Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- root@efw-1193087387:/etc/ipsec # uname -a ; ipsec --version
- Linux efw-1193087387.localdomain 2.6.32.26-57.e40.i586 #1 SMP Fri Nov 26 09:22:49 EST 2010 i686 i686 i386 GNU/Linux
- Linux Openswan 2.6.29 (klips)
- See `ipsec --copyright' for copyright information.
- =========================================================================================================================================================
- ipsec auto --status
- 000 using kernel interface: klips
- 000 interface ipsec0/eth3 91.113.241.138
- 000 interface ipsec0/eth3 91.113.241.138
- 000 %myid = (none)
- 000 debug none
- 000
- 000 virtual_private (%priv):
- 000 - allowed 3 subnets: 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16
- 000 - disallowed 3 subnets: 192.168.2.0/24, 192.168.5.0/24, 192.168.3.0/24
- 000
- 000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=64, keysizemin=192, keysizemax=192
- 000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=128, keysizemin=128, keysizemax=256
- 000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128
- 000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160
- 000
- 000 algorithm IKE encrypt: id=3, name=OAKLEY_BLOWFISH_CBC, blocksize=8, keydeflen=128
- 000 algorithm IKE encrypt: id=5, name=OAKLEY_3DES_CBC, blocksize=8, keydeflen=192
- 000 algorithm IKE encrypt: id=7, name=OAKLEY_AES_CBC, blocksize=16, keydeflen=128
- 000 algorithm IKE encrypt: id=65004, name=OAKLEY_SERPENT_CBC, blocksize=16, keydeflen=128
- 000 algorithm IKE encrypt: id=65005, name=OAKLEY_TWOFISH_CBC, blocksize=16, keydeflen=128
- 000 algorithm IKE encrypt: id=65289, name=OAKLEY_TWOFISH_CBC_SSH, blocksize=16, keydeflen=128
- 000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
- 000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20
- 000 algorithm IKE hash: id=4, name=OAKLEY_SHA2_256, hashsize=32
- 000 algorithm IKE hash: id=6, name=OAKLEY_SHA2_512, hashsize=64
- 000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
- 000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
- 000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
- 000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
- 000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
- 000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
- 000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
- 000
- 000 stats db_ops: {curr_cnt, total_cnt, maxsz} :context={0,1,36} trans={0,1,72} attrs={0,1,96}
- 000
- 000 "LogisLinz": 192.168.2.0/24===91.113.241.138<91.113.241.138>[+S=C]---91.113.241.137...93.82.179.126<93.82.179.126>[+S=C]===192.168.3.0/24; prospective erouted; eroute owner: #0
- 000 "LogisLinz": myip=192.168.2.250; hisip=unset;
- 000 "LogisLinz": ike_life: 28800s; ipsec_life: 28800s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0
- 000 "LogisLinz": policy: PSK+ENCRYPT+TUNNEL+UP+IKEv2ALLOW+lKOD+rKOD; prio: 24,24; interface: eth3;
- 000 "LogisLinz": dpd: action:clear; delay:30; timeout:120;
- 000 "LogisLinz": newest ISAKMP SA: #0; newest IPsec SA: #0;
- 000 "LogisLinz": IKE algorithms wanted: AES_CBC(7)_128-MD5(1)_000-MODP1024(2); flags=-strict
- 000 "LogisLinz": IKE algorithms found: AES_CBC(7)_128-MD5(1)_128-MODP1024(2)
- 000 "LogisLinz": ESP algorithms wanted: AES(12)_128-MD5(1)_000; flags=-strict
- 000 "LogisLinz": ESP algorithms loaded: AES(12)_128-MD5(1)_128
- 000
- 000 #5: "LogisLinz":500 STATE_MAIN_I3 (sent MI3, expecting MR3); none in -1s; lastdpd=-1s(seq in:0 out:0); idle; import:admin initiate
- 000 #5: pending Phase 2 for "LogisLinz" replacing #0
- 000
- ========================================================================================================================================================
- restartipsec.py -df
- 2011-06-01 13:05:39,320 - restartipsec.py[14750] - DEBUG - Read settings file /var/efw/ethernet/settings
- 2011-06-01 13:05:39,323 - restartipsec.py[14750] - DEBUG - Read settings file /var/efw/vpn/default/settings
- 2011-06-01 13:05:39,326 - restartipsec.py[14750] - DEBUG - Read settings file /var/efw/vpn/settings
- 2011-06-01 13:05:39,329 - restartipsec.py[14750] - DEBUG - Initialize uplinks Pool with prefix '{'ETC_D': '/var/efw', 'VAR_D': '/var/efw', 'USR_D': '/var/efw', 'USER_D': '/var/efw', 'RUN_D': '/var/efw'}'.
- 2011-06-01 13:05:39,331 - restartipsec.py[14750] - DEBUG - Scanning for uplinks in '/var/efw/uplinks'...
- 2011-06-01 13:05:39,334 - restartipsec.py[14750] - DEBUG - Inizialize uplink 'main' with prefix '{'ETC_D': '/var/efw', 'VAR_D': '/var/efw', 'USR_D': '/var/efw', 'USER_D': '/var/efw', 'RUN_D': '/var/efw'}'.
- 2011-06-01 13:05:39,337 - restartipsec.py[14750] - DEBUG - Update information of uplink 'main'
- 2011-06-01 13:05:39,354 - restartipsec.py[14750] - DEBUG - Checking for vanished uplinks in '/var/efw/uplinks'...
- 2011-06-01 13:05:39,460 - restartipsec.py[14750] - DEBUG - {'ORANGE_ADDRESS': '', 'ORANGE_SUBNETS': [], 'BLUE_ADDRESS': '192.168.5.250', 'IS_HOSTCERT': False, 'CONNECTIONS': [<__main__.IPSEC instance at 0xb707a54c>], 'ENABLED': 'on', 'GREEN_IPS': '192.168.2.250/24,', 'GREEN_DEV': 'br0', 'GREEN_ADDRESS': '192.168.2.250', 'CONFIG_TYPE': '6', 'BLUE_SUBNETS': ['192.168.5.0/24'], 'GREEN_NETMASK': '255.255.255.0', 'ORANGE_NETMASK': '', 'BLUE_BROADCAST': '192.168.5.255', 'ORANGE_BROADCAST': '', 'GREEN_NETADDRESS': '192.168.2.0', 'VPN_IP': '91.113.241.138', 'ORANGE_NETADDRESS': '', 'ORANGE_DEV': 'br1', 'ENABLED_BLUE': 'off', 'BLUE_NETADDRESS': '192.168.5.0', 'RED_INTERFACES': {0: 'eth3'}, 'GREEN_CIDR': '24', 'BLUE_CIDR': '24', 'GREEN_SUBNETS': ['192.168.2.0/24'], 'ENABLED_ORANGE': 'off', 'BLUE_NETMASK': '255.255.255.0', 'ORANGE_CIDR': '', 'BLUE_DEV': 'br2', 'GREEN_BROADCAST': '192.168.2.255', 'BLUE_IPS': '192.168.5.250/24,', 'ORANGE_IPS': ''}
- 2011-06-01 13:05:39,463 - restartipsec.py[14750] - DEBUG - Write config file /etc/firewall/inputfw/ipsec.conf
- 2011-06-01 13:05:39,465 - restartipsec.py[14750] - DEBUG - Save old settings file /etc/firewall/inputfw/ipsec.conf
- 2011-06-01 13:05:39,550 - restartipsec.py[14750] - DEBUG - Write config file /etc/ipsec/ipsec.conf
- 2011-06-01 13:05:39,553 - restartipsec.py[14750] - DEBUG - Save old settings file /etc/ipsec/ipsec.conf
- 2011-06-01 13:05:39,978 - restartipsec.py[14750] - DEBUG - Write config file /etc/ipsec/ipsec.secrets
- 2011-06-01 13:05:39,980 - restartipsec.py[14750] - DEBUG - Save old settings file /etc/ipsec/ipsec.secrets
- ipsec_setup: Stopping Openswan IPsec...
- IPsec stopped
- 2011-06-01 13:05:41,581 - restartipsec.py[14750] - DEBUG - Start ipsec
- ipsec_setup: Starting Openswan IPsec 2.6.29...
- ipsec_setup: Error: an inet prefix is expected rather than "91.113.241.139/255.255.255.252".
- =======================================================================================================================================================
- ail -f /var/log/messages
- Jun 1 13:03:52 efw-1193087387 pluto[12243]: "LogisLinz" #6: STATE_MAIN_I2: sent MI2, expecting MR2
- Jun 1 13:03:53 efw-1193087387 pluto[12243]: "LogisLinz" #6: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
- Jun 1 13:03:53 efw-1193087387 pluto[12243]: "LogisLinz" #6: STATE_MAIN_I3: sent MI3, expecting MR3
- Jun 1 13:03:53 efw-1193087387 pluto[12243]: "LogisLinz" #6: ignoring informational payload, type IPSEC_INITIAL_CONTACT msgid=00000000
- Jun 1 13:03:53 efw-1193087387 pluto[12243]: "LogisLinz" #6: Main mode peer ID is ID_IPV4_ADDR: '192.168.3.250'
- Jun 1 13:03:53 efw-1193087387 pluto[12243]: "LogisLinz" #6: we require peer to have ID '93.82.179.126', but peer declares '192.168.3.250'
- Jun 1 13:03:53 efw-1193087387 pluto[12243]: "LogisLinz" #6: sending encrypted notification INVALID_ID_INFORMATION to 93.82.179.126:500
- Jun 1 13:04:01 efw-1193087387 sudo: nobody : TTY=unknown ; PWD=/home/httpd/cgi-bin ; USER=root ; COMMAND=/usr/bin/openvpn-user status
- Jun 1 13:04:02 efw-1193087387 sudo: nobody : TTY=unknown ; PWD=/home/httpd/cgi-bin ; USER=root ; COMMAND=/usr/bin/openvpn-user status
- Jun 1 13:04:05 efw-1193087387 sudo: nobody : TTY=unknown ; PWD=/home/httpd/cgi-bin ; USER=root ; COMMAND=/usr/sbin/ipsec auto --status
- Jun 1 13:05:40 efw-1193087387 ipsec_setup: Stopping Openswan IPsec...
- Jun 1 13:05:40 efw-1193087387 pluto[12243]: shutting down
- Jun 1 13:05:40 efw-1193087387 pluto[12243]: forgetting secrets
- Jun 1 13:05:40 efw-1193087387 pluto[12243]: "LogisLinz": deleting connection
- Jun 1 13:05:40 efw-1193087387 pluto[12243]: "LogisLinz" #6: deleting state (STATE_MAIN_I3)
- Jun 1 13:05:40 efw-1193087387 pluto[12243]: shutting down interface ipsec0/eth3 91.113.241.138:4500
- Jun 1 13:05:40 efw-1193087387 pluto[12243]: shutting down interface ipsec0/eth3 91.113.241.138:500
- Jun 1 13:05:40 efw-1193087387 pluto[12246]: pluto_crypto_helper: helper (0) is normal exiting
- Jun 1 13:05:41 efw-1193087387 kernel: [161673.055572] IPSEC EVENT: KLIPS device ipsec0 shut down.
- Jun 1 13:05:41 efw-1193087387 kernel: [161673.152643]
- Jun 1 13:05:41 efw-1193087387 ipsec_setup: ...Openswan IPsec stopped
- Jun 1 13:05:41 efw-1193087387 ipsec_setup: Starting Openswan IPsec 2.6.29...
- Jun 1 13:05:41 efw-1193087387 ipsec_setup: Using KLIPS/legacy stack
- Jun 1 13:05:41 efw-1193087387 kernel: [161673.578204] padlock: VIA PadLock not detected.
- Jun 1 13:05:41 efw-1193087387 kernel: [161673.654073] padlock: VIA PadLock Hash Engine not detected.
- Jun 1 13:05:42 efw-1193087387 kernel: [161673.895824] padlock: VIA PadLock not detected.
- Jun 1 13:05:42 efw-1193087387 ipsec_setup: KLIPS debug `none'
- Jun 1 13:05:42 efw-1193087387 kernel: [161674.409646]
- Jun 1 13:05:42 efw-1193087387 ipsec_setup: KLIPS ipsec0 on eth3 91.113.241.138/255.255.255.252 broadcast 91.113.241.139 mtu 1500
- Jun 1 13:05:42 efw-1193087387 ipsec_setup: Error: an inet prefix is expected rather than "91.113.241.139/255.255.255.252".
- Jun 1 13:05:42 efw-1193087387 ipsec__plutorun: Starting Pluto subsystem...
- Jun 1 13:05:42 efw-1193087387 ipsec_setup: ...Openswan IPsec started
- Jun 1 13:05:42 efw-1193087387 ipsec__plutorun: adjusting ipsec.d to /etc/ipsec/ipsec.d
- Jun 1 13:05:42 efw-1193087387 pluto[14920]: Starting Pluto (Openswan Version 2.6.29; Vendor ID OE^Zer]edrwc) pid:14920
- Jun 1 13:05:42 efw-1193087387 pluto[14920]: LEAK_DETECTIVE support [disabled]
- Jun 1 13:05:42 efw-1193087387 pluto[14920]: SAref support [disabled]: Protocol not available
- Jun 1 13:05:42 efw-1193087387 pluto[14920]: SAbind support [disabled]: Protocol not available
- Jun 1 13:05:42 efw-1193087387 pluto[14920]: NSS support [disabled]
- Jun 1 13:05:42 efw-1193087387 pluto[14920]: HAVE_STATSD notification support not compiled in
- Jun 1 13:05:42 efw-1193087387 pluto[14920]: Setting NAT-Traversal port-4500 floating to on
- Jun 1 13:05:42 efw-1193087387 pluto[14920]: port floating activation criteria nat_t=1/port_float=1
- Jun 1 13:05:42 efw-1193087387 pluto[14920]: NAT-Traversal support [enabled]
- Jun 1 13:05:42 efw-1193087387 pluto[14920]: using /dev/urandom as source of random entropy
- Jun 1 13:05:42 efw-1193087387 pluto[14920]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC_SSH: Ok (ret=0)
- Jun 1 13:05:42 efw-1193087387 pluto[14920]: ike_alg_register_enc(): Activating OAKLEY_TWOFISH_CBC: Ok (ret=0)
- Jun 1 13:05:42 efw-1193087387 pluto[14920]: ike_alg_register_enc(): Activating OAKLEY_SERPENT_CBC: Ok (ret=0)
- Jun 1 13:05:42 efw-1193087387 pluto[14920]: ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
- Jun 1 13:05:42 efw-1193087387 pluto[14920]: ike_alg_register_enc(): Activating OAKLEY_BLOWFISH_CBC: Ok (ret=0)
- Jun 1 13:05:42 efw-1193087387 pluto[14920]: ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
- Jun 1 13:05:42 efw-1193087387 pluto[14920]: ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
- Jun 1 13:05:42 efw-1193087387 pluto[14920]: starting up 1 cryptographic helpers
- Jun 1 13:05:42 efw-1193087387 pluto[14920]: started helper pid=14922 (fd:5)
- Jun 1 13:05:42 efw-1193087387 pluto[14920]: Using KLIPS IPsec interface code on 2.6.32.26-57.e40.i586
- Jun 1 13:05:42 efw-1193087387 pluto[14922]: using /dev/urandom as source of random entropy
- Jun 1 13:05:43 efw-1193087387 pluto[14920]: Changed path to directory '/etc/ipsec/ipsec.d/cacerts'
- Jun 1 13:05:43 efw-1193087387 pluto[14920]: Could not change to directory '/etc/ipsec/ipsec.d/aacerts': /
- Jun 1 13:05:43 efw-1193087387 pluto[14920]: Could not change to directory '/etc/ipsec/ipsec.d/ocspcerts': /
- Jun 1 13:05:43 efw-1193087387 pluto[14920]: Changing to directory '/etc/ipsec/ipsec.d/crls'
- Jun 1 13:05:43 efw-1193087387 pluto[14920]: Warning: empty directory
- Jun 1 13:05:43 efw-1193087387 pluto[14920]: added connection description "LogisLinz"
- Jun 1 13:05:43 efw-1193087387 ipsec__plutorun: 002 added connection description "LogisLinz"
- Jun 1 13:05:43 efw-1193087387 pluto[14920]: listening for IKE messages
- Jun 1 13:05:43 efw-1193087387 pluto[14920]: NAT-Traversal: Trying new style NAT-T
- Jun 1 13:05:43 efw-1193087387 pluto[14920]: adding interface ipsec0/eth3 91.113.241.138:500
- Jun 1 13:05:43 efw-1193087387 pluto[14920]: adding interface ipsec0/eth3 91.113.241.138:4500
- Jun 1 13:05:43 efw-1193087387 pluto[14920]: loading secrets from "/etc/ipsec/ipsec.secrets"
- Jun 1 13:05:43 efw-1193087387 ipsec__plutorun: 003 NAT-Traversal: Trying new style NAT-T
- Jun 1 13:05:43 efw-1193087387 pluto[14920]: "LogisLinz" #1: initiating Main Mode
- Jun 1 13:05:43 efw-1193087387 ipsec__plutorun: 104 "LogisLinz" #1: STATE_MAIN_I1: initiate
- Jun 1 13:05:44 efw-1193087387 pluto[14920]: "LogisLinz" #1: received Vendor ID payload [Dead Peer Detection]
- Jun 1 13:05:44 efw-1193087387 pluto[14920]: "LogisLinz" #1: ignoring unknown Vendor ID payload [625027749d5ab97f5616c1602765cf480a3b7d0b]
- Jun 1 13:05:44 efw-1193087387 pluto[14920]: "LogisLinz" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
- Jun 1 13:05:44 efw-1193087387 pluto[14920]: "LogisLinz" #1: STATE_MAIN_I2: sent MI2, expecting MR2
- Jun 1 13:05:44 efw-1193087387 pluto[14920]: "LogisLinz" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
- Jun 1 13:05:44 efw-1193087387 pluto[14920]: "LogisLinz" #1: STATE_MAIN_I3: sent MI3, expecting MR3
- Jun 1 13:05:44 efw-1193087387 pluto[14920]: "LogisLinz" #1: ignoring informational payload, type IPSEC_INITIAL_CONTACT msgid=00000000
- Jun 1 13:05:44 efw-1193087387 pluto[14920]: "LogisLinz" #1: Main mode peer ID is ID_IPV4_ADDR: '192.168.3.250'
- Jun 1 13:05:44 efw-1193087387 pluto[14920]: "LogisLinz" #1: we require peer to have ID '93.82.179.126', but peer declares '192.168.3.250'
- Jun 1 13:05:44 efw-1193087387 pluto[14920]: "LogisLinz" #1: sending encrypted notification INVALID_ID_INFORMATION to 93.82.179.126:500
- Jun 1 13:05:47 efw-1193087387 pluto[14920]: packet from 93.82.179.126:500: Informational Exchange is for an unknown (expired?) SA with MSGID:0xa863658c
- Jun 1 13:05:51 efw-1193087387 kernel: [161683.526249] ipsec0: no IPv6 routers present
- ========================================================================================================================================================
Add Comment
Please, Sign In to add comment