On Thu, 2002-07-18 at 16:41, Chad Carr wrote:
> On 18 Jul 2002 15:18:09 +0200
> "Ronny Aasen" <[EMAIL PROTECTED]> wrote:
>
> > Hi again
> >
> > I have setup a new bering box using isdn for external and 3com nic for
> > internal.
> >
> > on this box i get the same error as on a adsl box
> >
> > **console output while trying to restart ipsec**
> > isdnvpn: -root-
> > # ipsec setup restart
> > ipsec_setup: Stopping FreeS/WAN IPsec...
> > ipsec_setup: stop ordered, but IPsec does not appear to be running!
> > ipsec_setup: doing cleanup anyway...
> > ipsec_setup: Starting FreeS/WAN IPsec 1.98b...
> > ipsec_setup: Using /lib/modules/ipsec.o
> > ipsec_setup: unable to determine address of `ippp0'
> >
> >
> >
> >
> > IANAC but i think some of the problem is in this passage in
> > /lib/ipsec/_startklips.
> >
> > eval `ip addr show $phys |
> > awk '$1 == "inet" && $3 == "brd" {
> > print "addr=" $2
> > other = $4
> > if ($3 == "brd")
> > print "type=broadcast"
> > else if ($3 == "peer")
> > print "type=pointopoint"
> > else if (NF == 5) {
> > print "type="
> > other = "" }
> > else
> > print "type=unknown"
> > print "otheraddr=" other
> > # print "mask=" $NF
> > gsub(/\//, " ", $0)
> > }'`
> >
>
> if test " $addr" = " "> then
> > echo "unable to determine address of \`$phys'"
> > exit 1
> > fi
>
> You know, I finally see a problem with this script. The "meat" of the script is not
>going to execute unless the first field is "inet" and the third field is "brd". Not
>going to work with ppp devices!
>
> Welcome to the Bering testing team!
>
> Try this:
>
> =========== BEGIN SCRIPT FRAGMENT ============
> eval `ip addr show $phys |
> awk '$1 == "inet" {
> print "addr=" $2
> other = $4
> if ($3 == "brd")
> print "type=broadcast"
> else if ($3 == "peer")
> print "type=pointopoint"
> else if (NF == 5) {
> print "type="
> other = "" }
> else
> print "type=unknown"
> print "otheraddr=" other
> # print "mask=" $NF
> gsub(/\//, " ", $0)
> }'`
> ============ END SCRIPT FRAGMENT =============
>
>
> > 'ip addr show ippp0' on my system shows
> >
> > # ip addr show ippp0
> > 8: ippp0: <POINTOPOINT,NOARP,DYNAMIC,UP> mtu 1500 qdisc pfifo_fast qlen
> > 30
> > link/ppp
> > inet 130.67.214.178 peer 130.67.213.128/16 scope global ippp0
> ^
> See, your third field isn't 'brd'! Duh!
>
> > i have messed up my ipsec.lrp' so often now i almost bought a zywall,
> > luckily i got a hold of myself.
>
> Don't give up the good fight yet, Ronny!
I don't mean to. linux is just to much fun :)
For the record i have already tried that alteration, but the new (and
improved?) output is as follows
# ipsec setup restart
ipsec_setup: Stopping FreeS/WAN IPsec...
ipsec_setup: stop ordered, but IPsec does not appear to be running!
ipsec_setup: doing cleanup anyway...
ipsec_setup: Starting FreeS/WAN IPsec 1.98b...
ipsec_setup: Using /lib/modules/ipsec.o
ipsec_setup: addr=130.67.213.232
ipsec_setup: type=pointopoint
ipsec_setup: otheraddr=130.67.213.128/16
Error: either "local" is duplicate, or "pointopoint" is a garbage.
the offending line is
ip addr add $addr $type $otheraddr dev $virt
NB: the addr= and type= and otheraddr= lines are simple echo output
that i added too see what was set in the script.
if i changed type=pointopoint to type=peer i got the following
isdnvpn: -root-
# ip addr add 130.67.213.232 peer 130.67.213.128/16 dev ipsec0
isdnvpn: -root-
# ip addr show
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
2: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
3: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:04:75:7c:0b:2f brd ff:ff:ff:ff:ff:ff
inet 192.168.40.254/24 brd 192.168.40.255 scope global eth0
8: ippp0: <POINTOPOINT,NOARP,DYNAMIC,UP> mtu 1500 qdisc pfifo_fast qlen
30
link/ppp
inet 130.67.213.232 peer 130.67.213.128/16 scope global ippp0
45: ipsec0: <NOARP,UP> mtu 16260 qdisc pfifo_fast qlen 10
link/ppp
inet 130.67.213.232 peer 130.67.213.128/16 scope global ipsec0
46: ipsec1: <NOARP> mtu 0 qdisc noop qlen 10
link/ipip
47: ipsec2: <NOARP> mtu 0 qdisc noop qlen 10
link/ipip
48: ipsec3: <NOARP> mtu 0 qdisc noop qlen 10
link/ipip
but alas i don't know if it's right or not.
hope you can make something out of this
mvh
Ronny Aasen
**barf**
isdnvpn
Fri Jul 19 07:11:15 UTC 2002
+ _________________________ version
+
+ ipsec --version
Linux FreeS/WAN 1.98b
See `ipsec --copyright' for copyright information.
+ _________________________ proc/version
+
+ cat /proc/version
Linux version 2.4.18 (root@debian) (gcc version 2.95.2 20000220 (Debian GNU/Linux)) #4
Sun Jun 9 09:46:15 CEST 2002
+ _________________________ proc/net/ipsec_eroute
+
+ sort +3 /proc/net/ipsec_eroute
sort: +3: No such file or directory
+ cat /proc/net/ipsec_eroute
+ _________________________ ip/route
+
+ ip route
192.168.40.0/24 dev eth0 proto kernel scope link src 192.168.40.254
130.67.0.0/16 dev ippp0 proto kernel scope link src 130.67.213.232
default via 130.67.213.128 dev ippp0
+ _________________________ proc/net/ipsec_spi
+
+ cat /proc/net/ipsec_spi
+ _________________________ proc/net/ipsec_spigrp
+
+ cat /proc/net/ipsec_spigrp
+ _________________________ proc/net/ipsec_tncfg
+
+ cat /proc/net/ipsec_tncfg
ipsec0 -> ippp0 mtu=16260(1500) -> 1500
ipsec1 -> NULL mtu=0(0) -> 0
ipsec2 -> NULL mtu=0(0) -> 0
ipsec3 -> NULL mtu=0(0) -> 0
+ _________________________ proc/net/pf_key
+
+ cat /proc/net/pf_key
sock pid socket next prev e n p sndbf Flags Type St
c37fa790 29528 c37b8750 0 0 0 0 2 65535 00000000 3 1
+ _________________________ proc/net/pf_key-star
+
+ cd /proc/net
+ egrep ^ pf_key_registered pf_key_supported
pf_key_registered:satype socket pid sk
pf_key_registered: 2 c37b8750 29528 c37fa790
pf_key_registered: 3 c37b8750 29528 c37fa790
pf_key_registered: 9 c37b8750 29528 c37fa790
pf_key_registered: 10 c37b8750 29528 c37fa790
pf_key_supported:satype exttype alg_id ivlen minbits maxbits
pf_key_supported: 2 14 3 0 160 160
pf_key_supported: 2 14 2 0 128 128
pf_key_supported: 3 15 3 128 168 168
pf_key_supported: 3 14 3 0 160 160
pf_key_supported: 3 14 2 0 128 128
pf_key_supported: 9 15 4 0 128 128
pf_key_supported: 9 15 3 0 32 128
pf_key_supported: 9 15 2 0 128 32
pf_key_supported: 9 15 1 0 32 32
pf_key_supported: 10 15 2 0 1 1
+ _________________________ proc/sys/net/ipsec-star
+
+ cd /proc/sys/net/ipsec
+ egrep ^ icmp inbound_policy_check tos
icmp:1
inbound_policy_check:1
tos:1
+ _________________________ ipsec/status
+
+ ipsec auto --status
000
000 "rw-to-li1": 192.168.1.0/24===194.248.214.187---194.248.214.1...%any
000 "rw-to-li1": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: 540s;
rekey_fuzz: 100%; keyingtries: 0
000 "rw-to-li1": policy: PSK+ENCRYPT+TUNNEL+PFS+DISABLEARRIVALCHECK; interface: ;
unrouted
000 "rw-to-li1": newest ISAKMP SA: #0; newest IPsec SA: #0; eroute owner: #0
000
000
+ _________________________ ip/address
+
+ ip addr
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
2: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
3: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:04:75:7c:0b:2f brd ff:ff:ff:ff:ff:ff
inet 192.168.40.254/24 brd 192.168.40.255 scope global eth0
8: ippp0: <POINTOPOINT,NOARP,DYNAMIC,UP> mtu 1500 qdisc pfifo_fast qlen 30
link/ppp
inet 130.67.213.232 peer 130.67.213.128/16 scope global ippp0
21: ipsec0: <NOARP,UP> mtu 16260 qdisc pfifo_fast qlen 10
link/ppp
22: ipsec1: <NOARP> mtu 0 qdisc noop qlen 10
link/ipip
23: ipsec2: <NOARP> mtu 0 qdisc noop qlen 10
link/ipip
24: ipsec3: <NOARP> mtu 0 qdisc noop qlen 10
link/ipip
+ _________________________ ipsec/directory
+
+ ipsec --directory
/lib/ipsec
+ _________________________ hostname/fqdn
+
+ hostname -f
isdnvpn
+ _________________________ hostname/ipaddress
+
+ hostname -i
192.168.40.254
+ _________________________ uptime
+
+ uptime
7:11am up 16 min, load average: 0.07, 0.05, 0.06
+ _________________________ ps
+
+ ps alxwf
+ egrep -i ppid|pluto|ipsec|klips
26131 root 832 S /bin/sh /bin/vi _startklips
20582 root 212 S /bin/e3vi _startklips
3218 root 836 S /bin/sh /lib/ipsec/_plutorun --debug none --uniqueid
13498 root 948 S logger -p daemon.error -t ipsec__plutorun
3220 root 836 S /bin/sh /lib/ipsec/_plutorun --debug none --uniqueid
25267 root 840 S /bin/sh /lib/ipsec/_plutoload --load %search --start
24941 root 836 S /bin/sh /lib/ipsec/_plutorun --debug none --uniqueid
29528 root 1192 S /lib/ipsec/pluto --nofork --debug-none --uniqueids
464 root 792 S _pluto_adns 7 10
28312 root 832 S /bin/sh /sbin/ipsec barf
14084 root 844 S /bin/sh /lib/ipsec/barf
22165 root 900 S egrep -i ppid|pluto|ipsec|klips
+ _________________________ ipsec/showdefaults
+
+ ipsec showdefaults
#dr: no default route
# no default route
# no default route
+ _________________________ ipsec/conf
+
+ ipsec _include /etc/ipsec.conf
+ ipsec _keycensor
#< /etc/ipsec.conf 1
# /etc/ipsec.conf - FreeS/WAN IPsec configuration file
# More elaborate and more varied sample configurations can be found
# in FreeS/WAN's doc/examples file, and in the HTML documentation.
# basic configuration
config setup
# THIS SETTING MUST BE CORRECT or almost nothing will work;
# %defaultroute is okay for most simple cases.
interfaces="ipsec0=ippp0"
# Debug-logging controls: "none" for (almost) none, "all" for lots.
klipsdebug=none
plutodebug=none
# Use auto= parameters in conn descriptions to control startup actions.
plutoload=%search
plutostart=%search
# Close down old connection when new one using same ID shows up.
uniqueids=yes
# defaults for subsequent connection descriptions
conn %default
# How persistent to be in (re)keying negotiations (0 means very).
keyingtries=0
# RSA authentication with keys from DNS.
authby=secret
leftrsasigkey=%dns
rightrsasigkey=%dns
# connection description for (experimental!) opportunistic encryption
# (requires KEY record in your DNS reverse map; see doc/opportunism.howto)
#conn me-to-anyone
# left=%defaultroute
# right=%opportunistic
# # uncomment to enable incoming; change to auto=route for outgoing
# #auto=add
# sample VPN connection
conn rw-to-li1
# Left security gateway, subnet behind it, next hop toward right.
left=%any
# Right security gateway, subnet behind it, next hop toward left.
right=194.248.214.187
rightsubnet=192.168.1.0/24
rightnexthop=194.248.214.1
# To authorize this connection, but not actually start it, at startup,
# uncomment this.
auto=route
+ _________________________ ipsec/secrets
+
+ ipsec _include /etc/ipsec.secrets
+ ipsec _secretcensor
#< /etc/ipsec.secrets 1
# This file holds shared secrets or RSA private keys for inter-Pluto
# authentication. See ipsec_pluto(8) manpage, and HTML documentation.
# RSA private key for this host, authenticating it to any other host
# which knows the public part. Suitable public keys, for ipsec.conf, DNS,
# or configuration of other implementations, can be extracted conveniently
md5sum: not found
# with "[sums to #...]".
md5sum: not found
# # -- Create your own RSA key with "[sums to #...]"
# }
md5sum: not found
# do not change the indenting of that "[sums to #...]"
md5sum: not found
%any 194.248.214.187 : PSK "[sums to %any...]"
+ _________________________ ipsec/ls-dir
+
+ ls -l /lib/ipsec
-rwxr-xr-x 1 root root 11102 Jul 7 12:27 _confread
-rwxr-xr-x 1 root root 4136 Jul 7 12:28 _copyright
-rwxr-xr-x 1 root root 2163 Jul 7 12:27 _include
-rwxr-xr-x 1 root root 1472 Jul 7 12:27 _keycensor
-rwxr-xr-x 1 root root 9360 Jul 7 12:28 _pluto_adns
-rwxr-xr-x 1 root root 3495 Jul 7 12:27 _plutoload
-rwxr-xr-x 1 root root 4376 Jul 7 12:27 _plutorun
-rwxr-xr-x 1 root root 7591 Jul 7 12:28 _realsetup
-rwxr-xr-x 1 root root 1971 Jul 7 12:27 _secretcensor
-rwxr-xr-x 1 root root 7769 Jul 19 07:08 _startklips
-rwxr-xr-x 1 root root 7575 Jul 7 12:28 _updown
-rwxr-xr-x 1 root root 11404 Jul 7 12:27 auto
-rwxr-xr-x 1 root root 7172 Jul 7 12:28 barf
-rwxr-xr-x 1 root root 816 Jul 7 12:27 calcgoo
-rwxr-xr-x 1 root root 59360 Jul 7 12:28 eroute
-rwxr-xr-x 1 root root 18024 Jul 7 12:28 ikeping
-rwxr-xr-x 1 root root 2906 Jul 7 12:27 ipsec
-rw-r--r-- 1 root root 1950 Jul 7 12:27 ipsec_pr.template
-rwxr-xr-x 1 root root 41312 Jul 7 12:28 klipsdebug
-rwxr-xr-x 1 root root 2698 Jul 7 12:28 look
-rwxr-xr-x 1 root root 16157 Jul 7 12:27 manual
-rwxr-xr-x 1 root root 1847 Jul 7 12:27 newhostkey
-rwxr-xr-x 1 root root 34556 Jul 7 12:28 pf_key
-rwxr-xr-x 1 root root 311372 Jul 7 12:28 pluto
-rwxr-xr-x 1 root root 6484 Jul 7 12:28 ranbits
-rwxr-xr-x 1 root root 64220 Jul 7 12:28 rsasigkey
-rwxr-xr-x 1 root root 16641 Jul 7 12:27 send-pr
lrwxrwxrwx 1 root root 17 Jul 19 06:55 setup -> /etc/init.d/ipsec
-rwxr-xr-x 1 root root 1041 Jul 7 12:27 showdefaults
-rwxr-xr-x 1 root root 4205 Jul 7 12:27 showhostkey
-rwxr-xr-x 1 root root 68812 Jul 7 12:28 spi
-rwxr-xr-x 1 root root 51212 Jul 7 12:28 spigrp
-rwxr-xr-x 1 root root 9544 Jul 7 12:28 tncfg
-rwxr-xr-x 1 root root 3353 Jul 7 12:27 verify
-rwxr-xr-x 1 root root 32140 Jul 7 12:28 whack
+ _________________________ ipsec/updowns
+
+ ls /lib/ipsec
+ egrep updown
+ cat /lib/ipsec/_updown
#! /bin/sh
# default updown script
# Copyright (C) 2000, 2001 D. Hugh Redelmeier, Henry Spencer
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 2 of the License, or (at your
# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
# for more details.
#
# RCSID $Id: _updown,v 1.19 2002/03/25 18:04:42 henry Exp $
# CAUTION: Installing a new version of FreeS/WAN will install a new
# copy of this script, wiping out any custom changes you make. If
# you need changes, make a copy of this under another name, and customize
# that, and use the (left/right)updown parameters in ipsec.conf to make
# FreeS/WAN use yours instead of this default one.
# check interface version
case "$PLUTO_VERSION" in
1.[0]) # Older Pluto?!? Play it safe, script may be using new features.
echo "$0: obsolete interface version \`$PLUTO_VERSION'," >&2
echo "$0: called by obsolete Pluto?" >&2
exit 2
;;
1.*) ;;
*) echo "$0: unknown interface version \`$PLUTO_VERSION'" >&2
exit 2
;;
esac
# check parameter(s)
case "$1:$*" in
':') # no parameters
;;
ipfwadm:ipfwadm) # due to (left/right)firewall; for default script only
;;
custom:*) # custom parameters (see above CAUTION comment)
;;
*) echo "$0: unknown parameters \`$*'" >&2
exit 2
;;
esac
# utility functions for route manipulation
# Meddling with this stuff should not be necessary and requires great care.
uproute() {
doroute add
}
downroute() {
doroute del
}
# <CTC> convert to iproute2 - add mask2bits function
#-------------------------------------------------------------------------
# mask2bits function, returns the number of bits in the netmask parameter.
# borrowed from http://www.stearns.org/samlib/samlib-0.1/samlib
#-------------------------------------------------------------------------
#No external apps needed.
mask2bits () {
case $1 in
255.255.255.255) echo 32 ;;
255.255.255.254) echo 31 ;;
255.255.255.252) echo 30 ;;
255.255.255.248) echo 29 ;;
255.255.255.240) echo 28 ;;
255.255.255.224) echo 27 ;;
255.255.255.192) echo 26 ;;
255.255.255.128) echo 25 ;;
255.255.255.0) echo 24 ;;
255.255.254.0) echo 23 ;;
255.255.252.0) echo 22 ;;
255.255.248.0) echo 21 ;;
255.255.240.0) echo 20 ;;
255.255.224.0) echo 19 ;;
255.255.192.0) echo 18 ;;
255.255.128.0) echo 17 ;;
255.255.0.0) echo 16 ;;
255.254.0.0) echo 15 ;;
255.252.0.0) echo 14 ;;
255.248.0.0) echo 13 ;;
255.240.0.0) echo 12 ;;
255.224.0.0) echo 11 ;;
255.192.0.0) echo 10 ;;
255.128.0.0) echo 9 ;;
255.0.0.0) echo 8 ;;
254.0.0.0) echo 7 ;;
252.0.0.0) echo 6 ;;
248.0.0.0) echo 5 ;;
240.0.0.0) echo 4 ;;
224.0.0.0) echo 3 ;;
192.0.0.0) echo 2 ;;
128.0.0.0) echo 1 ;;
0.0.0.0) echo 0 ;;
*) echo 32 ;;
esac
} #End of mask2bits
doroute() {
# parms2="dev $PLUTO_INTERFACE gw $PLUTO_NEXT_HOP"
# parms="-net $PLUTO_PEER_CLIENT_NET netmask $PLUTO_PEER_CLIENT_MASK"
PLUTO_PEER_CLIENT_BITS=`mask2bits $PLUTO_PEER_CLIENT_MASK`
parms="$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_BITS"
parms2="dev $PLUTO_INTERFACE via $PLUTO_NEXT_HOP"
case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in
"0.0.0.0/0.0.0.0")
# horrible kludge for obscure routing bug with opportunistic
# it="route $1 -net 0.0.0.0 netmask 128.0.0.0 $parms2 &&
# route $1 -net 128.0.0.0 netmask 128.0.0.0 $parms2"
it="ip route $1 0.0.0.0/1 $parms2 &&"
it="$it ip route $1 128.0.0.0/1 $parms2"
;;
# *) it="route $1 $parms $parms2"
*) it="ip route $1 $parms $parms2"
;;
esac
eval $it
st=$?
if test $st -ne 0
then
# route has already given its own cryptic message
echo "$0: \`$it' failed" >&2
if test " $1 $st" = " add 7"
then
# another totally undocumented interface -- 7 and
# "SIOCADDRT: Network is unreachable" means that
# the gateway isn't reachable.
echo "$0: (incorrect or missing nexthop setting??)" >&2
fi
fi
return $st
}
# the big choice
case "$PLUTO_VERB:$1" in
prepare-host:*|prepare-client:*)
# delete possibly-existing route (preliminary to adding a route)
case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in
"0.0.0.0/0.0.0.0")
# horrible kludge for obscure routing bug with opportunistic
# it="route del -net 0.0.0.0 netmask 128.0.0.0 2>&1 ;
# route del -net 128.0.0.0 netmask 128.0.0.0 2>&1"
it="ip route del 0.0.0.0/1 2>&1 ; ip route del 128.0.0.0/1 2>&1"
;;
*)
# it="route del -net $PLUTO_PEER_CLIENT_NET \
# netmask $PLUTO_PEER_CLIENT_MASK 2>&1"
PLUTO_PEER_CLIENT_BITS=`mask2bits $PLUTO_PEER_CLIENT_MASK`
parms="$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_BITS"
it="ip route del $parms 2>&1"
;;
esac
oops="`eval $it`"
status="$?"
if test " $oops" = " " -a " $status" != " 0"
then
oops="silent error, exit status $status"
fi
case "$oops" in
# <CTC> iproute2 gives a _different_ incomprehensible answer
# 'SIOCDELRT: No such process'*)
'RTNETLINK answers: No such process'*)
# </CTC>
# This is what route (currently -- not documented!) gives
# for "could not find such a route".
oops=
status=0
;;
esac
if test " $oops" != " " -o " $status" != " 0"
then
echo "$0: \`$it' failed ($oops)" >&2
fi
exit $status
;;
route-host:*|route-client:*)
# connection to me or my client subnet being routed
uproute
;;
unroute-host:*|unroute-client:*)
# connection to me or my client subnet being unrouted
downroute
;;
up-host:*)
# connection to me coming up
# If you are doing a custom version, firewall commands go here.
;;
down-host:*)
# connection to me going down
# If you are doing a custom version, firewall commands go here.
;;
up-client:)
# connection to my client subnet coming up
# If you are doing a custom version, firewall commands go here.
;;
down-client:)
# connection to my client subnet going down
# If you are doing a custom version, firewall commands go here.
;;
up-client:ipfwadm)
# connection to client subnet, with (left/right)firewall=yes, coming up
# This is used only by the default updown script, not by your custom
# ones, so do not mess with it; see CAUTION comment up at top.
# <CTC> replace with iptables commands
# ipfwadm -F -i accept -b -S $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \
# -D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK
iptables -I FORWARD 1 -s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \
-d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK -j ACCEPT
iptables -I FORWARD 1 -d $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \
-s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK -j ACCEPT
# </CTC>
;;
down-client:ipfwadm)
# connection to client subnet, with (left/right)firewall=yes, going down
# This is used only by the default updown script, not by your custom
# ones, so do not mess with it; see CAUTION comment up at top.
# <CTC> replace with iptables commands
# ipfwadm -F -d accept -b -S $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \
# -D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK
iptables -D FORWARD 1 -s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \
-d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK -j ACCEPT
iptables -D FORWARD 1 -d $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \
-s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK -j ACCEPT
# </CTC>
;;
*) echo "$0: unknown verb \`$PLUTO_VERB' or parameter \`$1'" >&2
exit 1
;;
esac
+ _________________________ proc/net/dev
+
+ cat /proc/net/dev
Inter-| Receive | Transmit
face |bytes packets errs drop fifo frame compressed multicast|bytes packets
errs drop fifo colls carrier compressed
lo: 0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0
dummy0: 0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0
eth0: 166166 1943 0 0 0 0 0 0 782522 1501
0 0 0 0 0 0
ippp0: 2789 116 0 0 0 0 0 0 5042 143
0 0 0 0 0 0
ipsec0: 0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0
ipsec1: 0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0
ipsec2: 0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0
ipsec3: 0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0
+ _________________________ proc/net/route
+
+ cat /proc/net/route
Iface Destination Gateway Flags RefCnt Use Metric Mask
MTU Window IRTT
eth0 0028A8C0 00000000 0001 0 0 0 00FFFFFF
40 0 0
ippp0 00004382 00000000 0001 0 0 0 0000FFFF
40 0 0
ippp0 00000000 80D54382 0003 0 0 0 00000000
40 0 0
+ _________________________ proc/sys/net/ipv4/ip_forward
+
+ cat /proc/sys/net/ipv4/ip_forward
1
+ _________________________ proc/sys/net/ipv4/conf/star-rp_filter
+
+ cd /proc/sys/net/ipv4/conf
+ egrep ^ all/rp_filter default/rp_filter eth0/rp_filter ippp0/rp_filter lo/rp_filter
all/rp_filter:0
default/rp_filter:0
eth0/rp_filter:0
ippp0/rp_filter:0
lo/rp_filter:0
+ _________________________ uname-a
+
+ uname -a
Linux isdnvpn 2.4.18 #4 Sun Jun 9 09:46:15 CEST 2002 i586 unknown
+ _________________________ redhat-release
+
+ test -r /etc/redhat-release
+ _________________________ proc/net/ipsec_version
+
+ cat /proc/net/ipsec_version
FreeS/WAN version: 1.98b
+ _________________________ iptables/list
+
+ iptables -L -v -n
Chain INPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT ah -- lo * 0.0.0.0/0 0.0.0.0/0
8 1016 ippp0_in ah -- ippp0 * 0.0.0.0/0 0.0.0.0/0
1900 135K eth0_in ah -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 ipsec0_in ah -- ipsec0 * 0.0.0.0/0 0.0.0.0/0
0 0 common ah -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG ah -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:INPUT:REJECT:'
0 0 reject ah -- * * 0.0.0.0/0 0.0.0.0/0
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ippp0_fwd ah -- ippp0 * 0.0.0.0/0 0.0.0.0/0
24 2304 eth0_fwd ah -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 ipsec0_fwd ah -- ipsec0 * 0.0.0.0/0 0.0.0.0/0
0 0 common ah -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG ah -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:FORWARD:REJECT:'
0 0 reject ah -- * * 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT ah -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 DROP icmp -- * * 0.0.0.0/0 0.0.0.0/0
state INVALID
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- * ippp0 0.0.0.0/0 0.0.0.0/0
udp dpts:67:68
0 0 ACCEPT udp -- * eth0 0.0.0.0/0 0.0.0.0/0
udp dpts:67:68
11 881 fw2net ah -- * ippp0 0.0.0.0/0 0.0.0.0/0
1498 761K all2all ah -- * eth0 0.0.0.0/0 0.0.0.0/0
0 0 all2all ah -- * ipsec0 0.0.0.0/0 0.0.0.0/0
0 0 common ah -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG ah -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:OUTPUT:REJECT:'
0 0 reject ah -- * * 0.0.0.0/0 0.0.0.0/0
Chain all2all (5 references)
pkts bytes target prot opt in out source destination
1498 761K ACCEPT ah -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
23 3441 common ah -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG ah -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:all2all:REJECT:'
0 0 reject ah -- * * 0.0.0.0/0 0.0.0.0/0
Chain common (5 references)
pkts bytes target prot opt in out source destination
0 0 icmpdef icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:0x10/0x10
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp flags:0x04/0x04
23 3441 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:137:139 reject-with icmp-port-unreachable
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:445 reject-with icmp-port-unreachable
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:135
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpt:1900
0 0 DROP ah -- * * 0.0.0.0/0 255.255.255.255
0 0 DROP ah -- * * 0.0.0.0/0 224.0.0.0/4
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:113
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0
udp spt:53 state NEW
0 0 DROP ah -- * * 0.0.0.0/0 192.168.40.255
Chain eth0_fwd (1 references)
pkts bytes target prot opt in out source destination
24 2304 loc2net ah -- * ippp0 0.0.0.0/0 0.0.0.0/0
0 0 loc2gw ah -- * ipsec0 0.0.0.0/0 0.0.0.0/0
Chain eth0_in (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:67:68
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 8
1900 135K loc2fw ah -- * * 0.0.0.0/0 0.0.0.0/0
Chain fw2net (1 references)
pkts bytes target prot opt in out source destination
7 621 ACCEPT ah -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT esp -- * * 0.0.0.0/0 194.248.214.187
state NEW
0 0 ACCEPT 51 -- * * 0.0.0.0/0 194.248.214.187
state NEW
0 0 ACCEPT udp -- * * 0.0.0.0/0 194.248.214.187
udp spt:500 dpt:500 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
state NEW tcp dpt:53
3 200 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
state NEW udp dpt:53
1 60 ACCEPT ah -- * * 0.0.0.0/0 0.0.0.0/0
Chain gw2loc (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT ah -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT ah -- * * 0.0.0.0/0 0.0.0.0/0
Chain icmpdef (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 4
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 3
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 11
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 12
Chain ippp0_fwd (1 references)
pkts bytes target prot opt in out source destination
0 0 rfc1918 ah -- * * 0.0.0.0/0 0.0.0.0/0
0 0 net2all ah -- * eth0 0.0.0.0/0 0.0.0.0/0
0 0 net2all ah -- * ipsec0 0.0.0.0/0 0.0.0.0/0
Chain ippp0_in (1 references)
pkts bytes target prot opt in out source destination
8 1016 rfc1918 ah -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
udp dpts:67:68
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 8
8 1016 net2fw ah -- * * 0.0.0.0/0 0.0.0.0/0
Chain ipsec0_fwd (1 references)
pkts bytes target prot opt in out source destination
0 0 all2all ah -- * ippp0 0.0.0.0/0 0.0.0.0/0
0 0 gw2loc ah -- * eth0 0.0.0.0/0 0.0.0.0/0
Chain ipsec0_in (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
icmp type 8
0 0 all2all ah -- * * 0.0.0.0/0 0.0.0.0/0
Chain loc2fw (1 references)
pkts bytes target prot opt in out source destination
1875 131K ACCEPT ah -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
2 120 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
state NEW tcp dpt:22
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0
state NEW udp dpt:53
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0
state NEW tcp dpt:80
23 3441 all2all ah -- * * 0.0.0.0/0 0.0.0.0/0
Chain loc2gw (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT ah -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT ah -- * * 0.0.0.0/0 0.0.0.0/0
Chain loc2net (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT ah -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
24 2304 ACCEPT ah -- * * 0.0.0.0/0 0.0.0.0/0
Chain logdrop (7 references)
pkts bytes target prot opt in out source destination
0 0 LOG ah -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:rfc1918:DROP:'
0 0 DROP ah -- * * 0.0.0.0/0 0.0.0.0/0
Chain net2all (3 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT ah -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 common ah -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG ah -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:net2all:DROP:'
0 0 DROP ah -- * * 0.0.0.0/0 0.0.0.0/0
Chain net2fw (1 references)
pkts bytes target prot opt in out source destination
8 1016 ACCEPT ah -- * * 0.0.0.0/0 0.0.0.0/0
state RELATED,ESTABLISHED
0 0 ACCEPT esp -- * * 194.248.214.187 0.0.0.0/0
state NEW
0 0 ACCEPT 51 -- * * 194.248.214.187 0.0.0.0/0
state NEW
0 0 ACCEPT udp -- * * 194.248.214.187 0.0.0.0/0
udp spt:500 dpt:500 state NEW
0 0 net2all ah -- * * 0.0.0.0/0 0.0.0.0/0
Chain reject (6 references)
pkts bytes target prot opt in out source destination
0 0 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0
reject-with tcp-reset
0 0 REJECT ah -- * * 0.0.0.0/0 0.0.0.0/0
reject-with icmp-port-unreachable
Chain rfc1918 (2 references)
pkts bytes target prot opt in out source destination
0 0 RETURN ah -- * * 255.255.255.255 0.0.0.0/0
0 0 DROP ah -- * * 169.254.0.0/16 0.0.0.0/0
0 0 logdrop ah -- * * 0.0.0.0/8 0.0.0.0/0
0 0 logdrop ah -- * * 10.0.0.0/8 0.0.0.0/0
0 0 logdrop ah -- * * 127.0.0.0/8 0.0.0.0/0
0 0 logdrop ah -- * * 192.0.2.0/24 0.0.0.0/0
0 0 logdrop ah -- * * 192.168.0.0/16 0.0.0.0/0
0 0 logdrop ah -- * * 172.16.0.0/12 0.0.0.0/0
0 0 logdrop ah -- * * 240.0.0.0/4 0.0.0.0/0
Chain shorewall (0 references)
pkts bytes target prot opt in out source destination
+ _________________________ ipchains/list
+
+ ipchains -L -v -n
ipchains: not found
+ _________________________ ipfwadm/forward
+
+ ipfwadm -F -l -n -e
ipfwadm: not found
+ _________________________ ipfwadm/input
+
+ ipfwadm -I -l -n -e
ipfwadm: not found
+ _________________________ ipfwadm/output
+
+ ipfwadm -O -l -n -e
ipfwadm: not found
+ _________________________ iptables/nat
+
+ iptables -t nat -L -v -n
Chain PREROUTING (policy ACCEPT 49 packets, 6132 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 4 packets, 260 bytes)
pkts bytes target prot opt in out source destination
8 768 MASQUERADE ah -- * ippp0 192.168.40.0/24 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 4 packets, 260 bytes)
pkts bytes target prot opt in out source destination
+ _________________________ ipchains/masq
+
+ ipchains -M -L -v -n
ipchains: not found
+ _________________________ ipfwadm/masq
+
+ ipfwadm -M -l -n -e
ipfwadm: not found
+ _________________________ iptables/mangle
+
+ iptables -t mangle -L -v -n
Chain PREROUTING (policy ACCEPT 1948 packets, 140K bytes)
pkts bytes target prot opt in out source destination
8 1016 rfc1918 ah -- ippp0 * 0.0.0.0/0 0.0.0.0/0
1948 140K pretos ah -- * * 0.0.0.0/0 0.0.0.0/0
Chain INPUT (policy ACCEPT 1908 packets, 136K bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 24 packets, 2304 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 1509 packets, 762K bytes)
pkts bytes target prot opt in out source destination
1509 762K outtos ah -- * * 0.0.0.0/0 0.0.0.0/0
Chain POSTROUTING (policy ACCEPT 1533 packets, 765K bytes)
pkts bytes target prot opt in out source destination
Chain logdrop (7 references)
pkts bytes target prot opt in out source destination
0 0 LOG ah -- * * 0.0.0.0/0 0.0.0.0/0
LOG flags 0 level 6 prefix `Shorewall:rfc1918:DROP:'
0 0 DROP ah -- * * 0.0.0.0/0 0.0.0.0/0
Chain outtos (1 references)
pkts bytes target prot opt in out source destination
0 0 TOS tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:22 TOS set 0x10
1498 761K TOS tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp spt:22 TOS set 0x10
0 0 TOS tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:21 TOS set 0x10
0 0 TOS tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp spt:21 TOS set 0x10
0 0 TOS tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp spt:20 TOS set 0x08
0 0 TOS tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:20 TOS set 0x08
Chain pretos (1 references)
pkts bytes target prot opt in out source destination
1877 131K TOS tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:22 TOS set 0x10
0 0 TOS tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp spt:22 TOS set 0x10
0 0 TOS tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:21 TOS set 0x10
0 0 TOS tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp spt:21 TOS set 0x10
0 0 TOS tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp spt:20 TOS set 0x08
0 0 TOS tcp -- * * 0.0.0.0/0 0.0.0.0/0
tcp dpt:20 TOS set 0x08
Chain rfc1918 (1 references)
pkts bytes target prot opt in out source destination
0 0 RETURN ah -- * * 0.0.0.0/0 255.255.255.255
0 0 DROP ah -- * * 0.0.0.0/0 169.254.0.0/16
0 0 logdrop ah -- * * 0.0.0.0/0 0.0.0.0/8
0 0 logdrop ah -- * * 0.0.0.0/0 10.0.0.0/8
0 0 logdrop ah -- * * 0.0.0.0/0 127.0.0.0/8
0 0 logdrop ah -- * * 0.0.0.0/0 192.0.2.0/24
0 0 logdrop ah -- * * 0.0.0.0/0 192.168.0.0/16
0 0 logdrop ah -- * * 0.0.0.0/0 172.16.0.0/12
0 0 logdrop ah -- * * 0.0.0.0/0 240.0.0.0/4
+ _________________________ proc/modules
+
+ cat /proc/modules
ipsec 133392 2
ip_nat_irc 2384 0 (unused)
ip_nat_ftp 2960 0 (unused)
ip_conntrack_irc 3056 1
ip_conntrack_ftp 3824 1
hisax 483056 2
isdn 93900 2 [hisax]
slhc 4264 1 [isdn]
3c59x 24696 1
ide-probe-mod 7496 0
ide-disk 6544 0
ide-mod 50888 0 [ide-probe-mod ide-disk]
+ _________________________ proc/meminfo
+
+ cat /proc/meminfo
total: used: free: shared: buffers: cached:
Mem: 64348160 16011264 48336896 0 49152 7467008
Swap: 0 0 0
MemTotal: 62840 kB
MemFree: 47204 kB
MemShared: 0 kB
Buffers: 48 kB
Cached: 7292 kB
SwapCached: 0 kB
Active: 0 kB
Inactive: 11012 kB
HighTotal: 0 kB
HighFree: 0 kB
LowTotal: 62840 kB
LowFree: 47204 kB
SwapTotal: 0 kB
SwapFree: 0 kB
+ _________________________ dev/ipsec-ls
+
+ ls -l /dev/ipsec*
ls: /dev/ipsec*: No such file or directory
+ _________________________ proc/net/ipsec-ls
+
+ ls -l /proc/net/ipsec_eroute /proc/net/ipsec_spi /proc/net/ipsec_spigrp
+/proc/net/ipsec_tncfg /proc/net/ipsec_version
-r--r--r-- 1 root wheel 0 Jul 19 07:11 /proc/net/ipsec_eroute
-r--r--r-- 1 root wheel 0 Jul 19 07:11 /proc/net/ipsec_spi
-r--r--r-- 1 root wheel 0 Jul 19 07:11 /proc/net/ipsec_spigrp
-r--r--r-- 1 root wheel 0 Jul 19 07:11 /proc/net/ipsec_tncfg
-r--r--r-- 1 root wheel 0 Jul 19 07:11 /proc/net/ipsec_version
+ _________________________ usr/src/linux/.config
+
+ test -f /usr/src/linux/.config
+ _________________________ etc/syslog.conf
+
+ cat /etc/syslog.conf
# /etc/syslog.conf Configuration file for syslogd.
#
# For more information see syslog.conf(5)
# manpage.
#
# Log everything remotely. The other machine must run syslog with '-r'.
# WARNING: Doing this is unsecure and can open you up to a DoS attack.
#
#*.* @host.ip.address-or-name.here
*.* /dev/tty9
auth,authpriv.* /dev/tty8
#
# First some standard logfiles. Log by facility.
#
auth,authpriv.* /var/log/auth.log
*.*;auth,authpriv.none -/var/log/syslog
daemon.* -/var/log/daemon.log
kern.* -/var/log/kern.log
#cron.* /var/log/cron.log
#lpr.* -/var/log/lpr.log
#mail.* /var/log/mail.log
#user.* -/var/log/user.log
#uucp.* -/var/log/uucp.log
#
# Some `catch-all' logfiles.
#
*.=debug;\
auth,authpriv.none;\
news.none;mail.none -/var/log/debug
*.=info;*.=notice;*.=warn;\
auth,authpriv.none;\
cron,daemon.none;\
mail,news.none -/var/log/messages
#
# Emergencies are sent to everybody logged in.
#
*.emerg *
#ppp
local2.* -/var/log/ppp.log
#portslave
local6.* -/var/log/pslave.log
+ _________________________ etc/resolv.conf
+
+ cat /etc/resolv.conf
nameserver 194.248.214.171
nameserver 194.248.214.171
+ _________________________ lib/modules-ls
+
+ ls -ltr /lib/modules
-rw-r--r-- 1 root root 39428 Jun 9 09:02 ppp_deflate.o
-rw-r--r-- 1 root root 9968 Jun 9 09:02 ppp_async.o
-rw-r--r-- 1 root root 26320 Jun 9 09:02 eepro100.o
-rw-r--r-- 1 root root 8880 Jun 9 09:02 8390.o
-rw-r--r-- 1 root root 36120 Jun 9 09:02 3c59x.o
-rw-r--r-- 1 root root 6744 Jun 9 09:02 slhc.o
-rw-r--r-- 1 root root 3616 Jun 9 09:02 pppox.o
-rw-r--r-- 1 root root 11648 Jun 9 09:02 pppoe.o
-rw-r--r-- 1 root root 7920 Jun 9 09:02 ppp_synctty.o
-rw-r--r-- 1 root root 22536 Jun 9 09:02 ppp_mppe.o
-rw-r--r-- 1 root root 23736 Jun 9 09:02 ppp_generic.o
-rw-r--r-- 1 root root 8528 Jun 9 09:02 ne2k-pci.o
-rw-r--r-- 1 root root 8144 Jun 9 09:02 ne.o
-rw-r--r-- 1 root root 9816 Jun 9 09:02 n_hdlc.o
-rw-r--r-- 1 root root 4200 Jun 9 09:03 ip_nat_irc.o
-rw-r--r-- 1 root root 4748 Jun 9 09:03 ip_nat_ftp.o
-rw-r--r-- 1 root root 5720 Jun 9 09:03 ip_conntrack_irc.o
-rw-r--r-- 1 root root 5928 Jun 9 09:03 ip_conntrack_ftp.o
-rw-r--r-- 1 root root 165014 Jul 18 07:39 ipsec.o
-rwxr-xr-x 1 root root 630010 Jul 18 09:58 hisax.o
-rwxr-xr-x 1 root root 124764 Jul 18 09:58 isdn.o
lrwxrwxrwx 1 root root 12 Jul 19 06:55 2.4.18 -> /lib/modules
+ _________________________ proc/ksyms-netif_rx
+
+ egrep netif_rx /proc/ksyms
c0188160 netif_rx
+ _________________________ lib/modules-netif_rx
+
+ modulegoo kernel/net/ipv4/ipip.o netif_rx
+ set +x
2.4.18:
+ _________________________ kern.debug
+
+ test -f /var/log/kern.debug
+ _________________________ klog
+
+ sed -n 211,$p /var/log/syslog
+ egrep -i ipsec|klips|pluto
+ cat
Jul 19 07:08:48 isdnvpn ipsec_setup: Starting FreeS/WAN IPsec 1.98b...
Jul 19 07:08:48 isdnvpn ipsec_setup: Using ipsec
Jul 19 07:08:49 isdnvpn ipsec_setup: Using /lib/modules/ipsec.o
Jul 19 07:08:49 isdnvpn ipsec_setup: addr=130.67.213.232
Jul 19 07:08:49 isdnvpn ipsec_setup: type=pointopoint
Jul 19 07:08:49 isdnvpn ipsec_setup: otheraddr=130.67.213.128/16
Jul 19 07:08:49 isdnvpn ipsec_setup: KLIPS ipsec0 on ippp0 130.67.213.232 pointopoint
130.67.213.128/16
Jul 19 07:08:49 isdnvpn ipsec_setup: ...FreeS/WAN IPsec started
Jul 19 07:08:51 isdnvpn ipsec__plutorun: 003 no public interfaces found
Jul 19 07:08:51 isdnvpn ipsec__plutorun: 022 "rw-to-li1": we have no ipsecN interface
for either end of this connection
Jul 19 07:08:51 isdnvpn ipsec__plutorun: ...could not route conn "rw-to-li1"
+ _________________________ plog
+
+ sed -n 41,$p /var/log/auth.log
+ egrep -i pluto
+ cat
Jul 19 07:08:49 isdnvpn ipsec__plutorun: Starting Pluto subsystem...
Jul 19 07:08:49 isdnvpn pluto[29528]: Starting Pluto (FreeS/WAN Version 1.98b)
Jul 19 07:08:51 isdnvpn pluto[29528]: added connection description "rw-to-li1"
Jul 19 07:08:51 isdnvpn pluto[29528]: listening for IKE messages
Jul 19 07:08:51 isdnvpn pluto[29528]: no public interfaces found
Jul 19 07:08:51 isdnvpn pluto[29528]: loading secrets from "/etc/ipsec.secrets"
+ _________________________ date
+
+ date
Fri Jul 19 07:11:18 UTC 2002
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
