Salut
folosesc PGPnet 7.0.4 Road Warrior( w2k) cu Frees/Wan 1.92 ( RedHat 7.1 - 2.4.16 )
In momentul cand ma conectez la IP-ul unde fac VPN-ul ( Secure GW ) totul merge ok
...insa cand ma deconectez
scriptul "_updown" nu imi sterge ruta adaugata pe dev "ipsec0" astfel incat userul
mobil nu mai poate accesa SGw ( serverul VPN)
decit daca sterg manual acesta ruta.Ideea e ca trebuia ca scriptul "_updown" sa
functioneze ..iar mie nu imi functioneaza .
Ati lucrat cu asa ceva ?? In caz ca da dati-mi si mie va rog ceva idei ...
Multumesc
____________________________________________________________________
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.5 192.168.1.5 255.255.255 UHG .........................ipsec0
172.16.1.0 0.0.0.0 255.255.255.248 U 0 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 ipsec0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 192.168.1.11 0.0.0.0 UG 0 0 0 eth1
________________________________________________________________________________
after that I delete the route : route del 192.168.1.5 gw 192.168.1.5 dev ipsec0 and
all is OK !!!!
_____________________________________________________________________________________
I will show my configuration :
_________________________________________________________________________________________________________________
syslog
Tue Apr 16 16:16:40 EEST 2002
+ _________________________ version
+ ipsec --version
Linux FreeS/WAN 1.92
See `ipsec --copyright' for copyright information.
+ _________________________ proc/version
+ cat /proc/version
Linux version 2.4.16 (root@syslog) (gcc version 2.96 20000731 (Red Hat Linux 7.1
2.96-81)) #1 SMP Mon Apr 15 12:24:11 EEST 200
2
+ _________________________ proc/net/ipsec_eroute
+ sort +1 /proc/net/ipsec_eroute
+ _________________________ proc/net/ipsec_spi
+ cat /proc/net/ipsec_spi
+ _________________________ proc/net/ipsec_spigrp
+ cat /proc/net/ipsec_spigrp
+ _________________________ netstart-rn
+ netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
172.16.1.0 0.0.0.0 255.255.255.248 U 40 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 40 0 0 eth1
192.168.1.0 0.0.0.0 255.255.255.0 U 40 0 0 ipsec0
127.0.0.0 0.0.0.0 255.0.0.0 U 40 0 0 lo
0.0.0.0 192.168.1.11 0.0.0.0 UG 40 0 0 eth1
+ _________________________ proc/net/ipsec_tncfg
+ cat /proc/net/ipsec_tncfg
ipsec0 -> eth1 mtu=16260(1500) -> 1500
ipsec1 -> NULL mtu=0(0) -> 0
ipsec2 -> NULL mtu=0(0) -> 0
ipsec3 -> NULL mtu=0(0) -> 0
+ _________________________ proc/net/pf_key
+ cat /proc/net/pf_key
sock pid socket next prev e n p sndbf Flags Type St
c60a60a0 20263 c48c33a0 0 0 0 0 2 65535 00000000 3 1
+ _________________________ proc/net/pf_key-star
+ cd /proc/net
+ egrep '^' pf_key_registered pf_key_supported
pf_key_registered:satype socket pid sk
pf_key_registered: 2 c48c33a0 20263 c60a60a0
pf_key_registered: 3 c48c33a0 20263 c60a60a0
pf_key_registered: 9 c48c33a0 20263 c60a60a0
pf_key_registered: 10 c48c33a0 20263 c60a60a0
pf_key_supported:satype exttype alg_id ivlen minbits maxbits
pf_key_supported: 2 14 3 0 160 160
pf_key_supported: 2 14 2 0 128 128
pf_key_supported: 3 15 3 128 168 168
pf_key_supported: 3 14 3 0 160 160
pf_key_supported: 3 14 2 0 128 128
pf_key_supported: 9 15 1 0 32 32
pf_key_supported: 10 15 2 0 1 1
+ _________________________ proc/sys/net/ipsec-star
+ cd /proc/sys/net/ipsec
+ egrep '^' debug_ah debug_eroute debug_esp debug_ipcomp debug_netlink debug_pfkey
+debug_radij debug_rcv debug_spi debug_tunn
l debug_verbose debug_xform icmp inbound_policy_check tos
debug_ah:0
debug_eroute:0
debug_esp:0
debug_ipcomp:0
debug_netlink:0
debug_pfkey:0
debug_radij:0
debug_rcv:0
debug_spi:0
debug_tunnel:0
debug_verbose:0
debug_xform:0
icmp:0
inbound_policy_check:1
tos:1
+ _________________________ ipsec/status
+ ipsec auto --status
000 interface ipsec0/eth1 192.168.1.4
000
000
+ _________________________ ifconfig-a
+ ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:A0:24:4A:6A:1E
inet addr:172.16.1.1 Bcast:172.16.1.7 Mask:255.255.255.248
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
Interrupt:11 Base address:0x2400
eth1 Link encap:Ethernet HWaddr 00:A0:24:4A:5C:8D
inet addr:192.168.1.4 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:438833 errors:0 dropped:0 overruns:0 frame:0
TX packets:85104 errors:0 dropped:0 overruns:0 carrier:0
collisions:93 txqueuelen:100
Interrupt:11 Base address:0x2080
eth2 Link encap:Ethernet HWaddr 00:60:97:37:49:75
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
Interrupt:5 Base address:0x220
ipsec0 Link encap:Ethernet HWaddr 00:A0:24:4A:5C:8D
inet addr:192.168.1.4 Mask:255.255.255.0
UP RUNNING NOARP MTU:16260 Metric:1
RX packets:255 errors:0 dropped:168 overruns:0 frame:0
TX packets:94 errors:0 dropped:370 overruns:0 carrier:0
collisions:0 txqueuelen:10
ipsec1 Link encap:IPIP Tunnel HWaddr
inet addr:172.16.1.2 Mask:255.255.255.248
NOARP MTU:0 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:10
ipsec2 Link encap:IPIP Tunnel HWaddr
NOARP MTU:0 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:10
ipsec3 Link encap:IPIP Tunnel HWaddr
NOARP MTU:0 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:10
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:5924 errors:0 dropped:0 overruns:0 frame:0
TX packets:5924 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
+ _________________________ ipsec/directory
+ ipsec --directory
/usr/local/lib/ipsec
+ _________________________ hostname/fqdn
+ hostname --fqdn
syslog
+ _________________________ hostname/ipaddress
+ hostname --ip-address
127.0.0.1
+ _________________________ uptime
+ uptime
4:16pm up 20:40, 4 users, load average: 0.07, 0.06, 0.01
+ _________________________ ps
+ ps alxw
Warning: /boot/System.map has an incorrect kernel version.
+ egrep -i 'ppid|pluto|ipsec|klips'
F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME COMMAND
040 0 20261 1 9 0 1936 916 wait4 S pts/4 0:00 /bin/sh
/usr/local/lib/ipsec/_plutorun --debug none --uni
queids
040 0 20262 20261 9 0 1936 916 wait4 S pts/4 0:00 /bin/sh
/usr/local/lib/ipsec/_plutorun --debug none --uni
queids
100 0 20263 20262 9 0 1820 728 do_sel S pts/4 0:00
/usr/local/lib/ipsec/pluto --nofork --debug-none --unique
ids
000 0 20264 20261 8 0 1928 916 pipe_w S pts/4 0:00 /bin/sh
/usr/local/lib/ipsec/_plutoload --load %search --
start
000 0 20265 1 9 0 1348 516 pipe_w S pts/4 0:00 logger -p
daemon.error -t ipsec__plutorun
000 0 20492 19762 9 0 2120 988 wait4 S pts/4 0:00 /bin/sh
/usr/local/sbin/ipsec barf
000 0 20494 20492 10 0 2140 1028 wait4 S pts/4 0:00 /bin/sh
/usr/local/lib/ipsec/barf
000 0 20534 20494 10 0 1452 540 pipe_w S pts/4 0:00 egrep -i
ppid|pluto|ipsec|klips
+ _________________________ ipsec/showdefaults
+ ipsec showdefaults
#dr: no default route
# no default route
# no default route
+ _________________________ ipsec/conf
+ ipsec _include /etc/ipsec.conf
+ ipsec _keycensor
#< /etc/ipsec.conf 1
config setup
interfaces="ipsec0=eth1"
klipsdebug=none
plutodebug=none
plutoload=%search
plutostart=%search
uniqueids=yes
conn %default
keyingtries=1
authby=secret
conn rw_pgp-syslog
left=192.168.1.4
leftsubnet=172.16.1.0/29
right=0.0.0.0
rightxthop=
rightsubnet=
leftupdown=/root/freeswan-1.92/utils/_updown
pfs=yes
type=tunnel
keyingtries=1
keyexchange=ike
authby=secret
auto=add
+ _________________________ ipsec/secrets
+ ipsec _include /etc/ipsec.secrets
+ ipsec _secretcensor
#< /etc/ipsec.secrets 1
192.168.1.4 0.0.0.0: PSK "[sums to dd02...]"
+ _________________________ ipsec/ls-dir
+ ls -l /usr/local/lib/ipsec
total 3020
-rwxr-xr-x 1 root root 11064 Apr 10 11:34 _confread
-rwxr-xr-x 1 root root 11064 Apr 9 17:48 _confread.old
-rwxr-xr-x 1 root root 2163 Apr 10 11:34 _include
-rwxr-xr-x 1 root root 2163 Apr 9 17:48 _include.old
-rwxr-xr-x 1 root root 1383 Apr 10 11:34 _keycensor
-rwxr-xr-x 1 root root 1383 Apr 9 17:48 _keycensor.old
-rwxr-xr-x 1 root root 3495 Apr 10 11:34 _plutoload
-rwxr-xr-x 1 root root 3495 Apr 9 17:48 _plutoload.old
-rwxr-xr-x 1 root root 3500 Apr 10 11:34 _plutorun
-rwxr-xr-x 1 root root 3500 Apr 9 17:48 _plutorun.old
-rwxr-xr-x 1 root root 7150 Apr 10 11:34 _realsetup
-rwxr-xr-x 1 root root 7150 Apr 9 17:48 _realsetup.old
-rwxr-xr-x 1 root root 1904 Apr 10 11:34 _secretcensor
-rwxr-xr-x 1 root root 1904 Apr 9 17:48 _secretcensor.old
-rwxr-xr-x 1 root root 5905 Apr 10 11:34 _startklips
-rwxr-xr-x 1 root root 5905 Apr 9 17:48 _startklips.old
-rwxr-xr-x 1 root root 3548 Apr 16 10:17 _updown
-rwxr-xr-x 1 root root 5174 Apr 9 17:48 _updown.old
-rwxr-xr-x 1 root root 10707 Apr 10 11:34 auto
-rwxr-xr-x 1 root root 10707 Apr 9 17:48 auto.old
-rwxr-xr-x 1 root root 6426 Apr 10 11:34 barf
-rwxr-xr-x 1 root root 6426 Apr 9 17:48 barf.old
-rwxr-xr-x 1 root root 212866 Apr 10 11:34 eroute
-rwxr-xr-x 1 root root 2846 Apr 10 11:34 ipsec
-rwxr-xr-x 1 root root 2846 Apr 9 17:48 ipsec.old
-rwxr-xr-x 1 root root 149044 Apr 10 11:34 klipsdebug
-rwxr-xr-x 1 root root 2437 Apr 10 11:34 look
-rwxr-xr-x 1 root root 2437 Apr 9 17:48 look.old
-rwxr-xr-x 1 root root 16172 Apr 10 11:34 manual
-rwxr-xr-x 1 root root 16172 Apr 9 17:48 manual.old
-rwxr-xr-x 1 root root 1227 Apr 10 11:34 newhostkey
-rwxr-xr-x 1 root root 1227 Apr 9 17:48 newhostkey.old
-rwxr-xr-x 1 root root 746763 Apr 10 11:34 pluto
-rwxr-xr-x 1 root root 746771 Apr 9 17:48 pluto.old
-rwxr-xr-x 1 root root 39472 Apr 10 11:34 ranbits
-rwxr-xr-x 1 root root 39476 Apr 9 17:48 ranbits.old
-rwxr-xr-x 1 root root 56703 Apr 10 11:34 rsasigkey
-rwxr-xr-x 1 root root 56707 Apr 9 17:48 rsasigkey.old
lrwxrwxrwx 1 root root 22 Apr 10 11:34 setup -> /etc/rc.d/init.d/ipsec
-rwxr-xr-x 1 root root 1041 Apr 10 11:34 showdefaults
-rwxr-xr-x 1 root root 1041 Apr 9 17:48 showdefaults.old
-rwxr-xr-x 1 root root 3484 Apr 10 11:34 showhostkey
-rwxr-xr-x 1 root root 3484 Apr 9 17:48 showhostkey.old
-rwxr-xr-x 1 root root 233490 Apr 10 11:34 spi
-rwxr-xr-x 1 root root 189996 Apr 10 11:34 spigrp
-rwxr-xr-x 1 root root 68087 Apr 10 11:34 tncfg
-rwxr-xr-x 1 root root 127718 Apr 10 11:34 whack
-rwxr-xr-x 1 root root 127726 Apr 9 17:48 whack.old
+ _________________________ ipsec/updowns
++ ls /usr/local/lib/ipsec
++ egrep updown
+ cat /usr/local/lib/ipsec/_updown
#! /bin/sh
# default updown script
# Copyright (C) 2000, 2001 D. Hugh Redelmeier, Henry Spencer
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 2 of the License, or (at your
# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
# for more details.
#
# RCSID $Id: _updown,v 1.17 2001/08/15 14:37:17 henry Exp $
# CAUTION: Installing a new version of FreeS/WAN will install a new
# copy of this script, wiping out any custom changes you make. If
# you need changes, make a copy of this under another name, and customize
# that, and use the (left/right)updown parameters in ipsec.conf to make
# FreeS/WAN use yours instead of this default one.
# check interface version
case "$PLUTO_VERSION" in
1.[0]) # Older Pluto?!? Play it safe, script may be using new features.
echo "$0: obsolete interface version \`$PLUTO_VERSION'," >&2
echo "$0: called by obsolete Pluto?" >&2
exit 2
;;
1.*) ;;
*) echo "$0: unknown interface version \`$PLUTO_VERSION'" >&2
exit 2
;;
esac
# check parameter(s)
case "$*" in
'') ;;
ipfwadm) # caused by (left/right)firewall=yes; for default script only
;;
*) echo "$0: unknown parameter \`$1'" >&2
exit 2
;;
esac
# utility functions for route manipulation
# Meddling with this stuff should not be necessary and requires great care.
uproute() {
# route add -net $PLUTO_PEER_CLIENT_NET netmask $PLUTO_PEER_CLIENT_MASK \
# dev $PLUTO_INTERFACE gw $PLUTO_NEXT_HOP
route add -net $PLUTO_PEER_CLIENT_NET netmask $PLUTO_PEER_CLIENT_MASK \
dev $PLUTO_INTERFACE gw $LOCAL_WORK_ADDRESS
}
downroute() {
# route del -net $PLUTO_PEER_CLIENT_NET netmask $PLUTO_PEER_CLIENT_MASK \
# dev $PLUTO_INTERFACE gw $PLUTO_NEXT_HOP
route del -net $PLUTO_PEER_CLIENT_NET netmask $PLUTO_PEER_CLIENT_MASK \
dev $PLUTO_INTERFACE gw $LOCAL_WORK_ADDRESS
}
route-host:*|route-client:*)
# connection to me or my client subnet being routed
uproute
;;
unroute-host:*|unroute-client:*)
# connection to me or my client subnet being unrouted
downroute
;;
up-host:*)
# connection to me coming up
# If you are doing a custom version, firewall commands go here.
;;
down-host:*)
# connection to me going down
# If you are doing a custom version, firewall commands go here.
;;
up-client:)
# connection to my client subnet coming up
# If you are doing a custom version, firewall commands go here.
;;
down-client:)
# connection to my client subnet going down
# If you are doing a custom version, firewall commands go here.
;;
up-client)
# connection to client subnet, through forwarding firewall, coming up
ipchains -I forward -j ACCEPT -b \
-s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \
-d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK
;;
down-client)
# connection to client subnet, through forwarding firewall, going down
ipchains -D forward -j ACCEPT -b \
-s $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \
-d $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK
;;
*) echo "$0: unknown verb \`$PLUTO_VERB' or parameter \`$1'" >&2
exit 1
;;
esac
+ cat /usr/local/lib/ipsec/_updown.old
#! /bin/sh
# default updown script
# Copyright (C) 2000, 2001 D. Hugh Redelmeier, Henry Spencer
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 2 of the License, or (at your
# option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
:
# CAUTION: Installing a new version of FreeS/WAN will install a new
# copy of this script, wiping out any custom changes you make. If
# you need changes, make a copy of this under another name, and customize
# that, and use the (left/right)updown parameters in ipsec.conf to make
# FreeS/WAN use yours instead of this default one.
# check interface version
case "$PLUTO_VERSION" in
1.[0]) # Older Pluto?!? Play it safe, script may be using new features.
echo "$0: obsolete interface version \`$PLUTO_VERSION'," >&2
echo "$0: called by obsolete Pluto?" >&2
exit 2
;;
1.*) ;;
*) echo "$0: unknown interface version \`$PLUTO_VERSION'" >&2
exit 2
;;
esac
# check parameter(s)
case "$*" in
'') ;;
ipfwadm) # caused by (left/right)firewall=yes; for default script only
;;
*) echo "$0: unknown parameter \`$1'" >&2
exit 2
;;
esac
# utility functions for route manipulation
# Meddling with this stuff should not be necessary and requires great care.
uproute() {
doroute add
}
downroute() {
doroute del
}
doroute() {
parms="-net $PLUTO_PEER_CLIENT_NET netmask $PLUTO_PEER_CLIENT_MASK"
parms2="dev $PLUTO_INTERFACE gw $PLUTO_NEXT_HOP"
case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in
"0.0.0.0/0.0.0.0")
# horrible kludge for obscure routing bug with opportunistic
it="route $1 -net 0.0.0.0 netmask 128.0.0.0 $parms2 &&"
it="$it route $1 -net 128.0.0.0 netmask 128.0.0.0 $parms2"
route $1 -net 0.0.0.0 netmask 128.0.0.0 $parms2 &&
route $1 -net 128.0.0.0 netmask 128.0.0.0 $parms2
;;
*) it="route $1 $parms $parms2"
route $1 $parms $parms2
;;
esac
st=$?
if test $st -ne 0
then
# route has already given its own cryptic message
echo "$0: \`$it' failed" >&2
if test " $1 $st" = " add 7"
then
# another totally undocumented interface -- 7 and
# "SIOCADDRT: Network is unreachable" means that
# the gateway isn't reachable.
echo "$0: (incorrect or missing nexthop setting??)" >&2
fi
fi
return $st
}
# the big choice
case "$PLUTO_VERB:$1" in
prepare-host:*|prepare-client:*)
# delete possibly-existing route (preliminary to adding a route)
case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in
"0.0.0.0/0.0.0.0")
# horrible kludge for obscure routing bug with opportunistic
parms1="-net 0.0.0.0 netmask 128.0.0.0"
parms2="-net 128.0.0.0 netmask 128.0.0.0"
it="route del $parms1 2>&1 ; route del $parms2 2>&1"
oops="`route del $parms1 2>&1 ; route del $parms2 2>&1`"
;;
*)
parms="-net $PLUTO_PEER_CLIENT_NET netmask $PLUTO_PEER_CLIENT_MASK"
it="route del $parms 2>&1"
oops="`route del $parms 2>&1`"
;;
esac
status="$?"
if test " $oops" = " " -a " $status" != " 0"
then
oops="silent error, exit status $status"
fi
case "$oops" in
'SIOCDELRT: No such process'*)
# This is what route (currently -- not documented!) gives
# for "could not find such a route".
oops=
status=0
;;
esac
if test " $oops" != " " -o " $status" != " 0"
then
echo "$0: \`$it' failed ($oops)" >&2
fi
exit $status
;;
route-host:*|route-client:*)
# connection to me or my client subnet being routed
uproute
;;
unroute-host:*|unroute-client:*)
# connection to me or my client subnet being unrouted
downroute
;;
up-host:*)
# connection to me coming up
# If you are doing a custom version, firewall commands go here.
;;
down-host:*)
# connection to me going down
# If you are doing a custom version, firewall commands go here.
;;
up-client:)
# connection to my client subnet coming up
# If you are doing a custom version, firewall commands go here.
;;
down-client:)
# connection to my client subnet going down
# If you are doing a custom version, firewall commands go here.
;;
up-client:ipfwadm)
# connection to client subnet, with (left/right)firewall=yes, coming up
# This is used only by the default updown script, not by your custom
# ones, so do not mess with it; see CAUTION comment up at top.
ipfwadm -F -i accept -b -S $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \
-D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK
;;
down-client:ipfwadm)
# connection to client subnet, with (left/right)firewall=yes, going down
# This is used only by the default updown script, not by your custom
# ones, so do not mess with it; see CAUTION comment up at top.
ipfwadm -F -d accept -b -S $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \
-D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK
;;
*) echo "$0: unknown verb \`$PLUTO_VERB' or parameter \`$1'" >&2
exit 1
;;
esac
+ _________________________ proc/net/dev
+ cat /proc/net/dev
Inter-| Receive | Transmit
face |bytes packets errs drop fifo frame compressed multicast|bytes packets
errs drop fifo colls carrier compressed
lo: 1232984 5924 0 0 0 0 0 0 1232984 5924
0 0 0 0 0 0
ipsec0: 5220 255 0 168 0 0 0 0 13672 94
0 370 0 0 0 0
ipsec1: 0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0
ipsec2: 0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0
ipsec3: 0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0
:
eth0: 0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0
eth1:162712442 441221 0 0 0 0 0 0 9217749 85507
0 0 0 93 0 0
eth2: 0 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0
+ _________________________ proc/net/route
+ cat /proc/net/route
Iface Destination Gateway Flags RefCnt Use Metric Mask
MTU Window IRTT
eth0 000110AC 00000000 0001 0 0 0 F8FFFFFF
40 0 0
eth1 0001A8C0 00000000 0001 0 0 0 00FFFFFF
40 0 0
ipsec0 0001A8C0 00000000 0001 0 0 0 00FFFFFF
40 0 0
lo 0000007F 00000000 0001 0 0 0 000000FF
40 0 0
eth1 00000000 0B01A8C0 0003 0 0 0 00000000
40 0 0
+ _________________________ proc/sys/net/ipv4/ip_forward
+ cat /proc/sys/net/ipv4/ip_forward
1
+ _________________________ uname-a
+ uname -a
Linux syslog 2.4.16 #1 SMP Mon Apr 15 12:24:11 EEST 2002 i686 unknown
+ _________________________ redhat-release
+ test -r /etc/redhat-release
+ cat /etc/redhat-release
Red Hat Linux release 7.1 (Seawolf)
+ _________________________ proc/net/ipsec_version
+ cat /proc/net/ipsec_version
FreeS/WAN version: 1.92
+ _________________________ iptables/list
+ iptables -L -v -n
/lib/modules/2.4.16/kernel/net/ipv4/netfilter/ip_tables.o: init_module: Device or
resource busy
/lib/modules/2.4.16/kernel/net/ipv4/netfilter/ip_tables.o: insmod
/lib/modules/2.4.16/kernel/net/ipv4/netfilter/ip_tables.o fa
iled
/lib/modules/2.4.16/kernel/net/ipv4/netfilter/ip_tables.o: insmod ip_tables failed
Hint: insmod errors can be caused by incorrect module parameters, including invalid IO
or IRQ parameters
iptables v1.2.1a: can't initialize iptables table `filter': iptables who? (do you need
to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
+ _________________________ ipchains/list
+ ipchains -L -v -n
Chain input (policy ACCEPT: 124592 packets, 15529115 bytes):
Chain forward (policy ACCEPT: 0 packets, 0 bytes):
Chain output (policy ACCEPT: 81618 packets, 8415812 bytes):
+ _________________________ ipfwadm/forward
+ ipfwadm -F -l -n -e
Chains are empty. (ie. ipfwadm has not been used on them).
+ _________________________ ipfwadm/input
+ ipfwadm -I -l -n -e
Chains are empty. (ie. ipfwadm has not been used on them).
+ _________________________ ipfwadm/output
+ ipfwadm -O -l -n -e
Chains are empty. (ie. ipfwadm has not been used on them).
+ iptables -t nat -L -v -n
/lib/modules/2.4.16/kernel/net/ipv4/netfilter/ip_tables.o: init_module: Device or
resource busy
/lib/modules/2.4.16/kernel/net/ipv4/netfilter/ip_tables.o: insmod
/lib/modules/2.4.16/kernel/net/ipv4/netfilter/ip_tables.o fa
iled
/lib/modules/2.4.16/kernel/net/ipv4/netfilter/ip_tables.o: insmod ip_tables failed
Hint: insmod errors can be caused by incorrect module parameters, including invalid IO
or IRQ parameters
iptables v1.2.1a: can't initialize iptables table `nat': iptables who? (do you need to
insmod?)
Perhaps iptables or your kernel needs to be upgraded.
+ _________________________ ipchains/masq
+ ipchains -M -L -v -n
IP masquerading entries
+ _________________________ ipfwadm/masq
+ ipfwadm -M -l -n -e
IP masquerading entries
+ _________________________ iptables/mangle
+ iptables -t mangle -L -v -n
/lib/modules/2.4.16/kernel/net/ipv4/netfilter/ip_tables.o: init_module: Device or
resource busy
/lib/modules/2.4.16/kernel/net/ipv4/netfilter/ip_tables.o: insmod
/lib/modules/2.4.16/kernel/net/ipv4/netfilter/ip_tables.o fa
iled
/lib/modules/2.4.16/kernel/net/ipv4/netfilter/ip_tables.o: insmod ip_tables failed
Hint: insmod errors can be caused by incorrect module parameters, including invalid IO
or IRQ parameters
iptables v1.2.1a: can't initialize iptables table `mangle': iptables who? (do you need
to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
+ _________________________ proc/modules
+ cat /proc/modules
3c509 7216 0 (autoclean) (unused)
3c59x 25920 2 (autoclean)
+ _________________________ proc/meminfo
+ cat /proc/meminfo
total: used: free: shared: buffers: cached:
Mem: 129437696 120430592 9007104 0 12402688 68218880
Swap: 425738240 2138112 423600128
MemTotal: 126404 kB
MemFree: 8796 kB
MemShared: 0 kB
Buffers: 12112 kB
Cached: 65340 kB
SwapCached: 1280 kB
Active: 63288 kB
Inactive: 30756 kB
HighTotal: 0 kB
HighFree: 0 kB
LowTotal: 126404 kB
LowFree: 8796 kB
SwapTotal: 415760 kB
SwapFree: 413672 kB
+ _________________________ dev/ipsec-ls
+ ls -l '/dev/ipsec*'
ls: /dev/ipsec*: No such file or directory
+ _________________________ proc/net/ipsec-ls
+ ls -l /proc/net/ipsec_eroute /proc/net/ipsec_klipsdebug /proc/net/ipsec_spi
+/proc/net/ipsec_spigrp /proc/net/ipsec_tncfg /pr
oc/net/ipsec_version
-r--r--r-- 1 root root 0 Apr 16 16:19 /proc/net/ipsec_eroute
-r--r--r-- 1 root root 0 Apr 16 16:19 /proc/net/ipsec_klipsdebug
-r--r--r-- 1 root root 0 Apr 16 16:19 /proc/net/ipsec_spi
-r--r--r-- 1 root root 0 Apr 16 16:19 /proc/net/ipsec_spigrp
-r--r--r-- 1 root root 0 Apr 16 16:19 /proc/net/ipsec_tncfg
-r--r--r-- 1 root root 0 Apr 16 16:19 /proc/net/ipsec_version
+ _________________________ usr/src/linux/.config
+ test -f /usr/src/linux/.config
+ egrep 'IP|NETLINK' /usr/src/linux/.config
# CONFIG_MWINCHIPC6 is not set
# CONFIG_MWINCHIP2 is not set
# CONFIG_MWINCHIP3D is not set
CONFIG_SYSVIPC=y
# CONFIG_MD_MULTIPATH is not set
CONFIG_NETLINK=y
# CONFIG_RTNETLINK is not set
# CONFIG_NETLINK_DEV is not set
CONFIG_IP_MULTICAST=y
# CONFIG_IP_ADVANCED_ROUTER is not set
# CONFIG_IP_PNP is not set
CONFIG_NET_IPIP=m
CONFIG_NET_IPGRE=m
CONFIG_NET_IPGRE_BROADCAST=y
# CONFIG_IP_MROUTE is not set
# IP: Netfilter Configuration
CONFIG_IP_NF_CONNTRACK=m
CONFIG_IP_NF_FTP=m
# CONFIG_IP_NF_IRC is not set
CONFIG_IP_NF_IPTABLES=m
CONFIG_IP_NF_MATCH_LIMIT=m
CONFIG_IP_NF_MATCH_MAC=m
CONFIG_IP_NF_MATCH_MARK=m
CONFIG_IP_NF_MATCH_MULTIPORT=m
CONFIG_IP_NF_MATCH_TOS=m
CONFIG_IP_NF_MATCH_LENGTH=m
CONFIG_IP_NF_MATCH_TTL=m
CONFIG_IP_NF_MATCH_TCPMSS=m
CONFIG_IP_NF_MATCH_STATE=m
CONFIG_IP_NF_FILTER=m
CONFIG_IP_NF_TARGET_REJECT=m
CONFIG_IP_NF_NAT=m
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=m
CONFIG_IP_NF_TARGET_REDIRECT=m
CONFIG_IP_NF_NAT_FTP=m
CONFIG_IP_NF_MANGLE=m
CONFIG_IP_NF_TARGET_TOS=m
CONFIG_IP_NF_TARGET_MARK=m
CONFIG_IP_NF_TARGET_LOG=m
CONFIG_IP_NF_TARGET_TCPMSS=m
CONFIG_IP_NF_COMPAT_IPCHAINS=y
CONFIG_IP_NF_NAT_NEEDED=y
# CONFIG_IPX is not set
CONFIG_IPSEC=y
CONFIG_IPSEC_IPIP=y
CONFIG_IPSEC_AH=y
CONFIG_IPSEC_AUTH_HMAC_MD5=y
CONFIG_IPSEC_AUTH_HMAC_SHA1=y
CONFIG_IPSEC_ESP=y
CONFIG_IPSEC_ENC_3DES=y
CONFIG_IPSEC_IPCOMP=y
CONFIG_IPSEC_DEBUG=y
# CONFIG_IDEDMA_PCI_WIP is not set
# CONFIG_IDE_CHIPSETS is not set
# CONFIG_TULIP is not set
# CONFIG_PLIP is not set
# CONFIG_SLIP is not set
+ _________________________ kern.debug
+ test -f /var/log/kern.debug
+ _________________________ klog
+ sed -n '1262,$p' /var/log/messages
+ egrep -i 'ipsec|klips|pluto'
+ cat
Apr 16 15:48:44 syslog ipsec_setup: Starting FreeS/WAN IPsec 1.92...
Apr 16 15:48:44 syslog ipsec_setup: KLIPS debug `none'
Apr 16 15:48:45 syslog ipsec_setup: KLIPS ipsec0 on eth1 192.168.1.4/255.255.255.0
broadcast 192.168.1.255
Apr 16 15:48:45 syslog ipsec_setup: ...FreeS/WAN IPsec started
Apr 16 15:48:46 syslog ipsec__plutorun: ipsec_auto: fatal error in "rw_pgp-syslog":
(/etc/ipsec.conf, line 16) unknown paramet
er name "rightxthop"
+ _________________________ plog
+ sed -n '23,$p' /var/log/secure
+ egrep -i pluto
+ cat
Apr 16 15:48:45 syslog Pluto[20263]: Starting Pluto (FreeS/WAN Version 1.92)
Apr 16 15:48:46 syslog Pluto[20263]: listening for IKE messages
Apr 16 15:48:46 syslog Pluto[20263]: adding interface ipsec0/eth1 192.168.1.4
Apr 16 15:48:46 syslog Pluto[20263]: loading secrets from "/etc/ipsec.secrets"
+ _________________________ date
+ date
Tue Apr 16 16:20:43 EEST 2002
---
Pentru dezabonare, trimiteti mail la
[EMAIL PROTECTED] cu subiectul 'unsubscribe rlug'.
REGULI, arhive si alte informatii: http://www.lug.ro/mlist/
