From: Fred de K. <fre...@io...> - 2002-11-28 16:03:18
|
devil Thu Nov 28 15:09:10 GMT 2002=0A= 62.137.60.176/32 -> 128.0.0.0/16 =3D> tun0x1002@217.33.203.132 = esp0x961da59@217.33.203.132 (0)=0A= ipsec0->ppp0 mtu=3D16260(1500)->1500=0A= esp0x961da59@217.33.203.132 ESP_3DES_HMAC_MD5: dir=3Dout = src=3D62.137.60.176 iv_bits=3D64bits iv=3D0x0344f570573b464d ooowin=3D64 = alen=3D128 aklen=3D128 eklen=3D192 life(c,s,h)=3Daddtime(173,0,0)=0A= esp0xfb787aeb@62.137.60.176 ESP_3DES_HMAC_MD5: dir=3Din = src=3D217.33.203.132 iv_bits=3D64bits iv=3D0x0a24fb1ee77907b8 = ooowin=3D64 alen=3D128 aklen=3D128 eklen=3D192 = life(c,s,h)=3Daddtime(173,0,0)=0A= tun0x1001@62.137.60.176 IPIP: dir=3Din src=3D217.33.203.132 = life(c,s,h)=3Daddtime(173,0,0)=0A= tun0x1002@217.33.203.132 IPIP: dir=3Dout src=3D62.137.60.176 = life(c,s,h)=3Daddtime(173,0,0)=0A= Destination Gateway Genmask Flags MSS Window irtt = Iface=0A= 0.0.0.0 195.92.66.125 0.0.0.0 UG 40 0 0 = ppp0=0A= 128.0.0.0 195.92.66.125 255.255.0.0 UG 40 0 0 = ipsec0=0A= 195.92.66.125 0.0.0.0 255.255.255.255 UH 40 0 0 = ipsec0=0A= 195.92.66.125 0.0.0.0 255.255.255.255 UH 40 0 0 = ppp0=0A= 000 interface ipsec0/ppp0 62.137.60.176=0A= 000 =0A= 000 "devil-zara": = 62.137.60.176[@devil.iosystems.co.uk]---195.92.66.125...217.33.203.132[@i= ort3.iosystems.co.uk]=3D=3D=3D128.0.0.0/16=0A= 000 "devil-zara": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: = 540s; rekey_fuzz: 100%; keyingtries: 3=0A= 000 "devil-zara": policy: = RSASIG+ENCRYPT+TUNNEL+PFS+DISABLEARRIVALCHECK; interface: ppp0; erouted=0A= 000 "devil-zara": newest ISAKMP SA: #1; newest IPsec SA: #2; eroute = owner: #2=0A= 000 =0A= 000 #2: "devil-zara" STATE_QUICK_I2 (sent QI2, IPsec SA established); = EVENT_SA_REPLACE in 27656s; newest IPSEC; eroute owner=0A= 000 #2: "devil-zara" esp.961da59@217.33.203.132 = esp.fb787aeb@62.137.60.176 tun.1002@217.33.203.132 tun.1001@62.137.60.176=0A= 000 #1: "devil-zara" STATE_MAIN_I4 (ISAKMP SA established); = EVENT_SA_REPLACE in 2630s; newest ISAKMP=0A= 000 =0A= devil=0A= Thu Nov 28 15:10:29 GMT 2002=0A= + _________________________ version=0A= + ipsec --version=0A= Linux FreeS/WAN 1.98b=0A= See `ipsec --copyright' for copyright information.=0A= + _________________________ proc/version=0A= + cat /proc/version=0A= Linux version 2.4.19-xfs (root@linux) (gcc version 2.95.3 20010315 = (release)) #2 Sat Aug 31 09:15:43 EST 2002=0A= + _________________________ proc/net/ipsec_eroute=0A= + sort +3 /proc/net/ipsec_eroute=0A= 0 62.137.60.176/32 -> 128.0.0.0/16 =3D> = tun0x1002@217.33.203.132=0A= + _________________________ netstart-rn=0A= + netstat -nr=0A= Kernel IP routing table=0A= Destination Gateway Genmask Flags MSS Window irtt = Iface=0A= 195.92.66.125 0.0.0.0 255.255.255.255 UH 40 0 0 = ppp0=0A= 195.92.66.125 0.0.0.0 255.255.255.255 UH 40 0 0 = ipsec0=0A= 128.0.0.0 195.92.66.125 255.255.0.0 UG 40 0 0 = ipsec0=0A= 10.20.0.0 0.0.0.0 255.255.0.0 U 40 0 0 = eth0=0A= 0.0.0.0 195.92.66.125 0.0.0.0 UG 40 0 0 = ppp0=0A= + _________________________ proc/net/ipsec_spi=0A= + cat /proc/net/ipsec_spi=0A= tun0x1002@217.33.203.132 IPIP: dir=3Dout src=3D62.137.60.176 = life(c,s,h)=3Daddtime(252,0,0)=0A= tun0x1001@62.137.60.176 IPIP: dir=3Din src=3D217.33.203.132 = life(c,s,h)=3Daddtime(252,0,0)=0A= esp0x961da59@217.33.203.132 ESP_3DES_HMAC_MD5: dir=3Dout = src=3D62.137.60.176 iv_bits=3D64bits iv=3D0x0344f570573b464d ooowin=3D64 = alen=3D128 aklen=3D128 eklen=3D192 life(c,s,h)=3Daddtime(252,0,0)=0A= esp0xfb787aeb@62.137.60.176 ESP_3DES_HMAC_MD5: dir=3Din = src=3D217.33.203.132 iv_bits=3D64bits iv=3D0x0a24fb1ee77907b8 = ooowin=3D64 alen=3D128 aklen=3D128 eklen=3D192 = life(c,s,h)=3Daddtime(252,0,0)=0A= + _________________________ proc/net/ipsec_spigrp=0A= + cat /proc/net/ipsec_spigrp=0A= tun0x1002@217.33.203.132 esp0x961da59@217.33.203.132 =0A= tun0x1001@62.137.60.176 esp0xfb787aeb@62.137.60.176 =0A= + _________________________ proc/net/ipsec_tncfg=0A= + cat /proc/net/ipsec_tncfg=0A= ipsec0 -> ppp0 mtu=3D16260(1500) -> 1500=0A= ipsec1 -> NULL mtu=3D0(0) -> 0=0A= ipsec2 -> NULL mtu=3D0(0) -> 0=0A= ipsec3 -> NULL mtu=3D0(0) -> 0=0A= + _________________________ proc/net/pf_key=0A= + cat /proc/net/pf_key=0A= sock pid socket next prev e n p sndbf Flags Type = St=0A= c47a0b50 2867 c712c1d4 0 0 0 0 2 65535 00000000 3 = 1=0A= + _________________________ proc/net/pf_key-star=0A= + cd /proc/net=0A= + egrep '^' pf_key_registered pf_key_supported=0A= pf_key_registered:satype socket pid sk=0A= pf_key_registered: 2 c712c1d4 2867 c47a0b50=0A= pf_key_registered: 3 c712c1d4 2867 c47a0b50=0A= pf_key_registered: 9 c712c1d4 2867 c47a0b50=0A= pf_key_registered: 10 c712c1d4 2867 c47a0b50=0A= pf_key_supported:satype exttype alg_id ivlen minbits maxbits=0A= pf_key_supported: 2 14 3 0 160 160=0A= pf_key_supported: 2 14 2 0 128 128=0A= pf_key_supported: 3 15 3 128 168 168=0A= pf_key_supported: 3 14 3 0 160 160=0A= pf_key_supported: 3 14 2 0 128 128=0A= pf_key_supported: 9 15 4 0 128 128=0A= pf_key_supported: 9 15 3 0 32 128=0A= pf_key_supported: 9 15 2 0 128 32=0A= pf_key_supported: 9 15 1 0 32 32=0A= pf_key_supported: 10 15 2 0 1 1=0A= + _________________________ proc/sys/net/ipsec-star=0A= + cd /proc/sys/net/ipsec=0A= + egrep '^' debug_ah debug_eroute debug_esp debug_ipcomp debug_netlink = debug_pfkey debug_radij debug_rcv debug_spi debug_tunnel debug_verbose = debug_xform icmp inbound_policy_check tos=0A= debug_ah:-1=0A= debug_eroute:-1=0A= debug_esp:-1=0A= debug_ipcomp:-1=0A= debug_netlink:2147483647=0A= debug_pfkey:-1=0A= debug_radij:-1=0A= debug_rcv:-1=0A= debug_spi:-1=0A= debug_tunnel:-1=0A= debug_verbose:0=0A= debug_xform:-1=0A= icmp:1=0A= inbound_policy_check:1=0A= tos:1=0A= + _________________________ ipsec/status=0A= + ipsec auto --status=0A= 000 interface ipsec0/ppp0 62.137.60.176=0A= 000 =0A= 000 "devil-zara": = 62.137.60.176[@devil.iosystems.co.uk]---195.92.66.125...217.33.203.132[@i= ort3.iosystems.co.uk]=3D=3D=3D128.0.0.0/16=0A= 000 "devil-zara": ike_life: 3600s; ipsec_life: 28800s; rekey_margin: = 540s; rekey_fuzz: 100%; keyingtries: 3=0A= 000 "devil-zara": policy: = RSASIG+ENCRYPT+TUNNEL+PFS+DISABLEARRIVALCHECK; interface: ppp0; erouted=0A= 000 "devil-zara": newest ISAKMP SA: #1; newest IPsec SA: #2; eroute = owner: #2=0A= 000 =0A= 000 #2: "devil-zara" STATE_QUICK_I2 (sent QI2, IPsec SA established); = EVENT_SA_REPLACE in 27611s; newest IPSEC; eroute owner=0A= 000 #2: "devil-zara" esp.961da59@217.33.203.132 = esp.fb787aeb@62.137.60.176 tun.1002@217.33.203.132 tun.1001@62.137.60.176=0A= 000 #1: "devil-zara" STATE_MAIN_I4 (ISAKMP SA established); = EVENT_SA_REPLACE in 2585s; newest ISAKMP=0A= 000 =0A= + _________________________ ifconfig-a=0A= + ifconfig -a=0A= eth0 Link encap:Ethernet HWaddr 00:D0:B7:CA:78:69 =0A= inet addr:10.20.10.1 Bcast:10.255.255.255 Mask:255.255.0.0=0A= inet6 addr: fe80::2d0:b7ff:feca:7869/10 Scope:Link=0A= UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1=0A= RX packets:54184 errors:44 dropped:0 overruns:0 frame:44=0A= TX packets:4 errors:0 dropped:0 overruns:0 carrier:0=0A= collisions:0 txqueuelen:100 =0A= RX bytes:4906177 (4.6 Mb) TX bytes:288 (288.0 b)=0A= Interrupt:16 Base address:0x1000 Memory:40100000-40100038 =0A= =0A= ipsec0 Link encap:Point-to-Point Protocol =0A= inet addr:62.137.60.176 Mask:255.255.255.255=0A= UP RUNNING NOARP MTU:16260 Metric:1=0A= RX packets:0 errors:0 dropped:0 overruns:0 frame:0=0A= TX packets:0 errors:0 dropped:0 overruns:0 carrier:0=0A= collisions:0 txqueuelen:10 =0A= RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)=0A= =0A= ipsec1 Link encap:IPIP Tunnel HWaddr =0A= NOARP MTU:0 Metric:1=0A= RX packets:0 errors:0 dropped:0 overruns:0 frame:0=0A= TX packets:0 errors:0 dropped:0 overruns:0 carrier:0=0A= collisions:0 txqueuelen:10 =0A= RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)=0A= =0A= ipsec2 Link encap:IPIP Tunnel HWaddr =0A= NOARP MTU:0 Metric:1=0A= RX packets:0 errors:0 dropped:0 overruns:0 frame:0=0A= TX packets:0 errors:0 dropped:0 overruns:0 carrier:0=0A= collisions:0 txqueuelen:10 =0A= RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)=0A= =0A= ipsec3 Link encap:IPIP Tunnel HWaddr =0A= NOARP MTU:0 Metric:1=0A= RX packets:0 errors:0 dropped:0 overruns:0 frame:0=0A= TX packets:0 errors:0 dropped:0 overruns:0 carrier:0=0A= collisions:0 txqueuelen:10 =0A= RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)=0A= =0A= lo Link encap:Local Loopback =0A= inet addr:127.0.0.1 Mask:255.0.0.0=0A= inet6 addr: ::1/128 Scope:Host=0A= UP LOOPBACK RUNNING MTU:16436 Metric:1=0A= RX packets:6 errors:0 dropped:0 overruns:0 frame:0=0A= TX packets:6 errors:0 dropped:0 overruns:0 carrier:0=0A= collisions:0 txqueuelen:0 =0A= RX bytes:504 (504.0 b) TX bytes:504 (504.0 b)=0A= =0A= ppp0 Link encap:Point-to-Point Protocol =0A= inet addr:62.137.60.176 P-t-P:195.92.66.125 = Mask:255.255.255.255=0A= UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1=0A= RX packets:20 errors:0 dropped:0 overruns:0 frame:0=0A= TX packets:15 errors:0 dropped:0 overruns:0 carrier:0=0A= collisions:0 txqueuelen:3 =0A= RX bytes:2830 (2.7 Kb) TX bytes:1891 (1.8 Kb)=0A= =0A= sit0 Link encap:IPv6-in-IPv4 =0A= NOARP MTU:1480 Metric:1=0A= RX packets:0 errors:0 dropped:0 overruns:0 frame:0=0A= TX packets:0 errors:0 dropped:0 overruns:0 carrier:0=0A= collisions:0 txqueuelen:0 =0A= RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)=0A= =0A= + _________________________ ipsec/directory=0A= + ipsec --directory=0A= /usr/lib/ipsec=0A= + _________________________ hostname/fqdn=0A= + hostname --fqdn=0A= devil=0A= + _________________________ hostname/ipaddress=0A= + hostname --ip-address=0A= 10.20.10.1 =0A= + _________________________ uptime=0A= + uptime=0A= 3:10pm up 6:37, 2 users, load average: 0.16, 0.03, 0.01=0A= + _________________________ ps=0A= + ps alxwf=0A= + egrep -i 'ppid|pluto|ipsec|klips'=0A= F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME = COMMAND=0A= 000 0 3135 1515 9 0 2192 992 wait4 S tty2 0:00 \_ = /bin/sh /usr/sbin/ipsec barf=0A= 000 0 3136 3135 16 0 2220 1056 wait4 S tty2 0:00 = \_ /bin/sh /usr/lib/ipsec/barf=0A= 040 0 3196 3136 15 0 2220 1056 - R tty2 0:00 = \_ /bin/sh /usr/lib/ipsec/barf=0A= 040 0 2860 1 9 0 2212 1032 wait4 S tty2 0:00 = /bin/sh /usr/lib/ipsec/_plutorun --debug all --uniqueids yes --=0A= 040 0 2862 2860 9 0 2212 1032 wait4 S tty2 0:00 \_ = /bin/sh /usr/lib/ipsec/_plutorun --debug all --uniqueids ye=0A= 100 0 2867 2862 8 0 1984 1012 do_sel S tty2 0:00 | = \_ /usr/lib/ipsec/pluto --nofork --debug-all --uniqueids=0A= 000 0 2870 2867 9 0 1376 328 do_sel S tty2 0:00 | = \_ _pluto_adns -d 7 10=0A= 000 0 2863 2860 8 0 2200 1028 pipe_w S tty2 0:00 \_ = /bin/sh /usr/lib/ipsec/_plutoload --load %search --start %s=0A= 000 0 2861 1 9 0 1304 416 pipe_w S tty2 0:00 = logger -p daemon.error -t ipsec__plutorun=0A= + _________________________ ipsec/showdefaults=0A= + ipsec showdefaults=0A= routephys=3Dppp0=0A= routephys=3Dppp0=0A= routevirt=3Dipsec0=0A= routevirt=3Dipsec0=0A= routeaddr=3D62.137.60.176=0A= routeaddr=3D62.137.60.176=0A= routenexthop=3D195.92.66.125=0A= routenexthop=3D195.92.66.125=0A= defaultroutephys=3Dppp0=0A= defaultroutevirt=3Dipsec0=0A= defaultrouteaddr=3D62.137.60.176=0A= defaultroutenexthop=3D195.92.66.125=0A= + _________________________ ipsec/conf=0A= + ipsec _include /etc/ipsec.conf=0A= + ipsec _keycensor=0A= =0A= #< /etc/ipsec.conf 1=0A= # /etc/ipsec.conf - FreeS/WAN IPsec configuration file=0A= =0A= # More elaborate and more varied sample configurations can be found=0A= # in FreeS/WAN's doc/examples file, and in the HTML documentation.=0A= =0A= =0A= =0A= # basic configuration=0A= config setup=0A= # THIS SETTING MUST BE CORRECT or almost nothing will work;=0A= # %defaultroute is okay for most simple cases.=0A= interfaces=3D%defaultroute=0A= # Debug-logging controls: "none" for (almost) none, "all" for lots.=0A= klipsdebug=3Dall=0A= plutodebug=3Dall=0A= # Use auto=3D parameters in conn descriptions to control startup = actions.=0A= plutoload=3D%search=0A= plutostart=3D%search=0A= # Close down old connection when new one using same ID shows up.=0A= uniqueids=3Dyes=0A= =0A= =0A= =0A= # defaults for subsequent connection descriptions=0A= #conn %default=0A= #Use RSA based authentication with certificates=0A= #how persistent to be in (re)keying negotiations (0 means very)=0A= # keyingtries=3D3=0A= #How to authenticate gateways=0A= # authby=3Drsasig=0A= # auto=3Dstart=0A= =0A= #Devil-Zara tunnel=0A= #The network here looks like:=0A= # leftsubnet=3D=3D=3D=3D=3D=3D=3Dleft--------leftnexthop....Dynamic IP.=0A= #If left and right are on the same Ethernet, omit leftnexthop and = rightnexthop.=0A= conn devil-zara=0A= #How to authenticate gateways=0A= authby=3Drsasig=0A= #Identity we use in authentication exchanges=0A= leftid=3D...@io...=0A= leftrsasigkey=3D[keyid AQPzAZLjs]=0A= #left security gateway (public network address)=0A= left=3D217.33.203.132=0A= #next hop to reach right=0A= =0A= =0A= =0A= #subnet behind left (leave out if there is no subnet)=0A= leftsubnet=3D128.0.0.0/16=0A= #right s.g., subnet behind it, plus next hop to reach left=0A= right=3D%defaultroute=0A= #Any address provided authentication works=0A= rightid=3D...@de...=0A= # RSA 2048 bits devil Mon Nov 4 17:28:37 2002=0A= rightrsasigkey=3D[keyid AQNYylH25]=0A= auto=3Dadd=0A= #No retry if IP connectivity is gone=0A= keyingtries=3D3=0A= + _________________________ ipsec/secrets=0A= + ipsec _include /etc/ipsec.secrets=0A= + ipsec _secretcensor=0A= =0A= #< /etc/ipsec.secrets 1=0A= # This file holds shared secrets or RSA private keys for inter-Pluto=0A= # authentication. See ipsec_pluto(8) manpage, and HTML documentation.=0A= =0A= # RSA private key for this host, authenticating it to any other host=0A= # which knows the public part. Suitable public keys, for ipsec.conf, = DNS,=0A= # or configuration of other implementations, can be extracted = conveniently=0A= # with "[sums to ef67...]".=0A= : RSA {=0A= # RSA 2048 bits devil Mon Nov 4 17:28:37 2002=0A= # for signatures only, UNSAFE FOR ENCRYPTION=0A= #pubkey=3D[keyid AQNYylH25]=0A= #IN KEY 0x4200 4 1 [keyid AQNYylH25]=0A= # (0x4200 =3D auth-only host-level, 4 =3D IPSec, 1 =3D RSA)=0A= Modulus: [...]=0A= PublicExponent: [...]=0A= # everything after this point is secret=0A= PrivateExponent: [...]=0A= Prime1: [...]=0A= Prime2: [...]=0A= Exponent1: [...]=0A= Exponent2: [...]=0A= Coefficient: [...]=0A= }=0A= + _________________________ ipsec/ls-dir=0A= + ls -l /usr/lib/ipsec=0A= total 1124=0A= -rwxr-xr-x 1 root root 11167 Jan 1 1980 _confread=0A= -rwxr-xr-x 1 root root 7181 Jan 1 1980 _copyright=0A= -rwxr-xr-x 1 root root 2163 Jan 1 1980 _include=0A= -rwxr-xr-x 1 root root 1472 Jan 1 1980 _keycensor=0A= -rwxr-xr-x 1 root root 13071 Jan 1 1980 _pluto_adns=0A= -rwxr-xr-x 1 root root 3495 Jan 1 1980 _plutoload=0A= -rwxr-xr-x 1 root root 4553 Jan 1 1980 _plutorun=0A= -rwxr-xr-x 1 root root 7483 Jan 1 1980 _realsetup=0A= -rwxr-xr-x 1 root root 1971 Jan 1 1980 _secretcensor=0A= -rwxr-xr-x 1 root root 6934 Jan 1 1980 _startklips=0A= -rwxr-xr-x 1 root root 5014 Jan 1 1980 _updown=0A= -rwxr-xr-x 1 root root 7838 Jan 1 1980 _updown.dhcp=0A= -rwxr-xr-x 1 root root 13327 Jan 1 1980 auto=0A= -rwxr-xr-x 1 root root 7195 Jan 1 1980 barf=0A= -rwxr-xr-x 1 root root 816 Jan 1 1980 calcgoo=0A= -rwxr-xr-x 1 root root 72695 Jan 1 1980 eroute=0A= -rwxr-xr-x 1 root root 57743 Jan 1 1980 ikeping=0A= -rwxr-xr-x 1 root root 2910 Jan 1 1980 ipsec=0A= -rw-r--r-- 1 root root 1950 Jan 1 1980 ipsec_pr.template=0A= -rwxr-xr-x 1 root root 49867 Jan 1 1980 klipsdebug=0A= -rwxr-xr-x 1 root root 2437 Jan 1 1980 look=0A= -rwxr-xr-x 1 root root 16157 Jan 1 1980 manual=0A= -rwxr-xr-x 1 root root 1847 Jan 1 1980 newhostkey=0A= -rwxr-xr-x 1 root root 42508 Jan 1 1980 pf_key=0A= -rwxr-xr-x 1 root root 360728 Jan 1 1980 pluto=0A= -rwxr-xr-x 1 root root 10023 Jan 1 1980 ranbits=0A= -rwxr-xr-x 1 root root 22960 Jan 1 1980 rsasigkey=0A= -rwxr-xr-x 1 root root 16653 Jan 1 1980 send-pr=0A= lrwxrwxrwx 1 root root 22 Nov 28 08:33 setup -> = /etc/rc.d/init.d/ipsec=0A= -rwxr-xr-x 1 root root 1041 Jan 1 1980 showdefaults=0A= -rwxr-xr-x 1 root root 4205 Jan 1 1980 showhostkey=0A= -rwxr-xr-x 1 root root 82853 Jan 1 1980 spi=0A= -rwxr-xr-x 1 root root 62620 Jan 1 1980 spigrp=0A= -rwxr-xr-x 1 root root 13394 Jan 1 1980 tncfg=0A= -rwxr-xr-x 1 root root 106652 Jan 1 1980 uml_netjig=0A= -rwxr-xr-x 1 root root 3353 Jan 1 1980 verify=0A= -rwxr-xr-x 1 root root 42825 Jan 1 1980 whack=0A= + _________________________ ipsec/updowns=0A= ++ ls /usr/lib/ipsec=0A= ++ egrep updown=0A= + cat /usr/lib/ipsec/_updown=0A= #! /bin/sh=0A= # default updown script=0A= # Copyright (C) 2000, 2001 D. Hugh Redelmeier, Henry Spencer=0A= # =0A= # This program is free software; you can redistribute it and/or modify it=0A= # under the terms of the GNU General Public License as published by the=0A= # Free Software Foundation; either version 2 of the License, or (at your=0A= # option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.=0A= # =0A= # This program is distributed in the hope that it will be useful, but=0A= # WITHOUT ANY WARRANTY; without even the implied warranty of = MERCHANTABILITY=0A= # or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public = License=0A= # for more details.=0A= #=0A= # RCSID $Id: _updown,v 1.19 2002/03/25 18:04:42 henry Exp $=0A= =0A= =0A= =0A= # CAUTION: Installing a new version of FreeS/WAN will install a new=0A= # copy of this script, wiping out any custom changes you make. If=0A= # you need changes, make a copy of this under another name, and customize=0A= # that, and use the (left/right)updown parameters in ipsec.conf to make=0A= # FreeS/WAN use yours instead of this default one.=0A= =0A= =0A= =0A= # check interface version=0A= case "$PLUTO_VERSION" in=0A= 1.[0]) # Older Pluto?!? Play it safe, script may be using new features.=0A= echo "$0: obsolete interface version \`$PLUTO_VERSION'," >&2=0A= echo "$0: called by obsolete Pluto?" >&2=0A= exit 2=0A= ;;=0A= 1.*) ;;=0A= *) echo "$0: unknown interface version \`$PLUTO_VERSION'" >&2=0A= exit 2=0A= ;;=0A= esac=0A= =0A= # check parameter(s)=0A= case "$1:$*" in=0A= ':') # no parameters=0A= ;;=0A= ipfwadm:ipfwadm) # due to (left/right)firewall; for default script only=0A= ;;=0A= custom:*) # custom parameters (see above CAUTION comment)=0A= ;;=0A= *) echo "$0: unknown parameters \`$*'" >&2=0A= exit 2=0A= ;;=0A= esac=0A= =0A= # utility functions for route manipulation=0A= # Meddling with this stuff should not be necessary and requires great = care.=0A= uproute() {=0A= doroute add=0A= }=0A= downroute() {=0A= doroute del=0A= }=0A= doroute() {=0A= parms=3D"-net $PLUTO_PEER_CLIENT_NET netmask $PLUTO_PEER_CLIENT_MASK"=0A= parms2=3D"dev $PLUTO_INTERFACE gw $PLUTO_NEXT_HOP"=0A= case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in=0A= "0.0.0.0/0.0.0.0")=0A= # horrible kludge for obscure routing bug with opportunistic=0A= it=3D"route $1 -net 0.0.0.0 netmask 128.0.0.0 $parms2 &&=0A= route $1 -net 128.0.0.0 netmask 128.0.0.0 $parms2"=0A= ;;=0A= *) it=3D"route $1 $parms $parms2"=0A= ;;=0A= esac=0A= eval $it=0A= st=3D$?=0A= if test $st -ne 0=0A= then=0A= # route has already given its own cryptic message=0A= echo "$0: \`$it' failed" >&2=0A= if test " $1 $st" =3D " add 7"=0A= then=0A= # another totally undocumented interface -- 7 and=0A= # "SIOCADDRT: Network is unreachable" means that=0A= # the gateway isn't reachable.=0A= echo "$0: (incorrect or missing nexthop setting??)" >&2=0A= fi=0A= fi=0A= return $st=0A= }=0A= =0A= =0A= =0A= # the big choice=0A= case "$PLUTO_VERB:$1" in=0A= prepare-host:*|prepare-client:*)=0A= # delete possibly-existing route (preliminary to adding a route)=0A= case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in=0A= "0.0.0.0/0.0.0.0")=0A= # horrible kludge for obscure routing bug with opportunistic=0A= it=3D"route del -net 0.0.0.0 netmask 128.0.0.0 2>&1 ;=0A= route del -net 128.0.0.0 netmask 128.0.0.0 2>&1"=0A= ;;=0A= *)=0A= it=3D"route del -net $PLUTO_PEER_CLIENT_NET \=0A= netmask $PLUTO_PEER_CLIENT_MASK 2>&1"=0A= ;;=0A= esac=0A= oops=3D"`eval $it`"=0A= status=3D"$?"=0A= if test " $oops" =3D " " -a " $status" !=3D " 0"=0A= then=0A= oops=3D"silent error, exit status $status"=0A= fi=0A= case "$oops" in=0A= 'SIOCDELRT: No such process'*)=0A= # This is what route (currently -- not documented!) gives=0A= # for "could not find such a route".=0A= oops=3D=0A= status=3D0=0A= ;;=0A= esac=0A= if test " $oops" !=3D " " -o " $status" !=3D " 0"=0A= then=0A= echo "$0: \`$it' failed ($oops)" >&2=0A= fi=0A= exit $status=0A= ;;=0A= route-host:*|route-client:*)=0A= # connection to me or my client subnet being routed=0A= uproute=0A= ;;=0A= unroute-host:*|unroute-client:*)=0A= # connection to me or my client subnet being unrouted=0A= downroute=0A= ;;=0A= up-host:*)=0A= # connection to me coming up=0A= # If you are doing a custom version, firewall commands go here.=0A= ;;=0A= down-host:*)=0A= # connection to me going down=0A= # If you are doing a custom version, firewall commands go here.=0A= ;;=0A= up-client:)=0A= # connection to my client subnet coming up=0A= # If you are doing a custom version, firewall commands go here.=0A= ;;=0A= down-client:)=0A= # connection to my client subnet going down=0A= # If you are doing a custom version, firewall commands go here.=0A= ;;=0A= up-client:ipfwadm)=0A= # connection to client subnet, with (left/right)firewall=3Dyes, coming = up=0A= # This is used only by the default updown script, not by your custom=0A= # ones, so do not mess with it; see CAUTION comment up at top.=0A= ipfwadm -F -i accept -b -S $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \=0A= -D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK=0A= ;;=0A= down-client:ipfwadm)=0A= # connection to client subnet, with (left/right)firewall=3Dyes, going = down=0A= # This is used only by the default updown script, not by your custom=0A= # ones, so do not mess with it; see CAUTION comment up at top.=0A= ipfwadm -F -d accept -b -S $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \=0A= -D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK=0A= ;;=0A= *) echo "$0: unknown verb \`$PLUTO_VERB' or parameter \`$1'" >&2=0A= exit 1=0A= ;;=0A= esac=0A= + cat /usr/lib/ipsec/_updown.dhcp=0A= #! /bin/sh=0A= # =0A= # customized updown script=0A= #=0A= =0A= =0A= # check interface version=0A= case "$PLUTO_VERSION" in=0A= 1.[0]) # Older Pluto?!? Play it safe, script may be using new features.=0A= echo "$0: obsolete interface version \`$PLUTO_VERSION'," >&2=0A= echo "$0: called by obsolete Pluto?" >&2=0A= exit 2=0A= ;;=0A= 1.*) ;;=0A= *) echo "$0: unknown interface version \`$PLUTO_VERSION'" >&2=0A= exit 2=0A= ;;=0A= esac=0A= =0A= # check parameter(s)=0A= case "$1:$*" in=0A= ':') # no parameters=0A= ;;=0A= ipfwadm:ipfwadm) # due to (left/right)firewall; for default script only=0A= ;;=0A= custom:*) # custom parameters (see above CAUTION comment)=0A= ;;=0A= *) echo "$0: unknown parameters \`$*'" >&2=0A= exit 2=0A= ;;=0A= esac=0A= =0A= # utility functions for route manipulation=0A= # Meddling with this stuff should not be necessary and requires great = care.=0A= uproute() {=0A= doroute add=0A= }=0A= downroute() {=0A= doroute del=0A= }=0A= doroute() {=0A= parms=3D"-net $PLUTO_PEER_CLIENT_NET netmask $PLUTO_PEER_CLIENT_MASK"=0A= parms2=3D"dev $PLUTO_INTERFACE gw $PLUTO_NEXT_HOP"=0A= case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in=0A= "0.0.0.0/0.0.0.0")=0A= # horrible kludge for obscure routing bug with opportunistic=0A= it=3D"route $1 -net 0.0.0.0 netmask 128.0.0.0 $parms2 &&"=0A= it=3D"$it route $1 -net 128.0.0.0 netmask 128.0.0.0 $parms2"=0A= route $1 -net 0.0.0.0 netmask 128.0.0.0 $parms2 &&=0A= route $1 -net 128.0.0.0 netmask 128.0.0.0 $parms2=0A= ;;=0A= *) it=3D"route $1 $parms $parms2"=0A= route $1 $parms $parms2=0A= ;;=0A= esac=0A= st=3D$?=0A= if test $st -ne 0=0A= then=0A= # route has already given its own cryptic message=0A= echo "$0: \`$it' failed" >&2=0A= if test " $1 $st" =3D " add 7"=0A= then=0A= # another totally undocumented interface -- 7 and=0A= # "SIOCADDRT: Network is unreachable" means that=0A= # the gateway isn't reachable.=0A= echo "$0: (incorrect or missing nexthop setting??)" >&2=0A= fi=0A= fi=0A= return $st=0A= }=0A= =0A= =0A= =0A= # the big choice=0A= case "$PLUTO_VERB:$1" in=0A= prepare-host:*|prepare-client:*)=0A= # delete possibly-existing route (preliminary to adding a route)=0A= case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in=0A= "0.0.0.0/0.0.0.0")=0A= # horrible kludge for obscure routing bug with opportunistic=0A= parms1=3D"-net 0.0.0.0 netmask 128.0.0.0"=0A= parms2=3D"-net 128.0.0.0 netmask 128.0.0.0"=0A= it=3D"route del $parms1 2>&1 ; route del $parms2 2>&1"=0A= oops=3D"`route del $parms1 2>&1 ; route del $parms2 2>&1`"=0A= ;;=0A= *)=0A= parms=3D"-net $PLUTO_PEER_CLIENT_NET netmask $PLUTO_PEER_CLIENT_MASK"=0A= it=3D"route del $parms 2>&1"=0A= oops=3D"`route del $parms 2>&1`"=0A= ;;=0A= esac=0A= status=3D"$?"=0A= if test " $oops" =3D " " -a " $status" !=3D " 0"=0A= then=0A= oops=3D"silent error, exit status $status"=0A= fi=0A= case "$oops" in=0A= 'SIOCDELRT: No such process'*)=0A= # This is what route (currently -- not documented!) gives=0A= # for "could not find such a route".=0A= oops=3D=0A= status=3D0=0A= ;;=0A= esac=0A= if test " $oops" !=3D " " -o " $status" !=3D " 0"=0A= then=0A= echo "$0: \`$it' failed ($oops)" >&2=0A= fi=0A= exit $status=0A= ;;=0A= route-host:*|route-client:*)=0A= # connection to me or my client subnet being routed=0A= uproute=0A= ;;=0A= unroute-host:*|unroute-client:*)=0A= # connection to me or my client subnet being unrouted=0A= downroute=0A= ;;=0A= up-host:*)=0A= # connection to me coming up=0A= # If you are doing a custom version, firewall commands go here.=0A= ;;=0A= down-host:*)=0A= # connection to me going down=0A= # If you are doing a custom version, firewall commands go here.=0A= ;;=0A= up-client:)=0A= # connection to my client subnet coming up=0A= # If you are doing a custom version, firewall commands go here.=0A= if [ "$PLUTO_MY_PROTOCOL" =3D=3D "6" ] || [ "$PLUTO_MY_PROTOCOL" =3D=3D = "17" ]=0A= then=0A= iptables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \=0A= -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK --sport = $PLUTO_PEER_PORT \=0A= -d $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK --dport = $PLUTO_MY_PORT -j ACCEPT =0A= iptables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \=0A= -s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK --sport = $PLUTO_MY_PORT \=0A= -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK --dport = $PLUTO_PEER_PORT -j ACCEPT=0A= iptables -I FORWARD 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \=0A= -s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK --sport = $PLUTO_MY_PORT \=0A= -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK --dport = $PLUTO_PEER_PORT -j ACCEPT=0A= iptables -I FORWARD 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \=0A= -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK --sport = $PLUTO_PEER_PORT \=0A= -d $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK --dport = $PLUTO_MY_PORT -j ACCEPT=0A= else=0A= iptables -I INPUT 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \=0A= -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK \=0A= -d $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK -j ACCEPT=0A= iptables -I OUTPUT 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \=0A= -s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \=0A= -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK -j ACCEPT=0A= iptables -I FORWARD 1 -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \=0A= -s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \=0A= -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK -j ACCEPT=0A= iptables -I FORWARD 1 -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \=0A= -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK \=0A= -d $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK -j ACCEPT=0A= fi=0A= ;;=0A= down-client:)=0A= # connection to my client subnet going down=0A= # If you are doing a custom version, firewall commands go here.=0A= if [ "$PLUTO_MY_PROTOCOL" =3D=3D "6" ] || [ "$PLUTO_MY_PROTOCOL" =3D=3D = "17" ]=0A= then=0A= iptables -D INPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \=0A= -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK --sport = $PLUTO_PEER_PORT \=0A= -d $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK --dport = $PLUTO_MY_PORT -j ACCEPT=0A= iptables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \=0A= -s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK --sport = $PLUTO_MY_PORT \=0A= -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK --dport = $PLUTO_PEER_PORT -j ACCEPT=0A= iptables -D FORWARD -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \=0A= -s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK --sport = $PLUTO_MY_PORT \=0A= -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK --dport = $PLUTO_PEER_PORT -j ACCEPT=0A= iptables -D FORWARD -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \=0A= -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK --sport = $PLUTO_PEER_PORT \=0A= -d $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK --dport = $PLUTO_MY_PORT -j ACCEPT=0A= else=0A= iptables -D INPUT -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \=0A= -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK \=0A= -d $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK -j ACCEPT=0A= iptables -D OUTPUT -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \=0A= -s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \=0A= -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK -j ACCEPT=0A= iptables -D FORWARD -o $PLUTO_INTERFACE -p $PLUTO_PEER_PROTOCOL \=0A= -s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \=0A= -d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK -j ACCEPT=0A= iptables -D FORWARD -i $PLUTO_INTERFACE -p $PLUTO_MY_PROTOCOL \=0A= -s $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK \=0A= -d $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK -j ACCEPT=0A= fi=0A= ;;=0A= up-client:ipfwadm)=0A= # connection to client subnet, with (left/right)firewall=3Dyes, coming = up=0A= # This is used only by the default updown script, not by your custom=0A= # ones, so do not mess with it; see CAUTION comment up at top.=0A= ipfwadm -F -i accept -b -S $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \=0A= -D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK=0A= ;;=0A= down-client:ipfwadm)=0A= # connection to client subnet, with (left/right)firewall=3Dyes, going = down=0A= # This is used only by the default updown script, not by your custom=0A= # ones, so do not mess with it; see CAUTION comment up at top.=0A= ipfwadm -F -d accept -b -S $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \=0A= -D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK=0A= ;;=0A= *) echo "$0: unknown verb \`$PLUTO_VERB' or parameter \`$1'" >&2=0A= exit 1=0A= ;;=0A= esac=0A= + _________________________ proc/net/dev=0A= + cat /proc/net/dev=0A= Inter-| Receive | = Transmit=0A= face |bytes packets errs drop fifo frame compressed multicast|bytes = packets errs drop fifo colls carrier compressed=0A= lo: 504 6 0 0 0 0 0 0 = 504 6 0 0 0 0 0 0=0A= sit0: 0 0 0 0 0 0 0 0 = 0 0 0 0 0 0 0 0=0A= eth0: 4906223 54184 44 0 0 44 0 0 = 288 4 0 0 0 0 0 0=0A= ppp0: 2830 20 0 0 0 0 0 0 = 1891 15 0 0 0 0 0 0=0A= ipsec0: 0 0 0 0 0 0 0 0 = 0 0 0 0 0 0 0 0=0A= ipsec1: 0 0 0 0 0 0 0 0 = 0 0 0 0 0 0 0 0=0A= ipsec2: 0 0 0 0 0 0 0 0 = 0 0 0 0 0 0 0 0=0A= ipsec3: 0 0 0 0 0 0 0 0 = 0 0 0 0 0 0 0 0=0A= + _________________________ proc/net/route=0A= + cat /proc/net/route=0A= Iface Destination Gateway Flags RefCnt Use Metric Mask MTU Window IRTT = =0A= ppp0 7D425CC3 00000000 0005 0 0 0 FFFFFFFF 40 0 0 = =0A= ipsec0 7D425CC3 00000000 0005 0 0 0 FFFFFFFF 40 0 0 = =0A= ipsec0 00000080 7D425CC3 0003 0 0 0 0000FFFF 40 0 0 = =0A= eth0 0000140A 00000000 0001 0 0 0 0000FFFF 40 0 0 = =0A= ppp0 00000000 7D425CC3 0003 0 0 0 00000000 40 0 0 = =0A= + _________________________ proc/sys/net/ipv4/ip_forward=0A= + cat /proc/sys/net/ipv4/ip_forward=0A= 1=0A= + _________________________ proc/sys/net/ipv4/conf/star-rp_filter=0A= + cd /proc/sys/net/ipv4/conf=0A= + egrep '^' all/rp_filter default/rp_filter eth0/rp_filter = ipsec0/rp_filter lo/rp_filter ppp0/rp_filter=0A= all/rp_filter:0=0A= default/rp_filter:0=0A= eth0/rp_filter:0=0A= ipsec0/rp_filter:0=0A= lo/rp_filter:0=0A= ppp0/rp_filter:0=0A= + _________________________ uname-a=0A= + uname -a=0A= Linux devil 2.4.19-xfs #2 Sat Aug 31 09:15:43 EST 2002 i686 unknown=0A= + _________________________ redhat-release=0A= + test -r /etc/redhat-release=0A= + _________________________ proc/net/ipsec_version=0A= + cat /proc/net/ipsec_version=0A= FreeS/WAN version: 1.98b=0A= + _________________________ iptables/list=0A= + iptables -L -v -n=0A= Chain INPUT (policy ACCEPT 6 packets, 1647 bytes)=0A= pkts bytes target prot opt in out source = destination =0A= =0A= Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)=0A= pkts bytes target prot opt in out source = destination =0A= =0A= Chain OUTPUT (policy ACCEPT 1 packets, 106 bytes)=0A= pkts bytes target prot opt in out source = destination =0A= + _________________________ ipchains/list=0A= + ipchains -L -v -n=0A= /usr/lib/ipsec/barf: ipchains: command not found=0A= + _________________________ ipfwadm/forward=0A= + ipfwadm -F -l -n -e=0A= /usr/lib/ipsec/barf: ipfwadm: command not found=0A= + _________________________ ipfwadm/input=0A= + ipfwadm -I -l -n -e=0A= /usr/lib/ipsec/barf: ipfwadm: command not found=0A= + _________________________ ipfwadm/output=0A= + ipfwadm -O -l -n -e=0A= /usr/lib/ipsec/barf: ipfwadm: command not found=0A= + _________________________ iptables/nat=0A= + iptables -t nat -L -v -n=0A= Chain PREROUTING (policy ACCEPT 31 packets, 5381 bytes)=0A= pkts bytes target prot opt in out source = destination =0A= =0A= Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)=0A= pkts bytes target prot opt in out source = destination =0A= =0A= Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)=0A= pkts bytes target prot opt in out source = destination =0A= + _________________________ ipchains/masq=0A= + ipchains -M -L -v -n=0A= /usr/lib/ipsec/barf: ipchains: command not found=0A= + _________________________ ipfwadm/masq=0A= + ipfwadm -M -l -n -e=0A= /usr/lib/ipsec/barf: ipfwadm: command not found=0A= + _________________________ iptables/mangle=0A= + iptables -t mangle -L -v -n=0A= Chain PREROUTING (policy ACCEPT 33 packets, 6146 bytes)=0A= pkts bytes target prot opt in out source = destination =0A= =0A= Chain INPUT (policy ACCEPT 6 packets, 1647 bytes)=0A= pkts bytes target prot opt in out source = destination =0A= =0A= Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)=0A= pkts bytes target prot opt in out source = destination =0A= =0A= Chain OUTPUT (policy ACCEPT 1 packets, 106 bytes)=0A= pkts bytes target prot opt in out source = destination =0A= =0A= Chain POSTROUTING (policy ACCEPT 1 packets, 106 bytes)=0A= pkts bytes target prot opt in out source = destination =0A= + _________________________ proc/modules=0A= + cat /proc/modules=0A= iptable_mangle 2144 0 (autoclean) (unused)=0A= iptable_nat 19220 0 (autoclean) (unused)=0A= ip_conntrack 20364 1 (autoclean) [iptable_nat]=0A= iptable_filter 1760 0 (autoclean) (unused)=0A= ip_tables 13184 5 [iptable_mangle iptable_nat = iptable_filter]=0A= ipsec 235712 2=0A= ppp_deflate 39904 0 (autoclean)=0A= bsd_comp 4128 0 (autoclean)=0A= ppp_async 6496 1 (autoclean)=0A= ppp_generic 19660 3 (autoclean) [ppp_deflate bsd_comp = ppp_async]=0A= slhc 4528 0 (autoclean) [ppp_generic]=0A= e100 75800 1=0A= + _________________________ proc/meminfo=0A= + cat /proc/meminfo=0A= total: used: free: shared: buffers: cached:=0A= Mem: 129101824 57159680 71942144 0 352256 44802048=0A= Swap: 0 0 0=0A= MemTotal: 126076 kB=0A= MemFree: 70256 kB=0A= MemShared: 0 kB=0A= Buffers: 344 kB=0A= Cached: 43752 kB=0A= SwapCached: 0 kB=0A= Active: 4148 kB=0A= Inactive: 44308 kB=0A= HighTotal: 0 kB=0A= HighFree: 0 kB=0A= LowTotal: 126076 kB=0A= LowFree: 70256 kB=0A= SwapTotal: 0 kB=0A= SwapFree: 0 kB=0A= + _________________________ dev/ipsec-ls=0A= + ls -l '/dev/ipsec*'=0A= ls: /dev/ipsec*: No such file or directory=0A= + _________________________ proc/net/ipsec-ls=0A= + ls -l /proc/net/ipsec_eroute /proc/net/ipsec_klipsdebug = /proc/net/ipsec_spi /proc/net/ipsec_spigrp /proc/net/ipsec_tncfg = /proc/net/ipsec_version=0A= -r--r--r-- 1 root root 0 Nov 28 15:10 = /proc/net/ipsec_eroute=0A= -r--r--r-- 1 root root 0 Nov 28 15:10 = /proc/net/ipsec_klipsdebug=0A= -r--r--r-- 1 root root 0 Nov 28 15:10 = /proc/net/ipsec_spi=0A= -r--r--r-- 1 root root 0 Nov 28 15:10 = /proc/net/ipsec_spigrp=0A= -r--r--r-- 1 root root 0 Nov 28 15:10 = /proc/net/ipsec_tncfg=0A= -r--r--r-- 1 root root 0 Nov 28 15:10 = /proc/net/ipsec_version=0A= + _________________________ usr/src/linux/.config=0A= + test -f /usr/src/linux/.config=0A= + _________________________ etc/syslog.conf=0A= + cat /etc/syslog.conf=0A= cat: /etc/syslog.conf: No such file or directory=0A= + _________________________ etc/resolv.conf=0A= + cat /etc/resolv.conf=0A= search localdomain =0A= nameserver 195.92.195.95=0A= nameserver 195.92.195.94=0A= + _________________________ lib/modules-ls=0A= + ls -ltr /lib/modules=0A= lrwxrwxrwx 1 root root 18 Nov 28 08:33 /lib/modules -> = /cdrom/lib/modules=0A= + _________________________ proc/ksyms-netif_rx=0A= + egrep netif_rx /proc/ksyms=0A= c01feeb0 netif_rx_R73775a25=0A= + _________________________ lib/modules-netif_rx=0A= + modulegoo kernel/net/ipv4/ipip.o netif_rx=0A= + set +x=0A= /usr/lib/ipsec/barf: nm: command not found=0A= + _________________________ kern.debug=0A= + test -f /var/log/kern.debug=0A= + _________________________ klog=0A= + sed -n '1,$p' /dev/null=0A= + egrep -i 'ipsec|klips|pluto'=0A= + cat=0A= + _________________________ plog=0A= + sed -n '1,$p' /dev/null=0A= + egrep -i pluto=0A= + cat=0A= + _________________________ date=0A= + date=0A= Thu Nov 28 15:10:29 GMT 2002=0A= |