domac Tue Nov 23 03:33:07 CET 2021 + _________________________ version + + ipsec --version Linux Libreswan 4.5 (XFRM) on 4.19.0-17-amd64 + _________________________ /proc/version + + cat /proc/version Linux version 4.19.0-17-amd64 (debian-kernel@lists.debian.org) (gcc version 8.3.0 (Debian 8.3.0-6)) #1 SMP Debian 4.19.194-3 (2021-07-18) + [ -r /proc/sys/net/core/xfrm_acq_expires ] + _________________________ ip-xfrm-state + + ip xfrm state + _________________________ ip-xfrm-policy + + ip xfrm policy src ::/0 dst ::/0 socket out priority 0 ptype main src ::/0 dst ::/0 socket in priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket out priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket in priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket out priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket in priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket out priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket in priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket out priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket in priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket out priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket in priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket out priority 0 ptype main src 0.0.0.0/0 dst 0.0.0.0/0 socket in priority 0 ptype main src ::/0 dst ::/0 proto ipv6-icmp type 135 dir out priority 1 ptype main src ::/0 dst ::/0 proto ipv6-icmp type 135 dir fwd priority 1 ptype main src ::/0 dst ::/0 proto ipv6-icmp type 135 dir in priority 1 ptype main src ::/0 dst ::/0 proto ipv6-icmp type 136 dir out priority 1 ptype main src ::/0 dst ::/0 proto ipv6-icmp type 136 dir fwd priority 1 ptype main src ::/0 dst ::/0 proto ipv6-icmp type 136 dir in priority 1 ptype main + _________________________ cat-proc-net-xfrm_stat + + cat /proc/net/xfrm_stat cat: /proc/net/xfrm_stat: No such file or directory + _________________________ ip-l2tp-tunnel + + [ -d /sys/module/l2tp_core ] + ip l2tp show tunnel + _________________________ ip-l2tp-session + + ip l2tp show session + [ -d /sys/module/ip_vti ] + _________________________ ip-tunnel + + ip -s tunnel show ip_vti0: ip/ip remote any local any ttl inherit nopmtudisc key 0 RX: Packets Bytes Errors CsumErrs OutOfSeq Mcasts 0 0 0 0 0 0 TX: Packets Bytes Errors DeadLoop NoRoute NoBufs 0 0 0 0 0 0 + _________________________ /proc/crypto + + [ -r /proc/crypto ] + cat /proc/crypto name : echainiv(authenc(hmac(sha1),cbc(aes))) driver : echainiv(authenc(hmac(sha1-avx),cbc-aes-aesni)) module : echainiv priority : 4160 refcnt : 1 selftest : passed internal : no type : aead async : yes blocksize : 16 ivsize : 16 maxauthsize : 20 geniv : name : authenc(hmac(sha1),cbc(aes)) driver : authenc(hmac(sha1-avx),cbc-aes-aesni) module : authenc priority : 4160 refcnt : 1 selftest : passed internal : no type : aead async : yes blocksize : 16 ivsize : 16 maxauthsize : 20 geniv : name : hmac(sha1) driver : hmac(sha1-avx) module : kernel priority : 160 refcnt : 1 selftest : passed internal : no type : shash blocksize : 64 digestsize : 20 name : sha1 driver : sha1-avx module : sha1_ssse3 priority : 160 refcnt : 1 selftest : passed internal : no type : shash blocksize : 64 digestsize : 20 name : sha1 driver : sha1-ssse3 module : sha1_ssse3 priority : 150 refcnt : 1 selftest : passed internal : no type : shash blocksize : 64 digestsize : 20 name : poly1305 driver : poly1305-simd module : poly1305_x86_64 priority : 300 refcnt : 1 selftest : passed internal : no type : shash blocksize : 16 digestsize : 16 name : poly1305 driver : poly1305-generic module : poly1305_generic priority : 100 refcnt : 1 selftest : passed internal : no type : shash blocksize : 16 digestsize : 16 name : __morus640 driver : cryptd(__morus640-sse2) module : cryptd priority : 50 refcnt : 1 selftest : passed internal : yes type : aead async : yes blocksize : 1 ivsize : 16 maxauthsize : 16 geniv : name : morus640 driver : morus640-sse2 module : morus640_sse2 priority : 400 refcnt : 1 selftest : passed internal : no type : aead async : yes blocksize : 1 ivsize : 16 maxauthsize : 16 geniv : name : __morus640 driver : __morus640-sse2 module : morus640_sse2 priority : 0 refcnt : 1 selftest : passed internal : yes type : aead async : no blocksize : 1 ivsize : 16 maxauthsize : 16 geniv : name : __morus1280 driver : cryptd(__morus1280-sse2) module : cryptd priority : 50 refcnt : 1 selftest : passed internal : yes type : aead async : yes blocksize : 1 ivsize : 16 maxauthsize : 16 geniv : name : morus1280 driver : morus1280-sse2 module : morus1280_sse2 priority : 350 refcnt : 1 selftest : passed internal : no type : aead async : yes blocksize : 1 ivsize : 16 maxauthsize : 16 geniv : name : __morus1280 driver : __morus1280-sse2 module : morus1280_sse2 priority : 0 refcnt : 1 selftest : passed internal : yes type : aead async : no blocksize : 1 ivsize : 16 maxauthsize : 16 geniv : name : ctr(des3_ede) driver : ctr-des3_ede-asm module : des3_ede_x86_64 priority : 300 refcnt : 1 selftest : passed internal : no type : skcipher async : no blocksize : 1 min keysize : 24 max keysize : 24 ivsize : 8 chunksize : 8 walksize : 8 name : cbc(des3_ede) driver : cbc-des3_ede-asm module : des3_ede_x86_64 priority : 300 refcnt : 1 selftest : passed internal : no type : skcipher async : no blocksize : 8 min keysize : 24 max keysize : 24 ivsize : 8 chunksize : 8 walksize : 8 name : ecb(des3_ede) driver : ecb-des3_ede-asm module : des3_ede_x86_64 priority : 300 refcnt : 1 selftest : passed internal : no type : skcipher async : no blocksize : 8 min keysize : 24 max keysize : 24 ivsize : 0 chunksize : 8 walksize : 8 name : des3_ede driver : des3_ede-asm module : des3_ede_x86_64 priority : 200 refcnt : 1 selftest : passed internal : no type : cipher blocksize : 8 min keysize : 24 max keysize : 24 name : chacha20 driver : chacha20-simd module : chacha20_x86_64 priority : 300 refcnt : 1 selftest : passed internal : no type : skcipher async : no blocksize : 1 min keysize : 32 max keysize : 32 ivsize : 16 chunksize : 64 walksize : 64 name : chacha20 driver : chacha20-generic module : chacha20_generic priority : 100 refcnt : 1 selftest : passed internal : no type : skcipher async : no blocksize : 1 min keysize : 32 max keysize : 32 ivsize : 16 chunksize : 64 walksize : 64 name : __aegis256 driver : cryptd(__aegis256-aesni) module : cryptd priority : 50 refcnt : 1 selftest : passed internal : yes type : aead async : yes blocksize : 1 ivsize : 32 maxauthsize : 16 geniv : name : aegis256 driver : aegis256-aesni module : aegis256_aesni priority : 400 refcnt : 1 selftest : passed internal : no type : aead async : yes blocksize : 1 ivsize : 32 maxauthsize : 16 geniv : name : __aegis256 driver : __aegis256-aesni module : aegis256_aesni priority : 0 refcnt : 1 selftest : passed internal : yes type : aead async : no blocksize : 1 ivsize : 32 maxauthsize : 16 geniv : name : __aegis128l driver : cryptd(__aegis128l-aesni) module : cryptd priority : 50 refcnt : 1 selftest : passed internal : yes type : aead async : yes blocksize : 1 ivsize : 16 maxauthsize : 16 geniv : name : aegis128l driver : aegis128l-aesni module : aegis128l_aesni priority : 400 refcnt : 1 selftest : passed internal : no type : aead async : yes blocksize : 1 ivsize : 16 maxauthsize : 16 geniv : name : __aegis128l driver : __aegis128l-aesni module : aegis128l_aesni priority : 0 refcnt : 1 selftest : passed internal : yes type : aead async : no blocksize : 1 ivsize : 16 maxauthsize : 16 geniv : name : __aegis128 driver : cryptd(__aegis128-aesni) module : cryptd priority : 50 refcnt : 1 selftest : passed internal : yes type : aead async : yes blocksize : 1 ivsize : 16 maxauthsize : 16 geniv : name : aegis128 driver : aegis128-aesni module : aegis128_aesni priority : 400 refcnt : 1 selftest : passed internal : no type : aead async : yes blocksize : 1 ivsize : 16 maxauthsize : 16 geniv : name : __aegis128 driver : __aegis128-aesni module : aegis128_aesni priority : 0 refcnt : 1 selftest : passed internal : yes type : aead async : no blocksize : 1 ivsize : 16 maxauthsize : 16 geniv : name : camellia driver : camellia-generic module : camellia_generic priority : 100 refcnt : 1 selftest : passed internal : no type : cipher blocksize : 16 min keysize : 16 max keysize : 32 name : __xts(camellia) driver : cryptd(__xts-camellia-aesni) module : cryptd priority : 450 refcnt : 1 selftest : passed internal : yes type : skcipher async : yes blocksize : 16 min keysize : 32 max keysize : 64 ivsize : 16 chunksize : 16 walksize : 16 name : xts(camellia) driver : xts-camellia-aesni module : camellia_aesni_avx_x86_64 priority : 400 refcnt : 1 selftest : passed internal : no type : skcipher async : yes blocksize : 16 min keysize : 32 max keysize : 64 ivsize : 16 chunksize : 16 walksize : 16 name : __ctr(camellia) driver : cryptd(__ctr-camellia-aesni) module : cryptd priority : 450 refcnt : 1 selftest : passed internal : yes type : skcipher async : yes blocksize : 1 min keysize : 16 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16 name : ctr(camellia) driver : ctr-camellia-aesni module : camellia_aesni_avx_x86_64 priority : 400 refcnt : 1 selftest : passed internal : no type : skcipher async : yes blocksize : 1 min keysize : 16 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16 name : __cbc(camellia) driver : cryptd(__cbc-camellia-aesni) module : cryptd priority : 450 refcnt : 1 selftest : passed internal : yes type : skcipher async : yes blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16 name : cbc(camellia) driver : cbc-camellia-aesni module : camellia_aesni_avx_x86_64 priority : 400 refcnt : 1 selftest : passed internal : no type : skcipher async : yes blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16 name : __ecb(camellia) driver : cryptd(__ecb-camellia-aesni) module : cryptd priority : 450 refcnt : 1 selftest : passed internal : yes type : skcipher async : yes blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 0 chunksize : 16 walksize : 16 name : ecb(camellia) driver : ecb-camellia-aesni module : camellia_aesni_avx_x86_64 priority : 400 refcnt : 1 selftest : passed internal : no type : skcipher async : yes blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 0 chunksize : 16 walksize : 16 name : __xts(camellia) driver : __xts-camellia-aesni module : camellia_aesni_avx_x86_64 priority : 400 refcnt : 1 selftest : passed internal : yes type : skcipher async : no blocksize : 16 min keysize : 32 max keysize : 64 ivsize : 16 chunksize : 16 walksize : 16 name : __ctr(camellia) driver : __ctr-camellia-aesni module : camellia_aesni_avx_x86_64 priority : 400 refcnt : 1 selftest : passed internal : yes type : skcipher async : no blocksize : 1 min keysize : 16 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16 name : __cbc(camellia) driver : __cbc-camellia-aesni module : camellia_aesni_avx_x86_64 priority : 400 refcnt : 1 selftest : passed internal : yes type : skcipher async : no blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16 name : __ecb(camellia) driver : __ecb-camellia-aesni module : camellia_aesni_avx_x86_64 priority : 400 refcnt : 1 selftest : passed internal : yes type : skcipher async : no blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 0 chunksize : 16 walksize : 16 name : ctr(camellia) driver : ctr-camellia-asm module : camellia_x86_64 priority : 300 refcnt : 1 selftest : passed internal : no type : skcipher async : no blocksize : 1 min keysize : 16 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16 name : cbc(camellia) driver : cbc-camellia-asm module : camellia_x86_64 priority : 300 refcnt : 1 selftest : passed internal : no type : skcipher async : no blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16 name : ecb(camellia) driver : ecb-camellia-asm module : camellia_x86_64 priority : 300 refcnt : 1 selftest : passed internal : no type : skcipher async : no blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 0 chunksize : 16 walksize : 16 name : camellia driver : camellia-asm module : camellia_x86_64 priority : 200 refcnt : 1 selftest : passed internal : no type : cipher blocksize : 16 min keysize : 16 max keysize : 32 name : __xts(cast6) driver : cryptd(__xts-cast6-avx) module : cryptd priority : 250 refcnt : 1 selftest : passed internal : yes type : skcipher async : yes blocksize : 16 min keysize : 32 max keysize : 64 ivsize : 16 chunksize : 16 walksize : 16 name : xts(cast6) driver : xts-cast6-avx module : cast6_avx_x86_64 priority : 200 refcnt : 1 selftest : passed internal : no type : skcipher async : yes blocksize : 16 min keysize : 32 max keysize : 64 ivsize : 16 chunksize : 16 walksize : 16 name : __ctr(cast6) driver : cryptd(__ctr-cast6-avx) module : cryptd priority : 250 refcnt : 1 selftest : passed internal : yes type : skcipher async : yes blocksize : 1 min keysize : 16 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16 name : ctr(cast6) driver : ctr-cast6-avx module : cast6_avx_x86_64 priority : 200 refcnt : 1 selftest : passed internal : no type : skcipher async : yes blocksize : 1 min keysize : 16 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16 name : __cbc(cast6) driver : cryptd(__cbc-cast6-avx) module : cryptd priority : 250 refcnt : 1 selftest : passed internal : yes type : skcipher async : yes blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16 name : cbc(cast6) driver : cbc-cast6-avx module : cast6_avx_x86_64 priority : 200 refcnt : 1 selftest : passed internal : no type : skcipher async : yes blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16 name : __ecb(cast6) driver : cryptd(__ecb-cast6-avx) module : cryptd priority : 250 refcnt : 1 selftest : passed internal : yes type : skcipher async : yes blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 0 chunksize : 16 walksize : 16 name : ecb(cast6) driver : ecb-cast6-avx module : cast6_avx_x86_64 priority : 200 refcnt : 1 selftest : passed internal : no type : skcipher async : yes blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 0 chunksize : 16 walksize : 16 name : __xts(cast6) driver : __xts-cast6-avx module : cast6_avx_x86_64 priority : 200 refcnt : 1 selftest : passed internal : yes type : skcipher async : no blocksize : 16 min keysize : 32 max keysize : 64 ivsize : 16 chunksize : 16 walksize : 16 name : __ctr(cast6) driver : __ctr-cast6-avx module : cast6_avx_x86_64 priority : 200 refcnt : 1 selftest : passed internal : yes type : skcipher async : no blocksize : 1 min keysize : 16 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16 name : __cbc(cast6) driver : __cbc-cast6-avx module : cast6_avx_x86_64 priority : 200 refcnt : 1 selftest : passed internal : yes type : skcipher async : no blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16 name : __ecb(cast6) driver : __ecb-cast6-avx module : cast6_avx_x86_64 priority : 200 refcnt : 1 selftest : passed internal : yes type : skcipher async : no blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 0 chunksize : 16 walksize : 16 name : cast6 driver : cast6-generic module : cast6_generic priority : 100 refcnt : 1 selftest : passed internal : no type : cipher blocksize : 16 min keysize : 16 max keysize : 32 name : __ctr(cast5) driver : cryptd(__ctr-cast5-avx) module : cryptd priority : 250 refcnt : 1 selftest : passed internal : yes type : skcipher async : yes blocksize : 1 min keysize : 5 max keysize : 16 ivsize : 8 chunksize : 8 walksize : 8 name : ctr(cast5) driver : ctr-cast5-avx module : cast5_avx_x86_64 priority : 200 refcnt : 1 selftest : passed internal : no type : skcipher async : yes blocksize : 1 min keysize : 5 max keysize : 16 ivsize : 8 chunksize : 8 walksize : 8 name : __cbc(cast5) driver : cryptd(__cbc-cast5-avx) module : cryptd priority : 250 refcnt : 1 selftest : passed internal : yes type : skcipher async : yes blocksize : 8 min keysize : 5 max keysize : 16 ivsize : 8 chunksize : 8 walksize : 8 name : cbc(cast5) driver : cbc-cast5-avx module : cast5_avx_x86_64 priority : 200 refcnt : 1 selftest : passed internal : no type : skcipher async : yes blocksize : 8 min keysize : 5 max keysize : 16 ivsize : 8 chunksize : 8 walksize : 8 name : __ecb(cast5) driver : cryptd(__ecb-cast5-avx) module : cryptd priority : 250 refcnt : 1 selftest : passed internal : yes type : skcipher async : yes blocksize : 8 min keysize : 5 max keysize : 16 ivsize : 0 chunksize : 8 walksize : 8 name : ecb(cast5) driver : ecb-cast5-avx module : cast5_avx_x86_64 priority : 200 refcnt : 1 selftest : passed internal : no type : skcipher async : yes blocksize : 8 min keysize : 5 max keysize : 16 ivsize : 0 chunksize : 8 walksize : 8 name : __ctr(cast5) driver : __ctr-cast5-avx module : cast5_avx_x86_64 priority : 200 refcnt : 1 selftest : passed internal : yes type : skcipher async : no blocksize : 1 min keysize : 5 max keysize : 16 ivsize : 8 chunksize : 8 walksize : 8 name : __cbc(cast5) driver : __cbc-cast5-avx module : cast5_avx_x86_64 priority : 200 refcnt : 1 selftest : passed internal : yes type : skcipher async : no blocksize : 8 min keysize : 5 max keysize : 16 ivsize : 8 chunksize : 8 walksize : 8 name : __ecb(cast5) driver : __ecb-cast5-avx module : cast5_avx_x86_64 priority : 200 refcnt : 1 selftest : passed internal : yes type : skcipher async : no blocksize : 8 min keysize : 5 max keysize : 16 ivsize : 0 chunksize : 8 walksize : 8 name : cast5 driver : cast5-generic module : cast5_generic priority : 100 refcnt : 1 selftest : passed internal : no type : cipher blocksize : 8 min keysize : 5 max keysize : 16 name : __xts(serpent) driver : cryptd(__xts-serpent-avx) module : cryptd priority : 550 refcnt : 1 selftest : passed internal : yes type : skcipher async : yes blocksize : 16 min keysize : 0 max keysize : 64 ivsize : 16 chunksize : 16 walksize : 16 name : xts(serpent) driver : xts-serpent-avx module : serpent_avx_x86_64 priority : 500 refcnt : 1 selftest : passed internal : no type : skcipher async : yes blocksize : 16 min keysize : 0 max keysize : 64 ivsize : 16 chunksize : 16 walksize : 16 name : __ctr(serpent) driver : cryptd(__ctr-serpent-avx) module : cryptd priority : 550 refcnt : 1 selftest : passed internal : yes type : skcipher async : yes blocksize : 1 min keysize : 0 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16 name : ctr(serpent) driver : ctr-serpent-avx module : serpent_avx_x86_64 priority : 500 refcnt : 1 selftest : passed internal : no type : skcipher async : yes blocksize : 1 min keysize : 0 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16 name : __cbc(serpent) driver : cryptd(__cbc-serpent-avx) module : cryptd priority : 550 refcnt : 1 selftest : passed internal : yes type : skcipher async : yes blocksize : 16 min keysize : 0 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16 name : cbc(serpent) driver : cbc-serpent-avx module : serpent_avx_x86_64 priority : 500 refcnt : 1 selftest : passed internal : no type : skcipher async : yes blocksize : 16 min keysize : 0 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16 name : __ecb(serpent) driver : cryptd(__ecb-serpent-avx) module : cryptd priority : 550 refcnt : 1 selftest : passed internal : yes type : skcipher async : yes blocksize : 16 min keysize : 0 max keysize : 32 ivsize : 0 chunksize : 16 walksize : 16 name : ecb(serpent) driver : ecb-serpent-avx module : serpent_avx_x86_64 priority : 500 refcnt : 1 selftest : passed internal : no type : skcipher async : yes blocksize : 16 min keysize : 0 max keysize : 32 ivsize : 0 chunksize : 16 walksize : 16 name : __xts(serpent) driver : __xts-serpent-avx module : serpent_avx_x86_64 priority : 500 refcnt : 1 selftest : passed internal : yes type : skcipher async : no blocksize : 16 min keysize : 0 max keysize : 64 ivsize : 16 chunksize : 16 walksize : 16 name : __ctr(serpent) driver : __ctr-serpent-avx module : serpent_avx_x86_64 priority : 500 refcnt : 1 selftest : passed internal : yes type : skcipher async : no blocksize : 1 min keysize : 0 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16 name : __cbc(serpent) driver : __cbc-serpent-avx module : serpent_avx_x86_64 priority : 500 refcnt : 1 selftest : passed internal : yes type : skcipher async : no blocksize : 16 min keysize : 0 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16 name : __ecb(serpent) driver : __ecb-serpent-avx module : serpent_avx_x86_64 priority : 500 refcnt : 1 selftest : passed internal : yes type : skcipher async : no blocksize : 16 min keysize : 0 max keysize : 32 ivsize : 0 chunksize : 16 walksize : 16 name : ctr(serpent) driver : ctr-serpent-sse2 module : serpent_sse2_x86_64 priority : 400 refcnt : 1 selftest : passed internal : no type : skcipher async : yes blocksize : 1 min keysize : 0 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16 name : cbc(serpent) driver : cbc-serpent-sse2 module : serpent_sse2_x86_64 priority : 400 refcnt : 1 selftest : passed internal : no type : skcipher async : yes blocksize : 16 min keysize : 0 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16 name : ecb(serpent) driver : ecb-serpent-sse2 module : serpent_sse2_x86_64 priority : 400 refcnt : 1 selftest : passed internal : no type : skcipher async : yes blocksize : 16 min keysize : 0 max keysize : 32 ivsize : 0 chunksize : 16 walksize : 16 name : __ctr(serpent) driver : __ctr-serpent-sse2 module : serpent_sse2_x86_64 priority : 400 refcnt : 1 selftest : passed internal : yes type : skcipher async : no blocksize : 1 min keysize : 0 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16 name : __cbc(serpent) driver : __cbc-serpent-sse2 module : serpent_sse2_x86_64 priority : 400 refcnt : 1 selftest : passed internal : yes type : skcipher async : no blocksize : 16 min keysize : 0 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16 name : __ecb(serpent) driver : __ecb-serpent-sse2 module : serpent_sse2_x86_64 priority : 400 refcnt : 1 selftest : passed internal : yes type : skcipher async : no blocksize : 16 min keysize : 0 max keysize : 32 ivsize : 0 chunksize : 16 walksize : 16 name : tnepres driver : tnepres-generic module : serpent_generic priority : 0 refcnt : 1 selftest : passed internal : no type : cipher blocksize : 16 min keysize : 0 max keysize : 32 name : serpent driver : serpent-generic module : serpent_generic priority : 100 refcnt : 1 selftest : passed internal : no type : cipher blocksize : 16 min keysize : 0 max keysize : 32 name : blowfish driver : blowfish-generic module : blowfish_generic priority : 100 refcnt : 1 selftest : passed internal : no type : cipher blocksize : 8 min keysize : 4 max keysize : 56 name : ctr(blowfish) driver : ctr-blowfish-asm module : blowfish_x86_64 priority : 300 refcnt : 1 selftest : passed internal : no type : skcipher async : no blocksize : 1 min keysize : 4 max keysize : 56 ivsize : 8 chunksize : 8 walksize : 8 name : cbc(blowfish) driver : cbc-blowfish-asm module : blowfish_x86_64 priority : 300 refcnt : 1 selftest : passed internal : no type : skcipher async : no blocksize : 8 min keysize : 4 max keysize : 56 ivsize : 8 chunksize : 8 walksize : 8 name : ecb(blowfish) driver : ecb-blowfish-asm module : blowfish_x86_64 priority : 300 refcnt : 1 selftest : passed internal : no type : skcipher async : no blocksize : 8 min keysize : 4 max keysize : 56 ivsize : 0 chunksize : 8 walksize : 8 name : blowfish driver : blowfish-asm module : blowfish_x86_64 priority : 200 refcnt : 1 selftest : passed internal : no type : cipher blocksize : 8 min keysize : 4 max keysize : 56 name : twofish driver : twofish-generic module : twofish_generic priority : 100 refcnt : 1 selftest : passed internal : no type : cipher blocksize : 16 min keysize : 16 max keysize : 32 name : __xts(twofish) driver : cryptd(__xts-twofish-avx) module : cryptd priority : 450 refcnt : 1 selftest : passed internal : yes type : skcipher async : yes blocksize : 16 min keysize : 32 max keysize : 64 ivsize : 16 chunksize : 16 walksize : 16 name : xts(twofish) driver : xts-twofish-avx module : twofish_avx_x86_64 priority : 400 refcnt : 1 selftest : passed internal : no type : skcipher async : yes blocksize : 16 min keysize : 32 max keysize : 64 ivsize : 16 chunksize : 16 walksize : 16 name : __ctr(twofish) driver : cryptd(__ctr-twofish-avx) module : cryptd priority : 450 refcnt : 1 selftest : passed internal : yes type : skcipher async : yes blocksize : 1 min keysize : 16 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16 name : ctr(twofish) driver : ctr-twofish-avx module : twofish_avx_x86_64 priority : 400 refcnt : 1 selftest : passed internal : no type : skcipher async : yes blocksize : 1 min keysize : 16 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16 name : __cbc(twofish) driver : cryptd(__cbc-twofish-avx) module : cryptd priority : 450 refcnt : 1 selftest : passed internal : yes type : skcipher async : yes blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16 name : cbc(twofish) driver : cbc-twofish-avx module : twofish_avx_x86_64 priority : 400 refcnt : 1 selftest : passed internal : no type : skcipher async : yes blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16 name : __ecb(twofish) driver : cryptd(__ecb-twofish-avx) module : cryptd priority : 450 refcnt : 1 selftest : passed internal : yes type : skcipher async : yes blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 0 chunksize : 16 walksize : 16 name : ecb(twofish) driver : ecb-twofish-avx module : twofish_avx_x86_64 priority : 400 refcnt : 1 selftest : passed internal : no type : skcipher async : yes blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 0 chunksize : 16 walksize : 16 name : __xts(twofish) driver : __xts-twofish-avx module : twofish_avx_x86_64 priority : 400 refcnt : 1 selftest : passed internal : yes type : skcipher async : no blocksize : 16 min keysize : 32 max keysize : 64 ivsize : 16 chunksize : 16 walksize : 16 name : __ctr(twofish) driver : __ctr-twofish-avx module : twofish_avx_x86_64 priority : 400 refcnt : 1 selftest : passed internal : yes type : skcipher async : no blocksize : 1 min keysize : 16 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16 name : __cbc(twofish) driver : __cbc-twofish-avx module : twofish_avx_x86_64 priority : 400 refcnt : 1 selftest : passed internal : yes type : skcipher async : no blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16 name : __ecb(twofish) driver : __ecb-twofish-avx module : twofish_avx_x86_64 priority : 400 refcnt : 1 selftest : passed internal : yes type : skcipher async : no blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 0 chunksize : 16 walksize : 16 name : ctr(twofish) driver : ctr-twofish-3way module : twofish_x86_64_3way priority : 300 refcnt : 1 selftest : passed internal : no type : skcipher async : no blocksize : 1 min keysize : 16 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16 name : cbc(twofish) driver : cbc-twofish-3way module : twofish_x86_64_3way priority : 300 refcnt : 1 selftest : passed internal : no type : skcipher async : no blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16 name : ecb(twofish) driver : ecb-twofish-3way module : twofish_x86_64_3way priority : 300 refcnt : 1 selftest : passed internal : no type : skcipher async : no blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 0 chunksize : 16 walksize : 16 name : twofish driver : twofish-asm module : twofish_x86_64 priority : 200 refcnt : 1 selftest : passed internal : no type : cipher blocksize : 16 min keysize : 16 max keysize : 32 name : sha224 driver : sha224-avx module : sha256_ssse3 priority : 160 refcnt : 1 selftest : passed internal : no type : shash blocksize : 64 digestsize : 28 name : sha256 driver : sha256-avx module : sha256_ssse3 priority : 160 refcnt : 1 selftest : passed internal : no type : shash blocksize : 64 digestsize : 32 name : sha224 driver : sha224-ssse3 module : sha256_ssse3 priority : 150 refcnt : 1 selftest : passed internal : no type : shash blocksize : 64 digestsize : 28 name : sha256 driver : sha256-ssse3 module : sha256_ssse3 priority : 150 refcnt : 1 selftest : passed internal : no type : shash blocksize : 64 digestsize : 32 name : sha384 driver : sha384-avx module : sha512_ssse3 priority : 160 refcnt : 1 selftest : passed internal : no type : shash blocksize : 128 digestsize : 48 name : sha512 driver : sha512-avx module : sha512_ssse3 priority : 160 refcnt : 1 selftest : passed internal : no type : shash blocksize : 128 digestsize : 64 name : sha384 driver : sha384-ssse3 module : sha512_ssse3 priority : 150 refcnt : 1 selftest : passed internal : no type : shash blocksize : 128 digestsize : 48 name : sha512 driver : sha512-ssse3 module : sha512_ssse3 priority : 150 refcnt : 1 selftest : passed internal : no type : shash blocksize : 128 digestsize : 64 name : sha384 driver : sha384-generic module : sha512_generic priority : 100 refcnt : 1 selftest : passed internal : no type : shash blocksize : 128 digestsize : 48 name : sha512 driver : sha512-generic module : sha512_generic priority : 100 refcnt : 1 selftest : passed internal : no type : shash blocksize : 128 digestsize : 64 name : des3_ede driver : des3_ede-generic module : des_generic priority : 100 refcnt : 1 selftest : passed internal : no type : cipher blocksize : 8 min keysize : 24 max keysize : 24 name : des driver : des-generic module : des_generic priority : 100 refcnt : 1 selftest : passed internal : no type : cipher blocksize : 8 min keysize : 8 max keysize : 8 name : stdrng driver : drbg_nopr_hmac_sha256 module : drbg priority : 207 refcnt : 2 selftest : passed internal : no type : rng seedsize : 0 name : stdrng driver : drbg_nopr_hmac_sha512 module : drbg priority : 206 refcnt : 1 selftest : passed internal : no type : rng seedsize : 0 name : stdrng driver : drbg_nopr_hmac_sha384 module : drbg priority : 205 refcnt : 1 selftest : passed internal : no type : rng seedsize : 0 name : stdrng driver : drbg_nopr_hmac_sha1 module : drbg priority : 204 refcnt : 1 selftest : passed internal : no type : rng seedsize : 0 name : stdrng driver : drbg_pr_hmac_sha256 module : drbg priority : 203 refcnt : 1 selftest : passed internal : no type : rng seedsize : 0 name : stdrng driver : drbg_pr_hmac_sha512 module : drbg priority : 202 refcnt : 1 selftest : passed internal : no type : rng seedsize : 0 name : stdrng driver : drbg_pr_hmac_sha384 module : drbg priority : 201 refcnt : 1 selftest : passed internal : no type : rng seedsize : 0 name : stdrng driver : drbg_pr_hmac_sha1 module : drbg priority : 200 refcnt : 1 selftest : passed internal : no type : rng seedsize : 0 name : fips(ansi_cprng) driver : fips_ansi_cprng module : ansi_cprng priority : 300 refcnt : 1 selftest : passed internal : no type : rng seedsize : 48 name : stdrng driver : ansi_cprng module : ansi_cprng priority : 100 refcnt : 1 selftest : passed internal : no type : rng seedsize : 48 name : ecdh driver : ecdh-generic module : ecdh_generic priority : 100 refcnt : 1 selftest : passed internal : no type : kpp name : crct10dif driver : crct10dif-pclmul module : crct10dif_pclmul priority : 200 refcnt : 1 selftest : passed internal : no type : shash blocksize : 1 digestsize : 2 name : crc32 driver : crc32-pclmul module : crc32_pclmul priority : 200 refcnt : 1 selftest : passed internal : no type : shash blocksize : 1 digestsize : 4 name : __ghash driver : cryptd(__ghash-pclmulqdqni) module : cryptd priority : 50 refcnt : 1 selftest : passed internal : yes type : ahash async : yes blocksize : 16 digestsize : 16 name : ghash driver : ghash-clmulni module : ghash_clmulni_intel priority : 400 refcnt : 1 selftest : passed internal : no type : ahash async : yes blocksize : 16 digestsize : 16 name : __ghash driver : __ghash-pclmulqdqni module : ghash_clmulni_intel priority : 0 refcnt : 1 selftest : passed internal : yes type : shash blocksize : 16 digestsize : 16 name : crc32c driver : crc32c-generic module : crc32c_generic priority : 100 refcnt : 1 selftest : passed internal : no type : shash blocksize : 1 digestsize : 4 name : crc32c driver : crc32c-intel module : crc32c_intel priority : 200 refcnt : 13 selftest : passed internal : no type : shash blocksize : 1 digestsize : 4 name : __xts(aes) driver : cryptd(__xts-aes-aesni) module : cryptd priority : 451 refcnt : 1 selftest : passed internal : yes type : skcipher async : yes blocksize : 16 min keysize : 32 max keysize : 64 ivsize : 16 chunksize : 16 walksize : 16 name : xts(aes) driver : xts-aes-aesni module : aesni_intel priority : 401 refcnt : 1 selftest : passed internal : no type : skcipher async : yes blocksize : 16 min keysize : 32 max keysize : 64 ivsize : 16 chunksize : 16 walksize : 16 name : __ctr(aes) driver : cryptd(__ctr-aes-aesni) module : cryptd priority : 450 refcnt : 1 selftest : passed internal : yes type : skcipher async : yes blocksize : 1 min keysize : 16 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16 name : ctr(aes) driver : ctr-aes-aesni module : aesni_intel priority : 400 refcnt : 1 selftest : passed internal : no type : skcipher async : yes blocksize : 1 min keysize : 16 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16 name : __cbc(aes) driver : cryptd(__cbc-aes-aesni) module : cryptd priority : 450 refcnt : 1 selftest : passed internal : yes type : skcipher async : yes blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16 name : cbc(aes) driver : cbc-aes-aesni module : aesni_intel priority : 400 refcnt : 1 selftest : passed internal : no type : skcipher async : yes blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16 name : __ecb(aes) driver : cryptd(__ecb-aes-aesni) module : cryptd priority : 450 refcnt : 1 selftest : passed internal : yes type : skcipher async : yes blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 0 chunksize : 16 walksize : 16 name : ecb(aes) driver : ecb-aes-aesni module : aesni_intel priority : 400 refcnt : 1 selftest : passed internal : no type : skcipher async : yes blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 0 chunksize : 16 walksize : 16 name : __generic-gcm-aes-aesni driver : cryptd(__driver-generic-gcm-aes-aesni) module : cryptd priority : 50 refcnt : 1 selftest : passed internal : yes type : aead async : yes blocksize : 1 ivsize : 12 maxauthsize : 16 geniv : name : gcm(aes) driver : generic-gcm-aesni module : aesni_intel priority : 400 refcnt : 1 selftest : passed internal : no type : aead async : yes blocksize : 1 ivsize : 12 maxauthsize : 16 geniv : name : __generic-gcm-aes-aesni driver : __driver-generic-gcm-aes-aesni module : aesni_intel priority : 0 refcnt : 1 selftest : passed internal : yes type : aead async : no blocksize : 1 ivsize : 12 maxauthsize : 16 geniv : name : __gcm-aes-aesni driver : cryptd(__driver-gcm-aes-aesni) module : cryptd priority : 50 refcnt : 1 selftest : passed internal : yes type : aead async : yes blocksize : 1 ivsize : 8 maxauthsize : 16 geniv : name : rfc4106(gcm(aes)) driver : rfc4106-gcm-aesni module : aesni_intel priority : 400 refcnt : 1 selftest : passed internal : no type : aead async : yes blocksize : 1 ivsize : 8 maxauthsize : 16 geniv : name : __gcm-aes-aesni driver : __driver-gcm-aes-aesni module : aesni_intel priority : 0 refcnt : 1 selftest : passed internal : yes type : aead async : no blocksize : 1 ivsize : 8 maxauthsize : 16 geniv : name : __xts(aes) driver : __xts-aes-aesni module : aesni_intel priority : 401 refcnt : 1 selftest : passed internal : yes type : skcipher async : no blocksize : 16 min keysize : 32 max keysize : 64 ivsize : 16 chunksize : 16 walksize : 16 name : __ctr(aes) driver : __ctr-aes-aesni module : aesni_intel priority : 400 refcnt : 1 selftest : passed internal : yes type : skcipher async : no blocksize : 1 min keysize : 16 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16 name : __cbc(aes) driver : __cbc-aes-aesni module : aesni_intel priority : 400 refcnt : 1 selftest : passed internal : yes type : skcipher async : no blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 16 chunksize : 16 walksize : 16 name : __ecb(aes) driver : __ecb-aes-aesni module : aesni_intel priority : 400 refcnt : 1 selftest : passed internal : yes type : skcipher async : no blocksize : 16 min keysize : 16 max keysize : 32 ivsize : 0 chunksize : 16 walksize : 16 name : __aes driver : __aes-aesni module : aesni_intel priority : 300 refcnt : 1 selftest : passed internal : yes type : cipher blocksize : 16 min keysize : 16 max keysize : 32 name : aes driver : aes-aesni module : aesni_intel priority : 300 refcnt : 2 selftest : passed internal : no type : cipher blocksize : 16 min keysize : 16 max keysize : 32 name : aes driver : aes-asm module : aes_x86_64 priority : 200 refcnt : 1 selftest : passed internal : no type : cipher blocksize : 16 min keysize : 16 max keysize : 32 name : pkcs1pad(rsa,sha256) driver : pkcs1pad(rsa-generic,sha256) module : kernel priority : 100 refcnt : 1 selftest : passed internal : no type : akcipher name : lzo driver : lzo-scomp module : kernel priority : 0 refcnt : 1 selftest : passed internal : no type : scomp name : lzo driver : lzo-generic module : kernel priority : 0 refcnt : 13 selftest : passed internal : no type : compression name : crct10dif driver : crct10dif-generic module : kernel priority : 100 refcnt : 2 selftest : passed internal : no type : shash blocksize : 1 digestsize : 2 name : zlib-deflate driver : zlib-deflate-scomp module : kernel priority : 0 refcnt : 1 selftest : passed internal : no type : scomp name : deflate driver : deflate-scomp module : kernel priority : 0 refcnt : 1 selftest : passed internal : no type : scomp name : deflate driver : deflate-generic module : kernel priority : 0 refcnt : 2 selftest : passed internal : no type : compression name : aes driver : aes-generic module : kernel priority : 100 refcnt : 1 selftest : passed internal : no type : cipher blocksize : 16 min keysize : 16 max keysize : 32 name : sha224 driver : sha224-generic module : kernel priority : 100 refcnt : 1 selftest : passed internal : no type : shash blocksize : 64 digestsize : 28 name : sha256 driver : sha256-generic module : kernel priority : 100 refcnt : 50 selftest : passed internal : no type : shash blocksize : 64 digestsize : 32 name : sha1 driver : sha1-generic module : kernel priority : 100 refcnt : 51 selftest : passed internal : no type : shash blocksize : 64 digestsize : 20 name : md5 driver : md5-generic module : kernel priority : 0 refcnt : 1 selftest : passed internal : no type : shash blocksize : 64 digestsize : 16 name : digest_null driver : digest_null-generic module : kernel priority : 0 refcnt : 1 selftest : passed internal : no type : shash blocksize : 1 digestsize : 0 name : compress_null driver : compress_null-generic module : kernel priority : 0 refcnt : 1 selftest : passed internal : no type : compression name : ecb(cipher_null) driver : ecb-cipher_null module : kernel priority : 100 refcnt : 1 selftest : passed internal : no type : blkcipher blocksize : 1 min keysize : 0 max keysize : 0 ivsize : 0 geniv : name : cipher_null driver : cipher_null-generic module : kernel priority : 0 refcnt : 1 selftest : passed internal : no type : cipher blocksize : 1 min keysize : 0 max keysize : 0 name : rsa driver : rsa-generic module : kernel priority : 100 refcnt : 1 selftest : passed internal : no type : akcipher name : dh driver : dh-generic module : kernel priority : 100 refcnt : 1 selftest : passed internal : no type : kpp + __________________________/proc/sys/net/core/xfrm-star /usr/local/libexec/ipsec/barf: 175: /usr/local/libexec/ipsec/barf: __________________________/proc/sys/net/core/xfrm-star: not found + echo -n /proc/sys/net/core/xfrm_acq_expires: /proc/sys/net/core/xfrm_acq_expires: + cat /proc/sys/net/core/xfrm_acq_expires 30 + echo -n /proc/sys/net/core/xfrm_aevent_etime: /proc/sys/net/core/xfrm_aevent_etime: + cat /proc/sys/net/core/xfrm_aevent_etime 10 + echo -n /proc/sys/net/core/xfrm_aevent_rseqth: /proc/sys/net/core/xfrm_aevent_rseqth: + cat /proc/sys/net/core/xfrm_aevent_rseqth 2 + echo -n /proc/sys/net/core/xfrm_larval_drop: /proc/sys/net/core/xfrm_larval_drop: + cat /proc/sys/net/core/xfrm_larval_drop 1 + _________________________ /proc/sys/net/ipsec-star + + [ -d /proc/sys/net/ipsec ] + _________________________ ipsec/status + + ipsec whack --status 000 using kernel interface: xfrm 000 000 interface lo UDP [::1]:500 000 interface lo UDP 127.0.0.1:4500 000 interface lo UDP 127.0.0.1:500 000 interface eth0 UDP 161.53.235.3:4500 000 interface eth0 UDP 161.53.235.3:500 000 interface eth1 UDP 192.168.100.1:4500 000 interface eth1 UDP 192.168.100.1:500 000 000 fips mode=disabled; 000 SElinux=disabled 000 seccomp=unsupported 000 000 config setup options: 000 000 configdir=/etc, configfile=/etc/ipsec.conf, secrets=/etc/ipsec.secrets, ipsecdir=/etc/ipsec.d 000 nssdir=/var/lib/ipsec/nss, dumpdir=/run/pluto, statsbin=unset 000 dnssec-rootkey-file=/usr/share/dns/root.key, dnssec-trusted= 000 sbindir=/usr/local/sbin, libexecdir=/usr/local/libexec/ipsec 000 pluto_version=4.5, pluto_vendorid=OE-Libreswan-4.5, audit-log=yes 000 nhelpers=-1, uniqueids=yes, dnssec-enable=yes, logappend=yes, logip=yes, shuntlifetime=900s, xfrmlifetime=30s 000 ddos-cookies-threshold=25000, ddos-max-halfopen=50000, ddos-mode=auto, ikev1-policy=accept 000 ikebuf=0, msg_errqueue=yes, crl-strict=no, crlcheckinterval=0, listen=, nflog-all=0 000 ocsp-enable=no, ocsp-strict=no, ocsp-timeout=2, ocsp-uri= 000 ocsp-trust-name= 000 ocsp-cache-size=1000, ocsp-cache-min-age=3600, ocsp-cache-max-age=86400, ocsp-method=get 000 global-redirect=no, global-redirect-to= 000 secctx-attr-type= 000 debug: base+cpu-usage+refcnt 000 000 nat-traversal=yes, keep-alive=20, nat-ikeport=4500 000 virtual-private (%priv): 000 - allowed subnets: 192.168.0.0/16, 172.16.0.0/12, 25.0.0.0/8, 100.64.0.0/10, fd00::/8, fe80::/10, 192.198.186.218/32, 000 000 Kernel algorithms supported: 000 000 algorithm ESP encrypt: name=3DES_CBC, keysizemin=192, keysizemax=192 000 algorithm ESP encrypt: name=AES_CBC, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: name=AES_CCM_12, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: name=AES_CCM_16, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: name=AES_CCM_8, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: name=AES_CTR, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: name=AES_GCM_12, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: name=AES_GCM_16, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: name=AES_GCM_8, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: name=CAMELLIA_CBC, keysizemin=128, keysizemax=256 000 algorithm ESP encrypt: name=CHACHA20_POLY1305, keysizemin=256, keysizemax=256 000 algorithm ESP encrypt: name=NULL, keysizemin=0, keysizemax=0 000 algorithm ESP encrypt: name=NULL_AUTH_AES_GMAC, keysizemin=128, keysizemax=256 000 algorithm AH/ESP auth: name=AES_CMAC_96, key-length=128 000 algorithm AH/ESP auth: name=AES_XCBC_96, key-length=128 000 algorithm AH/ESP auth: name=HMAC_MD5_96, key-length=128 000 algorithm AH/ESP auth: name=HMAC_SHA1_96, key-length=160 000 algorithm AH/ESP auth: name=HMAC_SHA2_256_128, key-length=256 000 algorithm AH/ESP auth: name=HMAC_SHA2_256_TRUNCBUG, key-length=256 000 algorithm AH/ESP auth: name=HMAC_SHA2_384_192, key-length=384 000 algorithm AH/ESP auth: name=HMAC_SHA2_512_256, key-length=512 000 algorithm AH/ESP auth: name=NONE, key-length=0 000 000 IKE algorithms supported: 000 000 algorithm IKE encrypt: v1id=5, v1name=OAKLEY_3DES_CBC, v2id=3, v2name=3DES, blocksize=8, keydeflen=192 000 algorithm IKE encrypt: v1id=8, v1name=OAKLEY_CAMELLIA_CBC, v2id=23, v2name=CAMELLIA_CBC, blocksize=16, keydeflen=128 000 algorithm IKE encrypt: v1id=-1, v1name=n/a, v2id=20, v2name=AES_GCM_C, blocksize=16, keydeflen=128 000 algorithm IKE encrypt: v1id=-1, v1name=n/a, v2id=19, v2name=AES_GCM_B, blocksize=16, keydeflen=128 000 algorithm IKE encrypt: v1id=-1, v1name=n/a, v2id=18, v2name=AES_GCM_A, blocksize=16, keydeflen=128 000 algorithm IKE encrypt: v1id=13, v1name=OAKLEY_AES_CTR, v2id=13, v2name=AES_CTR, blocksize=16, keydeflen=128 000 algorithm IKE encrypt: v1id=7, v1name=OAKLEY_AES_CBC, v2id=12, v2name=AES_CBC, blocksize=16, keydeflen=128 000 algorithm IKE encrypt: v1id=-1, v1name=n/a, v2id=28, v2name=CHACHA20_POLY1305, blocksize=16, keydeflen=256 000 algorithm IKE PRF: name=HMAC_MD5, hashlen=16 000 algorithm IKE PRF: name=HMAC_SHA1, hashlen=20 000 algorithm IKE PRF: name=HMAC_SHA2_256, hashlen=32 000 algorithm IKE PRF: name=HMAC_SHA2_384, hashlen=48 000 algorithm IKE PRF: name=HMAC_SHA2_512, hashlen=64 000 algorithm IKE PRF: name=AES_XCBC, hashlen=16 000 algorithm IKE DH Key Exchange: name=MODP1536, bits=1536 000 algorithm IKE DH Key Exchange: name=MODP2048, bits=2048 000 algorithm IKE DH Key Exchange: name=MODP3072, bits=3072 000 algorithm IKE DH Key Exchange: name=MODP4096, bits=4096 000 algorithm IKE DH Key Exchange: name=MODP6144, bits=6144 000 algorithm IKE DH Key Exchange: name=MODP8192, bits=8192 000 algorithm IKE DH Key Exchange: name=DH19, bits=512 000 algorithm IKE DH Key Exchange: name=DH20, bits=768 000 algorithm IKE DH Key Exchange: name=DH21, bits=1056 000 algorithm IKE DH Key Exchange: name=DH31, bits=256 000 000 stats db_ops: {curr_cnt, total_cnt, maxsz} :context={0,0,0} trans={0,0,0} attrs={0,0,0} 000 000 Connection list: 000 000 "L2TP-PSK-NAT": 161.53.235.3:17/1701---161.53.235.1...%any:17/%any; unrouted; eroute owner: #0 000 "L2TP-PSK-NAT": oriented; my_ip=unset; their_ip=unset; my_updown=ipsec _updown; 000 "L2TP-PSK-NAT": xauth us:none, xauth them:none, my_username=[any]; their_username=[any] 000 "L2TP-PSK-NAT": our auth:secret, their auth:secret 000 "L2TP-PSK-NAT": modecfg info: us:none, them:none, modecfg policy:push, dns:unset, domains:unset, cat:unset; 000 "L2TP-PSK-NAT": sec_label:unset; 000 "L2TP-PSK-NAT": ike_life: 28800s; ipsec_life: 3600s; replay_window: 32; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3; 000 "L2TP-PSK-NAT": retransmit-interval: 500ms; retransmit-timeout: 60s; iketcp:no; iketcp-port:4500; 000 "L2TP-PSK-NAT": initial-contact:no; cisco-unity:no; fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no; 000 "L2TP-PSK-NAT": policy: IKEv2+PSK+ENCRYPT+DONT_REKEY+IKE_FRAG_ALLOW+ESN_NO; 000 "L2TP-PSK-NAT": v2-auth-hash-policy: none; 000 "L2TP-PSK-NAT": conn_prio: 32,0; interface: eth0; metric: 0; mtu: unset; sa_prio:auto; sa_tfc:none; 000 "L2TP-PSK-NAT": nflog-group: unset; mark: unset; vti-iface:unset; vti-routing:no; vti-shared:no; nic-offload:auto; 000 "L2TP-PSK-NAT": our idtype: ID_IPV4_ADDR; our id=161.53.235.3; their idtype: %none; their id=(none) 000 "L2TP-PSK-NAT": dpd: action:clear; delay:10; timeout:30; nat-t: encaps:auto; nat_keepalive:yes; ikev1_natt:both 000 "L2TP-PSK-NAT": newest ISAKMP SA: #0; newest IPsec SA: #0; conn serial: $1; 000 "L2TP-PSK-noNAT": 161.53.235.3:17/1701---161.53.235.1...%any:17/%any; unrouted; eroute owner: #0 000 "L2TP-PSK-noNAT": oriented; my_ip=unset; their_ip=unset; my_updown=ipsec _updown; 000 "L2TP-PSK-noNAT": xauth us:none, xauth them:none, my_username=[any]; their_username=[any] 000 "L2TP-PSK-noNAT": our auth:secret, their auth:secret 000 "L2TP-PSK-noNAT": modecfg info: us:none, them:none, modecfg policy:push, dns:unset, domains:unset, cat:unset; 000 "L2TP-PSK-noNAT": sec_label:unset; 000 "L2TP-PSK-noNAT": ike_life: 28800s; ipsec_life: 3600s; replay_window: 32; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 3; 000 "L2TP-PSK-noNAT": retransmit-interval: 500ms; retransmit-timeout: 60s; iketcp:no; iketcp-port:4500; 000 "L2TP-PSK-noNAT": initial-contact:no; cisco-unity:no; fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no; 000 "L2TP-PSK-noNAT": policy: IKEv2+PSK+ENCRYPT+DONT_REKEY+IKE_FRAG_ALLOW+ESN_NO; 000 "L2TP-PSK-noNAT": v2-auth-hash-policy: none; 000 "L2TP-PSK-noNAT": conn_prio: 32,0; interface: eth0; metric: 0; mtu: unset; sa_prio:auto; sa_tfc:none; 000 "L2TP-PSK-noNAT": nflog-group: unset; mark: unset; vti-iface:unset; vti-routing:no; vti-shared:no; nic-offload:auto; 000 "L2TP-PSK-noNAT": our idtype: ID_IPV4_ADDR; our id=161.53.235.3; their idtype: %none; their id=(none) 000 "L2TP-PSK-noNAT": dpd: action:clear; delay:10; timeout:30; nat-t: encaps:auto; nat_keepalive:yes; ikev1_natt:both 000 "L2TP-PSK-noNAT": newest ISAKMP SA: #0; newest IPsec SA: #0; conn serial: $2; 000 000 Total IPsec connections: loaded 2, active 0 000 000 State Information: DDoS cookies not required, Accepting new IKE connections 000 IKE SAs: total(0), half-open(0), open(0), authenticated(0), anonymous(0) 000 IPsec SAs: total(0), authenticated(0), anonymous(0) 000 000 Bare Shunt list: 000 + _________________________ ip-addr-list + + ip addr list 1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: mtu 1500 qdisc mq state UP group default qlen 1000 link/ether f0:1f:af:f1:42:09 brd ff:ff:ff:ff:ff:ff inet 161.53.235.3/26 brd 161.53.235.63 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::f21f:afff:fef1:4209/64 scope link valid_lft forever preferred_lft forever 3: eth1: mtu 1500 qdisc mq state UP group default qlen 1000 link/ether f0:1f:af:f1:42:0a brd ff:ff:ff:ff:ff:ff inet 192.168.100.1/24 brd 192.168.100.255 scope global eth1 valid_lft forever preferred_lft forever inet6 fe80::f21f:afff:fef1:420a/64 scope link valid_lft forever preferred_lft forever 4: ip_vti0@NONE: mtu 1480 qdisc noop state DOWN group default qlen 1000 link/ipip 0.0.0.0 brd 0.0.0.0 + _________________________ ip-route-list-table-all + + ip route list table all default via 161.53.235.1 dev eth0 onlink 161.53.235.0/26 dev eth0 proto kernel scope link src 161.53.235.3 192.168.100.0/24 dev eth1 proto kernel scope link src 192.168.100.1 broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1 local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1 local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1 broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1 broadcast 161.53.235.0 dev eth0 table local proto kernel scope link src 161.53.235.3 local 161.53.235.3 dev eth0 table local proto kernel scope host src 161.53.235.3 broadcast 161.53.235.63 dev eth0 table local proto kernel scope link src 161.53.235.3 broadcast 192.168.100.0 dev eth1 table local proto kernel scope link src 192.168.100.1 local 192.168.100.1 dev eth1 table local proto kernel scope host src 192.168.100.1 broadcast 192.168.100.255 dev eth1 table local proto kernel scope link src 192.168.100.1 ::1 dev lo proto kernel metric 256 pref medium fe80::/64 dev eth0 proto kernel metric 256 pref medium fe80::/64 dev eth1 proto kernel metric 256 pref medium local ::1 dev lo table local proto kernel metric 0 pref medium local fe80::f21f:afff:fef1:4209 dev eth0 table local proto kernel metric 0 pref medium local fe80::f21f:afff:fef1:420a dev eth1 table local proto kernel metric 0 pref medium multicast ff00::/8 dev eth0 table local proto kernel metric 256 pref medium multicast ff00::/8 dev eth1 table local proto kernel metric 256 pref medium + _________________________ ip-rule-list + + ip rule list 0: from all lookup local 32766: from all lookup main 32767: from all lookup default + _________________________ ipsec_verify + + ipsec verify --nocolour Verifying installed system and configuration files Version check and ipsec on-path [OK] Libreswan 4.5 (XFRM) on 4.19.0-17-amd64 Checking for IPsec support in kernel [OK] NETKEY: Testing XFRM related proc values ICMP default/send_redirects [OK] ICMP default/accept_redirects [OK] XFRM larval drop [OK] Pluto ipsec.conf syntax [OK] Checking rp_filter [OK] Checking that pluto is running [OK] Pluto listening for IKE on udp 500 [OK] Pluto listening for IKE/NAT-T on udp 4500 [OK] Pluto ipsec.secret syntax [OK] Checking 'ip' command [OK] Checking 'iptables' command [OK] Checking 'prelink' command does not interfere with FIPS [OK] Checking for obsolete ipsec.conf options [OK] + _________________________ ipsec/directory + + ipsec --directory /usr/local/libexec/ipsec + _________________________ hostname/fqdn + + hostname --fqdn domac.alu.hr + _________________________ hostname/ipaddress + + hostname --ip-address 161.53.235.3 + _________________________ uptime + + uptime 03:33:07 up 59 days, 5:37, 9 users, load average: 0.24, 0.14, 0.10 + _________________________ ps + + ps alxwf + grep -E -i ppid|pluto|ipsec F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME COMMAND 0 0 16960 30278 20 0 6040 2256 - T pts/2 0:00 | \_ less /var/log/pluto.log 4 0 30879 30278 20 0 2388 1640 - S+ pts/2 0:00 | \_ /bin/sh /usr/local/libexec/ipsec/barf 0 0 30921 30879 20 0 3084 828 - S+ pts/2 0:00 | \_ grep -E -i ppid|pluto|ipsec 4 0 30753 1 20 0 128960 15304 do_epo Ssl ? 0:00 /usr/local/libexec/ipsec/pluto --leak-detective --config /etc/ipsec.conf --nofork + _________________________ ipsec/conf + + ipsec readwriteconf --config /etc/ipsec.conf duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT while loading 'L2TP-PSK-NAT': duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT The vnet: and vhost: keywords are only valid for IKEv1 connections while loading 'L2TP-PSK-noNAT': duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT The vnet: and vhost: keywords are only valid for IKEv1 connections The vnet: and vhost: keywords are only valid for IKEv1 connections readwriteconf: config file "/etc/ipsec.conf", ignoring: duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT The vnet: and vhost: keywords are only valid for IKEv1 connections The vnet: and vhost: keywords are only valid for IKEv1 connections config setup plutodebug="base,cpu-usage,refcnt" logfile=/var/log/pluto.log plutostderrlog=/var/log/pluto.log virtual-private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:100.64.0.0/10,%v6:fd00::/8,%v6:fe80::/10,%v4:192.198.186.218/32 virtual_private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0.0.0/8,%v4:100.64.0.0/10,%v6:fd00::/8,%v6:fe80::/10,%v4:192.198.186.218/32 conn L2TP-PSK-NAT #also = L2TP-PSK-noNAT left=%defaultroute leftnexthop=%defaultroute leftprotoport=17/1701 right=%any rightprotoport=17/%any auto=add type=transport pfs=no salifetime=3600 rekey=no keyingtries=3 ikelifetime=28800 dpddelay=10 dpdtimeout=30 dpdaction=clear authby=secret auto=add type=transport compress=no pfs=no ikepad=yes authby=secret phase2=esp ikev2=yes ppk=no esn=no conn L2TP-PSK-noNAT left=%defaultroute leftnexthop=%defaultroute leftprotoport=17/1701 right=%any rightprotoport=17/%any auto=add type=transport pfs=no salifetime=3600 rekey=no keyingtries=3 ikelifetime=28800 dpddelay=10 dpdtimeout=30 dpdaction=clear authby=secret auto=add type=transport compress=no pfs=no ikepad=yes authby=secret phase2=esp ikev2=yes ppk=no esn=no + _________________________ ipsec/secrets + + cat /etc/ipsec.secrets + ipsec _secretcensor # This file holds shared secrets (PSK) and XAUTH user passwords used for # authentication. See pluto(8) manpage or the libreswan website. # Unlike older openswan, this file does NOT contain any X.509 related # information such as private key :RSA statements as these now reside # in the NSS database. See: # # https://libreswan.org/wiki/Using_NSS_with_libreswan # https://libreswan.org/wiki/Migrating_from_Openswan # # The preferred method for adding secrets is to create a new file in # the /etc/ipsec.d/ directory, so it will be included via the include # line below include /etc/ipsec.d/*.secrets + _________________________ ipsec/listall + + ipsec whack --listall 000 000 List of Public Keys: 000 000 List of Pre-shared secrets (from /etc/ipsec.secrets) 000 000 1: PSK %any 000 000 List of X.509 End Certificates: 000 000 End certificate "vpn.alu.hr" - SN: 0x00ba2cd81d 000 subject: CN=vpn.alu.hr, O=Akademija likovnih umjetnosti Sveu\C4\8Dili\C5\A1ta u Zagrebu 000 issuer: CN=ALU-UNIZG CA, O=Akademija likovnih umjetnosti Sveu\C4\8Dili\C5\A1ta u Zagrebu 000 not before: Mon Nov 22 20:49:33 2021 000 not after: Tue Nov 22 20:49:33 2022 000 4096 bit RSA: has private key 000 000 List of X.509 CA Certificates: 000 000 Root CA certificate "ALU-UNIZG CA" - SN: 0x00ba2cd690 000 subject: CN=ALU-UNIZG CA, O=Akademija likovnih umjetnosti Sveu\C4\8Dili\C5\A1ta u Zagrebu 000 issuer: CN=ALU-UNIZG CA, O=Akademija likovnih umjetnosti Sveu\C4\8Dili\C5\A1ta u Zagrebu 000 not before: Mon Nov 22 20:45:51 2021 000 not after: Tue Nov 22 20:45:51 2022 000 4096 bit RSA 000 000 List of CRLs: 000 + _________________________ nss/contents + + certutil -L -d sql:/var/lib/ipsec/nss Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI vpn.alu.hr u,u,u ALU-UNIZG CA CT,, + _________________________ nss/crls + + crlutil -L -d sql:/var/lib/ipsec/nss CRL names CRL Type + [ -n /etc/ipsec.d/policies ] + basename /etc/ipsec.d/policies/block + base=block + _________________________ ipsec/policies/block + + cat /etc/ipsec.d/policies/block # This file defines the set of network destinations for which # communication should never be allowed. # # One IPv4 or IPv6 CIDR per line, optionally specifying a further # narrowing of protocol, source port and destination port # # examples: # 10.0.1.0/24 # 2a03:6000:1004:1::/64 # # block some outgoing ssh to range # 10.0.1.0/24 tcp 0 22 # block all incoming ssh # 0.0.0.0/0 tcp 22 0 + basename /etc/ipsec.d/policies/clear + base=clear + _________________________ ipsec/policies/clear + + cat /etc/ipsec.d/policies/clear # This file defines the set of network destinations for which # communication should always be in the clear. # # One IPv4 or IPv6 CIDR per line, optionally specifying a further # narrowing of protocol, source port and destination port # # examples: # 10.0.1.0/24 # 2a03:6000:1004:1::/64 # # dont IPsec encrypt ssh to a range # 10.0.1.0/24 tcp 0 22 # don't IPsec encrypt any incoming ssh # 0.0.0.0/0 tcp 22 0 + basename /etc/ipsec.d/policies/clear-or-private + base=clear-or-private + _________________________ ipsec/policies/clear-or-private + + cat /etc/ipsec.d/policies/clear-or-private # This file defines the set of CIDRs (network/mask-length) to which # we will communicate in the clear, or, if the other side initiates IPSEC, # using encryption. This behaviour is also called "Opportunistic Responder". # One IPv4 or IPv6 CIDR per line. # This file defines the set of network destinations for which # communications will be in the clear, or if the other side initiates IPsec # to use, will be encrypted on their request. This behaviour is also called # "Opportunistic Responder". # # One IPv4 or IPv6 CIDR per line, optionally specifying a further # narrowing of protocol, source port and destination port # # examples: # encrypt all traffic to an IPv4 or IPv6 host or subnet if they request it # 10.0.1.0/24 # 10.1.1.1/32 # 2a03:6000:1004:1::/64 # # encrypt all smtp traffic to some host if they want to # 10.0.1.0/24 tcp 0 25 # encrypt all incoming smtp traffic from some host if they request it # 0.0.0.0/0 tcp 25 0 + basename /etc/ipsec.d/policies/portexcludes.conf + base=portexcludes.conf + _________________________ ipsec/policies/portexcludes.conf + + cat /etc/ipsec.d/policies/portexcludes.conf # Direction Proto Source Dest Prio # # Exclude ssh incoming and outgoing from IPsec encryption for ipv4 and ipv6 #both tcp any 22 1023 # # Exclude outgoing HTTPS from IPsec encryption for ipv4 and ipv6 #out tcp any 443 1023 # # Exclude incoming SMTP for ipv4 for ipv4 #in tcp any4 25 1023 # Exclude incoming SMTP for ipv4 from 10.0.0.0/8 only #in tcp 10.0.0.0/8 25 1023 # # All udp port 666 should go in the clear within 10/8 #both udp 10.0.0.0/8 10.0.0.0/8@666 1023 + basename /etc/ipsec.d/policies/private + base=private + _________________________ ipsec/policies/private + + cat /etc/ipsec.d/policies/private # This file defines the set of CIDRs (network/mask-length) to which # we MUST communicate in the clear. Otherwise traffic is blocked. This # is enforced (and can be tweaked) by setting the negotiationshunt= and # failureshunt= to drop. # # One IPv4 or IPv6 CIDR per line, optionally specifying a further # narrowing of protocol, source port and destination port # # examples: # encrypt all traffic to an IPv4 or IPv6 host or subnet # 10.0.1.0/24 # 10.1.1.1/32 # 2a03:6000:1004:1::/64 # # encrypt all smtp traffic to some host # 10.0.1.0/24 tcp 0 25 # encrypt all incoming smtp traffic # 0.0.0.0/0 tcp 25 0 + basename /etc/ipsec.d/policies/private-or-clear + base=private-or-clear + _________________________ ipsec/policies/private-or-clear + + cat /etc/ipsec.d/policies/private-or-clear # This file defines the set of CIDRs (network/mask-length) to which # communication should be encrypted when possible, but will fallback # to in the clear otherwise. # # This is enforced (and can be tweaked) by setting the failureshunt= # to passthrough. # # One IPv4 or IPv6 CIDR per line, optionally specifying a further # narrowing of protocol, source port and destination port # # examples: # prefer to encrypt all traffic to an IPv4 or IPv6 host or subnet # 10.0.1.0/24 # 10.1.1.1/32 # 2a03:6000:1004:1::/64 # # prefer to encrypt all smtp traffic to some host # 10.0.1.0/24 tcp 0 25 # prefer encrypt all incoming smtp traffic # 0.0.0.0/0 tcp 25 0 # # Ideally, enable this for every host on the internet # 0.0.0.0/0 + _________________________ ipsec/ls-execdir + + ls -l /usr/local/libexec/ipsec total 24596 -rwxr-xr-x 1 root staff 329608 Nov 22 22:41 _import_crl -rwxr-xr-x 1 root staff 3057 Nov 22 22:41 _plutorun -rwxr-xr-x 1 root staff 1917 Nov 22 22:41 _secretcensor -rwxr-xr-x 1 root staff 7022 Nov 22 22:41 _stackmanager -rwxr-xr-x 1 root staff 2127 Nov 22 22:41 _unbound-hook -rwxr-xr-x 1 root staff 3894 Nov 22 22:41 _updown -rwxr-xr-x 1 root staff 26858 Nov 22 22:41 _updown.xfrm -rwxr-xr-x 1 root staff 1302496 Nov 22 22:41 addconn -rwxr-xr-x 1 root staff 1818920 Nov 22 22:41 algparse -rwxr-xr-x 1 root staff 6038 Nov 22 22:41 auto -rwxr-xr-x 1 root staff 10687 Nov 22 22:41 barf -rwxr-xr-x 1 root staff 1670712 Nov 22 22:41 cavp -rwxr-xr-x 1 root staff 499704 Nov 22 22:41 dncheck -rwxr-xr-x 1 root staff 368072 Nov 22 22:41 ecdsasigkey -rwxr-xr-x 1 root staff 416040 Nov 22 22:41 enumcheck -rwxr-xr-x 1 root staff 464696 Nov 22 22:41 hunkcheck -rwxr-xr-x 1 root staff 1652224 Nov 22 22:41 ipcheck -rwxr-xr-x 1 root staff 208264 Nov 22 22:41 jambufcheck -rwxr-xr-x 1 root staff 191232 Nov 22 22:41 keyidcheck -rwxr-xr-x 1 root staff 11132 Nov 22 22:41 letsencrypt -rwxr-xr-x 1 root staff 3594 Nov 22 22:41 look -rwxr-xr-x 1 root staff 2907 Nov 22 22:41 newhostkey -rwxr-xr-x 1 root staff 11246952 Nov 22 22:41 pluto -rwxr-xr-x 1 root staff 1112592 Nov 22 22:41 readwriteconf -rwxr-xr-x 1 root staff 362464 Nov 22 22:41 rsasigkey -rwxr-xr-x 1 root staff 6552 Nov 22 22:41 setup -rwxr-xr-x 1 root staff 3563 Nov 22 22:41 show -rwxr-xr-x 1 root staff 1990096 Nov 22 22:41 showhostkey -rwxr-xr-x 1 root staff 478440 Nov 22 22:41 timecheck -rwxr-xr-x 1 root staff 9815 Nov 22 22:41 verify -rwxr-xr-x 1 root staff 930832 Nov 22 22:41 whack + _________________________ /proc/net/dev + + cat /proc/net/dev Inter-| Receive | Transmit face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed eth0: 973680324269 981742348 0 0 30 0 0 806022 631820175131 789537935 0 0 0 0 0 0 ip_vti0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 lo: 36140784265 35599326 0 0 0 0 0 0 36140784265 35599326 0 0 0 0 0 0 eth1: 183768358783 362046946 0 0 0 0 0 804777 702594418001 595943707 0 0 0 0 0 0 + _________________________ /proc/net/route + + cat /proc/net/route Iface Destination Gateway Flags RefCnt Use Metric Mask MTU Window IRTT eth0 00000000 01EB35A1 0003 0 0 0 00000000 0 0 0 eth0 00EB35A1 00000000 0001 0 0 0 C0FFFFFF 0 0 0 eth1 0064A8C0 00000000 0001 0 0 0 00FFFFFF 0 0 0 + _________________________ /proc/sys/net/ipv4/ip_no_pmtu_disc + + cat /proc/sys/net/ipv4/ip_no_pmtu_disc 0 + _________________________ /proc/sys/net/ipv4/ip_forward + + cat /proc/sys/net/ipv4/ip_forward 1 + _________________________ /proc/sys/net/ipv4/tcp_ecn + + cat /proc/sys/net/ipv4/tcp_ecn 2 + _________________________ /proc/sys/net/ipv4/conf/star-rp_filter + + cd /proc/sys/net/ipv4/conf + grep -E ^ all/rp_filter default/rp_filter eth0/rp_filter eth1/rp_filter ip_vti0/rp_filter lo/rp_filter all/rp_filter:0 default/rp_filter:0 eth0/rp_filter:0 eth1/rp_filter:0 ip_vti0/rp_filter:0 lo/rp_filter:0 + _________________________ /proc/sys/net/ipv4/conf/star-star-redirects + + cd /proc/sys/net/ipv4/conf + grep -E ^ all/accept_redirects all/secure_redirects all/send_redirects default/accept_redirects default/secure_redirects default/send_redirects eth0/accept_redirects eth0/secure_redirects eth0/send_redirects eth1/accept_redirects eth1/secure_redirects eth1/send_redirects ip_vti0/accept_redirects ip_vti0/secure_redirects ip_vti0/send_redirects lo/accept_redirects lo/secure_redirects lo/send_redirects all/accept_redirects:0 all/secure_redirects:1 all/send_redirects:0 default/accept_redirects:0 default/secure_redirects:1 default/send_redirects:0 eth0/accept_redirects:1 eth0/secure_redirects:1 eth0/send_redirects:1 eth1/accept_redirects:1 eth1/secure_redirects:1 eth1/send_redirects:1 ip_vti0/accept_redirects:0 ip_vti0/secure_redirects:1 ip_vti0/send_redirects:0 lo/accept_redirects:1 lo/secure_redirects:1 lo/send_redirects:1 + _________________________ /proc/sys/net/ipv4/tcp_window_scaling + + cat /proc/sys/net/ipv4/tcp_window_scaling 1 + _________________________ /proc/sys/net/ipv4/tcp_adv_win_scale + + cat /proc/sys/net/ipv4/tcp_adv_win_scale 1 + _________________________ uname-a + + uname -a Linux domac 4.19.0-17-amd64 #1 SMP Debian 4.19.194-3 (2021-07-18) x86_64 GNU/Linux + _________________________ config-built-with + + [ -r /proc/config_built_with ] + _________________________ distro-release + + [ -f /etc/redhat-release ] + [ -f /etc/debian-release ] + [ -f /etc/SuSE-release ] + [ -f /etc/mandrake-release ] + [ -f /etc/mandriva-release ] + [ -f /etc/gentoo-release ] + _________________________ iptables + + [ -e /proc/net/ip_tables_names ] + [ -r /sbin/iptables-save -o -r /usr/sbin/iptables-save ] + iptables-save --modprobe=/dev/null # Generated by xtables-save v1.8.2 on Tue Nov 23 03:33:07 2021 *filter :INPUT ACCEPT [481291790:380478568031] :FORWARD ACCEPT [36657084:40745976519] :OUTPUT ACCEPT [370804091:552109032522] :f2b-sshd - [0:0] -A INPUT -p tcp -m multiport --dports 22 -j f2b-sshd -A INPUT -s 80.211.18.201/32 -j REJECT --reject-with icmp-port-unreachable -A INPUT -s 143.244.147.201/32 -j REJECT --reject-with icmp-port-unreachable -A INPUT -p udp -m multiport --dports 500,1701,4500 -j ACCEPT -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i eth1 -o eth0 -j ACCEPT -A f2b-sshd -j RETURN COMMIT # Completed on Tue Nov 23 03:33:07 2021 # Generated by xtables-save v1.8.2 on Tue Nov 23 03:33:07 2021 *nat :PREROUTING ACCEPT [17438789:2044848393] :INPUT ACCEPT [10259847:761409889] :POSTROUTING ACCEPT [2555989:174975940] :OUTPUT ACCEPT [9792963:829780784] -A POSTROUTING -o eth0 -j SNAT --to-source 161.53.235.3 COMMIT # Completed on Tue Nov 23 03:33:07 2021 + _________________________ ip6tables + + [ -e ip6_tables_names ] + _________________________ /proc/modules + + [ -f /proc/modules ] + cat /proc/modules xfrm_interface 20480 0 - Live 0xffffffffc132c000 ppp_deflate 16384 0 - Live 0xffffffffc1315000 bsd_comp 16384 0 - Live 0xffffffffc1310000 ppp_async 20480 0 - Live 0xffffffffc1306000 crc_ccitt 16384 1 ppp_async, Live 0xffffffffc1301000 udp_diag 16384 0 - Live 0xffffffffc12fc000 inet_diag 20480 1 udp_diag, Live 0xffffffffc12f2000 ipt_MASQUERADE 16384 0 - Live 0xffffffffc12ed000 xt_tcpudp 16384 0 - Live 0xffffffffc12e8000 authenc 16384 0 - Live 0xffffffffc12e3000 echainiv 16384 0 - Live 0xffffffffc12d2000 ip_vti 16384 0 - Live 0xffffffffc12de000 ip_tunnel 24576 1 ip_vti, Live 0xffffffffc12d7000 af_key 45056 0 - Live 0xffffffffc12c6000 ah6 20480 0 - Live 0xffffffffc12c0000 ah4 20480 0 - Live 0xffffffffc12ba000 esp6 20480 0 - Live 0xffffffffc12b0000 esp4 20480 0 - Live 0xffffffffc12a6000 xfrm4_mode_beet 16384 0 - Live 0xffffffffc12a1000 xfrm4_tunnel 16384 0 - Live 0xffffffffc129c000 tunnel4 16384 2 ip_vti,xfrm4_tunnel, Live 0xffffffffc1297000 xfrm4_mode_tunnel 16384 0 - Live 0xffffffffc1292000 xfrm4_mode_transport 16384 0 - Live 0xffffffffc128d000 xfrm6_mode_transport 16384 0 - Live 0xffffffffc1288000 xfrm6_mode_ro 16384 0 - Live 0xffffffffc1283000 xfrm6_mode_beet 16384 0 - Live 0xffffffffc127e000 xfrm6_mode_tunnel 16384 0 - Live 0xffffffffc1279000 ipcomp 16384 0 - Live 0xffffffffc1274000 ipcomp6 16384 0 - Live 0xffffffffc126f000 xfrm6_tunnel 16384 1 ipcomp6, Live 0xffffffffc126a000 tunnel6 16384 1 xfrm6_tunnel, Live 0xffffffffc1259000 xfrm_ipcomp 16384 2 ipcomp,ipcomp6, Live 0xffffffffc1254000 sha1_ssse3 32768 0 - Live 0xffffffffc1261000 poly1305_x86_64 16384 0 - Live 0xffffffffc124f000 poly1305_generic 16384 1 poly1305_x86_64, Live 0xffffffffc124a000 morus640_sse2 16384 0 - Live 0xffffffffc1245000 morus640_glue 16384 1 morus640_sse2, Live 0xffffffffc123b000 morus1280_sse2 16384 0 - Live 0xffffffffc1240000 morus1280_glue 16384 1 morus1280_sse2, Live 0xffffffffc1236000 des3_ede_x86_64 40960 0 - Live 0xffffffffc122b000 chacha20_x86_64 20480 0 - Live 0xffffffffc121e000 chacha20_generic 16384 1 chacha20_x86_64, Live 0xffffffffc1226000 aegis256_aesni 20480 0 - Live 0xffffffffc1218000 aegis128l_aesni 24576 0 - Live 0xffffffffc1211000 aegis128_aesni 20480 0 - Live 0xffffffffc120b000 chacha20poly1305 20480 0 - Live 0xffffffffc11fc000 cmac 16384 0 - Live 0xffffffffc11f7000 camellia_generic 28672 0 - Live 0xffffffffc1203000 camellia_aesni_avx_x86_64 28672 0 - Live 0xffffffffc11ef000 camellia_x86_64 53248 1 camellia_aesni_avx_x86_64, Live 0xffffffffc11dd000 cast6_avx_x86_64 69632 0 - Live 0xffffffffc11cb000 cast6_generic 24576 1 cast6_avx_x86_64, Live 0xffffffffc11c4000 cast5_avx_x86_64 49152 0 - Live 0xffffffffc11b7000 cast5_generic 24576 1 cast5_avx_x86_64, Live 0xffffffffc11b0000 cast_common 16384 4 cast6_avx_x86_64,cast6_generic,cast5_avx_x86_64,cast5_generic, Live 0xffffffffc11ab000 cts 16384 0 - Live 0xffffffffc11a6000 ctr 16384 0 - Live 0xffffffffc1196000 gcm 24576 0 - Live 0xffffffffc118b000 ccm 20480 0 - Live 0xffffffffc119c000 serpent_avx_x86_64 49152 0 - Live 0xffffffffc117e000 serpent_sse2_x86_64 53248 0 - Live 0xffffffffc1170000 serpent_generic 32768 2 serpent_avx_x86_64,serpent_sse2_x86_64, Live 0xffffffffc1167000 blowfish_generic 16384 0 - Live 0xffffffffc1162000 blowfish_x86_64 24576 0 - Live 0xffffffffc115b000 blowfish_common 20480 2 blowfish_generic,blowfish_x86_64, Live 0xffffffffc1155000 twofish_generic 20480 0 - Live 0xffffffffc114f000 twofish_avx_x86_64 53248 0 - Live 0xffffffffc1141000 twofish_x86_64_3way 28672 1 twofish_avx_x86_64, Live 0xffffffffc1139000 twofish_x86_64 16384 2 twofish_avx_x86_64,twofish_x86_64_3way, Live 0xffffffffc1134000 twofish_common 24576 4 twofish_generic,twofish_avx_x86_64,twofish_x86_64_3way,twofish_x86_64, Live 0xffffffffc112d000 xcbc 16384 0 - Live 0xffffffffc0b1e000 cbc 16384 0 - Live 0xffffffffc0a9b000 sha256_ssse3 32768 0 - Live 0xffffffffc1124000 sha512_ssse3 45056 0 - Live 0xffffffffc1118000 sha512_generic 16384 1 sha512_ssse3, Live 0xffffffffc0a56000 des_generic 24576 1 des3_ede_x86_64, Live 0xffffffffc0da7000 xfrm_user 40960 2 - Live 0xffffffffc0bc5000 xfrm_algo 16384 7 af_key,ah6,ah4,esp6,esp4,xfrm_ipcomp,xfrm_user, Live 0xffffffffc0a14000 l2tp_ppp 28672 0 - Live 0xffffffffc0baf000 l2tp_netlink 24576 1 l2tp_ppp, Live 0xffffffffc0ba8000 l2tp_core 32768 2 l2tp_ppp,l2tp_netlink, Live 0xffffffffc0a0b000 ip6_udp_tunnel 16384 1 l2tp_core, Live 0xffffffffc08ff000 udp_tunnel 16384 1 l2tp_core, Live 0xffffffffc09d1000 pppox 16384 1 l2tp_ppp, Live 0xffffffffc0995000 ppp_generic 45056 5 ppp_deflate,bsd_comp,ppp_async,l2tp_ppp,pppox, Live 0xffffffffc09ff000 slhc 20480 1 ppp_generic, Live 0xffffffffc0834000 kcare 28672 1 - Live 0xffffffffc093f000 (OE) fuse 122880 1 - Live 0xffffffffc0b81000 btrfs 1409024 0 - Live 0xffffffffc0fbf000 zstd_compress 172032 1 btrfs, Live 0xffffffffc0d7c000 zstd_decompress 81920 1 btrfs, Live 0xffffffffc09e1000 xxhash 16384 2 zstd_compress,zstd_decompress, Live 0xffffffffc08bc000 xor 24576 1 btrfs, Live 0xffffffffc0841000 raid6_pq 122880 1 btrfs, Live 0xffffffffc0aec000 ufs 86016 0 - Live 0xffffffffc099c000 qnx4 16384 0 - Live 0xffffffffc083c000 hfsplus 118784 0 - Live 0xffffffffc0977000 hfs 69632 0 - Live 0xffffffffc0965000 minix 40960 0 - Live 0xffffffffc0934000 vfat 20480 0 - Live 0xffffffffc08ab000 msdos 20480 0 - Live 0xffffffffc0861000 fat 86016 2 vfat,msdos, Live 0xffffffffc09bb000 jfs 208896 0 - Live 0xffffffffc0a22000 xfs 1462272 0 - Live 0xffffffffc0e59000 dm_mod 155648 0 - Live 0xffffffffc090d000 ipt_REJECT 16384 2 - Live 0xffffffffc082f000 nf_reject_ipv4 16384 1 ipt_REJECT, Live 0xffffffffc082a000 xt_multiport 16384 2 - Live 0xffffffffc0819000 dummy 16384 0 - Live 0xffffffffc085c000 nfnetlink_queue 24576 0 - Live 0xffffffffc0851000 nfnetlink_log 20480 0 - Live 0xffffffffc079a000 bluetooth 647168 0 - Live 0xffffffffc0dba000 drbg 28672 1 - Live 0xffffffffc0811000 ansi_cprng 16384 0 - Live 0xffffffffc05d5000 ecdh_generic 24576 1 bluetooth, Live 0xffffffffc080a000 rfkill 28672 2 bluetooth, Live 0xffffffffc0779000 binfmt_misc 20480 1 - Live 0xffffffffc05c5000 nft_chain_nat_ipv4 16384 4 - Live 0xffffffffc0a1d000 nf_nat_ipv4 16384 2 ipt_MASQUERADE,nft_chain_nat_ipv4, Live 0xffffffffc09dc000 xt_nat 16384 1 - Live 0xffffffffc09d7000 nf_nat 36864 2 nf_nat_ipv4,xt_nat, Live 0xffffffffc05cb000 nft_counter 16384 8 - Live 0xffffffffc09b6000 xt_state 16384 0 - Live 0xffffffffc05af000 xt_conntrack 16384 1 - Live 0xffffffffc0417000 nf_conntrack 172032 6 ipt_MASQUERADE,nf_nat_ipv4,xt_nat,nf_nat,xt_state,xt_conntrack, Live 0xffffffffc0d51000 nf_defrag_ipv6 20480 1 nf_conntrack, Live 0xffffffffc095f000 nf_defrag_ipv4 16384 1 nf_conntrack, Live 0xffffffffc094d000 libcrc32c 16384 4 btrfs,xfs,nf_nat,nf_conntrack, Live 0xffffffffc0948000 nft_compat 20480 6 - Live 0xffffffffc0955000 nf_tables 143360 28 nft_chain_nat_ipv4,nft_counter,nft_compat, Live 0xffffffffc0d2d000 nfnetlink 16384 4 nfnetlink_queue,nfnetlink_log,nft_compat,nf_tables, Live 0xffffffffc084c000 intel_rapl 24576 0 - Live 0xffffffffc05be000 ipmi_ssif 32768 0 - Live 0xffffffffc0db1000 sb_edac 24576 0 - Live 0xffffffffc0d26000 x86_pkg_temp_thermal 16384 0 - Live 0xffffffffc08b7000 intel_powerclamp 16384 0 - Live 0xffffffffc05b9000 coretemp 16384 0 - Live 0xffffffffc08b2000 kvm_intel 233472 0 - Live 0xffffffffc1758000 kvm 757760 1 kvm_intel, Live 0xffffffffc0c6c000 mgag200 53248 1 - Live 0xffffffffc0bb7000 irqbypass 16384 1 kvm, Live 0xffffffffc0825000 ttm 126976 1 mgag200, Live 0xffffffffc0b61000 drm_kms_helper 208896 1 mgag200, Live 0xffffffffc0b2d000 crct10dif_pclmul 16384 0 - Live 0xffffffffc0abf000 crc32_pclmul 16384 0 - Live 0xffffffffc0a78000 ghash_clmulni_intel 16384 0 - Live 0xffffffffc0820000 drm 495616 4 mgag200,ttm,drm_kms_helper, Live 0xffffffffc0bf2000 intel_cstate 16384 0 - Live 0xffffffffc0a61000 joydev 24576 0 - Live 0xffffffffc09f8000 intel_uncore 135168 0 - Live 0xffffffffc0bd0000 evdev 28672 4 - Live 0xffffffffc0ba0000 intel_rapl_perf 16384 0 - Live 0xffffffffc0b28000 iTCO_wdt 16384 0 - Live 0xffffffffc0b23000 dcdbas 16384 0 - Live 0xffffffffc0b19000 mei_me 45056 0 - Live 0xffffffffc0b0d000 ipmi_si 65536 0 - Live 0xffffffffc0adb000 pcc_cpufreq 16384 0 - Live 0xffffffffc0ad2000 iTCO_vendor_support 16384 1 iTCO_wdt, Live 0xffffffffc0a82000 pcspkr 16384 0 - Live 0xffffffffc0a7d000 sg 36864 0 - Live 0xffffffffc0ac8000 mei 118784 1 mei_me, Live 0xffffffffc0aa1000 ipmi_devintf 20480 0 - Live 0xffffffffc058f000 ipmi_msghandler 65536 3 ipmi_ssif,ipmi_si,ipmi_devintf, Live 0xffffffffc0a8a000 wmi 28672 0 - Live 0xffffffffc0a70000 button 20480 0 - Live 0xffffffffc0a66000 acpi_power_meter 20480 0 - Live 0xffffffffc0a5b000 nfsd 425984 13 - Live 0xffffffffc07a1000 auth_rpcgss 73728 1 nfsd, Live 0xffffffffc0787000 nfs_acl 16384 1 nfsd, Live 0xffffffffc0782000 lockd 118784 1 nfsd, Live 0xffffffffc05db000 grace 16384 2 nfsd,lockd, Live 0xffffffffc05fd000 loop 36864 0 - Live 0xffffffffc061d000 sunrpc 425984 18 nfsd,auth_rpcgss,nfs_acl,lockd, Live 0xffffffffc0710000 parport_pc 32768 0 - Live 0xffffffffc05a3000 ppdev 20480 0 - Live 0xffffffffc0589000 lp 20480 0 - Live 0xffffffffc04e2000 parport 57344 3 parport_pc,ppdev,lp, Live 0xffffffffc0576000 ip_tables 28672 0 - Live 0xffffffffc056e000 x_tables 45056 9 ipt_MASQUERADE,xt_tcpudp,ipt_REJECT,xt_multiport,xt_nat,xt_state,xt_conntrack,nft_compat,ip_tables, Live 0xffffffffc0477000 autofs4 49152 2 - Live 0xffffffffc0596000 ext4 745472 11 - Live 0xffffffffc0659000 crc16 16384 2 bluetooth,ext4, Live 0xffffffffc0569000 mbcache 16384 1 ext4, Live 0xffffffffc04dd000 jbd2 122880 1 ext4, Live 0xffffffffc054a000 crc32c_generic 16384 0 - Live 0xffffffffc0433000 fscrypto 32768 1 ext4, Live 0xffffffffc042a000 ecb 16384 0 - Live 0xffffffffc03d3000 hid_generic 16384 0 - Live 0xffffffffc03f0000 usbhid 57344 0 - Live 0xffffffffc04ce000 hid 139264 2 hid_generic,usbhid, Live 0xffffffffc0527000 sr_mod 28672 0 - Live 0xffffffffc041d000 cdrom 65536 1 sr_mod, Live 0xffffffffc0406000 sd_mod 61440 13 - Live 0xffffffffc03e0000 crc32c_intel 24576 12 - Live 0xffffffffc0906000 ahci 40960 0 - Live 0xffffffffc08f4000 libahci 40960 1 ahci, Live 0xffffffffc08e9000 megaraid_sas 159744 12 - Live 0xffffffffc08c1000 libata 270336 2 ahci,libahci, Live 0xffffffffc0868000 ehci_pci 16384 0 - Live 0xffffffffc05b4000 ehci_hcd 94208 1 ehci_pci, Live 0xffffffffc0605000 aesni_intel 200704 1 - Live 0xffffffffc0627000 scsi_mod 249856 5 sg,sr_mod,sd_mod,megaraid_sas,libata, Live 0xffffffffc04e9000 aes_x86_64 20480 1 aesni_intel, Live 0xffffffffc03f5000 usbcore 299008 3 usbhid,ehci_pci,ehci_hcd, Live 0xffffffffc0484000 igb 245760 0 - Live 0xffffffffc043a000 crypto_simd 16384 7 camellia_aesni_avx_x86_64,cast6_avx_x86_64,cast5_avx_x86_64,serpent_avx_x86_64,serpent_sse2_x86_64,twofish_avx_x86_64,aesni_intel, Live 0xffffffffc0425000 cryptd 28672 8 morus640_glue,morus1280_glue,aegis256_aesni,aegis128l_aesni,aegis128_aesni,ghash_clmulni_intel,aesni_intel,crypto_simd, Live 0xffffffffc03fe000 glue_helper 16384 8 camellia_aesni_avx_x86_64,camellia_x86_64,cast6_avx_x86_64,serpent_avx_x86_64,serpent_sse2_x86_64,twofish_avx_x86_64,twofish_x86_64_3way,aesni_intel, Live 0xffffffffc03db000 lpc_ich 28672 0 - Live 0xffffffffc03be000 mfd_core 16384 1 lpc_ich, Live 0xffffffffc03ce000 i2c_algo_bit 16384 2 mgag200,igb, Live 0xffffffffc03c7000 dca 16384 1 igb, Live 0xffffffffc03b5000 usb_common 16384 1 usbcore, Live 0xffffffffc03ad000 + _________________________ usr/src/linux/.config + + [ -f /proc/config.gz ] + uname -r + [ -f /lib/modules/4.19.0-17-amd64/build/.config ] + echo no .config file found, cannot list kernel properties no .config file found, cannot list kernel properties + [ -f /etc/syslog.conf ] + [ -f /etc/syslog-ng/syslog-ng.conf ] + [ -f /etc/rsyslog.conf ] + _________________________ etc/rsyslog.conf + + cat /etc/rsyslog.conf # /etc/rsyslog.conf Configuration file for rsyslog. # # For more information see # /usr/share/doc/rsyslog-doc/html/rsyslog_conf.html ################# #### MODULES #### ################# module(load="imuxsock") # provides support for local system logging module(load="imklog") # provides kernel logging support #module(load="immark") # provides --MARK-- message capability # provides UDP syslog reception #module(load="imudp") #input(type="imudp" port="514") # provides TCP syslog reception #module(load="imtcp") #input(type="imtcp" port="514") ########################### #### GLOBAL DIRECTIVES #### ########################### # # Use traditional timestamp format. # To enable high precision timestamps, comment out the following line. # $ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat # # Set the default permissions for all log files. # $FileOwner root $FileGroup adm $FileCreateMode 0640 $DirCreateMode 0755 $Umask 0022 # # Where to place spool and state files # $WorkDirectory /var/spool/rsyslog # # Include all config files in /etc/rsyslog.d/ # $IncludeConfig /etc/rsyslog.d/*.conf ############### #### RULES #### ############### # # First some standard log files. Log by facility. # auth,authpriv.* /var/log/auth.log *.*;auth,authpriv.none -/var/log/syslog #cron.* /var/log/cron.log daemon.* -/var/log/daemon.log kern.* -/var/log/kern.log lpr.* -/var/log/lpr.log mail.* -/var/log/mail/mail.log user.* -/var/log/user.log # # Logging for the mail system. Split it up so that # it is easy to write scripts to parse these files. # mail.info -/var/log/mail/mail.info mail.warn -/var/log/mail/mail.warn mail.err /var/log/mail/mail.err # # Some "catch-all" log files. # *.=debug;\ auth,authpriv.none;\ news.none;mail.none -/var/log/debug *.=info;*.=notice;*.=warn;\ auth,authpriv.none;\ cron,daemon.none;\ mail,news.none -/var/log/messages # # Emergencies are sent to everybody logged in. # *.emerg :omusrmsg:* + _________________________ etc/resolv.conf + + cat /etc/resolv.conf domain alu.hr search alu.hr nameserver 161.53.235.3 nameserver 161.53.2.69 nameserver 161.53.2.70 + _________________________ lib/modules-ls + + ls -ltr /lib/modules total 8 drwxr-xr-x 3 root root 4096 Oct 11 11:41 4.19.0-18-amd64 drwxr-xr-x 3 root root 4096 Nov 12 09:16 4.19.0-17-amd64 + _________________________ fipscheck + + cat /proc/sys/crypto/fips_enabled 0 + _________________________ /proc/ksyms-netif_rx + + [ -r /proc/ksyms ] + [ -r /proc/kallsyms ] + grep -E netif_rx /proc/kallsyms ffffffffa21bd590 t netif_rx_internal ffffffffa21bd6b0 T netif_rx ffffffffa21bd710 T netif_rx_ni ffffffffa2af7df0 r __tpstrtab_netif_rx_ni_entry ffffffffa2af7e08 r __tpstrtab_netif_rx_entry ffffffffa2af7e98 r __tpstrtab_netif_rx ffffffffa2b001b8 r __ksymtab_netif_rx ffffffffa2b001c0 r __ksymtab_netif_rx_ni ffffffffa2b36741 r __kstrtab_netif_rx_ni ffffffffa2b3674d r __kstrtab_netif_rx ffffffffa2ce49e0 d event_netif_rx_ni_entry ffffffffa2ce4a80 d event_netif_rx_entry ffffffffa2ce4da0 d event_netif_rx ffffffffa2d01f40 D __tracepoint_netif_rx_ni_entry ffffffffa2d01f80 D __tracepoint_netif_rx_entry ffffffffa2d020c0 D __tracepoint_netif_rx ffffffffa2d2a800 d __bpf_trace_tp_map_netif_rx_ni_entry ffffffffa2d2a820 d __bpf_trace_tp_map_netif_rx_entry ffffffffa2d2a8c0 d __bpf_trace_tp_map_netif_rx ffffffffa31994a0 t __event_netif_rx_ni_entry ffffffffa31994a8 t __event_netif_rx_entry ffffffffa31994d0 t __event_netif_rx + _________________________ kern.debug + + [ -f /var/log/kern.debug ] + _________________________ klog + + dmesg + grep -E -i xfrm|ipsec|esp [4941329.175216] Initializing XFRM netlink socket [4941330.348461] IPv4 over IPsec tunneling driver [5100762.916350] IPsec XFRM device driver + _________________________ plog + + [ -x /usr/bin/journalctl -o -x /bin/journalctl ] + journalctl -u ipsec.service --no-pager --since 24 hours ago + cat -- Logs begin at Sun 2021-11-21 22:36:42 CET, end at Tue 2021-11-23 03:33:07 CET. -- Nov 22 07:33:28 domac pluto[17409]: "L2TP-PSK-NAT"[10] 193.198.186.218 #10: responding to Main Mode from unknown peer 193.198.186.218 on port 500 Nov 22 07:33:28 domac pluto[17409]: "L2TP-PSK-NAT"[10] 193.198.186.218 #10: WARNING: connection L2TP-PSK-NAT PSK length of 9 bytes is too short for sha PRF in FIPS mode (10 bytes required) Nov 22 07:33:28 domac pluto[17409]: "L2TP-PSK-NAT"[10] 193.198.186.218 #10: STATE_MAIN_R1: sent MR1, expecting MI2 Nov 22 07:33:28 domac pluto[17409]: "L2TP-PSK-NAT"[10] 193.198.186.218 #10: STATE_MAIN_R2: sent MR2, expecting MI3 Nov 22 07:33:29 domac pluto[17409]: "L2TP-PSK-NAT"[10] 193.198.186.218 #10: Peer ID is ID_IPV4_ADDR: '193.198.186.218' Nov 22 07:33:29 domac pluto[17409]: "L2TP-PSK-NAT"[10] 193.198.186.218 #10: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA1 group=DH20} Nov 22 07:33:29 domac pluto[17409]: "L2TP-PSK-NAT"[10] 193.198.186.218 #10: Configured DPD (RFC 3706) support not enabled because remote peer did not advertise DPD support Nov 22 07:33:29 domac pluto[17409]: "L2TP-PSK-NAT"[10] 193.198.186.218 #10: the peer proposed: 161.53.235.3/32:17/1701 -> 193.198.186.218/32:17/0 Nov 22 07:33:29 domac pluto[17409]: "L2TP-PSK-NAT"[10] 193.198.186.218 #10: peer proposal was rejected in a virtual connection policy: a private network virtual IP was required, but the proposed IP did not match our list (virtual-private=), or our list excludes their IP (e.g. %v4!...) since it is in use elsewhere Nov 22 07:33:29 domac pluto[17409]: "L2TP-PSK-noNAT"[1] 193.198.186.218 #11: responding to Quick Mode proposal {msgid:01000000} Nov 22 07:33:29 domac pluto[17409]: "L2TP-PSK-noNAT"[1] 193.198.186.218 #11: us: 161.53.235.3:17/1701 Nov 22 07:33:29 domac pluto[17409]: "L2TP-PSK-noNAT"[1] 193.198.186.218 #11: them: 193.198.186.218:17/1701 Nov 22 07:33:29 domac pluto[17409]: "L2TP-PSK-noNAT"[1] 193.198.186.218 #11: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 transport mode {ESP=>0xaada358c <0xf4b22b60 xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=none NATD=none DPD=active} Nov 22 07:33:29 domac pluto[17409]: "L2TP-PSK-noNAT"[1] 193.198.186.218 #11: Configured DPD (RFC 3706) support not enabled because remote peer did not advertise DPD support Nov 22 07:33:29 domac pluto[17409]: "L2TP-PSK-noNAT"[1] 193.198.186.218 #11: STATE_QUICK_R2: IPsec SA established transport mode {ESP=>0xaada358c <0xf4b22b60 xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=none NATD=none DPD=active} Nov 22 07:34:04 domac pluto[17409]: "L2TP-PSK-NAT"[10] 193.198.186.218 #10: received Delete SA(0xaada358c) payload: deleting IPSEC State #11 Nov 22 07:34:04 domac pluto[17409]: "L2TP-PSK-noNAT"[1] 193.198.186.218 #11: deleting other state #11 connection (STATE_QUICK_R2) "L2TP-PSK-noNAT"[1] 193.198.186.218 and sending notification Nov 22 07:34:04 domac pluto[17409]: "L2TP-PSK-noNAT"[1] 193.198.186.218 #11: ESP traffic information: in=0B out=0B Nov 22 07:34:04 domac pluto[17409]: packet from 193.198.186.218:500: deleting connection "L2TP-PSK-noNAT"[1] 193.198.186.218 instance with peer 193.198.186.218 {isakmp=#0/ipsec=#0} Nov 22 07:34:04 domac pluto[17409]: "L2TP-PSK-NAT"[10] 193.198.186.218 #10: received Delete SA payload: self-deleting ISAKMP State #10 Nov 22 07:34:04 domac pluto[17409]: "L2TP-PSK-NAT"[10] 193.198.186.218 #10: deleting state (STATE_MAIN_R3) and sending notification Nov 22 07:34:04 domac pluto[17409]: packet from 193.198.186.218:500: deleting connection "L2TP-PSK-NAT"[10] 193.198.186.218 instance with peer 193.198.186.218 {isakmp=#0/ipsec=#0} Nov 22 07:35:05 domac pluto[17409]: "L2TP-PSK-NAT"[11] 193.198.186.218 #12: responding to Main Mode from unknown peer 193.198.186.218 on port 500 Nov 22 07:35:05 domac pluto[17409]: "L2TP-PSK-NAT"[11] 193.198.186.218 #12: WARNING: connection L2TP-PSK-NAT PSK length of 9 bytes is too short for sha PRF in FIPS mode (10 bytes required) Nov 22 07:35:05 domac pluto[17409]: "L2TP-PSK-NAT"[11] 193.198.186.218 #12: STATE_MAIN_R1: sent MR1, expecting MI2 Nov 22 07:35:05 domac pluto[17409]: "L2TP-PSK-NAT"[11] 193.198.186.218 #12: STATE_MAIN_R2: sent MR2, expecting MI3 Nov 22 07:35:05 domac pluto[17409]: "L2TP-PSK-NAT"[11] 193.198.186.218 #12: Peer ID is ID_IPV4_ADDR: '193.198.186.218' Nov 22 07:35:05 domac pluto[17409]: "L2TP-PSK-NAT"[11] 193.198.186.218 #12: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA1 group=DH20} Nov 22 07:35:05 domac pluto[17409]: "L2TP-PSK-NAT"[11] 193.198.186.218 #12: Configured DPD (RFC 3706) support not enabled because remote peer did not advertise DPD support Nov 22 07:35:05 domac pluto[17409]: "L2TP-PSK-NAT"[11] 193.198.186.218 #12: the peer proposed: 161.53.235.3/32:17/1701 -> 193.198.186.218/32:17/0 Nov 22 07:35:05 domac pluto[17409]: "L2TP-PSK-NAT"[11] 193.198.186.218 #12: peer proposal was rejected in a virtual connection policy: a private network virtual IP was required, but the proposed IP did not match our list (virtual-private=), or our list excludes their IP (e.g. %v4!...) since it is in use elsewhere Nov 22 07:35:05 domac pluto[17409]: "L2TP-PSK-noNAT"[2] 193.198.186.218 #13: responding to Quick Mode proposal {msgid:01000000} Nov 22 07:35:05 domac pluto[17409]: "L2TP-PSK-noNAT"[2] 193.198.186.218 #13: us: 161.53.235.3:17/1701 Nov 22 07:35:05 domac pluto[17409]: "L2TP-PSK-noNAT"[2] 193.198.186.218 #13: them: 193.198.186.218:17/1701 Nov 22 07:35:05 domac pluto[17409]: "L2TP-PSK-noNAT"[2] 193.198.186.218 #13: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 transport mode {ESP=>0x45305690 <0x7d46c7e2 xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=none NATD=none DPD=active} Nov 22 07:35:05 domac pluto[17409]: "L2TP-PSK-noNAT"[2] 193.198.186.218 #13: Configured DPD (RFC 3706) support not enabled because remote peer did not advertise DPD support Nov 22 07:35:05 domac pluto[17409]: "L2TP-PSK-noNAT"[2] 193.198.186.218 #13: STATE_QUICK_R2: IPsec SA established transport mode {ESP=>0x45305690 <0x7d46c7e2 xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=none NATD=none DPD=active} Nov 22 07:35:40 domac pluto[17409]: "L2TP-PSK-NAT"[11] 193.198.186.218 #12: received Delete SA(0x45305690) payload: deleting IPSEC State #13 Nov 22 07:35:40 domac pluto[17409]: "L2TP-PSK-noNAT"[2] 193.198.186.218 #13: deleting other state #13 connection (STATE_QUICK_R2) "L2TP-PSK-noNAT"[2] 193.198.186.218 and sending notification Nov 22 07:35:40 domac pluto[17409]: "L2TP-PSK-noNAT"[2] 193.198.186.218 #13: ESP traffic information: in=0B out=0B Nov 22 07:35:40 domac pluto[17409]: packet from 193.198.186.218:500: deleting connection "L2TP-PSK-noNAT"[2] 193.198.186.218 instance with peer 193.198.186.218 {isakmp=#0/ipsec=#0} Nov 22 07:35:40 domac pluto[17409]: "L2TP-PSK-NAT"[11] 193.198.186.218 #12: received Delete SA payload: self-deleting ISAKMP State #12 Nov 22 07:35:40 domac pluto[17409]: "L2TP-PSK-NAT"[11] 193.198.186.218 #12: deleting state (STATE_MAIN_R3) and sending notification Nov 22 07:35:40 domac pluto[17409]: packet from 193.198.186.218:500: deleting connection "L2TP-PSK-NAT"[11] 193.198.186.218 instance with peer 193.198.186.218 {isakmp=#0/ipsec=#0} Nov 22 07:35:46 domac pluto[17409]: "L2TP-PSK-NAT"[12] 193.198.186.218 #14: responding to Main Mode from unknown peer 193.198.186.218 on port 500 Nov 22 07:35:46 domac pluto[17409]: "L2TP-PSK-NAT"[12] 193.198.186.218 #14: WARNING: connection L2TP-PSK-NAT PSK length of 9 bytes is too short for sha PRF in FIPS mode (10 bytes required) Nov 22 07:35:46 domac pluto[17409]: "L2TP-PSK-NAT"[12] 193.198.186.218 #14: STATE_MAIN_R1: sent MR1, expecting MI2 Nov 22 07:35:46 domac pluto[17409]: "L2TP-PSK-NAT"[12] 193.198.186.218 #14: STATE_MAIN_R2: sent MR2, expecting MI3 Nov 22 07:35:46 domac pluto[17409]: "L2TP-PSK-NAT"[12] 193.198.186.218 #14: Peer ID is ID_IPV4_ADDR: '193.198.186.218' Nov 22 07:35:46 domac pluto[17409]: "L2TP-PSK-NAT"[12] 193.198.186.218 #14: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA1 group=DH20} Nov 22 07:35:46 domac pluto[17409]: "L2TP-PSK-NAT"[12] 193.198.186.218 #14: Configured DPD (RFC 3706) support not enabled because remote peer did not advertise DPD support Nov 22 07:35:46 domac pluto[17409]: "L2TP-PSK-NAT"[12] 193.198.186.218 #14: the peer proposed: 161.53.235.3/32:17/1701 -> 193.198.186.218/32:17/0 Nov 22 07:35:46 domac pluto[17409]: "L2TP-PSK-NAT"[12] 193.198.186.218 #14: peer proposal was rejected in a virtual connection policy: a private network virtual IP was required, but the proposed IP did not match our list (virtual-private=), or our list excludes their IP (e.g. %v4!...) since it is in use elsewhere Nov 22 07:35:46 domac pluto[17409]: "L2TP-PSK-noNAT"[3] 193.198.186.218 #15: responding to Quick Mode proposal {msgid:01000000} Nov 22 07:35:46 domac pluto[17409]: "L2TP-PSK-noNAT"[3] 193.198.186.218 #15: us: 161.53.235.3:17/1701 Nov 22 07:35:46 domac pluto[17409]: "L2TP-PSK-noNAT"[3] 193.198.186.218 #15: them: 193.198.186.218:17/1701 Nov 22 07:35:46 domac pluto[17409]: "L2TP-PSK-noNAT"[3] 193.198.186.218 #15: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 transport mode {ESP=>0xf9b42546 <0x8525b42a xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=none NATD=none DPD=active} Nov 22 07:35:46 domac pluto[17409]: "L2TP-PSK-noNAT"[3] 193.198.186.218 #15: Configured DPD (RFC 3706) support not enabled because remote peer did not advertise DPD support Nov 22 07:35:46 domac pluto[17409]: "L2TP-PSK-noNAT"[3] 193.198.186.218 #15: STATE_QUICK_R2: IPsec SA established transport mode {ESP=>0xf9b42546 <0x8525b42a xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=none NATD=none DPD=active} Nov 22 07:36:21 domac pluto[17409]: "L2TP-PSK-NAT"[12] 193.198.186.218 #14: received Delete SA(0xf9b42546) payload: deleting IPSEC State #15 Nov 22 07:36:21 domac pluto[17409]: "L2TP-PSK-noNAT"[3] 193.198.186.218 #15: deleting other state #15 connection (STATE_QUICK_R2) "L2TP-PSK-noNAT"[3] 193.198.186.218 and sending notification Nov 22 07:36:21 domac pluto[17409]: "L2TP-PSK-noNAT"[3] 193.198.186.218 #15: ESP traffic information: in=0B out=0B Nov 22 07:36:21 domac pluto[17409]: packet from 193.198.186.218:500: deleting connection "L2TP-PSK-noNAT"[3] 193.198.186.218 instance with peer 193.198.186.218 {isakmp=#0/ipsec=#0} Nov 22 07:36:21 domac pluto[17409]: "L2TP-PSK-NAT"[12] 193.198.186.218 #14: received Delete SA payload: self-deleting ISAKMP State #14 Nov 22 07:36:21 domac pluto[17409]: "L2TP-PSK-NAT"[12] 193.198.186.218 #14: deleting state (STATE_MAIN_R3) and sending notification Nov 22 07:36:21 domac pluto[17409]: packet from 193.198.186.218:500: deleting connection "L2TP-PSK-NAT"[12] 193.198.186.218 instance with peer 193.198.186.218 {isakmp=#0/ipsec=#0} Nov 22 07:37:13 domac pluto[17409]: "L2TP-PSK-NAT"[13] 193.198.186.218 #16: responding to Main Mode from unknown peer 193.198.186.218 on port 500 Nov 22 07:37:13 domac pluto[17409]: "L2TP-PSK-NAT"[13] 193.198.186.218 #16: WARNING: connection L2TP-PSK-NAT PSK length of 9 bytes is too short for sha PRF in FIPS mode (10 bytes required) Nov 22 07:37:13 domac pluto[17409]: "L2TP-PSK-NAT"[13] 193.198.186.218 #16: STATE_MAIN_R1: sent MR1, expecting MI2 Nov 22 07:37:13 domac pluto[17409]: "L2TP-PSK-NAT"[13] 193.198.186.218 #16: STATE_MAIN_R2: sent MR2, expecting MI3 Nov 22 07:37:13 domac pluto[17409]: "L2TP-PSK-NAT"[13] 193.198.186.218 #16: Peer ID is ID_IPV4_ADDR: '193.198.186.218' Nov 22 07:37:13 domac pluto[17409]: "L2TP-PSK-NAT"[13] 193.198.186.218 #16: STATE_MAIN_R3: sent MR3, ISAKMP SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA1 group=DH20} Nov 22 07:37:13 domac pluto[17409]: "L2TP-PSK-NAT"[13] 193.198.186.218 #16: Configured DPD (RFC 3706) support not enabled because remote peer did not advertise DPD support Nov 22 07:37:13 domac pluto[17409]: "L2TP-PSK-NAT"[13] 193.198.186.218 #16: the peer proposed: 161.53.235.3/32:17/1701 -> 193.198.186.218/32:17/0 Nov 22 07:37:13 domac pluto[17409]: "L2TP-PSK-NAT"[13] 193.198.186.218 #16: peer proposal was rejected in a virtual connection policy: a private network virtual IP was required, but the proposed IP did not match our list (virtual-private=), or our list excludes their IP (e.g. %v4!...) since it is in use elsewhere Nov 22 07:37:13 domac pluto[17409]: "L2TP-PSK-noNAT"[4] 193.198.186.218 #17: responding to Quick Mode proposal {msgid:01000000} Nov 22 07:37:13 domac pluto[17409]: "L2TP-PSK-noNAT"[4] 193.198.186.218 #17: us: 161.53.235.3:17/1701 Nov 22 07:37:13 domac pluto[17409]: "L2TP-PSK-noNAT"[4] 193.198.186.218 #17: them: 193.198.186.218:17/1701 Nov 22 07:37:13 domac pluto[17409]: "L2TP-PSK-noNAT"[4] 193.198.186.218 #17: STATE_QUICK_R1: sent QR1, inbound IPsec SA installed, expecting QI2 transport mode {ESP=>0x97b9768c <0x2278aaac xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=none NATD=none DPD=active} Nov 22 07:37:13 domac pluto[17409]: "L2TP-PSK-noNAT"[4] 193.198.186.218 #17: Configured DPD (RFC 3706) support not enabled because remote peer did not advertise DPD support Nov 22 07:37:13 domac pluto[17409]: "L2TP-PSK-noNAT"[4] 193.198.186.218 #17: STATE_QUICK_R2: IPsec SA established transport mode {ESP=>0x97b9768c <0x2278aaac xfrm=AES_CBC_256-HMAC_SHA1_96 NATOA=none NATD=none DPD=active} Nov 22 07:37:48 domac pluto[17409]: "L2TP-PSK-NAT"[13] 193.198.186.218 #16: received Delete SA(0x97b9768c) payload: deleting IPSEC State #17 Nov 22 07:37:48 domac pluto[17409]: "L2TP-PSK-noNAT"[4] 193.198.186.218 #17: deleting other state #17 connection (STATE_QUICK_R2) "L2TP-PSK-noNAT"[4] 193.198.186.218 and sending notification Nov 22 07:37:48 domac pluto[17409]: "L2TP-PSK-noNAT"[4] 193.198.186.218 #17: ESP traffic information: in=0B out=0B Nov 22 07:37:48 domac pluto[17409]: packet from 193.198.186.218:500: deleting connection "L2TP-PSK-noNAT"[4] 193.198.186.218 instance with peer 193.198.186.218 {isakmp=#0/ipsec=#0} Nov 22 07:37:48 domac pluto[17409]: "L2TP-PSK-NAT"[13] 193.198.186.218 #16: received Delete SA payload: self-deleting ISAKMP State #16 Nov 22 07:37:48 domac pluto[17409]: "L2TP-PSK-NAT"[13] 193.198.186.218 #16: deleting state (STATE_MAIN_R3) and sending notification Nov 22 07:37:48 domac pluto[17409]: packet from 193.198.186.218:500: deleting connection "L2TP-PSK-NAT"[13] 193.198.186.218 instance with peer 193.198.186.218 {isakmp=#0/ipsec=#0} Nov 22 07:46:19 domac systemd[1]: Stopping Internet Key Exchange (IKE) Protocol Daemon for IPsec... Nov 22 07:46:19 domac pluto[17409]: shutting down Nov 22 07:46:19 domac whack[14090]: 002 shutting down Nov 22 07:46:19 domac pluto[17409]: forgetting secrets Nov 22 07:46:19 domac pluto[17409]: "L2TP-PSK-NAT"[9] 184.105.139.82: deleting connection "L2TP-PSK-NAT"[9] 184.105.139.82 instance with peer 184.105.139.82 {isakmp=#0/ipsec=#0} Nov 22 07:46:19 domac pluto[17409]: "L2TP-PSK-NAT" #9: deleting state (STATE_MAIN_R0) and NOT sending notification Nov 22 07:46:19 domac pluto[17409]: "L2TP-PSK-noNAT": deleting non-instance connection Nov 22 07:46:19 domac pluto[17409]: "L2TP-PSK-NAT": deleting non-instance connection Nov 22 07:46:19 domac pluto[17409]: shutting down interface lo/lo ::1:500 Nov 22 07:46:19 domac pluto[17409]: shutting down interface lo/lo 127.0.0.1:4500 Nov 22 07:46:19 domac pluto[17409]: shutting down interface lo/lo 127.0.0.1:500 Nov 22 07:46:19 domac pluto[17409]: shutting down interface eth0/eth0 161.53.235.3:4500 Nov 22 07:46:19 domac pluto[17409]: shutting down interface eth0/eth0 161.53.235.3:500 Nov 22 07:46:19 domac pluto[17409]: shutting down interface eth1/eth1 192.168.100.1:4500 Nov 22 07:46:19 domac pluto[17409]: shutting down interface eth1/eth1 192.168.100.1:500 Nov 22 07:46:19 domac pluto[17409]: leak: virtual description, item size: 4 Nov 22 07:46:19 domac pluto[17409]: leak detective found 1 leaks, total size 4 Nov 22 07:46:19 domac systemd[1]: ipsec.service: Succeeded. Nov 22 07:46:19 domac systemd[1]: Stopped Internet Key Exchange (IKE) Protocol Daemon for IPsec. Nov 22 07:46:19 domac systemd[1]: Starting Internet Key Exchange (IKE) Protocol Daemon for IPsec... Nov 22 07:46:20 domac ipsec[14388]: nflog ipsec capture disabled Nov 22 07:46:20 domac systemd[1]: Started Internet Key Exchange (IKE) Protocol Daemon for IPsec. Nov 22 07:53:53 domac systemd[1]: Stopping Internet Key Exchange (IKE) Protocol Daemon for IPsec... Nov 22 07:53:53 domac whack[14569]: 002 shutting down Nov 22 07:53:53 domac systemd[1]: ipsec.service: Succeeded. Nov 22 07:53:53 domac systemd[1]: Stopped Internet Key Exchange (IKE) Protocol Daemon for IPsec. Nov 22 07:53:53 domac systemd[1]: Starting Internet Key Exchange (IKE) Protocol Daemon for IPsec... Nov 22 07:53:54 domac ipsec[14862]: nflog ipsec capture disabled Nov 22 07:53:54 domac systemd[1]: Started Internet Key Exchange (IKE) Protocol Daemon for IPsec. Nov 22 10:13:23 domac systemd[1]: Stopping Internet Key Exchange (IKE) Protocol Daemon for IPsec... Nov 22 10:13:23 domac whack[20938]: 002 shutting down Nov 22 10:13:23 domac systemd[1]: ipsec.service: Succeeded. Nov 22 10:13:23 domac systemd[1]: Stopped Internet Key Exchange (IKE) Protocol Daemon for IPsec. Nov 22 11:10:40 domac systemd[1]: Starting Internet Key Exchange (IKE) Protocol Daemon for IPsec... Nov 22 11:10:41 domac ipsec[23940]: nflog ipsec capture disabled Nov 22 11:10:42 domac systemd[1]: Started Internet Key Exchange (IKE) Protocol Daemon for IPsec. Nov 22 12:43:54 domac systemd[1]: Stopping Internet Key Exchange (IKE) Protocol Daemon for IPsec... Nov 22 12:43:54 domac whack[20302]: 002 shutting down Nov 22 12:43:54 domac systemd[1]: ipsec.service: Succeeded. Nov 22 12:43:54 domac systemd[1]: Stopped Internet Key Exchange (IKE) Protocol Daemon for IPsec. Nov 22 12:43:54 domac systemd[1]: Starting Internet Key Exchange (IKE) Protocol Daemon for IPsec... Nov 22 12:43:55 domac ipsec[20606]: nflog ipsec capture disabled Nov 22 12:43:55 domac systemd[1]: Started Internet Key Exchange (IKE) Protocol Daemon for IPsec. Nov 22 13:03:27 domac systemd[1]: Stopping Internet Key Exchange (IKE) Protocol Daemon for IPsec... Nov 22 13:03:27 domac whack[21159]: 002 shutting down Nov 22 13:03:27 domac systemd[1]: ipsec.service: Succeeded. Nov 22 13:03:27 domac systemd[1]: Stopped Internet Key Exchange (IKE) Protocol Daemon for IPsec. Nov 22 13:03:27 domac systemd[1]: Starting Internet Key Exchange (IKE) Protocol Daemon for IPsec... Nov 22 13:03:28 domac ipsec[21452]: nflog ipsec capture disabled Nov 22 13:03:28 domac systemd[1]: Started Internet Key Exchange (IKE) Protocol Daemon for IPsec. Nov 22 13:18:40 domac systemd[1]: Stopping Internet Key Exchange (IKE) Protocol Daemon for IPsec... Nov 22 13:18:40 domac whack[22119]: 002 shutting down Nov 22 13:18:40 domac systemd[1]: ipsec.service: Succeeded. Nov 22 13:18:40 domac systemd[1]: Stopped Internet Key Exchange (IKE) Protocol Daemon for IPsec. Nov 22 13:18:40 domac systemd[1]: Starting Internet Key Exchange (IKE) Protocol Daemon for IPsec... Nov 22 13:18:41 domac ipsec[22428]: nflog ipsec capture disabled Nov 22 13:18:41 domac systemd[1]: Started Internet Key Exchange (IKE) Protocol Daemon for IPsec. Nov 22 13:30:45 domac systemd[1]: Stopping Internet Key Exchange (IKE) Protocol Daemon for IPsec... Nov 22 13:30:45 domac whack[22968]: 002 shutting down Nov 22 13:30:45 domac systemd[1]: ipsec.service: Succeeded. Nov 22 13:30:45 domac systemd[1]: Stopped Internet Key Exchange (IKE) Protocol Daemon for IPsec. Nov 22 13:30:45 domac systemd[1]: Starting Internet Key Exchange (IKE) Protocol Daemon for IPsec... Nov 22 13:30:46 domac ipsec[23266]: nflog ipsec capture disabled Nov 22 13:30:46 domac systemd[1]: Started Internet Key Exchange (IKE) Protocol Daemon for IPsec. Nov 22 14:49:00 domac systemd[1]: Stopping Internet Key Exchange (IKE) Protocol Daemon for IPsec... Nov 22 14:49:00 domac whack[26991]: 002 shutting down Nov 22 14:49:00 domac systemd[1]: ipsec.service: Succeeded. Nov 22 14:49:00 domac systemd[1]: Stopped Internet Key Exchange (IKE) Protocol Daemon for IPsec. Nov 22 14:49:00 domac systemd[1]: Starting Internet Key Exchange (IKE) Protocol Daemon for IPsec... Nov 22 14:49:01 domac ipsec[27284]: nflog ipsec capture disabled Nov 22 14:49:01 domac systemd[1]: Started Internet Key Exchange (IKE) Protocol Daemon for IPsec. Nov 22 15:28:38 domac systemd[1]: Stopping Internet Key Exchange (IKE) Protocol Daemon for IPsec... Nov 22 15:28:38 domac whack[29196]: 002 shutting down Nov 22 15:28:38 domac systemd[1]: ipsec.service: Succeeded. Nov 22 15:28:38 domac systemd[1]: Stopped Internet Key Exchange (IKE) Protocol Daemon for IPsec. Nov 22 15:28:38 domac systemd[1]: Starting Internet Key Exchange (IKE) Protocol Daemon for IPsec... Nov 22 15:28:39 domac ipsec[29489]: nflog ipsec capture disabled Nov 22 15:28:39 domac systemd[1]: Started Internet Key Exchange (IKE) Protocol Daemon for IPsec. Nov 22 15:49:27 domac systemd[1]: Stopping Internet Key Exchange (IKE) Protocol Daemon for IPsec... Nov 22 15:49:27 domac whack[30736]: 002 shutting down Nov 22 15:49:27 domac systemd[1]: ipsec.service: Succeeded. Nov 22 15:49:27 domac systemd[1]: Stopped Internet Key Exchange (IKE) Protocol Daemon for IPsec. Nov 22 15:49:27 domac systemd[1]: Starting Internet Key Exchange (IKE) Protocol Daemon for IPsec... Nov 22 15:49:28 domac ipsec[31029]: nflog ipsec capture disabled Nov 22 15:49:28 domac systemd[1]: Started Internet Key Exchange (IKE) Protocol Daemon for IPsec. Nov 22 15:59:18 domac systemd[1]: Stopping Internet Key Exchange (IKE) Protocol Daemon for IPsec... Nov 22 15:59:18 domac whack[32234]: 002 shutting down Nov 22 15:59:18 domac systemd[1]: ipsec.service: Succeeded. Nov 22 15:59:18 domac systemd[1]: Stopped Internet Key Exchange (IKE) Protocol Daemon for IPsec. Nov 22 15:59:18 domac systemd[1]: Starting Internet Key Exchange (IKE) Protocol Daemon for IPsec... Nov 22 15:59:19 domac ipsec[32527]: nflog ipsec capture disabled Nov 22 15:59:19 domac systemd[1]: Started Internet Key Exchange (IKE) Protocol Daemon for IPsec. Nov 22 17:56:35 domac systemd[1]: Stopping Internet Key Exchange (IKE) Protocol Daemon for IPsec... Nov 22 17:56:35 domac whack[36828]: 002 shutting down Nov 22 17:56:36 domac systemd[1]: ipsec.service: Succeeded. Nov 22 17:56:36 domac systemd[1]: Stopped Internet Key Exchange (IKE) Protocol Daemon for IPsec. Nov 22 17:56:36 domac systemd[1]: Starting Internet Key Exchange (IKE) Protocol Daemon for IPsec... Nov 22 17:56:36 domac addconn[36837]: duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 17:56:36 domac libipsecconf[36837]: duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 17:56:36 domac addconn[36837]: while loading 'L2TP-PSK-NAT': duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 17:56:36 domac libipsecconf[36837]: while loading 'L2TP-PSK-NAT': duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 17:56:36 domac addconn[36837]: addconn, in config '/etc/ipsec.conf', ignoring: duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 17:56:36 domac _stackmanager[36839]: duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 17:56:36 domac _stackmanager[36839]: while loading 'L2TP-PSK-NAT': duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 17:56:36 domac libipsecconf[36846]: duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 17:56:36 domac libipsecconf[36846]: while loading 'L2TP-PSK-NAT': duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 17:56:36 domac _stackmanager[36839]: addconn, in config '/etc/ipsec.conf', ignoring: duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 17:56:37 domac ipsec[37122]: nflog ipsec capture disabled Nov 22 17:56:37 domac systemd[1]: Started Internet Key Exchange (IKE) Protocol Daemon for IPsec. Nov 22 17:56:37 domac libipsecconf[37146]: duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 17:56:37 domac libipsecconf[37146]: while loading 'L2TP-PSK-NAT': duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 20:51:14 domac systemd[1]: Stopping Internet Key Exchange (IKE) Protocol Daemon for IPsec... Nov 22 20:51:14 domac whack[42043]: 002 shutting down Nov 22 20:51:14 domac systemd[1]: ipsec.service: Succeeded. Nov 22 20:51:14 domac systemd[1]: Stopped Internet Key Exchange (IKE) Protocol Daemon for IPsec. Nov 22 20:51:14 domac systemd[1]: Starting Internet Key Exchange (IKE) Protocol Daemon for IPsec... Nov 22 20:51:14 domac addconn[42052]: duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 20:51:14 domac addconn[42052]: while loading 'L2TP-PSK-NAT': duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 20:51:14 domac libipsecconf[42052]: duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 20:51:14 domac libipsecconf[42052]: while loading 'L2TP-PSK-NAT': duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 20:51:14 domac addconn[42052]: addconn, in config '/etc/ipsec.conf', ignoring: duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 20:51:14 domac _stackmanager[42053]: duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 20:51:14 domac _stackmanager[42053]: while loading 'L2TP-PSK-NAT': duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 20:51:14 domac libipsecconf[42060]: duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 20:51:14 domac libipsecconf[42060]: while loading 'L2TP-PSK-NAT': duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 20:51:14 domac _stackmanager[42053]: addconn, in config '/etc/ipsec.conf', ignoring: duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 20:51:15 domac ipsec[42346]: nflog ipsec capture disabled Nov 22 20:51:15 domac systemd[1]: Started Internet Key Exchange (IKE) Protocol Daemon for IPsec. Nov 22 20:51:15 domac libipsecconf[42369]: duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 20:51:15 domac libipsecconf[42369]: while loading 'L2TP-PSK-NAT': duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 20:53:14 domac systemd[1]: Stopping Internet Key Exchange (IKE) Protocol Daemon for IPsec... Nov 22 20:53:14 domac whack[42398]: 002 shutting down Nov 22 20:53:14 domac systemd[1]: ipsec.service: Succeeded. Nov 22 20:53:14 domac systemd[1]: Stopped Internet Key Exchange (IKE) Protocol Daemon for IPsec. Nov 22 20:53:14 domac systemd[1]: Starting Internet Key Exchange (IKE) Protocol Daemon for IPsec... Nov 22 20:53:14 domac addconn[42407]: duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 20:53:14 domac addconn[42407]: while loading 'L2TP-PSK-NAT': duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 20:53:14 domac libipsecconf[42407]: duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 20:53:14 domac libipsecconf[42407]: while loading 'L2TP-PSK-NAT': duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 20:53:14 domac addconn[42407]: addconn, in config '/etc/ipsec.conf', ignoring: duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 20:53:14 domac _stackmanager[42408]: duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 20:53:14 domac _stackmanager[42408]: while loading 'L2TP-PSK-NAT': duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 20:53:14 domac libipsecconf[42415]: duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 20:53:14 domac libipsecconf[42415]: while loading 'L2TP-PSK-NAT': duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 20:53:14 domac _stackmanager[42408]: addconn, in config '/etc/ipsec.conf', ignoring: duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 20:53:15 domac ipsec[42691]: nflog ipsec capture disabled Nov 22 20:53:15 domac systemd[1]: Started Internet Key Exchange (IKE) Protocol Daemon for IPsec. Nov 22 20:53:15 domac libipsecconf[42714]: duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 20:53:15 domac libipsecconf[42714]: while loading 'L2TP-PSK-NAT': duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 22:16:34 domac systemd[1]: Stopping Internet Key Exchange (IKE) Protocol Daemon for IPsec... Nov 22 22:16:34 domac whack[45277]: 002 shutting down Nov 22 22:16:34 domac systemd[1]: ipsec.service: Succeeded. Nov 22 22:16:34 domac systemd[1]: Stopped Internet Key Exchange (IKE) Protocol Daemon for IPsec. Nov 22 22:16:34 domac systemd[1]: Starting Internet Key Exchange (IKE) Protocol Daemon for IPsec... Nov 22 22:16:34 domac addconn[45286]: duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 22:16:34 domac libipsecconf[45286]: duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 22:16:34 domac addconn[45286]: while loading 'L2TP-PSK-NAT': duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 22:16:34 domac libipsecconf[45286]: while loading 'L2TP-PSK-NAT': duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 22:16:34 domac addconn[45286]: addconn, in config '/etc/ipsec.conf', ignoring: duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 22:16:34 domac _stackmanager[45288]: duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 22:16:34 domac _stackmanager[45288]: while loading 'L2TP-PSK-NAT': duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 22:16:34 domac libipsecconf[45295]: duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 22:16:34 domac libipsecconf[45295]: while loading 'L2TP-PSK-NAT': duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 22:16:34 domac _stackmanager[45288]: addconn, in config '/etc/ipsec.conf', ignoring: duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 22:16:35 domac ipsec[45570]: nflog ipsec capture disabled Nov 22 22:16:35 domac systemd[1]: Started Internet Key Exchange (IKE) Protocol Daemon for IPsec. Nov 22 22:16:35 domac libipsecconf[45594]: duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 22:16:35 domac libipsecconf[45594]: while loading 'L2TP-PSK-NAT': duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 22:25:55 domac systemd[1]: Stopping Internet Key Exchange (IKE) Protocol Daemon for IPsec... Nov 22 22:25:55 domac whack[45730]: 002 shutting down Nov 22 22:25:55 domac systemd[1]: ipsec.service: Succeeded. Nov 22 22:25:55 domac systemd[1]: Stopped Internet Key Exchange (IKE) Protocol Daemon for IPsec. Nov 22 22:47:19 domac systemd[1]: Starting Internet Key Exchange (IKE) Protocol Daemon for IPsec... Nov 22 22:47:19 domac addconn[21387]: duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 22:47:19 domac libipsecconf[21387]: duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 22:47:19 domac addconn[21387]: while loading 'L2TP-PSK-NAT': duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 22:47:19 domac addconn[21387]: The vnet: and vhost: keywords are only valid for IKEv1 connections Nov 22 22:47:19 domac addconn[21387]: while loading 'L2TP-PSK-noNAT': duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 22:47:19 domac addconn[21387]: The vnet: and vhost: keywords are only valid for IKEv1 connections Nov 22 22:47:19 domac addconn[21387]: addconn, in config '/etc/ipsec.conf', duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 22:47:19 domac addconn[21387]: The vnet: and vhost: keywords are only valid for IKEv1 connections Nov 22 22:47:19 domac libipsecconf[21387]: while loading 'L2TP-PSK-NAT': duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 22:47:19 domac libipsecconf[21387]: The vnet: and vhost: keywords are only valid for IKEv1 connections Nov 22 22:47:19 domac libipsecconf[21387]: while loading 'L2TP-PSK-noNAT': duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 22:47:19 domac libipsecconf[21387]: The vnet: and vhost: keywords are only valid for IKEv1 connections Nov 22 22:47:19 domac libipsecconf[21387]: The vnet: and vhost: keywords are only valid for IKEv1 connections Nov 22 22:47:19 domac _stackmanager[21388]: duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 22:47:19 domac _stackmanager[21388]: while loading 'L2TP-PSK-NAT': duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 22:47:19 domac _stackmanager[21388]: The vnet: and vhost: keywords are only valid for IKEv1 connections Nov 22 22:47:19 domac libipsecconf[21395]: duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 22:47:19 domac _stackmanager[21388]: while loading 'L2TP-PSK-noNAT': duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 22:47:19 domac _stackmanager[21388]: The vnet: and vhost: keywords are only valid for IKEv1 connections Nov 22 22:47:19 domac _stackmanager[21388]: addconn, in config '/etc/ipsec.conf', duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 22:47:19 domac _stackmanager[21388]: The vnet: and vhost: keywords are only valid for IKEv1 connections Nov 22 22:47:19 domac libipsecconf[21395]: while loading 'L2TP-PSK-NAT': duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 22:47:19 domac libipsecconf[21395]: The vnet: and vhost: keywords are only valid for IKEv1 connections Nov 22 22:47:19 domac libipsecconf[21395]: while loading 'L2TP-PSK-noNAT': duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 22:47:19 domac libipsecconf[21395]: The vnet: and vhost: keywords are only valid for IKEv1 connections Nov 22 22:47:19 domac libipsecconf[21395]: The vnet: and vhost: keywords are only valid for IKEv1 connections Nov 22 22:47:20 domac _stackmanager[21388]: changing /proc/sys/net/core/xfrm_acq_expires from 300 to 30 Nov 22 22:47:20 domac ipsec[21652]: nflog ipsec capture disabled Nov 22 22:47:20 domac systemd[1]: Started Internet Key Exchange (IKE) Protocol Daemon for IPsec. Nov 22 22:47:20 domac libipsecconf[21675]: duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 22:47:20 domac libipsecconf[21675]: while loading 'L2TP-PSK-NAT': duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 22:47:20 domac libipsecconf[21675]: The vnet: and vhost: keywords are only valid for IKEv1 connections Nov 22 22:47:20 domac libipsecconf[21675]: while loading 'L2TP-PSK-noNAT': duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 22:47:20 domac libipsecconf[21675]: The vnet: and vhost: keywords are only valid for IKEv1 connections Nov 22 22:47:20 domac libipsecconf[21675]: The vnet: and vhost: keywords are only valid for IKEv1 connections Nov 22 23:01:00 domac systemd[1]: Stopping Internet Key Exchange (IKE) Protocol Daemon for IPsec... Nov 22 23:01:00 domac whack[21847]: 002 shutting down Nov 22 23:01:00 domac systemd[1]: ipsec.service: Succeeded. Nov 22 23:01:00 domac systemd[1]: Stopped Internet Key Exchange (IKE) Protocol Daemon for IPsec. Nov 22 23:01:00 domac systemd[1]: Starting Internet Key Exchange (IKE) Protocol Daemon for IPsec... Nov 22 23:01:00 domac addconn[21858]: duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 23:01:00 domac addconn[21858]: while loading 'L2TP-PSK-NAT': duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 23:01:00 domac addconn[21858]: The vnet: and vhost: keywords are only valid for IKEv1 connections Nov 22 23:01:00 domac libipsecconf[21858]: duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 23:01:00 domac addconn[21858]: while loading 'L2TP-PSK-noNAT': duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 23:01:00 domac addconn[21858]: The vnet: and vhost: keywords are only valid for IKEv1 connections Nov 22 23:01:00 domac addconn[21858]: addconn, in config '/etc/ipsec.conf', duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 23:01:00 domac addconn[21858]: The vnet: and vhost: keywords are only valid for IKEv1 connections Nov 22 23:01:00 domac libipsecconf[21858]: while loading 'L2TP-PSK-NAT': duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 23:01:00 domac libipsecconf[21858]: The vnet: and vhost: keywords are only valid for IKEv1 connections Nov 22 23:01:00 domac libipsecconf[21858]: while loading 'L2TP-PSK-noNAT': duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 23:01:00 domac libipsecconf[21858]: The vnet: and vhost: keywords are only valid for IKEv1 connections Nov 22 23:01:00 domac libipsecconf[21858]: The vnet: and vhost: keywords are only valid for IKEv1 connections Nov 22 23:01:00 domac _stackmanager[21859]: duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 23:01:00 domac _stackmanager[21859]: while loading 'L2TP-PSK-NAT': duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 23:01:00 domac _stackmanager[21859]: The vnet: and vhost: keywords are only valid for IKEv1 connections Nov 22 23:01:00 domac libipsecconf[21866]: duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 23:01:00 domac _stackmanager[21859]: while loading 'L2TP-PSK-noNAT': duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 23:01:00 domac _stackmanager[21859]: The vnet: and vhost: keywords are only valid for IKEv1 connections Nov 22 23:01:00 domac _stackmanager[21859]: addconn, in config '/etc/ipsec.conf', duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 23:01:00 domac _stackmanager[21859]: The vnet: and vhost: keywords are only valid for IKEv1 connections Nov 22 23:01:00 domac libipsecconf[21866]: while loading 'L2TP-PSK-NAT': duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 23:01:00 domac libipsecconf[21866]: The vnet: and vhost: keywords are only valid for IKEv1 connections Nov 22 23:01:00 domac libipsecconf[21866]: while loading 'L2TP-PSK-noNAT': duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 23:01:00 domac libipsecconf[21866]: The vnet: and vhost: keywords are only valid for IKEv1 connections Nov 22 23:01:00 domac libipsecconf[21866]: The vnet: and vhost: keywords are only valid for IKEv1 connections Nov 22 23:01:01 domac ipsec[22122]: nflog ipsec capture disabled Nov 22 23:01:01 domac systemd[1]: Started Internet Key Exchange (IKE) Protocol Daemon for IPsec. Nov 22 23:01:01 domac libipsecconf[22145]: duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 23:01:01 domac libipsecconf[22145]: while loading 'L2TP-PSK-NAT': duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 23:01:01 domac libipsecconf[22145]: The vnet: and vhost: keywords are only valid for IKEv1 connections Nov 22 23:01:01 domac libipsecconf[22145]: while loading 'L2TP-PSK-noNAT': duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 22 23:01:01 domac libipsecconf[22145]: The vnet: and vhost: keywords are only valid for IKEv1 connections Nov 22 23:01:01 domac libipsecconf[22145]: The vnet: and vhost: keywords are only valid for IKEv1 connections Nov 22 23:16:02 domac systemd[1]: Stopping Internet Key Exchange (IKE) Protocol Daemon for IPsec... Nov 22 23:16:02 domac whack[22643]: 002 shutting down Nov 22 23:16:02 domac systemd[1]: ipsec.service: Succeeded. Nov 22 23:16:02 domac systemd[1]: Stopped Internet Key Exchange (IKE) Protocol Daemon for IPsec. Nov 22 23:16:02 domac systemd[1]: Starting Internet Key Exchange (IKE) Protocol Daemon for IPsec... Nov 22 23:16:03 domac ipsec[22918]: nflog ipsec capture disabled Nov 22 23:16:03 domac systemd[1]: Started Internet Key Exchange (IKE) Protocol Daemon for IPsec. Nov 23 00:19:28 domac systemd[1]: Stopping Internet Key Exchange (IKE) Protocol Daemon for IPsec... Nov 23 00:19:28 domac whack[24809]: 002 shutting down Nov 23 00:19:28 domac systemd[1]: ipsec.service: Succeeded. Nov 23 00:19:28 domac systemd[1]: Stopped Internet Key Exchange (IKE) Protocol Daemon for IPsec. Nov 23 00:19:28 domac systemd[1]: Starting Internet Key Exchange (IKE) Protocol Daemon for IPsec... Nov 23 00:19:29 domac ipsec[25086]: nflog ipsec capture disabled Nov 23 00:19:29 domac systemd[1]: Started Internet Key Exchange (IKE) Protocol Daemon for IPsec. Nov 23 03:28:23 domac systemd[1]: Stopping Internet Key Exchange (IKE) Protocol Daemon for IPsec... Nov 23 03:28:23 domac whack[30107]: 002 shutting down Nov 23 03:28:23 domac systemd[1]: ipsec.service: Succeeded. Nov 23 03:28:23 domac systemd[1]: Stopped Internet Key Exchange (IKE) Protocol Daemon for IPsec. Nov 23 03:28:23 domac systemd[1]: Starting Internet Key Exchange (IKE) Protocol Daemon for IPsec... Nov 23 03:28:24 domac ipsec[30385]: nflog ipsec capture disabled Nov 23 03:28:24 domac systemd[1]: Started Internet Key Exchange (IKE) Protocol Daemon for IPsec. Nov 23 03:30:13 domac systemd[1]: Stopping Internet Key Exchange (IKE) Protocol Daemon for IPsec... Nov 23 03:30:13 domac whack[30457]: 002 shutting down Nov 23 03:30:13 domac systemd[1]: ipsec.service: Succeeded. Nov 23 03:30:13 domac systemd[1]: Stopped Internet Key Exchange (IKE) Protocol Daemon for IPsec. Nov 23 03:30:13 domac systemd[1]: Starting Internet Key Exchange (IKE) Protocol Daemon for IPsec... Nov 23 03:30:13 domac addconn[30468]: duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 23 03:30:13 domac libipsecconf[30468]: duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 23 03:30:13 domac addconn[30468]: while loading 'L2TP-PSK-NAT': duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 23 03:30:13 domac addconn[30468]: The vnet: and vhost: keywords are only valid for IKEv1 connections Nov 23 03:30:13 domac addconn[30468]: while loading 'L2TP-PSK-noNAT': duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 23 03:30:13 domac addconn[30468]: The vnet: and vhost: keywords are only valid for IKEv1 connections Nov 23 03:30:13 domac libipsecconf[30468]: while loading 'L2TP-PSK-NAT': duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 23 03:30:13 domac addconn[30468]: addconn, in config '/etc/ipsec.conf', duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 23 03:30:13 domac addconn[30468]: The vnet: and vhost: keywords are only valid for IKEv1 connections Nov 23 03:30:13 domac libipsecconf[30468]: The vnet: and vhost: keywords are only valid for IKEv1 connections Nov 23 03:30:13 domac libipsecconf[30468]: while loading 'L2TP-PSK-noNAT': duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 23 03:30:13 domac libipsecconf[30468]: The vnet: and vhost: keywords are only valid for IKEv1 connections Nov 23 03:30:13 domac libipsecconf[30468]: The vnet: and vhost: keywords are only valid for IKEv1 connections Nov 23 03:30:13 domac _stackmanager[30469]: duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 23 03:30:13 domac _stackmanager[30469]: while loading 'L2TP-PSK-NAT': duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 23 03:30:13 domac _stackmanager[30469]: The vnet: and vhost: keywords are only valid for IKEv1 connections Nov 23 03:30:13 domac libipsecconf[30476]: duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 23 03:30:13 domac _stackmanager[30469]: while loading 'L2TP-PSK-noNAT': duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 23 03:30:13 domac _stackmanager[30469]: The vnet: and vhost: keywords are only valid for IKEv1 connections Nov 23 03:30:13 domac _stackmanager[30469]: addconn, in config '/etc/ipsec.conf', duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 23 03:30:13 domac _stackmanager[30469]: The vnet: and vhost: keywords are only valid for IKEv1 connections Nov 23 03:30:13 domac libipsecconf[30476]: while loading 'L2TP-PSK-NAT': duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 23 03:30:13 domac libipsecconf[30476]: The vnet: and vhost: keywords are only valid for IKEv1 connections Nov 23 03:30:13 domac libipsecconf[30476]: while loading 'L2TP-PSK-noNAT': duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 23 03:30:13 domac libipsecconf[30476]: The vnet: and vhost: keywords are only valid for IKEv1 connections Nov 23 03:30:13 domac libipsecconf[30476]: The vnet: and vhost: keywords are only valid for IKEv1 connections Nov 23 03:30:14 domac ipsec[30742]: nflog ipsec capture disabled Nov 23 03:30:14 domac systemd[1]: Started Internet Key Exchange (IKE) Protocol Daemon for IPsec. Nov 23 03:30:14 domac libipsecconf[30765]: duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 23 03:30:14 domac libipsecconf[30765]: while loading 'L2TP-PSK-NAT': duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 23 03:30:14 domac libipsecconf[30765]: The vnet: and vhost: keywords are only valid for IKEv1 connections Nov 23 03:30:14 domac libipsecconf[30765]: while loading 'L2TP-PSK-noNAT': duplicate key 'subnet' in conn L2TP-PSK-NAT while processing def L2TP-PSK-noNAT Nov 23 03:30:14 domac libipsecconf[30765]: The vnet: and vhost: keywords are only valid for IKEv1 connections Nov 23 03:30:14 domac libipsecconf[30765]: The vnet: and vhost: keywords are only valid for IKEv1 connections + _________________________ date + + date Tue Nov 23 03:33:07 CET 2021