On Mon, Sep 25, 2006 at 09:27:54PM +1000, Herbert Xu ([EMAIL PROTECTED]) wrote:
> On Mon, Sep 25, 2006 at 02:38:36PM +0400, Evgeniy Polyakov wrote:
> >
> > I ran two times the same 'telnet 192.168.4.79 22' and got unencrypted
> > packets and very long timeout. After some magic initial process things
> > started to work as expected - only ESP encrypted packets can be found in
> > tcpdump, until next connection is started, which becames to work not
> > correctly and then again starts to work as expected.
>
> Perhaps something's screwed up with the policies. Unfortunately
> the racoon logs draw a blank around the interesting interval as
> shown by the tcpdump.
I insrted blank lines specially to show where things started to work
correctly (first blank lines), second one shows where I started second
telnet. I think you've noticed that time difference on machines
is about 30 minutes.
> Please run ip x p once every second and the post what it shows
> before, during and after the period when unecrypted packets show
> up on the wire.
>
> You only have to do it on the 79 machine since it's the one sending
> unencrypted data.
Attached three files - before, while and after connection establishment.
--
Evgeniy Polyakov
src 192.168.4.78/32 dst 192.168.4.79/32
dir in priority 2147483648
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src 192.168.4.79/32 dst 192.168.4.78/32
dir out priority 2147483648
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src 192.168.4.78/32 dst 192.168.4.79/32
dir fwd priority 2147483648
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src ::/0 dst ::/0
dir in priority 0
src ::/0 dst ::/0
dir in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0
src ::/0 dst ::/0
dir out priority 0
src ::/0 dst ::/0
dir out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0
src 192.168.4.78/32 dst 192.168.4.79/32
dir in priority 2147483648
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src 192.168.4.79/32 dst 192.168.4.78/32
dir out priority 2147483648
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src 192.168.4.78/32 dst 192.168.4.79/32
dir fwd priority 2147483648
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src ::/0 dst ::/0
dir in priority 0
src ::/0 dst ::/0
dir in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0
src ::/0 dst ::/0
dir out priority 0
src ::/0 dst ::/0
dir out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0
src 192.168.4.78/32 dst 192.168.4.79/32
dir in priority 2147483648
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src 192.168.4.79/32 dst 192.168.4.78/32
dir out priority 2147483648
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src 192.168.4.78/32 dst 192.168.4.79/32
dir fwd priority 2147483648
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src ::/0 dst ::/0
dir in priority 0
src ::/0 dst ::/0
dir in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0
src ::/0 dst ::/0
dir out priority 0
src ::/0 dst ::/0
dir out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0
src 192.168.4.78/32 dst 192.168.4.79/32
dir in priority 2147483648
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src 192.168.4.79/32 dst 192.168.4.78/32
dir out priority 2147483648
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src 192.168.4.78/32 dst 192.168.4.79/32
dir fwd priority 2147483648
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src ::/0 dst ::/0
dir in priority 0
src ::/0 dst ::/0
dir in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0
src ::/0 dst ::/0
dir out priority 0
src ::/0 dst ::/0
dir out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0
src 192.168.4.78/32 dst 192.168.4.79/32
dir in priority 2147483648
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src 192.168.4.79/32 dst 192.168.4.78/32
dir out priority 2147483648
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src 192.168.4.78/32 dst 192.168.4.79/32
dir fwd priority 2147483648
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src ::/0 dst ::/0
dir in priority 0
src ::/0 dst ::/0
dir in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0
src ::/0 dst ::/0
dir out priority 0
src ::/0 dst ::/0
dir out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0
src 192.168.4.78/32 dst 192.168.4.79/32
dir in priority 2147483648
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src 192.168.4.79/32 dst 192.168.4.78/32
dir out priority 2147483648
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src 192.168.4.78/32 dst 192.168.4.79/32
dir fwd priority 2147483648
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src ::/0 dst ::/0
dir in priority 0
src ::/0 dst ::/0
dir in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0
src ::/0 dst ::/0
dir out priority 0
src ::/0 dst ::/0
dir out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0
src 192.168.4.78/32 dst 192.168.4.79/32
dir in priority 2147483648
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src 192.168.4.79/32 dst 192.168.4.78/32
dir out priority 2147483648
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src 192.168.4.78/32 dst 192.168.4.79/32
dir fwd priority 2147483648
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src ::/0 dst ::/0
dir in priority 0
src ::/0 dst ::/0
dir in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0
src ::/0 dst ::/0
dir out priority 0
src ::/0 dst ::/0
dir out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0
src 192.168.4.78/32 dst 192.168.4.79/32
dir in priority 2147483648
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src 192.168.4.79/32 dst 192.168.4.78/32
dir out priority 2147483648
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src 192.168.4.78/32 dst 192.168.4.79/32
dir fwd priority 2147483648
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src ::/0 dst ::/0
dir in priority 0
src ::/0 dst ::/0
dir in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0
src ::/0 dst ::/0
dir out priority 0
src ::/0 dst ::/0
dir out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0
src 192.168.4.78/32 dst 192.168.4.79/32
dir in priority 2147483648
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src 192.168.4.79/32 dst 192.168.4.78/32
dir out priority 2147483648
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src 192.168.4.78/32 dst 192.168.4.79/32
dir fwd priority 2147483648
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src ::/0 dst ::/0
dir in priority 0
src ::/0 dst ::/0
dir in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0
src ::/0 dst ::/0
dir out priority 0
src ::/0 dst ::/0
dir out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0
src 192.168.4.78/32 dst 192.168.4.79/32
dir in priority 2147483648
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src 192.168.4.79/32 dst 192.168.4.78/32
dir out priority 2147483648
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src 192.168.4.78/32 dst 192.168.4.79/32
dir fwd priority 2147483648
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src ::/0 dst ::/0
dir in priority 0
src ::/0 dst ::/0
dir in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0
src ::/0 dst ::/0
dir out priority 0
src ::/0 dst ::/0
dir out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0
src 192.168.4.78/32 dst 192.168.4.79/32
dir in priority 2147483648
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src 192.168.4.79/32 dst 192.168.4.78/32
dir out priority 2147483648
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src 192.168.4.78/32 dst 192.168.4.79/32
dir fwd priority 2147483648
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src ::/0 dst ::/0
dir in priority 0
src ::/0 dst ::/0
dir in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0
src ::/0 dst ::/0
dir out priority 0
src ::/0 dst ::/0
dir out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0
src 192.168.4.78/32 dst 192.168.4.79/32
dir in priority 2147483648
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src 192.168.4.79/32 dst 192.168.4.78/32
dir out priority 2147483648
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src 192.168.4.78/32 dst 192.168.4.79/32
dir fwd priority 2147483648
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src ::/0 dst ::/0
dir in priority 0
src ::/0 dst ::/0
dir in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0
src ::/0 dst ::/0
dir out priority 0
src ::/0 dst ::/0
dir out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0
src 192.168.4.78/32 dst 192.168.4.79/32
dir in priority 2147483648
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src 192.168.4.79/32 dst 192.168.4.78/32
dir out priority 2147483648
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src 192.168.4.78/32 dst 192.168.4.79/32
dir fwd priority 2147483648
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src ::/0 dst ::/0
dir in priority 0
src ::/0 dst ::/0
dir in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0
src ::/0 dst ::/0
dir out priority 0
src ::/0 dst ::/0
dir out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0
src 192.168.4.78/32 dst 192.168.4.79/32
dir in priority 2147483648
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src 192.168.4.79/32 dst 192.168.4.78/32
dir out priority 2147483648
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src 192.168.4.78/32 dst 192.168.4.79/32
dir fwd priority 2147483648
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src ::/0 dst ::/0
dir in priority 0
src ::/0 dst ::/0
dir in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0
src ::/0 dst ::/0
dir out priority 0
src ::/0 dst ::/0
dir out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0
src 192.168.4.78/32 dst 192.168.4.79/32
dir in priority 2147483648
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src 192.168.4.79/32 dst 192.168.4.78/32
dir out priority 2147483648
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src 192.168.4.78/32 dst 192.168.4.79/32
dir fwd priority 2147483648
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src ::/0 dst ::/0
dir in priority 0
src ::/0 dst ::/0
dir in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0
src ::/0 dst ::/0
dir out priority 0
src ::/0 dst ::/0
dir out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0
src 192.168.4.78/32 dst 192.168.4.79/32
dir in priority 2147483648
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src 192.168.4.79/32 dst 192.168.4.78/32
dir out priority 2147483648
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src 192.168.4.78/32 dst 192.168.4.79/32
dir fwd priority 2147483648
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src ::/0 dst ::/0
dir in priority 0
src ::/0 dst ::/0
dir in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0
src ::/0 dst ::/0
dir out priority 0
src ::/0 dst ::/0
dir out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0
src 192.168.4.78/32 dst 192.168.4.79/32
dir in priority 2147483648
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src 192.168.4.79/32 dst 192.168.4.78/32
dir out priority 2147483648
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src 192.168.4.78/32 dst 192.168.4.79/32
dir fwd priority 2147483648
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src ::/0 dst ::/0
dir in priority 0
src ::/0 dst ::/0
dir in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0
src ::/0 dst ::/0
dir out priority 0
src ::/0 dst ::/0
dir out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0
src 192.168.4.78/32 dst 192.168.4.79/32
dir in priority 2147483648
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src 192.168.4.79/32 dst 192.168.4.78/32
dir out priority 2147483648
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src 192.168.4.78/32 dst 192.168.4.79/32
dir fwd priority 2147483648
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src ::/0 dst ::/0
dir in priority 0
src ::/0 dst ::/0
dir in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0
src ::/0 dst ::/0
dir out priority 0
src ::/0 dst ::/0
dir out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0
src 192.168.4.78/32 dst 192.168.4.79/32
dir in priority 2147483648
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src 192.168.4.79/32 dst 192.168.4.78/32
dir out priority 2147483648
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src 192.168.4.78/32 dst 192.168.4.79/32
dir fwd priority 2147483648
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src ::/0 dst ::/0
dir in priority 0
src ::/0 dst ::/0
dir in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0
src ::/0 dst ::/0
dir out priority 0
src ::/0 dst ::/0
dir out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0
src 192.168.4.78/32 dst 192.168.4.79/32
dir in priority 2147483648
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src 192.168.4.79/32 dst 192.168.4.78/32
dir out priority 2147483648
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src 192.168.4.78/32 dst 192.168.4.79/32
dir fwd priority 2147483648
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src ::/0 dst ::/0
dir in priority 0
src ::/0 dst ::/0
dir in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0
src ::/0 dst ::/0
dir out priority 0
src ::/0 dst ::/0
dir out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0
src 192.168.4.78/32 dst 192.168.4.79/32
dir in priority 2147483648
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src 192.168.4.79/32 dst 192.168.4.78/32
dir out priority 2147483648
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src 192.168.4.78/32 dst 192.168.4.79/32
dir fwd priority 2147483648
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src ::/0 dst ::/0
dir in priority 0
src ::/0 dst ::/0
dir in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0
src ::/0 dst ::/0
dir out priority 0
src ::/0 dst ::/0
dir out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0
src 192.168.4.78/32 dst 192.168.4.79/32
dir in priority 2147483648
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src 192.168.4.79/32 dst 192.168.4.78/32
dir out priority 2147483648
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src 192.168.4.78/32 dst 192.168.4.79/32
dir fwd priority 2147483648
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src ::/0 dst ::/0
dir in priority 0
src ::/0 dst ::/0
dir in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir in priority 0
src ::/0 dst ::/0
dir out priority 0
src ::/0 dst ::/0
dir out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0
src 0.0.0.0/0 dst 0.0.0.0/0
dir out priority 0
