API tools faq
paste
Guest User

Untitled

a guest
Nov 23rd, 2017
174
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 14.86 KB | None | 0 0
raw download clone embed print report
  1. root@efw-1193087387:/etc/ipsec # uname -a ; ipsec --version
  2. Linux efw-1193087387.localdomain 2.6.32.26-57.e40.i586 #1 SMP Fri Nov 26 09:22:49 EST 2010 i686 i686 i386 GNU/Linux
  3. Linux Openswan 2.6.29 (klips)
  4. See `ipsec --copyright' for copyright information.
  5.  
  6. =========================================================================================================================================================
  7.  
  8. ipsec auto --status
  9. 000 using kernel interface: klips
  10. 000 interface ipsec0/eth3 91.113.241.138
  11. 000 interface ipsec0/eth3 91.113.241.138
  12. 000 %myid = (none)
  13. 000 debug none
  14. 000
  15. 000 virtual_private (%priv):
  16. 000 - allowed 3 subnets: 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16
  17. 000 - disallowed 3 subnets: 192.168.2.0/24, 192.168.5.0/24, 192.168.3.0/24
  18. 000
  19. 000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=64, keysizemin=192, keysizemax=192
  20. 000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=128, keysizemin=128, keysizemax=256
  21. 000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128
  22. 000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160
  23. 000
  24. 000 algorithm IKE encrypt: id=3, name=OAKLEY_BLOWFISH_CBC, blocksize=8, keydeflen=128
  25. 000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8, keydeflen=192
  26. 000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16, keydeflen=128
  27. 000 algorithm IKE encrypt: id=65004, name=OAKLEY_SERPENT_CBC, blocksize=16, keydeflen=128
  28. 000 algorithm IKE encrypt: id=65005, name=OAKLEY_TWOFISH_CBC, blocksize=16, keydeflen=128
  29. 000 algorithm IKE encrypt: id=65289, name=OAKLEY_TWOFISH_CBC_SSH, blocksize=16, keydeflen=128
  30. 000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
  31. 000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20
  32. 000 algorithm IKE hash: id=4, name=OAKLEY_SHA2_256, hashsize=32
  33. 000 algorithm IKE hash: id=6, name=OAKLEY_SHA2_512, hashsize=64
  34. 000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
  35. 000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
  36. 000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
  37. 000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
  38. 000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
  39. 000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
  40. 000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
  41. 000
  42. 000 stats db_ops: {curr_cnt, total_cnt, maxsz} :context={0,1,36} trans={0,1,72} attrs={0,1,96}
  43. 000
  44. 000 "LogisLinz": 192.168.2.0/24===91.113.241.138<91.113.241.138>[+S=C]---91.113.241.137...93.82.179.126<93.82.179.126>[+S=C]===192.168.3.0/24; prospective erouted; eroute owner: #0
  45. 000 "LogisLinz": myip=192.168.2.250; hisip=unset;
  46. 000 "LogisLinz": ike_life: 28800s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
  47. 000 "LogisLinz": policy: PSK+ENCRYPT+TUNNEL+UP+IKEv2ALLOW+lKOD+rKOD; prio: 24,24; interface: eth3;
  48. 000 "LogisLinz": dpd: action:clear; delay:30; timeout:120;
  49. 000 "LogisLinz": newest ISAKMP SA: #0; newest IPsec SA: #0;
  50. 000 "LogisLinz": IKE algorithms wanted: AES_CBC(7)_128-MD5(1)_000-MODP1024(2); flags=-strict
  51. 000 "LogisLinz": IKE algorithms found: AES_CBC(7)_128-MD5(1)_128-MODP1024(2)
  52. 000 "LogisLinz": ESP algorithms wanted: AES(12)_128-MD5(1)_000; flags=-strict
  53. 000 "LogisLinz": ESP algorithms loaded: AES(12)_128-MD5(1)_128
  54. 000
  55. 000 #5: "LogisLinz":500 STATE_MAIN_I3 (sent MI3, expecting MR3); none in -1s; lastdpd=-1s(seq in:0 out:0); idle; import:admin initiate
  56. 000 #5: pending Phase 2 for "LogisLinz" replacing #0
  57. 000
  58.  
  59. ========================================================================================================================================================
  60.  
  61. restartipsec.py -df
  62. 2011-06-01 13:05:39,320 - restartipsec.py[14750] - DEBUG - Read settings file /var/efw/ethernet/settings
  63. 2011-06-01 13:05:39,323 - restartipsec.py[14750] - DEBUG - Read settings file /var/efw/vpn/default/settings
  64. 2011-06-01 13:05:39,326 - restartipsec.py[14750] - DEBUG - Read settings file /var/efw/vpn/settings
  65. 2011-06-01 13:05:39,329 - restartipsec.py[14750] - DEBUG - Initialize uplinks Pool with prefix '{'ETC_D': '/var/efw', 'VAR_D': '/var/efw', 'USR_D': '/var/efw', 'USER_D': '/var/efw', 'RUN_D': '/var/efw'}'.
  66. 2011-06-01 13:05:39,331 - restartipsec.py[14750] - DEBUG - Scanning for uplinks in '/var/efw/uplinks'...
  67. 2011-06-01 13:05:39,334 - restartipsec.py[14750] - DEBUG - Inizialize uplink 'main' with prefix '{'ETC_D': '/var/efw', 'VAR_D': '/var/efw', 'USR_D': '/var/efw', 'USER_D': '/var/efw', 'RUN_D': '/var/efw'}'.
  68. 2011-06-01 13:05:39,337 - restartipsec.py[14750] - DEBUG - Update information of uplink 'main'
  69. 2011-06-01 13:05:39,354 - restartipsec.py[14750] - DEBUG - Checking for vanished uplinks in '/var/efw/uplinks'...
  70. 2011-06-01 13:05:39,460 - restartipsec.py[14750] - DEBUG - {'ORANGE_ADDRESS': '', 'ORANGE_SUBNETS': [], 'BLUE_ADDRESS': '192.168.5.250', 'IS_HOSTCERT': False, 'CONNECTIONS': [<__main__.IPSEC instance at 0xb707a54c>], 'ENABLED': 'on', 'GREEN_IPS': '192.168.2.250/24,', 'GREEN_DEV': 'br0', 'GREEN_ADDRESS': '192.168.2.250', 'CONFIG_TYPE': '6', 'BLUE_SUBNETS': ['192.168.5.0/24'], 'GREEN_NETMASK': '255.255.255.0', 'ORANGE_NETMASK': '', 'BLUE_BROADCAST': '192.168.5.255', 'ORANGE_BROADCAST': '', 'GREEN_NETADDRESS': '192.168.2.0', 'VPN_IP': '91.113.241.138', 'ORANGE_NETADDRESS': '', 'ORANGE_DEV': 'br1', 'ENABLED_BLUE': 'off', 'BLUE_NETADDRESS': '192.168.5.0', 'RED_INTERFACES': {0: 'eth3'}, 'GREEN_CIDR': '24', 'BLUE_CIDR': '24', 'GREEN_SUBNETS': ['192.168.2.0/24'], 'ENABLED_ORANGE': 'off', 'BLUE_NETMASK': '255.255.255.0', 'ORANGE_CIDR': '', 'BLUE_DEV': 'br2', 'GREEN_BROADCAST': '192.168.2.255', 'BLUE_IPS': '192.168.5.250/24,', 'ORANGE_IPS': ''}
  71. 2011-06-01 13:05:39,463 - restartipsec.py[14750] - DEBUG - Write config file /etc/firewall/inputfw/ipsec.conf
  72. 2011-06-01 13:05:39,465 - restartipsec.py[14750] - DEBUG - Save old settings file /etc/firewall/inputfw/ipsec.conf
  73. 2011-06-01 13:05:39,550 - restartipsec.py[14750] - DEBUG - Write config file /etc/ipsec/ipsec.conf
  74. 2011-06-01 13:05:39,553 - restartipsec.py[14750] - DEBUG - Save old settings file /etc/ipsec/ipsec.conf
  75. 2011-06-01 13:05:39,978 - restartipsec.py[14750] - DEBUG - Write config file /etc/ipsec/ipsec.secrets
  76. 2011-06-01 13:05:39,980 - restartipsec.py[14750] - DEBUG - Save old settings file /etc/ipsec/ipsec.secrets
  77. ipsec_setup: Stopping Openswan IPsec...
  78. IPsec stopped
  79. 2011-06-01 13:05:41,581 - restartipsec.py[14750] - DEBUG - Start ipsec
  80. ipsec_setup: Starting Openswan IPsec 2.6.29...
  81. ipsec_setup: Error: an inet prefix is expected rather than "91.113.241.139/255.255.255.252".
  82.  
  83. =======================================================================================================================================================
  84.  
  85. ail -f /var/log/messages
  86. Jun 1 13:03:52 efw-1193087387 pluto[12243]: "LogisLinz" #6: STATE_MAIN_I2: sent MI2, expecting MR2
  87. Jun 1 13:03:53 efw-1193087387 pluto[12243]: "LogisLinz" #6: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
  88. Jun 1 13:03:53 efw-1193087387 pluto[12243]: "LogisLinz" #6: STATE_MAIN_I3: sent MI3, expecting MR3
  89. Jun 1 13:03:53 efw-1193087387 pluto[12243]: "LogisLinz" #6: ignoring informational payload, type IPSEC_INITIAL_CONTACT msgid=00000000
  90. Jun 1 13:03:53 efw-1193087387 pluto[12243]: "LogisLinz" #6: Main mode peer ID is ID_IPV4_ADDR: '192.168.3.250'
  91. Jun 1 13:03:53 efw-1193087387 pluto[12243]: "LogisLinz" #6: we require peer to have ID '93.82.179.126', but peer declares '192.168.3.250'
  92. Jun 1 13:03:53 efw-1193087387 pluto[12243]: "LogisLinz" #6: sending encrypted notification INVALID_ID_INFORMATION to 93.82.179.126:500
  93. Jun 1 13:04:01 efw-1193087387 sudo: nobody : TTY=unknown ; PWD=/home/httpd/cgi-bin ; USER=root ; COMMAND=/usr/bin/openvpn-user status
  94. Jun 1 13:04:02 efw-1193087387 sudo: nobody : TTY=unknown ; PWD=/home/httpd/cgi-bin ; USER=root ; COMMAND=/usr/bin/openvpn-user status
  95. Jun 1 13:04:05 efw-1193087387 sudo: nobody : TTY=unknown ; PWD=/home/httpd/cgi-bin ; USER=root ; COMMAND=/usr/sbin/ipsec auto --status
  96. Jun 1 13:05:40 efw-1193087387 ipsec_setup: Stopping Openswan IPsec...
  97. Jun 1 13:05:40 efw-1193087387 pluto[12243]: shutting down
  98. Jun 1 13:05:40 efw-1193087387 pluto[12243]: forgetting secrets
  99. Jun 1 13:05:40 efw-1193087387 pluto[12243]: "LogisLinz": deleting connection
  100. Jun 1 13:05:40 efw-1193087387 pluto[12243]: "LogisLinz" #6: deleting state (STATE_MAIN_I3)
  101. Jun 1 13:05:40 efw-1193087387 pluto[12243]: shutting down interface ipsec0/eth3 91.113.241.138:4500
  102. Jun 1 13:05:40 efw-1193087387 pluto[12243]: shutting down interface ipsec0/eth3 91.113.241.138:500
  103. Jun 1 13:05:40 efw-1193087387 pluto[12246]: pluto_crypto_helper: helper (0) is normal exiting
  104. Jun 1 13:05:41 efw-1193087387 kernel: [161673.055572] IPSEC EVENT: KLIPS device ipsec0 shut down.
  105. Jun 1 13:05:41 efw-1193087387 kernel: [161673.152643]
  106. Jun 1 13:05:41 efw-1193087387 ipsec_setup: ...Openswan IPsec stopped
  107. Jun 1 13:05:41 efw-1193087387 ipsec_setup: Starting Openswan IPsec 2.6.29...
  108. Jun 1 13:05:41 efw-1193087387 ipsec_setup: Using KLIPS/legacy stack
  109. Jun 1 13:05:41 efw-1193087387 kernel: [161673.578204] padlock: VIA PadLock not detected.
  110. Jun 1 13:05:41 efw-1193087387 kernel: [161673.654073] padlock: VIA PadLock Hash Engine not detected.
  111. Jun 1 13:05:42 efw-1193087387 kernel: [161673.895824] padlock: VIA PadLock not detected.
  112. Jun 1 13:05:42 efw-1193087387 ipsec_setup: KLIPS debug `none'
  113. Jun 1 13:05:42 efw-1193087387 kernel: [161674.409646]
  114. Jun 1 13:05:42 efw-1193087387 ipsec_setup: KLIPS ipsec0 on eth3 91.113.241.138/255.255.255.252 broadcast 91.113.241.139 mtu 1500
  115. Jun 1 13:05:42 efw-1193087387 ipsec_setup: Error: an inet prefix is expected rather than "91.113.241.139/255.255.255.252".
  116. Jun 1 13:05:42 efw-1193087387 ipsec__plutorun: Starting Pluto subsystem...
  117. Jun 1 13:05:42 efw-1193087387 ipsec_setup: ...Openswan IPsec started
  118. Jun 1 13:05:42 efw-1193087387 ipsec__plutorun: adjusting ipsec.d to /etc/ipsec/ipsec.d
  119. Jun 1 13:05:42 efw-1193087387 pluto[14920]: Starting Pluto (Openswan Version 2.6.29; Vendor ID OE^Zer]edrwc) pid:14920
  120. Jun 1 13:05:42 efw-1193087387 pluto[14920]: LEAK_DETECTIVE support [disabled]
  121. Jun 1 13:05:42 efw-1193087387 pluto[14920]: SAref support [disabled]: Protocol not available
  122. Jun 1 13:05:42 efw-1193087387 pluto[14920]: SAbind support [disabled]: Protocol not available
  123. Jun 1 13:05:42 efw-1193087387 pluto[14920]: NSS support [disabled]
  124. Jun 1 13:05:42 efw-1193087387 pluto[14920]: HAVE_STATSD notification support not compiled in
  125. Jun 1 13:05:42 efw-1193087387 pluto[14920]: Setting NAT-Traversal port-4500 floating to on
  126. Jun 1 13:05:42 efw-1193087387 pluto[14920]: port floating activation criteria nat_t=1/port_float=1
  127. Jun 1 13:05:42 efw-1193087387 pluto[14920]: NAT-Traversal support [enabled]
  128. Jun 1 13:05:42 efw-1193087387 pluto[14920]: using /dev/urandom as source of random entropy
  129. Jun 1 13:05:42 efw-1193087387 pluto[14920]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
  130. Jun 1 13:05:42 efw-1193087387 pluto[14920]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
  131. Jun 1 13:05:42 efw-1193087387 pluto[14920]: ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
  132. Jun 1 13:05:42 efw-1193087387 pluto[14920]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
  133. Jun 1 13:05:42 efw-1193087387 pluto[14920]: ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
  134. Jun 1 13:05:42 efw-1193087387 pluto[14920]: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
  135. Jun 1 13:05:42 efw-1193087387 pluto[14920]: ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
  136. Jun 1 13:05:42 efw-1193087387 pluto[14920]: starting up 1 cryptographic helpers
  137. Jun 1 13:05:42 efw-1193087387 pluto[14920]: started helper pid=14922 (fd:5)
  138. Jun 1 13:05:42 efw-1193087387 pluto[14920]: Using KLIPS IPsec interface code on 2.6.32.26-57.e40.i586
  139. Jun 1 13:05:42 efw-1193087387 pluto[14922]: using /dev/urandom as source of random entropy
  140. Jun 1 13:05:43 efw-1193087387 pluto[14920]: Changed path to directory '/etc/ipsec/ipsec.d/cacerts'
  141. Jun 1 13:05:43 efw-1193087387 pluto[14920]: Could not change to directory '/etc/ipsec/ipsec.d/aacerts': /
  142. Jun 1 13:05:43 efw-1193087387 pluto[14920]: Could not change to directory '/etc/ipsec/ipsec.d/ocspcerts': /
  143. Jun 1 13:05:43 efw-1193087387 pluto[14920]: Changing to directory '/etc/ipsec/ipsec.d/crls'
  144. Jun 1 13:05:43 efw-1193087387 pluto[14920]: Warning: empty directory
  145. Jun 1 13:05:43 efw-1193087387 pluto[14920]: added connection description "LogisLinz"
  146. Jun 1 13:05:43 efw-1193087387 ipsec__plutorun: 002 added connection description "LogisLinz"
  147. Jun 1 13:05:43 efw-1193087387 pluto[14920]: listening for IKE messages
  148. Jun 1 13:05:43 efw-1193087387 pluto[14920]: NAT-Traversal: Trying new style NAT-T
  149. Jun 1 13:05:43 efw-1193087387 pluto[14920]: adding interface ipsec0/eth3 91.113.241.138:500
  150. Jun 1 13:05:43 efw-1193087387 pluto[14920]: adding interface ipsec0/eth3 91.113.241.138:4500
  151. Jun 1 13:05:43 efw-1193087387 pluto[14920]: loading secrets from "/etc/ipsec/ipsec.secrets"
  152. Jun 1 13:05:43 efw-1193087387 ipsec__plutorun: 003 NAT-Traversal: Trying new style NAT-T
  153. Jun 1 13:05:43 efw-1193087387 pluto[14920]: "LogisLinz" #1: initiating Main Mode
  154. Jun 1 13:05:43 efw-1193087387 ipsec__plutorun: 104 "LogisLinz" #1: STATE_MAIN_I1: initiate
  155. Jun 1 13:05:44 efw-1193087387 pluto[14920]: "LogisLinz" #1: received Vendor ID payload [Dead Peer Detection]
  156. Jun 1 13:05:44 efw-1193087387 pluto[14920]: "LogisLinz" #1: ignoring unknown Vendor ID payload [625027749d5ab97f5616c1602765cf480a3b7d0b]
  157. Jun 1 13:05:44 efw-1193087387 pluto[14920]: "LogisLinz" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
  158. Jun 1 13:05:44 efw-1193087387 pluto[14920]: "LogisLinz" #1: STATE_MAIN_I2: sent MI2, expecting MR2
  159. Jun 1 13:05:44 efw-1193087387 pluto[14920]: "LogisLinz" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
  160. Jun 1 13:05:44 efw-1193087387 pluto[14920]: "LogisLinz" #1: STATE_MAIN_I3: sent MI3, expecting MR3
  161. Jun 1 13:05:44 efw-1193087387 pluto[14920]: "LogisLinz" #1: ignoring informational payload, type IPSEC_INITIAL_CONTACT msgid=00000000
  162. Jun 1 13:05:44 efw-1193087387 pluto[14920]: "LogisLinz" #1: Main mode peer ID is ID_IPV4_ADDR: '192.168.3.250'
  163. Jun 1 13:05:44 efw-1193087387 pluto[14920]: "LogisLinz" #1: we require peer to have ID '93.82.179.126', but peer declares '192.168.3.250'
  164. Jun 1 13:05:44 efw-1193087387 pluto[14920]: "LogisLinz" #1: sending encrypted notification INVALID_ID_INFORMATION to 93.82.179.126:500
  165. Jun 1 13:05:47 efw-1193087387 pluto[14920]: packet from 93.82.179.126:500: Informational Exchange is for an unknown (expired?) SA with MSGID:0xa863658c
  166. Jun 1 13:05:51 efw-1193087387 kernel: [161683.526249] ipsec0: no IPv6 routers present
  167.  
  168.  
  169. ========================================================================================================================================================
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!