Untitled

ipsec01
Tue Aug 13 16:51:47 CEST 2013
+ _________________________ version
+
+ ipsec --version
Linux Openswan U2.6.37-g955aaafb-dirty/K3.2.0-4-amd64 (netkey)
See `ipsec --copyright' for copyright information.
+ _________________________ /proc/version
+
+ cat /proc/version
Linux version 3.2.0-4-amd64 (debian-kernel@lists.debian.org) (gcc version 4.6.3 (Debian 4.6.3-14) ) #1 SMP Debian 3.2.46-1
+ _________________________ /proc/net/ipsec_eroute
+
+ test -r /proc/net/ipsec_eroute
+ _________________________ netstat-rn
+
+ netstat -nr
+ head -n 100
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         yyy.yyy.27.137  0.0.0.0         UG        0 0          0 eth0
192.168.210.0   0.0.0.0         255.255.255.0   U         0 0          0 eth0
yyy.yyy.27.136  0.0.0.0         255.255.255.248 U         0 0          0 eth0
+ _________________________ /proc/net/ipsec_spi
+
+ test -r /proc/net/ipsec_spi
+ _________________________ /proc/net/ipsec_spigrp
+
+ test -r /proc/net/ipsec_spigrp
+ _________________________ /proc/net/ipsec_tncfg
+
+ test -r /proc/net/ipsec_tncfg
+ _________________________ /proc/net/pfkey
+
+ test -r /proc/net/pfkey
+ cat /proc/net/pfkey
sk       RefCnt Rmem   Wmem   User   Inode
+ _________________________ ip-xfrm-state
+
+ ip xfrm state
src zzz.zzz.2.74 dst yyy.yyy.27.141
	proto esp spi 0xc9d8f36d reqid 16385 mode tunnel
	replay-window 32 flag af-unspec
	auth-trunc hmac(sha1) 0x7f963e15ad3ed8d676c69a63b4e9f1472cec6a59 96
	enc cbc(des3_ede) 0x8c17a8e99b2134d12b64832b82d108e6dd2d04b9bb4d40af
src yyy.yyy.27.141 dst zzz.zzz.2.74
	proto esp spi 0x179eb620 reqid 16385 mode tunnel
	replay-window 32 flag af-unspec
	auth-trunc hmac(sha1) 0xf27cf79a13d2ce96b784ddec7b86355c98de2a17 96
	enc cbc(des3_ede) 0xcaac99cb56872c820e7232e0fb9bef0db92b864827ede51e
+ _________________________ ip-xfrm-policy
+
+ ip xfrm policy
src 192.168.210.0/24 dst 10.41.35.0/24
	dir out priority 2344 ptype main
	tmpl src yyy.yyy.27.141 dst zzz.zzz.2.74
		proto esp reqid 16385 mode tunnel
src 10.41.35.0/24 dst 192.168.210.0/24
	dir fwd priority 2344 ptype main
	tmpl src zzz.zzz.2.74 dst yyy.yyy.27.141
		proto esp reqid 16385 mode tunnel
src 10.41.35.0/24 dst 192.168.210.0/24
	dir in priority 2344 ptype main
	tmpl src zzz.zzz.2.74 dst yyy.yyy.27.141
		proto esp reqid 16385 mode tunnel
src ::/0 dst ::/0
	socket out priority 0 ptype main
src ::/0 dst ::/0
	socket in priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
	socket out priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
	socket in priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
	socket out priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
	socket in priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
	socket out priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
	socket in priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
	socket out priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
	socket in priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
	socket out priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
	socket in priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
	socket out priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
	socket in priority 0 ptype main
+ _________________________ /proc/crypto
+
+ test -r /proc/crypto
+ cat /proc/crypto
name         : authenc(hmac(sha1),cbc(des3_ede))
driver       : authenc(hmac(sha1-ssse3),cbc(des3_ede-generic))
module       : authenc
priority     : 150
refcnt       : 3
selftest     : passed
type         : aead
async        : no
blocksize    : 8
ivsize       : 8
maxauthsize  : 20
geniv        : <built-in>

name         : cbc(des3_ede)
driver       : cbc(des3_ede-generic)
module       : kernel
priority     : 0
refcnt       : 3
selftest     : passed
type         : givcipher
async        : no
blocksize    : 8
min keysize  : 24
max keysize  : 24
ivsize       : 8
geniv        : eseqiv

name         : rfc3686(ctr(aes))
driver       : rfc3686(ctr(aes-aesni))
module       : ctr
priority     : 300
refcnt       : 1
selftest     : passed
type         : blkcipher
blocksize    : 1
min keysize  : 20
max keysize  : 36
ivsize       : 8
geniv        : seqiv

name         : ctr(aes)
driver       : ctr(aes-aesni)
module       : ctr
priority     : 300
refcnt       : 1
selftest     : passed
type         : blkcipher
blocksize    : 1
min keysize  : 16
max keysize  : 32
ivsize       : 16
geniv        : chainiv

name         : cbc(camellia)
driver       : cbc(camellia-generic)
module       : cbc
priority     : 100
refcnt       : 1
selftest     : passed
type         : blkcipher
blocksize    : 16
min keysize  : 16
max keysize  : 32
ivsize       : 16
geniv        : <default>

name         : cbc(serpent)
driver       : cbc(serpent-generic)
module       : cbc
priority     : 0
refcnt       : 1
selftest     : passed
type         : blkcipher
blocksize    : 16
min keysize  : 0
max keysize  : 32
ivsize       : 16
geniv        : <default>

name         : cbc(aes)
driver       : cbc(aes-aesni)
module       : cbc
priority     : 300
refcnt       : 1
selftest     : passed
type         : blkcipher
blocksize    : 16
min keysize  : 16
max keysize  : 32
ivsize       : 16
geniv        : <default>

name         : cbc(cast5)
driver       : cbc(cast5-generic)
module       : cbc
priority     : 0
refcnt       : 1
selftest     : passed
type         : blkcipher
blocksize    : 8
min keysize  : 5
max keysize  : 16
ivsize       : 8
geniv        : <default>

name         : cbc(des3_ede)
driver       : cbc(des3_ede-generic)
module       : cbc
priority     : 0
refcnt       : 3
selftest     : passed
type         : blkcipher
blocksize    : 8
min keysize  : 24
max keysize  : 24
ivsize       : 8
geniv        : <default>

name         : cbc(des)
driver       : cbc(des-generic)
module       : cbc
priority     : 0
refcnt       : 1
selftest     : passed
type         : blkcipher
blocksize    : 8
min keysize  : 8
max keysize  : 8
ivsize       : 8
geniv        : <default>

name         : xcbc(aes)
driver       : xcbc(aes-aesni)
module       : xcbc
priority     : 300
refcnt       : 1
selftest     : passed
type         : shash
blocksize    : 16
digestsize   : 16

name         : hmac(rmd160)
driver       : hmac(rmd160-generic)
module       : hmac
priority     : 0
refcnt       : 1
selftest     : passed
type         : shash
blocksize    : 64
digestsize   : 20

name         : rmd160
driver       : rmd160-generic
module       : rmd160
priority     : 0
refcnt       : 1
selftest     : passed
type         : shash
blocksize    : 64
digestsize   : 20

name         : hmac(sha512)
driver       : hmac(sha512-generic)
module       : hmac
priority     : 0
refcnt       : 1
selftest     : passed
type         : shash
blocksize    : 128
digestsize   : 64

name         : hmac(sha384)
driver       : hmac(sha384-generic)
module       : hmac
priority     : 0
refcnt       : 1
selftest     : passed
type         : shash
blocksize    : 128
digestsize   : 48

name         : hmac(sha256)
driver       : hmac(sha256-generic)
module       : hmac
priority     : 0
refcnt       : 1
selftest     : passed
type         : shash
blocksize    : 64
digestsize   : 32

name         : hmac(sha1)
driver       : hmac(sha1-ssse3)
module       : hmac
priority     : 150
refcnt       : 5
selftest     : passed
type         : shash
blocksize    : 64
digestsize   : 20

name         : sha1
driver       : sha1-ssse3
module       : sha1_ssse3
priority     : 150
refcnt       : 3
selftest     : passed
type         : shash
blocksize    : 64
digestsize   : 20

name         : sha1
driver       : sha1-generic
module       : sha1_generic
priority     : 0
refcnt       : 1
selftest     : passed
type         : shash
blocksize    : 64
digestsize   : 20

name         : hmac(md5)
driver       : hmac(md5-generic)
module       : hmac
priority     : 0
refcnt       : 1
selftest     : passed
type         : shash
blocksize    : 64
digestsize   : 16

name         : compress_null
driver       : compress_null-generic
module       : crypto_null
priority     : 0
refcnt       : 1
selftest     : passed
type         : compression

name         : digest_null
driver       : digest_null-generic
module       : crypto_null
priority     : 0
refcnt       : 1
selftest     : passed
type         : shash
blocksize    : 1
digestsize   : 0

name         : ecb(cipher_null)
driver       : ecb-cipher_null
module       : crypto_null
priority     : 100
refcnt       : 1
selftest     : passed
type         : blkcipher
blocksize    : 1
min keysize  : 0
max keysize  : 0
ivsize       : 0
geniv        : <default>

name         : cipher_null
driver       : cipher_null-generic
module       : crypto_null
priority     : 0
refcnt       : 1
selftest     : passed
type         : cipher
blocksize    : 1
min keysize  : 0
max keysize  : 0

name         : camellia
driver       : camellia-generic
module       : camellia
priority     : 100
refcnt       : 1
selftest     : passed
type         : cipher
blocksize    : 16
min keysize  : 16
max keysize  : 32

name         : lzo
driver       : lzo-generic
module       : lzo
priority     : 0
refcnt       : 1
selftest     : passed
type         : compression

name         : cast6
driver       : cast6-generic
module       : cast6
priority     : 0
refcnt       : 1
selftest     : passed
type         : cipher
blocksize    : 16
min keysize  : 16
max keysize  : 32

name         : cast5
driver       : cast5-generic
module       : cast5
priority     : 0
refcnt       : 1
selftest     : passed
type         : cipher
blocksize    : 8
min keysize  : 5
max keysize  : 16

name         : deflate
driver       : deflate-generic
module       : deflate
priority     : 0
refcnt       : 1
selftest     : passed
type         : compression

name         : tnepres
driver       : tnepres-generic
module       : serpent
priority     : 0
refcnt       : 1
selftest     : passed
type         : cipher
blocksize    : 16
min keysize  : 0
max keysize  : 32

name         : serpent
driver       : serpent-generic
module       : serpent
priority     : 0
refcnt       : 1
selftest     : passed
type         : cipher
blocksize    : 16
min keysize  : 0
max keysize  : 32

name         : blowfish
driver       : blowfish-generic
module       : blowfish_generic
priority     : 100
refcnt       : 1
selftest     : passed
type         : cipher
blocksize    : 8
min keysize  : 4
max keysize  : 56

name         : ctr(blowfish)
driver       : ctr-blowfish-asm
module       : blowfish_x86_64
priority     : 300
refcnt       : 1
selftest     : passed
type         : blkcipher
blocksize    : 1
min keysize  : 4
max keysize  : 56
ivsize       : 8
geniv        : <default>

name         : cbc(blowfish)
driver       : cbc-blowfish-asm
module       : blowfish_x86_64
priority     : 300
refcnt       : 1
selftest     : passed
type         : blkcipher
blocksize    : 8
min keysize  : 4
max keysize  : 56
ivsize       : 8
geniv        : <default>

name         : ecb(blowfish)
driver       : ecb-blowfish-asm
module       : blowfish_x86_64
priority     : 300
refcnt       : 1
selftest     : passed
type         : blkcipher
blocksize    : 8
min keysize  : 4
max keysize  : 56
ivsize       : 0
geniv        : <default>

name         : blowfish
driver       : blowfish-asm
module       : blowfish_x86_64
priority     : 200
refcnt       : 1
selftest     : passed
type         : cipher
blocksize    : 8
min keysize  : 4
max keysize  : 56

name         : twofish
driver       : twofish-generic
module       : twofish_generic
priority     : 100
refcnt       : 1
selftest     : passed
type         : cipher
blocksize    : 16
min keysize  : 16
max keysize  : 32

name         : ctr(twofish)
driver       : ctr-twofish-3way
module       : twofish_x86_64_3way
priority     : 300
refcnt       : 1
selftest     : passed
type         : blkcipher
blocksize    : 1
min keysize  : 16
max keysize  : 32
ivsize       : 16
geniv        : <default>

name         : cbc(twofish)
driver       : cbc-twofish-3way
module       : twofish_x86_64_3way
priority     : 300
refcnt       : 1
selftest     : passed
type         : blkcipher
blocksize    : 16
min keysize  : 16
max keysize  : 32
ivsize       : 16
geniv        : <default>

name         : ecb(twofish)
driver       : ecb-twofish-3way
module       : twofish_x86_64_3way
priority     : 300
refcnt       : 1
selftest     : passed
type         : blkcipher
blocksize    : 16
min keysize  : 16
max keysize  : 32
ivsize       : 0
geniv        : <default>

name         : twofish
driver       : twofish-asm
module       : twofish_x86_64
priority     : 200
refcnt       : 1
selftest     : passed
type         : cipher
blocksize    : 16
min keysize  : 16
max keysize  : 32

name         : sha256
driver       : sha256-generic
module       : sha256_generic
priority     : 0
refcnt       : 1
selftest     : passed
type         : shash
blocksize    : 64
digestsize   : 32

name         : sha224
driver       : sha224-generic
module       : sha256_generic
priority     : 0
refcnt       : 1
selftest     : passed
type         : shash
blocksize    : 64
digestsize   : 28

name         : sha512
driver       : sha512-generic
module       : sha512_generic
priority     : 0
refcnt       : 1
selftest     : passed
type         : shash
blocksize    : 128
digestsize   : 64

name         : sha384
driver       : sha384-generic
module       : sha512_generic
priority     : 0
refcnt       : 1
selftest     : passed
type         : shash
blocksize    : 128
digestsize   : 48

name         : des3_ede
driver       : des3_ede-generic
module       : des_generic
priority     : 0
refcnt       : 3
selftest     : passed
type         : cipher
blocksize    : 8
min keysize  : 24
max keysize  : 24

name         : des
driver       : des-generic
module       : des_generic
priority     : 0
refcnt       : 1
selftest     : passed
type         : cipher
blocksize    : 8
min keysize  : 8
max keysize  : 8

name         : crc32c
driver       : crc32c-intel
module       : crc32c_intel
priority     : 200
refcnt       : 1
selftest     : passed
type         : shash
blocksize    : 1
digestsize   : 4

name         : __ghash
driver       : cryptd(__ghash-pclmulqdqni)
module       : cryptd
priority     : 50
refcnt       : 1
selftest     : passed
type         : ahash
async        : yes
blocksize    : 16
digestsize   : 16

name         : ghash
driver       : ghash-clmulni
module       : ghash_clmulni_intel
priority     : 400
refcnt       : 1
selftest     : passed
type         : ahash
async        : yes
blocksize    : 16
digestsize   : 16

name         : __ghash
driver       : __ghash-pclmulqdqni
module       : ghash_clmulni_intel
priority     : 0
refcnt       : 1
selftest     : passed
type         : shash
blocksize    : 16
digestsize   : 16

name         : xts(aes)
driver       : xts-aes-aesni
module       : aesni_intel
priority     : 400
refcnt       : 1
selftest     : passed
type         : ablkcipher
async        : yes
blocksize    : 16
min keysize  : 32
max keysize  : 64
ivsize       : 16
geniv        : <default>

name         : pcbc(aes)
driver       : pcbc-aes-aesni
module       : aesni_intel
priority     : 400
refcnt       : 1
selftest     : passed
type         : ablkcipher
async        : yes
blocksize    : 16
min keysize  : 16
max keysize  : 32
ivsize       : 16
geniv        : <default>

name         : lrw(aes)
driver       : lrw-aes-aesni
module       : aesni_intel
priority     : 400
refcnt       : 1
selftest     : passed
type         : ablkcipher
async        : yes
blocksize    : 16
min keysize  : 32
max keysize  : 48
ivsize       : 16
geniv        : <default>

name         : rfc3686(ctr(aes))
driver       : rfc3686-ctr-aes-aesni
module       : aesni_intel
priority     : 400
refcnt       : 1
selftest     : passed
type         : ablkcipher
async        : yes
blocksize    : 1
min keysize  : 20
max keysize  : 36
ivsize       : 8
geniv        : seqiv

name         : rfc4106(gcm(aes))
driver       : rfc4106-gcm-aesni
module       : aesni_intel
priority     : 400
refcnt       : 1
selftest     : passed
type         : nivaead
async        : yes
blocksize    : 1
ivsize       : 8
maxauthsize  : 16
geniv        : seqiv

name         : __gcm-aes-aesni
driver       : __driver-gcm-aes-aesni
module       : aesni_intel
priority     : 0
refcnt       : 1
selftest     : passed
type         : aead
async        : no
blocksize    : 1
ivsize       : 0
maxauthsize  : 0
geniv        : <built-in>

name         : ctr(aes)
driver       : ctr-aes-aesni
module       : aesni_intel
priority     : 400
refcnt       : 1
selftest     : passed
type         : ablkcipher
async        : yes
blocksize    : 1
min keysize  : 16
max keysize  : 32
ivsize       : 16
geniv        : chainiv

name         : __ctr-aes-aesni
driver       : __driver-ctr-aes-aesni
module       : aesni_intel
priority     : 0
refcnt       : 1
selftest     : passed
type         : blkcipher
blocksize    : 1
min keysize  : 16
max keysize  : 32
ivsize       : 16
geniv        : <default>

name         : cbc(aes)
driver       : cbc-aes-aesni
module       : aesni_intel
priority     : 400
refcnt       : 1
selftest     : passed
type         : ablkcipher
async        : yes
blocksize    : 16
min keysize  : 16
max keysize  : 32
ivsize       : 16
geniv        : <default>

name         : __ecb-aes-aesni
driver       : cryptd(__driver-ecb-aes-aesni)
module       : cryptd
priority     : 50
refcnt       : 1
selftest     : passed
type         : ablkcipher
async        : yes
blocksize    : 16
min keysize  : 16
max keysize  : 32
ivsize       : 0
geniv        : <default>

name         : ecb(aes)
driver       : ecb-aes-aesni
module       : aesni_intel
priority     : 400
refcnt       : 1
selftest     : passed
type         : ablkcipher
async        : yes
blocksize    : 16
min keysize  : 16
max keysize  : 32
ivsize       : 0
geniv        : <default>

name         : __cbc-aes-aesni
driver       : __driver-cbc-aes-aesni
module       : aesni_intel
priority     : 0
refcnt       : 1
selftest     : passed
type         : blkcipher
blocksize    : 16
min keysize  : 16
max keysize  : 32
ivsize       : 0
geniv        : <default>

name         : __ecb-aes-aesni
driver       : __driver-ecb-aes-aesni
module       : aesni_intel
priority     : 0
refcnt       : 1
selftest     : passed
type         : blkcipher
blocksize    : 16
min keysize  : 16
max keysize  : 32
ivsize       : 0
geniv        : <default>

name         : __aes-aesni
driver       : __driver-aes-aesni
module       : aesni_intel
priority     : 0
refcnt       : 1
selftest     : passed
type         : cipher
blocksize    : 16
min keysize  : 16
max keysize  : 32

name         : aes
driver       : aes-aesni
module       : aesni_intel
priority     : 300
refcnt       : 1
selftest     : passed
type         : cipher
blocksize    : 16
min keysize  : 16
max keysize  : 32

name         : aes
driver       : aes-asm
module       : aes_x86_64
priority     : 200
refcnt       : 1
selftest     : passed
type         : cipher
blocksize    : 16
min keysize  : 16
max keysize  : 32

name         : aes
driver       : aes-generic
module       : aes_generic
priority     : 100
refcnt       : 1
selftest     : passed
type         : cipher
blocksize    : 16
min keysize  : 16
max keysize  : 32

name         : stdrng
driver       : krng
module       : kernel
priority     : 200
refcnt       : 2
selftest     : passed
type         : rng
seedsize     : 0

name         : md5
driver       : md5-generic
module       : kernel
priority     : 0
refcnt       : 1
selftest     : passed
type         : shash
blocksize    : 64
digestsize   : 16

+ __________________________/proc/sys/net/core/xfrm-star
/usr/lib/ipsec/barf: 190: /usr/lib/ipsec/barf: __________________________/proc/sys/net/core/xfrm-star: not found
+ echo -n /proc/sys/net/core/xfrm_acq_expires:
/proc/sys/net/core/xfrm_acq_expires: + cat /proc/sys/net/core/xfrm_acq_expires
30
+ echo -n /proc/sys/net/core/xfrm_aevent_etime:
/proc/sys/net/core/xfrm_aevent_etime: + cat /proc/sys/net/core/xfrm_aevent_etime
10
+ echo -n /proc/sys/net/core/xfrm_aevent_rseqth:
/proc/sys/net/core/xfrm_aevent_rseqth: + cat /proc/sys/net/core/xfrm_aevent_rseqth
2
+ echo -n /proc/sys/net/core/xfrm_larval_drop:
/proc/sys/net/core/xfrm_larval_drop: + cat /proc/sys/net/core/xfrm_larval_drop
1
+ _________________________ /proc/sys/net/ipsec-star
+
+ test -d /proc/sys/net/ipsec
+ _________________________ ipsec/status
+
+ ipsec auto --status
000 using kernel interface: netkey
000 interface lo/lo ::1
000 interface lo/lo 127.0.0.1
000 interface lo/lo 127.0.0.1
000 interface eth0:1/eth0:1 192.168.210.166
000 interface eth0:1/eth0:1 192.168.210.166
000 interface eth0/eth0 yyy.yyy.27.141
000 interface eth0/eth0 yyy.yyy.27.141
000 %myid = (none)
000 debug none
000
000 virtual_private (%priv):
000 - allowed 6 subnets: 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 25.0.0.0/8, fd00::/8, fe80::/10
000 - disallowed 0 subnets:
000 WARNING: Disallowed subnets in virtual_private= is empty. If you have
000          private address space in internal use, it should be excluded!
000
000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64, keysizemax=64
000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192, keysizemax=192
000 algorithm ESP encrypt: id=6, name=ESP_CAST, ivlen=8, keysizemin=40, keysizemax=128
000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8, keysizemin=40, keysizemax=448
000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0, keysizemax=0
000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=13, name=ESP_AES_CTR, ivlen=8, keysizemin=160, keysizemax=288
000 algorithm ESP encrypt: id=14, name=ESP_AES_CCM_A, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=15, name=ESP_AES_CCM_B, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=16, name=ESP_AES_CCM_C, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=18, name=ESP_AES_GCM_A, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=19, name=ESP_AES_GCM_B, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=20, name=ESP_AES_GCM_C, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=22, name=ESP_CAMELLIA, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160
000 algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256, keysizemin=256, keysizemax=256
000 algorithm ESP auth attr: id=6, name=AUTH_ALGORITHM_HMAC_SHA2_384, keysizemin=384, keysizemax=384
000 algorithm ESP auth attr: id=7, name=AUTH_ALGORITHM_HMAC_SHA2_512, keysizemin=512, keysizemax=512
000 algorithm ESP auth attr: id=8, name=AUTH_ALGORITHM_HMAC_RIPEMD, keysizemin=160, keysizemax=160
000 algorithm ESP auth attr: id=9, name=AUTH_ALGORITHM_AES_CBC, keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=251, name=(null), keysizemin=0, keysizemax=0
000
000 algorithm IKE encrypt: id=0, name=(null), blocksize=16, keydeflen=131
000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8, keydeflen=192
000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16, keydeflen=128
000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20
000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
000 algorithm IKE dh group: id=22, name=OAKLEY_GROUP_DH22, bits=1024
000 algorithm IKE dh group: id=23, name=OAKLEY_GROUP_DH23, bits=2048
000 algorithm IKE dh group: id=24, name=OAKLEY_GROUP_DH24, bits=2048
000
000 stats db_ops: {curr_cnt, total_cnt, maxsz} :context={0,2,64} trans={0,2,3072} attrs={0,2,2048}
000
000 "net1": 192.168.210.0/24===yyy.yyy.27.141<yyy.yyy.27.141>[+S=C]---yyy.yyy.27.137...zzz.zzz.2.74<zzz.zzz.2.74>[+S=C]===10.41.35.0/24; erouted; eroute owner: #2
000 "net1":     myip=unset; hisip=unset;
000 "net1":   ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
000 "net1":   policy: PSK+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW+SAREFTRACK+lKOD+rKOD; prio: 24,24; interface: eth0;
000 "net1":   newest ISAKMP SA: #1; newest IPsec SA: #2;
000 "net1":   IKE algorithms wanted: 3DES_CBC(5)_000-SHA1(2)_000-MODP1536(5), 3DES_CBC(5)_000-SHA1(2)_000-MODP1024(2); flags=-strict
000 "net1":   IKE algorithms found:  3DES_CBC(5)_192-SHA1(2)_160-MODP1536(5), 3DES_CBC(5)_192-SHA1(2)_160-MODP1024(2)
000 "net1":   IKE algorithm newest: 3DES_CBC_192-SHA1-MODP1024
000 "net1":   ESP algorithms wanted: 3DES(3)_000-SHA1(2)_000; flags=-strict
000 "net1":   ESP algorithms loaded: 3DES(3)_192-SHA1(2)_160
000 "net1":   ESP algorithm newest: 3DES_000-HMAC_SHA1; pfsgroup=<Phase1>
000
000 #2: "net1":500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 27846s; newest IPSEC; eroute owner; isakmp#1; idle; import:admin initiate
000 #2: "net1" esp.179eb620@zzz.zzz.2.74 esp.c9d8f36d@yyy.yyy.27.141 tun.0@zzz.zzz.2.74 tun.0@yyy.yyy.27.141 ref=0 refhim=4294901761
000 #1: "net1":500 STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 2262s; newest ISAKMP; lastdpd=-1s(seq in:0 out:0); idle; import:admin initiate
000
+ _________________________ ifconfig-a
+
+ ifconfig -a
eth0      Link encap:Ethernet  HWaddr ac:16:2d:00:f4:be
          inet addr:yyy.yyy.27.141  Bcast:yyy.yyy.27.143  Mask:255.255.255.248
          inet6 addr: fe80::ae16:2dff:fe00:f4be/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:26825 errors:0 dropped:0 overruns:0 frame:0
          TX packets:24098 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:8137237 (7.7 MiB)  TX bytes:10516102 (10.0 MiB)
          Interrupt:20 Memory:f7c00000-f7c20000

eth0:1    Link encap:Ethernet  HWaddr ac:16:2d:00:f4:be
          inet addr:192.168.210.166  Bcast:192.168.210.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:20 Memory:f7c00000-f7c20000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

+ _________________________ ip-addr-list
+
+ ip addr list
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether ac:16:2d:00:f4:be brd ff:ff:ff:ff:ff:ff
    inet 192.168.210.166/24 brd 192.168.210.255 scope global eth0:1
    inet yyy.yyy.27.141/29 brd yyy.yyy.27.143 scope global eth0
    inet6 fe80::ae16:2dff:fe00:f4be/64 scope link
       valid_lft forever preferred_lft forever
+ _________________________ ip-route-list
+
+ ip route list
default via yyy.yyy.27.137 dev eth0
192.168.210.0/24 dev eth0  proto kernel  scope link  src 192.168.210.166
yyy.yyy.27.136/29 dev eth0  proto kernel  scope link  src yyy.yyy.27.141
+ _________________________ ip-rule-list
+
+ ip rule list
0:	from all lookup local
32766:	from all lookup main
32767:	from all lookup default
+ _________________________ ipsec_verify
+
+ ipsec verify --nocolour
Checking your system to see if IPsec got installed and started correctly:
Version check and ipsec on-path                             	[OK]
Linux Openswan U2.6.37-g955aaafb-dirty/K3.2.0-4-amd64 (netkey)
Checking for IPsec support in kernel                        	[OK]
 SAref kernel support                                       	[N/A]
 NETKEY:  Testing XFRM related proc values                  	[OK]
	[OK]
	[OK]
Checking that pluto is running                              	[OK]
 Pluto listening for IKE on udp 500                         	[OK]
 Pluto listening for NAT-T on udp 4500                      	[OK]
Checking for 'ip' command                                   	[OK]
Checking /bin/sh is not /bin/dash                           	[WARNING]
Checking for 'iptables' command                             	[OK]
Opportunistic Encryption Support                            	[DISABLED]
+ _________________________ mii-tool
+
+ [ -x /sbin/mii-tool ]
+ /sbin/mii-tool -v
SIOCGMIIREG on eth0 failed: Input/output error
SIOCGMIIREG on eth0 failed: Input/output error
eth0: negotiated 100baseTx-FD, link ok
  product info: vendor 00:55:00, model 9 rev 0
  basic mode:   autonegotiation enabled
  basic status: autonegotiation complete, link ok
  capabilities: 1000baseT-FD 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
  advertising:  100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control
  link partner: 1000baseT-FD 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
+ _________________________ ipsec/directory
+
+ ipsec --directory
/usr/lib/ipsec
+ _________________________ hostname/fqdn
+
+ hostname --fqdn
ipsec01
+ _________________________ hostname/ipaddress
+
+ hostname --ip-address
127.0.1.1
+ _________________________ uptime
+
+ uptime
 16:51:47 up  1:30,  3 users,  load average: 0.00, 0.01, 0.05
+ _________________________ ps
+
+ ps alxwf
egrep -i ppid|pluto|ipsec|klips
F   UID   PID  PPID PRI  NI    VSZ   RSS WCHAN  STAT TTY        TIME COMMAND
0     0  5646  5238  20   0   4176   700 -      S+   pts/0      0:00          \_ /bin/sh /usr/lib/ipsec/barf
0     0  5733  5646  20   0   6296   596 -      S+   pts/0      0:00              \_ egrep -i ppid|pluto|ipsec|klips
1     0  5549     1  20   0   4176   292 -      S    pts/0      0:00 /bin/sh /usr/lib/ipsec/_plutorun --debug  --uniqueids yes --force_busy no --nocrsend no --strictcrlpolicy no --nat_traversal yes --keep_alive  --protostack netkey --force_keepalive no --disable_port_floating no --virtual_private %v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10 --listen  --crlcheckinterval 0 --ocspuri  --nhelpers  --dump /var/run/pluto/ --opts  --stderrlog /var/log/pluto.log --wait no --pre  --post  --log daemon.error --plutorestartoncrash true --pid /var/run/pluto/pluto.pid
1     0  5551  5549  20   0   4176   316 -      S    pts/0      0:00  \_ /bin/sh /usr/lib/ipsec/_plutorun --debug  --uniqueids yes --force_busy no --nocrsend no --strictcrlpolicy no --nat_traversal yes --keep_alive  --protostack netkey --force_keepalive no --disable_port_floating no --virtual_private %v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10 --listen  --crlcheckinterval 0 --ocspuri  --nhelpers  --dump /var/run/pluto/ --opts  --stderrlog /var/log/pluto.log --wait no --pre  --post  --log daemon.error --plutorestartoncrash true --pid /var/run/pluto/pluto.pid
4     0  5555  5551  20   0  70028  3628 -      S    pts/0      0:00  |   \_ /usr/lib/ipsec/pluto --nofork --secretsfile /etc/ipsec.secrets --ipsecdir /etc/ipsec.d --use-netkey --uniqueids --nat_traversal --virtual_private %v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10 --stderrlog
1     0  5559  5555  30  10  70036  1172 -      SN   pts/0      0:00  |       \_ pluto helper  #  0
1     0  5560  5555  30  10  70036  1172 -      SN   pts/0      0:00  |       \_ pluto helper  #  1
1     0  5561  5555  30  10  70036  1168 -      SN   pts/0      0:00  |       \_ pluto helper  #  2
0     0  5586  5555  20   0   6080   344 -      S    pts/0      0:00  |       \_ _pluto_adns
0     0  5552  5549  20   0   4176   672 -      S    pts/0      0:00  \_ /bin/sh /usr/lib/ipsec/_plutoload --wait no --post
0     0  5550     1  20   0   4084   644 -      S    pts/0      0:00 logger -s -p daemon.error -t ipsec__plutorun
+ _________________________ ipsec/showdefaults
+
+ ipsec showdefaults
routephys=eth0
routevirt=none
routeaddr=192.168.210.166
routenexthop=yyy.yyy.27.137
+ _________________________ ipsec/conf
+
+ ipsec _include /etc/ipsec.conf
+ ipsec _keycensor

#< /etc/ipsec.conf 1
version	2.0	# conforms to second version of ipsec.conf specification
config setup
	dumpdir=/var/run/pluto/
	nat_traversal=yes
	virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v6:fd00::/8,%v6:fe80::/10
	oe=off
	protostack=netkey
	plutostderrlog=/var/log/pluto.log


conn net1
	# connection
	authby=secret
	auto=start
	keylife=8h


	# phase 1 IKA
	#ike=3des-sha1;modp1028
	ike=3des-sha1

	# phase 2

	type=tunnel
	phase2=esp
	#phase2alg=3des-sha1;modp1028
	phase2alg=3des-sha1
	#psf=yes


	#keyexchange=ike
#	esp=3des-sha1


	# Linux openswan
	left=yyy.yyy.27.141
	leftsubnet=192.168.210.0/24
	#leftnexthop=yyy.yyy.27.137
	leftnexthop=%defaultroute
	# juniper ISG 2000 at net1 networks
	right=zzz.zzz.2.74
	rightsubnet=10.41.35.0/24
#	rightnexthop=%defaultroute


+ _________________________ ipsec/secrets
+
+ ipsec _include /etc/ipsec.secrets
+ ipsec _secretcensor

#< /etc/ipsec.secrets 1
# This file holds shared secrets or RSA private keys for inter-Pluto
# authentication.  See ipsec_pluto(8) manpage, and HTML documentation.

# RSA private key for this host, authenticating it to any other host
# which knows the public part.  Suitable public keys, for ipsec.conf, DNS,
# or configuration of other implementations, can be extracted conveniently
# with "[sums to ef67...]".

# this file is managed with debconf and will contain the automatically created RSA keys

#< /var/lib/openswan/ipsec.secrets.inc 1
yyy.yyy.27.141 zzz.zzz.2.74: PSK "[sums to c825...]"


#> /etc/ipsec.secrets 11
+ _________________________ ipsec/listall
+
+ ipsec auto --listall
000
000 List of Public Keys:
000
000 List of Pre-shared secrets (from /etc/ipsec.secrets)
000     1: PSK zzz.zzz.2.74 yyy.yyy.27.141
+ [ /etc/ipsec.d/policies ]
+ basename /etc/ipsec.d/policies/block
+ base=block
+ _________________________ ipsec/policies/block
+
+ cat /etc/ipsec.d/policies/block
# This file defines the set of CIDRs (network/mask-length) to which
# communication should never be allowed.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: block.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#

+ basename /etc/ipsec.d/policies/clear
+ base=clear
+ _________________________ ipsec/policies/clear
+
+ cat /etc/ipsec.d/policies/clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be in the clear.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#

# root name servers should be in the clear
192.58.128.30/32
198.41.0.4/32
192.228.79.201/32
192.33.4.12/32
128.8.10.90/32
192.203.230.10/32
192.5.5.241/32
192.112.36.4/32
128.63.2.53/32
192.36.148.17/32
193.0.14.129/32
199.7.83.42/32
202.12.27.33/32
+ basename /etc/ipsec.d/policies/clear-or-private
+ base=clear-or-private
+ _________________________ ipsec/policies/clear-or-private
+
+ cat /etc/ipsec.d/policies/clear-or-private
# This file defines the set of CIDRs (network/mask-length) to which
# we will communicate in the clear, or, if the other side initiates IPSEC,
# using encryption.  This behaviour is also called "Opportunistic Responder".
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: clear-or-private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
+ basename /etc/ipsec.d/policies/private
+ base=private
+ _________________________ ipsec/policies/private
+
+ cat /etc/ipsec.d/policies/private
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be private (i.e. encrypted).
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: private.in,v 1.4 2003/02/17 02:22:15 mcr Exp $
#
+ basename /etc/ipsec.d/policies/private-or-clear
+ base=private-or-clear
+ _________________________ ipsec/policies/private-or-clear
+
+ cat /etc/ipsec.d/policies/private-or-clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should be private, if possible, but in the clear otherwise.
#
# If the target has a TXT (later IPSECKEY) record that specifies
# authentication material, we will require private (i.e. encrypted)
# communications.  If no such record is found, communications will be
# in the clear.
#
# See /usr/share/doc/openswan/policygroups.html for details.
#
# $Id: private-or-clear.in,v 1.5 2003/02/17 02:22:15 mcr Exp $
#

0.0.0.0/0
+ _________________________ ipsec/ls-libdir
+
+ ls -l /usr/lib/ipsec
total 2432
-rwxr-xr-x 1 root root  10576 May 27  2012 _copyright
-rwxr-xr-x 1 root root   2430 May 27  2012 _include
-rwxr-xr-x 1 root root   1475 May 27  2012 _keycensor
-rwxr-xr-x 1 root root  14512 May 27  2012 _pluto_adns
-rwxr-xr-x 1 root root   2567 May 27  2012 _plutoload
-rwxr-xr-x 1 root root   8299 May 27  2012 _plutorun
-rwxr-xr-x 1 root root  13684 May 27  2012 _realsetup
-rwxr-xr-x 1 root root   1975 May 27  2012 _secretcensor
-rwxr-xr-x 1 root root  12347 May 27  2012 _startklips
-rwxr-xr-x 1 root root   6188 May 27  2012 _startnetkey
-rwxr-xr-x 1 root root   4911 May 27  2012 _updown
-rwxr-xr-x 1 root root  17776 May 27  2012 _updown.klips
-rwxr-xr-x 1 root root  17537 May 27  2012 _updown.mast
-rwxr-xr-x 1 root root  12700 May 27  2012 _updown.netkey
-rwxr-xr-x 1 root root 234088 May 27  2012 addconn
-rwxr-xr-x 1 root root   6167 May 27  2012 auto
-rwxr-xr-x 1 root root  11317 May 27  2012 barf
-rwxr-xr-x 1 root root  97992 May 27  2012 eroute
-rwxr-xr-x 1 root root  30888 May 27  2012 ikeping
-rwxr-xr-x 1 root root  77800 May 27  2012 klipsdebug
-rwxr-xr-x 1 root root   2783 May 27  2012 look
-rwxr-xr-x 1 root root   2189 May 27  2012 newhostkey
-rwxr-xr-x 1 root root  73224 May 27  2012 pf_key
-rwxr-xr-x 1 root root 982248 May 27  2012 pluto
-rwxr-xr-x 1 root root  12349 May 27  2012 policy
-rwxr-xr-x 1 root root  10552 May 27  2012 ranbits
-rwxr-xr-x 1 root root  27360 May 27  2012 rsasigkey
-rwxr-xr-x 1 root root    704 May 27  2012 secrets
lrwxrwxrwx 1 root root     17 May 27  2012 setup -> /etc/init.d/ipsec
-rwxr-xr-x 1 root root   1126 May 27  2012 showdefaults
-rwxr-xr-x 1 root root 292312 May 27  2012 showhostkey
-rwxr-xr-x 1 root root 180736 May 27  2012 spi
-rwxr-xr-x 1 root root  85656 May 27  2012 spigrp
-rwxr-xr-x 1 root root  81192 May 27  2012 tncfg
-rwxr-xr-x 1 root root  14674 May 27  2012 verify
-rwxr-xr-x 1 root root  64056 May 27  2012 whack
+ _________________________ ipsec/ls-execdir
+
+ ls -l /usr/lib/ipsec
total 2432
-rwxr-xr-x 1 root root  10576 May 27  2012 _copyright
-rwxr-xr-x 1 root root   2430 May 27  2012 _include
-rwxr-xr-x 1 root root   1475 May 27  2012 _keycensor
-rwxr-xr-x 1 root root  14512 May 27  2012 _pluto_adns
-rwxr-xr-x 1 root root   2567 May 27  2012 _plutoload
-rwxr-xr-x 1 root root   8299 May 27  2012 _plutorun
-rwxr-xr-x 1 root root  13684 May 27  2012 _realsetup
-rwxr-xr-x 1 root root   1975 May 27  2012 _secretcensor
-rwxr-xr-x 1 root root  12347 May 27  2012 _startklips
-rwxr-xr-x 1 root root   6188 May 27  2012 _startnetkey
-rwxr-xr-x 1 root root   4911 May 27  2012 _updown
-rwxr-xr-x 1 root root  17776 May 27  2012 _updown.klips
-rwxr-xr-x 1 root root  17537 May 27  2012 _updown.mast
-rwxr-xr-x 1 root root  12700 May 27  2012 _updown.netkey
-rwxr-xr-x 1 root root 234088 May 27  2012 addconn
-rwxr-xr-x 1 root root   6167 May 27  2012 auto
-rwxr-xr-x 1 root root  11317 May 27  2012 barf
-rwxr-xr-x 1 root root  97992 May 27  2012 eroute
-rwxr-xr-x 1 root root  30888 May 27  2012 ikeping
-rwxr-xr-x 1 root root  77800 May 27  2012 klipsdebug
-rwxr-xr-x 1 root root   2783 May 27  2012 look
-rwxr-xr-x 1 root root   2189 May 27  2012 newhostkey
-rwxr-xr-x 1 root root  73224 May 27  2012 pf_key
-rwxr-xr-x 1 root root 982248 May 27  2012 pluto
-rwxr-xr-x 1 root root  12349 May 27  2012 policy
-rwxr-xr-x 1 root root  10552 May 27  2012 ranbits
-rwxr-xr-x 1 root root  27360 May 27  2012 rsasigkey
-rwxr-xr-x 1 root root    704 May 27  2012 secrets
lrwxrwxrwx 1 root root     17 May 27  2012 setup -> /etc/init.d/ipsec
-rwxr-xr-x 1 root root   1126 May 27  2012 showdefaults
-rwxr-xr-x 1 root root 292312 May 27  2012 showhostkey
-rwxr-xr-x 1 root root 180736 May 27  2012 spi
-rwxr-xr-x 1 root root  85656 May 27  2012 spigrp
-rwxr-xr-x 1 root root  81192 May 27  2012 tncfg
-rwxr-xr-x 1 root root  14674 May 27  2012 verify
-rwxr-xr-x 1 root root  64056 May 27  2012 whack
+ _________________________ /proc/net/dev
+
+ cat /proc/net/dev
Inter-|   Receive                                                |  Transmit
 face |bytes    packets errs drop fifo frame compressed multicast|bytes    packets errs drop fifo colls carrier compressed
    lo:       0       0    0    0    0     0          0         0        0       0    0    0    0     0       0          0
  eth0: 8137723   26829    0    0    0     0          0       150 10516468   24102    0    0    0     0       0          0
+ _________________________ /proc/net/route
+
+ cat /proc/net/route
Iface	Destination	Gateway 	Flags	RefCnt	Use	Metric	Mask		MTU	Window	IRTT
eth0	00000000	891BF3C3	0003	0	0	0	00000000	0	0	0
eth0	00D2A8C0	00000000	0001	0	0	0	00FFFFFF	0	0	0
eth0	881BF3C3	00000000	0001	0	0	0	F8FFFFFF	0	0	0
+ _________________________ /proc/sys/net/ipv4/ip_no_pmtu_disc
+
+ cat /proc/sys/net/ipv4/ip_no_pmtu_disc
0
+ _________________________ /proc/sys/net/ipv4/ip_forward
+
+ cat /proc/sys/net/ipv4/ip_forward
1
+ _________________________ /proc/sys/net/ipv4/tcp_ecn
+
+ cat /proc/sys/net/ipv4/tcp_ecn
2
+ _________________________ /proc/sys/net/ipv4/conf/star-rp_filter
+
+ cd /proc/sys/net/ipv4/conf
+ egrep ^ all/rp_filter default/rp_filter eth0/rp_filter lo/rp_filter
all/rp_filter:0
default/rp_filter:0
eth0/rp_filter:0
lo/rp_filter:0
+ _________________________ /proc/sys/net/ipv4/conf/star-star-redirects
+
+ cd /proc/sys/net/ipv4/conf
+ egrep ^ all/accept_redirects all/secure_redirects all/send_redirects default/accept_redirects default/secure_redirects default/send_redirects eth0/accept_redirects eth0/secure_redirects eth0/send_redirects lo/accept_redirects lo/secure_redirects lo/send_redirects
all/accept_redirects:0
all/secure_redirects:1
all/send_redirects:0
default/accept_redirects:0
default/secure_redirects:1
default/send_redirects:0
eth0/accept_redirects:0
eth0/secure_redirects:1
eth0/send_redirects:0
lo/accept_redirects:0
lo/secure_redirects:1
lo/send_redirects:0
+ _________________________ /proc/sys/net/ipv4/tcp_window_scaling
+
+ cat /proc/sys/net/ipv4/tcp_window_scaling
1
+ _________________________ /proc/sys/net/ipv4/tcp_adv_win_scale
+
+ cat /proc/sys/net/ipv4/tcp_adv_win_scale
1
+ _________________________ uname-a
+
+ uname -a
Linux ipsec01 3.2.0-4-amd64 #1 SMP Debian 3.2.46-1 x86_64 GNU/Linux
+ _________________________ config-built-with
+
+ test -r /proc/config_built_with
+ _________________________ distro-release
+
+ test -f /etc/redhat-release
+ test -f /etc/debian-release
+ test -f /etc/SuSE-release
+ test -f /etc/mandrake-release
+ test -f /etc/mandriva-release
+ test -f /etc/gentoo-release
+ _________________________ /proc/net/ipsec_version
+
+ test -r /proc/net/ipsec_version
+ test -r /proc/net/pfkey
+ uname -r
+ echo NETKEY (3.2.0-4-amd64) support detected
NETKEY (3.2.0-4-amd64) support detected
+ _________________________ iptables
+
+ test -r /sbin/iptables-save
+ iptables-save
# Generated by iptables-save v1.4.14 on Tue Aug 13 16:51:47 2013
*filter
:INPUT ACCEPT [7439:429177]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [6918:2681120]
-A FORWARD -i eth0:0 -j ACCEPT
COMMIT
# Completed on Tue Aug 13 16:51:47 2013
# Generated by iptables-save v1.4.14 on Tue Aug 13 16:51:47 2013
*mangle
:PREROUTING ACCEPT [9309:667224]
:INPUT ACCEPT [9309:667224]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [8235:3066592]
:POSTROUTING ACCEPT [8235:3066592]
COMMIT
# Completed on Tue Aug 13 16:51:47 2013
# Generated by iptables-save v1.4.14 on Tue Aug 13 16:51:47 2013
*nat
:PREROUTING ACCEPT [7:445]
:INPUT ACCEPT [7:445]
:OUTPUT ACCEPT [30:1968]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -j MASQUERADE
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Tue Aug 13 16:51:47 2013
+ _________________________ iptables-nat
+
+ iptables-save -t nat
# Generated by iptables-save v1.4.14 on Tue Aug 13 16:51:47 2013
*nat
:PREROUTING ACCEPT [7:445]
:INPUT ACCEPT [7:445]
:OUTPUT ACCEPT [30:1968]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -j MASQUERADE
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Tue Aug 13 16:51:47 2013
+ _________________________ iptables-mangle
+
+ iptables-save -t mangle
# Generated by iptables-save v1.4.14 on Tue Aug 13 16:51:47 2013
*mangle
:PREROUTING ACCEPT [9309:667224]
:INPUT ACCEPT [9309:667224]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [8235:3066592]
:POSTROUTING ACCEPT [8235:3066592]
COMMIT
# Completed on Tue Aug 13 16:51:47 2013
+ _________________________ ip6tables
+
+ test -r /sbin/ip6tables-save
+ ip6tables-save
# Generated by ip6tables-save v1.4.14 on Tue Aug 13 16:51:47 2013
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed on Tue Aug 13 16:51:47 2013
+ _________________________ ip6tables-mangle
+
+ ip6tables-save -t mangle
# Generated by ip6tables-save v1.4.14 on Tue Aug 13 16:51:47 2013
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed on Tue Aug 13 16:51:47 2013
+ _________________________ ip6tables
+
+ _________________________ /proc/modules
+
+ test -f /proc/modules
+ cat /proc/modules
xfrm_user 27310 2 - Live 0xffffffffa051e000
ah6 12802 0 - Live 0xffffffffa0519000
ah4 12755 0 - Live 0xffffffffa0514000
esp6 12796 0 - Live 0xffffffffa050f000
esp4 12792 2 - Live 0xffffffffa050a000
xfrm4_mode_beet 12475 0 - Live 0xffffffffa0505000
xfrm4_tunnel 12617 0 - Live 0xffffffffa0500000
xfrm4_mode_tunnel 12496 4 - Live 0xffffffffa04f6000
xfrm4_mode_transport 12490 0 - Live 0xffffffffa04f1000
xfrm6_mode_transport 12490 0 - Live 0xffffffffa04ec000
xfrm6_mode_ro 12430 0 - Live 0xffffffffa04e7000
xfrm6_mode_beet 12522 0 - Live 0xffffffffa04e2000
xfrm6_mode_tunnel 12581 2 - Live 0xffffffffa04dd000
ipcomp 12507 0 - Live 0xffffffffa04d8000
ipcomp6 12507 0 - Live 0xffffffffa04d3000
xfrm6_tunnel 13032 1 ipcomp6, Live 0xffffffffa04ce000
tunnel6 12592 1 xfrm6_tunnel, Live 0xffffffffa04bf000
xfrm_ipcomp 12600 2 ipcomp,ipcomp6, Live 0xffffffffa04c9000
af_key 31759 0 - Live 0xffffffffa04b6000
iptable_filter 12536 1 - Live 0xffffffffa0608000
ip6table_mangle 12540 0 - Live 0xffffffffa0603000
ip6_tables 22175 1 ip6table_mangle, Live 0xffffffffa05f8000
iptable_mangle 12536 0 - Live 0xffffffffa05e4000
nfnetlink_log 17212 0 - Live 0xffffffffa05f2000
nfnetlink 12906 1 nfnetlink_log, Live 0xffffffffa05e9000
authenc 13417 2 - Live 0xffffffffa05d4000
rmd160 16640 0 - Live 0xffffffffa05d9000
sha1_ssse3 16983 2 - Live 0xffffffffa05ce000
sha1_generic 12582 1 sha1_ssse3, Live 0xffffffffa05c9000
hmac 12835 4 - Live 0xffffffffa05c4000
crypto_null 12732 0 - Live 0xffffffffa05bf000
camellia 29068 0 - Live 0xffffffffa05b6000
lzo 12531 0 - Live 0xffffffffa05b1000
cast6 16681 0 - Live 0xffffffffa05ab000
cast5 24829 0 - Live 0xffffffffa05a3000
deflate 12551 0 - Live 0xffffffffa059e000
zlib_deflate 25638 1 deflate, Live 0xffffffffa0596000
cts 12811 0 - Live 0xffffffffa0591000
ctr 12979 0 - Live 0xffffffffa058c000
gcm 19077 0 - Live 0xffffffffa0582000
ccm 17727 0 - Live 0xffffffffa057c000
serpent 29015 0 - Live 0xffffffffa0573000
blowfish_generic 12464 0 - Live 0xffffffffa056e000
blowfish_x86_64 21201 0 - Live 0xffffffffa0567000
blowfish_common 16487 2 blowfish_generic,blowfish_x86_64, Live 0xffffffffa0561000
twofish_generic 16569 0 - Live 0xffffffffa055b000
twofish_x86_64_3way 25167 0 - Live 0xffffffffa0553000
twofish_x86_64 12541 1 twofish_x86_64_3way, Live 0xffffffffa054e000
twofish_common 20544 3 twofish_generic,twofish_x86_64_3way,twofish_x86_64, Live 0xffffffffa0547000
ecb 12737 0 - Live 0xffffffffa0542000
xcbc 12709 0 - Live 0xffffffffa053d000
cbc 12754 2 - Live 0xffffffffa0538000
sha256_generic 16797 0 - Live 0xffffffffa0532000
sha512_generic 12625 0 - Live 0xffffffffa0526000
des_generic 20851 2 - Live 0xffffffffa052b000
tunnel4 12629 1 xfrm4_tunnel, Live 0xffffffffa04fb000
rng_core 12652 0 - Live 0xffffffffa04c4000
ipt_MASQUERADE 12594 2 - Live 0xffffffffa04b1000
iptable_nat 12928 1 - Live 0xffffffffa045f000
nf_nat 18242 2 ipt_MASQUERADE,iptable_nat, Live 0xffffffffa04ab000
nf_conntrack_ipv4 14078 3 iptable_nat,nf_nat, Live 0xffffffffa045a000
nf_defrag_ipv4 12483 1 nf_conntrack_ipv4, Live 0xffffffffa044d000
nf_conntrack 52720 4 ipt_MASQUERADE,iptable_nat,nf_nat,nf_conntrack_ipv4, Live 0xffffffffa049d000
ip_tables 22042 3 iptable_filter,iptable_mangle,iptable_nat, Live 0xffffffffa0453000
x_tables 19118 7 iptable_filter,ip6table_mangle,ip6_tables,iptable_mangle,ipt_MASQUERADE,iptable_nat,ip_tables, Live 0xffffffffa0379000
nfsd 216170 2 - Live 0xffffffffa0467000
nfs 308313 0 - Live 0xffffffffa0400000
nfs_acl 12511 2 nfsd,nfs, Live 0xffffffffa0374000
auth_rpcgss 37143 2 nfsd,nfs, Live 0xffffffffa03f5000
fscache 36739 1 nfs, Live 0xffffffffa036a000
lockd 67306 2 nfsd,nfs, Live 0xffffffffa03e3000
sunrpc 173730 6 nfsd,nfs,nfs_acl,auth_rpcgss,lockd, Live 0xffffffffa03b7000
loop 22641 0 - Live 0xffffffffa02f8000
snd_hda_codec_hdmi 30824 1 - Live 0xffffffffa02ef000
snd_hda_codec_realtek 188858 1 - Live 0xffffffffa0383000
tpm_infineon 12985 0 - Live 0xffffffffa02d5000
i915 378417 1 - Live 0xffffffffa030c000
hp_wmi 13329 0 - Live 0xffffffffa0307000
coretemp 12898 0 - Live 0xffffffffa0302000
crc32c_intel 12747 0 - Live 0xffffffffa02b0000
snd_hda_intel 26259 0 - Live 0xffffffffa0268000
snd_hda_codec 78031 3 snd_hda_codec_hdmi,snd_hda_codec_realtek,snd_hda_intel, Live 0xffffffffa02da000
drm_kms_helper 31370 1 i915, Live 0xffffffffa02ba000
sparse_keymap 12760 1 hp_wmi, Live 0xffffffffa02b5000
ghash_clmulni_intel 13173 0 - Live 0xffffffffa025c000
drm 183952 2 i915,drm_kms_helper, Live 0xffffffffa0282000
snd_hwdep 13186 1 snd_hda_codec, Live 0xffffffffa0229000
snd_pcm 68083 3 snd_hda_codec_hdmi,snd_hda_intel,snd_hda_codec, Live 0xffffffffa02c3000
aesni_intel 50667 0 - Live 0xffffffffa024e000
i2c_i801 16870 0 - Live 0xffffffffa0223000
iTCO_wdt 17081 0 - Live 0xffffffffa022f000
i2c_algo_bit 12841 1 i915, Live 0xffffffffa027d000
snd_page_alloc 13003 2 snd_hda_intel,snd_pcm, Live 0xffffffffa0274000
snd_timer 22917 1 snd_pcm, Live 0xffffffffa0261000
iTCO_vendor_support 12704 1 iTCO_wdt, Live 0xffffffffa01f0000
i2c_core 23876 5 i915,drm_kms_helper,drm,i2c_i801,i2c_algo_bit, Live 0xffffffffa0247000
aes_x86_64 16843 1 aesni_intel, Live 0xffffffffa0217000
psmouse 69265 0 - Live 0xffffffffa0235000
evdev 17562 6 - Live 0xffffffffa021d000
serio_raw 12931 0 - Live 0xffffffffa020c000
tpm_tis 17454 0 - Live 0xffffffffa0211000
rfkill 19012 1 hp_wmi, Live 0xffffffffa01ff000
acpi_cpufreq 12935 0 - Live 0xffffffffa01eb000
mperf 12453 1 acpi_cpufreq, Live 0xffffffffa010e000
pcspkr 12579 0 - Live 0xffffffffa01c8000
tpm 17862 2 tpm_infineon,tpm_tis, Live 0xffffffffa0143000
tpm_bios 12948 1 tpm, Live 0xffffffffa0109000
aes_generic 33026 2 aesni_intel,aes_x86_64, Live 0xffffffffa01f5000
snd 52889 7 snd_hda_codec_hdmi,snd_hda_codec_realtek,snd_hda_intel,snd_hda_codec,snd_hwdep,snd_pcm,snd_timer, Live 0xffffffffa01d8000
cryptd 14517 2 ghash_clmulni_intel,aesni_intel, Live 0xffffffffa01e6000
soundcore 13065 1 snd, Live 0xffffffffa00c1000
video 17683 1 i915, Live 0xffffffffa0206000
processor 28157 1 acpi_cpufreq, Live 0xffffffffa01d0000
button 12937 1 i915, Live 0xffffffffa00d1000
wmi 13243 1 hp_wmi, Live 0xffffffffa00bc000
ext4 350763 1 - Live 0xffffffffa0171000
crc16 12343 1 ext4, Live 0xffffffffa0098000
jbd2 62115 1 ext4, Live 0xffffffffa0160000
mbcache 13114 1 ext4, Live 0xffffffffa004d000
usb_storage 43870 0 - Live 0xffffffffa0137000
usbhid 36418 0 - Live 0xffffffffa00ff000
hid 81328 1 usbhid, Live 0xffffffffa0083000
sg 25874 0 - Live 0xffffffffa007b000
sr_mod 21899 0 - Live 0xffffffffa0070000
cdrom 35401 1 sr_mod, Live 0xffffffffa0066000
sd_mod 36136 3 - Live 0xffffffffa0043000
crc_t10dif 12348 1 sd_mod, Live 0xffffffffa0028000
ahci 24997 2 - Live 0xffffffffa005e000
libahci 22860 1 ahci, Live 0xffffffffa0053000
thermal 17383 0 - Live 0xffffffffa003d000
libata 140630 2 ahci,libahci, Live 0xffffffffa0113000
fan 12674 0 - Live 0xffffffffa0038000
thermal_sys 18040 4 video,processor,thermal,fan, Live 0xffffffffa002e000
xhci_hcd 73434 0 - Live 0xffffffffa014d000
scsi_mod 162269 5 usb_storage,sg,sr_mod,sd_mod,libata, Live 0xffffffffa00d6000
e1000e 120822 0 - Live 0xffffffffa009d000
ehci_hcd 40215 0 - Live 0xffffffffa00c6000
usbcore 128741 5 usb_storage,usbhid,xhci_hcd,ehci_hcd, Live 0xffffffffa0007000
usb_common 12354 1 usbcore, Live 0xffffffffa0000000
+ _________________________ /proc/meminfo
+
+ cat /proc/meminfo
MemTotal:        3933684 kB
MemFree:         3691832 kB
Buffers:           11864 kB
Cached:           157020 kB
SwapCached:            0 kB
Active:            99296 kB
Inactive:          84012 kB
Active(anon):      14460 kB
Inactive(anon):     5792 kB
Active(file):      84836 kB
Inactive(file):    78220 kB
Unevictable:           0 kB
Mlocked:               0 kB
SwapTotal:       8129532 kB
SwapFree:        8129532 kB
Dirty:                 0 kB
Writeback:             0 kB
AnonPages:         14308 kB
Mapped:             7048 kB
Shmem:              5828 kB
Slab:              23396 kB
SReclaimable:       9428 kB
SUnreclaim:        13968 kB
KernelStack:         912 kB
PageTables:         2476 kB
NFS_Unstable:          0 kB
Bounce:                0 kB
WritebackTmp:          0 kB
CommitLimit:    10096372 kB
Committed_AS:      62508 kB
VmallocTotal:   34359738367 kB
VmallocUsed:      361380 kB
VmallocChunk:   34359373364 kB
HardwareCorrupted:     0 kB
AnonHugePages:         0 kB
HugePages_Total:       0
HugePages_Free:        0
HugePages_Rsvd:        0
HugePages_Surp:        0
Hugepagesize:       2048 kB
DirectMap4k:       61440 kB
DirectMap2M:     4016128 kB
+ _________________________ /proc/net/ipsec-ls
+
+ test -f /proc/net/ipsec_version
+ _________________________ usr/src/linux/.config
+
+ test -f /proc/config.gz
+ uname -r
+ test -f /lib/modules/3.2.0-4-amd64/build/.config
+ echo no .config file found, cannot list kernel properties
no .config file found, cannot list kernel properties
+ _________________________ etc/syslog.conf
+
+ _________________________ etc/syslog-ng/syslog-ng.conf
+
+ cat /etc/syslog-ng/syslog-ng.conf
cat: /etc/syslog-ng/syslog-ng.conf: No such file or directory
+ cat /etc/syslog.conf
cat: /etc/syslog.conf: No such file or directory
+ _________________________ etc/resolv.conf
+
+ cat /etc/resolv.conf
nameserver 8.8.8.8
nameserver 8.8.4.4
+ _________________________ lib/modules-ls
+
+ ls -ltr /lib/modules
total 4
drwxr-xr-x 3 root root 4096 Aug 13 08:57 3.2.0-4-amd64
+ _________________________ fipscheck
+
+ cat /proc/sys/crypto/fips_enabled
0
+ _________________________ /proc/ksyms-netif_rx
+
+ test -r /proc/ksyms
+ test -r /proc/kallsyms
+ egrep netif_rx /proc/kallsyms
ffffffff8128fa05 T netif_rx
ffffffff8128fbc9 T netif_rx_ni
+ _________________________ lib/modules-netif_rx
+
+ modulegoo kernel/net/ipv4/ipip.o netif_rx
+ set +x
3.2.0-4-amd64:
+ _________________________ kern.debug
+
+ test -f /var/log/kern.debug
+ _________________________ klog
+
+ sed -n 6069,$p /var/log/syslog
+ egrep+ i ipsec|klips|pluto
cat
Aug 13 16:45:55 ipsec01 ipsec_setup: Starting Openswan IPsec U2.6.37-g955aaafb-dirty/K3.2.0-4-amd64...
Aug 13 16:45:55 ipsec01 kernel: [ 5047.149018] NET: Registered protocol family 15
Aug 13 16:45:55 ipsec01 ipsec_setup: Using NETKEY(XFRM) stack
Aug 13 16:45:55 ipsec01 kernel: [ 5047.220877] Initializing XFRM netlink socket
Aug 13 16:45:55 ipsec01 ipsec_setup: multiple ip addresses, using  192.168.210.166 on eth0
Aug 13 16:45:55 ipsec01 ipsec_setup: ...Openswan IPsec started
Aug 13 16:45:55 ipsec01 pluto: adjusting ipsec.d to /etc/ipsec.d
Aug 13 16:45:55 ipsec01 ipsec__plutorun: 002 added connection description "net1"
Aug 13 16:45:55 ipsec01 ipsec__plutorun: 104 "net1" #1: STATE_MAIN_I1: initiate
+ _________________________ plog
+
+ sed -n 1,$p /var/log/auth.log
+ egrep -i pluto
+ cat
Aug 13 16:45:55 ipsec01 ipsec__plutorun: Starting Pluto subsystem...
+ _________________________ date
+
+ date
Tue Aug 13 16:51:47 CEST 2013