Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: lists.freeswan.org > 1998-spring > 98 > 050110.html (Request Expert lists.freeswan.org Support)

linux-ipsec: Second major test of Pluto from the 0.8 release

From: Hugh Daniel <hugh(at)road.toad.com>
Date: Tue May 26 1998 - 06:24:04 EDT


  As requested I have run the tests again and gotten pluto to fail in the same two two ways. First it does not set up a working encrypting tunnel (so that pings from one subnet to the other cross the greater net in the clear) and second one of the pluto daemons dies for unknown reasons when whack is run a second time.   The big difference between this test and the last one I reported here is that I have run this one with both SG's KLIPS debugging turned on.
  The debugging output is labled in five parts, the two plutos, the two KLIPS output logs and the command session where I ran whack twice from. You will find the output of ipsec_systat mixed in three of them giving the general network status.
  Quickly the testing net here is:
sunrise(ping host) - east(SG) -THENET- north(SG) - pole(ping target)

  Enjoy. 

		||ugh Daniel
		hugh@toad.com
			Systems Testing & Project mis-Management
			The Linux FreeS/WAN Project
			
http://www.xs4all.nl/~freeswan


IP addr guide:
north.toad.com		140.174.2.9
  it's subnet		  206.14.61.224 255.255.255.240
  pole.toad.com		  206.14.61.228
east.toad.com		209.157.90.145
  it's subnet		  209.157.90.152 255.255.255.248
  sunrise.toad.com	  209.157.90.153

-------  commands on east.toad.com  ----------------
Script started on Tue May 26 02:47:07 1998 .bashrc@east.toad.com
root@east > sh pluto-ne.rc
: I am east.toad.com
Initiating with 140.174.2.9, port 500 
209.157.90.152
255.255.255.248
206.14.61.224
255.255.255.240

Goal = 7
Done.
root@east > ipsec_systat
# ipsec_systat on east.toad.com at Tue May 26 02:47:58 PDT 1998
Linux east.toad.com 2.0.33 #25 Thu May 7 01:35:15 PDT 1998 i586

# cat /proc/version

Linux version 2.0.33 (root@east.toad.com) (gcc version 2.7.2.1) #25 Thu May 7 01:35:15 PDT 1998

# cat /proc/net/ipsec-eroute

(209.157.90.152/255.255.255.248 -> 206.14.61.224/255.255.255.240) => (140.174.2.9, 0xfffffeff) (209.157.90.152/255.255.255.248 -> 209.157.90.160/255.255.255.248) => (209.157.90.146, 0x00000115)

# cat /proc/net/ipsec-spi 

(140.174.2.9, fffffeff, 1: [209.157.90.145 -> 140.174.2.9])
(140.174.2.9, 00000100, 10: iv = eb 0d 28 4d 51 88 ba a9 seq = 0x00000001, bit = 00000000, win = 32 flags = 2 )
(209.157.90.146, 00000115, 1: [209.157.90.145 -> 209.157.90.146])
(209.157.90.146, 00000113, 10: iv = 00 00 00 00 00 00 00 00 seq = 0x00000000, bit = 00000000, win = 0 flags = 0 )
(209.157.90.145, 00000111, 10: iv = 00 00 00 00 00 00 00 00 seq = 0x00000000, bit = 00000000, win = 0 flags = 0 )
(209.157.90.145, 00000100, 10: iv = 93 53 07 35 dc f3 b2 6a seq = 0x00000001, bit = 00000000, win = 32 flags = 2 )


#  cat /proc/net/dev


Inter-|   Receive                  |  Transmit
 face |packets errs drop fifo frame|packets errs drop fifo colls carrier
    lo:      1    0    0    0    0        1    0    0    0     0    0
 tunl0:      0    0    0    0    0        0    0    0    0     0    0
 tunl1:      0    0    0    0    0        0    0    0    0     0    0
 dummy: No statistics available.
 plip1:      0    0    0    0    0        0    0    0    0     0    0
  eth0:    391    0    0    0    0      289    0    0    0     0    0
  eth1:      1    0    0    0    0        1    0    0    0     0    0
ipsec0:      0    0    0    0    0        0    0    0    0     0    0
ipsec1:      0    0    0    0    0        0    0    0    0     0    0

Do you need help?X

# netstat -nr

Kernel IP routing table 

Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
209.157.90.144  0.0.0.0         255.255.255.248 U      1500 0          0 eth0
209.157.90.160  209.157.90.146  255.255.255.248 UG     1404 0          0 ipsec0
209.157.90.152  0.0.0.0         255.255.255.248 U      1500 0          0 eth1
127.0.0.0       0.0.0.0         255.0.0.0       U      3584 0          0 lo
0.0.0.0         209.157.90.150  0.0.0.0         UG     1500 0          0 eth0


#  ifconfig -a


lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Bcast:127.255.255.255  Mask:255.0.0.0
          UP BROADCAST LOOPBACK RUNNING  MTU:3584  Metric:1
          RX packets:1 errors:0 dropped:0 overruns:0
          TX packets:1 errors:0 dropped:0 overruns:0

eth0      Link encap:10Mbps Ethernet  HWaddr 00:A0:24:D8:51:2F
          inet addr:209.157.90.145  Bcast:209.157.90.151  Mask:255.255.255.248
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:395 errors:0 dropped:0 overruns:0
          TX packets:293 errors:0 dropped:0 overruns:0
          Interrupt:10 Base address:0xfe80 

eth1      Link encap:10Mbps Ethernet  HWaddr 00:A0:24:97:8C:97
          inet addr:209.157.90.158  Bcast:209.157.90.159  Mask:255.255.255.248
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1 errors:0 dropped:0 overruns:0
          TX packets:1 errors:0 dropped:0 overruns:0
          Interrupt:3 Base address:0xff40 

ipsec0    Link encap:IPIP Tunnel  HWaddr 
          inet addr:209.157.90.145  Bcast:209.157.90.255  Mask:255.255.255.248
          UP RUNNING NOARP  MTU:1404  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0

Do you need more help?X

          TX packets:0 errors:0 dropped:0 overruns:0


#  cat /proc/modules


ipsec             19            1


#  cat /proc/meminfo


        total:    used:    free:  shared: buffers:  cached:
Mem:  31739904 10719232 21020672  9830400  1576960  3870720
Swap: 133885952        0 133885952
MemTotal:     30996 kB
MemFree:      20528 kB
MemShared:     9600 kB
Buffers:       1540 kB
Cached:        3780 kB

SwapTotal: 130748 kB
SwapFree: 130748 kB

# cat /proc/net/ip_forward

IP firewall forward rules, default 4

# cat /proc/net/ip_input

IP firewall input rules, default 4

Can we help you?X

# cat /proc/net/ip_output

IP firewall output rules, default 4

# cat /proc/net/route 

Iface   Destination     Gateway         Flags   RefCnt  Use     Metric  Mask            MTU     Window  IRTT                                                       
eth0    905A9DD1        00000000        01      0       1       0       F8FFFFFF        1500    0       0                                                                              
ipsec0  A05A9DD1        925A9DD1        03      0       0       0       F8FFFFFF        1404    0       0                                                                            
eth1    985A9DD1        00000000        01      0       0       0       F8FFFFFF        1500    0       0                                                                              
lo      0000007F        00000000        01      0       1       0       000000FF        3584    0       0                                                                                
eth0    00000000        965A9DD1        03      0       3       0       00000000        1500    0       0

# grep IP /usr/src/linux/.config 

CONFIG_SYSVIPC=y
CONFIG_IP_FORWARD=y
CONFIG_IP_MULTICAST=y
CONFIG_IP_FIREWALL=y
CONFIG_IP_FIREWALL_VERBOSE=y

# CONFIG_IP_MASQUERADE is not set 
CONFIG_IP_ALWAYS_DEFRAG=y
CONFIG_IP_ACCT=y
CONFIG_IP_ROUTER=y
CONFIG_NET_IPIP=m

# CONFIG_IP_ALIAS is not set

CONFIG_IP_NOSR=y
# CONFIG_IPX is not set 
CONFIG_IPSEC=m
CONFIG_IPSEC_IPIP=y
CONFIG_IPSEC_AH=y
CONFIG_IPSEC_AH_HMAC_MD5=y

Can't find what you're looking for?X

CONFIG_IPSEC_AH_HMAC_SHA1=y
CONFIG_IPSEC_AH_MD5=y
CONFIG_IPSEC_ESP=y
CONFIG_IPSEC_ESP_DES_CBC=y
CONFIG_IPSEC_ESP_DES_MD5=y
CONFIG_IPSEC_ESP_3DES_MD5=y
CONFIG_IPSEC_ESP_DES_MD5_96=y
CONFIG_IPSEC_ESP_3DES_MD5_96=y

DEBUG_IPSEC=y
CONFIG_PLIP=y
# CONFIG_SLIP is not set

# tail -256 /var/log/messages | grep "ipsec\|XXX" > /tmp/ipsec_systat.387 

May 26 02:40:41 east kernel: ipsec_callback: could not find a TDB for spi=0x100, daddr=0xd19d5a91, allocating (this is normal)
May 26 02:40:41 east kernel: ipsec_callback: skb=1754284 skblen=104 em_magic=1400332654 em_type=2 em_spi=100
May 26 02:40:41 east kernel: ipsec_callback: could not find a TDB for spi=0x100, daddr=0x8cae0209, allocating (this is normal)
May 26 02:40:41 east kernel: ipsec_callback: skb=1b6b524 skblen=32 em_magic=1400332654 em_type=2 em_spi=fffffeff
May 26 02:40:41 east kernel: ipsec_callback: could not find a TDB for spi=0xfffffeff, daddr=0x8cae0209, allocating (this is normal)
May 26 02:40:41 east kernel: ipsec_callback: skb=1b6c134 skblen=32 em_magic=1400332654 em_type=4 em_spi=fffffeff
May 26 02:40:52 east kernel: ipsec_eroute_get_info: buffer=0x16ab000, *start=0x1, offset=0, length=3072
May 26 02:40:52 east kernel: ipsec_eroute_get_info: buffer=0x1751000, *start=0x804cbd0, offset=194, length=3072
May 26 02:40:52 east kernel: ipsec_spi_get_info: buffer=0x16bc000, *start=0x1, offset=0, length=3072
May 26 02:40:52 east kernel: ipsec_spi_get_info: buffer=0x16ab000, *start=0x804cbd0, offset=625, length=3072
May 26 02:41:24 east kernel: ipsec_callback: skb=fc9e20 skblen=56 em_magic=1400332654 em_type=5 em_spi=c1a0800
May 26 02:41:24 east kernel: ipsec_makeroute: rj_addroute not able to insert eroute for dst=0x902ae8c, spi=-16842753
May 26 02:41:41 east kernel: ipsec_eroute_get_info: buffer=0x16ff000, *start=0x1, offset=0, length=3072
May 26 02:41:41 east kernel: ipsec_eroute_get_info: buffer=0x1790000, *start=0x804cbd0, offset=194, length=3072

Don't know where to look next?X

May 26 02:41:41 east kernel: ipsec_spi_get_info: buffer=0x1750000, *start=0x1, offset=0, length=3072
May 26 02:41:41 east kernel: ipsec_spi_get_info: buffer=0x1750000, *start=0x804cbd0, offset=625, length=3072
May 26 02:45:09 east kernel: ipsec_tunnel_init: tunneling code 0.8
May 26 02:45:09 east kernel: ipsec_tunnel_attach: physical device eth0 being attached has HW address:  0:a0:24:d8:51:2f
May 26 02:47:26 east kernel: ipsec_eroute_get_info: buffer=0x16ce000, *start=0x1, offset=0, length=3072
May 26 02:47:26 east kernel: ipsec_eroute_get_info: buffer=0x1b67000, *start=0x804cbd0, offset=99, length=3072
May 26 02:47:26 east kernel: ipsec_spi_get_info: buffer=0x16cf000, *start=0x1, offset=0, length=3072
May 26 02:47:26 east kernel: ipsec_spi_get_info: buffer=0x16ce000, *start=0x804cbd0, offset=316, length=3072
May 26 02:47:47 east kernel: ipsec_callback: skb=fc9c28 skblen=56 em_magic=1400332654 em_type=5 em_spi=c1a0800
May 26 02:47:47 east kernel: ipsec_callback: skb=1ff6a74 skblen=104 em_magic=1400332654 em_type=2 em_spi=100
May 26 02:47:47 east kernel: ipsec_callback: could not find a TDB for spi=0x100, daddr=0xd19d5a91, allocating (this is normal)
May 26 02:47:47 east kernel: ipsec_callback: skb=16d5284 skblen=104 em_magic=1400332654 em_type=2 em_spi=100
May 26 02:47:47 east kernel: ipsec_callback: could not find a TDB for spi=0x100, daddr=0x8cae0209, allocating (this is normal)
May 26 02:47:47 east kernel: ipsec_callback: skb=1b6b524 skblen=32 em_magic=1400332654 em_type=2 em_spi=fffffeff
May 26 02:47:47 east kernel: ipsec_callback: could not find a TDB for spi=0xfffffeff, daddr=0x8cae0209, allocating (this is normal)
May 26 02:47:47 east kernel: ipsec_callback: skb=1b6c134 skblen=32 em_magic=1400332654 em_type=4 em_spi=fffffeff

Confused? Frustrated?X

May 26 02:47:58 east kernel: ipsec_eroute_get_info: buffer=0x164c000, *start=0x1, offset=0, length=3072

# ipsec_systat finished at Tue May 26 02:47:59 PDT 1998
root@east > # three pings from sunrise to pole in the clear root@east > # three pings from sunrise to pole in the clearroot@east > ipsec_systat sh pluto-ne.rc : I am east.toad.com
Initiating with 140.174.2.9, port 500 

209.157.90.152
255.255.255.248
206.14.61.224
255.255.255.240

Goal = 7
Done.
root@east > # pluto on east crashes with errno 22 root@east > exit

Script done on Tue May 26 02:50:46 1998

  • pluto on east.toad.com (where I ran whack) ---------------- Script started on Tue May 26 02:47:21 1998 .bashrc@east.toad.com root@east > ipsec_systat
    # ipsec_systat on east.toad.com at Tue May 26 02:47:26 PDT 1998
    Linux east.toad.com 2.0.33 #25 Thu May 7 01:35:15 PDT 1998 i586

# cat /proc/version

Linux version 2.0.33 (root@east.toad.com) (gcc version 2.7.2.1) #25 Thu May 7 01:35:15 PDT 1998

# cat /proc/net/ipsec-eroute

(209.157.90.152/255.255.255.248 -> 209.157.90.160/255.255.255.248) => (209.157.90.146, 0x00000115)

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365X

# cat /proc/net/ipsec-spi 

(209.157.90.146, 00000115, 1: [209.157.90.145 -> 209.157.90.146])
(209.157.90.146, 00000113, 10: iv = 00 00 00 00 00 00 00 00 seq = 0x00000000, bit = 00000000, win = 0 flags = 0 )
(209.157.90.145, 00000111, 10: iv = 00 00 00 00 00 00 00 00 seq = 0x00000000, bit = 00000000, win = 0 flags = 0 )


#  cat /proc/net/dev


Inter-|   Receive                  |  Transmit
 face |packets errs drop fifo frame|packets errs drop fifo colls carrier
    lo:      0    0    0    0    0        0    0    0    0     0    0
 tunl0:      0    0    0    0    0        0    0    0    0     0    0
 tunl1:      0    0    0    0    0        0    0    0    0     0    0
 dummy: No statistics available.
 plip1:      0    0    0    0    0        0    0    0    0     0    0
  eth0:    243    0    0    0    0      157    0    0    0     0    0
  eth1:      1    0    0    0    0        1    0    0    0     0    0
ipsec0:      0    0    0    0    0        0    0    0    0     0    0
ipsec1:      0    0    0    0    0        0    0    0    0     0    0

# netstat -nr

Kernel IP routing table 

Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
209.157.90.144  0.0.0.0         255.255.255.248 U      1500 0          0 eth0
209.157.90.160  209.157.90.146  255.255.255.248 UG     1404 0          0 ipsec0
209.157.90.152  0.0.0.0         255.255.255.248 U      1500 0          0 eth1
127.0.0.0       0.0.0.0         255.0.0.0       U      3584 0          0 lo
0.0.0.0         209.157.90.150  0.0.0.0         UG     1500 0          0 eth0

Do you need help?X



#  ifconfig -a


lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Bcast:127.255.255.255  Mask:255.0.0.0
          UP BROADCAST LOOPBACK RUNNING  MTU:3584  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0
          TX packets:0 errors:0 dropped:0 overruns:0

eth0      Link encap:10Mbps Ethernet  HWaddr 00:A0:24:D8:51:2F
          inet addr:209.157.90.145  Bcast:209.157.90.151  Mask:255.255.255.248
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:247 errors:0 dropped:0 overruns:0
          TX packets:161 errors:0 dropped:0 overruns:0
          Interrupt:10 Base address:0xfe80 

eth1      Link encap:10Mbps Ethernet  HWaddr 00:A0:24:97:8C:97
          inet addr:209.157.90.158  Bcast:209.157.90.159  Mask:255.255.255.248
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1 errors:0 dropped:0 overruns:0
          TX packets:1 errors:0 dropped:0 overruns:0
          Interrupt:3 Base address:0xff40 

ipsec0    Link encap:IPIP Tunnel  HWaddr 
          inet addr:209.157.90.145  Bcast:209.157.90.255  Mask:255.255.255.248
          UP RUNNING NOARP  MTU:1404  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0
          TX packets:0 errors:0 dropped:0 overruns:0


#  cat /proc/modules


ipsec             19            1


#  cat /proc/meminfo


        total:    used:    free:  shared: buffers:  cached:
Mem:  31739904 10219520 21520384  9437184  1511424  3624960
Swap: 133885952        0 133885952
MemTotal:     30996 kB
MemFree:      21016 kB
MemShared:     9216 kB
Buffers:       1476 kB
Cached:        3540 kB

SwapTotal: 130748 kB
SwapFree: 130748 kB

# cat /proc/net/ip_forward

IP firewall forward rules, default 4

# cat /proc/net/ip_input

IP firewall input rules, default 4

# cat /proc/net/ip_output

IP firewall output rules, default 4

# cat /proc/net/route 

Iface   Destination     Gateway         Flags   RefCnt  Use     Metric  Mask            MTU     Window  IRTT                                                       

Do you need more help?X

eth0    905A9DD1        00000000        01      0       1       0       F8FFFFFF        1500    0       0                                                                              
ipsec0  A05A9DD1        925A9DD1        03      0       0       0       F8FFFFFF        1404    0       0                                                                            
eth1    985A9DD1        00000000        01      0       0       0       F8FFFFFF        1500    0       0                                                                              
lo      0000007F        00000000        01      0       0       0       000000FF        3584    0       0                                                                                
eth0    00000000        965A9DD1        03      0       2       0       00000000        1500    0       0

# grep IP /usr/src/linux/.config 

CONFIG_SYSVIPC=y
CONFIG_IP_FORWARD=y
CONFIG_IP_MULTICAST=y
CONFIG_IP_FIREWALL=y
CONFIG_IP_FIREWALL_VERBOSE=y

# CONFIG_IP_MASQUERADE is not set 
CONFIG_IP_ALWAYS_DEFRAG=y
CONFIG_IP_ACCT=y
CONFIG_IP_ROUTER=y
CONFIG_NET_IPIP=m

# CONFIG_IP_ALIAS is not set

CONFIG_IP_NOSR=y
# CONFIG_IPX is not set 
CONFIG_IPSEC=m
CONFIG_IPSEC_IPIP=y
CONFIG_IPSEC_AH=y
CONFIG_IPSEC_AH_HMAC_MD5=y
CONFIG_IPSEC_AH_HMAC_SHA1=y
CONFIG_IPSEC_AH_MD5=y
CONFIG_IPSEC_ESP=y
CONFIG_IPSEC_ESP_DES_CBC=y
CONFIG_IPSEC_ESP_DES_MD5=y
CONFIG_IPSEC_ESP_3DES_MD5=y
CONFIG_IPSEC_ESP_DES_MD5_96=y
CONFIG_IPSEC_ESP_3DES_MD5_96=y

DEBUG_IPSEC=y
CONFIG_PLIP=y
# CONFIG_SLIP is not set

# tail -256 /var/log/messages | grep "ipsec\|XXX" > /tmp/ipsec_systat.354 

May 26 02:36:20 east kernel: ipsec_tunnel_init: tunneling code 0.8
May 26 02:36:21 east kernel: ipsec_tunnel_attach: physical device eth0 being attached has HW address:  0:a0:24:d8:51:2f
May 26 02:39:59 east kernel: ipsec_eroute_get_info: buffer=0x1740000, *start=0x1, offset=0, length=3072
May 26 02:39:59 east kernel: ipsec_eroute_get_info: buffer=0x1b67000, *start=0x804cbd0, offset=99, length=3072

Can't find what you're looking for?X

May 26 02:39:59 east kernel: ipsec_spi_get_info: buffer=0x1741000, *start=0x1, offset=0, length=3072
May 26 02:39:59 east kernel: ipsec_spi_get_info: buffer=0x1740000, *start=0x804cbd0, offset=316, length=3072
May 26 02:40:41 east kernel: ipsec_callback: skb=fc9d24 skblen=56 em_magic=1400332654 em_type=5 em_spi=c1a0800
May 26 02:40:41 east kernel: ipsec_callback: skb=1ff6a74 skblen=104 em_magic=1400332654 em_type=2 em_spi=100
May 26 02:40:41 east kernel: ipsec_callback: could not find a TDB for spi=0x100, daddr=0xd19d5a91, allocating (this is normal)
May 26 02:40:41 east kernel: ipsec_callback: skb=1754284 skblen=104 em_magic=1400332654 em_type=2 em_spi=100
May 26 02:40:41 east kernel: ipsec_callback: could not find a TDB for spi=0x100, daddr=0x8cae0209, allocating (this is normal)
May 26 02:40:41 east kernel: ipsec_callback: skb=1b6b524 skblen=32 em_magic=1400332654 em_type=2 em_spi=fffffeff
May 26 02:40:41 east kernel: ipsec_callback: could not find a TDB for spi=0xfffffeff, daddr=0x8cae0209, allocating (this is normal)
May 26 02:40:41 east kernel: ipsec_callback: skb=1b6c134 skblen=32 em_magic=1400332654 em_type=4 em_spi=fffffeff
May 26 02:40:52 east kernel: ipsec_eroute_get_info: buffer=0x16ab000, *start=0x1, offset=0, length=3072
May 26 02:40:52 east kernel: ipsec_eroute_get_info: buffer=0x1751000, *start=0x804cbd0, offset=194, length=3072
May 26 02:40:52 east kernel: ipsec_spi_get_info: buffer=0x16bc000, *start=0x1, offset=0, length=3072
May 26 02:40:52 east kernel: ipsec_spi_get_info: buffer=0x16ab000, *start=0x804cbd0, offset=625, length=3072
May 26 02:41:24 east kernel: ipsec_callback: skb=fc9e20 skblen=56 em_magic=1400332654 em_type=5 em_spi=c1a0800

Don't know where to look next?X

May 26 02:41:24 east kernel: ipsec_makeroute: rj_addroute not able to insert eroute for dst=0x902ae8c, spi=-16842753
May 26 02:41:41 east kernel: ipsec_eroute_get_info: buffer=0x16ff000, *start=0x1, offset=0, length=3072
May 26 02:41:41 east kernel: ipsec_eroute_get_info: buffer=0x1790000, *start=0x804cbd0, offset=194, length=3072
May 26 02:41:41 east kernel: ipsec_spi_get_info: buffer=0x1750000, *start=0x1, offset=0, length=3072
May 26 02:41:41 east kernel: ipsec_spi_get_info: buffer=0x1750000, *start=0x804cbd0, offset=625, length=3072
May 26 02:45:09 east kernel: ipsec_tunnel_init: tunneling code 0.8
May 26 02:45:09 east kernel: ipsec_tunnel_attach: physical device eth0 being attached has HW address:  0:a0:24:d8:51:2f
May 26 02:47:26 east kernel: ipsec_eroute_get_info: buffer=0x16ce000, *start=0x1, offset=0, length=3072
Can we help you?X

# ipsec_systat finished at Tue May 26 02:47:27 PDT 1998
root@east > pluto
opening /dev/urandom
inserting event EVENT_REINIT_SECRET, timeout in 3600 seconds init_socket(): listening to port 500 

listening at 127.0.0.1
listening at 209.157.90.145
listening at 209.157.90.158
listening at 209.157.90.145

listening at 4 interfaces
init_kernelfd(): listening to port 501
socket numbers:
4 5 6 7 8
kernel socket: 9
next event EVENT_REINIT_SECRET in 3600 seconds ((nil)/0)

received kernel message
read 84 bytes from "kernel" socket
initiating exchange with [140.174.2.9], port 500, goal GOAL_ENCRYPT+GOAL_AUTHENTICATE+GOAL_TUNNEL Proxying: 209.157.90.152/255.255.255.248<--->206.14.61.224/255.255.255.240 emit ISAKMP Message:
  initiator cookie: 4e a7 c9 67 cc ce 99 cb   responder cookie: 00 00 00 00 00 00 00 00   next payload type: ISAKMP_NEXT_SA
  ISAKMP version: ISAKMP Version 1.0
  exchange type: ISAKMP_XCHG_IDPROT
  flags: none
  message ID: 00 00 00 00
emit ISAKMP Security Association Payload:   next payload type: ISAKMP_NEXT_NONE
  DOI: ISAKMP_DOI_IPSEC
emit IPsec DOI SIT:
  IPsec DOI SIT: SIT_IDENTITY_ONLY
emit ISAKMP Proposal Payload:
  next payload type: ISAKMP_NEXT_NONE
  proposal number: 0
  protocol ID: PROTO_ISAKMP
  SPI size: 0
  number of transforms: 4
emit ISAKMP Transform Payload (ISAKMP):
  next payload type: ISAKMP_NEXT_T
  transform number: 0
  transform ID: KEY_IKE
emit ISAKMP Oakley attribute:
  af+type: OAKLEY_ENCRYPTION_ALGORITHM
  length/value: 1
  [1 is OAKLEY_DES_CBC]
emit ISAKMP Oakley attribute:
  af+type: OAKLEY_HASH_ALGORITHM
  length/value: 3
  [3 is OAKLEY_TIGER]
emit ISAKMP Oakley attribute:
  af+type: OAKLEY_AUTHENTICATION_METHOD
  length/value: 1
  [1 is OAKLEY_PRESHARED_KEY]
emit ISAKMP Oakley attribute:
  af+type: OAKLEY_GROUP_DESCRIPTION
  length/value: 2
  [2 is OAKLEY_GROUP_MODP1024]
emit ISAKMP Oakley attribute:
  af+type: OAKLEY_LIFE_TYPE
  length/value: 1
  [1 is OAKLEY_LIFE_SECONDS]
emit ISAKMP Oakley attribute:
  af+type: OAKLEY_LIFE_DURATION
  length/value: 3600
emitting length of ISAKMP Transform Payload (ISAKMP): 32 emit ISAKMP Transform Payload (ISAKMP):
  next payload type: ISAKMP_NEXT_T
  transform number: 1
  transform ID: KEY_IKE
emit ISAKMP Oakley attribute:
  af+type: OAKLEY_ENCRYPTION_ALGORITHM
  length/value: 1
  [1 is OAKLEY_DES_CBC]
emit ISAKMP Oakley attribute:
  af+type: OAKLEY_HASH_ALGORITHM
  length/value: 2
  [2 is OAKLEY_SHA]
emit ISAKMP Oakley attribute:
  af+type: OAKLEY_AUTHENTICATION_METHOD
  length/value: 1
  [1 is OAKLEY_PRESHARED_KEY]
emit ISAKMP Oakley attribute:
  af+type: OAKLEY_GROUP_DESCRIPTION
  length/value: 2
  [2 is OAKLEY_GROUP_MODP1024]
emit ISAKMP Oakley attribute:
  af+type: OAKLEY_LIFE_TYPE
  length/value: 1
  [1 is OAKLEY_LIFE_SECONDS]
emit ISAKMP Oakley attribute:
  af+type: OAKLEY_LIFE_DURATION
  length/value: 3600
emitting length of ISAKMP Transform Payload (ISAKMP): 32 emit ISAKMP Transform Payload (ISAKMP):
  next payload type: ISAKMP_NEXT_T
  transform number: 2
  transform ID: KEY_IKE
emit ISAKMP Oakley attribute:
  af+type: OAKLEY_ENCRYPTION_ALGORITHM
  length/value: 1
  [1 is OAKLEY_DES_CBC]
emit ISAKMP Oakley attribute:
  af+type: OAKLEY_HASH_ALGORITHM
  length/value: 1
  [1 is OAKLEY_MD5]
emit ISAKMP Oakley attribute:
  af+type: OAKLEY_AUTHENTICATION_METHOD
  length/value: 1
  [1 is OAKLEY_PRESHARED_KEY]
emit ISAKMP Oakley attribute:
  af+type: OAKLEY_GROUP_DESCRIPTION
  length/value: 2
  [2 is OAKLEY_GROUP_MODP1024]
emit ISAKMP Oakley attribute:
  af+type: OAKLEY_LIFE_TYPE
  length/value: 1
  [1 is OAKLEY_LIFE_SECONDS]
emit ISAKMP Oakley attribute:
  af+type: OAKLEY_LIFE_DURATION
  length/value: 3600
emitting length of ISAKMP Transform Payload (ISAKMP): 32 emit ISAKMP Transform Payload (ISAKMP):
  next payload type: ISAKMP_NEXT_NONE
  transform number: 3
  transform ID: KEY_IKE
emit ISAKMP Oakley attribute:
  af+type: OAKLEY_ENCRYPTION_ALGORITHM
  length/value: 1
  [1 is OAKLEY_DES_CBC]
emit ISAKMP Oakley attribute:
  af+type: OAKLEY_HASH_ALGORITHM
  length/value: 1
  [1 is OAKLEY_MD5]
emit ISAKMP Oakley attribute:
  af+type: OAKLEY_AUTHENTICATION_METHOD
  length/value: 1
  [1 is OAKLEY_PRESHARED_KEY]
emit ISAKMP Oakley attribute:
  af+type: OAKLEY_GROUP_DESCRIPTION
  length/value: 1
  [1 is OAKLEY_GROUP_MODP768]
emit ISAKMP Oakley attribute:
  af+type: OAKLEY_LIFE_TYPE
  length/value: 1
  [1 is OAKLEY_LIFE_SECONDS]
emit ISAKMP Oakley attribute:
  af+type: OAKLEY_LIFE_DURATION
  length/value: 3600
emitting length of ISAKMP Transform Payload (ISAKMP): 32 emitting length of ISAKMP Proposal Payload: 136 emitting length of ISAKMP Security Association Payload: 148 emitting length of ISAKMP Message: 176
transmitted 176 bytes
inserting event EVENT_RETRANSMIT, timeout in 30 seconds next event EVENT_RETRANSMIT in 30 seconds (0x8066640/0)

received packet
read 80 bytes from 140.174.2.9, port 500   4e a7 c9 67 cc ce 99 cb c4 0f cd 42 30 a3 8c cf   01 10 02 00 00 00 00 00 00 00 00 50 00 00 00 34   00 00 00 01 00 00 00 01 00 00 00 28 00 01 00 01   00 00 00 20 01 01 00 00 80 01 00 01 80 02 00 02   80 03 00 01 80 04 00 02 80 0b 00 01 80 0c 0e 10 parse ISAKMP Message:
  initiator cookie: 4e a7 c9 67 cc ce 99 cb   responder cookie: c4 0f cd 42 30 a3 8c cf   next payload type: ISAKMP_NEXT_SA
  ISAKMP version: ISAKMP Version 1.0
  exchange type: ISAKMP_XCHG_IDPROT
  flags: none
  message ID: 00 00 00 00
  length: 80
full state not found
parse ISAKMP Generic Payload:
  next payload type: ISAKMP_NEXT_NONE
  length: 52
half state found, state OAKLEY_MAIN_I_1
parse ISAKMP Security Association Payload:   next payload type: ISAKMP_NEXT_NONE
  length: 52
  DOI: ISAKMP_DOI_IPSEC
parse IPsec DOI SIT:
  IPsec DOI SIT: SIT_IDENTITY_ONLY
parse ISAKMP Proposal Payload:
  next payload type: ISAKMP_NEXT_NONE
  length: 40
  proposal number: 0
  protocol ID: PROTO_ISAKMP
  SPI size: 0
  number of transforms: 1
parse ISAKMP Transform Payload (ISAKMP):   next payload type: ISAKMP_NEXT_NONE
  length: 32
  transform number: 1
  transform ID: KEY_IKE
parse ISAKMP Oakley attribute:
  af+type: OAKLEY_ENCRYPTION_ALGORITHM
  length/value: 1
  [1 is OAKLEY_DES_CBC]
parse ISAKMP Oakley attribute:
  af+type: OAKLEY_HASH_ALGORITHM
  length/value: 2
  [2 is OAKLEY_SHA]
parse ISAKMP Oakley attribute:
  af+type: OAKLEY_AUTHENTICATION_METHOD
  length/value: 1
  [1 is OAKLEY_PRESHARED_KEY]
opening ./isakmp-secrets
secret used is [this is a test], length = 14 parse ISAKMP Oakley attribute:
  af+type: OAKLEY_GROUP_DESCRIPTION
  length/value: 2
  [2 is OAKLEY_GROUP_MODP1024]
parse ISAKMP Oakley attribute:
  af+type: OAKLEY_LIFE_TYPE
  length/value: 1
  [1 is OAKLEY_LIFE_SECONDS]
parse ISAKMP Oakley attribute:
  af+type: OAKLEY_LIFE_DURATION
  length/value: 3600
Oakley Transform 1 accepted
copying 40 bytes of proposal into state object Local secret: 59ae940b72ce22c52e4b347d0736d5c6d08badb6978233a0d9aa161eacc5f8e Public value sent: 7a137f9fb4466d68bc68bbf91562a7470bcd30f5155251e0730c7f02d9bea14b75edf1349c05a0113d2cc6325a3bbf1741961760dd27889c7310da99a79c178a178307fe33146ed11e693dd8e5a618848eaa610e05e73e81bde2660a25d6a7fb6e3f46f9674aaa959e97d8f0456bf4208316e3e69f266799c8aefd84586c8370 emit ISAKMP Message:
  initiator cookie: 4e a7 c9 67 cc ce 99 cb   responder cookie: c4 0f cd 42 30 a3 8c cf   next payload type: ISAKMP_NEXT_KE
  ISAKMP version: ISAKMP Version 1.0
  exchange type: ISAKMP_XCHG_IDPROT
  flags: none
  message ID: 00 00 00 00
emit ISAKMP Key Exchange Payload:
  next payload type: ISAKMP_NEXT_NONCE
emitting 128 raw bytes of keyex value into ISAKMP Key Exchange Payload keyex value 7a 13 7f 9f b4 46 6d 68 bc 68 bb f9 15 62 a7 47   0b cd 30 f5 15 52 51 e0 73 0c 7f 02 d9 be a1 4b   75 ed f1 34 9c 05 a0 11 3d 2c c6 32 5a 3b bf 17   41 96 17 60 dd 27 88 9c 73 10 da 99 a7 9c 17 8a   17 83 07 fe 33 14 6e d1 1e 69 3d d8 e5 a6 18 84   8e aa 61 0e 05 e7 3e 81 bd e2 66 0a 25 d6 a7 fb   6e 3f 46 f9 67 4a aa 95 9e 97 d8 f0 45 6b f4 20   83 16 e3 e6 9f 26 67 99 c8 ae fd 84 58 6c 83 70 emitting length of ISAKMP Key Exchange Payload: 132 emit ISAKMP Nonce Payload:
  next payload type: ISAKMP_NEXT_NONE
emitting 16 raw bytes of nonce value into ISAKMP Nonce Payload nonce value b9 b7 71 b1 90 97 ef 42 4f 80 95 67 48 fc b0 5e emitting length of ISAKMP Nonce Payload: 20 emitting length of ISAKMP Message: 180
my identity is 209.157.90.145
sending:
  4e a7 c9 67 cc ce 99 cb c4 0f cd 42 30 a3 8c cf   04 10 02 00 00 00 00 00 00 00 00 b4 0a 00 00 84   7a 13 7f 9f b4 46 6d 68 bc 68 bb f9 15 62 a7 47   0b cd 30 f5 15 52 51 e0 73 0c 7f 02 d9 be a1 4b   75 ed f1 34 9c 05 a0 11 3d 2c c6 32 5a 3b bf 17   41 96 17 60 dd 27 88 9c 73 10 da 99 a7 9c 17 8a   17 83 07 fe 33 14 6e d1 1e 69 3d d8 e5 a6 18 84   8e aa 61 0e 05 e7 3e 81 bd e2 66 0a 25 d6 a7 fb   6e 3f 46 f9 67 4a aa 95 9e 97 d8 f0 45 6b f4 20   83 16 e3 e6 9f 26 67 99 c8 ae fd 84 58 6c 83 70   00 00 00 14 b9 b7 71 b1 90 97 ef 42 4f 80 95 67   48 fc b0 5e
transmitted 180 bytes
inserting event EVENT_RETRANSMIT, timeout in 30 seconds next event EVENT_RETRANSMIT in 30 seconds (0x8066640/0)

received packet
read 180 bytes from 140.174.2.9, port 500   4e a7 c9 67 cc ce 99 cb c4 0f cd 42 30 a3 8c cf   04 10 02 00 00 00 00 00 00 00 00 b4 0a 00 00 84   47 1f f8 10 ee 90 ab 59 50 b9 9a 81 ee 46 c8 3a   80 1e f2 73 32 12 ad ff 89 68 12 b2 fd 84 bf 2c   68 6c 43 10 34 11 26 c2 6c 6b 9c f7 c2 9b d9 43   f7 e8 ee d0 61 cd a8 3e 06 e7 0e 61 e4 e5 79 e5   b9 5a 2c de 97 8d 26 9a 9c 82 2c bd e6 23 a9 01   4a 64 6f 0c e2 57 de e6 0b 30 58 e2 65 46 c8 30   bb a3 29 28 ae b5 62 e4 1c 02 5f 88 21 1e ce c8   c3 d8 7c 14 28 9b ec 6e 10 be 85 67 96 1f c1 06   00 00 00 14 70 ab 5d 02 88 bc b4 74 c9 66 0c 97   b3 c8 d4 59
parse ISAKMP Message:
  initiator cookie: 4e a7 c9 67 cc ce 99 cb   responder cookie: c4 0f cd 42 30 a3 8c cf   next payload type: ISAKMP_NEXT_KE
  ISAKMP version: ISAKMP Version 1.0
  exchange type: ISAKMP_XCHG_IDPROT
  flags: none
  message ID: 00 00 00 00
  length: 180
full state found, state OAKLEY_MAIN_I_2
parse ISAKMP Generic Payload:
  next payload type: ISAKMP_NEXT_NONCE
  length: 132
parse ISAKMP Generic Payload:
  next payload type: ISAKMP_NEXT_NONE
  length: 20
parse ISAKMP Key Exchange Payload:
  next payload type: ISAKMP_NEXT_NONCE
  length: 132
parse ISAKMP Nonce Payload:
  next payload type: ISAKMP_NEXT_NONE
  length: 20
public value received: 471ff810ee90ab5950b99a81ee46c83a801ef2733212adff896812b2fd84bf2c686c4310341126c26c6b9cf7c29bd943f7e8eed061cda83e06e70e61e4e579e5b95a2cde978d269a9c822cbde623a9014a646f0ce257dee60b3058e26546c830bba32928aeb562e41c025f88211ecec8c3d87c14289bec6e10be8567961fc106 shared secret: 9ac341b95d837369a03a23c86fed455cb617ea8a9545c528b7c235b2e95a3fbdccc7fd29ee24dfd829437ed79168bd3eea5d08beec963191869c077c20affbc25484471aa1c078c6c39cfb77b2bad4734c681032527d8a659b478acd2ec489254fa126cb8e723ea1aa8dc055f1e136d26881634fecd9bfac8d8d19f7c01511b9 opening ./isakmp-secrets
secret used is [this is a test], length = 14 size of g^xy is 128
Skeyid: f1 3a f8 99 33 2f b1 f2 6f 77 ac 43 93 bd 01 81   04 9e 7b c4
Skeyid_d: 95 a5 39 0a 9f 94 d3 73 4b e4 ac 10 e3 24 83 c7   ac 27 b1 a7
Skeyid_a: 35 a0 1c 75 49 26 11 70 19 57 95 dc 04 26 58 72   2c 7c e2 23
Skeyid_e: 6c 06 f3 df 0c fc 4e 61 c1 89 4b f9 31 0d 98 fa   11 65 19 75
IV: bb 55 c0 65 87 ff 53 9f e4 2b 3e e8 6c 1b a3 4e   ce b5 42 ed
emit ISAKMP Message:
  initiator cookie: 4e a7 c9 67 cc ce 99 cb   responder cookie: c4 0f cd 42 30 a3 8c cf   next payload type: ISAKMP_NEXT_ID
  ISAKMP version: ISAKMP Version 1.0
  exchange type: ISAKMP_XCHG_IDPROT
  flags: ISAKMP_FLAG_ENCRYPTION
  message ID: 00 00 00 00
emit ISAKMP Identification Payload (IPsec DOI):   next payload type: ISAKMP_NEXT_HASH
  ID type: ID_IPV4_ADDR
  Protocol ID: 0
  port: 0
emitting 4 raw bytes of my identity into ISAKMP Identification Payload (IPsec DOI) my identity d1 9d 5a 91
emitting length of ISAKMP Identification Payload (IPsec DOI): 12 hashing 48 bytes of SA
Hashing my ID: Type ID_IPV4_ADDR, Protocol 0, Port 0 HASH_I sent: f7 6a 36 78 d1 f9 58 dd 11 ed e9 38 3a 1d ec 69   d5 c3 61 9b
emit ISAKMP Hash Payload:
  next payload type: ISAKMP_NEXT_NONE
emitting 20 raw bytes of HASH_I into ISAKMP Hash Payload HASH_I f7 6a 36 78 d1 f9 58 dd 11 ed e9 38 3a 1d ec 69   d5 c3 61 9b
emitting length of ISAKMP Hash Payload: 24 encrypting:
  08 00 00 0c 01 00 00 00 d1 9d 5a 91 00 00 00 18   f7 6a 36 78 d1 f9 58 dd 11 ed e9 38 3a 1d ec 69   d5 c3 61 9b
emitting 4 zero bytes of encryption padding into ISAKMP Message encrypting using OAKLEY_DES_CBC
new IV: 1d 81 f0 d9 53 93 1a ff
emitting length of ISAKMP Message: 68
sending:
  4e a7 c9 67 cc ce 99 cb c4 0f cd 42 30 a3 8c cf   05 10 02 01 00 00 00 00 00 00 00 44 64 f1 22 b4   39 c0 26 7f cd 3e 94 7d 68 1c f1 7b 87 35 81 e7   97 9d e5 1e 63 dc a0 59 70 7d 01 e7 1d 81 f0 d9   53 93 1a ff
transmitted 68 bytes
inserting event EVENT_RETRANSMIT, timeout in 30 seconds next event EVENT_RETRANSMIT in 30 seconds (0x8066640/0)

received packet
read 68 bytes from 140.174.2.9, port 500   4e a7 c9 67 cc ce 99 cb c4 0f cd 42 30 a3 8c cf   05 10 02 01 00 00 00 00 00 00 00 44 0a 0b 16 cc   09 13 32 4c 22 4b 54 52 c9 86 56 e5 54 c9 5e ad   37 73 bf 9a 87 0f 11 be 00 6a 8d 21 c8 00 1d 67   90 a2 90 56
parse ISAKMP Message:
  initiator cookie: 4e a7 c9 67 cc ce 99 cb   responder cookie: c4 0f cd 42 30 a3 8c cf   next payload type: ISAKMP_NEXT_ID
  ISAKMP version: ISAKMP Version 1.0
  exchange type: ISAKMP_XCHG_IDPROT
  flags: ISAKMP_FLAG_ENCRYPTION
  message ID: 00 00 00 00
  length: 68
full state found, state OAKLEY_MAIN_I_3
received encrypted packet from 140.174.2.9, port 500 decrypting 40 bytes using algorithm OAKLEY_DES_CBC keeping last 8 bytes, just in case
new IV: c8 00 1d 67 90 a2 90 56
decrypted:
  08 00 00 0c 01 00 00 00 8c ae 02 09 00 00 00 18   dd 2c a4 96 1d 30 19 96 65 5a 7c 83 26 0f 06 0f   c2 d9 8e cc 00 00 00 00
parse ISAKMP Generic Payload:
  next payload type: ISAKMP_NEXT_HASH
  length: 12
parse ISAKMP Generic Payload:
  next payload type: ISAKMP_NEXT_NONE
  length: 24
removing 4 bytes of padding
last encrypted Phase 1 block: c8 00 1d 67 90 a2 90 56 parse ISAKMP Identification Payload (IPsec DOI):   next payload type: ISAKMP_NEXT_HASH
  length: 12
  ID type: ID_IPV4_ADDR
  Protocol ID: 0
  port: 0
IDir type is ID_IPV4_ADDR: 140.174.2.9
parse ISAKMP Hash Payload:
  next payload type: ISAKMP_NEXT_NONE
  length: 24
hashing 48 bytes of SA
Hashing his ID: Type ID_IPV4_ADDR, Protocol 0, Port 0 computed HASH_R: dd 2c a4 96 1d 30 19 96 65 5a 7c 83 26 0f 06 0f   c2 d9 8e cc
received HASH_R: dd 2c a4 96 1d 30 19 96 65 5a 7c 83 26 0f 06 0f   c2 d9 8e cc
Doing Quick Mode with 140.174.2.9, port 500, goal GOAL_ENCRYPT+GOAL_AUTHENTICATE+GOAL_TUNNEL find_messageid(): search failed, no structure for 140.174.2.9, port 500 inserting messageid structure for 140.174.2.9, port 500 MSG-ID is 0x00000001
emit ISAKMP Message:
  initiator cookie: 4e a7 c9 67 cc ce 99 cb   responder cookie: c4 0f cd 42 30 a3 8c cf   next payload type: ISAKMP_NEXT_HASH
  ISAKMP version: ISAKMP Version 1.0
  exchange type: ISAKMP_XCHG_QUICK
  flags: ISAKMP_FLAG_ENCRYPTION
  message ID: 01 00 00 00
emit ISAKMP Hash Payload:
  next payload type: ISAKMP_NEXT_SA
emitting 20 zero bytes of HASH(1) into ISAKMP Hash Payload emitting length of ISAKMP Hash Payload: 24 Protocol: PROTO_IPSEC_ESP
IPsec SPI sent: 00 00 01 00
Transform: ESP_3DES
SA lifetime (seconds): 28800
Encapsulation mode: ENCAPSULATION_MODE_TUNNEL AUTH algorithm: AUTH_ALGORITHM_HMAC_MD5
raw proposal:
  00 00 00 24 01 03 04 01 00 00 01 00 00 00 00 18   01 03 00 00 80 01 00 01 80 02 70 80 80 04 00 01   80 05 00 01
emitting 48 raw bytes of SA payload into ISAKMP Message SA payload 0a 00 00 30 00 00 00 01 00 00 00 01 00 00 00 24   01 03 04 01 00 00 01 00 00 00 00 18 01 03 00 00   80 01 00 01 80 02 70 80 80 04 00 01 80 05 00 01 emit ISAKMP Nonce Payload:
  next payload type: ISAKMP_NEXT_ID
emitting 16 raw bytes of nonce value into ISAKMP Nonce Payload nonce value 30 c5 d8 02 e8 e6 8c e8 29 43 ee 5f 0b 11 28 e1 emitting length of ISAKMP Nonce Payload: 20 Ni sent: 30 c5 d8 02 e8 e6 8c e8 29 43 ee 5f 0b 11 28 e1 emit ISAKMP Identification Payload (IPsec DOI):   next payload type: ISAKMP_NEXT_ID
  ID type: ID_IPV4_ADDR_SUBNET
  Protocol ID: 0
  port: 0
emitting 4 raw bytes of initiator's client network into ISAKMP Identification Payload (IPsec DOI) initiator's client network d1 9d 5a 98
emitting 4 raw bytes of initiator's client mask into ISAKMP Identification Payload (IPsec DOI) initiator's client mask ff ff ff f8
emitting length of ISAKMP Identification Payload (IPsec DOI): 16 emit ISAKMP Identification Payload (IPsec DOI):   next payload type: ISAKMP_NEXT_NONE
  ID type: ID_IPV4_ADDR_SUBNET
  Protocol ID: 0
  port: 0
emitting 4 raw bytes of peer's client network into ISAKMP Identification Payload (IPsec DOI) peer's client network ce 0e 3d e0
emitting 4 raw bytes of peer's client mask into ISAKMP Identification Payload (IPsec DOI) peer's client mask ff ff ff f0
emitting length of ISAKMP Identification Payload (IPsec DOI): 16 HASH(1) computed: e3 34 c6 f4 1d 30 57 4e 13 62 3b 86 ff 68 cc a0   bf c9 db ed
computed Phase 2 IV: d4 99 46 71 80 e0 a0 3e 38 85 47 61 b3 fa 5c a3   9a 8d 72 de
encrypting:
  01 00 00 18 e3 34 c6 f4 1d 30 57 4e 13 62 3b 86   ff 68 cc a0 bf c9 db ed 0a 00 00 30 00 00 00 01   00 00 00 01 00 00 00 24 01 03 04 01 00 00 01 00   00 00 00 18 01 03 00 00 80 01 00 01 80 02 70 80   80 04 00 01 80 05 00 01 05 00 00 14 30 c5 d8 02   e8 e6 8c e8 29 43 ee 5f 0b 11 28 e1 05 00 00 10   04 00 00 00 d1 9d 5a 98 ff ff ff f8 00 00 00 10   04 00 00 00 ce 0e 3d e0 ff ff ff f0
emitting 4 zero bytes of encryption padding into ISAKMP Message encrypting using OAKLEY_DES_CBC
new IV: 4f 79 10 b1 70 68 0b fb
emitting length of ISAKMP Message: 156
sending:
  4e a7 c9 67 cc ce 99 cb c4 0f cd 42 30 a3 8c cf   08 10 20 01 01 00 00 00 00 00 00 9c b8 56 a1 b7   01 1d a5 ce 66 ae 59 f3 ff ee cc 41 67 28 09 48   45 dc 74 84 a6 af ac 65 dc 99 99 1c 5a 26 75 30   79 6c 39 79 38 b3 93 35 23 28 77 7e 0c 74 26 e2   b4 b2 63 09 de 40 35 1a 90 7b 2b 46 f1 3c 91 85   d6 5b 1f a5 94 41 75 73 46 dc bd d3 d6 19 5b f9   1d 5c 64 6c e7 35 98 d6 c0 6f 00 ac d4 db 6f f7   dd 99 d6 15 65 21 f6 e4 33 30 bd 96 d2 03 77 85   39 69 6b ca 4f 79 10 b1 70 68 0b fb
transmitted 156 bytes
inserting event EVENT_RETRANSMIT, timeout in 30 seconds event added after event EVENT_RETRANSMIT (0x8066640/0) inserting event EVENT_SA_EXPIRE, timeout in 3600 seconds event added after event EVENT_REINIT_SECRET ((nil)/0) next event EVENT_RETRANSMIT in 30 seconds (0x8066da8/0)

received packet
read 156 bytes from 140.174.2.9, port 500   4e a7 c9 67 cc ce 99 cb c4 0f cd 42 30 a3 8c cf   08 10 20 01 01 00 00 00 00 00 00 9c b6 9c 99 b7   4f 6a 95 a3 99 51 2d f2 12 f5 d2 04 6b 90 7b 43   0c 42 2a 2e dd 32 3a 13 02 2c 4d 00 ad f6 a1 08   d6 be 39 dd 95 67 6a 90 99 91 79 7b b5 fc 83 f3   5f f9 23 c9 f0 6c ef 90 58 46 2b 70 5d 0a 58 21   57 b9 fc a1 3a 84 4e 2d e2 6b 46 ee 45 8a 63 ef   9f e5 f6 0d 8f 2f dd f2 ac cc 1d 62 f8 43 eb 1c   ad a4 f7 9f 72 97 6e 53 32 90 6f 94 7b 95 3e a4   57 8b 49 e7 f7 b7 83 51 45 06 a0 4b
parse ISAKMP Message:
  initiator cookie: 4e a7 c9 67 cc ce 99 cb   responder cookie: c4 0f cd 42 30 a3 8c cf   next payload type: ISAKMP_NEXT_HASH
  ISAKMP version: ISAKMP Version 1.0
  exchange type: ISAKMP_XCHG_QUICK
  flags: ISAKMP_FLAG_ENCRYPTION
  message ID: 01 00 00 00
  length: 156
full state found, state OAKLEY_QUICK_I_1 received encrypted packet from 140.174.2.9, port 500 decrypting 128 bytes using algorithm OAKLEY_DES_CBC keeping last 8 bytes, just in case
new IV: f7 b7 83 51 45 06 a0 4b
decrypted:
  01 00 00 18 df 48 31 87 e1 a6 91 2b 1c 5f bf 2f   cc 2b 0e e8 9c c1 8c d0 0a 00 00 30 00 00 00 01   00 00 00 01 00 00 00 24 01 03 04 01 00 00 01 00   00 00 00 18 01 03 00 00 80 01 00 01 80 02 70 80   80 04 00 01 80 05 00 01 05 00 00 14 08 15 2f 08   33 ff b8 0c b2 a8 ce 11 be 5e db 85 05 00 00 10   04 00 00 00 d1 9d 5a 98 ff ff ff f8 00 00 00 10   04 00 00 00 ce 0e 3d e0 ff ff ff f0 00 00 00 00 parse ISAKMP Generic Payload:
  next payload type: ISAKMP_NEXT_SA
  length: 24
parse ISAKMP Generic Payload:
  next payload type: ISAKMP_NEXT_NONCE
  length: 48
parse ISAKMP Generic Payload:
  next payload type: ISAKMP_NEXT_ID
  length: 20
parse ISAKMP Generic Payload:
  next payload type: ISAKMP_NEXT_ID
  length: 16
parse ISAKMP Generic Payload:
  next payload type: ISAKMP_NEXT_NONE
  length: 16
removing 4 bytes of padding
parse ISAKMP Hash Payload:
  next payload type: ISAKMP_NEXT_SA
  length: 24
received HASH(2): df 48 31 87 e1 a6 91 2b 1c 5f bf 2f cc 2b 0e e8   9c c1 8c d0
HASH(2) computed: df 48 31 87 e1 a6 91 2b 1c 5f bf 2f cc 2b 0e e8   9c c1 8c d0
HASH(2) verified
parse ISAKMP Security Association Payload:   next payload type: ISAKMP_NEXT_NONCE
  length: 48
  DOI: ISAKMP_DOI_IPSEC
proposal: protocol PROTO_IPSEC_ESP
proposal: transform ESP_3DES
SA life type SA_LIFE_TYPE_SECONDS
SA life duration 28800
encapsulation mode ENCAPSULATION_MODE_TUNNEL AUTH algorithm AUTH_ALGORITHM_HMAC_MD5
IPsec SPI accepted 00 00 01 00
accepted protocol PROTO_IPSEC_ESP, transform ESP_3DES SA expiration 28800 seconds, 0 kilobytes encapsulation mode ENCAPSULATION_MODE_TUNNEL AUTH algorithm AUTH_ALGORITHM_HMAC_MD5
group description OAKLEY_GROUP_MODP768
parse ISAKMP Nonce Payload:
  next payload type: ISAKMP_NEXT_ID
  length: 20
parse ISAKMP Identification Payload (IPsec DOI):   next payload type: ISAKMP_NEXT_ID
  length: 16
  ID type: ID_IPV4_ADDR_SUBNET
  Protocol ID: 0
  port: 0
our client user is IP subnet with address 209.157.90.152... ...and netmask 255.255.255.248
parse ISAKMP Identification Payload (IPsec DOI):   next payload type: ISAKMP_NEXT_NONE
  length: 16
  ID type: ID_IPV4_ADDR_SUBNET
  Protocol ID: 0
  port: 0
peer client user is IP subnet with address 206.14.61.224... ...and netmask 255.255.255.240
Nr received: 08 15 2f 08 33 ff b8 0c b2 a8 ce 11 be 5e db 85 emit ISAKMP Message:
  initiator cookie: 4e a7 c9 67 cc ce 99 cb   responder cookie: c4 0f cd 42 30 a3 8c cf   next payload type: ISAKMP_NEXT_HASH
  ISAKMP version: ISAKMP Version 1.0
  exchange type: ISAKMP_XCHG_QUICK
  flags: ISAKMP_FLAG_ENCRYPTION
  message ID: 01 00 00 00
emit ISAKMP Hash Payload:
  next payload type: ISAKMP_NEXT_NONE
emitting 20 zero bytes of HASH(3) into ISAKMP Hash Payload HASH(3) computed: 4a f6 33 22 99 8b 54 56 96 48 cd 64 fb 0e 56 35   9e 35 5c 9f
emitting length of ISAKMP Hash Payload: 24 encrypting:
  00 00 00 18 4a f6 33 22 99 8b 54 56 96 48 cd 64   fb 0e 56 35 9e 35 5c 9f
emitting 0 zero bytes of encryption padding into ISAKMP Message encrypting using OAKLEY_DES_CBC
new IV: 3c 01 7b 23 e8 4c f9 5c
emitting length of ISAKMP Message: 52
KEYMAT computed:
  3b bd 4e c6 78 a5 82 96 c7 b8 ad 66 f0 b9 83 05   17 95 fa 16 51 5f f3 b1 e7 97 7e b3 f1 0f 26 08   27 c3 f7 56 25 b7 09 58
Peer KEYMAT computed:
  3b bd 4e c6 78 a5 82 96 c7 b8 ad 66 f0 b9 83 05   17 95 fa 16 51 5f f3 b1 e7 97 7e b3 f1 0f 26 08   27 c3 f7 56 25 b7 09 58
we're here...
...and here
route to 140.174.2.9 setup
sent 104 bytes to the kernel
sent 104 bytes to the kernel
setting up encapsulation
sent 32 bytes to the kernel
linking 140.174.2.9/fffffeff to 140.174.2.9/00000100 sent 32 bytes to the kernel
sending:
  4e a7 c9 67 cc ce 99 cb c4 0f cd 42 30 a3 8c cf   08 10 20 01 01 00 00 00 00 00 00 34 eb a2 6b a2   c4 18 4d dd 9a ec d2 b5 26 67 41 6e 3c 01 7b 23   e8 4c f9 5c
transmitted 52 bytes
inserting event EVENT_SA_EXPIRE, timeout in 28800 seconds event added after event EVENT_SA_EXPIRE (0x8066640/0) next event EVENT_REINIT_SECRET in 3583 seconds ((nil)/0)

received kernel message
read 84 bytes from "kernel" socket
initiating exchange with [140.174.2.9], port 500, goal GOAL_ENCRYPT+GOAL_AUTHENTICATE+GOAL_TUNNEL Proxying: 209.157.90.152/255.255.255.248<--->206.14.61.224/255.255.255.240 Doing Quick Mode with 140.174.2.9, port 500, goal GOAL_ENCRYPT+GOAL_AUTHENTICATE+GOAL_TUNNEL MSG-ID is 0x00000002
emit ISAKMP Message:
  initiator cookie: 4e a7 c9 67 cc ce 99 cb   responder cookie: c4 0f cd 42 30 a3 8c cf   next payload type: ISAKMP_NEXT_HASH
  ISAKMP version: ISAKMP Version 1.0
  exchange type: ISAKMP_XCHG_QUICK
  flags: ISAKMP_FLAG_ENCRYPTION
  message ID: 02 00 00 00
emit ISAKMP Hash Payload:
  next payload type: ISAKMP_NEXT_SA
emitting 20 zero bytes of HASH(1) into ISAKMP Hash Payload emitting length of ISAKMP Hash Payload: 24 Protocol: PROTO_IPSEC_ESP
IPsec SPI sent: 00 00 01 01
Transform: ESP_3DES
SA lifetime (seconds): 28800
Encapsulation mode: ENCAPSULATION_MODE_TUNNEL AUTH algorithm: AUTH_ALGORITHM_HMAC_MD5
raw proposal:
  00 00 00 24 01 03 04 01 00 00 01 01 00 00 00 18   01 03 00 00 80 01 00 01 80 02 70 80 80 04 00 01   80 05 00 01
emitting 48 raw bytes of SA payload into ISAKMP Message SA payload 0a 00 00 30 00 00 00 01 00 00 00 01 00 00 00 24   01 03 04 01 00 00 01 01 00 00 00 18 01 03 00 00   80 01 00 01 80 02 70 80 80 04 00 01 80 05 00 01 emit ISAKMP Nonce Payload:
  next payload type: ISAKMP_NEXT_ID
emitting 16 raw bytes of nonce value into ISAKMP Nonce Payload nonce value 61 49 14 71 34 36 12 6b e9 08 d6 04 3f 46 cb 32 emitting length of ISAKMP Nonce Payload: 20 Ni sent: 61 49 14 71 34 36 12 6b e9 08 d6 04 3f 46 cb 32 emit ISAKMP Identification Payload (IPsec DOI):   next payload type: ISAKMP_NEXT_ID
  ID type: ID_IPV4_ADDR_SUBNET
  Protocol ID: 0
  port: 0
emitting 4 raw bytes of initiator's client network into ISAKMP Identification Payload (IPsec DOI) initiator's client network d1 9d 5a 98
emitting 4 raw bytes of initiator's client mask into ISAKMP Identification Payload (IPsec DOI) initiator's client mask ff ff ff f8
emitting length of ISAKMP Identification Payload (IPsec DOI): 16 emit ISAKMP Identification Payload (IPsec DOI):   next payload type: ISAKMP_NEXT_NONE
  ID type: ID_IPV4_ADDR_SUBNET
  Protocol ID: 0
  port: 0
emitting 4 raw bytes of peer's client network into ISAKMP Identification Payload (IPsec DOI) peer's client network ce 0e 3d e0
emitting 4 raw bytes of peer's client mask into ISAKMP Identification Payload (IPsec DOI) peer's client mask ff ff ff f0
emitting length of ISAKMP Identification Payload (IPsec DOI): 16 HASH(1) computed: db dd 7b 05 0d 31 1e db 76 2a 95 d2 de d3 85 ac   ad 67 ec 93
computed Phase 2 IV: 84 02 7b de e4 98 fd 57 8c 57 5a d3 4c ed 10 47   7b f5 eb 6c
encrypting:
  01 00 00 18 db dd 7b 05 0d 31 1e db 76 2a 95 d2   de d3 85 ac ad 67 ec 93 0a 00 00 30 00 00 00 01   00 00 00 01 00 00 00 24 01 03 04 01 00 00 01 01   00 00 00 18 01 03 00 00 80 01 00 01 80 02 70 80   80 04 00 01 80 05 00 01 05 00 00 14 61 49 14 71   34 36 12 6b e9 08 d6 04 3f 46 cb 32 05 00 00 10   04 00 00 00 d1 9d 5a 98 ff ff ff f8 00 00 00 10   04 00 00 00 ce 0e 3d e0 ff ff ff f0
emitting 4 zero bytes of encryption padding into ISAKMP Message encrypting using OAKLEY_DES_CBC
new IV: 04 c3 c1 1b db b3 a1 e5
emitting length of ISAKMP Message: 156
sending:
  4e a7 c9 67 cc ce 99 cb c4 0f cd 42 30 a3 8c cf   08 10 20 01 02 00 00 00 00 00 00 9c d8 77 e5 31   b3 b2 6d 4d ce 03 f2 b2 c2 0f 41 2d c6 79 9d 1c   aa 15 59 b8 02 e7 9b b0 74 e8 06 16 bf 03 9f a6   e5 34 95 a0 f6 55 3a 09 12 07 6a ca bf 00 d3 ba   07 00 62 24 3d 8c d6 c8 64 fc e2 fc da ad 7a 06   8e 7b 96 e1 3f 51 c9 8c a4 b0 3b 40 eb 77 e5 f4   3f cf 9d 1b 59 5e 59 97 39 10 62 8a de 35 99 ac   9d b7 2e 6e ed f1 b4 89 19 05 8b 04 96 4f 31 3d   b5 66 f5 ce 04 c3 c1 1b db b3 a1 e5
transmitted 156 bytes
inserting event EVENT_RETRANSMIT, timeout in 30 seconds next event EVENT_RETRANSMIT in 30 seconds (0x8067198/0)

received packet
read 156 bytes from 140.174.2.9, port 500   4e a7 c9 67 cc ce 99 cb c4 0f cd 42 30 a3 8c cf   08 10 20 01 02 00 00 00 00 00 00 9c cc ea 82 c6   66 1d 4f 3e 13 50 35 d9 3c 83 7f 56 38 2d 66 0d   77 f4 d7 c6 42 25 76 08 b5 95 4f 46 c6 af 9d 38   59 2e 22 3a af 33 74 51 45 88 38 a8 de 1e f0 94   12 63 1f 2c 7a f4 50 f1 2f 48 f1 7b 8a 1d b4 b0   1c 6a 5a af 7c 81 43 ac c3 b0 70 fb e2 73 7b 2c   5d c5 5a 17 6c 7c 4e 2d d4 f3 c2 c3 2d 63 5d b1   e2 65 c5 46 9a 36 cb 6a 07 b7 8e 3b fe d4 fc d6   5b d5 e8 4f 3f f8 98 f6 f1 38 a2 b1
parse ISAKMP Message:
  initiator cookie: 4e a7 c9 67 cc ce 99 cb   responder cookie: c4 0f cd 42 30 a3 8c cf   next payload type: ISAKMP_NEXT_HASH
  ISAKMP version: ISAKMP Version 1.0
  exchange type: ISAKMP_XCHG_QUICK
  flags: ISAKMP_FLAG_ENCRYPTION
  message ID: 02 00 00 00
  length: 156
full state found, state OAKLEY_QUICK_I_1 received encrypted packet from 140.174.2.9, port 500 decrypting 128 bytes using algorithm OAKLEY_DES_CBC keeping last 8 bytes, just in case
new IV: 3f f8 98 f6 f1 38 a2 b1
decrypted:
  01 00 00 18 2a 67 1d cd c9 24 e7 fb 26 a5 20 4a   00 7f aa 04 43 a5 4a ee 0a 00 00 30 00 00 00 01   00 00 00 01 00 00 00 24 01 03 04 01 00 00 01 01   00 00 00 18 01 03 00 00 80 01 00 01 80 02 70 80   80 04 00 01 80 05 00 01 05 00 00 14 c0 32 fb b4   e0 bc 2a 13 77 61 1d ae e2 89 a0 ff 05 00 00 10   04 00 00 00 d1 9d 5a 98 ff ff ff f8 00 00 00 10   04 00 00 00 ce 0e 3d e0 ff ff ff f0 00 00 00 00 parse ISAKMP Generic Payload:
  next payload type: ISAKMP_NEXT_SA
  length: 24
parse ISAKMP Generic Payload:
  next payload type: ISAKMP_NEXT_NONCE
  length: 48
parse ISAKMP Generic Payload:
  next payload type: ISAKMP_NEXT_ID
  length: 20
parse ISAKMP Generic Payload:
  next payload type: ISAKMP_NEXT_ID
  length: 16
parse ISAKMP Generic Payload:
  next payload type: ISAKMP_NEXT_NONE
  length: 16
removing 4 bytes of padding
parse ISAKMP Hash Payload:
  next payload type: ISAKMP_NEXT_SA
  length: 24
received HASH(2): 2a 67 1d cd c9 24 e7 fb 26 a5 20 4a 00 7f aa 04   43 a5 4a ee
HASH(2) computed: 2a 67 1d cd c9 24 e7 fb 26 a5 20 4a 00 7f aa 04   43 a5 4a ee
HASH(2) verified
parse ISAKMP Security Association Payload:   next payload type: ISAKMP_NEXT_NONCE
  length: 48
  DOI: ISAKMP_DOI_IPSEC
proposal: protocol PROTO_IPSEC_ESP
proposal: transform ESP_3DES
SA life type SA_LIFE_TYPE_SECONDS
SA life duration 28800
encapsulation mode ENCAPSULATION_MODE_TUNNEL AUTH algorithm AUTH_ALGORITHM_HMAC_MD5
IPsec SPI accepted 00 00 01 01
accepted protocol PROTO_IPSEC_ESP, transform ESP_3DES SA expiration 28800 seconds, 0 kilobytes encapsulation mode ENCAPSULATION_MODE_TUNNEL AUTH algorithm AUTH_ALGORITHM_HMAC_MD5
group description OAKLEY_GROUP_MODP768
parse ISAKMP Nonce Payload:
  next payload type: ISAKMP_NEXT_ID
  length: 20
parse ISAKMP Identification Payload (IPsec DOI):   next payload type: ISAKMP_NEXT_ID
  length: 16
  ID type: ID_IPV4_ADDR_SUBNET
  Protocol ID: 0
  port: 0
our client user is IP subnet with address 209.157.90.152... ...and netmask 255.255.255.248
parse ISAKMP Identification Payload (IPsec DOI):   next payload type: ISAKMP_NEXT_NONE
  length: 16
  ID type: ID_IPV4_ADDR_SUBNET
  Protocol ID: 0
  port: 0
peer client user is IP subnet with address 206.14.61.224... ...and netmask 255.255.255.240
Nr received: c0 32 fb b4 e0 bc 2a 13 77 61 1d ae e2 89 a0 ff emit ISAKMP Message:
  initiator cookie: 4e a7 c9 67 cc ce 99 cb   responder cookie: c4 0f cd 42 30 a3 8c cf   next payload type: ISAKMP_NEXT_HASH
  ISAKMP version: ISAKMP Version 1.0
  exchange type: ISAKMP_XCHG_QUICK
  flags: ISAKMP_FLAG_ENCRYPTION
  message ID: 02 00 00 00
emit ISAKMP Hash Payload:
  next payload type: ISAKMP_NEXT_NONE
emitting 20 zero bytes of HASH(3) into ISAKMP Hash Payload HASH(3) computed: dd ca 7d f4 01 05 f3 bb a9 b4 65 9e cf 33 e6 00   af 87 33 ae
emitting length of ISAKMP Hash Payload: 24 encrypting:
  00 00 00 18 dd ca 7d f4 01 05 f3 bb a9 b4 65 9e   cf 33 e6 00 af 87 33 ae
emitting 0 zero bytes of encryption padding into ISAKMP Message encrypting using OAKLEY_DES_CBC
new IV: bb fe 21 84 75 df 6c 3f
emitting length of ISAKMP Message: 52
KEYMAT computed:
  13 29 2f 7e fe 32 f3 d9 97 f2 53 cb 44 85 ee d3   83 90 fb 1b cc a3 c2 6b 4a 58 45 bd b0 35 19 34   00 78 7b 0c 50 63 85 24
Peer KEYMAT computed:
  13 29 2f 7e fe 32 f3 d9 97 f2 53 cb 44 85 ee d3   83 90 fb 1b cc a3 c2 6b 4a 58 45 bd b0 35 19 34   00 78 7b 0c 50 63 85 24
we're here...
...and here
Error: write() failed in add_route()
errno 22: Invalid argument
root@east >
Script done on Tue May 26 02:50:44 1998

Confused? Frustrated?X

# cat /proc/version

Linux version 2.0.33 (root@north.toad.com) (gcc version 2.7.2) #18 Thu May 14 13:44:00 PDT 1998

# cat /proc/net/ipsec-eroute

# cat /proc/net/ipsec-spi

# cat /proc/net/dev 

Inter-|   Receive                  |  Transmit
 face |packets errs drop fifo frame|packets errs drop fifo colls carrier
    lo:      0    0    0    0    0        0    0    0    0     0    0
 tunl0:      0    0    0    0    0        0    0    0    0     0    0
 tunl1:      0    0    0    0    0        0    0    0    0     0    0
 dummy: No statistics available.
 plip1:      0    0    0    0    0        0    0    0    0     0    0
  eth0:    183    0    0    0    0      123    0    0    0     0    0
  eth1:      0    0    0    0    0        0    0    0    0     0    0
ipsec0:      0    0    0    0    0        0    0    0    0     0    0
ipsec1:      0    0    0    0    0        0    0    0    0     0    0

# netstat -nr

Kernel IP routing table 

Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface

Call Pantek today for Open Source Technical Support at 1-877-546-8934 - 24/7/365X

206.14.61.224   0.0.0.0         255.255.255.240 U      1500 0          0 eth1
140.174.2.0     0.0.0.0         255.255.255.0   U      1500 0          0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U      3584 0          0 lo
0.0.0.0         140.174.2.23    0.0.0.0         UG     1500 0          0 eth0


#  ifconfig -a


lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Bcast:127.255.255.255  Mask:255.0.0.0
          UP BROADCAST LOOPBACK RUNNING  MTU:3584  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0
          TX packets:0 errors:0 dropped:0 overruns:0

eth0      Link encap:10Mbps Ethernet  HWaddr 00:A0:24:C9:E6:E5
          inet addr:140.174.2.9  Bcast:140.174.2.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:183 errors:0 dropped:0 overruns:0
          TX packets:124 errors:0 dropped:0 overruns:0
          Interrupt:10 Base address:0xff40 

eth1      Link encap:10Mbps Ethernet  HWaddr 00:A0:24:C9:E6:DA
          inet addr:206.14.61.238  Bcast:206.14.61.239  Mask:255.255.255.240
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0
          TX packets:0 errors:0 dropped:0 overruns:0
          Interrupt:3 Base address:0xff00 


#  cat /proc/modules


ipsec             19            0


#  cat /proc/meminfo


        total:    used:    free:  shared: buffers:  cached:
Mem:  15241216  8695808  6545408  7266304  1511424  3416064
Swap: 133885952        0 133885952
MemTotal:     14884 kB
MemFree:       6392 kB
MemShared:     7096 kB
Buffers:       1476 kB
Cached:        3336 kB

SwapTotal: 130748 kB
SwapFree: 130748 kB

# cat /proc/net/ip_forward

IP firewall forward rules, default 4

# cat /proc/net/ip_input

IP firewall input rules, default 4

# cat /proc/net/ip_output

IP firewall output rules, default 4

Do you need help?X

# cat /proc/net/route 

Iface   Destination     Gateway         Flags   RefCnt  Use     Metric  Mask            MTU     Window  IRTT                                                       
eth1    E03D0ECE        00000000        01      0       0       0       F0FFFFFF        1500    0       0                                                                              
eth0    0002AE8C        00000000        01      0       2       0       00FFFFFF        1500    0       0                                                                              
lo      0000007F        00000000        01      0       0       0       000000FF        3584    0       0                                                                                

Do you need more help?X

eth0    00000000        1702AE8C        03      0       1       0       00000000        1500    0       0

# grep IP /usr/src/linux/.config 

CONFIG_SYSVIPC=y
CONFIG_IP_FORWARD=y
CONFIG_IP_MULTICAST=y
CONFIG_IP_FIREWALL=y
CONFIG_IP_FIREWALL_VERBOSE=y

# CONFIG_IP_MASQUERADE is not set 
CONFIG_IP_ALWAYS_DEFRAG=y
CONFIG_IP_ACCT=y
CONFIG_IP_ROUTER=y
CONFIG_NET_IPIP=y

# CONFIG_IP_ALIAS is not set

CONFIG_IP_NOSR=y
# CONFIG_IPX is not set 
CONFIG_IPSEC=m
CONFIG_IPSEC_IPIP=y
CONFIG_IPSEC_AH=y
CONFIG_IPSEC_AH_HMAC_MD5=y
CONFIG_IPSEC_AH_HMAC_SHA1=y
CONFIG_IPSEC_AH_MD5=y
CONFIG_IPSEC_ESP=y
CONFIG_IPSEC_ESP_DES_CBC=y
CONFIG_IPSEC_ESP_DES_MD5=y
CONFIG_IPSEC_ESP_3DES_MD5=y
CONFIG_IPSEC_ESP_DES_MD5_96=y
CONFIG_IPSEC_ESP_3DES_MD5_96=y

DEBUG_IPSEC=y
CONFIG_PLIP=y
# CONFIG_SLIP is not set

# tail -256 /var/log/messages | grep "ipsec\|XXX" > /tmp/ipsec_systat.261 

May 26 02:34:07 north kernel: ipsec_callback: skb=ff5f1c skblen=56 em_magic=1400332654 em_type=5 em_spi=c1a0800
May 26 02:34:07 north kernel: ipsec_callback: skb=bdbe6c skblen=104 em_magic=1400332654 em_type=2 em_spi=100
May 26 02:34:07 north kernel: ipsec_callback: could not find a TDB for spi=0x100, daddr=0x8cae0209, allocating (this is normal)
May 26 02:34:07 north kernel: ipsec_callback: skb=bd8284 skblen=104 em_magic=1400332654 em_type=2 em_spi=100
May 26 02:34:07 north kernel: ipsec_callback: could not find a TDB for spi=0x100, daddr=0xd19d5a91, allocating (this is normal)
May 26 02:34:07 north kernel: ipsec_callback: skb=bda620 skblen=32 em_magic=1400332654 em_type=2 em_spi=fffffeff
May 26 02:34:07 north kernel: ipsec_callback: could not find a TDB for spi=0xfffffeff, daddr=0xd19d5a91, allocating (this is normal)
May 26 02:34:07 north kernel: ipsec_callback: skb=714230 skblen=32 em_magic=1400332654 em_type=4 em_spi=fffffeff
May 26 02:38:07 north kernel: ipsec_tunnel_init: tunneling code 0.8

Can we help you?X

May 26 02:42:12 north kernel: ipsec_callback: skb=bdb058 skblen=56 em_magic=1400332654 em_type=5 em_spi=c1a0800
May 26 02:42:12 north kernel: ipsec_callback: skb=746088 skblen=104 em_magic=1400332654 em_type=2 em_spi=100
May 26 02:42:12 north kernel: ipsec_callback: could not find a TDB for spi=0x100, daddr=0x8cae0209, allocating (this is normal)
May 26 02:42:12 north kernel: ipsec_callback: skb=746a74 skblen=104 em_magic=1400332654 em_type=2 em_spi=100
May 26 02:42:12 north kernel: ipsec_callback: could not find a TDB for spi=0x100, daddr=0xd19d5a91, allocating (this is normal)
May 26 02:42:12 north kernel: ipsec_callback: skb=bdb524 skblen=32 em_magic=1400332654 em_type=2 em_spi=fffffeff
May 26 02:42:12 north kernel: ipsec_callback: could not find a TDB for spi=0xfffffeff, daddr=0xd19d5a91, allocating (this is normal)
May 26 02:42:12 north kernel: ipsec_callback: skb=6b632c skblen=32 em_magic=1400332654 em_type=4 em_spi=fffffeff
May 26 02:45:22 north kernel: ipsec_tunnel_init: tunneling code 0.8
May 26 02:47:04 north kernel: ipsec_eroute_get_info: buffer=0x807000, *start=0x1, offset=0, length=3072
May 26 02:47:04 north kernel: ipsec_spi_get_info: buffer=0x80c000, *start=0x1, offset=0, length=3072

# ipsec_systat finished at Tue May 26 02:47:05 PDT 1998
root@north > pluto &
[1] 286
root@north > opening /dev/urandom
inserting event EVENT_REINIT_SECRET, timeout in 3600 seconds init_socket(): listening to port 500 

listening at 127.0.0.1
listening at 140.174.2.9
listening at 206.14.61.238

listening at 3 interfaces
init_kernelfd(): listening to port 501
socket numbers:
4 5 6 7
kernel socket: 8
next event EVENT_REINIT_SECRET in 3600 seconds ((nil)/0)

received packet
read 176 bytes from 209.157.90.145, port 500   4e a7 c9 67 cc ce 99 cb 00 00 00 00 00 00 00 00   01 10 02 00 00 00 00 00 00 00 00 b0 00 00 00 94   00 00 00 01 00 00 00 01 00 00 00 88 00 01 00 04   03 00 00 20 00 01 00 00 80 01 00 01 80 02 00 03   80 03 00 01 80 04 00 02 80 0b 00 01 80 0c 0e 10   03 00 00 20 01 01 00 00 80 01 00 01 80 02 00 02   80 03 00 01 80 04 00 02 80 0b 00 01 80 0c 0e 10   03 00 00 20 02 01 00 00 80 01 00 01 80 02 00 01   80 03 00 01 80 04 00 02 80 0b 00 01 80 0c 0e 10   00 00 00 20 03 01 00 00 80 01 00 01 80 02 00 01   80 03 00 01 80 04 00 01 80 0b 00 01 80 0c 0e 10 parse ISAKMP Message:
  initiator cookie: 4e a7 c9 67 cc ce 99 cb   responder cookie: 00 00 00 00 00 00 00 00   next payload type: ISAKMP_NEXT_SA
  ISAKMP version: ISAKMP Version 1.0
  exchange type: ISAKMP_XCHG_IDPROT
  flags: none
  message ID: 00 00 00 00
  length: 176
full state not found
parse ISAKMP Generic Payload:
  next payload type: ISAKMP_NEXT_NONE
  length: 148
half state not found
parse ISAKMP Security Association Payload:   next payload type: ISAKMP_NEXT_NONE
  length: 148
  DOI: ISAKMP_DOI_IPSEC
emit ISAKMP Message:
  initiator cookie: 4e a7 c9 67 cc ce 99 cb   responder cookie: c4 0f cd 42 30 a3 8c cf   next payload type: ISAKMP_NEXT_SA
  ISAKMP version: ISAKMP Version 1.0
  exchange type: ISAKMP_XCHG_IDPROT
  flags: none
  message ID: 00 00 00 00
emit ISAKMP Security Association Payload:   next payload type: ISAKMP_NEXT_NONE
  DOI: ISAKMP_DOI_IPSEC
parse IPsec DOI SIT:
  IPsec DOI SIT: SIT_IDENTITY_ONLY
parse ISAKMP Proposal Payload:
  next payload type: ISAKMP_NEXT_NONE
  length: 136
  proposal number: 0
  protocol ID: PROTO_ISAKMP
  SPI size: 0
  number of transforms: 4
parse ISAKMP Transform Payload (ISAKMP):   next payload type: ISAKMP_NEXT_T
  length: 32
  transform number: 0
  transform ID: KEY_IKE
parse ISAKMP Oakley attribute:
  af+type: OAKLEY_ENCRYPTION_ALGORITHM
  length/value: 1
  [1 is OAKLEY_DES_CBC]
parse ISAKMP Oakley attribute:
  af+type: OAKLEY_HASH_ALGORITHM
  length/value: 3
  [3 is OAKLEY_TIGER]
I don't like something about OAKLEY_HASH_ALGORITHM in Oakley Proposal parse ISAKMP Transform Payload (ISAKMP):   next payload type: ISAKMP_NEXT_T
  length: 32
  transform number: 1
  transform ID: KEY_IKE
parse ISAKMP Oakley attribute:
  af+type: OAKLEY_ENCRYPTION_ALGORITHM
  length/value: 1
  [1 is OAKLEY_DES_CBC]
parse ISAKMP Oakley attribute:
  af+type: OAKLEY_HASH_ALGORITHM
  length/value: 2
  [2 is OAKLEY_SHA]
parse ISAKMP Oakley attribute:
  af+type: OAKLEY_AUTHENTICATION_METHOD
  length/value: 1
  [1 is OAKLEY_PRESHARED_KEY]
opening ./isakmp-secrets
secret used is [this is a test], length = 14 parse ISAKMP Oakley attribute:
  af+type: OAKLEY_GROUP_DESCRIPTION
  length/value: 2
  [2 is OAKLEY_GROUP_MODP1024]
parse ISAKMP Oakley attribute:
  af+type: OAKLEY_LIFE_TYPE
  length/value: 1
  [1 is OAKLEY_LIFE_SECONDS]
parse ISAKMP Oakley attribute:
  af+type: OAKLEY_LIFE_DURATION
  length/value: 3600
Oakley Transform 1 accepted
emit IPsec DOI SIT:
  IPsec DOI SIT: SIT_IDENTITY_ONLY
emit ISAKMP Proposal Payload:
  next payload type: ISAKMP_NEXT_NONE
  proposal number: 0
  protocol ID: PROTO_ISAKMP
  SPI size: 0
  number of transforms: 1
emit ISAKMP Transform Payload (ISAKMP):
  next payload type: ISAKMP_NEXT_NONE
  transform number: 1
  transform ID: KEY_IKE
emitting 24 raw bytes of attributes into ISAKMP Transform Payload (ISAKMP) attributes 80 01 00 01 80 02 00 02 80 03 00 01 80 04 00 02   80 0b 00 01 80 0c 0e 10
emitting length of ISAKMP Transform Payload (ISAKMP): 32 emitting length of ISAKMP Proposal Payload: 40 emitting length of ISAKMP Security Association Payload: 52 emitting length of ISAKMP Message: 80
my identity is 140.174.2.9
sending:
  4e a7 c9 67 cc ce 99 cb c4 0f cd 42 30 a3 8c cf   01 10 02 00 00 00 00 00 00 00 00 50 00 00 00 34   00 00 00 01 00 00 00 01 00 00 00 28 00 01 00 01   00 00 00 20 01 01 00 00 80 01 00 01 80 02 00 02   80 03 00 01 80 04 00 02 80 0b 00 01 80 0c 0e 10 transmitted 80 bytes
inserting event EVENT_RETRANSMIT, timeout in 30 seconds next event EVENT_RETRANSMIT in 30 seconds (0x8068048/0)

received packet
read 180 bytes from 209.157.90.145, port 500   4e a7 c9 67 cc ce 99 cb c4 0f cd 42 30 a3 8c cf   04 10 02 00 00 00 00 00 00 00 00 b4 0a 00 00 84   7a 13 7f 9f b4 46 6d 68 bc 68 bb f9 15 62 a7 47   0b cd 30 f5 15 52 51 e0 73 0c 7f 02 d9 be a1 4b   75 ed f1 34 9c 05 a0 11 3d 2c c6 32 5a 3b bf 17   41 96 17 60 dd 27 88 9c 73 10 da 99 a7 9c 17 8a   17 83 07 fe 33 14 6e d1 1e 69 3d d8 e5 a6 18 84   8e aa 61 0e 05 e7 3e 81 bd e2 66 0a 25 d6 a7 fb   6e 3f 46 f9 67 4a aa 95 9e 97 d8 f0 45 6b f4 20   83 16 e3 e6 9f 26 67 99 c8 ae fd 84 58 6c 83 70   00 00 00 14 b9 b7 71 b1 90 97 ef 42 4f 80 95 67   48 fc b0 5e
parse ISAKMP Message:
  initiator cookie: 4e a7 c9 67 cc ce 99 cb   responder cookie: c4 0f cd 42 30 a3 8c cf   next payload type: ISAKMP_NEXT_KE
  ISAKMP version: ISAKMP Version 1.0
  exchange type: ISAKMP_XCHG_IDPROT
  flags: none
  message ID: 00 00 00 00
  length: 180
full state found, state OAKLEY_MAIN_R_1
parse ISAKMP Generic Payload:
  next payload type: ISAKMP_NEXT_NONCE
  length: 132
parse ISAKMP Generic Payload:
  next payload type: ISAKMP_NEXT_NONE
  length: 20
parse ISAKMP Key Exchange Payload:
  next payload type: ISAKMP_NEXT_NONCE
  length: 132
parse ISAKMP Nonce Payload:
  next payload type: ISAKMP_NEXT_NONE
  length: 20
public value received: 7a137f9fb4466d68bc68bbf91562a7470bcd30f5155251e0730c7f02d9bea14b75edf1349c05a0113d2cc6325a3bbf1741961760dd27889c7310da99a79c178a178307fe33146ed11e693dd8e5a618848eaa610e05e73e81bde2660a25d6a7fb6e3f46f9674aaa959e97d8f0456bf4208316e3e69f266799c8aefd84586c8370 our secret value: a756a720f4705811006ca3c6ff67a5b82ba580a21289be1d8f188fd89573f690 our public value: 471ff810ee90ab5950b99a81ee46c83a801ef2733212adff896812b2fd84bf2c686c4310341126c26c6b9cf7c29bd943f7e8eed061cda83e06e70e61e4e579e5b95a2cde978d269a9c822cbde623a9014a646f0ce257dee60b3058e26546c830bba32928aeb562e41c025f88211ecec8c3d87c14289bec6e10be8567961fc106 shared secret: 9ac341b95d837369a03a23c86fed455cb617ea8a9545c528b7c235b2e95a3fbdccc7fd29ee24dfd829437ed79168bd3eea5d08beec963191869c077c20affbc25484471aa1c078c6c39cfb77b2bad4734c681032527d8a659b478acd2ec489254fa126cb8e723ea1aa8dc055f1e136d26881634fecd9bfac8d8d19f7c01511b9 emit ISAKMP Message:
  initiator cookie: 4e a7 c9 67 cc ce 99 cb   responder cookie: c4 0f cd 42 30 a3 8c cf   next payload type: ISAKMP_NEXT_KE
  ISAKMP version: ISAKMP Version 1.0
  exchange type: ISAKMP_XCHG_IDPROT
  flags: none
  message ID: 00 00 00 00
emit ISAKMP Key Exchange Payload:
  next payload type: ISAKMP_NEXT_NONCE
emitting 128 raw bytes of keyex value into ISAKMP Key Exchange Payload keyex value 47 1f f8 10 ee 90 ab 59 50 b9 9a 81 ee 46 c8 3a   80 1e f2 73 32 12 ad ff 89 68 12 b2 fd 84 bf 2c   68 6c 43 10 34 11 26 c2 6c 6b 9c f7 c2 9b d9 43   f7 e8 ee d0 61 cd a8 3e 06 e7 0e 61 e4 e5 79 e5   b9 5a 2c de 97 8d 26 9a 9c 82 2c bd e6 23 a9 01   4a 64 6f 0c e2 57 de e6 0b 30 58 e2 65 46 c8 30   bb a3 29 28 ae b5 62 e4 1c 02 5f 88 21 1e ce c8   c3 d8 7c 14 28 9b ec 6e 10 be 85 67 96 1f c1 06 emitting length of ISAKMP Key Exchange Payload: 132 emit ISAKMP Nonce Payload:
  next payload type: ISAKMP_NEXT_NONE
emitting 16 raw bytes of nonce value into ISAKMP Nonce Payload nonce value 70 ab 5d 02 88 bc b4 74 c9 66 0c 97 b3 c8 d4 59 emitting length of ISAKMP Nonce Payload: 20 emitting length of ISAKMP Message: 180
opening ./isakmp-secrets
secret used is [this is a test], length = 14 size of g^xy is 128
Skeyid: f1 3a f8 99 33 2f b1 f2 6f 77 ac 43 93 bd 01 81   04 9e 7b c4
Skeyid_d: 95 a5 39 0a 9f 94 d3 73 4b e4 ac 10 e3 24 83 c7   ac 27 b1 a7
Skeyid_a: 35 a0 1c 75 49 26 11 70 19 57 95 dc 04 26 58 72   2c 7c e2 23
Skeyid_e: 6c 06 f3 df 0c fc 4e 61 c1 89 4b f9 31 0d 98 fa   11 65 19 75
IV: bb 55 c0 65 87 ff 53 9f e4 2b 3e e8 6c 1b a3 4e   ce b5 42 ed
sending:
  4e a7 c9 67 cc ce 99 cb c4 0f cd 42 30 a3 8c cf   04 10 02 00 00 00 00 00 00 00 00 b4 0a 00 00 84   47 1f f8 10 ee 90 ab 59 50 b9 9a 81 ee 46 c8 3a   80 1e f2 73 32 12 ad ff 89 68 12 b2 fd 84 bf 2c   68 6c 43 10 34 11 26 c2 6c 6b 9c f7 c2 9b d9 43   f7 e8 ee d0 61 cd a8 3e 06 e7 0e 61 e4 e5 79 e5   b9 5a 2c de 97 8d 26 9a 9c 82 2c bd e6 23 a9 01   4a 64 6f 0c e2 57 de e6 0b 30 58 e2 65 46 c8 30   bb a3 29 28 ae b5 62 e4 1c 02 5f 88 21 1e ce c8   c3 d8 7c 14 28 9b ec 6e 10 be 85 67 96 1f c1 06   00 00 00 14 70 ab 5d 02 88 bc b4 74 c9 66 0c 97   b3 c8 d4 59
transmitted 180 bytes
inserting event EVENT_CLEANUP, timeout in 120 seconds next event EVENT_CLEANUP in 120 seconds (0x8068048/0)

received packet
read 68 bytes from 209.157.90.145, port 500   4e a7 c9 67 cc ce 99 cb c4 0f cd 42 30 a3 8c cf   05 10 02 01 00 00 00 00 00 00 00 44 64 f1 22 b4   39 c0 26 7f cd 3e 94 7d 68 1c f1 7b 87 35 81 e7   97 9d e5 1e 63 dc a0 59 70 7d 01 e7 1d 81 f0 d9   53 93 1a ff
parse ISAKMP Message:
  initiator cookie: 4e a7 c9 67 cc ce 99 cb   responder cookie: c4 0f cd 42 30 a3 8c cf   next payload type: ISAKMP_NEXT_ID
  ISAKMP version: ISAKMP Version 1.0
  exchange type: ISAKMP_XCHG_IDPROT
  flags: ISAKMP_FLAG_ENCRYPTION
  message ID: 00 00 00 00
  length: 68
full state found, state OAKLEY_MAIN_R_2
received encrypted packet from 209.157.90.145, port 500 decrypting 40 bytes using algorithm OAKLEY_DES_CBC keeping last 8 bytes, just in case
new IV: 1d 81 f0 d9 53 93 1a ff
decrypted:
  08 00 00 0c 01 00 00 00 d1 9d 5a 91 00 00 00 18   f7 6a 36 78 d1 f9 58 dd 11 ed e9 38 3a 1d ec 69   d5 c3 61 9b 00 00 00 00
parse ISAKMP Generic Payload:
  next payload type: ISAKMP_NEXT_HASH
  length: 12
parse ISAKMP Generic Payload:
  next payload type: ISAKMP_NEXT_NONE
  length: 24
removing 4 bytes of padding
parse ISAKMP Identification Payload (IPsec DOI):   next payload type: ISAKMP_NEXT_HASH
  length: 12
  ID type: ID_IPV4_ADDR
  Protocol ID: 0
  port: 0
IDii type is ID_IPV4_ADDR: 209.157.90.145 parse ISAKMP Hash Payload:
  next payload type: ISAKMP_NEXT_NONE
  length: 24
hashing 48 bytes of SA
Hashing his ID: Type ID_IPV4_ADDR, Protocol 0, Port 0 computed HASH_I: f7 6a 36 78 d1 f9 58 dd 11 ed e9 38 3a 1d ec 69   d5 c3 61 9b
received HASH_I: f7 6a 36 78 d1 f9 58 dd 11 ed e9 38 3a 1d ec 69   d5 c3 61 9b
emit ISAKMP Message:
  initiator cookie: 4e a7 c9 67 cc ce 99 cb   responder cookie: c4 0f cd 42 30 a3 8c cf   next payload type: ISAKMP_NEXT_ID
  ISAKMP version: ISAKMP Version 1.0
  exchange type: ISAKMP_XCHG_IDPROT
  flags: ISAKMP_FLAG_ENCRYPTION
  message