[leaf-user] ipsec tunnel to a zyxel zywall (unsuccessful)

Erich Titl Sun, 17 Nov 2002 07:09:53 -0800

Hi everyone

I am finally attacking the ipsec connection planned for months, unfortunately whithout much success, here is what I am trying:

internal C class network 194.124.158.0/24
|
Bering rc3
217.162.140.106
|
Internet through cable modem on both ends
actually hooked on the same switch which connects me through a cable modem to my ISP
|
217.162.92.182
Zyxel Zywall 10
|
192.168.1.0/24

I am trying to build a tunnel between the 192.168.1.0 and the 194.124.158.0 subnets

When I try to ping from a PC in the 192.168.1.0 network I see the following in the auth.log file:

>>>>>>>>>>>>>>>>>>>>>>

Nov 17 15:31:54 gatekeeper Pluto[31465]: packet from 217.162.92.182:500: ignoring Delete SA payload
Nov 17 15:31:54 gatekeeper Pluto[31465]: packet from 217.162.92.182:500: received and ignored informational message
Nov 17 15:32:00 gatekeeper Pluto[31465]: packet from 217.162.92.182:500: not enough room in input packet for ISAKMP Message
Nov 17 15:35:12 gatekeeper Pluto[31465]: packet from 217.162.92.182:500: initial Main Mode message received on 217.162.140.106:500 but no connection has been authorized
Nov 17 15:35:40 gatekeeper last message repeated 3 times

>>>>>>>>>>>>>>>>>>>>>>

I am afraid the 'not enough room' message means trouble :-(

Thanks for pointers

Erich

>>>>>>>>>>>>>>>>>>>>>>

ipsec barf yields the following

>>>>>>>>>>>>>>>>>>>>>>

gatekeeper
Sun Nov 17 15:54:23 CET 2002
+ _________________________ version
+
+ ipsec --version
Linux FreeS/WAN 1.97
See `ipsec --copyright' for copyright information.
+ _________________________ proc/version
+
+ cat /proc/version
Linux version 2.4.18 (root@debian) (gcc version 2.95.2 20000220 (Debian GNU/Linux)) #4 Sun Jun 9 09:46:15 CEST 2002
+ _________________________ proc/net/ipsec_eroute
+
+ sort +3 /proc/net/ipsec_eroute
sort: +3: No such file or directory
+ cat /proc/net/ipsec_eroute
+ _________________________ proc/net/ipsec_spi
+
+ cat /proc/net/ipsec_spi
+ _________________________ proc/net/ipsec_spigrp
+
+ cat /proc/net/ipsec_spigrp
+ _________________________ ip/route
+
+ ip route
194.124.158.0/24 dev eth1 proto kernel scope link src 194.124.158.99
217.162.140.0/22 dev eth0 proto kernel scope link src 217.162.140.106
217.162.140.0/22 dev ipsec0 proto kernel scope link src 217.162.140.106
default via 217.162.140.1 dev eth0
+ _________________________ proc/net/ipsec_tncfg
+
+ cat /proc/net/ipsec_tncfg
ipsec0 -> eth0 mtu=16260(1500) -> 1500
ipsec1 -> NULL mtu=0(0) -> 0
ipsec2 -> NULL mtu=0(0) -> 0
ipsec3 -> NULL mtu=0(0) -> 0
+ _________________________ proc/net/pf_key
+
+ cat /proc/net/pf_key
sock pid socket next prev e n p sndbf Flags Type St
c1ea87c0 31465 c13b2b60 0 0 0 0 2 65535 00000000 3 1
+ _________________________ proc/net/pf_key-star
+
+ cd /proc/net
+ egrep ^ pf_key_registered pf_key_supported
pf_key_registered:satype socket pid sk
pf_key_registered: 2 c13b2b60 31465 c1ea87c0
pf_key_registered: 3 c13b2b60 31465 c1ea87c0
pf_key_registered: 9 c13b2b60 31465 c1ea87c0
pf_key_registered: 10 c13b2b60 31465 c1ea87c0
pf_key_supported:satype exttype alg_id ivlen minbits maxbits
pf_key_supported: 2 14 3 0 160 160
pf_key_supported: 2 14 2 0 128 128
pf_key_supported: 3 15 3 128 168 168
pf_key_supported: 3 14 3 0 160 160
pf_key_supported: 3 14 2 0 128 128
pf_key_supported: 9 15 4 0 128 128
pf_key_supported: 9 15 3 0 32 128
pf_key_supported: 9 15 2 0 128 32
pf_key_supported: 9 15 1 0 32 32
pf_key_supported: 10 15 2 0 1 1
+ _________________________ proc/sys/net/ipsec-star
+
+ cd /proc/sys/net/ipsec
+ egrep ^ icmp inbound_policy_check tos
icmp:1
inbound_policy_check:1
tos:1
+ _________________________ ipsec/status
+
+ ipsec auto --status
000 interface ipsec0/eth0 217.162.140.106
000
000
+ _________________________ ip/address
+
+ ip addr
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
2: dummy0: <BROADCAST,NOARP> mtu 1500 qdisc noop
link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
3: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:80:c7:62:2a:8e brd ff:ff:ff:ff:ff:ff
inet 217.162.140.106/22 brd 255.255.255.255 scope global eth0
4: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:50:ba:8d:18:3d brd ff:ff:ff:ff:ff:ff
inet 194.124.158.99/24 brd 194.124.158.255 scope global eth1
29: ipsec0: <NOARP,UP> mtu 16260 qdisc pfifo_fast qlen 10
link/ether 00:80:c7:62:2a:8e brd ff:ff:ff:ff:ff:ff
inet 217.162.140.106/22 brd 255.255.255.255 scope global ipsec0
30: ipsec1: <NOARP> mtu 0 qdisc noop qlen 10
link/ipip
31: ipsec2: <NOARP> mtu 0 qdisc noop qlen 10
link/ipip
32: ipsec3: <NOARP> mtu 0 qdisc noop qlen 10
link/ipip
+ _________________________ ipsec/directory
+
+ ipsec --directory
/lib/ipsec
+ _________________________ hostname/fqdn
+
+ hostname -f
gatekeeper
+ _________________________ hostname/ipaddress
+
+ hostname -i
194.124.158.99
+ _________________________ uptime
+
+ uptime
3:54pm up 3 days, 16:43, load average: 0.01, 0.01, 0.00
+ _________________________ ps
+
+ ps alxwf
+ egrep -i ppid|pluto|ipsec|klips
14676 root 840 S /bin/sh /lib/ipsec/_plutorun --debug none --uniqueid
30553 root 936 S logger -p daemon.error -t ipsec__plutorun
13692 root 840 S /bin/sh /lib/ipsec/_plutorun --debug none --uniqueid
10516 root 836 S /bin/sh /lib/ipsec/_plutoload --load %search --start
13770 root 840 S /bin/sh /lib/ipsec/_plutorun --debug none --uniqueid
31465 root 1244 S /lib/ipsec/pluto --nofork --debug-none --uniqueids
20149 root 788 S _pluto_adns 7 10
16468 root 836 S /bin/sh /sbin/ipsec barf
28779 root 840 S /bin/sh /lib/ipsec/barf
19222 root 900 S egrep -i ppid|pluto|ipsec|klips
+ _________________________ ipsec/showdefaults
+
+ ipsec showdefaults
routephys=eth0
routephys=eth0
routevirt=ipsec0
routevirt=ipsec0
routeaddr=217.162.140.106
routeaddr=217.162.140.106
routenexthop=217.162.140.1
routenexthop=217.162.140.1
defaultroutephys=eth0
defaultroutevirt=ipsec0
defaultrouteaddr=217.162.140.106
defaultroutenexthop=217.162.140.1
+ _________________________ ipsec/conf
+
+ ipsec _include /etc/ipsec.conf
+ ipsec _keycensor

#< /etc/ipsec.conf 1
# /etc/ipsec.conf - FreeS/WAN IPsec configuration file

# More elaborate and more varied sample configurations can be found
# in FreeS/WAN's doc/examples file, and in the HTML documentation.

# basic configuration
config setup
# THIS SETTING MUST BE CORRECT or almost nothing will work;
# %defaultroute is okay for most simple cases.
interfaces=%defaultroute
# Debug-logging controls: "none" for (almost) none, "all" for lots.
klipsdebug=none
plutodebug=none
# Use auto= parameters in conn descriptions to control startup actions.
plutoload=%search
plutostart=%search
# Close down old connection when new one using same ID shows up.
uniqueids=yes

# defaults for subsequent connection descriptions
conn %default
# How persistent to be in (re)keying negotiations (0 means very).
keyingtries=0
# RSA authentication with keys from DNS.
authby=rsasig
leftrsasigkey=%dns
rightrsasigkey=%dns

# connection description for (experimental!) opportunistic encryption
# (requires KEY record in your DNS reverse map; see doc/opportunism.howto)
#conn me-to-anyone
# left=%defaultroute
# right=%opportunistic
# # uncomment to enable incoming; change to auto=route for outgoing
# #auto=add

# sample VPN connection
#conn sample
# # Left security gateway, subnet behind it, next hop toward right.
# left=10.0.0.1
# leftsubnet=172.16.0.0/24
# leftnexthop=10.22.33.44
# # Right security gateway, subnet behind it, next hop toward left.
# right=10.12.12.1
# rightsubnet=192.168.0.0/24
# rightnexthop=10.101.102.103
# # To authorize this connection, but not actually start it, at startup,
# # uncomment this.
# #auto=add

# connection to inhouse Zyxel 10
conn gatekeeper-zyxel
# Left security gateway, subnet behind it, next hop toward right.
authby=secret
left=217.162.140.106
leftsubnet=194.124.158.0/24
leftnexthop=217.162.140.1
# Right security gateway, subnet behind it, next hop toward left.
right=217.162.92.182
rightsubnet=192.168.1.0/24
#rightnexthop=10.101.102.103
# To authorize this connection, but not actually start it, at startup,
# uncomment this.
#auto=add

+ _________________________ ipsec/secrets
+
+ ipsec _include /etc/ipsec.secrets
+ ipsec _secretcensor

#< /etc/ipsec.secrets 1
# This file holds shared secrets or RSA private keys for inter-Pluto
# authentication. See ipsec_pluto(8) manpage, and HTML documentation.

# RSA private key for this host, authenticating it to any other host
# which knows the public part. Suitable public keys, for ipsec.conf, DNS,
# or configuration of other implementations, can be extracted conveniently
md5sum: not found
# with "[sums to #...]".
md5sum: not found
# # -- Create your own RSA key with "[sums to #...]"
# }
md5sum: not found
# do not change the indenting of that "[sums to #...]"

md5sum: not found
217.162.140.106 %any: PSK "[sums to 217....]"
+ _________________________ ipsec/ls-dir
+
+ ls -l /lib/ipsec
-rwxr-xr-x 1 501 501 11085 Apr 21 2002 _confread
-rwxr-xr-x 1 501 501 4132 Apr 21 2002 _copyright
-rwxr-xr-x 1 501 501 2163 Apr 21 2002 _include
-rwxr-xr-x 1 501 501 1472 Apr 21 2002 _keycensor
-rwxr-xr-x 1 501 501 9356 Apr 21 2002 _pluto_adns
-rwxr-xr-x 1 501 501 3495 Apr 21 2002 _plutoload
-rwxr-xr-x 1 501 501 4265 Apr 21 2002 _plutorun
-rwxr-xr-x 1 501 501 7435 Apr 21 2002 _realsetup
-rwxr-xr-x 1 501 501 1971 Apr 21 2002 _secretcensor
-rwxr-xr-x 1 501 501 7636 Apr 21 2002 _startklips
-rwxr-xr-x 1 501 501 7575 Apr 21 2002 _updown
-rwxr-xr-x 1 501 501 10912 Apr 21 2002 auto
-rwxr-xr-x 1 501 501 7107 Apr 23 2002 barf
-rwxr-xr-x 1 501 501 59360 Apr 21 2002 eroute
-rwxr-xr-x 1 501 501 18020 Apr 21 2002 ikeping
-rwxr-xr-x 1 501 501 2905 Apr 21 2002 ipsec
-rw-r--r-- 1 501 501 1950 Apr 21 2002 ipsec_pr.template
-rwxr-xr-x 1 501 501 41308 Apr 21 2002 klipsdebug
-rwxr-xr-x 1 501 501 2649 Apr 22 2002 look
-rwxr-xr-x 1 501 501 16157 Apr 21 2002 manual
-rwxr-xr-x 1 501 501 1847 Apr 21 2002 newhostkey
-rwxr-xr-x 1 501 501 34556 Apr 21 2002 pf_key
-rwxr-xr-x 1 501 501 310652 Apr 21 2002 pluto
-rwxr-xr-x 1 501 501 6484 Apr 21 2002 ranbits
-rwxr-xr-x 1 501 501 64220 Apr 21 2002 rsasigkey
-rwxr-xr-x 1 501 501 16641 Apr 21 2002 send-pr
lrwxrwxrwx 1 root root 17 Nov 13 23:16 setup -> /etc/init.d/ipsec
-rwxr-xr-x 1 501 501 1041 Apr 21 2002 showdefaults
-rwxr-xr-x 1 501 501 3484 Apr 21 2002 showhostkey
-rwxr-xr-x 1 501 501 68812 Apr 21 2002 spi
-rwxr-xr-x 1 501 501 51208 Apr 21 2002 spigrp
-rwxr-xr-x 1 501 501 9544 Apr 21 2002 tncfg
-rwxr-xr-x 1 501 501 32000 Apr 21 2002 whack
+ _________________________ ipsec/updowns
+
+ ls /lib/ipsec
+ egrep updown
+ cat /lib/ipsec/_updown
#! /bin/sh
# default updown script
# Copyright (C) 2000, 2001 D. Hugh Redelmeier, Henry Spencer
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 2 of the License, or (at your
# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
# for more details.
#
# RCSID $Id: _updown,v 1.19 2002/03/25 18:04:42 henry Exp $

# CAUTION: Installing a new version of FreeS/WAN will install a new
# copy of this script, wiping out any custom changes you make. If
# you need changes, make a copy of this under another name, and customize
# that, and use the (left/right)updown parameters in ipsec.conf to make
# FreeS/WAN use yours instead of this default one.

# check interface version
case "$PLUTO_VERSION" in
1.[0]) # Older Pluto?!? Play it safe, script may be using new features.
echo "$0: obsolete interface version \`$PLUTO_VERSION'," >&2
echo "$0: called by obsolete Pluto?" >&2
exit 2
;;
1.*) ;;
*) echo "$0: unknown interface version \`$PLUTO_VERSION'" >&2
exit 2
;;
esac

# check parameter(s)
case "$1:$*" in
':') # no parameters
;;
ipfwadm:ipfwadm) # due to (left/right)firewall; for default script only
;;
custom:*) # custom parameters (see above CAUTION comment)
;;
*) echo "$0: unknown parameters \`$*'" >&2
exit 2
;;
esac

# utility functions for route manipulation
# Meddling with this stuff should not be necessary and requires great care.
uproute() {
doroute add
}
downroute() {
doroute del
}
# <CTC> convert to iproute2 - add mask2bits function
#-------------------------------------------------------------------------
# mask2bits function, returns the number of bits in the netmask parameter.
# borrowed from http://www.stearns.org/samlib/samlib-0.1/samlib
#-------------------------------------------------------------------------
#No external apps needed.
mask2bits () {
case $1 in
255.255.255.255) echo 32 ;;
255.255.255.254) echo 31 ;;
255.255.255.252) echo 30 ;;
255.255.255.248) echo 29 ;;
255.255.255.240) echo 28 ;;
255.255.255.224) echo 27 ;;
255.255.255.192) echo 26 ;;
255.255.255.128) echo 25 ;;
255.255.255.0) echo 24 ;;
255.255.254.0) echo 23 ;;
255.255.252.0) echo 22 ;;
255.255.248.0) echo 21 ;;
255.255.240.0) echo 20 ;;
255.255.224.0) echo 19 ;;
255.255.192.0) echo 18 ;;
255.255.128.0) echo 17 ;;
255.255.0.0) echo 16 ;;
255.254.0.0) echo 15 ;;
255.252.0.0) echo 14 ;;
255.248.0.0) echo 13 ;;
255.240.0.0) echo 12 ;;
255.224.0.0) echo 11 ;;
255.192.0.0) echo 10 ;;
255.128.0.0) echo 9 ;;
255.0.0.0) echo 8 ;;
254.0.0.0) echo 7 ;;
252.0.0.0) echo 6 ;;
248.0.0.0) echo 5 ;;
240.0.0.0) echo 4 ;;
224.0.0.0) echo 3 ;;
192.0.0.0) echo 2 ;;
128.0.0.0) echo 1 ;;
0.0.0.0) echo 0 ;;
*) echo 32 ;;
esac
} #End of mask2bits
doroute() {
# parms2="dev $PLUTO_INTERFACE gw $PLUTO_NEXT_HOP"
# parms="-net $PLUTO_PEER_CLIENT_NET netmask $PLUTO_PEER_CLIENT_MASK"
PLUTO_PEER_CLIENT_BITS=`mask2bits $PLUTO_PEER_CLIENT_MASK`
parms="$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_BITS"
parms2="dev $PLUTO_INTERFACE via $PLUTO_NEXT_HOP"
case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in
"0.0.0.0/0.0.0.0")
# horrible kludge for obscure routing bug with opportunistic
# it="route $1 -net 0.0.0.0 netmask 128.0.0.0 $parms2 &&
# route $1 -net 128.0.0.0 netmask 128.0.0.0 $parms2"
it="ip route $1 0.0.0.0/1 $parms2 &&"
it="$it ip route $1 128.0.0.0/1 $parms2"
;;
# *) it="route $1 $parms $parms2"
*) it="ip route $1 $parms $parms2"
;;
esac
eval $it
st=$?
if test $st -ne 0
then
# route has already given its own cryptic message
echo "$0: \`$it' failed" >&2
if test " $1 $st" = " add 7"
then
# another totally undocumented interface -- 7 and
# "SIOCADDRT: Network is unreachable" means that
# the gateway isn't reachable.
echo "$0: (incorrect or missing nexthop setting??)" >&2
fi
fi
return $st
}

# the big choice
case "$PLUTO_VERB:$1" in
prepare-host:*|prepare-client:*)
# delete possibly-existing route (preliminary to adding a route)
case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in
"0.0.0.0/0.0.0.0")
# horrible kludge for obscure routing bug with opportunistic
# it="route del -net 0.0.0.0 netmask 128.0.0.0 2>&1 ;
# route del -net 128.0.0.0 netmask 128.0.0.0 2>&1"
it="ip route del 0.0.0.0/1 2>&1 ; ip route del 128.0.0.0/1 2>&1"
;;
*)
# it="route del -net $PLUTO_PEER_CLIENT_NET \
# netmask $PLUTO_PEER_CLIENT_MASK 2>&1"
PLUTO_PEER_CLIENT_BITS=`mask2bits $PLUTO_PEER_CLIENT_MASK`
parms="$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_BITS"
it="ip route del $parms 2>&1"
;;
esac
oops="`eval $it`"
status="$?"
if test " $oops" = " " -a " $status" != " 0"
then
oops="silent error, exit status $status"
fi
case "$oops" in
# <CTC> iproute2 gives a _different_ incomprehensible answer
# 'SIOCDELRT: No such process'*)
'RTNETLINK answers: No such process'*)
# </CTC>
# This is what route (currently -- not documented!) gives
# for "could not find such a route".
oops=
status=0
;;
esac
if test " $oops" != " " -o " $status" != " 0"
then
echo "$0: \`$it' failed ($oops)" >&2
fi
exit $status
;;
route-host:*|route-client:*)
# connection to me or my client subnet being routed
uproute
;;
unroute-host:*|unroute-client:*)
# connection to me or my client subnet being unrouted
downroute
;;
up-host:*)
# connection to me coming up
# If you are doing a custom version, firewall commands go here.
;;
down-host:*)
# connection to me going down
# If you are doing a custom version, firewall commands go here.
;;
up-client:)
# connection to my client subnet coming up
# If you are doing a custom version, firewall commands go here.
;;
down-client:)
# connection to my client subnet going down
# If you are doing a custom version, firewall commands go here.
;;
up-client:ipfwadm)
# connection to client subnet, with (left/right)firewall=yes, coming up
# This is used only by the default updown script, not by your custom
# ones, so do not mess with it; see CAUTION comment up at top.
# <CTC> replace with iptables commands
# ipfwadm -F -i accept -b -S $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \
# -D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK
iptables -I FORWARD 1 -s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \
-d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK -j ACCEPT
iptables -I FORWARD 1 -d $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \
-s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK -j ACCEPT
# </CTC>
;;
down-client:ipfwadm)
# connection to client subnet, with (left/right)firewall=yes, going down
# This is used only by the default updown script, not by your custom
# ones, so do not mess with it; see CAUTION comment up at top.
# <CTC> replace with iptables commands
# ipfwadm -F -d accept -b -S $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \
# -D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK
iptables -D FORWARD 1 -s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \
-d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK -j ACCEPT
iptables -D FORWARD 1 -d $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \
-s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK -j ACCEPT
# </CTC>
;;
*) echo "$0: unknown verb \`$PLUTO_VERB' or parameter \`$1'" >&2
exit 1
;;
esac
+ _________________________ proc/net/dev
+
+ cat /proc/net/dev
Inter-| Receive | Transmit
face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed
lo: 1344 12 0 0 0 0 0 0 1344 12 0 0 0 0 0 0
dummy0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
eth0:192391879 2244256 0 0 0 0 0 2156667 27324830 79518 0 0 0 0 0 0
eth1:56310872 535902 0 0 0 562 0 447586 48687963 93596 0 0 0 51 0 0
ipsec0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
ipsec1: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
ipsec2: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
ipsec3: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
+ _________________________ proc/net/route
+
+ cat /proc/net/route
Iface Destination Gateway Flags RefCnt Use Metric Mask MTU Window IRTT
eth1 009E7CC2 00000000 0001 0 0 0 00FFFFFF 40 0 0
eth0 008CA2D9 00000000 0001 0 0 0 00FCFFFF 40 0 0
ipsec0 008CA2D9 00000000 0001 0 0 0 00FCFFFF 40 0 0
eth0 00000000 018CA2D9 0003 0 0 0 00000000 40 0 0
+ _________________________ proc/sys/net/ipv4/ip_forward
+
+ cat /proc/sys/net/ipv4/ip_forward
1
+ _________________________ proc/sys/net/ipv4/conf/star-rp_filter
+
+ cd /proc/sys/net/ipv4/conf
+ egrep ^ all/rp_filter default/rp_filter eth0/rp_filter eth1/rp_filter ipsec0/rp_filter lo/rp_filter
all/rp_filter:0
default/rp_filter:0
eth0/rp_filter:1
eth1/rp_filter:0
ipsec0/rp_filter:0
lo/rp_filter:0
+ _________________________ uname-a
+
+ uname -a
Linux gatekeeper 2.4.18 #4 Sun Jun 9 09:46:15 CEST 2002 i586 unknown
+ _________________________ redhat-release
+
+ test -r /etc/redhat-release
+ _________________________ proc/net/ipsec_version
+
+ cat /proc/net/ipsec_version
FreeS/WAN version: 1.97
+ _________________________ iptables/list
+
+ iptables -L -v -n
Chain INPUT (policy DROP 4 packets, 1624 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT ah -- lo * 0.0.0.0/0 0.0.0.0/0
93 28549 eth0_in ah -- eth0 * 0.0.0.0/0 0.0.0.0/0
1495 82751 eth1_in ah -- eth1 * 0.0.0.0/0 0.0.0.0/0
0 0 common ah -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG ah -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:INPUT:REJECT:'
0 0 reject ah -- * * 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy DROP 1 packets, 76 bytes)
pkts bytes target prot opt in out source destination
410 156K eth0_fwd ah -- eth0 * 0.0.0.0/0 0.0.0.0/0
325 41250 eth1_fwd ah -- eth1 * 0.0.0.0/0 0.0.0.0/0
0 0 common ah -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG ah -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:FORWARD:REJECT:'
0 0 reject ah -- * * 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT ah -- * lo 0.0.0.0/0 0.0.0.0/0
0 0 DROP icmp -- * * 0.0.0.0/0 0.0.0.0/0 state INVALID
20 1944 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
1 328 ACCEPT udp -- * eth0 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68
0 0 fw2net ah -- * eth0 0.0.0.0/0 0.0.0.0/0
1170 139K fw2loc ah -- * eth1 0.0.0.0/0 0.0.0.0/0
0 0 common ah -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG ah -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:OUTPUT:REJECT:'
0 0 reject ah -- * * 0.0.0.0/0 0.0.0.0/0

Chain all2all (3 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT ah -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
26 3419 common ah -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG ah -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:all2all:REJECT:'
0 0 reject ah -- * * 0.0.0.0/0 0.0.0.0/0

Chain common (5 references)
pkts bytes target prot opt in out source destination
0 0 icmpdef icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x10/0x10
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x04/0x04
36 4235 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:137:139 reject-with icmp-port-unreachable
0 0 REJECT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:445 reject-with icmp-port-unreachable
0 0 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:135
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:1900
0 0 DROP ah -- * * 0.0.0.0/0 255.255.255.255
0 0 DROP ah -- * * 0.0.0.0/0 224.0.0.0/4
2 120 reject tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:113
0 0 DROP udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:53 state NEW
0 0 DROP ah -- * * 0.0.0.0/0 255.255.255.255
0 0 DROP ah -- * * 0.0.0.0/0 194.124.158.255

Chain eth0_fwd (1 references)
pkts bytes target prot opt in out source destination
410 156K rfc1918 ah -- * * 0.0.0.0/0 0.0.0.0/0
410 156K net2loc ah -- * eth1 0.0.0.0/0 0.0.0.0/0

Chain eth0_in (1 references)
pkts bytes target prot opt in out source destination
93 28549 rfc1918 ah -- * * 0.0.0.0/0 0.0.0.0/0
1 333 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:67:68
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8
22 2488 net2fw ah -- * * 0.0.0.0/0 0.0.0.0/0

Chain eth1_fwd (1 references)
pkts bytes target prot opt in out source destination
325 41250 loc2net ah -- * eth0 0.0.0.0/0 0.0.0.0/0

Chain eth1_in (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 8
1495 82751 loc2fw ah -- * * 0.0.0.0/0 0.0.0.0/0

Chain fw2gw (0 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT ah -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:500 dpt:500 state NEW
0 0 all2all ah -- * * 0.0.0.0/0 0.0.0.0/0

Chain fw2loc (1 references)
pkts bytes target prot opt in out source destination
1167 139K ACCEPT ah -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
2 120 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW
1 59 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW
0 0 all2all ah -- * * 0.0.0.0/0 0.0.0.0/0

Chain fw2net (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT ah -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT esp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW
0 0 ACCEPT 51 -- * * 0.0.0.0/0 0.0.0.0/0 state NEW
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:500 dpt:500 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:53
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:53
0 0 ACCEPT ah -- * * 0.0.0.0/0 0.0.0.0/0

Chain icmpdef (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 0
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 4
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 3
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 11
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0 icmp type 12

Chain loc2fw (1 references)
pkts bytes target prot opt in out source destination
1469 79332 ACCEPT ah -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
0 0 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW udp dpt:53
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:80
26 3419 all2all ah -- * * 0.0.0.0/0 0.0.0.0/0

Chain loc2net (1 references)
pkts bytes target prot opt in out source destination
297 39448 ACCEPT ah -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
28 1802 ACCEPT ah -- * * 0.0.0.0/0 0.0.0.0/0

Chain logdrop (3 references)
pkts bytes target prot opt in out source destination
0 0 LOG ah -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:rfc1918:DROP:'
0 0 DROP ah -- * * 0.0.0.0/0 0.0.0.0/0

Chain net2all (2 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT ah -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
12 936 common ah -- * * 0.0.0.0/0 0.0.0.0/0
0 0 LOG ah -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:net2all:DROP:'
0 0 DROP ah -- * * 0.0.0.0/0 0.0.0.0/0

Chain net2fw (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT ah -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT esp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW
0 0 ACCEPT 51 -- * * 0.0.0.0/0 0.0.0.0/0 state NEW
10 1552 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spt:500 dpt:500 state NEW
0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
12 936 net2all ah -- * * 0.0.0.0/0 0.0.0.0/0

Chain net2loc (1 references)
pkts bytes target prot opt in out source destination
392 155K ACCEPT ah -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
17 816 ACCEPT tcp -- * * 0.0.0.0/0 194.124.158.50 state NEW tcp dpt:80
0 0 ACCEPT tcp -- * * 0.0.0.0/0 194.124.158.50 state NEW tcp dpt:443
1 60 ACCEPT tcp -- * * 0.0.0.0/0 194.124.158.50 state NEW tcp dpt:25
0 0 ACCEPT tcp -- * * 0.0.0.0/0 194.124.158.50 state NEW tcp dpt:993
0 0 ACCEPT tcp -- * * 0.0.0.0/0 194.124.158.50 state NEW tcp dpt:995
0 0 ACCEPT tcp -- * * 0.0.0.0/0 194.124.158.50 state NEW tcp dpt:21
0 0 net2all ah -- * * 0.0.0.0/0 0.0.0.0/0

Chain reject (6 references)
pkts bytes target prot opt in out source destination
2 120 REJECT tcp -- * * 0.0.0.0/0 0.0.0.0/0 reject-with tcp-reset
0 0 REJECT ah -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable

Chain rfc1918 (2 references)
pkts bytes target prot opt in out source destination
0 0 RETURN ah -- * * 255.255.255.255 0.0.0.0/0
0 0 DROP ah -- * * 169.254.0.0/16 0.0.0.0/0
0 0 logdrop ah -- * * 0.0.0.0/8 0.0.0.0/0
70 25728 DROP ah -- * * 10.0.0.0/8 0.0.0.0/0
0 0 logdrop ah -- * * 127.0.0.0/8 0.0.0.0/0
0 0 DROP ah -- * * 192.0.2.0/24 0.0.0.0/0
0 0 DROP ah -- * * 192.168.0.0/16 0.0.0.0/0
0 0 DROP ah -- * * 172.16.0.0/12 0.0.0.0/0
0 0 logdrop ah -- * * 240.0.0.0/4 0.0.0.0/0

Chain shorewall (0 references)
pkts bytes target prot opt in out source destination
+ _________________________ ipchains/list
+
+ ipchains -L -v -n
ipchains: not found
+ _________________________ ipfwadm/forward
+
+ ipfwadm -F -l -n -e
ipfwadm: not found
+ _________________________ ipfwadm/input
+
+ ipfwadm -I -l -n -e
ipfwadm: not found
+ _________________________ ipfwadm/output
+
+ ipfwadm -O -l -n -e
ipfwadm: not found
+ _________________________ iptables/nat
+
+ iptables -t nat -L -v -n
Chain PREROUTING (policy ACCEPT 31326 packets, 8222K bytes)
pkts bytes target prot opt in out source destination
102 27900 net ah -- eth0 * 0.0.0.0/0 0.0.0.0/0

Chain POSTROUTING (policy ACCEPT 4463 packets, 251K bytes)
pkts bytes target prot opt in out source destination
27 1741 MASQUERADE ah -- * eth0 194.124.158.0/24 0.0.0.0/0

Chain OUTPUT (policy ACCEPT 138 packets, 40076 bytes)
pkts bytes target prot opt in out source destination

Chain net (1 references)
pkts bytes target prot opt in out source destination
17 816 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 to:194.124.158.50
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 to:194.124.158.50
1 60 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:25 to:194.124.158.50
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:993 to:194.124.158.50
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:995 to:194.124.158.50
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 to:194.124.158.50
+ _________________________ ipchains/masq
+
+ ipchains -M -L -v -n
ipchains: not found
+ _________________________ ipfwadm/masq
+
+ ipfwadm -M -l -n -e
ipfwadm: not found
+ _________________________ iptables/mangle
+
+ iptables -t mangle -L -v -n
Chain PREROUTING (policy ACCEPT 199K packets, 81M bytes)
pkts bytes target prot opt in out source destination
507 186K rfc1918 ah -- eth0 * 0.0.0.0/0 0.0.0.0/0
2325 309K pretos ah -- * * 0.0.0.0/0 0.0.0.0/0

Chain INPUT (policy ACCEPT 42723 packets, 9020K bytes)
pkts bytes target prot opt in out source destination

Chain FORWARD (policy ACCEPT 156K packets, 72M bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 13642 packets, 1558K bytes)
pkts bytes target prot opt in out source destination
1193 142K outtos ah -- * * 0.0.0.0/0 0.0.0.0/0

Chain POSTROUTING (policy ACCEPT 170K packets, 73M bytes)
pkts bytes target prot opt in out source destination

Chain logdrop (3 references)
pkts bytes target prot opt in out source destination
0 0 LOG ah -- * * 0.0.0.0/0 0.0.0.0/0 LOG flags 0 level 6 prefix `Shorewall:rfc1918:DROP:'
0 0 DROP ah -- * * 0.0.0.0/0 0.0.0.0/0

Chain outtos (1 references)
pkts bytes target prot opt in out source destination
35 6428 TOS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 TOS set 0x10
1133 133K TOS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:22 TOS set 0x10
0 0 TOS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 TOS set 0x10
0 0 TOS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:21 TOS set 0x10
0 0 TOS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:20 TOS set 0x08
0 0 TOS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:20 TOS set 0x08

Chain pretos (1 references)
pkts bytes target prot opt in out source destination
1432 76120 TOS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 TOS set 0x10
37 3082 TOS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:22 TOS set 0x10
0 0 TOS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:21 TOS set 0x10
0 0 TOS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:21 TOS set 0x10
0 0 TOS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp spt:20 TOS set 0x08
0 0 TOS tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:20 TOS set 0x08

Chain rfc1918 (1 references)
pkts bytes target prot opt in out source destination
74 27352 RETURN ah -- * * 0.0.0.0/0 255.255.255.255
0 0 DROP ah -- * * 0.0.0.0/0 169.254.0.0/16
0 0 logdrop ah -- * * 0.0.0.0/0 0.0.0.0/8
0 0 DROP ah -- * * 0.0.0.0/0 10.0.0.0/8
0 0 logdrop ah -- * * 0.0.0.0/0 127.0.0.0/8
0 0 DROP ah -- * * 0.0.0.0/0 192.0.2.0/24
0 0 DROP ah -- * * 0.0.0.0/0 192.168.0.0/16
0 0 DROP ah -- * * 0.0.0.0/0 172.16.0.0/12
0 0 logdrop ah -- * * 0.0.0.0/0 240.0.0.0/4
+ _________________________ proc/modules
+
+ cat /proc/modules
ipsec 133360 2
pcnet_cs 12496 1
xirc2ps_cs 13928 1
ds 6388 2 [pcnet_cs xirc2ps_cs]
i82365 22180 2
pcmcia_core 41056 0 [pcnet_cs xirc2ps_cs ds i82365]
ip_nat_irc 2384 0 (unused)
ip_nat_ftp 2960 0 (unused)
ip_conntrack_irc 3056 1
ip_conntrack_ftp 3824 1
8390 5780 0 [pcnet_cs]
ide-probe-mod 7496 0
ide-disk 6544 0
ide-mod 50888 0 [ide-probe-mod ide-disk]
+ _________________________ proc/meminfo
+
+ cat /proc/meminfo
total: used: free: shared: buffers: cached:
Mem: 31318016 15544320 15773696 0 49152 8638464
Swap: 0 0 0
MemTotal: 30584 kB
MemFree: 15404 kB
MemShared: 0 kB
Buffers: 48 kB
Cached: 8436 kB
SwapCached: 0 kB
Active: 0 kB
Inactive: 11748 kB
HighTotal: 0 kB
HighFree: 0 kB
LowTotal: 30584 kB
LowFree: 15404 kB
SwapTotal: 0 kB
SwapFree: 0 kB
+ _________________________ dev/ipsec-ls
+
+ ls -l /dev/ipsec*
ls: /dev/ipsec*: No such file or directory
+ _________________________ proc/net/ipsec-ls
+
+ ls -l /proc/net/ipsec_eroute /proc/net/ipsec_spi /proc/net/ipsec_spigrp /proc/net/ipsec_tncfg /proc/net/ipsec_version
-r--r--r-- 1 root wheel 0 Nov 17 15:54 /proc/net/ipsec_eroute
-r--r--r-- 1 root wheel 0 Nov 17 15:54 /proc/net/ipsec_spi
-r--r--r-- 1 root wheel 0 Nov 17 15:54 /proc/net/ipsec_spigrp
-r--r--r-- 1 root wheel 0 Nov 17 15:54 /proc/net/ipsec_tncfg
-r--r--r-- 1 root wheel 0 Nov 17 15:54 /proc/net/ipsec_version
+ _________________________ usr/src/linux/.config
+
+ test -f /usr/src/linux/.config
+ _________________________ etc/syslog.conf
+
+ cat /etc/syslog.conf
# /etc/syslog.conf Configuration file for syslogd.
#
# For more information see syslog.conf(5)
# manpage.

#
# Log everything remotely. The other machine must run syslog with '-r'.
# WARNING: Doing this is unsecure and can open you up to a DoS attack.
#

#*.* @host.ip.address-or-name.here

#
# First some standard logfiles. Log by facility.
#

auth,authpriv.* /var/log/auth.log
*.!=debug;auth,authpriv.none -/var/log/syslog
daemon.!=debug -/var/log/daemon.log
kern.!=debug -/var/log/kern.log
#cron.* /var/log/cron.log

#lpr.* -/var/log/lpr.log
#mail.* /var/log/mail.log
#user.* -/var/log/user.log
#uucp.* -/var/log/uucp.log

#
# Some `catch-all' logfiles.
#
*.=debug;\
auth,authpriv.none;\
news.none;mail.none -/var/log/debug
*.!=debug;*.=info;*.=notice;*.=warn;\
auth,authpriv.none;\
cron,daemon.none;\
mail,news.none -/var/log/messages
#
# Emergencies are sent to everybody logged in.
#
*.emerg *

#ppp
local2.* -/var/log/ppp.log

#portslave
local6.* -/var/log/pslave.log
+ _________________________ lib/modules-ls
+
+ ls -ltr /lib/modules
-rw-r--r-- 1 root root 8880 Jun 9 11:02 8390.o
-rw-r--r-- 1 root root 4200 Jun 9 11:03 ip_nat_irc.o
-rw-r--r-- 1 root root 4748 Jun 9 11:03 ip_nat_ftp.o
-rw-r--r-- 1 root root 5720 Jun 9 11:03 ip_conntrack_irc.o
-rw-r--r-- 1 root root 5928 Jun 9 11:03 ip_conntrack_ftp.o
drwxr-sr-x 2 root root 0 Nov 13 23:15 pcmcia
lrwxrwxrwx 1 root root 12 Nov 13 23:16 2.4.18 -> /lib/modules
drwxr-xr-x 3 root root 0 Nov 13 23:29 net
-rw-r--r-- 2 root root 164982 Nov 13 23:30 ipsec.o
+ _________________________ proc/ksyms-netif_rx
+
+ egrep netif_rx /proc/ksyms
c0188160 netif_rx
+ _________________________ lib/modules-netif_rx
+
+ modulegoo kernel/net/ipv4/ipip.o netif_rx
+ set +x
2.4.18:
net:
pcmcia:
+ _________________________ kern.debug
+
+ test -f /var/log/kern.debug
+ _________________________ klog
+
+ sed -n 17,$p /var/log/messages
+ egrep -i ipsec|klips|pluto
+ cat
Nov 17 14:58:17 gatekeeper kernel: klips_info:pfkey_cleanup: shutting down PF_KEY domain sockets.
Nov 17 15:07:26 gatekeeper kernel: klips_info:pfkey_cleanup: shutting down PF_KEY domain sockets.
Nov 17 15:12:29 gatekeeper kernel: klips_info:pfkey_cleanup: shutting down PF_KEY domain sockets.
Nov 17 15:15:22 gatekeeper kernel: klips_info:pfkey_cleanup: shutting down PF_KEY domain sockets.
+ _________________________ plog
+
+ sed -n 32,$p /var/log/auth.log
+ egrep -i pluto
+ cat
Nov 17 15:15:46 gatekeeper ipsec__plutorun: Starting Pluto subsystem...
Nov 17 15:15:47 gatekeeper Pluto[31465]: Starting Pluto (FreeS/WAN Version 1.97)
Nov 17 15:15:47 gatekeeper Pluto[31465]: listening for IKE messages
Nov 17 15:15:47 gatekeeper Pluto[31465]: adding interface ipsec0/eth0 217.162.140.106
Nov 17 15:15:47 gatekeeper Pluto[31465]: loading secrets from "/etc/ipsec.secrets"
Nov 17 15:31:00 gatekeeper Pluto[31465]: packet from 217.162.92.182:500: unsupported exchange type ISAKMP_XCHG_AGGR in message
Nov 17 15:31:54 gatekeeper Pluto[31465]: packet from 217.162.92.182:500: ignoring Delete SA payload
Nov 17 15:31:54 gatekeeper Pluto[31465]: packet from 217.162.92.182:500: received and ignored informational message
Nov 17 15:32:00 gatekeeper Pluto[31465]: packet from 217.162.92.182:500: not enough room in input packet for ISAKMP Message
Nov 17 15:35:12 gatekeeper Pluto[31465]: packet from 217.162.92.182:500: initial Main Mode message received on 217.162.140.106:500 but no connection has been authorized
+ _________________________ date
+
+ date
Sun Nov 17 15:54:25 CET 2002

THINK
P�ntenstrasse 39
8143 Stallikon
mailto:[EMAIL PROTECTED]
PGP Fingerprint: BC9A 25BC 3954 3BC8 C024 8D8A B7D4 FF9D 05B8 0A16

-------------------------------------------------------
This sf.net email is sponsored by: To learn the basics of securing
your web site with SSL, click here to get a FREE TRIAL of a Thawte
Server Certificate: http://www.gothawte.com/rd524.html
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html

[leaf-user] ipsec tunnel to a zyxel zywall (unsuccessful)

Reply via email to