
645. ivsize : 16
646. geniv : <default>
647.  
648. name : __cbc-serpent-sse2
649. driver : __driver-cbc-serpent-sse2
650. module : serpent_sse2_x86_64
651. priority : 0
652. refcnt : 1
653. selftest : passed
654. type : blkcipher
655. blocksize : 16
656. min keysize : 0
657. max keysize : 32
658. ivsize : 0
659. geniv : <default>
660.  
661. name : __ecb-serpent-sse2
662. driver : __driver-ecb-serpent-sse2
663. module : serpent_sse2_x86_64
664. priority : 0
665. refcnt : 1
666. selftest : passed
667. type : blkcipher
668. blocksize : 16
669. min keysize : 0
670. max keysize : 32
671. ivsize : 0
672. geniv : <default>
673.  
674. name : tnepres
675. driver : tnepres-generic
676. module : serpent_generic
677. priority : 0
678. refcnt : 1
679. selftest : passed
680. type : cipher
681. blocksize : 16
682. min keysize : 0
683. max keysize : 32
684.  
685. name : serpent
686. driver : serpent-generic
687. module : serpent_generic
688. priority : 100
689. refcnt : 1
690. selftest : passed
691. type : cipher
692. blocksize : 16
693. min keysize : 0
694. max keysize : 32
695.  
696. name : blowfish
697. driver : blowfish-generic
698. module : blowfish_generic
699. priority : 100
700. refcnt : 1
701. selftest : passed
702. type : cipher
703. blocksize : 8
704. min keysize : 4
705. max keysize : 56
706.  
707. name : ctr(blowfish)
708. driver : ctr-blowfish-asm
709. module : blowfish_x86_64
710. priority : 300
711. refcnt : 1
712. selftest : passed
713. type : blkcipher
714. blocksize : 1
715. min keysize : 4
716. max keysize : 56
717. ivsize : 8
718. geniv : <default>
719.  
720. name : cbc(blowfish)
721. driver : cbc-blowfish-asm
722. module : blowfish_x86_64
723. priority : 300
724. refcnt : 1
725. selftest : passed
726. type : blkcipher
727. blocksize : 8
728. min keysize : 4
729. max keysize : 56
730. ivsize : 8
731. geniv : <default>
732.  
733. name : ecb(blowfish)
734. driver : ecb-blowfish-asm
735. module : blowfish_x86_64
736. priority : 300
737. refcnt : 1
738. selftest : passed
739. type : blkcipher
740. blocksize : 8
741. min keysize : 4
742. max keysize : 56
743. ivsize : 0
744. geniv : <default>
745.  
746. name : blowfish
747. driver : blowfish-asm
748. module : blowfish_x86_64
749. priority : 200
750. refcnt : 1
751. selftest : passed
752. type : cipher
753. blocksize : 8
754. min keysize : 4
755. max keysize : 56
756.  
757. name : twofish
758. driver : twofish-generic
759. module : twofish_generic
760. priority : 100
761. refcnt : 1
762. selftest : passed
763. type : cipher
764. blocksize : 16
765. min keysize : 16
766. max keysize : 32
767.  
768. name : xts(twofish)
769. driver : xts-twofish-3way
770. module : twofish_x86_64_3way
771. priority : 300
772. refcnt : 1
773. selftest : passed
774. type : blkcipher
775. blocksize : 16
776. min keysize : 32
777. max keysize : 64
778. ivsize : 16
779. geniv : <default>
780.  
781. name : lrw(twofish)
782. driver : lrw-twofish-3way
783. module : twofish_x86_64_3way
784. priority : 300
785. refcnt : 1
786. selftest : passed
787. type : blkcipher
788. blocksize : 16
789. min keysize : 32
790. max keysize : 48
791. ivsize : 16
792. geniv : <default>
793.  
794. name : ctr(twofish)
795. driver : ctr-twofish-3way
796. module : twofish_x86_64_3way
797. priority : 300
798. refcnt : 1
799. selftest : passed
800. type : blkcipher
801. blocksize : 1
802. min keysize : 16
803. max keysize : 32
804. ivsize : 16
805. geniv : <default>
806.  
807. name : cbc(twofish)
808. driver : cbc-twofish-3way
809. module : twofish_x86_64_3way
810. priority : 300
811. refcnt : 1
812. selftest : passed
813. type : blkcipher
814. blocksize : 16
815. min keysize : 16
816. max keysize : 32
817. ivsize : 16
818. geniv : <default>
819.  
820. name : ecb(twofish)
821. driver : ecb-twofish-3way
822. module : twofish_x86_64_3way
823. priority : 300
824. refcnt : 1
825. selftest : passed
826. type : blkcipher
827. blocksize : 16
828. min keysize : 16
829. max keysize : 32
830. ivsize : 0
831. geniv : <default>
832.  
833. name : twofish
834. driver : twofish-asm
835. module : twofish_x86_64
836. priority : 200
837. refcnt : 1
838. selftest : passed
839. type : cipher
840. blocksize : 16
841. min keysize : 16
842. max keysize : 32
843.  
844. name : sha256
845. driver : sha256-ssse3
846. module : sha256_ssse3
847. priority : 150
848. refcnt : 1
849. selftest : passed
850. type : shash
851. blocksize : 64
852. digestsize : 32
853.  
854. name : sha512
855. driver : sha512-ssse3
856. module : sha512_ssse3
857. priority : 150
858. refcnt : 1
859. selftest : passed
860. type : shash
861. blocksize : 128
862. digestsize : 64
863.  
864. name : sha384
865. driver : sha384-generic
866. module : sha512_generic
867. priority : 0
868. refcnt : 1
869. selftest : passed
870. type : shash
871. blocksize : 128
872. digestsize : 48
873.  
874. name : sha512
875. driver : sha512-generic
876. module : sha512_generic
877. priority : 0
878. refcnt : 1
879. selftest : passed
880. type : shash
881. blocksize : 128
882. digestsize : 64
883.  
884. name : des3_ede
885. driver : des3_ede-generic
886. module : des_generic
887. priority : 0
888. refcnt : 1
889. selftest : passed
890. type : cipher
891. blocksize : 8
892. min keysize : 24
893. max keysize : 24
894.  
895. name : des
896. driver : des-generic
897. module : des_generic
898. priority : 0
899. refcnt : 1
900. selftest : passed
901. type : cipher
902. blocksize : 8
903. min keysize : 8
904. max keysize : 8
905.  
906. name : crc32c
907. driver : crc32c-intel
908. module : crc32c_intel
909. priority : 200
910. refcnt : 1
911. selftest : passed
912. type : shash
913. blocksize : 1
914. digestsize : 4
915.  
916. name : cbc(aes)
917. driver : cbc(aes-asm)
918. module : kernel
919. priority : 200
920. refcnt : 1
921. selftest : passed
922. type : blkcipher
923. blocksize : 16
924. min keysize : 16
925. max keysize : 32
926. ivsize : 16
927. geniv : <default>
928.  
929. name : hmac(sha1)
930. driver : hmac(sha1-generic)
931. module : kernel
932. priority : 0
933. refcnt : 2
934. selftest : passed
935. type : shash
936. blocksize : 64
937. digestsize : 20
938.  
939. name : stdrng
940. driver : krng
941. module : kernel
942. priority : 200
943. refcnt : 2
944. selftest : passed
945. type : rng
946. seedsize : 0
947.  
948. name : lzo
949. driver : lzo-generic
950. module : kernel
951. priority : 0
952. refcnt : 1
953. selftest : passed
954. type : compression
955.  
956. name : crc32c
957. driver : crc32c-generic
958. module : kernel
959. priority : 100
960. refcnt : 2
961. selftest : passed
962. type : shash
963. blocksize : 1
964. digestsize : 4
965.  
966. name : aes
967. driver : aes-generic
968. module : kernel
969. priority : 100
970. refcnt : 1
971. selftest : passed
972. type : cipher
973. blocksize : 16
974. min keysize : 16
975. max keysize : 32
976.  
977. name : sha224
978. driver : sha224-generic
979. module : kernel
980. priority : 0
981. refcnt : 1
982. selftest : passed
983. type : shash
984. blocksize : 64
985. digestsize : 28
986.  
987. name : sha256
988. driver : sha256-generic
989. module : kernel
990. priority : 0
991. refcnt : 3
992. selftest : passed
993. type : shash
994. blocksize : 64
995. digestsize : 32
996.  
997. name : sha1
998. driver : sha1-generic
999. module : kernel
1000. priority : 0
1001. refcnt : 5
1002. selftest : passed
1003. type : shash
1004. blocksize : 64
1005. digestsize : 20
1006.  
1007. name : md5
1008. driver : md5-generic
1009. module : kernel
1010. priority : 0
1011. refcnt : 1
1012. selftest : passed
1013. type : shash
1014. blocksize : 64
1015. digestsize : 16
1016.  
1017. name : aes
1018. driver : aes-asm
1019. module : kernel
1020. priority : 200
1021. refcnt : 2
1022. selftest : passed
1023. type : cipher
1024. blocksize : 16
1025. min keysize : 16
1026. max keysize : 32
1027.  
1028. + __________________________/proc/sys/net/core/xfrm-star
1029. /usr/libexec/ipsec/barf: line 197: __________________________/proc/sys/net/core/xfrm-star: No such file or directory
1030. + for i in '/proc/sys/net/core/xfrm_*'
1031. + echo -n '/proc/sys/net/core/xfrm_acq_expires: '
1032. /proc/sys/net/core/xfrm_acq_expires: + cat /proc/sys/net/core/xfrm_acq_expires
1033. 30
1034. + for i in '/proc/sys/net/core/xfrm_*'
1035. + echo -n '/proc/sys/net/core/xfrm_aevent_etime: '
1036. /proc/sys/net/core/xfrm_aevent_etime: + cat /proc/sys/net/core/xfrm_aevent_etime
1037. 10
1038. + for i in '/proc/sys/net/core/xfrm_*'
1039. + echo -n '/proc/sys/net/core/xfrm_aevent_rseqth: '
1040. /proc/sys/net/core/xfrm_aevent_rseqth: + cat /proc/sys/net/core/xfrm_aevent_rseqth
1041. 2
1042. + for i in '/proc/sys/net/core/xfrm_*'
1043. + echo -n '/proc/sys/net/core/xfrm_larval_drop: '
1044. /proc/sys/net/core/xfrm_larval_drop: + cat /proc/sys/net/core/xfrm_larval_drop
1045. 1
1046. + _________________________ /proc/sys/net/ipsec-star
1047. + test -d /proc/sys/net/ipsec
1048. + _________________________ ipsec/status
1049. + ipsec whack --status
1050. 000 using kernel interface: netkey
1051. 000 interface lo/lo ::1
1052. 000 interface lo/lo 127.0.0.1
1053. 000 interface enp11s0f0/enp11s0f0 10.1.2.2
1054. 000
1055. 000 fips mode=disabled;
1056. 000 SElinux=enabled
1057. 000
1058. 000 config setup options:
1059. 000
1060. 000 configdir=/etc, configfile=/etc/ipsec.conf, secrets=/etc/ipsec.secrets, ipsecdir=/etc/ipsec.d, dumpdir=/var/run/pluto/, statsbin=unset
1061. 000 sbindir=/usr/sbin, libdir=/usr/libexec/ipsec, libexecdir=/usr/libexec/ipsec
1062. 000 pluto_version=3.8, pluto_vendorid=OE-Libreswan-3.8
1063. 000 nhelpers=-1, uniqueids=yes, retransmits=yes, force_busy=no
1064. 000 ikeport=500, strictcrlpolicy=no, crlcheckinterval=0, listen=<any>
1065. 000 secctx_attr_value=32001
1066. 000 myid = (none)
1067. 000 debug raw+crypt+parsing+emitting+control+lifecycle+kernel+dns+oppo+controlmore+pfkey+nattraversal+x509+dpd+oppoinfo
1068. 000
1069. 000 nat_traversal=no, keep_alive=20, nat_ikeport=4500, disable_port_floating=yes
1070. 000
1071. 000 ESP algorithms supported:
1072. 000
1073. 000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64, keysizemax=64
1074. 000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192, keysizemax=192
1075. 000 algorithm ESP encrypt: id=6, name=ESP_CAST, ivlen=8, keysizemin=40, keysizemax=128
1076. 000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8, keysizemin=40, keysizemax=448
1077. 000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0, keysizemax=0
1078. 000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128, keysizemax=256
1079. 000 algorithm ESP encrypt: id=13, name=ESP_AES_CTR, ivlen=8, keysizemin=160, keysizemax=288
1080. 000 algorithm ESP encrypt: id=14, name=ESP_AES_CCM_A, ivlen=8, keysizemin=128, keysizemax=256
1081. 000 algorithm ESP encrypt: id=15, name=ESP_AES_CCM_B, ivlen=8, keysizemin=128, keysizemax=256
1082. 000 algorithm ESP encrypt: id=16, name=ESP_AES_CCM_C, ivlen=8, keysizemin=128, keysizemax=256
1083. 000 algorithm ESP encrypt: id=18, name=ESP_AES_GCM_A, ivlen=8, keysizemin=128, keysizemax=256
1084. 000 algorithm ESP encrypt: id=19, name=ESP_AES_GCM_B, ivlen=12, keysizemin=128, keysizemax=256
1085. 000 algorithm ESP encrypt: id=20, name=ESP_AES_GCM_C, ivlen=16, keysizemin=128, keysizemax=256
1086. 000 algorithm ESP encrypt: id=22, name=ESP_CAMELLIA, ivlen=8, keysizemin=128, keysizemax=256
1087. 000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8, keysizemin=128, keysizemax=256
1088. 000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8, keysizemin=128, keysizemax=256
1089. 000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128
1090. 000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160
1091. 000 algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256, keysizemin=256, keysizemax=256
1092. 000 algorithm ESP auth attr: id=6, name=AUTH_ALGORITHM_HMAC_SHA2_384, keysizemin=384, keysizemax=384
1093. 000 algorithm ESP auth attr: id=7, name=AUTH_ALGORITHM_HMAC_SHA2_512, keysizemin=512, keysizemax=512
1094. 000 algorithm ESP auth attr: id=8, name=AUTH_ALGORITHM_HMAC_RIPEMD, keysizemin=160, keysizemax=160
1095. 000 algorithm ESP auth attr: id=9, name=AUTH_ALGORITHM_AES_CBC, keysizemin=128, keysizemax=128
1096. 000 algorithm ESP auth attr: id=251, name=AUTH_ALGORITHM_NULL_KAME, keysizemin=0, keysizemax=0
1097. 000
1098. 000 IKE algorithms supported:
1099. 000
1100. 000 algorithm IKE encrypt: v1id=0, v1name=0??, v2id=20, v2name=AES_GCM_C, blocksize=16, keydeflen=128
1101. 000 algorithm IKE encrypt: v1id=0, v1name=0??, v2id=19, v2name=AES_GCM_B, blocksize=16, keydeflen=128
1102. 000 algorithm IKE encrypt: v1id=0, v1name=0??, v2id=18, v2name=AES_GCM_A, blocksize=16, keydeflen=128
1103. 000 algorithm IKE encrypt: v1id=0, v1name=0??, v2id=16, v2name=AES_CCM_C, blocksize=16, keydeflen=128
1104. 000 algorithm IKE encrypt: v1id=0, v1name=0??, v2id=15, v2name=AES_CCM_B, blocksize=16, keydeflen=128
1105. 000 algorithm IKE encrypt: v1id=0, v1name=0??, v2id=14, v2name=AES_CCM_A, blocksize=16, keydeflen=128
1106. 000 algorithm IKE encrypt: v1id=5, v1name=OAKLEY_3DES_CBC, v2id=3, v2name=3DES, blocksize=8, keydeflen=192
1107. 000 algorithm IKE encrypt: v1id=7, v1name=OAKLEY_AES_CBC, v2id=12, v2name=AES_CBC, blocksize=16, keydeflen=128
1108. 000 algorithm IKE encrypt: v1id=65004, v1name=OAKLEY_SERPENT_CBC, v2id=65004, v2name=SERPENT_CBC, blocksize=16, keydeflen=128
1109. 000 algorithm IKE encrypt: v1id=65005, v1name=OAKLEY_TWOFISH_CBC, v2id=65005, v2name=TWOFISH_CBC, blocksize=16, keydeflen=128
1110. 000 algorithm IKE encrypt: v1id=65289, v1name=OAKLEY_TWOFISH_CBC_SSH, v2id=65289, v2name=TWOFISH_CBC_SSH, blocksize=16, keydeflen=128
1111. 000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
1112. 000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20
1113. 000 algorithm IKE hash: id=4, name=OAKLEY_SHA2_256, hashsize=32
1114. 000 algorithm IKE hash: id=5, name=OAKLEY_SHA2_384, hashsize=48
1115. 000 algorithm IKE hash: id=6, name=OAKLEY_SHA2_512, hashsize=64
1116. 000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
1117. 000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
1118. 000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
1119. 000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
1120. 000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
1121. 000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
1122. 000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
1123. 000 algorithm IKE dh group: id=22, name=OAKLEY_GROUP_DH22, bits=1024
1124. 000 algorithm IKE dh group: id=23, name=OAKLEY_GROUP_DH23, bits=2048
1125. 000 algorithm IKE dh group: id=24, name=OAKLEY_GROUP_DH24, bits=2048
1126. 000
1127. 000 stats db_ops: {curr_cnt, total_cnt, maxsz} :context={0,0,0} trans={0,0,0} attrs={0,0,0}
1128. 000
1129. 000 Connection list:
1130. 000
1131. 000
1132. 000 State list:
1133. 000
1134. 000 Shunt list:
1135. 000
1136. + _________________________ ifconfig-a
1137. + ifconfig -a
1138. enp0s29f0u2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
1139. ether 02:21:5e:0a:a9:1f txqueuelen 1000 (Ethernet)
1140. RX packets 36700 bytes 2388956 (2.2 MiB)
1141. RX errors 0 dropped 0 overruns 0 frame 0
1142. TX packets 0 bytes 0 (0.0 B)
1143. TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
1144.  
1145. enp11s0f0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
1146. inet 10.1.2.2 netmask 255.255.255.0 broadcast 10.1.2.255
1147. inet6 fe80::221:5eff:fe09:a91c prefixlen 64 scopeid 0x20<link>
1148. ether 00:21:5e:09:a9:1c txqueuelen 1000 (Ethernet)
1149. RX packets 175412 bytes 39836899 (37.9 MiB)
1150. RX errors 0 dropped 21 overruns 0 frame 0
1151. TX packets 133443 bytes 41760038 (39.8 MiB)
1152. TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
1153.  
1154. enp11s0f1: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
1155. ether 00:21:5e:09:a9:1e txqueuelen 1000 (Ethernet)
1156. RX packets 0 bytes 0 (0.0 B)
1157. RX errors 0 dropped 0 overruns 0 frame 0
1158. TX packets 0 bytes 0 (0.0 B)
1159. TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
1160.  
1161. lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
1162. inet 127.0.0.1 netmask 255.0.0.0
1163. inet6 ::1 prefixlen 128 scopeid 0x10<host>
1164. loop txqueuelen 0 (Local Loopback)
1165. RX packets 165079 bytes 52394165 (49.9 MiB)
1166. RX errors 0 dropped 0 overruns 0 frame 0
1167. TX packets 165079 bytes 52394165 (49.9 MiB)
1168. TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
1169.  
1170. + _________________________ ip-addr-list
1171. + ip addr list
1172. 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
1173. link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
1174. inet 127.0.0.1/8 scope host lo
1175. valid_lft forever preferred_lft forever
1176. inet6 ::1/128 scope host
1177. valid_lft forever preferred_lft forever
1178. 2: enp11s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
1179. link/ether 00:21:5e:09:a9:1c brd ff:ff:ff:ff:ff:ff
1180. inet 10.1.2.2/24 brd 10.1.2.255 scope global enp11s0f0
1181. valid_lft forever preferred_lft forever
1182. inet6 fe80::221:5eff:fe09:a91c/64 scope link
1183. valid_lft forever preferred_lft forever
1184. 3: enp11s0f1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN qlen 1000
1185. link/ether 00:21:5e:09:a9:1e brd ff:ff:ff:ff:ff:ff
1186. 4: enp0s29f0u2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
1187. link/ether 02:21:5e:0a:a9:1f brd ff:ff:ff:ff:ff:ff
1188. + _________________________ ip-route-list
1189. + ip route list
1190. default via 10.1.2.254 dev enp11s0f0 proto static metric 1024
1191. 10.1.2.0/24 dev enp11s0f0 proto kernel scope link src 10.1.2.2
1192. + _________________________ ip-rule-list
1193. + ip rule list
1194. 0: from all lookup local
1195. 32766: from all lookup main
1196. 32767: from all lookup default
1197. + _________________________ ipsec_verify
1198. + ipsec verify --nocolour
1199. Verifying installed system and configuration files
1200.  
1201. Version check and ipsec on-path [OK]
1202. Libreswan 3.8 (netkey) on 3.10.0-123.el7.x86_64
1203. Checking for IPsec support in kernel [OK]
1204. NETKEY: Testing XFRM related proc values
1205. ICMP default/send_redirects [OK]
1206. ICMP default/accept_redirects [OK]
1207. XFRM larval drop [OK]
1208. Pluto ipsec.conf syntax [OK]
1209. Hardware random device [N/A]
1210. Two or more interfaces found, checking IP forwarding [FAILED]
1211. Checking rp_filter [OK]
1212. Checking that pluto is running [OK]
1213. Pluto listening for IKE on udp 500 [OK]
1214. Pluto listening for IKE/NAT-T on udp 4500 [DISABLED]
1215. Pluto ipsec.secret syntax [OK]
1216. Checking NAT and MASQUERADEing [TEST INCOMPLETE]
1217. Checking 'ip' command [OK]
1218. Checking 'iptables' command [OK]
1219. Checking 'prelink' command does not interfere with FIPSChecking for obsolete ipsec.conf options [OK]
1220. Opportunistic Encryption [DISABLED]
1221.  
1222. ipsec verify: encountered 2 errors - see 'man ipsec_verify' for help
1223. + _________________________ mii-tool
1224. + '[' -x /sbin/mii-tool ']'
1225. + /sbin/mii-tool -v
1226. No interface specified
1227. usage: /sbin/mii-tool [-VvRrwl] [-A media,... | -F media] [-p addr] <interface ...>
1228. -V, --version display version information
1229. -v, --verbose more verbose output
1230. -R, --reset reset MII to poweron state
1231. -r, --restart restart autonegotiation
1232. -w, --watch monitor for link status changes
1233. -l, --log with -w, write events to syslog
1234. -A, --advertise=media,... advertise only specified media
1235. -F, --force=media force specified media technology
1236. -p, --phy=addr set PHY (MII address) to report
1237. media: 1000baseTx-HD, 1000baseTx-FD,
1238. 100baseT4, 100baseTx-FD, 100baseTx-HD,
1239. 10baseT-FD, 10baseT-HD,
1240. (to advertise both HD and FD) 1000baseTx, 100baseTx, 10baseT
1241. + _________________________ ipsec/directory
1242. + ipsec --directory
1243. /usr/libexec/ipsec
1244. + _________________________ hostname/fqdn
1245. + hostname --fqdn
1246. mdserver.blueprintconsulting.com
1247. + _________________________ hostname/ipaddress
1248. + hostname --ip-address
1249. 10.1.2.2
1250. + _________________________ uptime
1251. + uptime
1252. 14:00:54 up 1 day, 1:18, 1 user, load average: 0.17, 0.05, 0.06
1253. + _________________________ ps
1254. + ps alxwf
1255. + egrep -i 'ppid|pluto|ipsec|klips'
1256. F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME COMMAND
1257. 0 0 10305 27355 20 0 113120 1484 wait S+ pts/1 0:00 \_ /bin/bash /etc/ipsec.d/show_ipsec_config
1258. 4 0 10409 10305 20 0 113124 1564 wait S+ pts/1 0:00 \_ /bin/sh /usr/libexec/ipsec/barf
1259. 0 0 10626 10409 20 0 4432 628 pipe_w S+ pts/1 0:00 \_ egrep -i ppid|pluto|ipsec|klips
1260. 0 0 10406 1 20 0 115212 1452 pipe_w Ss ? 0:00 /bin/sh -c eval `/usr/libexec/ipsec/pluto --config /etc/ipsec.conf --nofork $PLUTO_OPTIONS`
1261. 1 0 10411 10406 20 0 115212 660 wait S ? 0:00 \_ /bin/sh -c eval `/usr/libexec/ipsec/pluto --config /etc/ipsec.conf --nofork $PLUTO_OPTIONS`
1262. 4 0 10412 10411 20 0 629756 6588 poll_s Sl ? 0:00 \_ /usr/libexec/ipsec/pluto --config /etc/ipsec.conf --nofork
1263. 0 0 10464 10412 20 0 31308 872 poll_s S ? 0:00 \_ _pluto_adns -d
1264. 1 0 10466 10412 20 0 629756 2320 hrtime S ? 0:00 \_ /usr/libexec/ipsec/pluto --config /etc/ipsec.conf --nofork
1265. + _________________________ ipsec/conf
1266. + ipsec readwriteconf --config /etc/ipsec.conf
1267. + ipsec _keycensor
1268. #conn amazoncore loaded
1269. config setup
1270. plutodebug="all raw crypt parsing emitting control lifecycle kernel dns oppo oppoinfo controlmore x509 dpd pfkey natt nattraversal klips netkey"
1271. dumpdir=/var/run/pluto/
1272. virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:100.64.0.0/10,%v6:fd00::/8,%v6:fe80::/10,!%v4:172.31.0.0/20
1273. protostack=netkey
1274.  
1275.  
1276. # begin conn amazoncore
1277. conn amazoncore
1278. left=54.66.129.223
1279. leftid="@blender"
1280. leftsubnet=10.1.0.0/16
1281. leftsourceip=10.1.0.1
1282. right=%defaultroute
1283. rightid="@potatoe"
1284. rightsubnet=10.1.2.0/24
1285. authby=secret
1286. forceencaps=yes
1287. ike=aes256-sha1;modp1536,3des-md5;modp1024
1288. auto==start
1289. type=tunnel
1290. compress=no
1291. pfs=yes
1292. ikepad=yes
1293. rekey=yes
1294. overlapip=yes
1295. authby=secret
1296. phase2=esp
1297. # end conn amazoncore
1298.  
1299. # end of config
1300. + _________________________ ipsec/secrets
1301. + cat /etc/ipsec.secrets
1302. + ipsec _secretcensor
1303. include /etc/ipsec.d/*.secrets
1304. + _________________________ ipsec/listall
1305. + ipsec whack --listall
1306. 000
1307. 000 List of Public Keys:
1308. 000
1309. 000 List of Pre-shared secrets (from /etc/ipsec.secrets)
1310. 000 1: PSK @potatoe @blender
1311. 000
1312. 000 List of X.509 End Certificates:
1313. 000
1314. 000 List of X.509 AA Certificates:
1315. 000
1316. 000 List of X.509 CA Certificates:
1317. 000
1318. 000 List of X.509 CRLs:
1319. + '[' /etc/ipsec.d/policies ']'
1320. + for policy in '$POLICIES/*'
1321. ++ basename /etc/ipsec.d/policies/block
1322. + base=block
1323. + _________________________ ipsec/policies/block
1324. + cat /etc/ipsec.d/policies/block
1325. # This file defines the set of CIDRs (network/mask-length) to which
1326. # communication should never be allowed.
1327. #
1328. # See /usr/share/doc/libreswan/policygroups.html for details.
1329. #
1330. # $Id: block.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
1331. #
1332.  
1333. + for policy in '$POLICIES/*'
1334. ++ basename /etc/ipsec.d/policies/clear
1335. + base=clear
1336. + _________________________ ipsec/policies/clear
1337. + cat /etc/ipsec.d/policies/clear
1338. # This file defines the set of CIDRs (network/mask-length) to which
1339. # communication should always be in the clear.
1340. #
1341. # See /usr/share/doc/libreswan/policygroups.html for details.
1342. #
1343.  
1344. # root name servers should be in the clear
1345. 192.58.128.30/32
1346. 198.41.0.4/32
1347. 192.228.79.201/32
1348. 192.33.4.12/32
1349. 128.8.10.90/32
1350. 192.203.230.10/32
1351. 192.5.5.241/32
1352. 192.112.36.4/32
1353. 128.63.2.53/32
1354. 192.36.148.17/32
1355. 193.0.14.129/32
1356. 199.7.83.42/32
1357. 202.12.27.33/32
1358. + for policy in '$POLICIES/*'
1359. ++ basename /etc/ipsec.d/policies/clear-or-private
1360. + base=clear-or-private
1361. + _________________________ ipsec/policies/clear-or-private
1362. + cat /etc/ipsec.d/policies/clear-or-private
1363. # This file defines the set of CIDRs (network/mask-length) to which
1364. # we will communicate in the clear, or, if the other side initiates IPSEC,
1365. # using encryption. This behaviour is also called "Opportunistic Responder".
1366. #
1367. # See /usr/share/doc/libreswan/policygroups.html for details.
1368. #
1369. # $Id: clear-or-private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
1370. #
1371. + for policy in '$POLICIES/*'
1372. ++ basename /etc/ipsec.d/policies/private
1373. + base=private
1374. + _________________________ ipsec/policies/private
1375. + cat /etc/ipsec.d/policies/private
1376. # This file defines the set of CIDRs (network/mask-length) to which
1377. # communication should always be private (i.e. encrypted).
1378. # See /usr/share/doc/libreswan/policygroups.html for details.
1379. #
1380. # $Id: private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
1381. #
1382. + for policy in '$POLICIES/*'
1383. ++ basename /etc/ipsec.d/policies/private-or-clear
1384. + base=private-or-clear
1385. + _________________________ ipsec/policies/private-or-clear
1386. + cat /etc/ipsec.d/policies/private-or-clear
1387. # This file defines the set of CIDRs (network/mask-length) to which
1388. # communication should be private, if possible, but in the clear otherwise.
1389. #
1390. # If the target has a TXT (later IPSECKEY) record that specifies
1391. # authentication material, we will require private (i.e. encrypted)
1392. # communications. If no such record is found, communications will be
1393. # in the clear.
1394. #
1395. # See /usr/share/doc/libreswan/policygroups.html for details.
1396. #
1397. # $Id: private-or-clear.in,v 1.5 2003/02/17 02:22:15 mcr Exp $
1398. #
1399.  
1400. 0.0.0.0/0
1401. + _________________________ ipsec/ls-libdir
1402. + ls -l /usr/libexec/ipsec
1403. total 2668
1404. -rwxr-xr-x. 1 root root 1410 Aug 13 2014 _keycensor
1405. -rwxr-xr-x. 1 root root 15424 Aug 13 2014 _pluto_adns
1406. -rwxr-xr-x. 1 root root 2978 Aug 13 2014 _plutorun
1407. -rwxr-xr-x. 1 root root 1906 Aug 13 2014 _secretcensor
1408. -rwxr-xr-x. 1 root root 12334 Aug 13 2014 _stackmanager
1409. -rwxr-xr-x. 1 root root 4330 Aug 13 2014 _updown
1410. -rwxr-xr-x. 1 root root 18534 Aug 13 2014 _updown.klips
1411. -rwxr-xr-x. 1 root root 19572 Aug 13 2014 _updown.mast
1412. -rwxr-xr-x. 1 root root 14438 Aug 13 2014 _updown.netkey
1413. -rwxr-xr-x. 1 root root 245400 Aug 13 2014 addconn
1414. -rwxr-xr-x. 1 root root 7012 Aug 13 2014 auto
1415. -rwxr-xr-x. 1 root root 11824 Aug 13 2014 barf
1416. -rwxr-xr-x. 1 root root 91736 Aug 13 2014 eroute
1417. -rwxr-xr-x. 1 root root 28056 Aug 13 2014 ikeping
1418. -rwxr-xr-x. 1 root root 71248 Aug 13 2014 klipsdebug
1419. -rwxr-xr-x. 1 root root 2641 Aug 13 2014 look
1420. -rwxr-xr-x. 1 root root 2727 Aug 13 2014 newhostkey
1421. -rwxr-xr-x. 1 root root 66664 Aug 13 2014 pf_key
1422. -rwxr-xr-x. 1 root root 1187240 Aug 13 2014 pluto
1423. -rwxr-xr-x. 1 root root 220336 Aug 13 2014 readwriteconf
1424. -rwxr-xr-x. 1 root root 28536 Aug 13 2014 rsasigkey
1425. -rwxr-xr-x. 1 root root 741 Aug 13 2014 secrets
1426. -rwxr-xr-x. 1 root root 6258 Aug 13 2014 setup
1427. -rwxr-xr-x. 1 root root 275936 Aug 13 2014 showhostkey
1428. -rwxr-xr-x. 1 root root 108480 Aug 13 2014 spi
1429. -rwxr-xr-x. 1 root root 83448 Aug 13 2014 spigrp
1430. -rwxr-xr-x. 1 root root 74808 Aug 13 2014 tncfg
1431. -rwxr-xr-x. 1 root root 15203 Aug 13 2014 verify
1432. -rwxr-xr-x. 1 root root 61352 Aug 13 2014 whack
1433. + _________________________ ipsec/ls-execdir
1434. + ls -l /usr/libexec/ipsec
1435. total 2668
1436. -rwxr-xr-x. 1 root root 1410 Aug 13 2014 _keycensor
1437. -rwxr-xr-x. 1 root root 15424 Aug 13 2014 _pluto_adns
1438. -rwxr-xr-x. 1 root root 2978 Aug 13 2014 _plutorun
1439. -rwxr-xr-x. 1 root root 1906 Aug 13 2014 _secretcensor
1440. -rwxr-xr-x. 1 root root 12334 Aug 13 2014 _stackmanager
1441. -rwxr-xr-x. 1 root root 4330 Aug 13 2014 _updown
1442. -rwxr-xr-x. 1 root root 18534 Aug 13 2014 _updown.klips
1443. -rwxr-xr-x. 1 root root 19572 Aug 13 2014 _updown.mast
1444. -rwxr-xr-x. 1 root root 14438 Aug 13 2014 _updown.netkey
1445. -rwxr-xr-x. 1 root root 245400 Aug 13 2014 addconn
1446. -rwxr-xr-x. 1 root root 7012 Aug 13 2014 auto
1447. -rwxr-xr-x. 1 root root 11824 Aug 13 2014 barf
1448. -rwxr-xr-x. 1 root root 91736 Aug 13 2014 eroute
1449. -rwxr-xr-x. 1 root root 28056 Aug 13 2014 ikeping
1450. -rwxr-xr-x. 1 root root 71248 Aug 13 2014 klipsdebug
1451. -rwxr-xr-x. 1 root root 2641 Aug 13 2014 look
1452. -rwxr-xr-x. 1 root root 2727 Aug 13 2014 newhostkey
1453. -rwxr-xr-x. 1 root root 66664 Aug 13 2014 pf_key
1454. -rwxr-xr-x. 1 root root 1187240 Aug 13 2014 pluto
1455. -rwxr-xr-x. 1 root root 220336 Aug 13 2014 readwriteconf
1456. -rwxr-xr-x. 1 root root 28536 Aug 13 2014 rsasigkey
1457. -rwxr-xr-x. 1 root root 741 Aug 13 2014 secrets
1458. -rwxr-xr-x. 1 root root 6258 Aug 13 2014 setup
1459. -rwxr-xr-x. 1 root root 275936 Aug 13 2014 showhostkey
1460. -rwxr-xr-x. 1 root root 108480 Aug 13 2014 spi
1461. -rwxr-xr-x. 1 root root 83448 Aug 13 2014 spigrp
1462. -rwxr-xr-x. 1 root root 74808 Aug 13 2014 tncfg
1463. -rwxr-xr-x. 1 root root 15203 Aug 13 2014 verify
1464. -rwxr-xr-x. 1 root root 61352 Aug 13 2014 whack
1465. + _________________________ /proc/net/dev
1466. + cat /proc/net/dev
1467. Inter-| Receive | Transmit
1468. face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed
1469. enp11s0f0: 39836899 175412 0 21 0 0 0 27683 41760038 133443 0 0 0 0 0 0
1470. enp0s29f0u2: 2388956 36700 0 0 0 0 0 0 0 0 0 0 0 0 0 0
1471. lo: 52395287 165087 0 0 0 0 0 0 52395287 165087 0 0 0 0 0 0
1472. enp11s0f1: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
1473. + _________________________ /proc/net/route
1474. + cat /proc/net/route
1475. Iface Destination Gateway Flags RefCnt Use Metric Mask MTU Window IRTT
1476. enp11s0f0 00000000 FE02010A 0003 0 0 1024 00000000 0 0 0
1477. enp11s0f0 0002010A 00000000 0001 0 0 0 00FFFFFF 0 0 0
1478. + _________________________ /proc/sys/net/ipv4/ip_no_pmtu_disc
1479. + cat /proc/sys/net/ipv4/ip_no_pmtu_disc
1480. 0
1481. + _________________________ /proc/sys/net/ipv4/ip_forward
1482. + cat /proc/sys/net/ipv4/ip_forward
1483. 0
1484. + _________________________ /proc/sys/net/ipv4/tcp_ecn
1485. + cat /proc/sys/net/ipv4/tcp_ecn
1486. 2
1487. + _________________________ /proc/sys/net/ipv4/conf/star-rp_filter
1488. + cd /proc/sys/net/ipv4/conf
1489. + egrep '^' all/rp_filter default/rp_filter enp0s29f0u2/rp_filter enp11s0f0/rp_filter enp11s0f1/rp_filter lo/rp_filter
1490. all/rp_filter:0
1491. default/rp_filter:0
1492. enp0s29f0u2/rp_filter:0
1493. enp11s0f0/rp_filter:0
1494. enp11s0f1/rp_filter:0
1495. lo/rp_filter:0
1496. + _________________________ /proc/sys/net/ipv4/conf/star-star-redirects
1497. + cd /proc/sys/net/ipv4/conf
1498. + egrep '^' all/accept_redirects all/secure_redirects all/send_redirects default/accept_redirects default/secure_redirects default/send_redirects enp0s29f0u2/accept_redirects enp0s29f0u2/secure_redirects enp0s29f0u2/send_redirects enp11s0f0/accept_redirects enp11s0f0/secure_redirects enp11s0f0/send_redirects enp11s0f1/accept_redirects enp11s0f1/secure_redirects enp11s0f1/send_redirects lo/accept_redirects lo/secure_redirects lo/send_redirects
1499. all/accept_redirects:0
1500. all/secure_redirects:1
1501. all/send_redirects:0
1502. default/accept_redirects:0
1503. default/secure_redirects:1
1504. default/send_redirects:0
1505. enp0s29f0u2/accept_redirects:0
1506. enp0s29f0u2/secure_redirects:1
1507. enp0s29f0u2/send_redirects:0
1508. enp11s0f0/accept_redirects:0
1509. enp11s0f0/secure_redirects:1
1510. enp11s0f0/send_redirects:0
1511. enp11s0f1/accept_redirects:0
1512. enp11s0f1/secure_redirects:1
1513. enp11s0f1/send_redirects:0
1514. lo/accept_redirects:0
1515. lo/secure_redirects:1
1516. lo/send_redirects:0
1517. + _________________________ /proc/sys/net/ipv4/tcp_window_scaling
1518. + cat /proc/sys/net/ipv4/tcp_window_scaling
1519. 1
1520. + _________________________ /proc/sys/net/ipv4/tcp_adv_win_scale
1521. + cat /proc/sys/net/ipv4/tcp_adv_win_scale
1522. 1
1523. + _________________________ uname-a
1524. + uname -a
1525. Linux mdserver.blueprintconsulting.com 3.10.0-123.el7.x86_64 #1 SMP Mon May 5 11:16:57 EDT 2014 x86_64 x86_64 x86_64 GNU/Linux
1526. + _________________________ config-built-with
1527. + test -r /proc/config_built_with
1528. + _________________________ distro-release
1529. + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
1530. + test -f /etc/redhat-release
1531. + cat /etc/redhat-release
1532. Red Hat Enterprise Linux Server release 7.0 (Maipo)
1533. + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
1534. + test -f /etc/debian-release
1535. + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
1536. + test -f /etc/SuSE-release
1537. + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
1538. + test -f /etc/mandrake-release
1539. + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
1540. + test -f /etc/mandriva-release
1541. + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
1542. + test -f /etc/gentoo-release
1543. + _________________________ /proc/net/ipsec_version
1544. + test -r /proc/net/ipsec_version
1545. + test -r /proc/net/pfkey
1546. ++ uname -r
1547. + echo 'NETKEY (3.10.0-123.el7.x86_64) support detected '
1548. NETKEY (3.10.0-123.el7.x86_64) support detected
1549. + _________________________ iptables
1550. + test -e /proc/net/ip_tables_names
1551. + test -r /sbin/iptables-save -o -r /usr/sbin/iptables-save
1552. + iptables-save --modprobe=/dev/null
1553. # Generated by iptables-save v1.4.21 on Fri Mar 20 14:00:54 2015
1554. *filter
1555. :INPUT ACCEPT [39510:5267436]
1556. :FORWARD ACCEPT [0:0]
1557. :OUTPUT ACCEPT [21913:4391927]
1558. COMMIT
1559. # Completed on Fri Mar 20 14:00:54 2015
1560. + _________________________ ip6tables
1561. + test -e ip6_tables_names
1562. + _________________________ /proc/modules
1563. + test -f /proc/modules
1564. + cat /proc/modules
1565. udp_diag 12801 0 - Live 0xffffffffa06f6000
1566. inet_diag 18543 1 udp_diag, Live 0xffffffffa06f0000
1567. iptable_filter 12810 0 - Live 0xffffffffa0194000
1568. ip_tables 27239 1 iptable_filter, Live 0xffffffffa06e8000
1569. authenc 17542 0 - Live 0xffffffffa06e2000
1570. cmac 12788 0 - Live 0xffffffffa06d2000
1571. rmd160 16744 0 - Live 0xffffffffa06dc000
1572. crypto_null 12840 0 - Live 0xffffffffa06d7000
1573. af_key 36098 0 - Live 0xffffffffa06c8000
1574. ah6 13014 0 - Live 0xffffffffa06c3000
1575. ah4 13044 0 - Live 0xffffffffa06be000
1576. esp6 17144 0 - Live 0xffffffffa06b8000
1577. esp4 17139 0 - Live 0xffffffffa06b2000
1578. xfrm4_mode_beet 12691 0 - Live 0xffffffffa06ad000
1579. xfrm4_tunnel 12857 0 - Live 0xffffffffa06a8000
1580. tunnel4 13252 1 xfrm4_tunnel, Live 0xffffffffa06a3000
1581. xfrm4_mode_tunnel 13227 0 - Live 0xffffffffa069e000
1582. xfrm4_mode_transport 12631 0 - Live 0xffffffffa0699000
1583. xfrm6_mode_transport 12631 0 - Live 0xffffffffa0694000
1584. xfrm6_mode_ro 12564 0 - Live 0xffffffffa068f000
1585. xfrm6_mode_beet 12658 0 - Live 0xffffffffa068a000
1586. xfrm6_mode_tunnel 12605 0 - Live 0xffffffffa0685000
1587. ipcomp 12661 0 - Live 0xffffffffa0680000
1588. ipcomp6 12662 0 - Live 0xffffffffa067b000
1589. xfrm6_tunnel 13661 1 ipcomp6, Live 0xffffffffa066c000
1590. tunnel6 13254 1 xfrm6_tunnel, Live 0xffffffffa0667000
1591. xfrm_ipcomp 13413 2 ipcomp,ipcomp6, Live 0xffffffffa0662000
1592. camellia_generic 29348 0 - Live 0xffffffffa0672000
1593. camellia_x86_64 52986 0 - Live 0xffffffffa064d000
1594. cast6_generic 21523 0 - Live 0xffffffffa065b000
1595. cast5_generic 21429 0 - Live 0xffffffffa0646000
1596. cast_common 12983 2 cast6_generic,cast5_generic, Live 0xffffffffa0641000
1597. deflate 12617 0 - Live 0xffffffffa063c000
1598. zlib_deflate 26914 1 deflate, Live 0xffffffffa062c000
1599. cts 12854 0 - Live 0xffffffffa0627000
1600. gcm 23457 0 - Live 0xffffffffa061c000
1601. ccm 17773 0 - Live 0xffffffffa0616000
1602. serpent_sse2_x86_64 50408 0 - Live 0xffffffffa0608000
1603. serpent_generic 29823 1 serpent_sse2_x86_64, Live 0xffffffffa05ff000
1604. blowfish_generic 12530 0 - Live 0xffffffffa05fa000
1605. blowfish_x86_64 21966 0 - Live 0xffffffffa05e9000
1606. blowfish_common 16739 2 blowfish_generic,blowfish_x86_64, Live 0xffffffffa05e3000
1607. twofish_generic 16635 0 - Live 0xffffffffa05f4000
1608. twofish_x86_64_3way 27146 0 - Live 0xffffffffa05db000
1609. xts 12914 3 camellia_x86_64,serpent_sse2_x86_64,twofish_x86_64_3way, Live 0xffffffffa05d6000
1610. twofish_x86_64 12907 1 twofish_x86_64_3way, Live 0xffffffffa05b2000
1611. twofish_common 21113 3 twofish_generic,twofish_x86_64_3way,twofish_x86_64, Live 0xffffffffa05cf000
1612. xcbc 12815 0 - Live 0xffffffffa0570000
1613. sha256_ssse3 22140 0 - Live 0xffffffffa05c8000
1614. sha512_ssse3 42168 0 - Live 0xffffffffa05bc000
1615. sha512_generic 12942 1 sha512_ssse3, Live 0xffffffffa056b000
1616. des_generic 21379 0 - Live 0xffffffffa05ab000
1617. mpt3sas 195268 0 - Live 0xffffffffa057a000
1618. lrw 13286 3 camellia_x86_64,serpent_sse2_x86_64,twofish_x86_64_3way, Live 0xffffffffa0575000
1619. mpt2sas 193927 2 - Live 0xffffffffa053a000
1620. gf128mul 14951 2 xts,lrw, Live 0xffffffffa0535000
1621. glue_helper 13990 3 camellia_x86_64,serpent_sse2_x86_64,twofish_x86_64_3way, Live 0xffffffffa0530000
1622. ablk_helper 13597 1 serpent_sse2_x86_64, Live 0xffffffffa051e000
1623. cryptd 20359 1 ablk_helper, Live 0xffffffffa052a000
1624. raid_class 13554 2 mpt3sas,mpt2sas, Live 0xffffffffa0525000
1625. scsi_transport_sas 41034 2 mpt3sas,mpt2sas, Live 0xffffffffa0507000
1626. mptctl 38332 1 - Live 0xffffffffa0513000
1627. mptbase 105960 1 mptctl, Live 0xffffffffa04ec000
1628. tpm_rng 12492 0 - Live 0xffffffffa04e7000
1629. timeriomem_rng 12852 0 - Live 0xffffffffa04e2000
1630. virtio_rng 13135 0 - Live 0xffffffffa04d1000
1631. virtio_ring 21011 1 virtio_rng, Live 0xffffffffa04ca000
1632. virtio 14187 1 virtio_rng, Live 0xffffffffa04c5000
1633. sg 36533 0 - Live 0xffffffffa0480000
1634. vfat 17411 1 - Live 0xffffffffa04bf000
1635. fat 65913 1 vfat, Live 0xffffffffa04ad000
1636. nls_utf8 12557 1 - Live 0xffffffffa047b000
1637. isofs 39842 1 - Live 0xffffffffa046c000
1638. loop 28035 2 - Live 0xffffffffa04da000
1639. coretemp 13435 0 - Live 0xffffffffa0467000
1640. iTCO_wdt 13480 0 - Live 0xffffffffa05b7000
1641. kvm_intel 138567 0 - Live 0xffffffffa048a000
1642. iTCO_vendor_support 13718 1 iTCO_wdt, Live 0xffffffffa03d7000
1643. ipmi_devintf 17572 0 - Live 0xffffffffa0636000
1644. kvm 441119 1 kvm_intel, Live 0xffffffffa03fa000
1645. cdc_ether 14351 0 - Live 0xffffffffa03ae000
1646. usbnet 43918 1 cdc_ether, Live 0xffffffffa03ee000
1647. mii 13934 1 usbnet, Live 0xffffffffa03ba000
1648. crc32c_intel 22079 0 - Live 0xffffffffa03b3000
1649. serio_raw 13462 0 - Live 0xffffffffa039a000
1650. ioatdma 67799 32 - Live 0xffffffffa03c5000
1651. ipmi_si 53257 0 - Live 0xffffffffa039f000
1652. lpc_ich 16977 0 - Live 0xffffffffa0394000
1653. mfd_core 13435 1 lpc_ich, Live 0xffffffffa0305000
1654. i2c_i801 18135 0 - Live 0xffffffffa03e8000
1655. dca 15130 1 ioatdma, Live 0xffffffffa0300000
1656. i7core_edac 24166 0 - Live 0xffffffffa038d000
1657. ipmi_msghandler 45306 2 ipmi_devintf,ipmi_si, Live 0xffffffffa0380000
1658. pcspkr 12718 0 - Live 0xffffffffa037b000
1659. edac_core 62330 2 i7core_edac, Live 0xffffffffa036a000
1660. shpchp 37032 0 - Live 0xffffffffa03dd000
1661. acpi_cpufreq 19790 0 - Live 0xffffffffa03bf000
1662. mperf 12667 1 acpi_cpufreq, Live 0xffffffffa01c0000
1663. nfsd 284378 1 - Live 0xffffffffa0323000
1664. auth_rpcgss 59368 1 nfsd, Live 0xffffffffa02f0000
1665. nfs_acl 12837 1 nfsd, Live 0xffffffffa018f000
1666. lockd 93977 1 nfsd, Live 0xffffffffa030b000
1667. sunrpc 293453 5 nfsd,auth_rpcgss,nfs_acl,lockd, Live 0xffffffffa02a7000
1668. uinput 17625 0 - Live 0xffffffffa01aa000
1669. xfs 914152 5 - Live 0xffffffffa01c6000
1670. dm_thin_pool 55788 5 - Live 0xffffffffa01b1000
1671. dm_persistent_data 61832 1 dm_thin_pool, Live 0xffffffffa0199000
1672. dm_bio_prison 15501 1 dm_thin_pool, Live 0xffffffffa016a000
1673. dm_bufio 27874 1 dm_persistent_data, Live 0xffffffffa0187000
1674. libcrc32c 12644 2 xfs,dm_persistent_data, Live 0xffffffffa008b000
1675. sd_mod 45373 4 - Live 0xffffffffa017a000
1676. sr_mod 22416 0 - Live 0xffffffffa016f000
1677. crc_t10dif 12714 1 sd_mod, Live 0xffffffffa0064000
1678. cdrom 42556 1 sr_mod, Live 0xffffffffa015e000
1679. crct10dif_common 12595 1 crc_t10dif, Live 0xffffffffa00ef000
1680. mgag200 42283 1 - Live 0xffffffffa0152000
1681. syscopyarea 12529 1 mgag200, Live 0xffffffffa00e0000
1682. sysfillrect 12701 1 mgag200, Live 0xffffffffa00db000
1683. ata_generic 12910 0 - Live 0xffffffffa0069000
1684. sysimgblt 12640 1 mgag200, Live 0xffffffffa0022000
1685. pata_acpi 13038 0 - Live 0xffffffffa00ea000
1686. i2c_algo_bit 13413 1 mgag200, Live 0xffffffffa00e5000
1687. drm_kms_helper 52758 1 mgag200, Live 0xffffffffa0144000
1688. ttm 83948 1 mgag200, Live 0xffffffffa012e000
1689. ata_piix 35038 0 - Live 0xffffffffa005a000
1690. libata 219478 3 ata_generic,pata_acpi,ata_piix, Live 0xffffffffa00f7000
1691. drm 297829 3 mgag200,drm_kms_helper,ttm, Live 0xffffffffa0091000
1692. i2c_core 40325 5 i2c_i801,mgag200,i2c_algo_bit,drm_kms_helper,drm, Live 0xffffffffa004f000
1693. megaraid_sas 95427 7 - Live 0xffffffffa0072000
1694. bnx2 89206 0 - Live 0xffffffffa0038000
1695. dm_mirror 22135 0 - Live 0xffffffffa002d000
1696. dm_region_hash 20862 1 dm_mirror, Live 0xffffffffa001b000
1697. dm_log 18411 2 dm_mirror,dm_region_hash, Live 0xffffffffa0027000
1698. dm_mod 102999 27 dm_thin_pool,dm_persistent_data,dm_bufio,dm_mirror,dm_log, Live 0xffffffffa0000000
1699. + _________________________ /proc/meminfo
1700. + cat /proc/meminfo
1701. MemTotal: 7999336 kB
1702. MemFree: 5831332 kB
1703. MemAvailable: 6478792 kB
1704. Buffers: 2056 kB
1705. Cached: 831272 kB
1706. SwapCached: 0 kB
1707. Active: 1255412 kB
1708. Inactive: 490760 kB
1709. Active(anon): 985996 kB
1710. Inactive(anon): 40420 kB
1711. Active(file): 269416 kB
1712. Inactive(file): 450340 kB
1713. Unevictable: 18804 kB
1714. Mlocked: 18804 kB
1715. SwapTotal: 16383996 kB
1716. SwapFree: 16383996 kB
1717. Dirty: 1720 kB
1718. Writeback: 0 kB
1719. AnonPages: 932012 kB
1720. Mapped: 52876 kB
1721. Shmem: 107220 kB
1722. Slab: 241088 kB
1723. SReclaimable: 181120 kB
1724. SUnreclaim: 59968 kB
1725. KernelStack: 2560 kB
1726. PageTables: 10496 kB
1727. NFS_Unstable: 0 kB
1728. Bounce: 0 kB
1729. WritebackTmp: 0 kB
1730. CommitLimit: 20383664 kB
1731. Committed_AS: 1702272 kB
1732. VmallocTotal: 34359738367 kB
1733. VmallocUsed: 573176 kB
1734. VmallocChunk: 34359152636 kB
1735. HardwareCorrupted: 0 kB
1736. AnonHugePages: 806912 kB
1737. HugePages_Total: 0
1738. HugePages_Free: 0
1739. HugePages_Rsvd: 0
1740. HugePages_Surp: 0
1741. Hugepagesize: 2048 kB
1742. DirectMap4k: 171904 kB
1743. DirectMap2M: 8206336 kB
1744. + _________________________ /proc/net/ipsec-ls
1745. + test -f /proc/net/ipsec_version
1746. + _________________________ usr/src/linux/.config
1747. + test -f /proc/config.gz
1748. ++ uname -r
1749. + test -f /lib/modules/3.10.0-123.el7.x86_64/build/.config
1750. + egrep 'CONFIG_IPSEC|CONFIG_KLIPS|CONFIG_NET_KEY|CONFIG_INET|CONFIG_IP|CONFIG_HW_RANDOM|CONFIG_CRYPTO_DEV|_XFRM'
1751. ++ uname -r
1752. + cat /lib/modules/3.10.0-123.el7.x86_64/build/.config
1753. CONFIG_IPC_NS=y
1754. CONFIG_XFRM=y
1755. CONFIG_XFRM_ALGO=y
1756. CONFIG_XFRM_USER=y
1757. CONFIG_XFRM_SUB_POLICY=y
1758. CONFIG_XFRM_MIGRATE=y
1759. CONFIG_XFRM_STATISTICS=y
1760. CONFIG_XFRM_IPCOMP=m
1761. CONFIG_NET_KEY=m
1762. CONFIG_NET_KEY_MIGRATE=y
1763. CONFIG_INET=y
1764. CONFIG_IP_MULTICAST=y
1765. CONFIG_IP_ADVANCED_ROUTER=y
1766. CONFIG_IP_FIB_TRIE_STATS=y
1767. CONFIG_IP_MULTIPLE_TABLES=y
1768. CONFIG_IP_ROUTE_MULTIPATH=y
1769. CONFIG_IP_ROUTE_VERBOSE=y
1770. CONFIG_IP_ROUTE_CLASSID=y
1771. # CONFIG_IP_PNP is not set
1772. CONFIG_IP_MROUTE=y
1773. CONFIG_IP_MROUTE_MULTIPLE_TABLES=y
1774. CONFIG_IP_PIMSM_V1=y
1775. CONFIG_IP_PIMSM_V2=y
1776. CONFIG_INET_AH=m
1777. CONFIG_INET_ESP=m
1778. CONFIG_INET_IPCOMP=m
1779. CONFIG_INET_XFRM_TUNNEL=m
1780. CONFIG_INET_TUNNEL=m
1781. CONFIG_INET_XFRM_MODE_TRANSPORT=m
1782. CONFIG_INET_XFRM_MODE_TUNNEL=m
1783. CONFIG_INET_XFRM_MODE_BEET=m
1784. CONFIG_INET_LRO=y
1785. CONFIG_INET_DIAG=m
1786. CONFIG_INET_TCP_DIAG=m
1787. CONFIG_INET_UDP_DIAG=m
1788. CONFIG_IPV6=y
1789. CONFIG_IPV6_ROUTER_PREF=y
1790. CONFIG_IPV6_ROUTE_INFO=y
1791. CONFIG_IPV6_OPTIMISTIC_DAD=y
1792. CONFIG_INET6_AH=m
1793. CONFIG_INET6_ESP=m
1794. CONFIG_INET6_IPCOMP=m
1795. CONFIG_IPV6_MIP6=m
1796. CONFIG_INET6_XFRM_TUNNEL=m
1797. CONFIG_INET6_TUNNEL=m
1798. CONFIG_INET6_XFRM_MODE_TRANSPORT=m
1799. CONFIG_INET6_XFRM_MODE_TUNNEL=m
1800. CONFIG_INET6_XFRM_MODE_BEET=m
1801. CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION=m
1802. CONFIG_IPV6_SIT=m
1803. CONFIG_IPV6_SIT_6RD=y
1804. CONFIG_IPV6_NDISC_NODETYPE=y
1805. CONFIG_IPV6_TUNNEL=m
1806. # CONFIG_IPV6_GRE is not set
1807. CONFIG_IPV6_MULTIPLE_TABLES=y
1808. # CONFIG_IPV6_SUBTREES is not set
1809. CONFIG_IPV6_MROUTE=y
1810. CONFIG_IPV6_MROUTE_MULTIPLE_TABLES=y
1811. CONFIG_IPV6_PIMSM_V2=y
1812. CONFIG_IP_SET=m
1813. CONFIG_IP_SET_MAX=256
1814. CONFIG_IP_SET_BITMAP_IP=m
1815. CONFIG_IP_SET_BITMAP_IPMAC=m
1816. CONFIG_IP_SET_BITMAP_PORT=m
1817. CONFIG_IP_SET_HASH_IP=m
1818. CONFIG_IP_SET_HASH_IPPORT=m
1819. CONFIG_IP_SET_HASH_IPPORTIP=m
1820. CONFIG_IP_SET_HASH_IPPORTNET=m
1821. CONFIG_IP_SET_HASH_NET=m
1822. CONFIG_IP_SET_HASH_NETPORT=m
1823. CONFIG_IP_SET_HASH_NETIFACE=m
1824. CONFIG_IP_SET_LIST_SET=m
1825. CONFIG_IP_VS=m
1826. CONFIG_IP_VS_IPV6=y
1827. # CONFIG_IP_VS_DEBUG is not set
1828. CONFIG_IP_VS_TAB_BITS=12
1829. CONFIG_IP_VS_PROTO_TCP=y
1830. CONFIG_IP_VS_PROTO_UDP=y
1831. CONFIG_IP_VS_PROTO_AH_ESP=y
1832. CONFIG_IP_VS_PROTO_ESP=y
1833. CONFIG_IP_VS_PROTO_AH=y
1834. CONFIG_IP_VS_PROTO_SCTP=y
1835. CONFIG_IP_VS_RR=m
1836. CONFIG_IP_VS_WRR=m
1837. CONFIG_IP_VS_LC=m
1838. CONFIG_IP_VS_WLC=m
1839. CONFIG_IP_VS_LBLC=m
1840. CONFIG_IP_VS_LBLCR=m
1841. CONFIG_IP_VS_DH=m
1842. CONFIG_IP_VS_SH=m
1843. CONFIG_IP_VS_SED=m
1844. CONFIG_IP_VS_NQ=m
1845. CONFIG_IP_VS_SH_TAB_BITS=8
1846. CONFIG_IP_VS_FTP=m
1847. CONFIG_IP_VS_NFCT=y
1848. CONFIG_IP_VS_PE_SIP=m
1849. CONFIG_IP_NF_IPTABLES=m
1850. CONFIG_IP_NF_MATCH_AH=m
1851. CONFIG_IP_NF_MATCH_ECN=m
1852. CONFIG_IP_NF_MATCH_RPFILTER=m
1853. CONFIG_IP_NF_MATCH_TTL=m
1854. CONFIG_IP_NF_FILTER=m
1855. CONFIG_IP_NF_TARGET_REJECT=m
1856. CONFIG_IP_NF_TARGET_SYNPROXY=m
1857. CONFIG_IP_NF_TARGET_ULOG=m
1858. CONFIG_IP_NF_TARGET_MASQUERADE=m
1859. CONFIG_IP_NF_TARGET_NETMAP=m
1860. CONFIG_IP_NF_TARGET_REDIRECT=m
1861. CONFIG_IP_NF_MANGLE=m
1862. CONFIG_IP_NF_TARGET_CLUSTERIP=m
1863. CONFIG_IP_NF_TARGET_ECN=m
1864. CONFIG_IP_NF_TARGET_TTL=m
1865. CONFIG_IP_NF_RAW=m
1866. CONFIG_IP_NF_SECURITY=m
1867. CONFIG_IP_NF_ARPTABLES=m
1868. CONFIG_IP_NF_ARPFILTER=m
1869. CONFIG_IP_NF_ARP_MANGLE=m
1870. CONFIG_IP6_NF_IPTABLES=m
1871. CONFIG_IP6_NF_MATCH_AH=m
1872. CONFIG_IP6_NF_MATCH_EUI64=m
1873. CONFIG_IP6_NF_MATCH_FRAG=m
1874. CONFIG_IP6_NF_MATCH_OPTS=m
1875. CONFIG_IP6_NF_MATCH_HL=m
1876. CONFIG_IP6_NF_MATCH_IPV6HEADER=m
1877. CONFIG_IP6_NF_MATCH_MH=m
1878. CONFIG_IP6_NF_MATCH_RPFILTER=m
1879. CONFIG_IP6_NF_MATCH_RT=m
1880. CONFIG_IP6_NF_TARGET_HL=m
1881. CONFIG_IP6_NF_FILTER=m
1882. CONFIG_IP6_NF_TARGET_REJECT=m
1883. CONFIG_IP6_NF_TARGET_SYNPROXY=m
1884. CONFIG_IP6_NF_MANGLE=m
1885. CONFIG_IP6_NF_RAW=m
1886. CONFIG_IP6_NF_SECURITY=m
1887. CONFIG_IP6_NF_TARGET_MASQUERADE=m
1888. # CONFIG_IP6_NF_TARGET_NPT is not set
1889. CONFIG_IP_DCCP=m
1890. CONFIG_INET_DCCP_DIAG=m
1891. # CONFIG_IP_DCCP_CCID2_DEBUG is not set
1892. CONFIG_IP_DCCP_CCID3=y
1893. # CONFIG_IP_DCCP_CCID3_DEBUG is not set
1894. CONFIG_IP_DCCP_TFRC_LIB=y
1895. # CONFIG_IP_DCCP_DEBUG is not set
1896. CONFIG_IP_SCTP=m
1897. # CONFIG_IPX is not set
1898. CONFIG_IP1000=m
1899. # CONFIG_IPW2100 is not set
1900. # CONFIG_IPW2200 is not set
1901. CONFIG_IPPP_FILTER=y
1902. CONFIG_IPMI_HANDLER=m
1903. # CONFIG_IPMI_PANIC_EVENT is not set
1904. CONFIG_IPMI_DEVICE_INTERFACE=m
1905. CONFIG_IPMI_SI=m
1906. CONFIG_IPMI_WATCHDOG=m
1907. CONFIG_IPMI_POWEROFF=m
1908. CONFIG_HW_RANDOM=y
1909. CONFIG_HW_RANDOM_TIMERIOMEM=m
1910. CONFIG_HW_RANDOM_INTEL=m
1911. CONFIG_HW_RANDOM_AMD=m
1912. CONFIG_HW_RANDOM_VIA=m
1913. CONFIG_HW_RANDOM_VIRTIO=m
1914. CONFIG_HW_RANDOM_TPM=m
1915. # CONFIG_IPACK_BUS is not set
1916. CONFIG_SECURITY_NETWORK_XFRM=y
1917. CONFIG_CRYPTO_DEV_PADLOCK=m
1918. CONFIG_CRYPTO_DEV_PADLOCK_AES=m
1919. CONFIG_CRYPTO_DEV_PADLOCK_SHA=m
1920. + _________________________ etc/syslog.conf
1921. + _________________________ etc/syslog-ng/syslog-ng.conf
1922. + cat /etc/syslog-ng/syslog-ng.conf
1923. cat: /etc/syslog-ng/syslog-ng.conf: No such file or directory
1924. + cat /etc/syslog.conf
1925. cat: /etc/syslog.conf: No such file or directory
1926. + _________________________ etc/resolv.conf
1927. + cat /etc/resolv.conf
1928. # Generated by NetworkManager
1929. search blueprintconsulting.com
1930. nameserver 127.0.0.1
1931. + _________________________ lib/modules-ls
1932. + ls -ltr /lib/modules
1933. total 4
1934. drwxr-xr-x. 6 root root 4096 Feb 5 13:43 3.10.0-123.el7.x86_64
1935. + _________________________ fipscheck
1936. + cat /proc/sys/crypto/fips_enabled
1937. 0
1938. + _________________________ /proc/ksyms-netif_rx
1939. + test -r /proc/ksyms
1940. + test -r /proc/kallsyms
1941. + egrep netif_rx /proc/kallsyms
1942. ffffffff814cf210 T netif_rx
1943. ffffffff814cf650 T netif_rx_ni
1944. ffffffff81870c98 r __tracepoint_ptr_netif_rx
1945. ffffffff818726ad r __tpstrtab_netif_rx
1946. ffffffff818838f0 r __ksymtab_netif_rx
1947. ffffffff81883900 r __ksymtab_netif_rx_ni
1948. ffffffff81898808 r __kcrctab_netif_rx
1949. ffffffff81898810 r __kcrctab_netif_rx_ni
1950. ffffffff818ba17d r __kstrtab_netif_rx_ni
1951. ffffffff818ba189 r __kstrtab_netif_rx
1952. ffffffff819a34c0 d event_netif_rx
1953. ffffffff819bd500 D __tracepoint_netif_rx
1954. ffffffff81b61a00 t __event_netif_rx
1955. + _________________________ lib/modules-netif_rx
1956. + modulegoo kernel/net/ipv4/ipip.o netif_rx
1957. + set +x
1958. 3.10.0-123.el7.x86_64:
1959. + _________________________ kern.debug
1960. + test -f /var/log/kern.debug
1961. + _________________________ klog
1962. + sed -n '1,$p' /dev/null
1963. + egrep -i 'ipsec|klips|pluto'
1964. + case "$1" in
1965. + cat
1966. + _________________________ plog
1967. + sed -n '23701,$p' /var/log/messages-20150308
1968. + egrep -i pluto
1969. + case "$1" in
1970. + cat
1971. Mar 6 12:45:27 mdserver whack: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
1972. Mar 6 12:45:28 mdserver whack: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
1973. Mar 6 12:45:28 mdserver whack: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
1974. Mar 6 12:45:29 mdserver whack: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
1975. Mar 6 12:45:29 mdserver setroubleshoot: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket . For complete SELinux messages. run sealert -l df53c67c-488e-4f7a-9ba5-81389b6074c1
1976. Mar 6 12:45:29 mdserver python: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket .
1977. If you want to allow /usr/libexec/ipsec/pluto to bind to network port 501
1978. If you believe that pluto should be allowed name_bind access on the udp_socket by default.
1979. # grep pluto /var/log/audit/audit.log | audit2allow -M mypol
1980. Mar 6 12:45:29 mdserver setroubleshoot: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket . For complete SELinux messages. run sealert -l df53c67c-488e-4f7a-9ba5-81389b6074c1
1981. Mar 6 12:45:29 mdserver python: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket .
1982. If you want to allow /usr/libexec/ipsec/pluto to bind to network port 501
1983. If you believe that pluto should be allowed name_bind access on the udp_socket by default.
1984. # grep pluto /var/log/audit/audit.log | audit2allow -M mypol
1985. Mar 6 12:45:29 mdserver setroubleshoot: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket . For complete SELinux messages. run sealert -l df53c67c-488e-4f7a-9ba5-81389b6074c1
1986. Mar 6 12:45:29 mdserver python: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket .
1987. If you want to allow /usr/libexec/ipsec/pluto to bind to network port 501
1988. If you believe that pluto should be allowed name_bind access on the udp_socket by default.
1989. # grep pluto /var/log/audit/audit.log | audit2allow -M mypol
1990. Mar 6 12:45:29 mdserver setroubleshoot: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket . For complete SELinux messages. run sealert -l df53c67c-488e-4f7a-9ba5-81389b6074c1
1991. Mar 6 12:45:29 mdserver python: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket .
1992. If you want to allow /usr/libexec/ipsec/pluto to bind to network port 501
1993. If you believe that pluto should be allowed name_bind access on the udp_socket by default.
1994. # grep pluto /var/log/audit/audit.log | audit2allow -M mypol
1995. Mar 6 12:45:29 mdserver whack: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
1996. Mar 6 12:45:29 mdserver setroubleshoot: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket . For complete SELinux messages. run sealert -l df53c67c-488e-4f7a-9ba5-81389b6074c1
1997. Mar 6 12:45:29 mdserver python: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket .
1998. If you want to allow /usr/libexec/ipsec/pluto to bind to network port 501
1999. If you believe that pluto should be allowed name_bind access on the udp_socket by default.
2000. # grep pluto /var/log/audit/audit.log | audit2allow -M mypol
2001. Mar 6 12:46:42 mdserver whack: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
2002. Mar 6 12:46:43 mdserver whack: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
2003. Mar 6 12:46:43 mdserver whack: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
2004. Mar 6 12:46:43 mdserver setroubleshoot: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket . For complete SELinux messages. run sealert -l df53c67c-488e-4f7a-9ba5-81389b6074c1
2005. Mar 6 12:46:43 mdserver python: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket .
2006. If you want to allow /usr/libexec/ipsec/pluto to bind to network port 501
2007. If you believe that pluto should be allowed name_bind access on the udp_socket by default.
2008. # grep pluto /var/log/audit/audit.log | audit2allow -M mypol
2009. Mar 6 12:46:43 mdserver setroubleshoot: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket . For complete SELinux messages. run sealert -l df53c67c-488e-4f7a-9ba5-81389b6074c1
2010. Mar 6 12:46:43 mdserver python: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket .
2011. If you want to allow /usr/libexec/ipsec/pluto to bind to network port 501
2012. If you believe that pluto should be allowed name_bind access on the udp_socket by default.
2013. # grep pluto /var/log/audit/audit.log | audit2allow -M mypol
2014. Mar 6 12:46:43 mdserver setroubleshoot: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket . For complete SELinux messages. run sealert -l df53c67c-488e-4f7a-9ba5-81389b6074c1
2015. Mar 6 12:46:43 mdserver python: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket .
2016. If you want to allow /usr/libexec/ipsec/pluto to bind to network port 501
2017. If you believe that pluto should be allowed name_bind access on the udp_socket by default.
2018. # grep pluto /var/log/audit/audit.log | audit2allow -M mypol
2019. Mar 6 12:46:44 mdserver whack: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
2020. Mar 6 12:46:44 mdserver setroubleshoot: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket . For complete SELinux messages. run sealert -l df53c67c-488e-4f7a-9ba5-81389b6074c1
2021. Mar 6 12:46:44 mdserver python: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket .
2022. If you want to allow /usr/libexec/ipsec/pluto to bind to network port 501
2023. If you believe that pluto should be allowed name_bind access on the udp_socket by default.
2024. # grep pluto /var/log/audit/audit.log | audit2allow -M mypol
2025. Mar 6 12:46:44 mdserver whack: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
2026. Mar 6 12:46:44 mdserver setroubleshoot: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket . For complete SELinux messages. run sealert -l df53c67c-488e-4f7a-9ba5-81389b6074c1
2027. Mar 6 12:46:44 mdserver python: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket .
2028. If you want to allow /usr/libexec/ipsec/pluto to bind to network port 501
2029. If you believe that pluto should be allowed name_bind access on the udp_socket by default.
2030. # grep pluto /var/log/audit/audit.log | audit2allow -M mypol
2031. + _________________________ date
2032. + date
2033. Fri Mar 20 14:00:54 EST 2015
2034.  
2035. # ==== Output of mdserver command: "sleep 30"
2036.  
2037. # ==== Output of mdserver command: "ip link"
2038. 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT
2039. link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2040. 2: enp11s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT qlen 1000
2041. link/ether 00:21:5e:09:a9:1c brd ff:ff:ff:ff:ff:ff
2042. 3: enp11s0f1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN mode DEFAULT qlen 1000
2043. link/ether 00:21:5e:09:a9:1e brd ff:ff:ff:ff:ff:ff
2044. 4: enp0s29f0u2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN mode DEFAULT qlen 1000
2045. link/ether 02:21:5e:0a:a9:1f brd ff:ff:ff:ff:ff:ff
2046.  
2047. # ==== Output of mdserver command: "ip addr"
2048. 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
2049. link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2050. inet 127.0.0.1/8 scope host lo
2051. valid_lft forever preferred_lft forever
2052. inet6 ::1/128 scope host
2053. valid_lft forever preferred_lft forever
2054. 2: enp11s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
2055. link/ether 00:21:5e:09:a9:1c brd ff:ff:ff:ff:ff:ff
2056. inet 10.1.2.2/24 brd 10.1.2.255 scope global enp11s0f0
2057. valid_lft forever preferred_lft forever
2058. inet6 fe80::221:5eff:fe09:a91c/64 scope link
2059. valid_lft forever preferred_lft forever
2060. 3: enp11s0f1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN qlen 1000
2061. link/ether 00:21:5e:09:a9:1e brd ff:ff:ff:ff:ff:ff
2062. 4: enp0s29f0u2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
2063. link/ether 02:21:5e:0a:a9:1f brd ff:ff:ff:ff:ff:ff
2064.  
2065. # ==== Output of mdserver command: "ip neigh"
2066. fe80::9e97:26ff:fee5:2a26 dev enp11s0f0 lladdr 9c:97:26:e5:2a:26 router STALE
2067. 10.1.2.254 dev enp11s0f0 lladdr 9c:97:26:e5:2a:26 REACHABLE
2068. 10.1.2.10 dev enp11s0f0 lladdr 00:26:9e:52:e7:4c STALE
2069. 10.1.2.17 dev enp11s0f0 lladdr 50:e5:49:6d:d3:f5 STALE
2070.  
2071. # ==== Output of mdserver command: "ip route"
2072. default via 10.1.2.254 dev enp11s0f0 proto static metric 1024
2073. 10.1.2.0/24 dev enp11s0f0 proto kernel scope link src 10.1.2.2
2074.  
2075. # ==== Output of mdserver command: "ip xfrm state"
2076. src 54.66.129.223 dst 10.1.2.2
2077. proto esp spi 0x477e7098 reqid 16385 mode tunnel
2078. replay-window 32 flag af-unspec
2079. auth-trunc hmac(sha1) 0xbdb0543120a41a3100daeda0641e2edd60112ff3 96
2080. enc cbc(aes) 0xff3a501b35ac098b384dee3128b49886
2081. src 10.1.2.2 dst 54.66.129.223
2082. proto esp spi 0x38d88809 reqid 16385 mode tunnel
2083. replay-window 32 flag af-unspec
2084. auth-trunc hmac(sha1) 0x7ccbc849c1088fdd31675c839be749ba7858dcbd 96
2085. enc cbc(aes) 0xa633395dc655b0a5363233d9847fa588
2086.  
2087. # ==== Output of mdserver command: "ipsec look"
2088. mdserver.blueprintconsulting.com Fri Mar 20 14:01:24 EST 2015
2089. XFRM state:
2090. src 54.66.129.223 dst 10.1.2.2
2091. proto esp spi 0x477e7098 reqid 16385 mode tunnel
2092. replay-window 32 flag af-unspec
2093. auth-trunc hmac(sha1) 0xbdb0543120a41a3100daeda0641e2edd60112ff3 96
2094. enc cbc(aes) 0xff3a501b35ac098b384dee3128b49886
2095. src 10.1.2.2 dst 54.66.129.223
2096. proto esp spi 0x38d88809 reqid 16385 mode tunnel
2097. replay-window 32 flag af-unspec
2098. auth-trunc hmac(sha1) 0x7ccbc849c1088fdd31675c839be749ba7858dcbd 96
2099. enc cbc(aes) 0xa633395dc655b0a5363233d9847fa588
2100. XFRM policy:
2101. src 10.1.2.0/24 dst 10.1.0.0/16
2102. dir out priority 2352 ptype main
2103. tmpl src 10.1.2.2 dst 54.66.129.223
2104. proto esp reqid 16385 mode tunnel
2105. src 10.1.0.0/16 dst 10.1.2.0/24
2106. dir fwd priority 2352 ptype main
2107. tmpl src 54.66.129.223 dst 10.1.2.2
2108. proto esp reqid 16385 mode tunnel
2109. src 10.1.0.0/16 dst 10.1.2.0/24
2110. dir in priority 2352 ptype main
2111. tmpl src 54.66.129.223 dst 10.1.2.2
2112. proto esp reqid 16385 mode tunnel
2113. src ::/0 dst ::/0
2114. socket out priority 0 ptype main
2115. src ::/0 dst ::/0
2116. socket in priority 0 ptype main
2117. src 0.0.0.0/0 dst 0.0.0.0/0
2118. socket out priority 0 ptype main
2119. src 0.0.0.0/0 dst 0.0.0.0/0
2120. socket in priority 0 ptype main
2121. src 0.0.0.0/0 dst 0.0.0.0/0
2122. socket out priority 0 ptype main
2123. src 0.0.0.0/0 dst 0.0.0.0/0
2124. socket in priority 0 ptype main
2125. XFRM done
2126. IPSEC mangle TABLES
2127. NEW_IPSEC_CONN mangle TABLES
2128. ROUTING TABLES
2129. default via 10.1.2.254 dev enp11s0f0 proto static metric 1024
2130. 10.1.2.0/24 dev enp11s0f0 proto kernel scope link src 10.1.2.2
2131. unreachable ::/96 dev lo metric 1024 error -101
2132. unreachable ::ffff:0.0.0.0/96 dev lo metric 1024 error -101
2133. unreachable 2002:a00::/24 dev lo metric 1024 error -101
2134. unreachable 2002:7f00::/24 dev lo metric 1024 error -101
2135. unreachable 2002:a9fe::/32 dev lo metric 1024 error -101
2136. unreachable 2002:ac10::/28 dev lo metric 1024 error -101
2137. unreachable 2002:c0a8::/32 dev lo metric 1024 error -101
2138. unreachable 2002:e000::/19 dev lo metric 1024 error -101
2139. unreachable 3ffe:ffff::/32 dev lo metric 1024 error -101
2140. fe80::/64 dev enp11s0f0 proto kernel metric 256
2141. NSS_CERTIFICATES
2142.  
2143. Certificate Nickname Trust Attributes
2144. SSL,S/MIME,JAR/XPI
2145.  
2146.  
2147. # ==== Output of mdserver command: "ipsec barf"
2148. Unable to find KLIPS messages, typically found in /var/log/messages or equivalent. You may need to run Libreswan for the first time; alternatively, your log files have been emptied (ie, logwatch) or we do not understand your logging configuration.
2149. mdserver.blueprintconsulting.com
2150. Fri Mar 20 14:01:24 EST 2015
2151. + _________________________ version
2152. + ipsec --version
2153. Linux Libreswan 3.8 (netkey) on 3.10.0-123.el7.x86_64
2154. + _________________________ /proc/version
2155. + cat /proc/version
2156. Linux version 3.10.0-123.el7.x86_64 (mockbuild@x86-017.build.eng.bos.redhat.com) (gcc version 4.8.2 20140120 (Red Hat 4.8.2-16) (GCC) ) #1 SMP Mon May 5 11:16:57 EDT 2014
2157. + _________________________ /proc/net/ipsec_eroute
2158. + test -r /proc/net/ipsec_eroute
2159. + _________________________ netstat-rn
2160. + netstat -nr
2161. + head -n 100
2162. Kernel IP routing table
2163. Destination Gateway Genmask Flags MSS Window irtt Iface
2164. 0.0.0.0 10.1.2.254 0.0.0.0 UG 0 0 0 enp11s0f0
2165. 10.1.2.0 0.0.0.0 255.255.255.0 U 0 0 0 enp11s0f0
2166. + _________________________ /proc/net/ipsec_spi
2167. + test -r /proc/net/ipsec_spi
2168. + _________________________ /proc/net/ipsec_spigrp
2169. + test -r /proc/net/ipsec_spigrp
2170. + _________________________ /proc/net/ipsec_tncfg
2171. + test -r /proc/net/ipsec_tncfg
2172. + _________________________ /proc/net/pfkey
2173. + test -r /proc/net/pfkey
2174. + cat /proc/net/pfkey
2175. sk RefCnt Rmem Wmem User Inode
2176. + _________________________ ip-xfrm-state
2177. + ip xfrm state
2178. src 54.66.129.223 dst 10.1.2.2
2179. proto esp spi 0x477e7098 reqid 16385 mode tunnel
2180. replay-window 32 flag af-unspec
2181. auth-trunc hmac(sha1) 0xbdb0543120a41a3100daeda0641e2edd60112ff3 96
2182. enc cbc(aes) 0xff3a501b35ac098b384dee3128b49886
2183. src 10.1.2.2 dst 54.66.129.223
2184. proto esp spi 0x38d88809 reqid 16385 mode tunnel
2185. replay-window 32 flag af-unspec
2186. auth-trunc hmac(sha1) 0x7ccbc849c1088fdd31675c839be749ba7858dcbd 96
2187. enc cbc(aes) 0xa633395dc655b0a5363233d9847fa588
2188. + _________________________ ip-xfrm-policy
2189. + ip xfrm policy
2190. src 10.1.2.0/24 dst 10.1.0.0/16
2191. dir out priority 2352 ptype main
2192. tmpl src 10.1.2.2 dst 54.66.129.223
2193. proto esp reqid 16385 mode tunnel
2194. src 10.1.0.0/16 dst 10.1.2.0/24
2195. dir fwd priority 2352 ptype main
2196. tmpl src 54.66.129.223 dst 10.1.2.2
2197. proto esp reqid 16385 mode tunnel
2198. src 10.1.0.0/16 dst 10.1.2.0/24
2199. dir in priority 2352 ptype main
2200. tmpl src 54.66.129.223 dst 10.1.2.2
2201. proto esp reqid 16385 mode tunnel
2202. src ::/0 dst ::/0
2203. socket out priority 0 ptype main
2204. src ::/0 dst ::/0
2205. socket in priority 0 ptype main
2206. src 0.0.0.0/0 dst 0.0.0.0/0
2207. socket out priority 0 ptype main
2208. src 0.0.0.0/0 dst 0.0.0.0/0
2209. socket in priority 0 ptype main
2210. src 0.0.0.0/0 dst 0.0.0.0/0
2211. socket out priority 0 ptype main
2212. src 0.0.0.0/0 dst 0.0.0.0/0
2213. socket in priority 0 ptype main
2214. + _________________________ ip-xfrm-stats
2215. + cat /proc/net/xfrm_stat
2216. XfrmInError 0
2217. XfrmInBufferError 0
2218. XfrmInHdrError 0
2219. XfrmInNoStates 0
2220. XfrmInStateProtoError 0
2221. XfrmInStateModeError 0
2222. XfrmInStateSeqError 0
2223. XfrmInStateExpired 0
2224. XfrmInStateMismatch 0
2225. XfrmInStateInvalid 0
2226. XfrmInTmplMismatch 24490
2227. XfrmInNoPols 0
2228. XfrmInPolBlock 0
2229. XfrmInPolError 0
2230. XfrmOutError 0
2231. XfrmOutBundleGenError 0
2232. XfrmOutBundleCheckError 0
2233. XfrmOutNoStates 1
2234. XfrmOutStateProtoError 0
2235. XfrmOutStateModeError 0
2236. XfrmOutStateSeqError 0
2237. XfrmOutStateExpired 0
2238. XfrmOutPolBlock 0
2239. XfrmOutPolDead 0
2240. XfrmOutPolError 0
2241. XfrmFwdHdrError 0
2242. XfrmOutStateInvalid 0
2243. + _________________________ ip-l2tp-tunnel
2244. + test -d /sys/module/l2tp_core
2245. + _________________________ /proc/crypto
2246. + test -r /proc/crypto
2247. + cat /proc/crypto
2248. name : authenc(hmac(sha1),cbc(aes))
2249. driver : authenc(hmac(sha1-generic),cbc(aes-asm))
2250. module : authenc
2251. priority : 2000
2252. refcnt : 3
2253. selftest : passed
2254. type : aead
2255. async : no
2256. blocksize : 16
2257. ivsize : 16
2258. maxauthsize : 20
2259. geniv : <built-in>
2260.  
2261. name : cbc(aes)
2262. driver : cbc(aes-asm)
2263. module : kernel
2264. priority : 200
2265. refcnt : 3
2266. selftest : passed
2267. type : givcipher
2268. async : no
2269. blocksize : 16
2270. min keysize : 16
2271. max keysize : 32
2272. ivsize : 16
2273. geniv : eseqiv
2274.  
2275. name : rfc3686(ctr(aes))
2276. driver : rfc3686(ctr(aes-asm))
2277. module : kernel
2278. priority : 200
2279. refcnt : 1
2280. selftest : passed
2281. type : ablkcipher
2282. async : yes
2283. blocksize : 1
2284. min keysize : 20
2285. max keysize : 36
2286. ivsize : 8
2287. geniv : seqiv
2288.  
2289. name : ctr(aes)
2290. driver : ctr(aes-asm)
2291. module : kernel
2292. priority : 200
2293. refcnt : 1
2294. selftest : passed
2295. type : givcipher
2296. async : yes
2297. blocksize : 1
2298. min keysize : 16
2299. max keysize : 32
2300. ivsize : 16
2301. geniv : chainiv
2302.  
2303. name : ctr(aes)
2304. driver : ctr(aes-asm)
2305. module : kernel
2306. priority : 200
2307. refcnt : 1
2308. selftest : passed
2309. type : blkcipher
2310. blocksize : 1
2311. min keysize : 16
2312. max keysize : 32
2313. ivsize : 16
2314. geniv : chainiv
2315.  
2316. name : cbc(cast5)
2317. driver : cbc(cast5-generic)
2318. module : kernel
2319. priority : 100
2320. refcnt : 1
2321. selftest : passed
2322. type : blkcipher
2323. blocksize : 8
2324. min keysize : 5
2325. max keysize : 16
2326. ivsize : 8
2327. geniv : <default>
2328.  
2329. name : cbc(des3_ede)
2330. driver : cbc(des3_ede-generic)
2331. module : kernel
2332. priority : 0
2333. refcnt : 1
2334. selftest : passed
2335. type : blkcipher
2336. blocksize : 8
2337. min keysize : 24
2338. max keysize : 24
2339. ivsize : 8
2340. geniv : <default>
2341.  
2342. name : cbc(des)
2343. driver : cbc(des-generic)
2344. module : kernel
2345. priority : 0
2346. refcnt : 1
2347. selftest : passed
2348. type : blkcipher
2349. blocksize : 8
2350. min keysize : 8
2351. max keysize : 8
2352. ivsize : 8
2353. geniv : <default>
2354.  
2355. name : cmac(aes)
2356. driver : cmac(aes-asm)
2357. module : cmac
2358. priority : 200
2359. refcnt : 1
2360. selftest : passed
2361. type : shash
2362. blocksize : 16
2363. digestsize : 16
2364.  
2365. name : xcbc(aes)
2366. driver : xcbc(aes-asm)
2367. module : xcbc
2368. priority : 200
2369. refcnt : 1
2370. selftest : passed
2371. type : shash
2372. blocksize : 16
2373. digestsize : 16
2374.  
2375. name : hmac(rmd160)
2376. driver : hmac(rmd160-generic)
2377. module : kernel
2378. priority : 0
2379. refcnt : 1
2380. selftest : passed
2381. type : shash
2382. blocksize : 64
2383. digestsize : 20
2384.  
2385. name : rmd160
2386. driver : rmd160-generic
2387. module : rmd160
2388. priority : 0
2389. refcnt : 1
2390. selftest : passed
2391. type : shash
2392. blocksize : 64
2393. digestsize : 20
2394.  
2395. name : hmac(sha512)
2396. driver : hmac(sha512-ssse3)
2397. module : kernel
2398. priority : 150
2399. refcnt : 1
2400. selftest : passed
2401. type : shash
2402. blocksize : 128
2403. digestsize : 64
2404.  
2405. name : hmac(sha384)
2406. driver : hmac(sha384-generic)
2407. module : kernel
2408. priority : 0
2409. refcnt : 1
2410. selftest : passed
2411. type : shash
2412. blocksize : 128
2413. digestsize : 48
2414.  
2415. name : hmac(sha256)
2416. driver : hmac(sha256-ssse3)
2417. module : kernel
2418. priority : 150
2419. refcnt : 1
2420. selftest : passed
2421. type : shash
2422. blocksize : 64
2423. digestsize : 32
2424.  
2425. name : hmac(md5)
2426. driver : hmac(md5-generic)
2427. module : kernel
2428. priority : 0
2429. refcnt : 1
2430. selftest : passed
2431. type : shash
2432. blocksize : 64
2433. digestsize : 16
2434.  
2435. name : digest_null
2436. driver : digest_null-generic
2437. module : crypto_null
2438. priority : 0
2439. refcnt : 1
2440. selftest : passed
2441. type : shash
2442. blocksize : 1
2443. digestsize : 0
2444.  
2445. name : compress_null
2446. driver : compress_null-generic
2447. module : crypto_null
2448. priority : 0
2449. refcnt : 1
2450. selftest : passed
2451. type : compression
2452.  
2453. name : ecb(cipher_null)
2454. driver : ecb-cipher_null
2455. module : crypto_null
2456. priority : 100
2457. refcnt : 1
2458. selftest : passed
2459. type : blkcipher
2460. blocksize : 1
2461. min keysize : 0
2462. max keysize : 0
2463. ivsize : 0
2464. geniv : <default>
2465.  
2466. name : cipher_null
2467. driver : cipher_null-generic
2468. module : crypto_null
2469. priority : 0
2470. refcnt : 1
2471. selftest : passed
2472. type : cipher
2473. blocksize : 1
2474. min keysize : 0
2475. max keysize : 0
2476.  
2477. name : camellia
2478. driver : camellia-generic
2479. module : camellia_generic
2480. priority : 100
2481. refcnt : 1
2482. selftest : passed
2483. type : cipher
2484. blocksize : 16
2485. min keysize : 16
2486. max keysize : 32
2487.  
2488. name : xts(camellia)
2489. driver : xts-camellia-asm
2490. module : camellia_x86_64
2491. priority : 300
2492. refcnt : 1
2493. selftest : passed
2494. type : blkcipher
2495. blocksize : 16
2496. min keysize : 32
2497. max keysize : 64
2498. ivsize : 16
2499. geniv : <default>
2500.  
2501. name : lrw(camellia)
2502. driver : lrw-camellia-asm
2503. module : camellia_x86_64
2504. priority : 300
2505. refcnt : 1
2506. selftest : passed
2507. type : blkcipher
2508. blocksize : 16
2509. min keysize : 32
2510. max keysize : 48
2511. ivsize : 16
2512. geniv : <default>
2513.  
2514. name : ctr(camellia)
2515. driver : ctr-camellia-asm
2516. module : camellia_x86_64
2517. priority : 300
2518. refcnt : 1
2519. selftest : passed
2520. type : blkcipher
2521. blocksize : 1
2522. min keysize : 16
2523. max keysize : 32
2524. ivsize : 16
2525. geniv : <default>
2526.  
2527. name : cbc(camellia)
2528. driver : cbc-camellia-asm
2529. module : camellia_x86_64
2530. priority : 300
2531. refcnt : 1
2532. selftest : passed
2533. type : blkcipher
2534. blocksize : 16
2535. min keysize : 16
2536. max keysize : 32
2537. ivsize : 16
2538. geniv : <default>
2539.  
2540. name : ecb(camellia)
2541. driver : ecb-camellia-asm
2542. module : camellia_x86_64
2543. priority : 300
2544. refcnt : 1
2545. selftest : passed
2546. type : blkcipher
2547. blocksize : 16
2548. min keysize : 16
2549. max keysize : 32
2550. ivsize : 0
2551. geniv : <default>
2552.  
2553. name : camellia
2554. driver : camellia-asm
2555. module : camellia_x86_64
2556. priority : 200
2557. refcnt : 1
2558. selftest : passed
2559. type : cipher
2560. blocksize : 16
2561. min keysize : 16
2562. max keysize : 32
2563.  
2564. name : cast6
2565. driver : cast6-generic
2566. module : cast6_generic
2567. priority : 100
2568. refcnt : 1
2569. selftest : passed
2570. type : cipher
2571. blocksize : 16
2572. min keysize : 16
2573. max keysize : 32
2574.  
2575. name : cast5
2576. driver : cast5-generic
2577. module : cast5_generic
2578. priority : 100
2579. refcnt : 1
2580. selftest : passed
2581. type : cipher
2582. blocksize : 8
2583. min keysize : 5
2584. max keysize : 16
2585.  
2586. name : deflate
2587. driver : deflate-generic
2588. module : deflate
2589. priority : 0
2590. refcnt : 1
2591. selftest : passed
2592. type : compression
2593.  
2594. name : xts(serpent)
2595. driver : xts-serpent-sse2
2596. module : serpent_sse2_x86_64
2597. priority : 400
2598. refcnt : 1
2599. selftest : passed
2600. type : ablkcipher
2601. async : yes
2602. blocksize : 16
2603. min keysize : 0
2604. max keysize : 64
2605. ivsize : 16
2606. geniv : <default>
2607.  
2608. name : lrw(serpent)
2609. driver : lrw-serpent-sse2
2610. module : serpent_sse2_x86_64
2611. priority : 400
2612. refcnt : 1
2613. selftest : passed
2614. type : ablkcipher
2615. async : yes
2616. blocksize : 16
2617. min keysize : 16
2618. max keysize : 48
2619. ivsize : 16
2620. geniv : <default>
2621.  
2622. name : ctr(serpent)
2623. driver : ctr-serpent-sse2
2624. module : serpent_sse2_x86_64
2625. priority : 400
2626. refcnt : 1
2627. selftest : passed
2628. type : ablkcipher
2629. async : yes
2630. blocksize : 1
2631. min keysize : 0
2632. max keysize : 32
2633. ivsize : 16
2634. geniv : chainiv
2635.  
2636. name : cbc(serpent)
2637. driver : cbc-serpent-sse2
2638. module : serpent_sse2_x86_64
2639. priority : 400
2640. refcnt : 1
2641. selftest : passed
2642. type : ablkcipher
2643. async : yes
2644. blocksize : 16
2645. min keysize : 0
2646. max keysize : 32
2647. ivsize : 16
2648. geniv : <default>
2649.  
2650. name : __ecb-serpent-sse2
2651. driver : cryptd(__driver-ecb-serpent-sse2)
2652. module : cryptd
2653. priority : 50
2654. refcnt : 1
2655. selftest : passed
2656. type : ablkcipher
2657. async : yes
2658. blocksize : 16
2659. min keysize : 0
2660. max keysize : 32
2661. ivsize : 0
2662. geniv : <default>
2663.  
2664. name : ecb(serpent)
2665. driver : ecb-serpent-sse2
2666. module : serpent_sse2_x86_64
2667. priority : 400
2668. refcnt : 1
2669. selftest : passed
2670. type : ablkcipher
2671. async : yes
2672. blocksize : 16
2673. min keysize : 0
2674. max keysize : 32
2675. ivsize : 0
2676. geniv : <default>
2677.  
2678. name : __xts-serpent-sse2
2679. driver : __driver-xts-serpent-sse2
2680. module : serpent_sse2_x86_64
2681. priority : 0
2682. refcnt : 1
2683. selftest : passed
2684. type : blkcipher
2685. blocksize : 16
2686. min keysize : 0
2687. max keysize : 64
2688. ivsize : 16
2689. geniv : <default>
2690.  
2691. name : __lrw-serpent-sse2
2692. driver : __driver-lrw-serpent-sse2
2693. module : serpent_sse2_x86_64
2694. priority : 0
2695. refcnt : 1
2696. selftest : passed
2697. type : blkcipher
2698. blocksize : 16
2699. min keysize : 16
2700. max keysize : 48
2701. ivsize : 16
2702. geniv : <default>
2703.  
2704. name : __ctr-serpent-sse2
2705. driver : __driver-ctr-serpent-sse2
2706. module : serpent_sse2_x86_64
2707. priority : 0
2708. refcnt : 1
2709. selftest : passed
2710. type : blkcipher
2711. blocksize : 1
2712. min keysize : 0
2713. max keysize : 32
2714. ivsize : 16
2715. geniv : <default>
2716.  
2717. name : __cbc-serpent-sse2
2718. driver : __driver-cbc-serpent-sse2
2719. module : serpent_sse2_x86_64
2720. priority : 0
2721. refcnt : 1
2722. selftest : passed
2723. type : blkcipher
2724. blocksize : 16
2725. min keysize : 0
2726. max keysize : 32
2727. ivsize : 0
2728. geniv : <default>
2729.  
2730. name : __ecb-serpent-sse2
2731. driver : __driver-ecb-serpent-sse2
2732. module : serpent_sse2_x86_64
2733. priority : 0
2734. refcnt : 1
2735. selftest : passed
2736. type : blkcipher
2737. blocksize : 16
2738. min keysize : 0
2739. max keysize : 32
2740. ivsize : 0
2741. geniv : <default>
2742.  
2743. name : tnepres
2744. driver : tnepres-generic
2745. module : serpent_generic
2746. priority : 0
2747. refcnt : 1
2748. selftest : passed
2749. type : cipher
2750. blocksize : 16
2751. min keysize : 0
2752. max keysize : 32
2753.  
2754. name : serpent
2755. driver : serpent-generic
2756. module : serpent_generic
2757. priority : 100
2758. refcnt : 1
2759. selftest : passed
2760. type : cipher
2761. blocksize : 16
2762. min keysize : 0
2763. max keysize : 32
2764.  
2765. name : blowfish
2766. driver : blowfish-generic
2767. module : blowfish_generic
2768. priority : 100
2769. refcnt : 1
2770. selftest : passed
2771. type : cipher
2772. blocksize : 8
2773. min keysize : 4
2774. max keysize : 56
2775.  
2776. name : ctr(blowfish)
2777. driver : ctr-blowfish-asm
2778. module : blowfish_x86_64
2779. priority : 300
2780. refcnt : 1
2781. selftest : passed
2782. type : blkcipher
2783. blocksize : 1
2784. min keysize : 4
2785. max keysize : 56
2786. ivsize : 8
2787. geniv : <default>
2788.  
2789. name : cbc(blowfish)
2790. driver : cbc-blowfish-asm
2791. module : blowfish_x86_64
2792. priority : 300
2793. refcnt : 1
2794. selftest : passed
2795. type : blkcipher
2796. blocksize : 8
2797. min keysize : 4
2798. max keysize : 56
2799. ivsize : 8
2800. geniv : <default>
2801.  
2802. name : ecb(blowfish)
2803. driver : ecb-blowfish-asm
2804. module : blowfish_x86_64
2805. priority : 300
2806. refcnt : 1
2807. selftest : passed
2808. type : blkcipher
2809. blocksize : 8
2810. min keysize : 4
2811. max keysize : 56
2812. ivsize : 0
2813. geniv : <default>
2814.  
2815. name : blowfish
2816. driver : blowfish-asm
2817. module : blowfish_x86_64
2818. priority : 200
2819. refcnt : 1
2820. selftest : passed
2821. type : cipher
2822. blocksize : 8
2823. min keysize : 4
2824. max keysize : 56
2825.  
2826. name : twofish
2827. driver : twofish-generic
2828. module : twofish_generic
2829. priority : 100
2830. refcnt : 1
2831. selftest : passed
2832. type : cipher
2833. blocksize : 16
2834. min keysize : 16
2835. max keysize : 32
2836.  
2837. name : xts(twofish)
2838. driver : xts-twofish-3way
2839. module : twofish_x86_64_3way
2840. priority : 300
2841. refcnt : 1
2842. selftest : passed
2843. type : blkcipher
2844. blocksize : 16
2845. min keysize : 32
2846. max keysize : 64
2847. ivsize : 16
2848. geniv : <default>
2849.  
2850. name : lrw(twofish)
2851. driver : lrw-twofish-3way
2852. module : twofish_x86_64_3way
2853. priority : 300
2854. refcnt : 1
2855. selftest : passed
2856. type : blkcipher
2857. blocksize : 16
2858. min keysize : 32
2859. max keysize : 48
2860. ivsize : 16
2861. geniv : <default>
2862.  
2863. name : ctr(twofish)
2864. driver : ctr-twofish-3way
2865. module : twofish_x86_64_3way
2866. priority : 300
2867. refcnt : 1
2868. selftest : passed
2869. type : blkcipher
2870. blocksize : 1
2871. min keysize : 16
2872. max keysize : 32
2873. ivsize : 16
2874. geniv : <default>
2875.  
2876. name : cbc(twofish)
2877. driver : cbc-twofish-3way
2878. module : twofish_x86_64_3way
2879. priority : 300
2880. refcnt : 1
2881. selftest : passed
2882. type : blkcipher
2883. blocksize : 16
2884. min keysize : 16
2885. max keysize : 32
2886. ivsize : 16
2887. geniv : <default>
2888.  
2889. name : ecb(twofish)
2890. driver : ecb-twofish-3way
2891. module : twofish_x86_64_3way
2892. priority : 300
2893. refcnt : 1
2894. selftest : passed
2895. type : blkcipher
2896. blocksize : 16
2897. min keysize : 16
2898. max keysize : 32
2899. ivsize : 0
2900. geniv : <default>
2901.  
2902. name : twofish
2903. driver : twofish-asm
2904. module : twofish_x86_64
2905. priority : 200
2906. refcnt : 1
2907. selftest : passed
2908. type : cipher
2909. blocksize : 16
2910. min keysize : 16
2911. max keysize : 32
2912.  
2913. name : sha256
2914. driver : sha256-ssse3
2915. module : sha256_ssse3
2916. priority : 150
2917. refcnt : 1
2918. selftest : passed
2919. type : shash
2920. blocksize : 64
2921. digestsize : 32
2922.  
2923. name : sha512
2924. driver : sha512-ssse3
2925. module : sha512_ssse3
2926. priority : 150
2927. refcnt : 1
2928. selftest : passed
2929. type : shash
2930. blocksize : 128
2931. digestsize : 64
2932.  
2933. name : sha384
2934. driver : sha384-generic
2935. module : sha512_generic
2936. priority : 0
2937. refcnt : 1
2938. selftest : passed
2939. type : shash
2940. blocksize : 128
2941. digestsize : 48
2942.  
2943. name : sha512
2944. driver : sha512-generic
2945. module : sha512_generic
2946. priority : 0
2947. refcnt : 1
2948. selftest : passed
2949. type : shash
2950. blocksize : 128
2951. digestsize : 64
2952.  
2953. name : des3_ede
2954. driver : des3_ede-generic
2955. module : des_generic
2956. priority : 0
2957. refcnt : 1
2958. selftest : passed
2959. type : cipher
2960. blocksize : 8
2961. min keysize : 24
2962. max keysize : 24
2963.  
2964. name : des
2965. driver : des-generic
2966. module : des_generic
2967. priority : 0
2968. refcnt : 1
2969. selftest : passed
2970. type : cipher
2971. blocksize : 8
2972. min keysize : 8
2973. max keysize : 8
2974.  
2975. name : crc32c
2976. driver : crc32c-intel
2977. module : crc32c_intel
2978. priority : 200
2979. refcnt : 1
2980. selftest : passed
2981. type : shash
2982. blocksize : 1
2983. digestsize : 4
2984.  
2985. name : cbc(aes)
2986. driver : cbc(aes-asm)
2987. module : kernel
2988. priority : 200
2989. refcnt : 3
2990. selftest : passed
2991. type : blkcipher
2992. blocksize : 16
2993. min keysize : 16
2994. max keysize : 32
2995. ivsize : 16
2996. geniv : <default>
2997.  
2998. name : hmac(sha1)
2999. driver : hmac(sha1-generic)
3000. module : kernel
3001. priority : 0
3002. refcnt : 6
3003. selftest : passed
3004. type : shash
3005. blocksize : 64
3006. digestsize : 20
3007.  
3008. name : stdrng
3009. driver : krng
3010. module : kernel
3011. priority : 200
3012. refcnt : 2
3013. selftest : passed
3014. type : rng
3015. seedsize : 0
3016.  
3017. name : lzo
3018. driver : lzo-generic
3019. module : kernel
3020. priority : 0
3021. refcnt : 1
3022. selftest : passed
3023. type : compression
3024.  
3025. name : crc32c
3026. driver : crc32c-generic
3027. module : kernel
3028. priority : 100
3029. refcnt : 2
3030. selftest : passed
3031. type : shash
3032. blocksize : 1
3033. digestsize : 4
3034.  
3035. name : aes
3036. driver : aes-generic
3037. module : kernel
3038. priority : 100
3039. refcnt : 1
3040. selftest : passed
3041. type : cipher
3042. blocksize : 16
3043. min keysize : 16
3044. max keysize : 32
3045.  
3046. name : sha224
3047. driver : sha224-generic
3048. module : kernel
3049. priority : 0
3050. refcnt : 1
3051. selftest : passed
3052. type : shash
3053. blocksize : 64
3054. digestsize : 28
3055.  
3056. name : sha256
3057. driver : sha256-generic
3058. module : kernel
3059. priority : 0
3060. refcnt : 3
3061. selftest : passed
3062. type : shash
3063. blocksize : 64
3064. digestsize : 32
3065.  
3066. name : sha1
3067. driver : sha1-generic
3068. module : kernel
3069. priority : 0
3070. refcnt : 7
3071. selftest : passed
3072. type : shash
3073. blocksize : 64
3074. digestsize : 20
3075.  
3076. name : md5
3077. driver : md5-generic
3078. module : kernel
3079. priority : 0
3080. refcnt : 1
3081. selftest : passed
3082. type : shash
3083. blocksize : 64
3084. digestsize : 16
3085.  
3086. name : aes
3087. driver : aes-asm
3088. module : kernel
3089. priority : 200
3090. refcnt : 4
3091. selftest : passed
3092. type : cipher
3093. blocksize : 16
3094. min keysize : 16
3095. max keysize : 32
3096.  
3097. + __________________________/proc/sys/net/core/xfrm-star
3098. /usr/libexec/ipsec/barf: line 197: __________________________/proc/sys/net/core/xfrm-star: No such file or directory
3099. + for i in '/proc/sys/net/core/xfrm_*'
3100. + echo -n '/proc/sys/net/core/xfrm_acq_expires: '
3101. /proc/sys/net/core/xfrm_acq_expires: + cat /proc/sys/net/core/xfrm_acq_expires
3102. 30
3103. + for i in '/proc/sys/net/core/xfrm_*'
3104. + echo -n '/proc/sys/net/core/xfrm_aevent_etime: '
3105. /proc/sys/net/core/xfrm_aevent_etime: + cat /proc/sys/net/core/xfrm_aevent_etime
3106. 10
3107. + for i in '/proc/sys/net/core/xfrm_*'
3108. + echo -n '/proc/sys/net/core/xfrm_aevent_rseqth: '
3109. /proc/sys/net/core/xfrm_aevent_rseqth: + cat /proc/sys/net/core/xfrm_aevent_rseqth
3110. 2
3111. + for i in '/proc/sys/net/core/xfrm_*'
3112. + echo -n '/proc/sys/net/core/xfrm_larval_drop: '
3113. /proc/sys/net/core/xfrm_larval_drop: + cat /proc/sys/net/core/xfrm_larval_drop
3114. 1
3115. + _________________________ /proc/sys/net/ipsec-star
3116. + test -d /proc/sys/net/ipsec
3117. + _________________________ ipsec/status
3118. + ipsec whack --status
3119. 000 using kernel interface: netkey
3120. 000 interface lo/lo ::1
3121. 000 interface lo/lo 127.0.0.1
3122. 000 interface enp11s0f0/enp11s0f0 10.1.2.2
3123. 000
3124. 000 fips mode=disabled;
3125. 000 SElinux=enabled
3126. 000
3127. 000 config setup options:
3128. 000
3129. 000 configdir=/etc, configfile=/etc/ipsec.conf, secrets=/etc/ipsec.secrets, ipsecdir=/etc/ipsec.d, dumpdir=/var/run/pluto/, statsbin=unset
3130. 000 sbindir=/usr/sbin, libdir=/usr/libexec/ipsec, libexecdir=/usr/libexec/ipsec
3131. 000 pluto_version=3.8, pluto_vendorid=OE-Libreswan-3.8
3132. 000 nhelpers=-1, uniqueids=yes, retransmits=yes, force_busy=no
3133. 000 ikeport=500, strictcrlpolicy=no, crlcheckinterval=0, listen=<any>
3134. 000 secctx_attr_value=32001
3135. 000 myid = (none)
3136. 000 debug raw+crypt+parsing+emitting+control+lifecycle+kernel+dns+oppo+controlmore+pfkey+nattraversal+x509+dpd+oppoinfo
3137. 000
3138. 000 nat_traversal=no, keep_alive=20, nat_ikeport=4500, disable_port_floating=yes
3139. 000
3140. 000 ESP algorithms supported:
3141. 000
3142. 000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64, keysizemax=64
3143. 000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192, keysizemax=192
3144. 000 algorithm ESP encrypt: id=6, name=ESP_CAST, ivlen=8, keysizemin=40, keysizemax=128
3145. 000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8, keysizemin=40, keysizemax=448
3146. 000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0, keysizemax=0
3147. 000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128, keysizemax=256
3148. 000 algorithm ESP encrypt: id=13, name=ESP_AES_CTR, ivlen=8, keysizemin=160, keysizemax=288
3149. 000 algorithm ESP encrypt: id=14, name=ESP_AES_CCM_A, ivlen=8, keysizemin=128, keysizemax=256
3150. 000 algorithm ESP encrypt: id=15, name=ESP_AES_CCM_B, ivlen=8, keysizemin=128, keysizemax=256
3151. 000 algorithm ESP encrypt: id=16, name=ESP_AES_CCM_C, ivlen=8, keysizemin=128, keysizemax=256
3152. 000 algorithm ESP encrypt: id=18, name=ESP_AES_GCM_A, ivlen=8, keysizemin=128, keysizemax=256
3153. 000 algorithm ESP encrypt: id=19, name=ESP_AES_GCM_B, ivlen=12, keysizemin=128, keysizemax=256
3154. 000 algorithm ESP encrypt: id=20, name=ESP_AES_GCM_C, ivlen=16, keysizemin=128, keysizemax=256
3155. 000 algorithm ESP encrypt: id=22, name=ESP_CAMELLIA, ivlen=8, keysizemin=128, keysizemax=256
3156. 000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8, keysizemin=128, keysizemax=256
3157. 000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8, keysizemin=128, keysizemax=256
3158. 000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128
3159. 000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160
3160. 000 algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256, keysizemin=256, keysizemax=256
3161. 000 algorithm ESP auth attr: id=6, name=AUTH_ALGORITHM_HMAC_SHA2_384, keysizemin=384, keysizemax=384
3162. 000 algorithm ESP auth attr: id=7, name=AUTH_ALGORITHM_HMAC_SHA2_512, keysizemin=512, keysizemax=512
3163. 000 algorithm ESP auth attr: id=8, name=AUTH_ALGORITHM_HMAC_RIPEMD, keysizemin=160, keysizemax=160
3164. 000 algorithm ESP auth attr: id=9, name=AUTH_ALGORITHM_AES_CBC, keysizemin=128, keysizemax=128
3165. 000 algorithm ESP auth attr: id=251, name=AUTH_ALGORITHM_NULL_KAME, keysizemin=0, keysizemax=0
3166. 000
3167. 000 IKE algorithms supported:
3168. 000
3169. 000 algorithm IKE encrypt: v1id=0, v1name=0??, v2id=20, v2name=AES_GCM_C, blocksize=16, keydeflen=128
3170. 000 algorithm IKE encrypt: v1id=0, v1name=0??, v2id=19, v2name=AES_GCM_B, blocksize=16, keydeflen=128
3171. 000 algorithm IKE encrypt: v1id=0, v1name=0??, v2id=18, v2name=AES_GCM_A, blocksize=16, keydeflen=128
3172. 000 algorithm IKE encrypt: v1id=0, v1name=0??, v2id=16, v2name=AES_CCM_C, blocksize=16, keydeflen=128
3173. 000 algorithm IKE encrypt: v1id=0, v1name=0??, v2id=15, v2name=AES_CCM_B, blocksize=16, keydeflen=128
3174. 000 algorithm IKE encrypt: v1id=0, v1name=0??, v2id=14, v2name=AES_CCM_A, blocksize=16, keydeflen=128
3175. 000 algorithm IKE encrypt: v1id=5, v1name=OAKLEY_3DES_CBC, v2id=3, v2name=3DES, blocksize=8, keydeflen=192
3176. 000 algorithm IKE encrypt: v1id=7, v1name=OAKLEY_AES_CBC, v2id=12, v2name=AES_CBC, blocksize=16, keydeflen=128
3177. 000 algorithm IKE encrypt: v1id=65004, v1name=OAKLEY_SERPENT_CBC, v2id=65004, v2name=SERPENT_CBC, blocksize=16, keydeflen=128
3178. 000 algorithm IKE encrypt: v1id=65005, v1name=OAKLEY_TWOFISH_CBC, v2id=65005, v2name=TWOFISH_CBC, blocksize=16, keydeflen=128
3179. 000 algorithm IKE encrypt: v1id=65289, v1name=OAKLEY_TWOFISH_CBC_SSH, v2id=65289, v2name=TWOFISH_CBC_SSH, blocksize=16, keydeflen=128
3180. 000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
3181. 000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20
3182. 000 algorithm IKE hash: id=4, name=OAKLEY_SHA2_256, hashsize=32
3183. 000 algorithm IKE hash: id=5, name=OAKLEY_SHA2_384, hashsize=48
3184. 000 algorithm IKE hash: id=6, name=OAKLEY_SHA2_512, hashsize=64
3185. 000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
3186. 000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
3187. 000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
3188. 000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
3189. 000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
3190. 000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
3191. 000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
3192. 000 algorithm IKE dh group: id=22, name=OAKLEY_GROUP_DH22, bits=1024
3193. 000 algorithm IKE dh group: id=23, name=OAKLEY_GROUP_DH23, bits=2048
3194. 000 algorithm IKE dh group: id=24, name=OAKLEY_GROUP_DH24, bits=2048
3195. 000
3196. 000 stats db_ops: {curr_cnt, total_cnt, maxsz} :context={0,0,0} trans={0,0,0} attrs={0,0,0}
3197. 000
3198. 000 Connection list:
3199. 000
3200. 000 "amazoncore": 10.1.2.0/24===10.1.2.2[@potatoe]...54.66.129.223<54.66.129.223>[@blender]===10.1.0.0/16; erouted; eroute owner: #2
3201. 000 "amazoncore": oriented; my_ip=unset; their_ip=10.1.0.1;
3202. 000 "amazoncore": xauth info: us:none, them:none, my_xauthuser=[any]; their_xauthuser=[any]; ;
3203. 000 "amazoncore": modecfg info: us:none, them:none, modecfg policy:push, dns1:unset, dns2:unset, domain:unset, banner:unset;
3204. 000 "amazoncore": labeled_ipsec:no, loopback:no;
3205. 000 "amazoncore": policy_label:unset;
3206. 000 "amazoncore": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0;
3207. 000 "amazoncore": sha2_truncbug:no; initial_contact:no; cisco_unity:no; send_vendorid:no;
3208. 000 "amazoncore": policy: PSK+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW+SAREFTRACK+IKE_FRAG;
3209. 000 "amazoncore": conn_prio: 16,24; interface: enp11s0f0; metric: 0; mtu: unset; sa_prio:auto;
3210. 000 "amazoncore": dpd: action:hold; delay:0; timeout:0; nat-t: force_encaps:yes; nat_keepalive:yes;
3211. 000 "amazoncore": newest ISAKMP SA: #1; newest IPsec SA: #2;
3212. 000 "amazoncore": IKE algorithms wanted: AES_CBC(7)_256-SHA1(2)_000-MODP1536(5), 3DES_CBC(5)_000-MD5(1)_000-MODP1024(2)
3213. 000 "amazoncore": IKE algorithms found: AES_CBC(7)_256-SHA1(2)_160-MODP1536(5)3DES_CBC(5)_192-MD5(1)_128-MODP1024(2)
3214. 000 "amazoncore": IKE algorithm newest: AES_CBC_256-SHA1-MODP1536
3215. 000 "amazoncore": ESP algorithm newest: AES_128-HMAC_SHA1; pfsgroup=<Phase1>
3216. 000
3217. 000 Total IPsec connections: loaded 1, active 1
3218. 000
3219. 000 State list:
3220. 000
3221. 000 #2: "amazoncore":500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 28018s; newest IPSEC; eroute owner; isakmp#1; idle; import:admin initiate
3222. 000 #2: "amazoncore" esp.38d88809@54.66.129.223 esp.477e7098@10.1.2.2 tun.0@54.66.129.223 tun.0@10.1.2.2 ref=0 refhim=4294901761 Traffic: ESPin=713B ESPout=0B! ESPmax=4194303B
3223. 000 #1: "amazoncore":500 STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 2577s; newest ISAKMP; lastdpd=-1s(seq in:0 out:0); idle; import:admin initiate
3224. 000
3225. 000 Shunt list:
3226. 000
3227. + _________________________ ifconfig-a
3228. + ifconfig -a
3229. enp0s29f0u2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
3230. ether 02:21:5e:0a:a9:1f txqueuelen 1000 (Ethernet)
3231. RX packets 36715 bytes 2389943 (2.2 MiB)
3232. RX errors 0 dropped 0 overruns 0 frame 0
3233. TX packets 0 bytes 0 (0.0 B)
3234. TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
3235.  
3236. enp11s0f0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
3237. inet 10.1.2.2 netmask 255.255.255.0 broadcast 10.1.2.255
3238. inet6 fe80::221:5eff:fe09:a91c prefixlen 64 scopeid 0x20<link>
3239. ether 00:21:5e:09:a9:1c txqueuelen 1000 (Ethernet)
3240. RX packets 175491 bytes 39849348 (38.0 MiB)
3241. RX errors 0 dropped 21 overruns 0 frame 0
3242. TX packets 133541 bytes 41851773 (39.9 MiB)
3243. TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
3244.  
3245. enp11s0f1: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
3246. ether 00:21:5e:09:a9:1e txqueuelen 1000 (Ethernet)
3247. RX packets 0 bytes 0 (0.0 B)
3248. RX errors 0 dropped 0 overruns 0 frame 0
3249. TX packets 0 bytes 0 (0.0 B)
3250. TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
3251.  
3252. lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
3253. inet 127.0.0.1 netmask 255.0.0.0
3254. inet6 ::1 prefixlen 128 scopeid 0x10<host>
3255. loop txqueuelen 0 (Local Loopback)
3256. RX packets 165087 bytes 52395287 (49.9 MiB)
3257. RX errors 0 dropped 0 overruns 0 frame 0
3258. TX packets 165087 bytes 52395287 (49.9 MiB)
3259. TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
3260.  
3261. + _________________________ ip-addr-list
3262. + ip addr list
3263. 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
3264. link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
3265. inet 127.0.0.1/8 scope host lo
3266. valid_lft forever preferred_lft forever
3267. inet6 ::1/128 scope host
3268. valid_lft forever preferred_lft forever
3269. 2: enp11s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
3270. link/ether 00:21:5e:09:a9:1c brd ff:ff:ff:ff:ff:ff
3271. inet 10.1.2.2/24 brd 10.1.2.255 scope global enp11s0f0
3272. valid_lft forever preferred_lft forever
3273. inet6 fe80::221:5eff:fe09:a91c/64 scope link
3274. valid_lft forever preferred_lft forever
3275. 3: enp11s0f1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN qlen 1000
3276. link/ether 00:21:5e:09:a9:1e brd ff:ff:ff:ff:ff:ff
3277. 4: enp0s29f0u2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
3278. link/ether 02:21:5e:0a:a9:1f brd ff:ff:ff:ff:ff:ff
3279. + _________________________ ip-route-list
3280. + ip route list
3281. default via 10.1.2.254 dev enp11s0f0 proto static metric 1024
3282. 10.1.2.0/24 dev enp11s0f0 proto kernel scope link src 10.1.2.2
3283. + _________________________ ip-rule-list
3284. + ip rule list
3285. 0: from all lookup local
3286. 32766: from all lookup main
3287. 32767: from all lookup default
3288. + _________________________ ipsec_verify
3289. + ipsec verify --nocolour
3290. Verifying installed system and configuration files
3291.  
3292. Version check and ipsec on-path [OK]
3293. Libreswan 3.8 (netkey) on 3.10.0-123.el7.x86_64
3294. Checking for IPsec support in kernel [OK]
3295. NETKEY: Testing XFRM related proc values
3296. ICMP default/send_redirects [OK]
3297. ICMP default/accept_redirects [OK]
3298. XFRM larval drop [OK]
3299. Pluto ipsec.conf syntax [OK]
3300. Hardware random device [N/A]
3301. Two or more interfaces found, checking IP forwarding [FAILED]
3302. Checking rp_filter [OK]
3303. Checking that pluto is running [OK]
3304. Pluto listening for IKE on udp 500 [OK]
3305. Pluto listening for IKE/NAT-T on udp 4500 [DISABLED]
3306. Pluto ipsec.secret syntax [OK]
3307. Checking NAT and MASQUERADEing [TEST INCOMPLETE]
3308. Checking 'ip' command [OK]
3309. Checking 'iptables' command [OK]
3310. Checking 'prelink' command does not interfere with FIPSChecking for obsolete ipsec.conf options [OK]
3311. Opportunistic Encryption [DISABLED]
3312.  
3313. ipsec verify: encountered 2 errors - see 'man ipsec_verify' for help
3314. + _________________________ mii-tool
3315. + '[' -x /sbin/mii-tool ']'
3316. + /sbin/mii-tool -v
3317. No interface specified
3318. usage: /sbin/mii-tool [-VvRrwl] [-A media,... | -F media] [-p addr] <interface ...>
3319. -V, --version display version information
3320. -v, --verbose more verbose output
3321. -R, --reset reset MII to poweron state
3322. -r, --restart restart autonegotiation
3323. -w, --watch monitor for link status changes
3324. -l, --log with -w, write events to syslog
3325. -A, --advertise=media,... advertise only specified media
3326. -F, --force=media force specified media technology
3327. -p, --phy=addr set PHY (MII address) to report
3328. media: 1000baseTx-HD, 1000baseTx-FD,
3329. 100baseT4, 100baseTx-FD, 100baseTx-HD,
3330. 10baseT-FD, 10baseT-HD,
3331. (to advertise both HD and FD) 1000baseTx, 100baseTx, 10baseT
3332. + _________________________ ipsec/directory
3333. + ipsec --directory
3334. /usr/libexec/ipsec
3335. + _________________________ hostname/fqdn
3336. + hostname --fqdn
3337. mdserver.blueprintconsulting.com
3338. + _________________________ hostname/ipaddress
3339. + hostname --ip-address
3340. 10.1.2.2
3341. + _________________________ uptime
3342. + uptime
3343. 14:01:24 up 1 day, 1:19, 1 user, load average: 0.10, 0.05, 0.05
3344. + _________________________ ps
3345. + ps alxwf
3346. + egrep -i 'ppid|pluto|ipsec|klips'
3347. F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME COMMAND
3348. 0 0 10305 27355 20 0 113120 1484 wait S+ pts/1 0:00 \_ /bin/bash /etc/ipsec.d/show_ipsec_config
3349. 4 0 10760 10305 20 0 113124 1564 wait S+ pts/1 0:00 \_ /bin/sh /usr/libexec/ipsec/barf
3350. 0 0 10937 10760 20 0 4432 624 - S+ pts/1 0:00 \_ egrep -i ppid|pluto|ipsec|klips
3351. 0 0 10406 1 20 0 115212 1452 pipe_w Ss ? 0:00 /bin/sh -c eval `/usr/libexec/ipsec/pluto --config /etc/ipsec.conf --nofork $PLUTO_OPTIONS`
3352. 1 0 10411 10406 20 0 115212 660 wait S ? 0:00 \_ /bin/sh -c eval `/usr/libexec/ipsec/pluto --config /etc/ipsec.conf --nofork $PLUTO_OPTIONS`
3353. 4 0 10412 10411 20 0 629852 7208 poll_s Sl ? 0:00 \_ /usr/libexec/ipsec/pluto --config /etc/ipsec.conf --nofork
3354. 0 0 10464 10412 20 0 31308 872 poll_s S ? 0:00 \_ _pluto_adns -d
3355. + _________________________ ipsec/conf
3356. + ipsec readwriteconf --config /etc/ipsec.conf
3357. + ipsec _keycensor
3358. #conn amazoncore loaded
3359. config setup
3360. plutodebug="all raw crypt parsing emitting control lifecycle kernel dns oppo oppoinfo controlmore x509 dpd pfkey natt nattraversal klips netkey"
3361. dumpdir=/var/run/pluto/
3362. virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:100.64.0.0/10,%v6:fd00::/8,%v6:fe80::/10,!%v4:172.31.0.0/20
3363. protostack=netkey
3364.  
3365.  
3366. # begin conn amazoncore
3367. conn amazoncore
3368. left=54.66.129.223
3369. leftid="@blender"
3370. leftsubnet=10.1.0.0/16
3371. leftsourceip=10.1.0.1
3372. right=%defaultroute
3373. rightid="@potatoe"
3374. rightsubnet=10.1.2.0/24
3375. authby=secret
3376. forceencaps=yes
3377. ike=aes256-sha1;modp1536,3des-md5;modp1024
3378. auto==start
3379. type=tunnel
3380. compress=no
3381. pfs=yes
3382. ikepad=yes
3383. rekey=yes
3384. overlapip=yes
3385. authby=secret
3386. phase2=esp
3387. # end conn amazoncore
3388.  
3389. # end of config
3390. + _________________________ ipsec/secrets
3391. + cat /etc/ipsec.secrets
3392. + ipsec _secretcensor
3393. include /etc/ipsec.d/*.secrets
3394. + _________________________ ipsec/listall
3395. + ipsec whack --listall
3396. 000
3397. 000 List of Public Keys:
3398. 000
3399. 000 List of Pre-shared secrets (from /etc/ipsec.secrets)
3400. 000 1: PSK @potatoe @blender
3401. 000
3402. 000 List of X.509 End Certificates:
3403. 000
3404. 000 List of X.509 AA Certificates:
3405. 000
3406. 000 List of X.509 CA Certificates:
3407. 000
3408. 000 List of X.509 CRLs:
3409. + '[' /etc/ipsec.d/policies ']'
3410. + for policy in '$POLICIES/*'
3411. ++ basename /etc/ipsec.d/policies/block
3412. + base=block
3413. + _________________________ ipsec/policies/block
3414. + cat /etc/ipsec.d/policies/block
3415. # This file defines the set of CIDRs (network/mask-length) to which
3416. # communication should never be allowed.
3417. #
3418. # See /usr/share/doc/libreswan/policygroups.html for details.
3419. #
3420. # $Id: block.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
3421. #
3422.  
3423. + for policy in '$POLICIES/*'
3424. ++ basename /etc/ipsec.d/policies/clear
3425. + base=clear
3426. + _________________________ ipsec/policies/clear
3427. + cat /etc/ipsec.d/policies/clear
3428. # This file defines the set of CIDRs (network/mask-length) to which
3429. # communication should always be in the clear.
3430. #
3431. # See /usr/share/doc/libreswan/policygroups.html for details.
3432. #
3433.  
3434. # root name servers should be in the clear
3435. 192.58.128.30/32
3436. 198.41.0.4/32
3437. 192.228.79.201/32
3438. 192.33.4.12/32
3439. 128.8.10.90/32
3440. 192.203.230.10/32
3441. 192.5.5.241/32
3442. 192.112.36.4/32
3443. 128.63.2.53/32
3444. 192.36.148.17/32
3445. 193.0.14.129/32
3446. 199.7.83.42/32
3447. 202.12.27.33/32
3448. + for policy in '$POLICIES/*'
3449. ++ basename /etc/ipsec.d/policies/clear-or-private
3450. + base=clear-or-private
3451. + _________________________ ipsec/policies/clear-or-private
3452. + cat /etc/ipsec.d/policies/clear-or-private
3453. # This file defines the set of CIDRs (network/mask-length) to which
3454. # we will communicate in the clear, or, if the other side initiates IPSEC,
3455. # using encryption. This behaviour is also called "Opportunistic Responder".
3456. #
3457. # See /usr/share/doc/libreswan/policygroups.html for details.
3458. #
3459. # $Id: clear-or-private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
3460. #
3461. + for policy in '$POLICIES/*'
3462. ++ basename /etc/ipsec.d/policies/private
3463. + base=private
3464. + _________________________ ipsec/policies/private
3465. + cat /etc/ipsec.d/policies/private
3466. # This file defines the set of CIDRs (network/mask-length) to which
3467. # communication should always be private (i.e. encrypted).
3468. # See /usr/share/doc/libreswan/policygroups.html for details.
3469. #
3470. # $Id: private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
3471. #
3472. + for policy in '$POLICIES/*'
3473. ++ basename /etc/ipsec.d/policies/private-or-clear
3474. + base=private-or-clear
3475. + _________________________ ipsec/policies/private-or-clear
3476. + cat /etc/ipsec.d/policies/private-or-clear
3477. # This file defines the set of CIDRs (network/mask-length) to which
3478. # communication should be private, if possible, but in the clear otherwise.
3479. #
3480. # If the target has a TXT (later IPSECKEY) record that specifies
3481. # authentication material, we will require private (i.e. encrypted)
3482. # communications. If no such record is found, communications will be
3483. # in the clear.
3484. #
3485. # See /usr/share/doc/libreswan/policygroups.html for details.
3486. #
3487. # $Id: private-or-clear.in,v 1.5 2003/02/17 02:22:15 mcr Exp $
3488. #
3489.  
3490. 0.0.0.0/0
3491. + _________________________ ipsec/ls-libdir
3492. + ls -l /usr/libexec/ipsec
3493. total 2668
3494. -rwxr-xr-x. 1 root root 1410 Aug 13 2014 _keycensor
3495. -rwxr-xr-x. 1 root root 15424 Aug 13 2014 _pluto_adns
3496. -rwxr-xr-x. 1 root root 2978 Aug 13 2014 _plutorun
3497. -rwxr-xr-x. 1 root root 1906 Aug 13 2014 _secretcensor
3498. -rwxr-xr-x. 1 root root 12334 Aug 13 2014 _stackmanager
3499. -rwxr-xr-x. 1 root root 4330 Aug 13 2014 _updown
3500. -rwxr-xr-x. 1 root root 18534 Aug 13 2014 _updown.klips
3501. -rwxr-xr-x. 1 root root 19572 Aug 13 2014 _updown.mast
3502. -rwxr-xr-x. 1 root root 14438 Aug 13 2014 _updown.netkey
3503. -rwxr-xr-x. 1 root root 245400 Aug 13 2014 addconn
3504. -rwxr-xr-x. 1 root root 7012 Aug 13 2014 auto
3505. -rwxr-xr-x. 1 root root 11824 Aug 13 2014 barf
3506. -rwxr-xr-x. 1 root root 91736 Aug 13 2014 eroute
3507. -rwxr-xr-x. 1 root root 28056 Aug 13 2014 ikeping
3508. -rwxr-xr-x. 1 root root 71248 Aug 13 2014 klipsdebug
3509. -rwxr-xr-x. 1 root root 2641 Aug 13 2014 look
3510. -rwxr-xr-x. 1 root root 2727 Aug 13 2014 newhostkey
3511. -rwxr-xr-x. 1 root root 66664 Aug 13 2014 pf_key
3512. -rwxr-xr-x. 1 root root 1187240 Aug 13 2014 pluto
3513. -rwxr-xr-x. 1 root root 220336 Aug 13 2014 readwriteconf
3514. -rwxr-xr-x. 1 root root 28536 Aug 13 2014 rsasigkey
3515. -rwxr-xr-x. 1 root root 741 Aug 13 2014 secrets
3516. -rwxr-xr-x. 1 root root 6258 Aug 13 2014 setup
3517. -rwxr-xr-x. 1 root root 275936 Aug 13 2014 showhostkey
3518. -rwxr-xr-x. 1 root root 108480 Aug 13 2014 spi
3519. -rwxr-xr-x. 1 root root 83448 Aug 13 2014 spigrp
3520. -rwxr-xr-x. 1 root root 74808 Aug 13 2014 tncfg
3521. -rwxr-xr-x. 1 root root 15203 Aug 13 2014 verify
3522. -rwxr-xr-x. 1 root root 61352 Aug 13 2014 whack
3523. + _________________________ ipsec/ls-execdir
3524. + ls -l /usr/libexec/ipsec
3525. total 2668
3526. -rwxr-xr-x. 1 root root 1410 Aug 13 2014 _keycensor
3527. -rwxr-xr-x. 1 root root 15424 Aug 13 2014 _pluto_adns
3528. -rwxr-xr-x. 1 root root 2978 Aug 13 2014 _plutorun
3529. -rwxr-xr-x. 1 root root 1906 Aug 13 2014 _secretcensor
3530. -rwxr-xr-x. 1 root root 12334 Aug 13 2014 _stackmanager
3531. -rwxr-xr-x. 1 root root 4330 Aug 13 2014 _updown
3532. -rwxr-xr-x. 1 root root 18534 Aug 13 2014 _updown.klips
3533. -rwxr-xr-x. 1 root root 19572 Aug 13 2014 _updown.mast
3534. -rwxr-xr-x. 1 root root 14438 Aug 13 2014 _updown.netkey
3535. -rwxr-xr-x. 1 root root 245400 Aug 13 2014 addconn
3536. -rwxr-xr-x. 1 root root 7012 Aug 13 2014 auto
3537. -rwxr-xr-x. 1 root root 11824 Aug 13 2014 barf
3538. -rwxr-xr-x. 1 root root 91736 Aug 13 2014 eroute
3539. -rwxr-xr-x. 1 root root 28056 Aug 13 2014 ikeping
3540. -rwxr-xr-x. 1 root root 71248 Aug 13 2014 klipsdebug
3541. -rwxr-xr-x. 1 root root 2641 Aug 13 2014 look
3542. -rwxr-xr-x. 1 root root 2727 Aug 13 2014 newhostkey
3543. -rwxr-xr-x. 1 root root 66664 Aug 13 2014 pf_key
3544. -rwxr-xr-x. 1 root root 1187240 Aug 13 2014 pluto
3545. -rwxr-xr-x. 1 root root 220336 Aug 13 2014 readwriteconf
3546. -rwxr-xr-x. 1 root root 28536 Aug 13 2014 rsasigkey
3547. -rwxr-xr-x. 1 root root 741 Aug 13 2014 secrets
3548. -rwxr-xr-x. 1 root root 6258 Aug 13 2014 setup
3549. -rwxr-xr-x. 1 root root 275936 Aug 13 2014 showhostkey
3550. -rwxr-xr-x. 1 root root 108480 Aug 13 2014 spi
3551. -rwxr-xr-x. 1 root root 83448 Aug 13 2014 spigrp
3552. -rwxr-xr-x. 1 root root 74808 Aug 13 2014 tncfg
3553. -rwxr-xr-x. 1 root root 15203 Aug 13 2014 verify
3554. -rwxr-xr-x. 1 root root 61352 Aug 13 2014 whack
3555. + _________________________ /proc/net/dev
3556. + cat /proc/net/dev
3557. Inter-| Receive | Transmit
3558. face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed
3559. enp11s0f0: 39849348 175491 0 21 0 0 0 27699 41851773 133541 0 0 0 0 0 0
3560. enp0s29f0u2: 2389943 36715 0 0 0 0 0 0 0 0 0 0 0 0 0 0
3561. lo: 52396409 165095 0 0 0 0 0 0 52396409 165095 0 0 0 0 0 0
3562. enp11s0f1: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
3563. + _________________________ /proc/net/route
3564. + cat /proc/net/route
3565. Iface Destination Gateway Flags RefCnt Use Metric Mask MTU Window IRTT
3566. enp11s0f0 00000000 FE02010A 0003 0 0 1024 00000000 0 0 0
3567. enp11s0f0 0002010A 00000000 0001 0 0 0 00FFFFFF 0 0 0
3568. + _________________________ /proc/sys/net/ipv4/ip_no_pmtu_disc
3569. + cat /proc/sys/net/ipv4/ip_no_pmtu_disc
3570. 0
3571. + _________________________ /proc/sys/net/ipv4/ip_forward
3572. + cat /proc/sys/net/ipv4/ip_forward
3573. 0
3574. + _________________________ /proc/sys/net/ipv4/tcp_ecn
3575. + cat /proc/sys/net/ipv4/tcp_ecn
3576. 2
3577. + _________________________ /proc/sys/net/ipv4/conf/star-rp_filter
3578. + cd /proc/sys/net/ipv4/conf
3579. + egrep '^' all/rp_filter default/rp_filter enp0s29f0u2/rp_filter enp11s0f0/rp_filter enp11s0f1/rp_filter lo/rp_filter
3580. all/rp_filter:0
3581. default/rp_filter:0
3582. enp0s29f0u2/rp_filter:0
3583. enp11s0f0/rp_filter:0
3584. enp11s0f1/rp_filter:0
3585. lo/rp_filter:0
3586. + _________________________ /proc/sys/net/ipv4/conf/star-star-redirects
3587. + cd /proc/sys/net/ipv4/conf
3588. + egrep '^' all/accept_redirects all/secure_redirects all/send_redirects default/accept_redirects default/secure_redirects default/send_redirects enp0s29f0u2/accept_redirects enp0s29f0u2/secure_redirects enp0s29f0u2/send_redirects enp11s0f0/accept_redirects enp11s0f0/secure_redirects enp11s0f0/send_redirects enp11s0f1/accept_redirects enp11s0f1/secure_redirects enp11s0f1/send_redirects lo/accept_redirects lo/secure_redirects lo/send_redirects
3589. all/accept_redirects:0
3590. all/secure_redirects:1
3591. all/send_redirects:0
3592. default/accept_redirects:0
3593. default/secure_redirects:1
3594. default/send_redirects:0
3595. enp0s29f0u2/accept_redirects:0
3596. enp0s29f0u2/secure_redirects:1
3597. enp0s29f0u2/send_redirects:0
3598. enp11s0f0/accept_redirects:0
3599. enp11s0f0/secure_redirects:1
3600. enp11s0f0/send_redirects:0
3601. enp11s0f1/accept_redirects:0
3602. enp11s0f1/secure_redirects:1
3603. enp11s0f1/send_redirects:0
3604. lo/accept_redirects:0
3605. lo/secure_redirects:1
3606. lo/send_redirects:0
3607. + _________________________ /proc/sys/net/ipv4/tcp_window_scaling
3608. + cat /proc/sys/net/ipv4/tcp_window_scaling
3609. 1
3610. + _________________________ /proc/sys/net/ipv4/tcp_adv_win_scale
3611. + cat /proc/sys/net/ipv4/tcp_adv_win_scale
3612. 1
3613. + _________________________ uname-a
3614. + uname -a
3615. Linux mdserver.blueprintconsulting.com 3.10.0-123.el7.x86_64 #1 SMP Mon May 5 11:16:57 EDT 2014 x86_64 x86_64 x86_64 GNU/Linux
3616. + _________________________ config-built-with
3617. + test -r /proc/config_built_with
3618. + _________________________ distro-release
3619. + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
3620. + test -f /etc/redhat-release
3621. + cat /etc/redhat-release
3622. Red Hat Enterprise Linux Server release 7.0 (Maipo)
3623. + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
3624. + test -f /etc/debian-release
3625. + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
3626. + test -f /etc/SuSE-release
3627. + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
3628. + test -f /etc/mandrake-release
3629. + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
3630. + test -f /etc/mandriva-release
3631. + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
3632. + test -f /etc/gentoo-release
3633. + _________________________ /proc/net/ipsec_version
3634. + test -r /proc/net/ipsec_version
3635. + test -r /proc/net/pfkey
3636. ++ uname -r
3637. + echo 'NETKEY (3.10.0-123.el7.x86_64) support detected '
3638. NETKEY (3.10.0-123.el7.x86_64) support detected
3639. + _________________________ iptables
3640. + test -e /proc/net/ip_tables_names
3641. + test -r /sbin/iptables-save -o -r /usr/sbin/iptables-save
3642. + iptables-save --modprobe=/dev/null
3643. # Generated by iptables-save v1.4.21 on Fri Mar 20 14:01:24 2015
3644. *filter
3645. :INPUT ACCEPT [39595:5279294]
3646. :FORWARD ACCEPT [0:0]
3647. :OUTPUT ACCEPT [21998:4487761]
3648. COMMIT
3649. # Completed on Fri Mar 20 14:01:24 2015
3650. + _________________________ ip6tables
3651. + test -e ip6_tables_names
3652. + _________________________ /proc/modules
3653. + test -f /proc/modules
3654. + cat /proc/modules
3655. udp_diag 12801 0 - Live 0xffffffffa06f6000
3656. inet_diag 18543 1 udp_diag, Live 0xffffffffa06f0000
3657. iptable_filter 12810 0 - Live 0xffffffffa0194000
3658. ip_tables 27239 1 iptable_filter, Live 0xffffffffa06e8000
3659. authenc 17542 2 - Live 0xffffffffa06e2000
3660. cmac 12788 0 - Live 0xffffffffa06d2000
3661. rmd160 16744 0 - Live 0xffffffffa06dc000
3662. crypto_null 12840 0 - Live 0xffffffffa06d7000
3663. af_key 36098 0 - Live 0xffffffffa06c8000
3664. ah6 13014 0 - Live 0xffffffffa06c3000
3665. ah4 13044 0 - Live 0xffffffffa06be000
3666. esp6 17144 0 - Live 0xffffffffa06b8000
3667. esp4 17139 2 - Live 0xffffffffa06b2000
3668. xfrm4_mode_beet 12691 0 - Live 0xffffffffa06ad000
3669. xfrm4_tunnel 12857 0 - Live 0xffffffffa06a8000
3670. tunnel4 13252 1 xfrm4_tunnel, Live 0xffffffffa06a3000
3671. xfrm4_mode_tunnel 13227 4 - Live 0xffffffffa069e000
3672. xfrm4_mode_transport 12631 0 - Live 0xffffffffa0699000
3673. xfrm6_mode_transport 12631 0 - Live 0xffffffffa0694000
3674. xfrm6_mode_ro 12564 0 - Live 0xffffffffa068f000
3675. xfrm6_mode_beet 12658 0 - Live 0xffffffffa068a000
3676. xfrm6_mode_tunnel 12605 2 - Live 0xffffffffa0685000
3677. ipcomp 12661 0 - Live 0xffffffffa0680000
3678. ipcomp6 12662 0 - Live 0xffffffffa067b000
3679. xfrm6_tunnel 13661 1 ipcomp6, Live 0xffffffffa066c000
3680. tunnel6 13254 1 xfrm6_tunnel, Live 0xffffffffa0667000
3681. xfrm_ipcomp 13413 2 ipcomp,ipcomp6, Live 0xffffffffa0662000
3682. camellia_generic 29348 0 - Live 0xffffffffa0672000
3683. camellia_x86_64 52986 0 - Live 0xffffffffa064d000
3684. cast6_generic 21523 0 - Live 0xffffffffa065b000
3685. cast5_generic 21429 0 - Live 0xffffffffa0646000
3686. cast_common 12983 2 cast6_generic,cast5_generic, Live 0xffffffffa0641000
3687. deflate 12617 0 - Live 0xffffffffa063c000
3688. zlib_deflate 26914 1 deflate, Live 0xffffffffa062c000
3689. cts 12854 0 - Live 0xffffffffa0627000
3690. gcm 23457 0 - Live 0xffffffffa061c000
3691. ccm 17773 0 - Live 0xffffffffa0616000
3692. serpent_sse2_x86_64 50408 0 - Live 0xffffffffa0608000
3693. serpent_generic 29823 1 serpent_sse2_x86_64, Live 0xffffffffa05ff000
3694. blowfish_generic 12530 0 - Live 0xffffffffa05fa000
3695. blowfish_x86_64 21966 0 - Live 0xffffffffa05e9000
3696. blowfish_common 16739 2 blowfish_generic,blowfish_x86_64, Live 0xffffffffa05e3000
3697. twofish_generic 16635 0 - Live 0xffffffffa05f4000
3698. twofish_x86_64_3way 27146 0 - Live 0xffffffffa05db000
3699. xts 12914 3 camellia_x86_64,serpent_sse2_x86_64,twofish_x86_64_3way, Live 0xffffffffa05d6000
3700. twofish_x86_64 12907 1 twofish_x86_64_3way, Live 0xffffffffa05b2000
3701. twofish_common 21113 3 twofish_generic,twofish_x86_64_3way,twofish_x86_64, Live 0xffffffffa05cf000
3702. xcbc 12815 0 - Live 0xffffffffa0570000
3703. sha256_ssse3 22140 0 - Live 0xffffffffa05c8000
3704. sha512_ssse3 42168 0 - Live 0xffffffffa05bc000
3705. sha512_generic 12942 1 sha512_ssse3, Live 0xffffffffa056b000
3706. des_generic 21379 0 - Live 0xffffffffa05ab000
3707. mpt3sas 195268 0 - Live 0xffffffffa057a000
3708. lrw 13286 3 camellia_x86_64,serpent_sse2_x86_64,twofish_x86_64_3way, Live 0xffffffffa0575000
3709. mpt2sas 193927 2 - Live 0xffffffffa053a000
3710. gf128mul 14951 2 xts,lrw, Live 0xffffffffa0535000
3711. glue_helper 13990 3 camellia_x86_64,serpent_sse2_x86_64,twofish_x86_64_3way, Live 0xffffffffa0530000
3712. ablk_helper 13597 1 serpent_sse2_x86_64, Live 0xffffffffa051e000
3713. cryptd 20359 1 ablk_helper, Live 0xffffffffa052a000
3714. raid_class 13554 2 mpt3sas,mpt2sas, Live 0xffffffffa0525000
3715. scsi_transport_sas 41034 2 mpt3sas,mpt2sas, Live 0xffffffffa0507000
3716. mptctl 38332 1 - Live 0xffffffffa0513000
3717. mptbase 105960 1 mptctl, Live 0xffffffffa04ec000
3718. tpm_rng 12492 0 - Live 0xffffffffa04e7000
3719. timeriomem_rng 12852 0 - Live 0xffffffffa04e2000
3720. virtio_rng 13135 0 - Live 0xffffffffa04d1000
3721. virtio_ring 21011 1 virtio_rng, Live 0xffffffffa04ca000
3722. virtio 14187 1 virtio_rng, Live 0xffffffffa04c5000
3723. sg 36533 0 - Live 0xffffffffa0480000
3724. vfat 17411 1 - Live 0xffffffffa04bf000
3725. fat 65913 1 vfat, Live 0xffffffffa04ad000
3726. nls_utf8 12557 1 - Live 0xffffffffa047b000
3727. isofs 39842 1 - Live 0xffffffffa046c000
3728. loop 28035 2 - Live 0xffffffffa04da000
3729. coretemp 13435 0 - Live 0xffffffffa0467000
3730. iTCO_wdt 13480 0 - Live 0xffffffffa05b7000
3731. kvm_intel 138567 0 - Live 0xffffffffa048a000
3732. iTCO_vendor_support 13718 1 iTCO_wdt, Live 0xffffffffa03d7000
3733. ipmi_devintf 17572 0 - Live 0xffffffffa0636000
3734. kvm 441119 1 kvm_intel, Live 0xffffffffa03fa000
3735. cdc_ether 14351 0 - Live 0xffffffffa03ae000
3736. usbnet 43918 1 cdc_ether, Live 0xffffffffa03ee000
3737. mii 13934 1 usbnet, Live 0xffffffffa03ba000
3738. crc32c_intel 22079 0 - Live 0xffffffffa03b3000
3739. serio_raw 13462 0 - Live 0xffffffffa039a000
3740. ioatdma 67799 32 - Live 0xffffffffa03c5000
3741. ipmi_si 53257 0 - Live 0xffffffffa039f000
3742. lpc_ich 16977 0 - Live 0xffffffffa0394000
3743. mfd_core 13435 1 lpc_ich, Live 0xffffffffa0305000
3744. i2c_i801 18135 0 - Live 0xffffffffa03e8000
3745. dca 15130 1 ioatdma, Live 0xffffffffa0300000
3746. i7core_edac 24166 0 - Live 0xffffffffa038d000
3747. ipmi_msghandler 45306 2 ipmi_devintf,ipmi_si, Live 0xffffffffa0380000
3748. pcspkr 12718 0 - Live 0xffffffffa037b000
3749. edac_core 62330 2 i7core_edac, Live 0xffffffffa036a000
3750. shpchp 37032 0 - Live 0xffffffffa03dd000
3751. acpi_cpufreq 19790 0 - Live 0xffffffffa03bf000
3752. mperf 12667 1 acpi_cpufreq, Live 0xffffffffa01c0000
3753. nfsd 284378 1 - Live 0xffffffffa0323000
3754. auth_rpcgss 59368 1 nfsd, Live 0xffffffffa02f0000
3755. nfs_acl 12837 1 nfsd, Live 0xffffffffa018f000
3756. lockd 93977 1 nfsd, Live 0xffffffffa030b000
3757. sunrpc 293453 5 nfsd,auth_rpcgss,nfs_acl,lockd, Live 0xffffffffa02a7000
3758. uinput 17625 0 - Live 0xffffffffa01aa000
3759. xfs 914152 5 - Live 0xffffffffa01c6000
3760. dm_thin_pool 55788 5 - Live 0xffffffffa01b1000
3761. dm_persistent_data 61832 1 dm_thin_pool, Live 0xffffffffa0199000
3762. dm_bio_prison 15501 1 dm_thin_pool, Live 0xffffffffa016a000
3763. dm_bufio 27874 1 dm_persistent_data, Live 0xffffffffa0187000
3764. libcrc32c 12644 2 xfs,dm_persistent_data, Live 0xffffffffa008b000
3765. sd_mod 45373 4 - Live 0xffffffffa017a000
3766. sr_mod 22416 0 - Live 0xffffffffa016f000
3767. crc_t10dif 12714 1 sd_mod, Live 0xffffffffa0064000
3768. cdrom 42556 1 sr_mod, Live 0xffffffffa015e000
3769. crct10dif_common 12595 1 crc_t10dif, Live 0xffffffffa00ef000
3770. mgag200 42283 1 - Live 0xffffffffa0152000
3771. syscopyarea 12529 1 mgag200, Live 0xffffffffa00e0000
3772. sysfillrect 12701 1 mgag200, Live 0xffffffffa00db000
3773. ata_generic 12910 0 - Live 0xffffffffa0069000
3774. sysimgblt 12640 1 mgag200, Live 0xffffffffa0022000
3775. pata_acpi 13038 0 - Live 0xffffffffa00ea000
3776. i2c_algo_bit 13413 1 mgag200, Live 0xffffffffa00e5000
3777. drm_kms_helper 52758 1 mgag200, Live 0xffffffffa0144000
3778. ttm 83948 1 mgag200, Live 0xffffffffa012e000
3779. ata_piix 35038 0 - Live 0xffffffffa005a000
3780. libata 219478 3 ata_generic,pata_acpi,ata_piix, Live 0xffffffffa00f7000
3781. drm 297829 3 mgag200,drm_kms_helper,ttm, Live 0xffffffffa0091000
3782. i2c_core 40325 5 i2c_i801,mgag200,i2c_algo_bit,drm_kms_helper,drm, Live 0xffffffffa004f000
3783. megaraid_sas 95427 7 - Live 0xffffffffa0072000
3784. bnx2 89206 0 - Live 0xffffffffa0038000
3785. dm_mirror 22135 0 - Live 0xffffffffa002d000
3786. dm_region_hash 20862 1 dm_mirror, Live 0xffffffffa001b000
3787. dm_log 18411 2 dm_mirror,dm_region_hash, Live 0xffffffffa0027000
3788. dm_mod 102999 27 dm_thin_pool,dm_persistent_data,dm_bufio,dm_mirror,dm_log, Live 0xffffffffa0000000
3789. + _________________________ /proc/meminfo
3790. + cat /proc/meminfo
3791. MemTotal: 7999336 kB
3792. MemFree: 5804320 kB
3793. MemAvailable: 6452864 kB
3794. Buffers: 2056 kB
3795. Cached: 840100 kB
3796. SwapCached: 0 kB
3797. Active: 1274132 kB
3798. Inactive: 499156 kB
3799. Active(anon): 1003956 kB
3800. Inactive(anon): 48620 kB
3801. Active(file): 270176 kB
3802. Inactive(file): 450536 kB
3803. Unevictable: 18804 kB
3804. Mlocked: 18804 kB
3805. SwapTotal: 16383996 kB
3806. SwapFree: 16383996 kB
3807. Dirty: 76 kB
3808. Writeback: 0 kB
3809. AnonPages: 950232 kB
3810. Mapped: 56504 kB
3811. Shmem: 115444 kB
3812. Slab: 241248 kB
3813. SReclaimable: 181248 kB
3814. SUnreclaim: 60000 kB
3815. KernelStack: 3096 kB
3816. PageTables: 11844 kB
3817. NFS_Unstable: 0 kB
3818. Bounce: 0 kB
3819. WritebackTmp: 0 kB
3820. CommitLimit: 20383664 kB
3821. Committed_AS: 1666560 kB
3822. VmallocTotal: 34359738367 kB
3823. VmallocUsed: 573176 kB
3824. VmallocChunk: 34359152636 kB
3825. HardwareCorrupted: 0 kB
3826. AnonHugePages: 806912 kB
3827. HugePages_Total: 0
3828. HugePages_Free: 0
3829. HugePages_Rsvd: 0
3830. HugePages_Surp: 0
3831. Hugepagesize: 2048 kB
3832. DirectMap4k: 171904 kB
3833. DirectMap2M: 8206336 kB
3834. + _________________________ /proc/net/ipsec-ls
3835. + test -f /proc/net/ipsec_version
3836. + _________________________ usr/src/linux/.config
3837. + test -f /proc/config.gz
3838. ++ uname -r
3839. + test -f /lib/modules/3.10.0-123.el7.x86_64/build/.config
3840. + egrep 'CONFIG_IPSEC|CONFIG_KLIPS|CONFIG_NET_KEY|CONFIG_INET|CONFIG_IP|CONFIG_HW_RANDOM|CONFIG_CRYPTO_DEV|_XFRM'
3841. ++ uname -r
3842. + cat /lib/modules/3.10.0-123.el7.x86_64/build/.config
3843. CONFIG_IPC_NS=y
3844. CONFIG_XFRM=y
3845. CONFIG_XFRM_ALGO=y
3846. CONFIG_XFRM_USER=y
3847. CONFIG_XFRM_SUB_POLICY=y
3848. CONFIG_XFRM_MIGRATE=y
3849. CONFIG_XFRM_STATISTICS=y
3850. CONFIG_XFRM_IPCOMP=m
3851. CONFIG_NET_KEY=m
3852. CONFIG_NET_KEY_MIGRATE=y
3853. CONFIG_INET=y
3854. CONFIG_IP_MULTICAST=y
3855. CONFIG_IP_ADVANCED_ROUTER=y
3856. CONFIG_IP_FIB_TRIE_STATS=y
3857. CONFIG_IP_MULTIPLE_TABLES=y
3858. CONFIG_IP_ROUTE_MULTIPATH=y
3859. CONFIG_IP_ROUTE_VERBOSE=y
3860. CONFIG_IP_ROUTE_CLASSID=y
3861. # CONFIG_IP_PNP is not set
3862. CONFIG_IP_MROUTE=y
3863. CONFIG_IP_MROUTE_MULTIPLE_TABLES=y
3864. CONFIG_IP_PIMSM_V1=y
3865. CONFIG_IP_PIMSM_V2=y
3866. CONFIG_INET_AH=m
3867. CONFIG_INET_ESP=m
3868. CONFIG_INET_IPCOMP=m
3869. CONFIG_INET_XFRM_TUNNEL=m
3870. CONFIG_INET_TUNNEL=m
3871. CONFIG_INET_XFRM_MODE_TRANSPORT=m
3872. CONFIG_INET_XFRM_MODE_TUNNEL=m
3873. CONFIG_INET_XFRM_MODE_BEET=m
3874. CONFIG_INET_LRO=y
3875. CONFIG_INET_DIAG=m
3876. CONFIG_INET_TCP_DIAG=m
3877. CONFIG_INET_UDP_DIAG=m
3878. CONFIG_IPV6=y
3879. CONFIG_IPV6_ROUTER_PREF=y
3880. CONFIG_IPV6_ROUTE_INFO=y
3881. CONFIG_IPV6_OPTIMISTIC_DAD=y
3882. CONFIG_INET6_AH=m
3883. CONFIG_INET6_ESP=m
3884. CONFIG_INET6_IPCOMP=m
3885. CONFIG_IPV6_MIP6=m
3886. CONFIG_INET6_XFRM_TUNNEL=m
3887. CONFIG_INET6_TUNNEL=m
3888. CONFIG_INET6_XFRM_MODE_TRANSPORT=m
3889. CONFIG_INET6_XFRM_MODE_TUNNEL=m
3890. CONFIG_INET6_XFRM_MODE_BEET=m
3891. CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION=m
3892. CONFIG_IPV6_SIT=m
3893. CONFIG_IPV6_SIT_6RD=y
3894. CONFIG_IPV6_NDISC_NODETYPE=y
3895. CONFIG_IPV6_TUNNEL=m
3896. # CONFIG_IPV6_GRE is not set
3897. CONFIG_IPV6_MULTIPLE_TABLES=y
3898. # CONFIG_IPV6_SUBTREES is not set
3899. CONFIG_IPV6_MROUTE=y
3900. CONFIG_IPV6_MROUTE_MULTIPLE_TABLES=y
3901. CONFIG_IPV6_PIMSM_V2=y
3902. CONFIG_IP_SET=m
3903. CONFIG_IP_SET_MAX=256
3904. CONFIG_IP_SET_BITMAP_IP=m
3905. CONFIG_IP_SET_BITMAP_IPMAC=m
3906. CONFIG_IP_SET_BITMAP_PORT=m
3907. CONFIG_IP_SET_HASH_IP=m
3908. CONFIG_IP_SET_HASH_IPPORT=m
3909. CONFIG_IP_SET_HASH_IPPORTIP=m
3910. CONFIG_IP_SET_HASH_IPPORTNET=m
3911. CONFIG_IP_SET_HASH_NET=m
3912. CONFIG_IP_SET_HASH_NETPORT=m
3913. CONFIG_IP_SET_HASH_NETIFACE=m
3914. CONFIG_IP_SET_LIST_SET=m
3915. CONFIG_IP_VS=m
3916. CONFIG_IP_VS_IPV6=y
3917. # CONFIG_IP_VS_DEBUG is not set
3918. CONFIG_IP_VS_TAB_BITS=12
3919. CONFIG_IP_VS_PROTO_TCP=y
3920. CONFIG_IP_VS_PROTO_UDP=y
3921. CONFIG_IP_VS_PROTO_AH_ESP=y
3922. CONFIG_IP_VS_PROTO_ESP=y
3923. CONFIG_IP_VS_PROTO_AH=y
3924. CONFIG_IP_VS_PROTO_SCTP=y
3925. CONFIG_IP_VS_RR=m
3926. CONFIG_IP_VS_WRR=m
3927. CONFIG_IP_VS_LC=m
3928. CONFIG_IP_VS_WLC=m
3929. CONFIG_IP_VS_LBLC=m
3930. CONFIG_IP_VS_LBLCR=m
3931. CONFIG_IP_VS_DH=m
3932. CONFIG_IP_VS_SH=m
3933. CONFIG_IP_VS_SED=m
3934. CONFIG_IP_VS_NQ=m
3935. CONFIG_IP_VS_SH_TAB_BITS=8
3936. CONFIG_IP_VS_FTP=m
3937. CONFIG_IP_VS_NFCT=y
3938. CONFIG_IP_VS_PE_SIP=m
3939. CONFIG_IP_NF_IPTABLES=m
3940. CONFIG_IP_NF_MATCH_AH=m
3941. CONFIG_IP_NF_MATCH_ECN=m
3942. CONFIG_IP_NF_MATCH_RPFILTER=m
3943. CONFIG_IP_NF_MATCH_TTL=m
3944. CONFIG_IP_NF_FILTER=m
3945. CONFIG_IP_NF_TARGET_REJECT=m
3946. CONFIG_IP_NF_TARGET_SYNPROXY=m
3947. CONFIG_IP_NF_TARGET_ULOG=m
3948. CONFIG_IP_NF_TARGET_MASQUERADE=m
3949. CONFIG_IP_NF_TARGET_NETMAP=m
3950. CONFIG_IP_NF_TARGET_REDIRECT=m
3951. CONFIG_IP_NF_MANGLE=m
3952. CONFIG_IP_NF_TARGET_CLUSTERIP=m
3953. CONFIG_IP_NF_TARGET_ECN=m
3954. CONFIG_IP_NF_TARGET_TTL=m
3955. CONFIG_IP_NF_RAW=m
3956. CONFIG_IP_NF_SECURITY=m
3957. CONFIG_IP_NF_ARPTABLES=m
3958. CONFIG_IP_NF_ARPFILTER=m
3959. CONFIG_IP_NF_ARP_MANGLE=m
3960. CONFIG_IP6_NF_IPTABLES=m
3961. CONFIG_IP6_NF_MATCH_AH=m
3962. CONFIG_IP6_NF_MATCH_EUI64=m
3963. CONFIG_IP6_NF_MATCH_FRAG=m
3964. CONFIG_IP6_NF_MATCH_OPTS=m
3965. CONFIG_IP6_NF_MATCH_HL=m
3966. CONFIG_IP6_NF_MATCH_IPV6HEADER=m
3967. CONFIG_IP6_NF_MATCH_MH=m
3968. CONFIG_IP6_NF_MATCH_RPFILTER=m
3969. CONFIG_IP6_NF_MATCH_RT=m
3970. CONFIG_IP6_NF_TARGET_HL=m
3971. CONFIG_IP6_NF_FILTER=m
3972. CONFIG_IP6_NF_TARGET_REJECT=m
3973. CONFIG_IP6_NF_TARGET_SYNPROXY=m
3974. CONFIG_IP6_NF_MANGLE=m
3975. CONFIG_IP6_NF_RAW=m
3976. CONFIG_IP6_NF_SECURITY=m
3977. CONFIG_IP6_NF_TARGET_MASQUERADE=m
3978. # CONFIG_IP6_NF_TARGET_NPT is not set
3979. CONFIG_IP_DCCP=m
3980. CONFIG_INET_DCCP_DIAG=m
3981. # CONFIG_IP_DCCP_CCID2_DEBUG is not set
3982. CONFIG_IP_DCCP_CCID3=y
3983. # CONFIG_IP_DCCP_CCID3_DEBUG is not set
3984. CONFIG_IP_DCCP_TFRC_LIB=y
3985. # CONFIG_IP_DCCP_DEBUG is not set
3986. CONFIG_IP_SCTP=m
3987. # CONFIG_IPX is not set
3988. CONFIG_IP1000=m
3989. # CONFIG_IPW2100 is not set
3990. # CONFIG_IPW2200 is not set
3991. CONFIG_IPPP_FILTER=y
3992. CONFIG_IPMI_HANDLER=m
3993. # CONFIG_IPMI_PANIC_EVENT is not set
3994. CONFIG_IPMI_DEVICE_INTERFACE=m
3995. CONFIG_IPMI_SI=m
3996. CONFIG_IPMI_WATCHDOG=m
3997. CONFIG_IPMI_POWEROFF=m
3998. CONFIG_HW_RANDOM=y
3999. CONFIG_HW_RANDOM_TIMERIOMEM=m
4000. CONFIG_HW_RANDOM_INTEL=m
4001. CONFIG_HW_RANDOM_AMD=m
4002. CONFIG_HW_RANDOM_VIA=m
4003. CONFIG_HW_RANDOM_VIRTIO=m
4004. CONFIG_HW_RANDOM_TPM=m
4005. # CONFIG_IPACK_BUS is not set
4006. CONFIG_SECURITY_NETWORK_XFRM=y
4007. CONFIG_CRYPTO_DEV_PADLOCK=m
4008. CONFIG_CRYPTO_DEV_PADLOCK_AES=m
4009. CONFIG_CRYPTO_DEV_PADLOCK_SHA=m
4010. + _________________________ etc/syslog.conf
4011. + _________________________ etc/syslog-ng/syslog-ng.conf
4012. + cat /etc/syslog-ng/syslog-ng.conf
4013. cat: /etc/syslog-ng/syslog-ng.conf: No such file or directory
4014. + cat /etc/syslog.conf
4015. cat: /etc/syslog.conf: No such file or directory
4016. + _________________________ etc/resolv.conf
4017. + cat /etc/resolv.conf
4018. # Generated by NetworkManager
4019. search blueprintconsulting.com
4020. nameserver 127.0.0.1
4021. + _________________________ lib/modules-ls
4022. + ls -ltr /lib/modules
4023. total 4
4024. drwxr-xr-x. 6 root root 4096 Feb 5 13:43 3.10.0-123.el7.x86_64
4025. + _________________________ fipscheck
4026. + cat /proc/sys/crypto/fips_enabled
4027. 0
4028. + _________________________ /proc/ksyms-netif_rx
4029. + test -r /proc/ksyms
4030. + test -r /proc/kallsyms
4031. + egrep netif_rx /proc/kallsyms
4032. ffffffff814cf210 T netif_rx
4033. ffffffff814cf650 T netif_rx_ni
4034. ffffffff81870c98 r __tracepoint_ptr_netif_rx
4035. ffffffff818726ad r __tpstrtab_netif_rx
4036. ffffffff818838f0 r __ksymtab_netif_rx
4037. ffffffff81883900 r __ksymtab_netif_rx_ni
4038. ffffffff81898808 r __kcrctab_netif_rx
4039. ffffffff81898810 r __kcrctab_netif_rx_ni
4040. ffffffff818ba17d r __kstrtab_netif_rx_ni
4041. ffffffff818ba189 r __kstrtab_netif_rx
4042. ffffffff819a34c0 d event_netif_rx
4043. ffffffff819bd500 D __tracepoint_netif_rx
4044. ffffffff81b61a00 t __event_netif_rx
4045. + _________________________ lib/modules-netif_rx
4046. + modulegoo kernel/net/ipv4/ipip.o netif_rx
4047. + set +x
4048. 3.10.0-123.el7.x86_64:
4049. + _________________________ kern.debug
4050. + test -f /var/log/kern.debug
4051. + _________________________ klog
4052. + sed -n '1,$p' /dev/null
4053. + egrep -i 'ipsec|klips|pluto'
4054. + case "$1" in
4055. + cat
4056. + _________________________ plog
4057. + sed -n '23701,$p' /var/log/messages-20150308
4058. + egrep -i pluto
4059. + case "$1" in
4060. + cat
4061. Mar 6 12:45:27 mdserver whack: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
4062. Mar 6 12:45:28 mdserver whack: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
4063. Mar 6 12:45:28 mdserver whack: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
4064. Mar 6 12:45:29 mdserver whack: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
4065. Mar 6 12:45:29 mdserver setroubleshoot: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket . For complete SELinux messages. run sealert -l df53c67c-488e-4f7a-9ba5-81389b6074c1
4066. Mar 6 12:45:29 mdserver python: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket .
4067. If you want to allow /usr/libexec/ipsec/pluto to bind to network port 501
4068. If you believe that pluto should be allowed name_bind access on the udp_socket by default.
4069. # grep pluto /var/log/audit/audit.log | audit2allow -M mypol
4070. Mar 6 12:45:29 mdserver setroubleshoot: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket . For complete SELinux messages. run sealert -l df53c67c-488e-4f7a-9ba5-81389b6074c1
4071. Mar 6 12:45:29 mdserver python: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket .
4072. If you want to allow /usr/libexec/ipsec/pluto to bind to network port 501
4073. If you believe that pluto should be allowed name_bind access on the udp_socket by default.
4074. # grep pluto /var/log/audit/audit.log | audit2allow -M mypol
4075. Mar 6 12:45:29 mdserver setroubleshoot: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket . For complete SELinux messages. run sealert -l df53c67c-488e-4f7a-9ba5-81389b6074c1
4076. Mar 6 12:45:29 mdserver python: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket .
4077. If you want to allow /usr/libexec/ipsec/pluto to bind to network port 501
4078. If you believe that pluto should be allowed name_bind access on the udp_socket by default.
4079. # grep pluto /var/log/audit/audit.log | audit2allow -M mypol
4080. Mar 6 12:45:29 mdserver setroubleshoot: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket . For complete SELinux messages. run sealert -l df53c67c-488e-4f7a-9ba5-81389b6074c1
4081. Mar 6 12:45:29 mdserver python: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket .
4082. If you want to allow /usr/libexec/ipsec/pluto to bind to network port 501
4083. If you believe that pluto should be allowed name_bind access on the udp_socket by default.
4084. # grep pluto /var/log/audit/audit.log | audit2allow -M mypol
4085. Mar 6 12:45:29 mdserver whack: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
4086. Mar 6 12:45:29 mdserver setroubleshoot: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket . For complete SELinux messages. run sealert -l df53c67c-488e-4f7a-9ba5-81389b6074c1
4087. Mar 6 12:45:29 mdserver python: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket .
4088. If you want to allow /usr/libexec/ipsec/pluto to bind to network port 501
4089. If you believe that pluto should be allowed name_bind access on the udp_socket by default.
4090. # grep pluto /var/log/audit/audit.log | audit2allow -M mypol
4091. Mar 6 12:46:42 mdserver whack: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
4092. Mar 6 12:46:43 mdserver whack: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
4093. Mar 6 12:46:43 mdserver whack: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
4094. Mar 6 12:46:43 mdserver setroubleshoot: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket . For complete SELinux messages. run sealert -l df53c67c-488e-4f7a-9ba5-81389b6074c1
4095. Mar 6 12:46:43 mdserver python: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket .
4096. If you want to allow /usr/libexec/ipsec/pluto to bind to network port 501
4097. If you believe that pluto should be allowed name_bind access on the udp_socket by default.
4098. # grep pluto /var/log/audit/audit.log | audit2allow -M mypol
4099. Mar 6 12:46:43 mdserver setroubleshoot: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket . For complete SELinux messages. run sealert -l df53c67c-488e-4f7a-9ba5-81389b6074c1
4100. Mar 6 12:46:43 mdserver python: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket .
4101. If you want to allow /usr/libexec/ipsec/pluto to bind to network port 501
4102. If you believe that pluto should be allowed name_bind access on the udp_socket by default.
4103. # grep pluto /var/log/audit/audit.log | audit2allow -M mypol
4104. Mar 6 12:46:43 mdserver setroubleshoot: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket . For complete SELinux messages. run sealert -l df53c67c-488e-4f7a-9ba5-81389b6074c1
4105. Mar 6 12:46:43 mdserver python: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket .
4106. If you want to allow /usr/libexec/ipsec/pluto to bind to network port 501
4107. If you believe that pluto should be allowed name_bind access on the udp_socket by default.
4108. # grep pluto /var/log/audit/audit.log | audit2allow -M mypol
4109. Mar 6 12:46:44 mdserver whack: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
4110. Mar 6 12:46:44 mdserver setroubleshoot: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket . For complete SELinux messages. run sealert -l df53c67c-488e-4f7a-9ba5-81389b6074c1
4111. Mar 6 12:46:44 mdserver python: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket .
4112. If you want to allow /usr/libexec/ipsec/pluto to bind to network port 501
4113. If you believe that pluto should be allowed name_bind access on the udp_socket by default.
4114. # grep pluto /var/log/audit/audit.log | audit2allow -M mypol
4115. Mar 6 12:46:44 mdserver whack: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
4116. Mar 6 12:46:44 mdserver setroubleshoot: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket . For complete SELinux messages. run sealert -l df53c67c-488e-4f7a-9ba5-81389b6074c1
4117. Mar 6 12:46:44 mdserver python: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket .
4118. If you want to allow /usr/libexec/ipsec/pluto to bind to network port 501
4119. If you believe that pluto should be allowed name_bind access on the udp_socket by default.
4120. # grep pluto /var/log/audit/audit.log | audit2allow -M mypol
4121. + _________________________ date
4122. + date
4123. Fri Mar 20 14:01:24 EST 2015
4124. [root@mdserver ~]# /etc/ipsec.d/when_does_ping_stop 10.1.2.2 10.1.0.1
4125. Error: Ping "10.1.2.2" -> "10.1.2.2" failed.
4126. Error: Ping "10.1.2.2" -> "10.1.0.1" failed.
4127. [root@mdserver ~]# /etc/ipsec.d/when_does_ping_stop 10.1.2.2 10.1.0.1
4128. 2015 Mar 20 14:02:08 Ping from 10.1.2.2 to 10.1.0.1 after a delay of 1 seconds succeeded.
4129. 2015 Mar 20 14:02:08 Ping from 10.1.2.2 to 10.1.2.2 after a delay of 1 seconds succeeded.
4130. 2015 Mar 20 14:02:09 Ping from 10.1.2.2 to 10.1.0.1 after a delay of 2 seconds succeeded.
4131. 2015 Mar 20 14:02:09 Ping from 10.1.2.2 to 10.1.2.2 after a delay of 2 seconds succeeded.
4132. 2015 Mar 20 14:02:11 Ping from 10.1.2.2 to 10.1.0.1 after a delay of 3 seconds succeeded.
4133. 2015 Mar 20 14:02:11 Ping from 10.1.2.2 to 10.1.2.2 after a delay of 3 seconds succeeded.
4134. 2015 Mar 20 14:02:14 Ping from 10.1.2.2 to 10.1.0.1 after a delay of 4 seconds succeeded.
4135. 2015 Mar 20 14:02:14 Ping from 10.1.2.2 to 10.1.2.2 after a delay of 4 seconds succeeded.
4136. 2015 Mar 20 14:02:18 Ping from 10.1.2.2 to 10.1.0.1 after a delay of 5 seconds succeeded.
4137. 2015 Mar 20 14:02:18 Ping from 10.1.2.2 to 10.1.2.2 after a delay of 5 seconds succeeded.
4138. 2015 Mar 20 14:02:23 Ping from 10.1.2.2 to 10.1.0.1 after a delay of 6 seconds succeeded.
4139. 2015 Mar 20 14:02:23 Ping from 10.1.2.2 to 10.1.2.2 after a delay of 6 seconds succeeded.
4140. 2015 Mar 20 14:02:29 Ping from 10.1.2.2 to 10.1.0.1 after a delay of 7 seconds succeeded.
4141. 2015 Mar 20 14:02:29 Ping from 10.1.2.2 to 10.1.2.2 after a delay of 7 seconds succeeded.
4142. 2015 Mar 20 14:02:36 Ping from 10.1.2.2 to 10.1.0.1 after a delay of 8 seconds succeeded.
4143. 2015 Mar 20 14:02:37 Ping from 10.1.2.2 to 10.1.2.2 after a delay of 8 seconds succeeded.
4144. 2015 Mar 20 14:02:44 Ping from 10.1.2.2 to 10.1.0.1 after a delay of 9 seconds succeeded.
4145. 2015 Mar 20 14:02:45 Ping from 10.1.2.2 to 10.1.2.2 after a delay of 9 seconds succeeded.
4146. 2015 Mar 20 14:02:53 Ping from 10.1.2.2 to 10.1.0.1 after a delay of 10 seconds succeeded.
4147. 2015 Mar 20 14:02:54 Ping from 10.1.2.2 to 10.1.2.2 after a delay of 10 seconds succeeded.
4148. 2015 Mar 20 14:03:03 Ping from 10.1.2.2 to 10.1.0.1 after a delay of 11 seconds succeeded.
4149. 2015 Mar 20 14:03:04 Ping from 10.1.2.2 to 10.1.2.2 after a delay of 11 seconds succeeded.
4150. 2015 Mar 20 14:03:14 Ping from 10.1.2.2 to 10.1.0.1 after a delay of 12 seconds succeeded.
4151. 2015 Mar 20 14:03:15 Ping from 10.1.2.2 to 10.1.2.2 after a delay of 12 seconds succeeded.
4152. 2015 Mar 20 14:03:26 Ping from 10.1.2.2 to 10.1.0.1 after a delay of 13 seconds succeeded.
4153. 2015 Mar 20 14:03:27 Ping from 10.1.2.2 to 10.1.2.2 after a delay of 13 seconds succeeded.
4154. 2015 Mar 20 14:03:39 Ping from 10.1.2.2 to 10.1.0.1 after a delay of 14 seconds succeeded.
4155. 2015 Mar 20 14:03:40 Ping from 10.1.2.2 to 10.1.2.2 after a delay of 14 seconds succeeded.
4156. 2015 Mar 20 14:03:54 Ping from 10.1.2.2 to 10.1.0.1 after a delay of 15 seconds succeeded.
4157. 2015 Mar 20 14:03:54 Ping from 10.1.2.2 to 10.1.2.2 after a delay of 15 seconds succeeded.
4158. 2015 Mar 20 14:04:09 Ping from 10.1.2.2 to 10.1.0.1 after a delay of 16 seconds succeeded.
4159. 2015 Mar 20 14:04:09 Ping from 10.1.2.2 to 10.1.2.2 after a delay of 16 seconds succeeded.
4160. 2015 Mar 20 14:04:25 Ping from 10.1.2.2 to 10.1.0.1 after a delay of 17 seconds succeeded.
4161. 2015 Mar 20 14:04:25 Ping from 10.1.2.2 to 10.1.2.2 after a delay of 17 seconds succeeded.
4162. 2015 Mar 20 14:04:42 Ping from 10.1.2.2 to 10.1.0.1 after a delay of 18 seconds succeeded.
4163. 2015 Mar 20 14:04:42 Ping from 10.1.2.2 to 10.1.2.2 after a delay of 18 seconds succeeded.
4164. 2015 Mar 20 14:05:00 Ping from 10.1.2.2 to 10.1.0.1 after a delay of 19 seconds succeeded.
4165. 2015 Mar 20 14:05:00 Ping from 10.1.2.2 to 10.1.2.2 after a delay of 19 seconds succeeded.
4166. 2015 Mar 20 14:05:19 Ping from 10.1.2.2 to 10.1.0.1 after a delay of 20 seconds succeeded.
4167. 2015 Mar 20 14:05:19 Ping from 10.1.2.2 to 10.1.2.2 after a delay of 20 seconds succeeded.
4168. 2015 Mar 20 14:05:39 Ping from 10.1.2.2 to 10.1.0.1 after a delay of 21 seconds succeeded.
4169. 2015 Mar 20 14:05:40 Ping from 10.1.2.2 to 10.1.2.2 after a delay of 21 seconds succeeded.
4170. 2015 Mar 20 14:06:00 Ping from 10.1.2.2 to 10.1.0.1 after a delay of 22 seconds succeeded.
4171. 2015 Mar 20 14:06:01 Ping from 10.1.2.2 to 10.1.2.2 after a delay of 22 seconds succeeded.
4172. 2015 Mar 20 14:06:22 Ping from 10.1.2.2 to 10.1.0.1 after a delay of 23 seconds succeeded.
4173. 2015 Mar 20 14:06:23 Ping from 10.1.2.2 to 10.1.2.2 after a delay of 23 seconds succeeded.
4174. 2015 Mar 20 14:06:45 Ping from 10.1.2.2 to 10.1.0.1 after a delay of 24 seconds succeeded.
4175. 2015 Mar 20 14:06:46 Ping from 10.1.2.2 to 10.1.2.2 after a delay of 24 seconds succeeded.
4176. 2015 Mar 20 14:07:09 Ping from 10.1.2.2 to 10.1.0.1 after a delay of 25 seconds succeeded.
4177. 2015 Mar 20 14:07:10 Ping from 10.1.2.2 to 10.1.2.2 after a delay of 25 seconds succeeded.
4178. 2015 Mar 20 14:07:34 Ping from 10.1.2.2 to 10.1.0.1 after a delay of 26 seconds succeeded.
4179. 2015 Mar 20 14:07:35 Ping from 10.1.2.2 to 10.1.2.2 after a delay of 26 seconds succeeded.
4180. 2015 Mar 20 14:10:28 Ping from 10.1.2.2 to 10.1.0.1 after a delay of 27 seconds failed, waiting up to 60 seconds for a successful response.2015 Mar 20 14:10:28 Ping from 10.1.2.2 to 10.1.2.2 after a delay of 27 seconds failed, waiting up to 60 seconds for a successful response.........................TIMEOUT
4181. TIMEOUT
4182. [root@mdserver ~]#