Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [root@mdserver ~]# /etc/ipsec.d/show_ipsec_config
- # ==== Output of mdserver command: "systemctl stop ipsec"
- # ==== Output of mdserver command: "cat /etc/redhat-release"
- Red Hat Enterprise Linux Server release 7.0 (Maipo)
- # ==== Output of mdserver command: "rpm -q libreswan"
- libreswan-3.8-6.el7_0.x86_64
- # ==== Output of mdserver command: "cat /etc/sysconfig/pluto"
- # Put extra pluto command line options you want here
- PLUTO_OPTIONS=" "
- ##IPSEC_INIT_SCRIPT_DEBUG="1"
- #; # Added by Paul
- # ==== Output of mdserver command: "cat /etc/ipsec.conf"
- config setup
- plutodebug="all crypt"
- protostack=netkey
- dumpdir=/var/run/pluto/
- virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:100.64.0.0/10,%v6:fd00::/8,%v6:fe80::/10,!%v4:172.31.0.0/20
- include /etc/ipsec.d/*.conf
- # ==== Output of mdserver command: "ls /etc/ipsec.d/*{conf,secrets}"
- /etc/ipsec.d/amazoncore.conf /etc/ipsec.d/amazoncore.secrets
- # ==== Output of mdserver command: "cat /etc/ipsec.d/*conf"
- conn amazoncore
- type=tunnel
- authby=secret
- auto=start
- ike=aes256-sha1;modp1536,3des-md5;modp1024
- forceencaps=yes
- left=54.66.129.223
- leftid=@blender
- leftsourceip=10.1.0.1
- leftsubnet=10.1.0.0/16
- right=%defaultroute
- rightid=@potatoe
- rightsubnet=10.1.2.0/24
- # ==== Output of mdserver command: "sed 's/PSK \".*/PSK \"PRIVATE\"/' /etc/ipsec.d/*.secrets"
- @blender @potatoe: PSK "PRIVATE"
- # ==== Output of mdserver command: "iptables -L -n"
- Chain INPUT (policy ACCEPT)
- target prot opt source destination
- Chain FORWARD (policy ACCEPT)
- target prot opt source destination
- Chain OUTPUT (policy ACCEPT)
- target prot opt source destination
- # ==== Output of mdserver command: "ip link"
- 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT
- link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
- 2: enp11s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT qlen 1000
- link/ether 00:21:5e:09:a9:1c brd ff:ff:ff:ff:ff:ff
- 3: enp11s0f1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN mode DEFAULT qlen 1000
- link/ether 00:21:5e:09:a9:1e brd ff:ff:ff:ff:ff:ff
- 4: enp0s29f0u2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN mode DEFAULT qlen 1000
- link/ether 02:21:5e:0a:a9:1f brd ff:ff:ff:ff:ff:ff
- # ==== Output of mdserver command: "ip addr"
- 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
- link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
- inet 127.0.0.1/8 scope host lo
- valid_lft forever preferred_lft forever
- inet6 ::1/128 scope host
- valid_lft forever preferred_lft forever
- 2: enp11s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
- link/ether 00:21:5e:09:a9:1c brd ff:ff:ff:ff:ff:ff
- inet 10.1.2.2/24 brd 10.1.2.255 scope global enp11s0f0
- valid_lft forever preferred_lft forever
- inet6 fe80::221:5eff:fe09:a91c/64 scope link
- valid_lft forever preferred_lft forever
- 3: enp11s0f1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN qlen 1000
- link/ether 00:21:5e:09:a9:1e brd ff:ff:ff:ff:ff:ff
- 4: enp0s29f0u2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
- link/ether 02:21:5e:0a:a9:1f brd ff:ff:ff:ff:ff:ff
- # ==== Output of mdserver command: "ip neigh"
- fe80::9e97:26ff:fee5:2a26 dev enp11s0f0 lladdr 9c:97:26:e5:2a:26 router STALE
- 10.1.2.254 dev enp11s0f0 lladdr 9c:97:26:e5:2a:26 REACHABLE
- 10.1.2.10 dev enp11s0f0 lladdr 00:26:9e:52:e7:4c STALE
- 10.1.2.17 dev enp11s0f0 lladdr 50:e5:49:6d:d3:f5 STALE
- # ==== Output of mdserver command: "ip route"
- default via 10.1.2.254 dev enp11s0f0 proto static metric 1024
- 10.1.2.0/24 dev enp11s0f0 proto kernel scope link src 10.1.2.2
- # ==== Output of mdserver command: "ip xfrm state"
- # ==== Output of mdserver command: "cp -a /var/log/pluto/ipsec.log{,.10305} && > /var/log/pluto/ipsec.log"
- # ==== Output of mdserver command: "systemctl start ipsec"
- # ==== Output of mdserver command: "ipsec barf"
- Unable to find KLIPS messages, typically found in /var/log/messages or equivalent. You may need to run Libreswan for the first time; alternatively, your log files have been emptied (ie, logwatch) or we do not understand your logging configuration.
- mdserver.blueprintconsulting.com
- Fri Mar 20 14:00:53 EST 2015
- + _________________________ version
- + ipsec --version
- Linux Libreswan 3.8 (netkey) on 3.10.0-123.el7.x86_64
- + _________________________ /proc/version
- + cat /proc/version
- Linux version 3.10.0-123.el7.x86_64 (mockbuild@x86-017.build.eng.bos.redhat.com) (gcc version 4.8.2 20140120 (Red Hat 4.8.2-16) (GCC) ) #1 SMP Mon May 5 11:16:57 EDT 2014
- + _________________________ /proc/net/ipsec_eroute
- + test -r /proc/net/ipsec_eroute
- + _________________________ netstat-rn
- + netstat -nr
- + head -n 100
- Kernel IP routing table
- Destination Gateway Genmask Flags MSS Window irtt Iface
- 0.0.0.0 10.1.2.254 0.0.0.0 UG 0 0 0 enp11s0f0
- 10.1.2.0 0.0.0.0 255.255.255.0 U 0 0 0 enp11s0f0
- + _________________________ /proc/net/ipsec_spi
- + test -r /proc/net/ipsec_spi
- + _________________________ /proc/net/ipsec_spigrp
- + test -r /proc/net/ipsec_spigrp
- + _________________________ /proc/net/ipsec_tncfg
- + test -r /proc/net/ipsec_tncfg
- + _________________________ /proc/net/pfkey
- + test -r /proc/net/pfkey
- + cat /proc/net/pfkey
- sk RefCnt Rmem Wmem User Inode
- + _________________________ ip-xfrm-state
- + ip xfrm state
- + _________________________ ip-xfrm-policy
- + ip xfrm policy
- src ::/0 dst ::/0
- socket out priority 0 ptype main
- src ::/0 dst ::/0
- socket in priority 0 ptype main
- src 0.0.0.0/0 dst 0.0.0.0/0
- socket out priority 0 ptype main
- src 0.0.0.0/0 dst 0.0.0.0/0
- socket in priority 0 ptype main
- src 0.0.0.0/0 dst 0.0.0.0/0
- socket out priority 0 ptype main
- src 0.0.0.0/0 dst 0.0.0.0/0
- socket in priority 0 ptype main
- + _________________________ ip-xfrm-stats
- + cat /proc/net/xfrm_stat
- XfrmInError 0
- XfrmInBufferError 0
- XfrmInHdrError 0
- XfrmInNoStates 0
- XfrmInStateProtoError 0
- XfrmInStateModeError 0
- XfrmInStateSeqError 0
- XfrmInStateExpired 0
- XfrmInStateMismatch 0
- XfrmInStateInvalid 0
- XfrmInTmplMismatch 24490
- XfrmInNoPols 0
- XfrmInPolBlock 0
- XfrmInPolError 0
- XfrmOutError 0
- XfrmOutBundleGenError 0
- XfrmOutBundleCheckError 0
- XfrmOutNoStates 1
- XfrmOutStateProtoError 0
- XfrmOutStateModeError 0
- XfrmOutStateSeqError 0
- XfrmOutStateExpired 0
- XfrmOutPolBlock 0
- XfrmOutPolDead 0
- XfrmOutPolError 0
- XfrmFwdHdrError 0
- XfrmOutStateInvalid 0
- + _________________________ ip-l2tp-tunnel
- + test -d /sys/module/l2tp_core
- + _________________________ /proc/crypto
- + test -r /proc/crypto
- + cat /proc/crypto
- name : authenc(hmac(sha1),cbc(aes))
- driver : authenc(hmac(sha1-generic),cbc(aes-asm))
- module : authenc
- priority : 2000
- refcnt : 1
- selftest : passed
- type : aead
- async : no
- blocksize : 16
- ivsize : 16
- maxauthsize : 20
- geniv : <built-in>
- name : cbc(aes)
- driver : cbc(aes-asm)
- module : kernel
- priority : 200
- refcnt : 1
- selftest : passed
- type : givcipher
- async : no
- blocksize : 16
- min keysize : 16
- max keysize : 32
- ivsize : 16
- geniv : eseqiv
- name : rfc3686(ctr(aes))
- driver : rfc3686(ctr(aes-asm))
- module : kernel
- priority : 200
- refcnt : 1
- selftest : passed
- type : ablkcipher
- async : yes
- blocksize : 1
- min keysize : 20
- max keysize : 36
- ivsize : 8
- geniv : seqiv
- name : ctr(aes)
- driver : ctr(aes-asm)
- module : kernel
- priority : 200
- refcnt : 1
- selftest : passed
- type : givcipher
- async : yes
- blocksize : 1
- min keysize : 16
- max keysize : 32
- ivsize : 16
- geniv : chainiv
- name : ctr(aes)
- driver : ctr(aes-asm)
- module : kernel
- priority : 200
- refcnt : 1
- selftest : passed
- type : blkcipher
- blocksize : 1
- min keysize : 16
- max keysize : 32
- ivsize : 16
- geniv : chainiv
- name : cbc(cast5)
- driver : cbc(cast5-generic)
- module : kernel
- priority : 100
- refcnt : 1
- selftest : passed
- type : blkcipher
- blocksize : 8
- min keysize : 5
- max keysize : 16
- ivsize : 8
- geniv : <default>
- name : cbc(des3_ede)
- driver : cbc(des3_ede-generic)
- module : kernel
- priority : 0
- refcnt : 1
- selftest : passed
- type : blkcipher
- blocksize : 8
- min keysize : 24
- max keysize : 24
- ivsize : 8
- geniv : <default>
- name : cbc(des)
- driver : cbc(des-generic)
- module : kernel
- priority : 0
- refcnt : 1
- selftest : passed
- type : blkcipher
- blocksize : 8
- min keysize : 8
- max keysize : 8
- ivsize : 8
- geniv : <default>
- name : cmac(aes)
- driver : cmac(aes-asm)
- module : cmac
- priority : 200
- refcnt : 1
- selftest : passed
- type : shash
- blocksize : 16
- digestsize : 16
- name : xcbc(aes)
- driver : xcbc(aes-asm)
- module : xcbc
- priority : 200
- refcnt : 1
- selftest : passed
- type : shash
- blocksize : 16
- digestsize : 16
- name : hmac(rmd160)
- driver : hmac(rmd160-generic)
- module : kernel
- priority : 0
- refcnt : 1
- selftest : passed
- type : shash
- blocksize : 64
- digestsize : 20
- name : rmd160
- driver : rmd160-generic
- module : rmd160
- priority : 0
- refcnt : 1
- selftest : passed
- type : shash
- blocksize : 64
- digestsize : 20
- name : hmac(sha512)
- driver : hmac(sha512-ssse3)
- module : kernel
- priority : 150
- refcnt : 1
- selftest : passed
- type : shash
- blocksize : 128
- digestsize : 64
- name : hmac(sha384)
- driver : hmac(sha384-generic)
- module : kernel
- priority : 0
- refcnt : 1
- selftest : passed
- type : shash
- blocksize : 128
- digestsize : 48
- name : hmac(sha256)
- driver : hmac(sha256-ssse3)
- module : kernel
- priority : 150
- refcnt : 1
- selftest : passed
- type : shash
- blocksize : 64
- digestsize : 32
- name : hmac(md5)
- driver : hmac(md5-generic)
- module : kernel
- priority : 0
- refcnt : 1
- selftest : passed
- type : shash
- blocksize : 64
- digestsize : 16
- name : digest_null
- driver : digest_null-generic
- module : crypto_null
- priority : 0
- refcnt : 1
- selftest : passed
- type : shash
- blocksize : 1
- digestsize : 0
- name : compress_null
- driver : compress_null-generic
- module : crypto_null
- priority : 0
- refcnt : 1
- selftest : passed
- type : compression
- name : ecb(cipher_null)
- driver : ecb-cipher_null
- module : crypto_null
- priority : 100
- refcnt : 1
- selftest : passed
- type : blkcipher
- blocksize : 1
- min keysize : 0
- max keysize : 0
- ivsize : 0
- geniv : <default>
- name : cipher_null
- driver : cipher_null-generic
- module : crypto_null
- priority : 0
- refcnt : 1
- selftest : passed
- type : cipher
- blocksize : 1
- min keysize : 0
- max keysize : 0
- name : camellia
- driver : camellia-generic
- module : camellia_generic
- priority : 100
- refcnt : 1
- selftest : passed
- type : cipher
- blocksize : 16
- min keysize : 16
- max keysize : 32
- name : xts(camellia)
- driver : xts-camellia-asm
- module : camellia_x86_64
- priority : 300
- refcnt : 1
- selftest : passed
- type : blkcipher
- blocksize : 16
- min keysize : 32
- max keysize : 64
- ivsize : 16
- geniv : <default>
- name : lrw(camellia)
- driver : lrw-camellia-asm
- module : camellia_x86_64
- priority : 300
- refcnt : 1
- selftest : passed
- type : blkcipher
- blocksize : 16
- min keysize : 32
- max keysize : 48
- ivsize : 16
- geniv : <default>
- name : ctr(camellia)
- driver : ctr-camellia-asm
- module : camellia_x86_64
- priority : 300
- refcnt : 1
- selftest : passed
- type : blkcipher
- blocksize : 1
- min keysize : 16
- max keysize : 32
- ivsize : 16
- geniv : <default>
- name : cbc(camellia)
- driver : cbc-camellia-asm
- module : camellia_x86_64
- priority : 300
- refcnt : 1
- selftest : passed
- type : blkcipher
- blocksize : 16
- min keysize : 16
- max keysize : 32
- ivsize : 16
- geniv : <default>
- name : ecb(camellia)
- driver : ecb-camellia-asm
- module : camellia_x86_64
- priority : 300
- refcnt : 1
- selftest : passed
- type : blkcipher
- blocksize : 16
- min keysize : 16
- max keysize : 32
- ivsize : 0
- geniv : <default>
- name : camellia
- driver : camellia-asm
- module : camellia_x86_64
- priority : 200
- refcnt : 1
- selftest : passed
- type : cipher
- blocksize : 16
- min keysize : 16
- max keysize : 32
- name : cast6
- driver : cast6-generic
- module : cast6_generic
- priority : 100
- refcnt : 1
- selftest : passed
- type : cipher
- blocksize : 16
- min keysize : 16
- max keysize : 32
- name : cast5
- driver : cast5-generic
- module : cast5_generic
- priority : 100
- refcnt : 1
- selftest : passed
- type : cipher
- blocksize : 8
- min keysize : 5
- max keysize : 16
- name : deflate
- driver : deflate-generic
- module : deflate
- priority : 0
- refcnt : 1
- selftest : passed
- type : compression
- name : xts(serpent)
- driver : xts-serpent-sse2
- module : serpent_sse2_x86_64
- priority : 400
- refcnt : 1
- selftest : passed
- type : ablkcipher
- async : yes
- blocksize : 16
- min keysize : 0
- max keysize : 64
- ivsize : 16
- geniv : <default>
- name : lrw(serpent)
- driver : lrw-serpent-sse2
- module : serpent_sse2_x86_64
- priority : 400
- refcnt : 1
- selftest : passed
- type : ablkcipher
- async : yes
- blocksize : 16
- min keysize : 16
- max keysize : 48
- ivsize : 16
- geniv : <default>
- name : ctr(serpent)
- driver : ctr-serpent-sse2
- module : serpent_sse2_x86_64
- priority : 400
- refcnt : 1
- selftest : passed
- type : ablkcipher
- async : yes
- blocksize : 1
- min keysize : 0
- max keysize : 32
- ivsize : 16
- geniv : chainiv
- name : cbc(serpent)
- driver : cbc-serpent-sse2
- module : serpent_sse2_x86_64
- priority : 400
- refcnt : 1
- selftest : passed
- type : ablkcipher
- async : yes
- blocksize : 16
- min keysize : 0
- max keysize : 32
- ivsize : 16
- geniv : <default>
- name : __ecb-serpent-sse2
- driver : cryptd(__driver-ecb-serpent-sse2)
- module : cryptd
- priority : 50
- refcnt : 1
- selftest : passed
- type : ablkcipher
- async : yes
- blocksize : 16
- min keysize : 0
- max keysize : 32
- ivsize : 0
- geniv : <default>
- name : ecb(serpent)
- driver : ecb-serpent-sse2
- module : serpent_sse2_x86_64
- priority : 400
- refcnt : 1
- selftest : passed
- type : ablkcipher
- async : yes
- blocksize : 16
- min keysize : 0
- max keysize : 32
- ivsize : 0
- geniv : <default>
- name : __xts-serpent-sse2
- driver : __driver-xts-serpent-sse2
- module : serpent_sse2_x86_64
- priority : 0
- refcnt : 1
- selftest : passed
- type : blkcipher
- blocksize : 16
- min keysize : 0
- max keysize : 64
- ivsize : 16
- geniv : <default>
- name : __lrw-serpent-sse2
- driver : __driver-lrw-serpent-sse2
- module : serpent_sse2_x86_64
- priority : 0
- refcnt : 1
- selftest : passed
- type : blkcipher
- blocksize : 16
- min keysize : 16
- max keysize : 48
- ivsize : 16
- geniv : <default>
- name : __ctr-serpent-sse2
- driver : __driver-ctr-serpent-sse2
- module : serpent_sse2_x86_64
- priority : 0
- refcnt : 1
- selftest : passed
- type : blkcipher
- blocksize : 1
- min keysize : 0
- max keysize : 32
- ivsize : 16
- geniv : <default>
- name : __cbc-serpent-sse2
- driver : __driver-cbc-serpent-sse2
- module : serpent_sse2_x86_64
- priority : 0
- refcnt : 1
- selftest : passed
- type : blkcipher
- blocksize : 16
- min keysize : 0
- max keysize : 32
- ivsize : 0
- geniv : <default>
- name : __ecb-serpent-sse2
- driver : __driver-ecb-serpent-sse2
- module : serpent_sse2_x86_64
- priority : 0
- refcnt : 1
- selftest : passed
- type : blkcipher
- blocksize : 16
- min keysize : 0
- max keysize : 32
- ivsize : 0
- geniv : <default>
- name : tnepres
- driver : tnepres-generic
- module : serpent_generic
- priority : 0
- refcnt : 1
- selftest : passed
- type : cipher
- blocksize : 16
- min keysize : 0
- max keysize : 32
- name : serpent
- driver : serpent-generic
- module : serpent_generic
- priority : 100
- refcnt : 1
- selftest : passed
- type : cipher
- blocksize : 16
- min keysize : 0
- max keysize : 32
- name : blowfish
- driver : blowfish-generic
- module : blowfish_generic
- priority : 100
- refcnt : 1
- selftest : passed
- type : cipher
- blocksize : 8
- min keysize : 4
- max keysize : 56
- name : ctr(blowfish)
- driver : ctr-blowfish-asm
- module : blowfish_x86_64
- priority : 300
- refcnt : 1
- selftest : passed
- type : blkcipher
- blocksize : 1
- min keysize : 4
- max keysize : 56
- ivsize : 8
- geniv : <default>
- name : cbc(blowfish)
- driver : cbc-blowfish-asm
- module : blowfish_x86_64
- priority : 300
- refcnt : 1
- selftest : passed
- type : blkcipher
- blocksize : 8
- min keysize : 4
- max keysize : 56
- ivsize : 8
- geniv : <default>
- name : ecb(blowfish)
- driver : ecb-blowfish-asm
- module : blowfish_x86_64
- priority : 300
- refcnt : 1
- selftest : passed
- type : blkcipher
- blocksize : 8
- min keysize : 4
- max keysize : 56
- ivsize : 0
- geniv : <default>
- name : blowfish
- driver : blowfish-asm
- module : blowfish_x86_64
- priority : 200
- refcnt : 1
- selftest : passed
- type : cipher
- blocksize : 8
- min keysize : 4
- max keysize : 56
- name : twofish
- driver : twofish-generic
- module : twofish_generic
- priority : 100
- refcnt : 1
- selftest : passed
- type : cipher
- blocksize : 16
- min keysize : 16
- max keysize : 32
- name : xts(twofish)
- driver : xts-twofish-3way
- module : twofish_x86_64_3way
- priority : 300
- refcnt : 1
- selftest : passed
- type : blkcipher
- blocksize : 16
- min keysize : 32
- max keysize : 64
- ivsize : 16
- geniv : <default>
- name : lrw(twofish)
- driver : lrw-twofish-3way
- module : twofish_x86_64_3way
- priority : 300
- refcnt : 1
- selftest : passed
- type : blkcipher
- blocksize : 16
- min keysize : 32
- max keysize : 48
- ivsize : 16
- geniv : <default>
- name : ctr(twofish)
- driver : ctr-twofish-3way
- module : twofish_x86_64_3way
- priority : 300
- refcnt : 1
- selftest : passed
- type : blkcipher
- blocksize : 1
- min keysize : 16
- max keysize : 32
- ivsize : 16
- geniv : <default>
- name : cbc(twofish)
- driver : cbc-twofish-3way
- module : twofish_x86_64_3way
- priority : 300
- refcnt : 1
- selftest : passed
- type : blkcipher
- blocksize : 16
- min keysize : 16
- max keysize : 32
- ivsize : 16
- geniv : <default>
- name : ecb(twofish)
- driver : ecb-twofish-3way
- module : twofish_x86_64_3way
- priority : 300
- refcnt : 1
- selftest : passed
- type : blkcipher
- blocksize : 16
- min keysize : 16
- max keysize : 32
- ivsize : 0
- geniv : <default>
- name : twofish
- driver : twofish-asm
- module : twofish_x86_64
- priority : 200
- refcnt : 1
- selftest : passed
- type : cipher
- blocksize : 16
- min keysize : 16
- max keysize : 32
- name : sha256
- driver : sha256-ssse3
- module : sha256_ssse3
- priority : 150
- refcnt : 1
- selftest : passed
- type : shash
- blocksize : 64
- digestsize : 32
- name : sha512
- driver : sha512-ssse3
- module : sha512_ssse3
- priority : 150
- refcnt : 1
- selftest : passed
- type : shash
- blocksize : 128
- digestsize : 64
- name : sha384
- driver : sha384-generic
- module : sha512_generic
- priority : 0
- refcnt : 1
- selftest : passed
- type : shash
- blocksize : 128
- digestsize : 48
- name : sha512
- driver : sha512-generic
- module : sha512_generic
- priority : 0
- refcnt : 1
- selftest : passed
- type : shash
- blocksize : 128
- digestsize : 64
- name : des3_ede
- driver : des3_ede-generic
- module : des_generic
- priority : 0
- refcnt : 1
- selftest : passed
- type : cipher
- blocksize : 8
- min keysize : 24
- max keysize : 24
- name : des
- driver : des-generic
- module : des_generic
- priority : 0
- refcnt : 1
- selftest : passed
- type : cipher
- blocksize : 8
- min keysize : 8
- max keysize : 8
- name : crc32c
- driver : crc32c-intel
- module : crc32c_intel
- priority : 200
- refcnt : 1
- selftest : passed
- type : shash
- blocksize : 1
- digestsize : 4
- name : cbc(aes)
- driver : cbc(aes-asm)
- module : kernel
- priority : 200
- refcnt : 1
- selftest : passed
- type : blkcipher
- blocksize : 16
- min keysize : 16
- max keysize : 32
- ivsize : 16
- geniv : <default>
- name : hmac(sha1)
- driver : hmac(sha1-generic)
- module : kernel
- priority : 0
- refcnt : 2
- selftest : passed
- type : shash
- blocksize : 64
- digestsize : 20
- name : stdrng
- driver : krng
- module : kernel
- priority : 200
- refcnt : 2
- selftest : passed
- type : rng
- seedsize : 0
- name : lzo
- driver : lzo-generic
- module : kernel
- priority : 0
- refcnt : 1
- selftest : passed
- type : compression
- name : crc32c
- driver : crc32c-generic
- module : kernel
- priority : 100
- refcnt : 2
- selftest : passed
- type : shash
- blocksize : 1
- digestsize : 4
- name : aes
- driver : aes-generic
- module : kernel
- priority : 100
- refcnt : 1
- selftest : passed
- type : cipher
- blocksize : 16
- min keysize : 16
- max keysize : 32
- name : sha224
- driver : sha224-generic
- module : kernel
- priority : 0
- refcnt : 1
- selftest : passed
- type : shash
- blocksize : 64
- digestsize : 28
- name : sha256
- driver : sha256-generic
- module : kernel
- priority : 0
- refcnt : 3
- selftest : passed
- type : shash
- blocksize : 64
- digestsize : 32
- name : sha1
- driver : sha1-generic
- module : kernel
- priority : 0
- refcnt : 5
- selftest : passed
- type : shash
- blocksize : 64
- digestsize : 20
- name : md5
- driver : md5-generic
- module : kernel
- priority : 0
- refcnt : 1
- selftest : passed
- type : shash
- blocksize : 64
- digestsize : 16
- name : aes
- driver : aes-asm
- module : kernel
- priority : 200
- refcnt : 2
- selftest : passed
- type : cipher
- blocksize : 16
- min keysize : 16
- max keysize : 32
- + __________________________/proc/sys/net/core/xfrm-star
- /usr/libexec/ipsec/barf: line 197: __________________________/proc/sys/net/core/xfrm-star: No such file or directory
- + for i in '/proc/sys/net/core/xfrm_*'
- + echo -n '/proc/sys/net/core/xfrm_acq_expires: '
- /proc/sys/net/core/xfrm_acq_expires: + cat /proc/sys/net/core/xfrm_acq_expires
- 30
- + for i in '/proc/sys/net/core/xfrm_*'
- + echo -n '/proc/sys/net/core/xfrm_aevent_etime: '
- /proc/sys/net/core/xfrm_aevent_etime: + cat /proc/sys/net/core/xfrm_aevent_etime
- 10
- + for i in '/proc/sys/net/core/xfrm_*'
- + echo -n '/proc/sys/net/core/xfrm_aevent_rseqth: '
- /proc/sys/net/core/xfrm_aevent_rseqth: + cat /proc/sys/net/core/xfrm_aevent_rseqth
- 2
- + for i in '/proc/sys/net/core/xfrm_*'
- + echo -n '/proc/sys/net/core/xfrm_larval_drop: '
- /proc/sys/net/core/xfrm_larval_drop: + cat /proc/sys/net/core/xfrm_larval_drop
- 1
- + _________________________ /proc/sys/net/ipsec-star
- + test -d /proc/sys/net/ipsec
- + _________________________ ipsec/status
- + ipsec whack --status
- 000 using kernel interface: netkey
- 000 interface lo/lo ::1
- 000 interface lo/lo 127.0.0.1
- 000 interface enp11s0f0/enp11s0f0 10.1.2.2
- 000
- 000 fips mode=disabled;
- 000 SElinux=enabled
- 000
- 000 config setup options:
- 000
- 000 configdir=/etc, configfile=/etc/ipsec.conf, secrets=/etc/ipsec.secrets, ipsecdir=/etc/ipsec.d, dumpdir=/var/run/pluto/, statsbin=unset
- 000 sbindir=/usr/sbin, libdir=/usr/libexec/ipsec, libexecdir=/usr/libexec/ipsec
- 000 pluto_version=3.8, pluto_vendorid=OE-Libreswan-3.8
- 000 nhelpers=-1, uniqueids=yes, retransmits=yes, force_busy=no
- 000 ikeport=500, strictcrlpolicy=no, crlcheckinterval=0, listen=<any>
- 000 secctx_attr_value=32001
- 000 myid = (none)
- 000 debug raw+crypt+parsing+emitting+control+lifecycle+kernel+dns+oppo+controlmore+pfkey+nattraversal+x509+dpd+oppoinfo
- 000
- 000 nat_traversal=no, keep_alive=20, nat_ikeport=4500, disable_port_floating=yes
- 000
- 000 ESP algorithms supported:
- 000
- 000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64, keysizemax=64
- 000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192, keysizemax=192
- 000 algorithm ESP encrypt: id=6, name=ESP_CAST, ivlen=8, keysizemin=40, keysizemax=128
- 000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8, keysizemin=40, keysizemax=448
- 000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0, keysizemax=0
- 000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128, keysizemax=256
- 000 algorithm ESP encrypt: id=13, name=ESP_AES_CTR, ivlen=8, keysizemin=160, keysizemax=288
- 000 algorithm ESP encrypt: id=14, name=ESP_AES_CCM_A, ivlen=8, keysizemin=128, keysizemax=256
- 000 algorithm ESP encrypt: id=15, name=ESP_AES_CCM_B, ivlen=8, keysizemin=128, keysizemax=256
- 000 algorithm ESP encrypt: id=16, name=ESP_AES_CCM_C, ivlen=8, keysizemin=128, keysizemax=256
- 000 algorithm ESP encrypt: id=18, name=ESP_AES_GCM_A, ivlen=8, keysizemin=128, keysizemax=256
- 000 algorithm ESP encrypt: id=19, name=ESP_AES_GCM_B, ivlen=12, keysizemin=128, keysizemax=256
- 000 algorithm ESP encrypt: id=20, name=ESP_AES_GCM_C, ivlen=16, keysizemin=128, keysizemax=256
- 000 algorithm ESP encrypt: id=22, name=ESP_CAMELLIA, ivlen=8, keysizemin=128, keysizemax=256
- 000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8, keysizemin=128, keysizemax=256
- 000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8, keysizemin=128, keysizemax=256
- 000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128
- 000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160
- 000 algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256, keysizemin=256, keysizemax=256
- 000 algorithm ESP auth attr: id=6, name=AUTH_ALGORITHM_HMAC_SHA2_384, keysizemin=384, keysizemax=384
- 000 algorithm ESP auth attr: id=7, name=AUTH_ALGORITHM_HMAC_SHA2_512, keysizemin=512, keysizemax=512
- 000 algorithm ESP auth attr: id=8, name=AUTH_ALGORITHM_HMAC_RIPEMD, keysizemin=160, keysizemax=160
- 000 algorithm ESP auth attr: id=9, name=AUTH_ALGORITHM_AES_CBC, keysizemin=128, keysizemax=128
- 000 algorithm ESP auth attr: id=251, name=AUTH_ALGORITHM_NULL_KAME, keysizemin=0, keysizemax=0
- 000
- 000 IKE algorithms supported:
- 000
- 000 algorithm IKE encrypt: v1id=0, v1name=0??, v2id=20, v2name=AES_GCM_C, blocksize=16, keydeflen=128
- 000 algorithm IKE encrypt: v1id=0, v1name=0??, v2id=19, v2name=AES_GCM_B, blocksize=16, keydeflen=128
- 000 algorithm IKE encrypt: v1id=0, v1name=0??, v2id=18, v2name=AES_GCM_A, blocksize=16, keydeflen=128
- 000 algorithm IKE encrypt: v1id=0, v1name=0??, v2id=16, v2name=AES_CCM_C, blocksize=16, keydeflen=128
- 000 algorithm IKE encrypt: v1id=0, v1name=0??, v2id=15, v2name=AES_CCM_B, blocksize=16, keydeflen=128
- 000 algorithm IKE encrypt: v1id=0, v1name=0??, v2id=14, v2name=AES_CCM_A, blocksize=16, keydeflen=128
- 000 algorithm IKE encrypt: v1id=5, v1name=OAKLEY_3DES_CBC, v2id=3, v2name=3DES, blocksize=8, keydeflen=192
- 000 algorithm IKE encrypt: v1id=7, v1name=OAKLEY_AES_CBC, v2id=12, v2name=AES_CBC, blocksize=16, keydeflen=128
- 000 algorithm IKE encrypt: v1id=65004, v1name=OAKLEY_SERPENT_CBC, v2id=65004, v2name=SERPENT_CBC, blocksize=16, keydeflen=128
- 000 algorithm IKE encrypt: v1id=65005, v1name=OAKLEY_TWOFISH_CBC, v2id=65005, v2name=TWOFISH_CBC, blocksize=16, keydeflen=128
- 000 algorithm IKE encrypt: v1id=65289, v1name=OAKLEY_TWOFISH_CBC_SSH, v2id=65289, v2name=TWOFISH_CBC_SSH, blocksize=16, keydeflen=128
- 000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
- 000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20
- 000 algorithm IKE hash: id=4, name=OAKLEY_SHA2_256, hashsize=32
- 000 algorithm IKE hash: id=5, name=OAKLEY_SHA2_384, hashsize=48
- 000 algorithm IKE hash: id=6, name=OAKLEY_SHA2_512, hashsize=64
- 000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
- 000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
- 000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
- 000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
- 000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
- 000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
- 000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
- 000 algorithm IKE dh group: id=22, name=OAKLEY_GROUP_DH22, bits=1024
- 000 algorithm IKE dh group: id=23, name=OAKLEY_GROUP_DH23, bits=2048
- 000 algorithm IKE dh group: id=24, name=OAKLEY_GROUP_DH24, bits=2048
- 000
- 000 stats db_ops: {curr_cnt, total_cnt, maxsz} :context={0,0,0} trans={0,0,0} attrs={0,0,0}
- 000
- 000 Connection list:
- 000
- 000
- 000 State list:
- 000
- 000 Shunt list:
- 000
- + _________________________ ifconfig-a
- + ifconfig -a
- enp0s29f0u2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
- ether 02:21:5e:0a:a9:1f txqueuelen 1000 (Ethernet)
- RX packets 36700 bytes 2388956 (2.2 MiB)
- RX errors 0 dropped 0 overruns 0 frame 0
- TX packets 0 bytes 0 (0.0 B)
- TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
- enp11s0f0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
- inet 10.1.2.2 netmask 255.255.255.0 broadcast 10.1.2.255
- inet6 fe80::221:5eff:fe09:a91c prefixlen 64 scopeid 0x20<link>
- ether 00:21:5e:09:a9:1c txqueuelen 1000 (Ethernet)
- RX packets 175412 bytes 39836899 (37.9 MiB)
- RX errors 0 dropped 21 overruns 0 frame 0
- TX packets 133443 bytes 41760038 (39.8 MiB)
- TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
- enp11s0f1: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
- ether 00:21:5e:09:a9:1e txqueuelen 1000 (Ethernet)
- RX packets 0 bytes 0 (0.0 B)
- RX errors 0 dropped 0 overruns 0 frame 0
- TX packets 0 bytes 0 (0.0 B)
- TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
- lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
- inet 127.0.0.1 netmask 255.0.0.0
- inet6 ::1 prefixlen 128 scopeid 0x10<host>
- loop txqueuelen 0 (Local Loopback)
- RX packets 165079 bytes 52394165 (49.9 MiB)
- RX errors 0 dropped 0 overruns 0 frame 0
- TX packets 165079 bytes 52394165 (49.9 MiB)
- TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
- + _________________________ ip-addr-list
- + ip addr list
- 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
- link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
- inet 127.0.0.1/8 scope host lo
- valid_lft forever preferred_lft forever
- inet6 ::1/128 scope host
- valid_lft forever preferred_lft forever
- 2: enp11s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
- link/ether 00:21:5e:09:a9:1c brd ff:ff:ff:ff:ff:ff
- inet 10.1.2.2/24 brd 10.1.2.255 scope global enp11s0f0
- valid_lft forever preferred_lft forever
- inet6 fe80::221:5eff:fe09:a91c/64 scope link
- valid_lft forever preferred_lft forever
- 3: enp11s0f1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN qlen 1000
- link/ether 00:21:5e:09:a9:1e brd ff:ff:ff:ff:ff:ff
- 4: enp0s29f0u2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
- link/ether 02:21:5e:0a:a9:1f brd ff:ff:ff:ff:ff:ff
- + _________________________ ip-route-list
- + ip route list
- default via 10.1.2.254 dev enp11s0f0 proto static metric 1024
- 10.1.2.0/24 dev enp11s0f0 proto kernel scope link src 10.1.2.2
- + _________________________ ip-rule-list
- + ip rule list
- 0: from all lookup local
- 32766: from all lookup main
- 32767: from all lookup default
- + _________________________ ipsec_verify
- + ipsec verify --nocolour
- Verifying installed system and configuration files
- Version check and ipsec on-path [OK]
- Libreswan 3.8 (netkey) on 3.10.0-123.el7.x86_64
- Checking for IPsec support in kernel [OK]
- NETKEY: Testing XFRM related proc values
- ICMP default/send_redirects [OK]
- ICMP default/accept_redirects [OK]
- XFRM larval drop [OK]
- Pluto ipsec.conf syntax [OK]
- Hardware random device [N/A]
- Two or more interfaces found, checking IP forwarding [FAILED]
- Checking rp_filter [OK]
- Checking that pluto is running [OK]
- Pluto listening for IKE on udp 500 [OK]
- Pluto listening for IKE/NAT-T on udp 4500 [DISABLED]
- Pluto ipsec.secret syntax [OK]
- Checking NAT and MASQUERADEing [TEST INCOMPLETE]
- Checking 'ip' command [OK]
- Checking 'iptables' command [OK]
- Checking 'prelink' command does not interfere with FIPSChecking for obsolete ipsec.conf options [OK]
- Opportunistic Encryption [DISABLED]
- ipsec verify: encountered 2 errors - see 'man ipsec_verify' for help
- + _________________________ mii-tool
- + '[' -x /sbin/mii-tool ']'
- + /sbin/mii-tool -v
- No interface specified
- usage: /sbin/mii-tool [-VvRrwl] [-A media,... | -F media] [-p addr] <interface ...>
- -V, --version display version information
- -v, --verbose more verbose output
- -R, --reset reset MII to poweron state
- -r, --restart restart autonegotiation
- -w, --watch monitor for link status changes
- -l, --log with -w, write events to syslog
- -A, --advertise=media,... advertise only specified media
- -F, --force=media force specified media technology
- -p, --phy=addr set PHY (MII address) to report
- media: 1000baseTx-HD, 1000baseTx-FD,
- 100baseT4, 100baseTx-FD, 100baseTx-HD,
- 10baseT-FD, 10baseT-HD,
- (to advertise both HD and FD) 1000baseTx, 100baseTx, 10baseT
- + _________________________ ipsec/directory
- + ipsec --directory
- /usr/libexec/ipsec
- + _________________________ hostname/fqdn
- + hostname --fqdn
- mdserver.blueprintconsulting.com
- + _________________________ hostname/ipaddress
- + hostname --ip-address
- 10.1.2.2
- + _________________________ uptime
- + uptime
- 14:00:54 up 1 day, 1:18, 1 user, load average: 0.17, 0.05, 0.06
- + _________________________ ps
- + ps alxwf
- + egrep -i 'ppid|pluto|ipsec|klips'
- F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME COMMAND
- 0 0 10305 27355 20 0 113120 1484 wait S+ pts/1 0:00 \_ /bin/bash /etc/ipsec.d/show_ipsec_config
- 4 0 10409 10305 20 0 113124 1564 wait S+ pts/1 0:00 \_ /bin/sh /usr/libexec/ipsec/barf
- 0 0 10626 10409 20 0 4432 628 pipe_w S+ pts/1 0:00 \_ egrep -i ppid|pluto|ipsec|klips
- 0 0 10406 1 20 0 115212 1452 pipe_w Ss ? 0:00 /bin/sh -c eval `/usr/libexec/ipsec/pluto --config /etc/ipsec.conf --nofork $PLUTO_OPTIONS`
- 1 0 10411 10406 20 0 115212 660 wait S ? 0:00 \_ /bin/sh -c eval `/usr/libexec/ipsec/pluto --config /etc/ipsec.conf --nofork $PLUTO_OPTIONS`
- 4 0 10412 10411 20 0 629756 6588 poll_s Sl ? 0:00 \_ /usr/libexec/ipsec/pluto --config /etc/ipsec.conf --nofork
- 0 0 10464 10412 20 0 31308 872 poll_s S ? 0:00 \_ _pluto_adns -d
- 1 0 10466 10412 20 0 629756 2320 hrtime S ? 0:00 \_ /usr/libexec/ipsec/pluto --config /etc/ipsec.conf --nofork
- + _________________________ ipsec/conf
- + ipsec readwriteconf --config /etc/ipsec.conf
- + ipsec _keycensor
- #conn amazoncore loaded
- config setup
- plutodebug="all raw crypt parsing emitting control lifecycle kernel dns oppo oppoinfo controlmore x509 dpd pfkey natt nattraversal klips netkey"
- dumpdir=/var/run/pluto/
- virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:100.64.0.0/10,%v6:fd00::/8,%v6:fe80::/10,!%v4:172.31.0.0/20
- protostack=netkey
- # begin conn amazoncore
- conn amazoncore
- left=54.66.129.223
- leftid="@blender"
- leftsubnet=10.1.0.0/16
- leftsourceip=10.1.0.1
- right=%defaultroute
- rightid="@potatoe"
- rightsubnet=10.1.2.0/24
- authby=secret
- forceencaps=yes
- ike=aes256-sha1;modp1536,3des-md5;modp1024
- auto==start
- type=tunnel
- compress=no
- pfs=yes
- ikepad=yes
- rekey=yes
- overlapip=yes
- authby=secret
- phase2=esp
- # end conn amazoncore
- # end of config
- + _________________________ ipsec/secrets
- + cat /etc/ipsec.secrets
- + ipsec _secretcensor
- include /etc/ipsec.d/*.secrets
- + _________________________ ipsec/listall
- + ipsec whack --listall
- 000
- 000 List of Public Keys:
- 000
- 000 List of Pre-shared secrets (from /etc/ipsec.secrets)
- 000 1: PSK @potatoe @blender
- 000
- 000 List of X.509 End Certificates:
- 000
- 000 List of X.509 AA Certificates:
- 000
- 000 List of X.509 CA Certificates:
- 000
- 000 List of X.509 CRLs:
- + '[' /etc/ipsec.d/policies ']'
- + for policy in '$POLICIES/*'
- ++ basename /etc/ipsec.d/policies/block
- + base=block
- + _________________________ ipsec/policies/block
- + cat /etc/ipsec.d/policies/block
- # This file defines the set of CIDRs (network/mask-length) to which
- # communication should never be allowed.
- #
- # See /usr/share/doc/libreswan/policygroups.html for details.
- #
- # $Id: block.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
- #
- + for policy in '$POLICIES/*'
- ++ basename /etc/ipsec.d/policies/clear
- + base=clear
- + _________________________ ipsec/policies/clear
- + cat /etc/ipsec.d/policies/clear
- # This file defines the set of CIDRs (network/mask-length) to which
- # communication should always be in the clear.
- #
- # See /usr/share/doc/libreswan/policygroups.html for details.
- #
- # root name servers should be in the clear
- 192.58.128.30/32
- 198.41.0.4/32
- 192.228.79.201/32
- 192.33.4.12/32
- 128.8.10.90/32
- 192.203.230.10/32
- 192.5.5.241/32
- 192.112.36.4/32
- 128.63.2.53/32
- 192.36.148.17/32
- 193.0.14.129/32
- 199.7.83.42/32
- 202.12.27.33/32
- + for policy in '$POLICIES/*'
- ++ basename /etc/ipsec.d/policies/clear-or-private
- + base=clear-or-private
- + _________________________ ipsec/policies/clear-or-private
- + cat /etc/ipsec.d/policies/clear-or-private
- # This file defines the set of CIDRs (network/mask-length) to which
- # we will communicate in the clear, or, if the other side initiates IPSEC,
- # using encryption. This behaviour is also called "Opportunistic Responder".
- #
- # See /usr/share/doc/libreswan/policygroups.html for details.
- #
- # $Id: clear-or-private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
- #
- + for policy in '$POLICIES/*'
- ++ basename /etc/ipsec.d/policies/private
- + base=private
- + _________________________ ipsec/policies/private
- + cat /etc/ipsec.d/policies/private
- # This file defines the set of CIDRs (network/mask-length) to which
- # communication should always be private (i.e. encrypted).
- # See /usr/share/doc/libreswan/policygroups.html for details.
- #
- # $Id: private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
- #
- + for policy in '$POLICIES/*'
- ++ basename /etc/ipsec.d/policies/private-or-clear
- + base=private-or-clear
- + _________________________ ipsec/policies/private-or-clear
- + cat /etc/ipsec.d/policies/private-or-clear
- # This file defines the set of CIDRs (network/mask-length) to which
- # communication should be private, if possible, but in the clear otherwise.
- #
- # If the target has a TXT (later IPSECKEY) record that specifies
- # authentication material, we will require private (i.e. encrypted)
- # communications. If no such record is found, communications will be
- # in the clear.
- #
- # See /usr/share/doc/libreswan/policygroups.html for details.
- #
- # $Id: private-or-clear.in,v 1.5 2003/02/17 02:22:15 mcr Exp $
- #
- 0.0.0.0/0
- + _________________________ ipsec/ls-libdir
- + ls -l /usr/libexec/ipsec
- total 2668
- -rwxr-xr-x. 1 root root 1410 Aug 13 2014 _keycensor
- -rwxr-xr-x. 1 root root 15424 Aug 13 2014 _pluto_adns
- -rwxr-xr-x. 1 root root 2978 Aug 13 2014 _plutorun
- -rwxr-xr-x. 1 root root 1906 Aug 13 2014 _secretcensor
- -rwxr-xr-x. 1 root root 12334 Aug 13 2014 _stackmanager
- -rwxr-xr-x. 1 root root 4330 Aug 13 2014 _updown
- -rwxr-xr-x. 1 root root 18534 Aug 13 2014 _updown.klips
- -rwxr-xr-x. 1 root root 19572 Aug 13 2014 _updown.mast
- -rwxr-xr-x. 1 root root 14438 Aug 13 2014 _updown.netkey
- -rwxr-xr-x. 1 root root 245400 Aug 13 2014 addconn
- -rwxr-xr-x. 1 root root 7012 Aug 13 2014 auto
- -rwxr-xr-x. 1 root root 11824 Aug 13 2014 barf
- -rwxr-xr-x. 1 root root 91736 Aug 13 2014 eroute
- -rwxr-xr-x. 1 root root 28056 Aug 13 2014 ikeping
- -rwxr-xr-x. 1 root root 71248 Aug 13 2014 klipsdebug
- -rwxr-xr-x. 1 root root 2641 Aug 13 2014 look
- -rwxr-xr-x. 1 root root 2727 Aug 13 2014 newhostkey
- -rwxr-xr-x. 1 root root 66664 Aug 13 2014 pf_key
- -rwxr-xr-x. 1 root root 1187240 Aug 13 2014 pluto
- -rwxr-xr-x. 1 root root 220336 Aug 13 2014 readwriteconf
- -rwxr-xr-x. 1 root root 28536 Aug 13 2014 rsasigkey
- -rwxr-xr-x. 1 root root 741 Aug 13 2014 secrets
- -rwxr-xr-x. 1 root root 6258 Aug 13 2014 setup
- -rwxr-xr-x. 1 root root 275936 Aug 13 2014 showhostkey
- -rwxr-xr-x. 1 root root 108480 Aug 13 2014 spi
- -rwxr-xr-x. 1 root root 83448 Aug 13 2014 spigrp
- -rwxr-xr-x. 1 root root 74808 Aug 13 2014 tncfg
- -rwxr-xr-x. 1 root root 15203 Aug 13 2014 verify
- -rwxr-xr-x. 1 root root 61352 Aug 13 2014 whack
- + _________________________ ipsec/ls-execdir
- + ls -l /usr/libexec/ipsec
- total 2668
- -rwxr-xr-x. 1 root root 1410 Aug 13 2014 _keycensor
- -rwxr-xr-x. 1 root root 15424 Aug 13 2014 _pluto_adns
- -rwxr-xr-x. 1 root root 2978 Aug 13 2014 _plutorun
- -rwxr-xr-x. 1 root root 1906 Aug 13 2014 _secretcensor
- -rwxr-xr-x. 1 root root 12334 Aug 13 2014 _stackmanager
- -rwxr-xr-x. 1 root root 4330 Aug 13 2014 _updown
- -rwxr-xr-x. 1 root root 18534 Aug 13 2014 _updown.klips
- -rwxr-xr-x. 1 root root 19572 Aug 13 2014 _updown.mast
- -rwxr-xr-x. 1 root root 14438 Aug 13 2014 _updown.netkey
- -rwxr-xr-x. 1 root root 245400 Aug 13 2014 addconn
- -rwxr-xr-x. 1 root root 7012 Aug 13 2014 auto
- -rwxr-xr-x. 1 root root 11824 Aug 13 2014 barf
- -rwxr-xr-x. 1 root root 91736 Aug 13 2014 eroute
- -rwxr-xr-x. 1 root root 28056 Aug 13 2014 ikeping
- -rwxr-xr-x. 1 root root 71248 Aug 13 2014 klipsdebug
- -rwxr-xr-x. 1 root root 2641 Aug 13 2014 look
- -rwxr-xr-x. 1 root root 2727 Aug 13 2014 newhostkey
- -rwxr-xr-x. 1 root root 66664 Aug 13 2014 pf_key
- -rwxr-xr-x. 1 root root 1187240 Aug 13 2014 pluto
- -rwxr-xr-x. 1 root root 220336 Aug 13 2014 readwriteconf
- -rwxr-xr-x. 1 root root 28536 Aug 13 2014 rsasigkey
- -rwxr-xr-x. 1 root root 741 Aug 13 2014 secrets
- -rwxr-xr-x. 1 root root 6258 Aug 13 2014 setup
- -rwxr-xr-x. 1 root root 275936 Aug 13 2014 showhostkey
- -rwxr-xr-x. 1 root root 108480 Aug 13 2014 spi
- -rwxr-xr-x. 1 root root 83448 Aug 13 2014 spigrp
- -rwxr-xr-x. 1 root root 74808 Aug 13 2014 tncfg
- -rwxr-xr-x. 1 root root 15203 Aug 13 2014 verify
- -rwxr-xr-x. 1 root root 61352 Aug 13 2014 whack
- + _________________________ /proc/net/dev
- + cat /proc/net/dev
- Inter-| Receive | Transmit
- face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed
- enp11s0f0: 39836899 175412 0 21 0 0 0 27683 41760038 133443 0 0 0 0 0 0
- enp0s29f0u2: 2388956 36700 0 0 0 0 0 0 0 0 0 0 0 0 0 0
- lo: 52395287 165087 0 0 0 0 0 0 52395287 165087 0 0 0 0 0 0
- enp11s0f1: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
- + _________________________ /proc/net/route
- + cat /proc/net/route
- Iface Destination Gateway Flags RefCnt Use Metric Mask MTU Window IRTT
- enp11s0f0 00000000 FE02010A 0003 0 0 1024 00000000 0 0 0
- enp11s0f0 0002010A 00000000 0001 0 0 0 00FFFFFF 0 0 0
- + _________________________ /proc/sys/net/ipv4/ip_no_pmtu_disc
- + cat /proc/sys/net/ipv4/ip_no_pmtu_disc
- 0
- + _________________________ /proc/sys/net/ipv4/ip_forward
- + cat /proc/sys/net/ipv4/ip_forward
- 0
- + _________________________ /proc/sys/net/ipv4/tcp_ecn
- + cat /proc/sys/net/ipv4/tcp_ecn
- 2
- + _________________________ /proc/sys/net/ipv4/conf/star-rp_filter
- + cd /proc/sys/net/ipv4/conf
- + egrep '^' all/rp_filter default/rp_filter enp0s29f0u2/rp_filter enp11s0f0/rp_filter enp11s0f1/rp_filter lo/rp_filter
- all/rp_filter:0
- default/rp_filter:0
- enp0s29f0u2/rp_filter:0
- enp11s0f0/rp_filter:0
- enp11s0f1/rp_filter:0
- lo/rp_filter:0
- + _________________________ /proc/sys/net/ipv4/conf/star-star-redirects
- + cd /proc/sys/net/ipv4/conf
- + egrep '^' all/accept_redirects all/secure_redirects all/send_redirects default/accept_redirects default/secure_redirects default/send_redirects enp0s29f0u2/accept_redirects enp0s29f0u2/secure_redirects enp0s29f0u2/send_redirects enp11s0f0/accept_redirects enp11s0f0/secure_redirects enp11s0f0/send_redirects enp11s0f1/accept_redirects enp11s0f1/secure_redirects enp11s0f1/send_redirects lo/accept_redirects lo/secure_redirects lo/send_redirects
- all/accept_redirects:0
- all/secure_redirects:1
- all/send_redirects:0
- default/accept_redirects:0
- default/secure_redirects:1
- default/send_redirects:0
- enp0s29f0u2/accept_redirects:0
- enp0s29f0u2/secure_redirects:1
- enp0s29f0u2/send_redirects:0
- enp11s0f0/accept_redirects:0
- enp11s0f0/secure_redirects:1
- enp11s0f0/send_redirects:0
- enp11s0f1/accept_redirects:0
- enp11s0f1/secure_redirects:1
- enp11s0f1/send_redirects:0
- lo/accept_redirects:0
- lo/secure_redirects:1
- lo/send_redirects:0
- + _________________________ /proc/sys/net/ipv4/tcp_window_scaling
- + cat /proc/sys/net/ipv4/tcp_window_scaling
- 1
- + _________________________ /proc/sys/net/ipv4/tcp_adv_win_scale
- + cat /proc/sys/net/ipv4/tcp_adv_win_scale
- 1
- + _________________________ uname-a
- + uname -a
- Linux mdserver.blueprintconsulting.com 3.10.0-123.el7.x86_64 #1 SMP Mon May 5 11:16:57 EDT 2014 x86_64 x86_64 x86_64 GNU/Linux
- + _________________________ config-built-with
- + test -r /proc/config_built_with
- + _________________________ distro-release
- + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
- + test -f /etc/redhat-release
- + cat /etc/redhat-release
- Red Hat Enterprise Linux Server release 7.0 (Maipo)
- + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
- + test -f /etc/debian-release
- + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
- + test -f /etc/SuSE-release
- + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
- + test -f /etc/mandrake-release
- + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
- + test -f /etc/mandriva-release
- + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
- + test -f /etc/gentoo-release
- + _________________________ /proc/net/ipsec_version
- + test -r /proc/net/ipsec_version
- + test -r /proc/net/pfkey
- ++ uname -r
- + echo 'NETKEY (3.10.0-123.el7.x86_64) support detected '
- NETKEY (3.10.0-123.el7.x86_64) support detected
- + _________________________ iptables
- + test -e /proc/net/ip_tables_names
- + test -r /sbin/iptables-save -o -r /usr/sbin/iptables-save
- + iptables-save --modprobe=/dev/null
- # Generated by iptables-save v1.4.21 on Fri Mar 20 14:00:54 2015
- *filter
- :INPUT ACCEPT [39510:5267436]
- :FORWARD ACCEPT [0:0]
- :OUTPUT ACCEPT [21913:4391927]
- COMMIT
- # Completed on Fri Mar 20 14:00:54 2015
- + _________________________ ip6tables
- + test -e ip6_tables_names
- + _________________________ /proc/modules
- + test -f /proc/modules
- + cat /proc/modules
- udp_diag 12801 0 - Live 0xffffffffa06f6000
- inet_diag 18543 1 udp_diag, Live 0xffffffffa06f0000
- iptable_filter 12810 0 - Live 0xffffffffa0194000
- ip_tables 27239 1 iptable_filter, Live 0xffffffffa06e8000
- authenc 17542 0 - Live 0xffffffffa06e2000
- cmac 12788 0 - Live 0xffffffffa06d2000
- rmd160 16744 0 - Live 0xffffffffa06dc000
- crypto_null 12840 0 - Live 0xffffffffa06d7000
- af_key 36098 0 - Live 0xffffffffa06c8000
- ah6 13014 0 - Live 0xffffffffa06c3000
- ah4 13044 0 - Live 0xffffffffa06be000
- esp6 17144 0 - Live 0xffffffffa06b8000
- esp4 17139 0 - Live 0xffffffffa06b2000
- xfrm4_mode_beet 12691 0 - Live 0xffffffffa06ad000
- xfrm4_tunnel 12857 0 - Live 0xffffffffa06a8000
- tunnel4 13252 1 xfrm4_tunnel, Live 0xffffffffa06a3000
- xfrm4_mode_tunnel 13227 0 - Live 0xffffffffa069e000
- xfrm4_mode_transport 12631 0 - Live 0xffffffffa0699000
- xfrm6_mode_transport 12631 0 - Live 0xffffffffa0694000
- xfrm6_mode_ro 12564 0 - Live 0xffffffffa068f000
- xfrm6_mode_beet 12658 0 - Live 0xffffffffa068a000
- xfrm6_mode_tunnel 12605 0 - Live 0xffffffffa0685000
- ipcomp 12661 0 - Live 0xffffffffa0680000
- ipcomp6 12662 0 - Live 0xffffffffa067b000
- xfrm6_tunnel 13661 1 ipcomp6, Live 0xffffffffa066c000
- tunnel6 13254 1 xfrm6_tunnel, Live 0xffffffffa0667000
- xfrm_ipcomp 13413 2 ipcomp,ipcomp6, Live 0xffffffffa0662000
- camellia_generic 29348 0 - Live 0xffffffffa0672000
- camellia_x86_64 52986 0 - Live 0xffffffffa064d000
- cast6_generic 21523 0 - Live 0xffffffffa065b000
- cast5_generic 21429 0 - Live 0xffffffffa0646000
- cast_common 12983 2 cast6_generic,cast5_generic, Live 0xffffffffa0641000
- deflate 12617 0 - Live 0xffffffffa063c000
- zlib_deflate 26914 1 deflate, Live 0xffffffffa062c000
- cts 12854 0 - Live 0xffffffffa0627000
- gcm 23457 0 - Live 0xffffffffa061c000
- ccm 17773 0 - Live 0xffffffffa0616000
- serpent_sse2_x86_64 50408 0 - Live 0xffffffffa0608000
- serpent_generic 29823 1 serpent_sse2_x86_64, Live 0xffffffffa05ff000
- blowfish_generic 12530 0 - Live 0xffffffffa05fa000
- blowfish_x86_64 21966 0 - Live 0xffffffffa05e9000
- blowfish_common 16739 2 blowfish_generic,blowfish_x86_64, Live 0xffffffffa05e3000
- twofish_generic 16635 0 - Live 0xffffffffa05f4000
- twofish_x86_64_3way 27146 0 - Live 0xffffffffa05db000
- xts 12914 3 camellia_x86_64,serpent_sse2_x86_64,twofish_x86_64_3way, Live 0xffffffffa05d6000
- twofish_x86_64 12907 1 twofish_x86_64_3way, Live 0xffffffffa05b2000
- twofish_common 21113 3 twofish_generic,twofish_x86_64_3way,twofish_x86_64, Live 0xffffffffa05cf000
- xcbc 12815 0 - Live 0xffffffffa0570000
- sha256_ssse3 22140 0 - Live 0xffffffffa05c8000
- sha512_ssse3 42168 0 - Live 0xffffffffa05bc000
- sha512_generic 12942 1 sha512_ssse3, Live 0xffffffffa056b000
- des_generic 21379 0 - Live 0xffffffffa05ab000
- mpt3sas 195268 0 - Live 0xffffffffa057a000
- lrw 13286 3 camellia_x86_64,serpent_sse2_x86_64,twofish_x86_64_3way, Live 0xffffffffa0575000
- mpt2sas 193927 2 - Live 0xffffffffa053a000
- gf128mul 14951 2 xts,lrw, Live 0xffffffffa0535000
- glue_helper 13990 3 camellia_x86_64,serpent_sse2_x86_64,twofish_x86_64_3way, Live 0xffffffffa0530000
- ablk_helper 13597 1 serpent_sse2_x86_64, Live 0xffffffffa051e000
- cryptd 20359 1 ablk_helper, Live 0xffffffffa052a000
- raid_class 13554 2 mpt3sas,mpt2sas, Live 0xffffffffa0525000
- scsi_transport_sas 41034 2 mpt3sas,mpt2sas, Live 0xffffffffa0507000
- mptctl 38332 1 - Live 0xffffffffa0513000
- mptbase 105960 1 mptctl, Live 0xffffffffa04ec000
- tpm_rng 12492 0 - Live 0xffffffffa04e7000
- timeriomem_rng 12852 0 - Live 0xffffffffa04e2000
- virtio_rng 13135 0 - Live 0xffffffffa04d1000
- virtio_ring 21011 1 virtio_rng, Live 0xffffffffa04ca000
- virtio 14187 1 virtio_rng, Live 0xffffffffa04c5000
- sg 36533 0 - Live 0xffffffffa0480000
- vfat 17411 1 - Live 0xffffffffa04bf000
- fat 65913 1 vfat, Live 0xffffffffa04ad000
- nls_utf8 12557 1 - Live 0xffffffffa047b000
- isofs 39842 1 - Live 0xffffffffa046c000
- loop 28035 2 - Live 0xffffffffa04da000
- coretemp 13435 0 - Live 0xffffffffa0467000
- iTCO_wdt 13480 0 - Live 0xffffffffa05b7000
- kvm_intel 138567 0 - Live 0xffffffffa048a000
- iTCO_vendor_support 13718 1 iTCO_wdt, Live 0xffffffffa03d7000
- ipmi_devintf 17572 0 - Live 0xffffffffa0636000
- kvm 441119 1 kvm_intel, Live 0xffffffffa03fa000
- cdc_ether 14351 0 - Live 0xffffffffa03ae000
- usbnet 43918 1 cdc_ether, Live 0xffffffffa03ee000
- mii 13934 1 usbnet, Live 0xffffffffa03ba000
- crc32c_intel 22079 0 - Live 0xffffffffa03b3000
- serio_raw 13462 0 - Live 0xffffffffa039a000
- ioatdma 67799 32 - Live 0xffffffffa03c5000
- ipmi_si 53257 0 - Live 0xffffffffa039f000
- lpc_ich 16977 0 - Live 0xffffffffa0394000
- mfd_core 13435 1 lpc_ich, Live 0xffffffffa0305000
- i2c_i801 18135 0 - Live 0xffffffffa03e8000
- dca 15130 1 ioatdma, Live 0xffffffffa0300000
- i7core_edac 24166 0 - Live 0xffffffffa038d000
- ipmi_msghandler 45306 2 ipmi_devintf,ipmi_si, Live 0xffffffffa0380000
- pcspkr 12718 0 - Live 0xffffffffa037b000
- edac_core 62330 2 i7core_edac, Live 0xffffffffa036a000
- shpchp 37032 0 - Live 0xffffffffa03dd000
- acpi_cpufreq 19790 0 - Live 0xffffffffa03bf000
- mperf 12667 1 acpi_cpufreq, Live 0xffffffffa01c0000
- nfsd 284378 1 - Live 0xffffffffa0323000
- auth_rpcgss 59368 1 nfsd, Live 0xffffffffa02f0000
- nfs_acl 12837 1 nfsd, Live 0xffffffffa018f000
- lockd 93977 1 nfsd, Live 0xffffffffa030b000
- sunrpc 293453 5 nfsd,auth_rpcgss,nfs_acl,lockd, Live 0xffffffffa02a7000
- uinput 17625 0 - Live 0xffffffffa01aa000
- xfs 914152 5 - Live 0xffffffffa01c6000
- dm_thin_pool 55788 5 - Live 0xffffffffa01b1000
- dm_persistent_data 61832 1 dm_thin_pool, Live 0xffffffffa0199000
- dm_bio_prison 15501 1 dm_thin_pool, Live 0xffffffffa016a000
- dm_bufio 27874 1 dm_persistent_data, Live 0xffffffffa0187000
- libcrc32c 12644 2 xfs,dm_persistent_data, Live 0xffffffffa008b000
- sd_mod 45373 4 - Live 0xffffffffa017a000
- sr_mod 22416 0 - Live 0xffffffffa016f000
- crc_t10dif 12714 1 sd_mod, Live 0xffffffffa0064000
- cdrom 42556 1 sr_mod, Live 0xffffffffa015e000
- crct10dif_common 12595 1 crc_t10dif, Live 0xffffffffa00ef000
- mgag200 42283 1 - Live 0xffffffffa0152000
- syscopyarea 12529 1 mgag200, Live 0xffffffffa00e0000
- sysfillrect 12701 1 mgag200, Live 0xffffffffa00db000
- ata_generic 12910 0 - Live 0xffffffffa0069000
- sysimgblt 12640 1 mgag200, Live 0xffffffffa0022000
- pata_acpi 13038 0 - Live 0xffffffffa00ea000
- i2c_algo_bit 13413 1 mgag200, Live 0xffffffffa00e5000
- drm_kms_helper 52758 1 mgag200, Live 0xffffffffa0144000
- ttm 83948 1 mgag200, Live 0xffffffffa012e000
- ata_piix 35038 0 - Live 0xffffffffa005a000
- libata 219478 3 ata_generic,pata_acpi,ata_piix, Live 0xffffffffa00f7000
- drm 297829 3 mgag200,drm_kms_helper,ttm, Live 0xffffffffa0091000
- i2c_core 40325 5 i2c_i801,mgag200,i2c_algo_bit,drm_kms_helper,drm, Live 0xffffffffa004f000
- megaraid_sas 95427 7 - Live 0xffffffffa0072000
- bnx2 89206 0 - Live 0xffffffffa0038000
- dm_mirror 22135 0 - Live 0xffffffffa002d000
- dm_region_hash 20862 1 dm_mirror, Live 0xffffffffa001b000
- dm_log 18411 2 dm_mirror,dm_region_hash, Live 0xffffffffa0027000
- dm_mod 102999 27 dm_thin_pool,dm_persistent_data,dm_bufio,dm_mirror,dm_log, Live 0xffffffffa0000000
- + _________________________ /proc/meminfo
- + cat /proc/meminfo
- MemTotal: 7999336 kB
- MemFree: 5831332 kB
- MemAvailable: 6478792 kB
- Buffers: 2056 kB
- Cached: 831272 kB
- SwapCached: 0 kB
- Active: 1255412 kB
- Inactive: 490760 kB
- Active(anon): 985996 kB
- Inactive(anon): 40420 kB
- Active(file): 269416 kB
- Inactive(file): 450340 kB
- Unevictable: 18804 kB
- Mlocked: 18804 kB
- SwapTotal: 16383996 kB
- SwapFree: 16383996 kB
- Dirty: 1720 kB
- Writeback: 0 kB
- AnonPages: 932012 kB
- Mapped: 52876 kB
- Shmem: 107220 kB
- Slab: 241088 kB
- SReclaimable: 181120 kB
- SUnreclaim: 59968 kB
- KernelStack: 2560 kB
- PageTables: 10496 kB
- NFS_Unstable: 0 kB
- Bounce: 0 kB
- WritebackTmp: 0 kB
- CommitLimit: 20383664 kB
- Committed_AS: 1702272 kB
- VmallocTotal: 34359738367 kB
- VmallocUsed: 573176 kB
- VmallocChunk: 34359152636 kB
- HardwareCorrupted: 0 kB
- AnonHugePages: 806912 kB
- HugePages_Total: 0
- HugePages_Free: 0
- HugePages_Rsvd: 0
- HugePages_Surp: 0
- Hugepagesize: 2048 kB
- DirectMap4k: 171904 kB
- DirectMap2M: 8206336 kB
- + _________________________ /proc/net/ipsec-ls
- + test -f /proc/net/ipsec_version
- + _________________________ usr/src/linux/.config
- + test -f /proc/config.gz
- ++ uname -r
- + test -f /lib/modules/3.10.0-123.el7.x86_64/build/.config
- + egrep 'CONFIG_IPSEC|CONFIG_KLIPS|CONFIG_NET_KEY|CONFIG_INET|CONFIG_IP|CONFIG_HW_RANDOM|CONFIG_CRYPTO_DEV|_XFRM'
- ++ uname -r
- + cat /lib/modules/3.10.0-123.el7.x86_64/build/.config
- CONFIG_IPC_NS=y
- CONFIG_XFRM=y
- CONFIG_XFRM_ALGO=y
- CONFIG_XFRM_USER=y
- CONFIG_XFRM_SUB_POLICY=y
- CONFIG_XFRM_MIGRATE=y
- CONFIG_XFRM_STATISTICS=y
- CONFIG_XFRM_IPCOMP=m
- CONFIG_NET_KEY=m
- CONFIG_NET_KEY_MIGRATE=y
- CONFIG_INET=y
- CONFIG_IP_MULTICAST=y
- CONFIG_IP_ADVANCED_ROUTER=y
- CONFIG_IP_FIB_TRIE_STATS=y
- CONFIG_IP_MULTIPLE_TABLES=y
- CONFIG_IP_ROUTE_MULTIPATH=y
- CONFIG_IP_ROUTE_VERBOSE=y
- CONFIG_IP_ROUTE_CLASSID=y
- # CONFIG_IP_PNP is not set
- CONFIG_IP_MROUTE=y
- CONFIG_IP_MROUTE_MULTIPLE_TABLES=y
- CONFIG_IP_PIMSM_V1=y
- CONFIG_IP_PIMSM_V2=y
- CONFIG_INET_AH=m
- CONFIG_INET_ESP=m
- CONFIG_INET_IPCOMP=m
- CONFIG_INET_XFRM_TUNNEL=m
- CONFIG_INET_TUNNEL=m
- CONFIG_INET_XFRM_MODE_TRANSPORT=m
- CONFIG_INET_XFRM_MODE_TUNNEL=m
- CONFIG_INET_XFRM_MODE_BEET=m
- CONFIG_INET_LRO=y
- CONFIG_INET_DIAG=m
- CONFIG_INET_TCP_DIAG=m
- CONFIG_INET_UDP_DIAG=m
- CONFIG_IPV6=y
- CONFIG_IPV6_ROUTER_PREF=y
- CONFIG_IPV6_ROUTE_INFO=y
- CONFIG_IPV6_OPTIMISTIC_DAD=y
- CONFIG_INET6_AH=m
- CONFIG_INET6_ESP=m
- CONFIG_INET6_IPCOMP=m
- CONFIG_IPV6_MIP6=m
- CONFIG_INET6_XFRM_TUNNEL=m
- CONFIG_INET6_TUNNEL=m
- CONFIG_INET6_XFRM_MODE_TRANSPORT=m
- CONFIG_INET6_XFRM_MODE_TUNNEL=m
- CONFIG_INET6_XFRM_MODE_BEET=m
- CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION=m
- CONFIG_IPV6_SIT=m
- CONFIG_IPV6_SIT_6RD=y
- CONFIG_IPV6_NDISC_NODETYPE=y
- CONFIG_IPV6_TUNNEL=m
- # CONFIG_IPV6_GRE is not set
- CONFIG_IPV6_MULTIPLE_TABLES=y
- # CONFIG_IPV6_SUBTREES is not set
- CONFIG_IPV6_MROUTE=y
- CONFIG_IPV6_MROUTE_MULTIPLE_TABLES=y
- CONFIG_IPV6_PIMSM_V2=y
- CONFIG_IP_SET=m
- CONFIG_IP_SET_MAX=256
- CONFIG_IP_SET_BITMAP_IP=m
- CONFIG_IP_SET_BITMAP_IPMAC=m
- CONFIG_IP_SET_BITMAP_PORT=m
- CONFIG_IP_SET_HASH_IP=m
- CONFIG_IP_SET_HASH_IPPORT=m
- CONFIG_IP_SET_HASH_IPPORTIP=m
- CONFIG_IP_SET_HASH_IPPORTNET=m
- CONFIG_IP_SET_HASH_NET=m
- CONFIG_IP_SET_HASH_NETPORT=m
- CONFIG_IP_SET_HASH_NETIFACE=m
- CONFIG_IP_SET_LIST_SET=m
- CONFIG_IP_VS=m
- CONFIG_IP_VS_IPV6=y
- # CONFIG_IP_VS_DEBUG is not set
- CONFIG_IP_VS_TAB_BITS=12
- CONFIG_IP_VS_PROTO_TCP=y
- CONFIG_IP_VS_PROTO_UDP=y
- CONFIG_IP_VS_PROTO_AH_ESP=y
- CONFIG_IP_VS_PROTO_ESP=y
- CONFIG_IP_VS_PROTO_AH=y
- CONFIG_IP_VS_PROTO_SCTP=y
- CONFIG_IP_VS_RR=m
- CONFIG_IP_VS_WRR=m
- CONFIG_IP_VS_LC=m
- CONFIG_IP_VS_WLC=m
- CONFIG_IP_VS_LBLC=m
- CONFIG_IP_VS_LBLCR=m
- CONFIG_IP_VS_DH=m
- CONFIG_IP_VS_SH=m
- CONFIG_IP_VS_SED=m
- CONFIG_IP_VS_NQ=m
- CONFIG_IP_VS_SH_TAB_BITS=8
- CONFIG_IP_VS_FTP=m
- CONFIG_IP_VS_NFCT=y
- CONFIG_IP_VS_PE_SIP=m
- CONFIG_IP_NF_IPTABLES=m
- CONFIG_IP_NF_MATCH_AH=m
- CONFIG_IP_NF_MATCH_ECN=m
- CONFIG_IP_NF_MATCH_RPFILTER=m
- CONFIG_IP_NF_MATCH_TTL=m
- CONFIG_IP_NF_FILTER=m
- CONFIG_IP_NF_TARGET_REJECT=m
- CONFIG_IP_NF_TARGET_SYNPROXY=m
- CONFIG_IP_NF_TARGET_ULOG=m
- CONFIG_IP_NF_TARGET_MASQUERADE=m
- CONFIG_IP_NF_TARGET_NETMAP=m
- CONFIG_IP_NF_TARGET_REDIRECT=m
- CONFIG_IP_NF_MANGLE=m
- CONFIG_IP_NF_TARGET_CLUSTERIP=m
- CONFIG_IP_NF_TARGET_ECN=m
- CONFIG_IP_NF_TARGET_TTL=m
- CONFIG_IP_NF_RAW=m
- CONFIG_IP_NF_SECURITY=m
- CONFIG_IP_NF_ARPTABLES=m
- CONFIG_IP_NF_ARPFILTER=m
- CONFIG_IP_NF_ARP_MANGLE=m
- CONFIG_IP6_NF_IPTABLES=m
- CONFIG_IP6_NF_MATCH_AH=m
- CONFIG_IP6_NF_MATCH_EUI64=m
- CONFIG_IP6_NF_MATCH_FRAG=m
- CONFIG_IP6_NF_MATCH_OPTS=m
- CONFIG_IP6_NF_MATCH_HL=m
- CONFIG_IP6_NF_MATCH_IPV6HEADER=m
- CONFIG_IP6_NF_MATCH_MH=m
- CONFIG_IP6_NF_MATCH_RPFILTER=m
- CONFIG_IP6_NF_MATCH_RT=m
- CONFIG_IP6_NF_TARGET_HL=m
- CONFIG_IP6_NF_FILTER=m
- CONFIG_IP6_NF_TARGET_REJECT=m
- CONFIG_IP6_NF_TARGET_SYNPROXY=m
- CONFIG_IP6_NF_MANGLE=m
- CONFIG_IP6_NF_RAW=m
- CONFIG_IP6_NF_SECURITY=m
- CONFIG_IP6_NF_TARGET_MASQUERADE=m
- # CONFIG_IP6_NF_TARGET_NPT is not set
- CONFIG_IP_DCCP=m
- CONFIG_INET_DCCP_DIAG=m
- # CONFIG_IP_DCCP_CCID2_DEBUG is not set
- CONFIG_IP_DCCP_CCID3=y
- # CONFIG_IP_DCCP_CCID3_DEBUG is not set
- CONFIG_IP_DCCP_TFRC_LIB=y
- # CONFIG_IP_DCCP_DEBUG is not set
- CONFIG_IP_SCTP=m
- # CONFIG_IPX is not set
- CONFIG_IP1000=m
- # CONFIG_IPW2100 is not set
- # CONFIG_IPW2200 is not set
- CONFIG_IPPP_FILTER=y
- CONFIG_IPMI_HANDLER=m
- # CONFIG_IPMI_PANIC_EVENT is not set
- CONFIG_IPMI_DEVICE_INTERFACE=m
- CONFIG_IPMI_SI=m
- CONFIG_IPMI_WATCHDOG=m
- CONFIG_IPMI_POWEROFF=m
- CONFIG_HW_RANDOM=y
- CONFIG_HW_RANDOM_TIMERIOMEM=m
- CONFIG_HW_RANDOM_INTEL=m
- CONFIG_HW_RANDOM_AMD=m
- CONFIG_HW_RANDOM_VIA=m
- CONFIG_HW_RANDOM_VIRTIO=m
- CONFIG_HW_RANDOM_TPM=m
- # CONFIG_IPACK_BUS is not set
- CONFIG_SECURITY_NETWORK_XFRM=y
- CONFIG_CRYPTO_DEV_PADLOCK=m
- CONFIG_CRYPTO_DEV_PADLOCK_AES=m
- CONFIG_CRYPTO_DEV_PADLOCK_SHA=m
- + _________________________ etc/syslog.conf
- + _________________________ etc/syslog-ng/syslog-ng.conf
- + cat /etc/syslog-ng/syslog-ng.conf
- cat: /etc/syslog-ng/syslog-ng.conf: No such file or directory
- + cat /etc/syslog.conf
- cat: /etc/syslog.conf: No such file or directory
- + _________________________ etc/resolv.conf
- + cat /etc/resolv.conf
- # Generated by NetworkManager
- search blueprintconsulting.com
- nameserver 127.0.0.1
- + _________________________ lib/modules-ls
- + ls -ltr /lib/modules
- total 4
- drwxr-xr-x. 6 root root 4096 Feb 5 13:43 3.10.0-123.el7.x86_64
- + _________________________ fipscheck
- + cat /proc/sys/crypto/fips_enabled
- 0
- + _________________________ /proc/ksyms-netif_rx
- + test -r /proc/ksyms
- + test -r /proc/kallsyms
- + egrep netif_rx /proc/kallsyms
- ffffffff814cf210 T netif_rx
- ffffffff814cf650 T netif_rx_ni
- ffffffff81870c98 r __tracepoint_ptr_netif_rx
- ffffffff818726ad r __tpstrtab_netif_rx
- ffffffff818838f0 r __ksymtab_netif_rx
- ffffffff81883900 r __ksymtab_netif_rx_ni
- ffffffff81898808 r __kcrctab_netif_rx
- ffffffff81898810 r __kcrctab_netif_rx_ni
- ffffffff818ba17d r __kstrtab_netif_rx_ni
- ffffffff818ba189 r __kstrtab_netif_rx
- ffffffff819a34c0 d event_netif_rx
- ffffffff819bd500 D __tracepoint_netif_rx
- ffffffff81b61a00 t __event_netif_rx
- + _________________________ lib/modules-netif_rx
- + modulegoo kernel/net/ipv4/ipip.o netif_rx
- + set +x
- 3.10.0-123.el7.x86_64:
- + _________________________ kern.debug
- + test -f /var/log/kern.debug
- + _________________________ klog
- + sed -n '1,$p' /dev/null
- + egrep -i 'ipsec|klips|pluto'
- + case "$1" in
- + cat
- + _________________________ plog
- + sed -n '23701,$p' /var/log/messages-20150308
- + egrep -i pluto
- + case "$1" in
- + cat
- Mar 6 12:45:27 mdserver whack: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
- Mar 6 12:45:28 mdserver whack: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
- Mar 6 12:45:28 mdserver whack: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
- Mar 6 12:45:29 mdserver whack: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
- Mar 6 12:45:29 mdserver setroubleshoot: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket . For complete SELinux messages. run sealert -l df53c67c-488e-4f7a-9ba5-81389b6074c1
- Mar 6 12:45:29 mdserver python: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket .
- If you want to allow /usr/libexec/ipsec/pluto to bind to network port 501
- If you believe that pluto should be allowed name_bind access on the udp_socket by default.
- # grep pluto /var/log/audit/audit.log | audit2allow -M mypol
- Mar 6 12:45:29 mdserver setroubleshoot: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket . For complete SELinux messages. run sealert -l df53c67c-488e-4f7a-9ba5-81389b6074c1
- Mar 6 12:45:29 mdserver python: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket .
- If you want to allow /usr/libexec/ipsec/pluto to bind to network port 501
- If you believe that pluto should be allowed name_bind access on the udp_socket by default.
- # grep pluto /var/log/audit/audit.log | audit2allow -M mypol
- Mar 6 12:45:29 mdserver setroubleshoot: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket . For complete SELinux messages. run sealert -l df53c67c-488e-4f7a-9ba5-81389b6074c1
- Mar 6 12:45:29 mdserver python: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket .
- If you want to allow /usr/libexec/ipsec/pluto to bind to network port 501
- If you believe that pluto should be allowed name_bind access on the udp_socket by default.
- # grep pluto /var/log/audit/audit.log | audit2allow -M mypol
- Mar 6 12:45:29 mdserver setroubleshoot: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket . For complete SELinux messages. run sealert -l df53c67c-488e-4f7a-9ba5-81389b6074c1
- Mar 6 12:45:29 mdserver python: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket .
- If you want to allow /usr/libexec/ipsec/pluto to bind to network port 501
- If you believe that pluto should be allowed name_bind access on the udp_socket by default.
- # grep pluto /var/log/audit/audit.log | audit2allow -M mypol
- Mar 6 12:45:29 mdserver whack: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
- Mar 6 12:45:29 mdserver setroubleshoot: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket . For complete SELinux messages. run sealert -l df53c67c-488e-4f7a-9ba5-81389b6074c1
- Mar 6 12:45:29 mdserver python: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket .
- If you want to allow /usr/libexec/ipsec/pluto to bind to network port 501
- If you believe that pluto should be allowed name_bind access on the udp_socket by default.
- # grep pluto /var/log/audit/audit.log | audit2allow -M mypol
- Mar 6 12:46:42 mdserver whack: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
- Mar 6 12:46:43 mdserver whack: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
- Mar 6 12:46:43 mdserver whack: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
- Mar 6 12:46:43 mdserver setroubleshoot: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket . For complete SELinux messages. run sealert -l df53c67c-488e-4f7a-9ba5-81389b6074c1
- Mar 6 12:46:43 mdserver python: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket .
- If you want to allow /usr/libexec/ipsec/pluto to bind to network port 501
- If you believe that pluto should be allowed name_bind access on the udp_socket by default.
- # grep pluto /var/log/audit/audit.log | audit2allow -M mypol
- Mar 6 12:46:43 mdserver setroubleshoot: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket . For complete SELinux messages. run sealert -l df53c67c-488e-4f7a-9ba5-81389b6074c1
- Mar 6 12:46:43 mdserver python: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket .
- If you want to allow /usr/libexec/ipsec/pluto to bind to network port 501
- If you believe that pluto should be allowed name_bind access on the udp_socket by default.
- # grep pluto /var/log/audit/audit.log | audit2allow -M mypol
- Mar 6 12:46:43 mdserver setroubleshoot: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket . For complete SELinux messages. run sealert -l df53c67c-488e-4f7a-9ba5-81389b6074c1
- Mar 6 12:46:43 mdserver python: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket .
- If you want to allow /usr/libexec/ipsec/pluto to bind to network port 501
- If you believe that pluto should be allowed name_bind access on the udp_socket by default.
- # grep pluto /var/log/audit/audit.log | audit2allow -M mypol
- Mar 6 12:46:44 mdserver whack: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
- Mar 6 12:46:44 mdserver setroubleshoot: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket . For complete SELinux messages. run sealert -l df53c67c-488e-4f7a-9ba5-81389b6074c1
- Mar 6 12:46:44 mdserver python: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket .
- If you want to allow /usr/libexec/ipsec/pluto to bind to network port 501
- If you believe that pluto should be allowed name_bind access on the udp_socket by default.
- # grep pluto /var/log/audit/audit.log | audit2allow -M mypol
- Mar 6 12:46:44 mdserver whack: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
- Mar 6 12:46:44 mdserver setroubleshoot: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket . For complete SELinux messages. run sealert -l df53c67c-488e-4f7a-9ba5-81389b6074c1
- Mar 6 12:46:44 mdserver python: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket .
- If you want to allow /usr/libexec/ipsec/pluto to bind to network port 501
- If you believe that pluto should be allowed name_bind access on the udp_socket by default.
- # grep pluto /var/log/audit/audit.log | audit2allow -M mypol
- + _________________________ date
- + date
- Fri Mar 20 14:00:54 EST 2015
- # ==== Output of mdserver command: "sleep 30"
- # ==== Output of mdserver command: "ip link"
- 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT
- link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
- 2: enp11s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT qlen 1000
- link/ether 00:21:5e:09:a9:1c brd ff:ff:ff:ff:ff:ff
- 3: enp11s0f1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN mode DEFAULT qlen 1000
- link/ether 00:21:5e:09:a9:1e brd ff:ff:ff:ff:ff:ff
- 4: enp0s29f0u2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN mode DEFAULT qlen 1000
- link/ether 02:21:5e:0a:a9:1f brd ff:ff:ff:ff:ff:ff
- # ==== Output of mdserver command: "ip addr"
- 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
- link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
- inet 127.0.0.1/8 scope host lo
- valid_lft forever preferred_lft forever
- inet6 ::1/128 scope host
- valid_lft forever preferred_lft forever
- 2: enp11s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
- link/ether 00:21:5e:09:a9:1c brd ff:ff:ff:ff:ff:ff
- inet 10.1.2.2/24 brd 10.1.2.255 scope global enp11s0f0
- valid_lft forever preferred_lft forever
- inet6 fe80::221:5eff:fe09:a91c/64 scope link
- valid_lft forever preferred_lft forever
- 3: enp11s0f1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN qlen 1000
- link/ether 00:21:5e:09:a9:1e brd ff:ff:ff:ff:ff:ff
- 4: enp0s29f0u2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
- link/ether 02:21:5e:0a:a9:1f brd ff:ff:ff:ff:ff:ff
- # ==== Output of mdserver command: "ip neigh"
- fe80::9e97:26ff:fee5:2a26 dev enp11s0f0 lladdr 9c:97:26:e5:2a:26 router STALE
- 10.1.2.254 dev enp11s0f0 lladdr 9c:97:26:e5:2a:26 REACHABLE
- 10.1.2.10 dev enp11s0f0 lladdr 00:26:9e:52:e7:4c STALE
- 10.1.2.17 dev enp11s0f0 lladdr 50:e5:49:6d:d3:f5 STALE
- # ==== Output of mdserver command: "ip route"
- default via 10.1.2.254 dev enp11s0f0 proto static metric 1024
- 10.1.2.0/24 dev enp11s0f0 proto kernel scope link src 10.1.2.2
- # ==== Output of mdserver command: "ip xfrm state"
- src 54.66.129.223 dst 10.1.2.2
- proto esp spi 0x477e7098 reqid 16385 mode tunnel
- replay-window 32 flag af-unspec
- auth-trunc hmac(sha1) 0xbdb0543120a41a3100daeda0641e2edd60112ff3 96
- enc cbc(aes) 0xff3a501b35ac098b384dee3128b49886
- src 10.1.2.2 dst 54.66.129.223
- proto esp spi 0x38d88809 reqid 16385 mode tunnel
- replay-window 32 flag af-unspec
- auth-trunc hmac(sha1) 0x7ccbc849c1088fdd31675c839be749ba7858dcbd 96
- enc cbc(aes) 0xa633395dc655b0a5363233d9847fa588
- # ==== Output of mdserver command: "ipsec look"
- mdserver.blueprintconsulting.com Fri Mar 20 14:01:24 EST 2015
- XFRM state:
- src 54.66.129.223 dst 10.1.2.2
- proto esp spi 0x477e7098 reqid 16385 mode tunnel
- replay-window 32 flag af-unspec
- auth-trunc hmac(sha1) 0xbdb0543120a41a3100daeda0641e2edd60112ff3 96
- enc cbc(aes) 0xff3a501b35ac098b384dee3128b49886
- src 10.1.2.2 dst 54.66.129.223
- proto esp spi 0x38d88809 reqid 16385 mode tunnel
- replay-window 32 flag af-unspec
- auth-trunc hmac(sha1) 0x7ccbc849c1088fdd31675c839be749ba7858dcbd 96
- enc cbc(aes) 0xa633395dc655b0a5363233d9847fa588
- XFRM policy:
- src 10.1.2.0/24 dst 10.1.0.0/16
- dir out priority 2352 ptype main
- tmpl src 10.1.2.2 dst 54.66.129.223
- proto esp reqid 16385 mode tunnel
- src 10.1.0.0/16 dst 10.1.2.0/24
- dir fwd priority 2352 ptype main
- tmpl src 54.66.129.223 dst 10.1.2.2
- proto esp reqid 16385 mode tunnel
- src 10.1.0.0/16 dst 10.1.2.0/24
- dir in priority 2352 ptype main
- tmpl src 54.66.129.223 dst 10.1.2.2
- proto esp reqid 16385 mode tunnel
- src ::/0 dst ::/0
- socket out priority 0 ptype main
- src ::/0 dst ::/0
- socket in priority 0 ptype main
- src 0.0.0.0/0 dst 0.0.0.0/0
- socket out priority 0 ptype main
- src 0.0.0.0/0 dst 0.0.0.0/0
- socket in priority 0 ptype main
- src 0.0.0.0/0 dst 0.0.0.0/0
- socket out priority 0 ptype main
- src 0.0.0.0/0 dst 0.0.0.0/0
- socket in priority 0 ptype main
- XFRM done
- IPSEC mangle TABLES
- NEW_IPSEC_CONN mangle TABLES
- ROUTING TABLES
- default via 10.1.2.254 dev enp11s0f0 proto static metric 1024
- 10.1.2.0/24 dev enp11s0f0 proto kernel scope link src 10.1.2.2
- unreachable ::/96 dev lo metric 1024 error -101
- unreachable ::ffff:0.0.0.0/96 dev lo metric 1024 error -101
- unreachable 2002:a00::/24 dev lo metric 1024 error -101
- unreachable 2002:7f00::/24 dev lo metric 1024 error -101
- unreachable 2002:a9fe::/32 dev lo metric 1024 error -101
- unreachable 2002:ac10::/28 dev lo metric 1024 error -101
- unreachable 2002:c0a8::/32 dev lo metric 1024 error -101
- unreachable 2002:e000::/19 dev lo metric 1024 error -101
- unreachable 3ffe:ffff::/32 dev lo metric 1024 error -101
- fe80::/64 dev enp11s0f0 proto kernel metric 256
- NSS_CERTIFICATES
- Certificate Nickname Trust Attributes
- SSL,S/MIME,JAR/XPI
- # ==== Output of mdserver command: "ipsec barf"
- Unable to find KLIPS messages, typically found in /var/log/messages or equivalent. You may need to run Libreswan for the first time; alternatively, your log files have been emptied (ie, logwatch) or we do not understand your logging configuration.
- mdserver.blueprintconsulting.com
- Fri Mar 20 14:01:24 EST 2015
- + _________________________ version
- + ipsec --version
- Linux Libreswan 3.8 (netkey) on 3.10.0-123.el7.x86_64
- + _________________________ /proc/version
- + cat /proc/version
- Linux version 3.10.0-123.el7.x86_64 (mockbuild@x86-017.build.eng.bos.redhat.com) (gcc version 4.8.2 20140120 (Red Hat 4.8.2-16) (GCC) ) #1 SMP Mon May 5 11:16:57 EDT 2014
- + _________________________ /proc/net/ipsec_eroute
- + test -r /proc/net/ipsec_eroute
- + _________________________ netstat-rn
- + netstat -nr
- + head -n 100
- Kernel IP routing table
- Destination Gateway Genmask Flags MSS Window irtt Iface
- 0.0.0.0 10.1.2.254 0.0.0.0 UG 0 0 0 enp11s0f0
- 10.1.2.0 0.0.0.0 255.255.255.0 U 0 0 0 enp11s0f0
- + _________________________ /proc/net/ipsec_spi
- + test -r /proc/net/ipsec_spi
- + _________________________ /proc/net/ipsec_spigrp
- + test -r /proc/net/ipsec_spigrp
- + _________________________ /proc/net/ipsec_tncfg
- + test -r /proc/net/ipsec_tncfg
- + _________________________ /proc/net/pfkey
- + test -r /proc/net/pfkey
- + cat /proc/net/pfkey
- sk RefCnt Rmem Wmem User Inode
- + _________________________ ip-xfrm-state
- + ip xfrm state
- src 54.66.129.223 dst 10.1.2.2
- proto esp spi 0x477e7098 reqid 16385 mode tunnel
- replay-window 32 flag af-unspec
- auth-trunc hmac(sha1) 0xbdb0543120a41a3100daeda0641e2edd60112ff3 96
- enc cbc(aes) 0xff3a501b35ac098b384dee3128b49886
- src 10.1.2.2 dst 54.66.129.223
- proto esp spi 0x38d88809 reqid 16385 mode tunnel
- replay-window 32 flag af-unspec
- auth-trunc hmac(sha1) 0x7ccbc849c1088fdd31675c839be749ba7858dcbd 96
- enc cbc(aes) 0xa633395dc655b0a5363233d9847fa588
- + _________________________ ip-xfrm-policy
- + ip xfrm policy
- src 10.1.2.0/24 dst 10.1.0.0/16
- dir out priority 2352 ptype main
- tmpl src 10.1.2.2 dst 54.66.129.223
- proto esp reqid 16385 mode tunnel
- src 10.1.0.0/16 dst 10.1.2.0/24
- dir fwd priority 2352 ptype main
- tmpl src 54.66.129.223 dst 10.1.2.2
- proto esp reqid 16385 mode tunnel
- src 10.1.0.0/16 dst 10.1.2.0/24
- dir in priority 2352 ptype main
- tmpl src 54.66.129.223 dst 10.1.2.2
- proto esp reqid 16385 mode tunnel
- src ::/0 dst ::/0
- socket out priority 0 ptype main
- src ::/0 dst ::/0
- socket in priority 0 ptype main
- src 0.0.0.0/0 dst 0.0.0.0/0
- socket out priority 0 ptype main
- src 0.0.0.0/0 dst 0.0.0.0/0
- socket in priority 0 ptype main
- src 0.0.0.0/0 dst 0.0.0.0/0
- socket out priority 0 ptype main
- src 0.0.0.0/0 dst 0.0.0.0/0
- socket in priority 0 ptype main
- + _________________________ ip-xfrm-stats
- + cat /proc/net/xfrm_stat
- XfrmInError 0
- XfrmInBufferError 0
- XfrmInHdrError 0
- XfrmInNoStates 0
- XfrmInStateProtoError 0
- XfrmInStateModeError 0
- XfrmInStateSeqError 0
- XfrmInStateExpired 0
- XfrmInStateMismatch 0
- XfrmInStateInvalid 0
- XfrmInTmplMismatch 24490
- XfrmInNoPols 0
- XfrmInPolBlock 0
- XfrmInPolError 0
- XfrmOutError 0
- XfrmOutBundleGenError 0
- XfrmOutBundleCheckError 0
- XfrmOutNoStates 1
- XfrmOutStateProtoError 0
- XfrmOutStateModeError 0
- XfrmOutStateSeqError 0
- XfrmOutStateExpired 0
- XfrmOutPolBlock 0
- XfrmOutPolDead 0
- XfrmOutPolError 0
- XfrmFwdHdrError 0
- XfrmOutStateInvalid 0
- + _________________________ ip-l2tp-tunnel
- + test -d /sys/module/l2tp_core
- + _________________________ /proc/crypto
- + test -r /proc/crypto
- + cat /proc/crypto
- name : authenc(hmac(sha1),cbc(aes))
- driver : authenc(hmac(sha1-generic),cbc(aes-asm))
- module : authenc
- priority : 2000
- refcnt : 3
- selftest : passed
- type : aead
- async : no
- blocksize : 16
- ivsize : 16
- maxauthsize : 20
- geniv : <built-in>
- name : cbc(aes)
- driver : cbc(aes-asm)
- module : kernel
- priority : 200
- refcnt : 3
- selftest : passed
- type : givcipher
- async : no
- blocksize : 16
- min keysize : 16
- max keysize : 32
- ivsize : 16
- geniv : eseqiv
- name : rfc3686(ctr(aes))
- driver : rfc3686(ctr(aes-asm))
- module : kernel
- priority : 200
- refcnt : 1
- selftest : passed
- type : ablkcipher
- async : yes
- blocksize : 1
- min keysize : 20
- max keysize : 36
- ivsize : 8
- geniv : seqiv
- name : ctr(aes)
- driver : ctr(aes-asm)
- module : kernel
- priority : 200
- refcnt : 1
- selftest : passed
- type : givcipher
- async : yes
- blocksize : 1
- min keysize : 16
- max keysize : 32
- ivsize : 16
- geniv : chainiv
- name : ctr(aes)
- driver : ctr(aes-asm)
- module : kernel
- priority : 200
- refcnt : 1
- selftest : passed
- type : blkcipher
- blocksize : 1
- min keysize : 16
- max keysize : 32
- ivsize : 16
- geniv : chainiv
- name : cbc(cast5)
- driver : cbc(cast5-generic)
- module : kernel
- priority : 100
- refcnt : 1
- selftest : passed
- type : blkcipher
- blocksize : 8
- min keysize : 5
- max keysize : 16
- ivsize : 8
- geniv : <default>
- name : cbc(des3_ede)
- driver : cbc(des3_ede-generic)
- module : kernel
- priority : 0
- refcnt : 1
- selftest : passed
- type : blkcipher
- blocksize : 8
- min keysize : 24
- max keysize : 24
- ivsize : 8
- geniv : <default>
- name : cbc(des)
- driver : cbc(des-generic)
- module : kernel
- priority : 0
- refcnt : 1
- selftest : passed
- type : blkcipher
- blocksize : 8
- min keysize : 8
- max keysize : 8
- ivsize : 8
- geniv : <default>
- name : cmac(aes)
- driver : cmac(aes-asm)
- module : cmac
- priority : 200
- refcnt : 1
- selftest : passed
- type : shash
- blocksize : 16
- digestsize : 16
- name : xcbc(aes)
- driver : xcbc(aes-asm)
- module : xcbc
- priority : 200
- refcnt : 1
- selftest : passed
- type : shash
- blocksize : 16
- digestsize : 16
- name : hmac(rmd160)
- driver : hmac(rmd160-generic)
- module : kernel
- priority : 0
- refcnt : 1
- selftest : passed
- type : shash
- blocksize : 64
- digestsize : 20
- name : rmd160
- driver : rmd160-generic
- module : rmd160
- priority : 0
- refcnt : 1
- selftest : passed
- type : shash
- blocksize : 64
- digestsize : 20
- name : hmac(sha512)
- driver : hmac(sha512-ssse3)
- module : kernel
- priority : 150
- refcnt : 1
- selftest : passed
- type : shash
- blocksize : 128
- digestsize : 64
- name : hmac(sha384)
- driver : hmac(sha384-generic)
- module : kernel
- priority : 0
- refcnt : 1
- selftest : passed
- type : shash
- blocksize : 128
- digestsize : 48
- name : hmac(sha256)
- driver : hmac(sha256-ssse3)
- module : kernel
- priority : 150
- refcnt : 1
- selftest : passed
- type : shash
- blocksize : 64
- digestsize : 32
- name : hmac(md5)
- driver : hmac(md5-generic)
- module : kernel
- priority : 0
- refcnt : 1
- selftest : passed
- type : shash
- blocksize : 64
- digestsize : 16
- name : digest_null
- driver : digest_null-generic
- module : crypto_null
- priority : 0
- refcnt : 1
- selftest : passed
- type : shash
- blocksize : 1
- digestsize : 0
- name : compress_null
- driver : compress_null-generic
- module : crypto_null
- priority : 0
- refcnt : 1
- selftest : passed
- type : compression
- name : ecb(cipher_null)
- driver : ecb-cipher_null
- module : crypto_null
- priority : 100
- refcnt : 1
- selftest : passed
- type : blkcipher
- blocksize : 1
- min keysize : 0
- max keysize : 0
- ivsize : 0
- geniv : <default>
- name : cipher_null
- driver : cipher_null-generic
- module : crypto_null
- priority : 0
- refcnt : 1
- selftest : passed
- type : cipher
- blocksize : 1
- min keysize : 0
- max keysize : 0
- name : camellia
- driver : camellia-generic
- module : camellia_generic
- priority : 100
- refcnt : 1
- selftest : passed
- type : cipher
- blocksize : 16
- min keysize : 16
- max keysize : 32
- name : xts(camellia)
- driver : xts-camellia-asm
- module : camellia_x86_64
- priority : 300
- refcnt : 1
- selftest : passed
- type : blkcipher
- blocksize : 16
- min keysize : 32
- max keysize : 64
- ivsize : 16
- geniv : <default>
- name : lrw(camellia)
- driver : lrw-camellia-asm
- module : camellia_x86_64
- priority : 300
- refcnt : 1
- selftest : passed
- type : blkcipher
- blocksize : 16
- min keysize : 32
- max keysize : 48
- ivsize : 16
- geniv : <default>
- name : ctr(camellia)
- driver : ctr-camellia-asm
- module : camellia_x86_64
- priority : 300
- refcnt : 1
- selftest : passed
- type : blkcipher
- blocksize : 1
- min keysize : 16
- max keysize : 32
- ivsize : 16
- geniv : <default>
- name : cbc(camellia)
- driver : cbc-camellia-asm
- module : camellia_x86_64
- priority : 300
- refcnt : 1
- selftest : passed
- type : blkcipher
- blocksize : 16
- min keysize : 16
- max keysize : 32
- ivsize : 16
- geniv : <default>
- name : ecb(camellia)
- driver : ecb-camellia-asm
- module : camellia_x86_64
- priority : 300
- refcnt : 1
- selftest : passed
- type : blkcipher
- blocksize : 16
- min keysize : 16
- max keysize : 32
- ivsize : 0
- geniv : <default>
- name : camellia
- driver : camellia-asm
- module : camellia_x86_64
- priority : 200
- refcnt : 1
- selftest : passed
- type : cipher
- blocksize : 16
- min keysize : 16
- max keysize : 32
- name : cast6
- driver : cast6-generic
- module : cast6_generic
- priority : 100
- refcnt : 1
- selftest : passed
- type : cipher
- blocksize : 16
- min keysize : 16
- max keysize : 32
- name : cast5
- driver : cast5-generic
- module : cast5_generic
- priority : 100
- refcnt : 1
- selftest : passed
- type : cipher
- blocksize : 8
- min keysize : 5
- max keysize : 16
- name : deflate
- driver : deflate-generic
- module : deflate
- priority : 0
- refcnt : 1
- selftest : passed
- type : compression
- name : xts(serpent)
- driver : xts-serpent-sse2
- module : serpent_sse2_x86_64
- priority : 400
- refcnt : 1
- selftest : passed
- type : ablkcipher
- async : yes
- blocksize : 16
- min keysize : 0
- max keysize : 64
- ivsize : 16
- geniv : <default>
- name : lrw(serpent)
- driver : lrw-serpent-sse2
- module : serpent_sse2_x86_64
- priority : 400
- refcnt : 1
- selftest : passed
- type : ablkcipher
- async : yes
- blocksize : 16
- min keysize : 16
- max keysize : 48
- ivsize : 16
- geniv : <default>
- name : ctr(serpent)
- driver : ctr-serpent-sse2
- module : serpent_sse2_x86_64
- priority : 400
- refcnt : 1
- selftest : passed
- type : ablkcipher
- async : yes
- blocksize : 1
- min keysize : 0
- max keysize : 32
- ivsize : 16
- geniv : chainiv
- name : cbc(serpent)
- driver : cbc-serpent-sse2
- module : serpent_sse2_x86_64
- priority : 400
- refcnt : 1
- selftest : passed
- type : ablkcipher
- async : yes
- blocksize : 16
- min keysize : 0
- max keysize : 32
- ivsize : 16
- geniv : <default>
- name : __ecb-serpent-sse2
- driver : cryptd(__driver-ecb-serpent-sse2)
- module : cryptd
- priority : 50
- refcnt : 1
- selftest : passed
- type : ablkcipher
- async : yes
- blocksize : 16
- min keysize : 0
- max keysize : 32
- ivsize : 0
- geniv : <default>
- name : ecb(serpent)
- driver : ecb-serpent-sse2
- module : serpent_sse2_x86_64
- priority : 400
- refcnt : 1
- selftest : passed
- type : ablkcipher
- async : yes
- blocksize : 16
- min keysize : 0
- max keysize : 32
- ivsize : 0
- geniv : <default>
- name : __xts-serpent-sse2
- driver : __driver-xts-serpent-sse2
- module : serpent_sse2_x86_64
- priority : 0
- refcnt : 1
- selftest : passed
- type : blkcipher
- blocksize : 16
- min keysize : 0
- max keysize : 64
- ivsize : 16
- geniv : <default>
- name : __lrw-serpent-sse2
- driver : __driver-lrw-serpent-sse2
- module : serpent_sse2_x86_64
- priority : 0
- refcnt : 1
- selftest : passed
- type : blkcipher
- blocksize : 16
- min keysize : 16
- max keysize : 48
- ivsize : 16
- geniv : <default>
- name : __ctr-serpent-sse2
- driver : __driver-ctr-serpent-sse2
- module : serpent_sse2_x86_64
- priority : 0
- refcnt : 1
- selftest : passed
- type : blkcipher
- blocksize : 1
- min keysize : 0
- max keysize : 32
- ivsize : 16
- geniv : <default>
- name : __cbc-serpent-sse2
- driver : __driver-cbc-serpent-sse2
- module : serpent_sse2_x86_64
- priority : 0
- refcnt : 1
- selftest : passed
- type : blkcipher
- blocksize : 16
- min keysize : 0
- max keysize : 32
- ivsize : 0
- geniv : <default>
- name : __ecb-serpent-sse2
- driver : __driver-ecb-serpent-sse2
- module : serpent_sse2_x86_64
- priority : 0
- refcnt : 1
- selftest : passed
- type : blkcipher
- blocksize : 16
- min keysize : 0
- max keysize : 32
- ivsize : 0
- geniv : <default>
- name : tnepres
- driver : tnepres-generic
- module : serpent_generic
- priority : 0
- refcnt : 1
- selftest : passed
- type : cipher
- blocksize : 16
- min keysize : 0
- max keysize : 32
- name : serpent
- driver : serpent-generic
- module : serpent_generic
- priority : 100
- refcnt : 1
- selftest : passed
- type : cipher
- blocksize : 16
- min keysize : 0
- max keysize : 32
- name : blowfish
- driver : blowfish-generic
- module : blowfish_generic
- priority : 100
- refcnt : 1
- selftest : passed
- type : cipher
- blocksize : 8
- min keysize : 4
- max keysize : 56
- name : ctr(blowfish)
- driver : ctr-blowfish-asm
- module : blowfish_x86_64
- priority : 300
- refcnt : 1
- selftest : passed
- type : blkcipher
- blocksize : 1
- min keysize : 4
- max keysize : 56
- ivsize : 8
- geniv : <default>
- name : cbc(blowfish)
- driver : cbc-blowfish-asm
- module : blowfish_x86_64
- priority : 300
- refcnt : 1
- selftest : passed
- type : blkcipher
- blocksize : 8
- min keysize : 4
- max keysize : 56
- ivsize : 8
- geniv : <default>
- name : ecb(blowfish)
- driver : ecb-blowfish-asm
- module : blowfish_x86_64
- priority : 300
- refcnt : 1
- selftest : passed
- type : blkcipher
- blocksize : 8
- min keysize : 4
- max keysize : 56
- ivsize : 0
- geniv : <default>
- name : blowfish
- driver : blowfish-asm
- module : blowfish_x86_64
- priority : 200
- refcnt : 1
- selftest : passed
- type : cipher
- blocksize : 8
- min keysize : 4
- max keysize : 56
- name : twofish
- driver : twofish-generic
- module : twofish_generic
- priority : 100
- refcnt : 1
- selftest : passed
- type : cipher
- blocksize : 16
- min keysize : 16
- max keysize : 32
- name : xts(twofish)
- driver : xts-twofish-3way
- module : twofish_x86_64_3way
- priority : 300
- refcnt : 1
- selftest : passed
- type : blkcipher
- blocksize : 16
- min keysize : 32
- max keysize : 64
- ivsize : 16
- geniv : <default>
- name : lrw(twofish)
- driver : lrw-twofish-3way
- module : twofish_x86_64_3way
- priority : 300
- refcnt : 1
- selftest : passed
- type : blkcipher
- blocksize : 16
- min keysize : 32
- max keysize : 48
- ivsize : 16
- geniv : <default>
- name : ctr(twofish)
- driver : ctr-twofish-3way
- module : twofish_x86_64_3way
- priority : 300
- refcnt : 1
- selftest : passed
- type : blkcipher
- blocksize : 1
- min keysize : 16
- max keysize : 32
- ivsize : 16
- geniv : <default>
- name : cbc(twofish)
- driver : cbc-twofish-3way
- module : twofish_x86_64_3way
- priority : 300
- refcnt : 1
- selftest : passed
- type : blkcipher
- blocksize : 16
- min keysize : 16
- max keysize : 32
- ivsize : 16
- geniv : <default>
- name : ecb(twofish)
- driver : ecb-twofish-3way
- module : twofish_x86_64_3way
- priority : 300
- refcnt : 1
- selftest : passed
- type : blkcipher
- blocksize : 16
- min keysize : 16
- max keysize : 32
- ivsize : 0
- geniv : <default>
- name : twofish
- driver : twofish-asm
- module : twofish_x86_64
- priority : 200
- refcnt : 1
- selftest : passed
- type : cipher
- blocksize : 16
- min keysize : 16
- max keysize : 32
- name : sha256
- driver : sha256-ssse3
- module : sha256_ssse3
- priority : 150
- refcnt : 1
- selftest : passed
- type : shash
- blocksize : 64
- digestsize : 32
- name : sha512
- driver : sha512-ssse3
- module : sha512_ssse3
- priority : 150
- refcnt : 1
- selftest : passed
- type : shash
- blocksize : 128
- digestsize : 64
- name : sha384
- driver : sha384-generic
- module : sha512_generic
- priority : 0
- refcnt : 1
- selftest : passed
- type : shash
- blocksize : 128
- digestsize : 48
- name : sha512
- driver : sha512-generic
- module : sha512_generic
- priority : 0
- refcnt : 1
- selftest : passed
- type : shash
- blocksize : 128
- digestsize : 64
- name : des3_ede
- driver : des3_ede-generic
- module : des_generic
- priority : 0
- refcnt : 1
- selftest : passed
- type : cipher
- blocksize : 8
- min keysize : 24
- max keysize : 24
- name : des
- driver : des-generic
- module : des_generic
- priority : 0
- refcnt : 1
- selftest : passed
- type : cipher
- blocksize : 8
- min keysize : 8
- max keysize : 8
- name : crc32c
- driver : crc32c-intel
- module : crc32c_intel
- priority : 200
- refcnt : 1
- selftest : passed
- type : shash
- blocksize : 1
- digestsize : 4
- name : cbc(aes)
- driver : cbc(aes-asm)
- module : kernel
- priority : 200
- refcnt : 3
- selftest : passed
- type : blkcipher
- blocksize : 16
- min keysize : 16
- max keysize : 32
- ivsize : 16
- geniv : <default>
- name : hmac(sha1)
- driver : hmac(sha1-generic)
- module : kernel
- priority : 0
- refcnt : 6
- selftest : passed
- type : shash
- blocksize : 64
- digestsize : 20
- name : stdrng
- driver : krng
- module : kernel
- priority : 200
- refcnt : 2
- selftest : passed
- type : rng
- seedsize : 0
- name : lzo
- driver : lzo-generic
- module : kernel
- priority : 0
- refcnt : 1
- selftest : passed
- type : compression
- name : crc32c
- driver : crc32c-generic
- module : kernel
- priority : 100
- refcnt : 2
- selftest : passed
- type : shash
- blocksize : 1
- digestsize : 4
- name : aes
- driver : aes-generic
- module : kernel
- priority : 100
- refcnt : 1
- selftest : passed
- type : cipher
- blocksize : 16
- min keysize : 16
- max keysize : 32
- name : sha224
- driver : sha224-generic
- module : kernel
- priority : 0
- refcnt : 1
- selftest : passed
- type : shash
- blocksize : 64
- digestsize : 28
- name : sha256
- driver : sha256-generic
- module : kernel
- priority : 0
- refcnt : 3
- selftest : passed
- type : shash
- blocksize : 64
- digestsize : 32
- name : sha1
- driver : sha1-generic
- module : kernel
- priority : 0
- refcnt : 7
- selftest : passed
- type : shash
- blocksize : 64
- digestsize : 20
- name : md5
- driver : md5-generic
- module : kernel
- priority : 0
- refcnt : 1
- selftest : passed
- type : shash
- blocksize : 64
- digestsize : 16
- name : aes
- driver : aes-asm
- module : kernel
- priority : 200
- refcnt : 4
- selftest : passed
- type : cipher
- blocksize : 16
- min keysize : 16
- max keysize : 32
- + __________________________/proc/sys/net/core/xfrm-star
- /usr/libexec/ipsec/barf: line 197: __________________________/proc/sys/net/core/xfrm-star: No such file or directory
- + for i in '/proc/sys/net/core/xfrm_*'
- + echo -n '/proc/sys/net/core/xfrm_acq_expires: '
- /proc/sys/net/core/xfrm_acq_expires: + cat /proc/sys/net/core/xfrm_acq_expires
- 30
- + for i in '/proc/sys/net/core/xfrm_*'
- + echo -n '/proc/sys/net/core/xfrm_aevent_etime: '
- /proc/sys/net/core/xfrm_aevent_etime: + cat /proc/sys/net/core/xfrm_aevent_etime
- 10
- + for i in '/proc/sys/net/core/xfrm_*'
- + echo -n '/proc/sys/net/core/xfrm_aevent_rseqth: '
- /proc/sys/net/core/xfrm_aevent_rseqth: + cat /proc/sys/net/core/xfrm_aevent_rseqth
- 2
- + for i in '/proc/sys/net/core/xfrm_*'
- + echo -n '/proc/sys/net/core/xfrm_larval_drop: '
- /proc/sys/net/core/xfrm_larval_drop: + cat /proc/sys/net/core/xfrm_larval_drop
- 1
- + _________________________ /proc/sys/net/ipsec-star
- + test -d /proc/sys/net/ipsec
- + _________________________ ipsec/status
- + ipsec whack --status
- 000 using kernel interface: netkey
- 000 interface lo/lo ::1
- 000 interface lo/lo 127.0.0.1
- 000 interface enp11s0f0/enp11s0f0 10.1.2.2
- 000
- 000 fips mode=disabled;
- 000 SElinux=enabled
- 000
- 000 config setup options:
- 000
- 000 configdir=/etc, configfile=/etc/ipsec.conf, secrets=/etc/ipsec.secrets, ipsecdir=/etc/ipsec.d, dumpdir=/var/run/pluto/, statsbin=unset
- 000 sbindir=/usr/sbin, libdir=/usr/libexec/ipsec, libexecdir=/usr/libexec/ipsec
- 000 pluto_version=3.8, pluto_vendorid=OE-Libreswan-3.8
- 000 nhelpers=-1, uniqueids=yes, retransmits=yes, force_busy=no
- 000 ikeport=500, strictcrlpolicy=no, crlcheckinterval=0, listen=<any>
- 000 secctx_attr_value=32001
- 000 myid = (none)
- 000 debug raw+crypt+parsing+emitting+control+lifecycle+kernel+dns+oppo+controlmore+pfkey+nattraversal+x509+dpd+oppoinfo
- 000
- 000 nat_traversal=no, keep_alive=20, nat_ikeport=4500, disable_port_floating=yes
- 000
- 000 ESP algorithms supported:
- 000
- 000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64, keysizemax=64
- 000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192, keysizemax=192
- 000 algorithm ESP encrypt: id=6, name=ESP_CAST, ivlen=8, keysizemin=40, keysizemax=128
- 000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8, keysizemin=40, keysizemax=448
- 000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0, keysizemax=0
- 000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128, keysizemax=256
- 000 algorithm ESP encrypt: id=13, name=ESP_AES_CTR, ivlen=8, keysizemin=160, keysizemax=288
- 000 algorithm ESP encrypt: id=14, name=ESP_AES_CCM_A, ivlen=8, keysizemin=128, keysizemax=256
- 000 algorithm ESP encrypt: id=15, name=ESP_AES_CCM_B, ivlen=8, keysizemin=128, keysizemax=256
- 000 algorithm ESP encrypt: id=16, name=ESP_AES_CCM_C, ivlen=8, keysizemin=128, keysizemax=256
- 000 algorithm ESP encrypt: id=18, name=ESP_AES_GCM_A, ivlen=8, keysizemin=128, keysizemax=256
- 000 algorithm ESP encrypt: id=19, name=ESP_AES_GCM_B, ivlen=12, keysizemin=128, keysizemax=256
- 000 algorithm ESP encrypt: id=20, name=ESP_AES_GCM_C, ivlen=16, keysizemin=128, keysizemax=256
- 000 algorithm ESP encrypt: id=22, name=ESP_CAMELLIA, ivlen=8, keysizemin=128, keysizemax=256
- 000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8, keysizemin=128, keysizemax=256
- 000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8, keysizemin=128, keysizemax=256
- 000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128
- 000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160
- 000 algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256, keysizemin=256, keysizemax=256
- 000 algorithm ESP auth attr: id=6, name=AUTH_ALGORITHM_HMAC_SHA2_384, keysizemin=384, keysizemax=384
- 000 algorithm ESP auth attr: id=7, name=AUTH_ALGORITHM_HMAC_SHA2_512, keysizemin=512, keysizemax=512
- 000 algorithm ESP auth attr: id=8, name=AUTH_ALGORITHM_HMAC_RIPEMD, keysizemin=160, keysizemax=160
- 000 algorithm ESP auth attr: id=9, name=AUTH_ALGORITHM_AES_CBC, keysizemin=128, keysizemax=128
- 000 algorithm ESP auth attr: id=251, name=AUTH_ALGORITHM_NULL_KAME, keysizemin=0, keysizemax=0
- 000
- 000 IKE algorithms supported:
- 000
- 000 algorithm IKE encrypt: v1id=0, v1name=0??, v2id=20, v2name=AES_GCM_C, blocksize=16, keydeflen=128
- 000 algorithm IKE encrypt: v1id=0, v1name=0??, v2id=19, v2name=AES_GCM_B, blocksize=16, keydeflen=128
- 000 algorithm IKE encrypt: v1id=0, v1name=0??, v2id=18, v2name=AES_GCM_A, blocksize=16, keydeflen=128
- 000 algorithm IKE encrypt: v1id=0, v1name=0??, v2id=16, v2name=AES_CCM_C, blocksize=16, keydeflen=128
- 000 algorithm IKE encrypt: v1id=0, v1name=0??, v2id=15, v2name=AES_CCM_B, blocksize=16, keydeflen=128
- 000 algorithm IKE encrypt: v1id=0, v1name=0??, v2id=14, v2name=AES_CCM_A, blocksize=16, keydeflen=128
- 000 algorithm IKE encrypt: v1id=5, v1name=OAKLEY_3DES_CBC, v2id=3, v2name=3DES, blocksize=8, keydeflen=192
- 000 algorithm IKE encrypt: v1id=7, v1name=OAKLEY_AES_CBC, v2id=12, v2name=AES_CBC, blocksize=16, keydeflen=128
- 000 algorithm IKE encrypt: v1id=65004, v1name=OAKLEY_SERPENT_CBC, v2id=65004, v2name=SERPENT_CBC, blocksize=16, keydeflen=128
- 000 algorithm IKE encrypt: v1id=65005, v1name=OAKLEY_TWOFISH_CBC, v2id=65005, v2name=TWOFISH_CBC, blocksize=16, keydeflen=128
- 000 algorithm IKE encrypt: v1id=65289, v1name=OAKLEY_TWOFISH_CBC_SSH, v2id=65289, v2name=TWOFISH_CBC_SSH, blocksize=16, keydeflen=128
- 000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
- 000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20
- 000 algorithm IKE hash: id=4, name=OAKLEY_SHA2_256, hashsize=32
- 000 algorithm IKE hash: id=5, name=OAKLEY_SHA2_384, hashsize=48
- 000 algorithm IKE hash: id=6, name=OAKLEY_SHA2_512, hashsize=64
- 000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
- 000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
- 000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
- 000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
- 000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
- 000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
- 000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
- 000 algorithm IKE dh group: id=22, name=OAKLEY_GROUP_DH22, bits=1024
- 000 algorithm IKE dh group: id=23, name=OAKLEY_GROUP_DH23, bits=2048
- 000 algorithm IKE dh group: id=24, name=OAKLEY_GROUP_DH24, bits=2048
- 000
- 000 stats db_ops: {curr_cnt, total_cnt, maxsz} :context={0,0,0} trans={0,0,0} attrs={0,0,0}
- 000
- 000 Connection list:
- 000
- 000 "amazoncore": 10.1.2.0/24===10.1.2.2[@potatoe]...54.66.129.223<54.66.129.223>[@blender]===10.1.0.0/16; erouted; eroute owner: #2
- 000 "amazoncore": oriented; my_ip=unset; their_ip=10.1.0.1;
- 000 "amazoncore": xauth info: us:none, them:none, my_xauthuser=[any]; their_xauthuser=[any]; ;
- 000 "amazoncore": modecfg info: us:none, them:none, modecfg policy:push, dns1:unset, dns2:unset, domain:unset, banner:unset;
- 000 "amazoncore": labeled_ipsec:no, loopback:no;
- 000 "amazoncore": policy_label:unset;
- 000 "amazoncore": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0;
- 000 "amazoncore": sha2_truncbug:no; initial_contact:no; cisco_unity:no; send_vendorid:no;
- 000 "amazoncore": policy: PSK+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW+SAREFTRACK+IKE_FRAG;
- 000 "amazoncore": conn_prio: 16,24; interface: enp11s0f0; metric: 0; mtu: unset; sa_prio:auto;
- 000 "amazoncore": dpd: action:hold; delay:0; timeout:0; nat-t: force_encaps:yes; nat_keepalive:yes;
- 000 "amazoncore": newest ISAKMP SA: #1; newest IPsec SA: #2;
- 000 "amazoncore": IKE algorithms wanted: AES_CBC(7)_256-SHA1(2)_000-MODP1536(5), 3DES_CBC(5)_000-MD5(1)_000-MODP1024(2)
- 000 "amazoncore": IKE algorithms found: AES_CBC(7)_256-SHA1(2)_160-MODP1536(5)3DES_CBC(5)_192-MD5(1)_128-MODP1024(2)
- 000 "amazoncore": IKE algorithm newest: AES_CBC_256-SHA1-MODP1536
- 000 "amazoncore": ESP algorithm newest: AES_128-HMAC_SHA1; pfsgroup=<Phase1>
- 000
- 000 Total IPsec connections: loaded 1, active 1
- 000
- 000 State list:
- 000
- 000 #2: "amazoncore":500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 28018s; newest IPSEC; eroute owner; isakmp#1; idle; import:admin initiate
- 000 #2: "amazoncore" esp.38d88809@54.66.129.223 esp.477e7098@10.1.2.2 tun.0@54.66.129.223 tun.0@10.1.2.2 ref=0 refhim=4294901761 Traffic: ESPin=713B ESPout=0B! ESPmax=4194303B
- 000 #1: "amazoncore":500 STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 2577s; newest ISAKMP; lastdpd=-1s(seq in:0 out:0); idle; import:admin initiate
- 000
- 000 Shunt list:
- 000
- + _________________________ ifconfig-a
- + ifconfig -a
- enp0s29f0u2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
- ether 02:21:5e:0a:a9:1f txqueuelen 1000 (Ethernet)
- RX packets 36715 bytes 2389943 (2.2 MiB)
- RX errors 0 dropped 0 overruns 0 frame 0
- TX packets 0 bytes 0 (0.0 B)
- TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
- enp11s0f0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
- inet 10.1.2.2 netmask 255.255.255.0 broadcast 10.1.2.255
- inet6 fe80::221:5eff:fe09:a91c prefixlen 64 scopeid 0x20<link>
- ether 00:21:5e:09:a9:1c txqueuelen 1000 (Ethernet)
- RX packets 175491 bytes 39849348 (38.0 MiB)
- RX errors 0 dropped 21 overruns 0 frame 0
- TX packets 133541 bytes 41851773 (39.9 MiB)
- TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
- enp11s0f1: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
- ether 00:21:5e:09:a9:1e txqueuelen 1000 (Ethernet)
- RX packets 0 bytes 0 (0.0 B)
- RX errors 0 dropped 0 overruns 0 frame 0
- TX packets 0 bytes 0 (0.0 B)
- TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
- lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
- inet 127.0.0.1 netmask 255.0.0.0
- inet6 ::1 prefixlen 128 scopeid 0x10<host>
- loop txqueuelen 0 (Local Loopback)
- RX packets 165087 bytes 52395287 (49.9 MiB)
- RX errors 0 dropped 0 overruns 0 frame 0
- TX packets 165087 bytes 52395287 (49.9 MiB)
- TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
- + _________________________ ip-addr-list
- + ip addr list
- 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
- link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
- inet 127.0.0.1/8 scope host lo
- valid_lft forever preferred_lft forever
- inet6 ::1/128 scope host
- valid_lft forever preferred_lft forever
- 2: enp11s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
- link/ether 00:21:5e:09:a9:1c brd ff:ff:ff:ff:ff:ff
- inet 10.1.2.2/24 brd 10.1.2.255 scope global enp11s0f0
- valid_lft forever preferred_lft forever
- inet6 fe80::221:5eff:fe09:a91c/64 scope link
- valid_lft forever preferred_lft forever
- 3: enp11s0f1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN qlen 1000
- link/ether 00:21:5e:09:a9:1e brd ff:ff:ff:ff:ff:ff
- 4: enp0s29f0u2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
- link/ether 02:21:5e:0a:a9:1f brd ff:ff:ff:ff:ff:ff
- + _________________________ ip-route-list
- + ip route list
- default via 10.1.2.254 dev enp11s0f0 proto static metric 1024
- 10.1.2.0/24 dev enp11s0f0 proto kernel scope link src 10.1.2.2
- + _________________________ ip-rule-list
- + ip rule list
- 0: from all lookup local
- 32766: from all lookup main
- 32767: from all lookup default
- + _________________________ ipsec_verify
- + ipsec verify --nocolour
- Verifying installed system and configuration files
- Version check and ipsec on-path [OK]
- Libreswan 3.8 (netkey) on 3.10.0-123.el7.x86_64
- Checking for IPsec support in kernel [OK]
- NETKEY: Testing XFRM related proc values
- ICMP default/send_redirects [OK]
- ICMP default/accept_redirects [OK]
- XFRM larval drop [OK]
- Pluto ipsec.conf syntax [OK]
- Hardware random device [N/A]
- Two or more interfaces found, checking IP forwarding [FAILED]
- Checking rp_filter [OK]
- Checking that pluto is running [OK]
- Pluto listening for IKE on udp 500 [OK]
- Pluto listening for IKE/NAT-T on udp 4500 [DISABLED]
- Pluto ipsec.secret syntax [OK]
- Checking NAT and MASQUERADEing [TEST INCOMPLETE]
- Checking 'ip' command [OK]
- Checking 'iptables' command [OK]
- Checking 'prelink' command does not interfere with FIPSChecking for obsolete ipsec.conf options [OK]
- Opportunistic Encryption [DISABLED]
- ipsec verify: encountered 2 errors - see 'man ipsec_verify' for help
- + _________________________ mii-tool
- + '[' -x /sbin/mii-tool ']'
- + /sbin/mii-tool -v
- No interface specified
- usage: /sbin/mii-tool [-VvRrwl] [-A media,... | -F media] [-p addr] <interface ...>
- -V, --version display version information
- -v, --verbose more verbose output
- -R, --reset reset MII to poweron state
- -r, --restart restart autonegotiation
- -w, --watch monitor for link status changes
- -l, --log with -w, write events to syslog
- -A, --advertise=media,... advertise only specified media
- -F, --force=media force specified media technology
- -p, --phy=addr set PHY (MII address) to report
- media: 1000baseTx-HD, 1000baseTx-FD,
- 100baseT4, 100baseTx-FD, 100baseTx-HD,
- 10baseT-FD, 10baseT-HD,
- (to advertise both HD and FD) 1000baseTx, 100baseTx, 10baseT
- + _________________________ ipsec/directory
- + ipsec --directory
- /usr/libexec/ipsec
- + _________________________ hostname/fqdn
- + hostname --fqdn
- mdserver.blueprintconsulting.com
- + _________________________ hostname/ipaddress
- + hostname --ip-address
- 10.1.2.2
- + _________________________ uptime
- + uptime
- 14:01:24 up 1 day, 1:19, 1 user, load average: 0.10, 0.05, 0.05
- + _________________________ ps
- + ps alxwf
- + egrep -i 'ppid|pluto|ipsec|klips'
- F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME COMMAND
- 0 0 10305 27355 20 0 113120 1484 wait S+ pts/1 0:00 \_ /bin/bash /etc/ipsec.d/show_ipsec_config
- 4 0 10760 10305 20 0 113124 1564 wait S+ pts/1 0:00 \_ /bin/sh /usr/libexec/ipsec/barf
- 0 0 10937 10760 20 0 4432 624 - S+ pts/1 0:00 \_ egrep -i ppid|pluto|ipsec|klips
- 0 0 10406 1 20 0 115212 1452 pipe_w Ss ? 0:00 /bin/sh -c eval `/usr/libexec/ipsec/pluto --config /etc/ipsec.conf --nofork $PLUTO_OPTIONS`
- 1 0 10411 10406 20 0 115212 660 wait S ? 0:00 \_ /bin/sh -c eval `/usr/libexec/ipsec/pluto --config /etc/ipsec.conf --nofork $PLUTO_OPTIONS`
- 4 0 10412 10411 20 0 629852 7208 poll_s Sl ? 0:00 \_ /usr/libexec/ipsec/pluto --config /etc/ipsec.conf --nofork
- 0 0 10464 10412 20 0 31308 872 poll_s S ? 0:00 \_ _pluto_adns -d
- + _________________________ ipsec/conf
- + ipsec readwriteconf --config /etc/ipsec.conf
- + ipsec _keycensor
- #conn amazoncore loaded
- config setup
- plutodebug="all raw crypt parsing emitting control lifecycle kernel dns oppo oppoinfo controlmore x509 dpd pfkey natt nattraversal klips netkey"
- dumpdir=/var/run/pluto/
- virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:100.64.0.0/10,%v6:fd00::/8,%v6:fe80::/10,!%v4:172.31.0.0/20
- protostack=netkey
- # begin conn amazoncore
- conn amazoncore
- left=54.66.129.223
- leftid="@blender"
- leftsubnet=10.1.0.0/16
- leftsourceip=10.1.0.1
- right=%defaultroute
- rightid="@potatoe"
- rightsubnet=10.1.2.0/24
- authby=secret
- forceencaps=yes
- ike=aes256-sha1;modp1536,3des-md5;modp1024
- auto==start
- type=tunnel
- compress=no
- pfs=yes
- ikepad=yes
- rekey=yes
- overlapip=yes
- authby=secret
- phase2=esp
- # end conn amazoncore
- # end of config
- + _________________________ ipsec/secrets
- + cat /etc/ipsec.secrets
- + ipsec _secretcensor
- include /etc/ipsec.d/*.secrets
- + _________________________ ipsec/listall
- + ipsec whack --listall
- 000
- 000 List of Public Keys:
- 000
- 000 List of Pre-shared secrets (from /etc/ipsec.secrets)
- 000 1: PSK @potatoe @blender
- 000
- 000 List of X.509 End Certificates:
- 000
- 000 List of X.509 AA Certificates:
- 000
- 000 List of X.509 CA Certificates:
- 000
- 000 List of X.509 CRLs:
- + '[' /etc/ipsec.d/policies ']'
- + for policy in '$POLICIES/*'
- ++ basename /etc/ipsec.d/policies/block
- + base=block
- + _________________________ ipsec/policies/block
- + cat /etc/ipsec.d/policies/block
- # This file defines the set of CIDRs (network/mask-length) to which
- # communication should never be allowed.
- #
- # See /usr/share/doc/libreswan/policygroups.html for details.
- #
- # $Id: block.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
- #
- + for policy in '$POLICIES/*'
- ++ basename /etc/ipsec.d/policies/clear
- + base=clear
- + _________________________ ipsec/policies/clear
- + cat /etc/ipsec.d/policies/clear
- # This file defines the set of CIDRs (network/mask-length) to which
- # communication should always be in the clear.
- #
- # See /usr/share/doc/libreswan/policygroups.html for details.
- #
- # root name servers should be in the clear
- 192.58.128.30/32
- 198.41.0.4/32
- 192.228.79.201/32
- 192.33.4.12/32
- 128.8.10.90/32
- 192.203.230.10/32
- 192.5.5.241/32
- 192.112.36.4/32
- 128.63.2.53/32
- 192.36.148.17/32
- 193.0.14.129/32
- 199.7.83.42/32
- 202.12.27.33/32
- + for policy in '$POLICIES/*'
- ++ basename /etc/ipsec.d/policies/clear-or-private
- + base=clear-or-private
- + _________________________ ipsec/policies/clear-or-private
- + cat /etc/ipsec.d/policies/clear-or-private
- # This file defines the set of CIDRs (network/mask-length) to which
- # we will communicate in the clear, or, if the other side initiates IPSEC,
- # using encryption. This behaviour is also called "Opportunistic Responder".
- #
- # See /usr/share/doc/libreswan/policygroups.html for details.
- #
- # $Id: clear-or-private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
- #
- + for policy in '$POLICIES/*'
- ++ basename /etc/ipsec.d/policies/private
- + base=private
- + _________________________ ipsec/policies/private
- + cat /etc/ipsec.d/policies/private
- # This file defines the set of CIDRs (network/mask-length) to which
- # communication should always be private (i.e. encrypted).
- # See /usr/share/doc/libreswan/policygroups.html for details.
- #
- # $Id: private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
- #
- + for policy in '$POLICIES/*'
- ++ basename /etc/ipsec.d/policies/private-or-clear
- + base=private-or-clear
- + _________________________ ipsec/policies/private-or-clear
- + cat /etc/ipsec.d/policies/private-or-clear
- # This file defines the set of CIDRs (network/mask-length) to which
- # communication should be private, if possible, but in the clear otherwise.
- #
- # If the target has a TXT (later IPSECKEY) record that specifies
- # authentication material, we will require private (i.e. encrypted)
- # communications. If no such record is found, communications will be
- # in the clear.
- #
- # See /usr/share/doc/libreswan/policygroups.html for details.
- #
- # $Id: private-or-clear.in,v 1.5 2003/02/17 02:22:15 mcr Exp $
- #
- 0.0.0.0/0
- + _________________________ ipsec/ls-libdir
- + ls -l /usr/libexec/ipsec
- total 2668
- -rwxr-xr-x. 1 root root 1410 Aug 13 2014 _keycensor
- -rwxr-xr-x. 1 root root 15424 Aug 13 2014 _pluto_adns
- -rwxr-xr-x. 1 root root 2978 Aug 13 2014 _plutorun
- -rwxr-xr-x. 1 root root 1906 Aug 13 2014 _secretcensor
- -rwxr-xr-x. 1 root root 12334 Aug 13 2014 _stackmanager
- -rwxr-xr-x. 1 root root 4330 Aug 13 2014 _updown
- -rwxr-xr-x. 1 root root 18534 Aug 13 2014 _updown.klips
- -rwxr-xr-x. 1 root root 19572 Aug 13 2014 _updown.mast
- -rwxr-xr-x. 1 root root 14438 Aug 13 2014 _updown.netkey
- -rwxr-xr-x. 1 root root 245400 Aug 13 2014 addconn
- -rwxr-xr-x. 1 root root 7012 Aug 13 2014 auto
- -rwxr-xr-x. 1 root root 11824 Aug 13 2014 barf
- -rwxr-xr-x. 1 root root 91736 Aug 13 2014 eroute
- -rwxr-xr-x. 1 root root 28056 Aug 13 2014 ikeping
- -rwxr-xr-x. 1 root root 71248 Aug 13 2014 klipsdebug
- -rwxr-xr-x. 1 root root 2641 Aug 13 2014 look
- -rwxr-xr-x. 1 root root 2727 Aug 13 2014 newhostkey
- -rwxr-xr-x. 1 root root 66664 Aug 13 2014 pf_key
- -rwxr-xr-x. 1 root root 1187240 Aug 13 2014 pluto
- -rwxr-xr-x. 1 root root 220336 Aug 13 2014 readwriteconf
- -rwxr-xr-x. 1 root root 28536 Aug 13 2014 rsasigkey
- -rwxr-xr-x. 1 root root 741 Aug 13 2014 secrets
- -rwxr-xr-x. 1 root root 6258 Aug 13 2014 setup
- -rwxr-xr-x. 1 root root 275936 Aug 13 2014 showhostkey
- -rwxr-xr-x. 1 root root 108480 Aug 13 2014 spi
- -rwxr-xr-x. 1 root root 83448 Aug 13 2014 spigrp
- -rwxr-xr-x. 1 root root 74808 Aug 13 2014 tncfg
- -rwxr-xr-x. 1 root root 15203 Aug 13 2014 verify
- -rwxr-xr-x. 1 root root 61352 Aug 13 2014 whack
- + _________________________ ipsec/ls-execdir
- + ls -l /usr/libexec/ipsec
- total 2668
- -rwxr-xr-x. 1 root root 1410 Aug 13 2014 _keycensor
- -rwxr-xr-x. 1 root root 15424 Aug 13 2014 _pluto_adns
- -rwxr-xr-x. 1 root root 2978 Aug 13 2014 _plutorun
- -rwxr-xr-x. 1 root root 1906 Aug 13 2014 _secretcensor
- -rwxr-xr-x. 1 root root 12334 Aug 13 2014 _stackmanager
- -rwxr-xr-x. 1 root root 4330 Aug 13 2014 _updown
- -rwxr-xr-x. 1 root root 18534 Aug 13 2014 _updown.klips
- -rwxr-xr-x. 1 root root 19572 Aug 13 2014 _updown.mast
- -rwxr-xr-x. 1 root root 14438 Aug 13 2014 _updown.netkey
- -rwxr-xr-x. 1 root root 245400 Aug 13 2014 addconn
- -rwxr-xr-x. 1 root root 7012 Aug 13 2014 auto
- -rwxr-xr-x. 1 root root 11824 Aug 13 2014 barf
- -rwxr-xr-x. 1 root root 91736 Aug 13 2014 eroute
- -rwxr-xr-x. 1 root root 28056 Aug 13 2014 ikeping
- -rwxr-xr-x. 1 root root 71248 Aug 13 2014 klipsdebug
- -rwxr-xr-x. 1 root root 2641 Aug 13 2014 look
- -rwxr-xr-x. 1 root root 2727 Aug 13 2014 newhostkey
- -rwxr-xr-x. 1 root root 66664 Aug 13 2014 pf_key
- -rwxr-xr-x. 1 root root 1187240 Aug 13 2014 pluto
- -rwxr-xr-x. 1 root root 220336 Aug 13 2014 readwriteconf
- -rwxr-xr-x. 1 root root 28536 Aug 13 2014 rsasigkey
- -rwxr-xr-x. 1 root root 741 Aug 13 2014 secrets
- -rwxr-xr-x. 1 root root 6258 Aug 13 2014 setup
- -rwxr-xr-x. 1 root root 275936 Aug 13 2014 showhostkey
- -rwxr-xr-x. 1 root root 108480 Aug 13 2014 spi
- -rwxr-xr-x. 1 root root 83448 Aug 13 2014 spigrp
- -rwxr-xr-x. 1 root root 74808 Aug 13 2014 tncfg
- -rwxr-xr-x. 1 root root 15203 Aug 13 2014 verify
- -rwxr-xr-x. 1 root root 61352 Aug 13 2014 whack
- + _________________________ /proc/net/dev
- + cat /proc/net/dev
- Inter-| Receive | Transmit
- face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed
- enp11s0f0: 39849348 175491 0 21 0 0 0 27699 41851773 133541 0 0 0 0 0 0
- enp0s29f0u2: 2389943 36715 0 0 0 0 0 0 0 0 0 0 0 0 0 0
- lo: 52396409 165095 0 0 0 0 0 0 52396409 165095 0 0 0 0 0 0
- enp11s0f1: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
- + _________________________ /proc/net/route
- + cat /proc/net/route
- Iface Destination Gateway Flags RefCnt Use Metric Mask MTU Window IRTT
- enp11s0f0 00000000 FE02010A 0003 0 0 1024 00000000 0 0 0
- enp11s0f0 0002010A 00000000 0001 0 0 0 00FFFFFF 0 0 0
- + _________________________ /proc/sys/net/ipv4/ip_no_pmtu_disc
- + cat /proc/sys/net/ipv4/ip_no_pmtu_disc
- 0
- + _________________________ /proc/sys/net/ipv4/ip_forward
- + cat /proc/sys/net/ipv4/ip_forward
- 0
- + _________________________ /proc/sys/net/ipv4/tcp_ecn
- + cat /proc/sys/net/ipv4/tcp_ecn
- 2
- + _________________________ /proc/sys/net/ipv4/conf/star-rp_filter
- + cd /proc/sys/net/ipv4/conf
- + egrep '^' all/rp_filter default/rp_filter enp0s29f0u2/rp_filter enp11s0f0/rp_filter enp11s0f1/rp_filter lo/rp_filter
- all/rp_filter:0
- default/rp_filter:0
- enp0s29f0u2/rp_filter:0
- enp11s0f0/rp_filter:0
- enp11s0f1/rp_filter:0
- lo/rp_filter:0
- + _________________________ /proc/sys/net/ipv4/conf/star-star-redirects
- + cd /proc/sys/net/ipv4/conf
- + egrep '^' all/accept_redirects all/secure_redirects all/send_redirects default/accept_redirects default/secure_redirects default/send_redirects enp0s29f0u2/accept_redirects enp0s29f0u2/secure_redirects enp0s29f0u2/send_redirects enp11s0f0/accept_redirects enp11s0f0/secure_redirects enp11s0f0/send_redirects enp11s0f1/accept_redirects enp11s0f1/secure_redirects enp11s0f1/send_redirects lo/accept_redirects lo/secure_redirects lo/send_redirects
- all/accept_redirects:0
- all/secure_redirects:1
- all/send_redirects:0
- default/accept_redirects:0
- default/secure_redirects:1
- default/send_redirects:0
- enp0s29f0u2/accept_redirects:0
- enp0s29f0u2/secure_redirects:1
- enp0s29f0u2/send_redirects:0
- enp11s0f0/accept_redirects:0
- enp11s0f0/secure_redirects:1
- enp11s0f0/send_redirects:0
- enp11s0f1/accept_redirects:0
- enp11s0f1/secure_redirects:1
- enp11s0f1/send_redirects:0
- lo/accept_redirects:0
- lo/secure_redirects:1
- lo/send_redirects:0
- + _________________________ /proc/sys/net/ipv4/tcp_window_scaling
- + cat /proc/sys/net/ipv4/tcp_window_scaling
- 1
- + _________________________ /proc/sys/net/ipv4/tcp_adv_win_scale
- + cat /proc/sys/net/ipv4/tcp_adv_win_scale
- 1
- + _________________________ uname-a
- + uname -a
- Linux mdserver.blueprintconsulting.com 3.10.0-123.el7.x86_64 #1 SMP Mon May 5 11:16:57 EDT 2014 x86_64 x86_64 x86_64 GNU/Linux
- + _________________________ config-built-with
- + test -r /proc/config_built_with
- + _________________________ distro-release
- + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
- + test -f /etc/redhat-release
- + cat /etc/redhat-release
- Red Hat Enterprise Linux Server release 7.0 (Maipo)
- + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
- + test -f /etc/debian-release
- + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
- + test -f /etc/SuSE-release
- + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
- + test -f /etc/mandrake-release
- + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
- + test -f /etc/mandriva-release
- + for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
- + test -f /etc/gentoo-release
- + _________________________ /proc/net/ipsec_version
- + test -r /proc/net/ipsec_version
- + test -r /proc/net/pfkey
- ++ uname -r
- + echo 'NETKEY (3.10.0-123.el7.x86_64) support detected '
- NETKEY (3.10.0-123.el7.x86_64) support detected
- + _________________________ iptables
- + test -e /proc/net/ip_tables_names
- + test -r /sbin/iptables-save -o -r /usr/sbin/iptables-save
- + iptables-save --modprobe=/dev/null
- # Generated by iptables-save v1.4.21 on Fri Mar 20 14:01:24 2015
- *filter
- :INPUT ACCEPT [39595:5279294]
- :FORWARD ACCEPT [0:0]
- :OUTPUT ACCEPT [21998:4487761]
- COMMIT
- # Completed on Fri Mar 20 14:01:24 2015
- + _________________________ ip6tables
- + test -e ip6_tables_names
- + _________________________ /proc/modules
- + test -f /proc/modules
- + cat /proc/modules
- udp_diag 12801 0 - Live 0xffffffffa06f6000
- inet_diag 18543 1 udp_diag, Live 0xffffffffa06f0000
- iptable_filter 12810 0 - Live 0xffffffffa0194000
- ip_tables 27239 1 iptable_filter, Live 0xffffffffa06e8000
- authenc 17542 2 - Live 0xffffffffa06e2000
- cmac 12788 0 - Live 0xffffffffa06d2000
- rmd160 16744 0 - Live 0xffffffffa06dc000
- crypto_null 12840 0 - Live 0xffffffffa06d7000
- af_key 36098 0 - Live 0xffffffffa06c8000
- ah6 13014 0 - Live 0xffffffffa06c3000
- ah4 13044 0 - Live 0xffffffffa06be000
- esp6 17144 0 - Live 0xffffffffa06b8000
- esp4 17139 2 - Live 0xffffffffa06b2000
- xfrm4_mode_beet 12691 0 - Live 0xffffffffa06ad000
- xfrm4_tunnel 12857 0 - Live 0xffffffffa06a8000
- tunnel4 13252 1 xfrm4_tunnel, Live 0xffffffffa06a3000
- xfrm4_mode_tunnel 13227 4 - Live 0xffffffffa069e000
- xfrm4_mode_transport 12631 0 - Live 0xffffffffa0699000
- xfrm6_mode_transport 12631 0 - Live 0xffffffffa0694000
- xfrm6_mode_ro 12564 0 - Live 0xffffffffa068f000
- xfrm6_mode_beet 12658 0 - Live 0xffffffffa068a000
- xfrm6_mode_tunnel 12605 2 - Live 0xffffffffa0685000
- ipcomp 12661 0 - Live 0xffffffffa0680000
- ipcomp6 12662 0 - Live 0xffffffffa067b000
- xfrm6_tunnel 13661 1 ipcomp6, Live 0xffffffffa066c000
- tunnel6 13254 1 xfrm6_tunnel, Live 0xffffffffa0667000
- xfrm_ipcomp 13413 2 ipcomp,ipcomp6, Live 0xffffffffa0662000
- camellia_generic 29348 0 - Live 0xffffffffa0672000
- camellia_x86_64 52986 0 - Live 0xffffffffa064d000
- cast6_generic 21523 0 - Live 0xffffffffa065b000
- cast5_generic 21429 0 - Live 0xffffffffa0646000
- cast_common 12983 2 cast6_generic,cast5_generic, Live 0xffffffffa0641000
- deflate 12617 0 - Live 0xffffffffa063c000
- zlib_deflate 26914 1 deflate, Live 0xffffffffa062c000
- cts 12854 0 - Live 0xffffffffa0627000
- gcm 23457 0 - Live 0xffffffffa061c000
- ccm 17773 0 - Live 0xffffffffa0616000
- serpent_sse2_x86_64 50408 0 - Live 0xffffffffa0608000
- serpent_generic 29823 1 serpent_sse2_x86_64, Live 0xffffffffa05ff000
- blowfish_generic 12530 0 - Live 0xffffffffa05fa000
- blowfish_x86_64 21966 0 - Live 0xffffffffa05e9000
- blowfish_common 16739 2 blowfish_generic,blowfish_x86_64, Live 0xffffffffa05e3000
- twofish_generic 16635 0 - Live 0xffffffffa05f4000
- twofish_x86_64_3way 27146 0 - Live 0xffffffffa05db000
- xts 12914 3 camellia_x86_64,serpent_sse2_x86_64,twofish_x86_64_3way, Live 0xffffffffa05d6000
- twofish_x86_64 12907 1 twofish_x86_64_3way, Live 0xffffffffa05b2000
- twofish_common 21113 3 twofish_generic,twofish_x86_64_3way,twofish_x86_64, Live 0xffffffffa05cf000
- xcbc 12815 0 - Live 0xffffffffa0570000
- sha256_ssse3 22140 0 - Live 0xffffffffa05c8000
- sha512_ssse3 42168 0 - Live 0xffffffffa05bc000
- sha512_generic 12942 1 sha512_ssse3, Live 0xffffffffa056b000
- des_generic 21379 0 - Live 0xffffffffa05ab000
- mpt3sas 195268 0 - Live 0xffffffffa057a000
- lrw 13286 3 camellia_x86_64,serpent_sse2_x86_64,twofish_x86_64_3way, Live 0xffffffffa0575000
- mpt2sas 193927 2 - Live 0xffffffffa053a000
- gf128mul 14951 2 xts,lrw, Live 0xffffffffa0535000
- glue_helper 13990 3 camellia_x86_64,serpent_sse2_x86_64,twofish_x86_64_3way, Live 0xffffffffa0530000
- ablk_helper 13597 1 serpent_sse2_x86_64, Live 0xffffffffa051e000
- cryptd 20359 1 ablk_helper, Live 0xffffffffa052a000
- raid_class 13554 2 mpt3sas,mpt2sas, Live 0xffffffffa0525000
- scsi_transport_sas 41034 2 mpt3sas,mpt2sas, Live 0xffffffffa0507000
- mptctl 38332 1 - Live 0xffffffffa0513000
- mptbase 105960 1 mptctl, Live 0xffffffffa04ec000
- tpm_rng 12492 0 - Live 0xffffffffa04e7000
- timeriomem_rng 12852 0 - Live 0xffffffffa04e2000
- virtio_rng 13135 0 - Live 0xffffffffa04d1000
- virtio_ring 21011 1 virtio_rng, Live 0xffffffffa04ca000
- virtio 14187 1 virtio_rng, Live 0xffffffffa04c5000
- sg 36533 0 - Live 0xffffffffa0480000
- vfat 17411 1 - Live 0xffffffffa04bf000
- fat 65913 1 vfat, Live 0xffffffffa04ad000
- nls_utf8 12557 1 - Live 0xffffffffa047b000
- isofs 39842 1 - Live 0xffffffffa046c000
- loop 28035 2 - Live 0xffffffffa04da000
- coretemp 13435 0 - Live 0xffffffffa0467000
- iTCO_wdt 13480 0 - Live 0xffffffffa05b7000
- kvm_intel 138567 0 - Live 0xffffffffa048a000
- iTCO_vendor_support 13718 1 iTCO_wdt, Live 0xffffffffa03d7000
- ipmi_devintf 17572 0 - Live 0xffffffffa0636000
- kvm 441119 1 kvm_intel, Live 0xffffffffa03fa000
- cdc_ether 14351 0 - Live 0xffffffffa03ae000
- usbnet 43918 1 cdc_ether, Live 0xffffffffa03ee000
- mii 13934 1 usbnet, Live 0xffffffffa03ba000
- crc32c_intel 22079 0 - Live 0xffffffffa03b3000
- serio_raw 13462 0 - Live 0xffffffffa039a000
- ioatdma 67799 32 - Live 0xffffffffa03c5000
- ipmi_si 53257 0 - Live 0xffffffffa039f000
- lpc_ich 16977 0 - Live 0xffffffffa0394000
- mfd_core 13435 1 lpc_ich, Live 0xffffffffa0305000
- i2c_i801 18135 0 - Live 0xffffffffa03e8000
- dca 15130 1 ioatdma, Live 0xffffffffa0300000
- i7core_edac 24166 0 - Live 0xffffffffa038d000
- ipmi_msghandler 45306 2 ipmi_devintf,ipmi_si, Live 0xffffffffa0380000
- pcspkr 12718 0 - Live 0xffffffffa037b000
- edac_core 62330 2 i7core_edac, Live 0xffffffffa036a000
- shpchp 37032 0 - Live 0xffffffffa03dd000
- acpi_cpufreq 19790 0 - Live 0xffffffffa03bf000
- mperf 12667 1 acpi_cpufreq, Live 0xffffffffa01c0000
- nfsd 284378 1 - Live 0xffffffffa0323000
- auth_rpcgss 59368 1 nfsd, Live 0xffffffffa02f0000
- nfs_acl 12837 1 nfsd, Live 0xffffffffa018f000
- lockd 93977 1 nfsd, Live 0xffffffffa030b000
- sunrpc 293453 5 nfsd,auth_rpcgss,nfs_acl,lockd, Live 0xffffffffa02a7000
- uinput 17625 0 - Live 0xffffffffa01aa000
- xfs 914152 5 - Live 0xffffffffa01c6000
- dm_thin_pool 55788 5 - Live 0xffffffffa01b1000
- dm_persistent_data 61832 1 dm_thin_pool, Live 0xffffffffa0199000
- dm_bio_prison 15501 1 dm_thin_pool, Live 0xffffffffa016a000
- dm_bufio 27874 1 dm_persistent_data, Live 0xffffffffa0187000
- libcrc32c 12644 2 xfs,dm_persistent_data, Live 0xffffffffa008b000
- sd_mod 45373 4 - Live 0xffffffffa017a000
- sr_mod 22416 0 - Live 0xffffffffa016f000
- crc_t10dif 12714 1 sd_mod, Live 0xffffffffa0064000
- cdrom 42556 1 sr_mod, Live 0xffffffffa015e000
- crct10dif_common 12595 1 crc_t10dif, Live 0xffffffffa00ef000
- mgag200 42283 1 - Live 0xffffffffa0152000
- syscopyarea 12529 1 mgag200, Live 0xffffffffa00e0000
- sysfillrect 12701 1 mgag200, Live 0xffffffffa00db000
- ata_generic 12910 0 - Live 0xffffffffa0069000
- sysimgblt 12640 1 mgag200, Live 0xffffffffa0022000
- pata_acpi 13038 0 - Live 0xffffffffa00ea000
- i2c_algo_bit 13413 1 mgag200, Live 0xffffffffa00e5000
- drm_kms_helper 52758 1 mgag200, Live 0xffffffffa0144000
- ttm 83948 1 mgag200, Live 0xffffffffa012e000
- ata_piix 35038 0 - Live 0xffffffffa005a000
- libata 219478 3 ata_generic,pata_acpi,ata_piix, Live 0xffffffffa00f7000
- drm 297829 3 mgag200,drm_kms_helper,ttm, Live 0xffffffffa0091000
- i2c_core 40325 5 i2c_i801,mgag200,i2c_algo_bit,drm_kms_helper,drm, Live 0xffffffffa004f000
- megaraid_sas 95427 7 - Live 0xffffffffa0072000
- bnx2 89206 0 - Live 0xffffffffa0038000
- dm_mirror 22135 0 - Live 0xffffffffa002d000
- dm_region_hash 20862 1 dm_mirror, Live 0xffffffffa001b000
- dm_log 18411 2 dm_mirror,dm_region_hash, Live 0xffffffffa0027000
- dm_mod 102999 27 dm_thin_pool,dm_persistent_data,dm_bufio,dm_mirror,dm_log, Live 0xffffffffa0000000
- + _________________________ /proc/meminfo
- + cat /proc/meminfo
- MemTotal: 7999336 kB
- MemFree: 5804320 kB
- MemAvailable: 6452864 kB
- Buffers: 2056 kB
- Cached: 840100 kB
- SwapCached: 0 kB
- Active: 1274132 kB
- Inactive: 499156 kB
- Active(anon): 1003956 kB
- Inactive(anon): 48620 kB
- Active(file): 270176 kB
- Inactive(file): 450536 kB
- Unevictable: 18804 kB
- Mlocked: 18804 kB
- SwapTotal: 16383996 kB
- SwapFree: 16383996 kB
- Dirty: 76 kB
- Writeback: 0 kB
- AnonPages: 950232 kB
- Mapped: 56504 kB
- Shmem: 115444 kB
- Slab: 241248 kB
- SReclaimable: 181248 kB
- SUnreclaim: 60000 kB
- KernelStack: 3096 kB
- PageTables: 11844 kB
- NFS_Unstable: 0 kB
- Bounce: 0 kB
- WritebackTmp: 0 kB
- CommitLimit: 20383664 kB
- Committed_AS: 1666560 kB
- VmallocTotal: 34359738367 kB
- VmallocUsed: 573176 kB
- VmallocChunk: 34359152636 kB
- HardwareCorrupted: 0 kB
- AnonHugePages: 806912 kB
- HugePages_Total: 0
- HugePages_Free: 0
- HugePages_Rsvd: 0
- HugePages_Surp: 0
- Hugepagesize: 2048 kB
- DirectMap4k: 171904 kB
- DirectMap2M: 8206336 kB
- + _________________________ /proc/net/ipsec-ls
- + test -f /proc/net/ipsec_version
- + _________________________ usr/src/linux/.config
- + test -f /proc/config.gz
- ++ uname -r
- + test -f /lib/modules/3.10.0-123.el7.x86_64/build/.config
- + egrep 'CONFIG_IPSEC|CONFIG_KLIPS|CONFIG_NET_KEY|CONFIG_INET|CONFIG_IP|CONFIG_HW_RANDOM|CONFIG_CRYPTO_DEV|_XFRM'
- ++ uname -r
- + cat /lib/modules/3.10.0-123.el7.x86_64/build/.config
- CONFIG_IPC_NS=y
- CONFIG_XFRM=y
- CONFIG_XFRM_ALGO=y
- CONFIG_XFRM_USER=y
- CONFIG_XFRM_SUB_POLICY=y
- CONFIG_XFRM_MIGRATE=y
- CONFIG_XFRM_STATISTICS=y
- CONFIG_XFRM_IPCOMP=m
- CONFIG_NET_KEY=m
- CONFIG_NET_KEY_MIGRATE=y
- CONFIG_INET=y
- CONFIG_IP_MULTICAST=y
- CONFIG_IP_ADVANCED_ROUTER=y
- CONFIG_IP_FIB_TRIE_STATS=y
- CONFIG_IP_MULTIPLE_TABLES=y
- CONFIG_IP_ROUTE_MULTIPATH=y
- CONFIG_IP_ROUTE_VERBOSE=y
- CONFIG_IP_ROUTE_CLASSID=y
- # CONFIG_IP_PNP is not set
- CONFIG_IP_MROUTE=y
- CONFIG_IP_MROUTE_MULTIPLE_TABLES=y
- CONFIG_IP_PIMSM_V1=y
- CONFIG_IP_PIMSM_V2=y
- CONFIG_INET_AH=m
- CONFIG_INET_ESP=m
- CONFIG_INET_IPCOMP=m
- CONFIG_INET_XFRM_TUNNEL=m
- CONFIG_INET_TUNNEL=m
- CONFIG_INET_XFRM_MODE_TRANSPORT=m
- CONFIG_INET_XFRM_MODE_TUNNEL=m
- CONFIG_INET_XFRM_MODE_BEET=m
- CONFIG_INET_LRO=y
- CONFIG_INET_DIAG=m
- CONFIG_INET_TCP_DIAG=m
- CONFIG_INET_UDP_DIAG=m
- CONFIG_IPV6=y
- CONFIG_IPV6_ROUTER_PREF=y
- CONFIG_IPV6_ROUTE_INFO=y
- CONFIG_IPV6_OPTIMISTIC_DAD=y
- CONFIG_INET6_AH=m
- CONFIG_INET6_ESP=m
- CONFIG_INET6_IPCOMP=m
- CONFIG_IPV6_MIP6=m
- CONFIG_INET6_XFRM_TUNNEL=m
- CONFIG_INET6_TUNNEL=m
- CONFIG_INET6_XFRM_MODE_TRANSPORT=m
- CONFIG_INET6_XFRM_MODE_TUNNEL=m
- CONFIG_INET6_XFRM_MODE_BEET=m
- CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION=m
- CONFIG_IPV6_SIT=m
- CONFIG_IPV6_SIT_6RD=y
- CONFIG_IPV6_NDISC_NODETYPE=y
- CONFIG_IPV6_TUNNEL=m
- # CONFIG_IPV6_GRE is not set
- CONFIG_IPV6_MULTIPLE_TABLES=y
- # CONFIG_IPV6_SUBTREES is not set
- CONFIG_IPV6_MROUTE=y
- CONFIG_IPV6_MROUTE_MULTIPLE_TABLES=y
- CONFIG_IPV6_PIMSM_V2=y
- CONFIG_IP_SET=m
- CONFIG_IP_SET_MAX=256
- CONFIG_IP_SET_BITMAP_IP=m
- CONFIG_IP_SET_BITMAP_IPMAC=m
- CONFIG_IP_SET_BITMAP_PORT=m
- CONFIG_IP_SET_HASH_IP=m
- CONFIG_IP_SET_HASH_IPPORT=m
- CONFIG_IP_SET_HASH_IPPORTIP=m
- CONFIG_IP_SET_HASH_IPPORTNET=m
- CONFIG_IP_SET_HASH_NET=m
- CONFIG_IP_SET_HASH_NETPORT=m
- CONFIG_IP_SET_HASH_NETIFACE=m
- CONFIG_IP_SET_LIST_SET=m
- CONFIG_IP_VS=m
- CONFIG_IP_VS_IPV6=y
- # CONFIG_IP_VS_DEBUG is not set
- CONFIG_IP_VS_TAB_BITS=12
- CONFIG_IP_VS_PROTO_TCP=y
- CONFIG_IP_VS_PROTO_UDP=y
- CONFIG_IP_VS_PROTO_AH_ESP=y
- CONFIG_IP_VS_PROTO_ESP=y
- CONFIG_IP_VS_PROTO_AH=y
- CONFIG_IP_VS_PROTO_SCTP=y
- CONFIG_IP_VS_RR=m
- CONFIG_IP_VS_WRR=m
- CONFIG_IP_VS_LC=m
- CONFIG_IP_VS_WLC=m
- CONFIG_IP_VS_LBLC=m
- CONFIG_IP_VS_LBLCR=m
- CONFIG_IP_VS_DH=m
- CONFIG_IP_VS_SH=m
- CONFIG_IP_VS_SED=m
- CONFIG_IP_VS_NQ=m
- CONFIG_IP_VS_SH_TAB_BITS=8
- CONFIG_IP_VS_FTP=m
- CONFIG_IP_VS_NFCT=y
- CONFIG_IP_VS_PE_SIP=m
- CONFIG_IP_NF_IPTABLES=m
- CONFIG_IP_NF_MATCH_AH=m
- CONFIG_IP_NF_MATCH_ECN=m
- CONFIG_IP_NF_MATCH_RPFILTER=m
- CONFIG_IP_NF_MATCH_TTL=m
- CONFIG_IP_NF_FILTER=m
- CONFIG_IP_NF_TARGET_REJECT=m
- CONFIG_IP_NF_TARGET_SYNPROXY=m
- CONFIG_IP_NF_TARGET_ULOG=m
- CONFIG_IP_NF_TARGET_MASQUERADE=m
- CONFIG_IP_NF_TARGET_NETMAP=m
- CONFIG_IP_NF_TARGET_REDIRECT=m
- CONFIG_IP_NF_MANGLE=m
- CONFIG_IP_NF_TARGET_CLUSTERIP=m
- CONFIG_IP_NF_TARGET_ECN=m
- CONFIG_IP_NF_TARGET_TTL=m
- CONFIG_IP_NF_RAW=m
- CONFIG_IP_NF_SECURITY=m
- CONFIG_IP_NF_ARPTABLES=m
- CONFIG_IP_NF_ARPFILTER=m
- CONFIG_IP_NF_ARP_MANGLE=m
- CONFIG_IP6_NF_IPTABLES=m
- CONFIG_IP6_NF_MATCH_AH=m
- CONFIG_IP6_NF_MATCH_EUI64=m
- CONFIG_IP6_NF_MATCH_FRAG=m
- CONFIG_IP6_NF_MATCH_OPTS=m
- CONFIG_IP6_NF_MATCH_HL=m
- CONFIG_IP6_NF_MATCH_IPV6HEADER=m
- CONFIG_IP6_NF_MATCH_MH=m
- CONFIG_IP6_NF_MATCH_RPFILTER=m
- CONFIG_IP6_NF_MATCH_RT=m
- CONFIG_IP6_NF_TARGET_HL=m
- CONFIG_IP6_NF_FILTER=m
- CONFIG_IP6_NF_TARGET_REJECT=m
- CONFIG_IP6_NF_TARGET_SYNPROXY=m
- CONFIG_IP6_NF_MANGLE=m
- CONFIG_IP6_NF_RAW=m
- CONFIG_IP6_NF_SECURITY=m
- CONFIG_IP6_NF_TARGET_MASQUERADE=m
- # CONFIG_IP6_NF_TARGET_NPT is not set
- CONFIG_IP_DCCP=m
- CONFIG_INET_DCCP_DIAG=m
- # CONFIG_IP_DCCP_CCID2_DEBUG is not set
- CONFIG_IP_DCCP_CCID3=y
- # CONFIG_IP_DCCP_CCID3_DEBUG is not set
- CONFIG_IP_DCCP_TFRC_LIB=y
- # CONFIG_IP_DCCP_DEBUG is not set
- CONFIG_IP_SCTP=m
- # CONFIG_IPX is not set
- CONFIG_IP1000=m
- # CONFIG_IPW2100 is not set
- # CONFIG_IPW2200 is not set
- CONFIG_IPPP_FILTER=y
- CONFIG_IPMI_HANDLER=m
- # CONFIG_IPMI_PANIC_EVENT is not set
- CONFIG_IPMI_DEVICE_INTERFACE=m
- CONFIG_IPMI_SI=m
- CONFIG_IPMI_WATCHDOG=m
- CONFIG_IPMI_POWEROFF=m
- CONFIG_HW_RANDOM=y
- CONFIG_HW_RANDOM_TIMERIOMEM=m
- CONFIG_HW_RANDOM_INTEL=m
- CONFIG_HW_RANDOM_AMD=m
- CONFIG_HW_RANDOM_VIA=m
- CONFIG_HW_RANDOM_VIRTIO=m
- CONFIG_HW_RANDOM_TPM=m
- # CONFIG_IPACK_BUS is not set
- CONFIG_SECURITY_NETWORK_XFRM=y
- CONFIG_CRYPTO_DEV_PADLOCK=m
- CONFIG_CRYPTO_DEV_PADLOCK_AES=m
- CONFIG_CRYPTO_DEV_PADLOCK_SHA=m
- + _________________________ etc/syslog.conf
- + _________________________ etc/syslog-ng/syslog-ng.conf
- + cat /etc/syslog-ng/syslog-ng.conf
- cat: /etc/syslog-ng/syslog-ng.conf: No such file or directory
- + cat /etc/syslog.conf
- cat: /etc/syslog.conf: No such file or directory
- + _________________________ etc/resolv.conf
- + cat /etc/resolv.conf
- # Generated by NetworkManager
- search blueprintconsulting.com
- nameserver 127.0.0.1
- + _________________________ lib/modules-ls
- + ls -ltr /lib/modules
- total 4
- drwxr-xr-x. 6 root root 4096 Feb 5 13:43 3.10.0-123.el7.x86_64
- + _________________________ fipscheck
- + cat /proc/sys/crypto/fips_enabled
- 0
- + _________________________ /proc/ksyms-netif_rx
- + test -r /proc/ksyms
- + test -r /proc/kallsyms
- + egrep netif_rx /proc/kallsyms
- ffffffff814cf210 T netif_rx
- ffffffff814cf650 T netif_rx_ni
- ffffffff81870c98 r __tracepoint_ptr_netif_rx
- ffffffff818726ad r __tpstrtab_netif_rx
- ffffffff818838f0 r __ksymtab_netif_rx
- ffffffff81883900 r __ksymtab_netif_rx_ni
- ffffffff81898808 r __kcrctab_netif_rx
- ffffffff81898810 r __kcrctab_netif_rx_ni
- ffffffff818ba17d r __kstrtab_netif_rx_ni
- ffffffff818ba189 r __kstrtab_netif_rx
- ffffffff819a34c0 d event_netif_rx
- ffffffff819bd500 D __tracepoint_netif_rx
- ffffffff81b61a00 t __event_netif_rx
- + _________________________ lib/modules-netif_rx
- + modulegoo kernel/net/ipv4/ipip.o netif_rx
- + set +x
- 3.10.0-123.el7.x86_64:
- + _________________________ kern.debug
- + test -f /var/log/kern.debug
- + _________________________ klog
- + sed -n '1,$p' /dev/null
- + egrep -i 'ipsec|klips|pluto'
- + case "$1" in
- + cat
- + _________________________ plog
- + sed -n '23701,$p' /var/log/messages-20150308
- + egrep -i pluto
- + case "$1" in
- + cat
- Mar 6 12:45:27 mdserver whack: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
- Mar 6 12:45:28 mdserver whack: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
- Mar 6 12:45:28 mdserver whack: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
- Mar 6 12:45:29 mdserver whack: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
- Mar 6 12:45:29 mdserver setroubleshoot: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket . For complete SELinux messages. run sealert -l df53c67c-488e-4f7a-9ba5-81389b6074c1
- Mar 6 12:45:29 mdserver python: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket .
- If you want to allow /usr/libexec/ipsec/pluto to bind to network port 501
- If you believe that pluto should be allowed name_bind access on the udp_socket by default.
- # grep pluto /var/log/audit/audit.log | audit2allow -M mypol
- Mar 6 12:45:29 mdserver setroubleshoot: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket . For complete SELinux messages. run sealert -l df53c67c-488e-4f7a-9ba5-81389b6074c1
- Mar 6 12:45:29 mdserver python: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket .
- If you want to allow /usr/libexec/ipsec/pluto to bind to network port 501
- If you believe that pluto should be allowed name_bind access on the udp_socket by default.
- # grep pluto /var/log/audit/audit.log | audit2allow -M mypol
- Mar 6 12:45:29 mdserver setroubleshoot: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket . For complete SELinux messages. run sealert -l df53c67c-488e-4f7a-9ba5-81389b6074c1
- Mar 6 12:45:29 mdserver python: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket .
- If you want to allow /usr/libexec/ipsec/pluto to bind to network port 501
- If you believe that pluto should be allowed name_bind access on the udp_socket by default.
- # grep pluto /var/log/audit/audit.log | audit2allow -M mypol
- Mar 6 12:45:29 mdserver setroubleshoot: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket . For complete SELinux messages. run sealert -l df53c67c-488e-4f7a-9ba5-81389b6074c1
- Mar 6 12:45:29 mdserver python: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket .
- If you want to allow /usr/libexec/ipsec/pluto to bind to network port 501
- If you believe that pluto should be allowed name_bind access on the udp_socket by default.
- # grep pluto /var/log/audit/audit.log | audit2allow -M mypol
- Mar 6 12:45:29 mdserver whack: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
- Mar 6 12:45:29 mdserver setroubleshoot: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket . For complete SELinux messages. run sealert -l df53c67c-488e-4f7a-9ba5-81389b6074c1
- Mar 6 12:45:29 mdserver python: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket .
- If you want to allow /usr/libexec/ipsec/pluto to bind to network port 501
- If you believe that pluto should be allowed name_bind access on the udp_socket by default.
- # grep pluto /var/log/audit/audit.log | audit2allow -M mypol
- Mar 6 12:46:42 mdserver whack: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
- Mar 6 12:46:43 mdserver whack: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
- Mar 6 12:46:43 mdserver whack: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
- Mar 6 12:46:43 mdserver setroubleshoot: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket . For complete SELinux messages. run sealert -l df53c67c-488e-4f7a-9ba5-81389b6074c1
- Mar 6 12:46:43 mdserver python: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket .
- If you want to allow /usr/libexec/ipsec/pluto to bind to network port 501
- If you believe that pluto should be allowed name_bind access on the udp_socket by default.
- # grep pluto /var/log/audit/audit.log | audit2allow -M mypol
- Mar 6 12:46:43 mdserver setroubleshoot: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket . For complete SELinux messages. run sealert -l df53c67c-488e-4f7a-9ba5-81389b6074c1
- Mar 6 12:46:43 mdserver python: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket .
- If you want to allow /usr/libexec/ipsec/pluto to bind to network port 501
- If you believe that pluto should be allowed name_bind access on the udp_socket by default.
- # grep pluto /var/log/audit/audit.log | audit2allow -M mypol
- Mar 6 12:46:43 mdserver setroubleshoot: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket . For complete SELinux messages. run sealert -l df53c67c-488e-4f7a-9ba5-81389b6074c1
- Mar 6 12:46:43 mdserver python: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket .
- If you want to allow /usr/libexec/ipsec/pluto to bind to network port 501
- If you believe that pluto should be allowed name_bind access on the udp_socket by default.
- # grep pluto /var/log/audit/audit.log | audit2allow -M mypol
- Mar 6 12:46:44 mdserver whack: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
- Mar 6 12:46:44 mdserver setroubleshoot: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket . For complete SELinux messages. run sealert -l df53c67c-488e-4f7a-9ba5-81389b6074c1
- Mar 6 12:46:44 mdserver python: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket .
- If you want to allow /usr/libexec/ipsec/pluto to bind to network port 501
- If you believe that pluto should be allowed name_bind access on the udp_socket by default.
- # grep pluto /var/log/audit/audit.log | audit2allow -M mypol
- Mar 6 12:46:44 mdserver whack: whack: Pluto is not running (no "/var/run/pluto/pluto.ctl")
- Mar 6 12:46:44 mdserver setroubleshoot: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket . For complete SELinux messages. run sealert -l df53c67c-488e-4f7a-9ba5-81389b6074c1
- Mar 6 12:46:44 mdserver python: SELinux is preventing /usr/libexec/ipsec/pluto from name_bind access on the udp_socket .
- If you want to allow /usr/libexec/ipsec/pluto to bind to network port 501
- If you believe that pluto should be allowed name_bind access on the udp_socket by default.
- # grep pluto /var/log/audit/audit.log | audit2allow -M mypol
- + _________________________ date
- + date
- Fri Mar 20 14:01:24 EST 2015
- [root@mdserver ~]# /etc/ipsec.d/when_does_ping_stop 10.1.2.2 10.1.0.1
- Error: Ping "10.1.2.2" -> "10.1.2.2" failed.
- Error: Ping "10.1.2.2" -> "10.1.0.1" failed.
- [root@mdserver ~]# /etc/ipsec.d/when_does_ping_stop 10.1.2.2 10.1.0.1
- 2015 Mar 20 14:02:08 Ping from 10.1.2.2 to 10.1.0.1 after a delay of 1 seconds succeeded.
- 2015 Mar 20 14:02:08 Ping from 10.1.2.2 to 10.1.2.2 after a delay of 1 seconds succeeded.
- 2015 Mar 20 14:02:09 Ping from 10.1.2.2 to 10.1.0.1 after a delay of 2 seconds succeeded.
- 2015 Mar 20 14:02:09 Ping from 10.1.2.2 to 10.1.2.2 after a delay of 2 seconds succeeded.
- 2015 Mar 20 14:02:11 Ping from 10.1.2.2 to 10.1.0.1 after a delay of 3 seconds succeeded.
- 2015 Mar 20 14:02:11 Ping from 10.1.2.2 to 10.1.2.2 after a delay of 3 seconds succeeded.
- 2015 Mar 20 14:02:14 Ping from 10.1.2.2 to 10.1.0.1 after a delay of 4 seconds succeeded.
- 2015 Mar 20 14:02:14 Ping from 10.1.2.2 to 10.1.2.2 after a delay of 4 seconds succeeded.
- 2015 Mar 20 14:02:18 Ping from 10.1.2.2 to 10.1.0.1 after a delay of 5 seconds succeeded.
- 2015 Mar 20 14:02:18 Ping from 10.1.2.2 to 10.1.2.2 after a delay of 5 seconds succeeded.
- 2015 Mar 20 14:02:23 Ping from 10.1.2.2 to 10.1.0.1 after a delay of 6 seconds succeeded.
- 2015 Mar 20 14:02:23 Ping from 10.1.2.2 to 10.1.2.2 after a delay of 6 seconds succeeded.
- 2015 Mar 20 14:02:29 Ping from 10.1.2.2 to 10.1.0.1 after a delay of 7 seconds succeeded.
- 2015 Mar 20 14:02:29 Ping from 10.1.2.2 to 10.1.2.2 after a delay of 7 seconds succeeded.
- 2015 Mar 20 14:02:36 Ping from 10.1.2.2 to 10.1.0.1 after a delay of 8 seconds succeeded.
- 2015 Mar 20 14:02:37 Ping from 10.1.2.2 to 10.1.2.2 after a delay of 8 seconds succeeded.
- 2015 Mar 20 14:02:44 Ping from 10.1.2.2 to 10.1.0.1 after a delay of 9 seconds succeeded.
- 2015 Mar 20 14:02:45 Ping from 10.1.2.2 to 10.1.2.2 after a delay of 9 seconds succeeded.
- 2015 Mar 20 14:02:53 Ping from 10.1.2.2 to 10.1.0.1 after a delay of 10 seconds succeeded.
- 2015 Mar 20 14:02:54 Ping from 10.1.2.2 to 10.1.2.2 after a delay of 10 seconds succeeded.
- 2015 Mar 20 14:03:03 Ping from 10.1.2.2 to 10.1.0.1 after a delay of 11 seconds succeeded.
- 2015 Mar 20 14:03:04 Ping from 10.1.2.2 to 10.1.2.2 after a delay of 11 seconds succeeded.
- 2015 Mar 20 14:03:14 Ping from 10.1.2.2 to 10.1.0.1 after a delay of 12 seconds succeeded.
- 2015 Mar 20 14:03:15 Ping from 10.1.2.2 to 10.1.2.2 after a delay of 12 seconds succeeded.
- 2015 Mar 20 14:03:26 Ping from 10.1.2.2 to 10.1.0.1 after a delay of 13 seconds succeeded.
- 2015 Mar 20 14:03:27 Ping from 10.1.2.2 to 10.1.2.2 after a delay of 13 seconds succeeded.
- 2015 Mar 20 14:03:39 Ping from 10.1.2.2 to 10.1.0.1 after a delay of 14 seconds succeeded.
- 2015 Mar 20 14:03:40 Ping from 10.1.2.2 to 10.1.2.2 after a delay of 14 seconds succeeded.
- 2015 Mar 20 14:03:54 Ping from 10.1.2.2 to 10.1.0.1 after a delay of 15 seconds succeeded.
- 2015 Mar 20 14:03:54 Ping from 10.1.2.2 to 10.1.2.2 after a delay of 15 seconds succeeded.
- 2015 Mar 20 14:04:09 Ping from 10.1.2.2 to 10.1.0.1 after a delay of 16 seconds succeeded.
- 2015 Mar 20 14:04:09 Ping from 10.1.2.2 to 10.1.2.2 after a delay of 16 seconds succeeded.
- 2015 Mar 20 14:04:25 Ping from 10.1.2.2 to 10.1.0.1 after a delay of 17 seconds succeeded.
- 2015 Mar 20 14:04:25 Ping from 10.1.2.2 to 10.1.2.2 after a delay of 17 seconds succeeded.
- 2015 Mar 20 14:04:42 Ping from 10.1.2.2 to 10.1.0.1 after a delay of 18 seconds succeeded.
- 2015 Mar 20 14:04:42 Ping from 10.1.2.2 to 10.1.2.2 after a delay of 18 seconds succeeded.
- 2015 Mar 20 14:05:00 Ping from 10.1.2.2 to 10.1.0.1 after a delay of 19 seconds succeeded.
- 2015 Mar 20 14:05:00 Ping from 10.1.2.2 to 10.1.2.2 after a delay of 19 seconds succeeded.
- 2015 Mar 20 14:05:19 Ping from 10.1.2.2 to 10.1.0.1 after a delay of 20 seconds succeeded.
- 2015 Mar 20 14:05:19 Ping from 10.1.2.2 to 10.1.2.2 after a delay of 20 seconds succeeded.
- 2015 Mar 20 14:05:39 Ping from 10.1.2.2 to 10.1.0.1 after a delay of 21 seconds succeeded.
- 2015 Mar 20 14:05:40 Ping from 10.1.2.2 to 10.1.2.2 after a delay of 21 seconds succeeded.
- 2015 Mar 20 14:06:00 Ping from 10.1.2.2 to 10.1.0.1 after a delay of 22 seconds succeeded.
- 2015 Mar 20 14:06:01 Ping from 10.1.2.2 to 10.1.2.2 after a delay of 22 seconds succeeded.
- 2015 Mar 20 14:06:22 Ping from 10.1.2.2 to 10.1.0.1 after a delay of 23 seconds succeeded.
- 2015 Mar 20 14:06:23 Ping from 10.1.2.2 to 10.1.2.2 after a delay of 23 seconds succeeded.
- 2015 Mar 20 14:06:45 Ping from 10.1.2.2 to 10.1.0.1 after a delay of 24 seconds succeeded.
- 2015 Mar 20 14:06:46 Ping from 10.1.2.2 to 10.1.2.2 after a delay of 24 seconds succeeded.
- 2015 Mar 20 14:07:09 Ping from 10.1.2.2 to 10.1.0.1 after a delay of 25 seconds succeeded.
- 2015 Mar 20 14:07:10 Ping from 10.1.2.2 to 10.1.2.2 after a delay of 25 seconds succeeded.
- 2015 Mar 20 14:07:34 Ping from 10.1.2.2 to 10.1.0.1 after a delay of 26 seconds succeeded.
- 2015 Mar 20 14:07:35 Ping from 10.1.2.2 to 10.1.2.2 after a delay of 26 seconds succeeded.
- 2015 Mar 20 14:10:28 Ping from 10.1.2.2 to 10.1.0.1 after a delay of 27 seconds failed, waiting up to 60 seconds for a successful response.2015 Mar 20 14:10:28 Ping from 10.1.2.2 to 10.1.2.2 after a delay of 27 seconds failed, waiting up to 60 seconds for a successful response.........................TIMEOUT
- TIMEOUT
- [root@mdserver ~]#
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement