File: road.console.txt

package info (click to toggle)
libreswan 5.2-2.3
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 81,644 kB
  • sloc: ansic: 129,988; sh: 32,018; xml: 20,646; python: 10,303; makefile: 3,022; javascript: 1,506; sed: 574; yacc: 511; perl: 264; awk: 52
file content (87 lines) | stat: -rw-r--r-- 4,373 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
 
/testing/guestbin/swan-prep --nokeys
Creating empty NSS database
road #
 ipsec start
Redirecting to: [initsystem]
road #
 ../../guestbin/wait-until-pluto-started
road #
 ipsec auto --add modecfg-road-eastnet-psk
"modecfg-road-eastnet-psk": added IKEv1 connection
road #
 echo "initdone"
initdone
road #
 ipsec whack --xauthname 'use3' --xauthpass 'use1pass' --name modecfg-road-eastnet-psk --initiate
"modecfg-road-eastnet-psk" #1: IKEv1 Aggressive Mode with PSK is vulnerable to dictionary attacks and is cracked on large scale by TLA's
"modecfg-road-eastnet-psk" #1: multiple DH groups in aggressive mode can cause interop failure
"modecfg-road-eastnet-psk" #1: Deleting previous proposal in the hopes of selecting DH 2 or DH 5
"modecfg-road-eastnet-psk" #1: transform (OAKLEY_3DES_CBC,OAKLEY_SHA1,DH19 keylen 0) ignored.
"modecfg-road-eastnet-psk" #1: transform (OAKLEY_3DES_CBC,OAKLEY_SHA1,DH31 keylen 0) ignored.
"modecfg-road-eastnet-psk" #1: initiating IKEv1 Aggressive Mode connection
"modecfg-road-eastnet-psk" #1: multiple DH groups in aggressive mode can cause interop failure
"modecfg-road-eastnet-psk" #1: Deleting previous proposal in the hopes of selecting DH 2 or DH 5
"modecfg-road-eastnet-psk" #1: transform (OAKLEY_3DES_CBC,OAKLEY_SHA1,DH19 keylen 0) ignored.
"modecfg-road-eastnet-psk" #1: transform (OAKLEY_3DES_CBC,OAKLEY_SHA1,DH31 keylen 0) ignored.
"modecfg-road-eastnet-psk" #1: sent Aggressive Mode request
"modecfg-road-eastnet-psk" #1: Peer ID is ID_FQDN: '@east'
"modecfg-road-eastnet-psk" #1: ISAKMP SA established {auth=PRESHARED_KEY cipher=3DES_CBC_192 integ=HMAC_SHA1 group=MODP1536}
"modecfg-road-eastnet-psk" #1: prompt for Username:
"modecfg-road-eastnet-psk" #1: prompt for Password:
"modecfg-road-eastnet-psk" #1: XAUTH: Answering XAUTH challenge with user='use3'
"modecfg-road-eastnet-psk" #1: XAUTH client - possibly awaiting CFG_set {auth=PRESHARED_KEY cipher=3DES_CBC_192 integ=HMAC_SHA1 group=MODP1536}
"modecfg-road-eastnet-psk" #1: XAUTH: Successfully Authenticated
"modecfg-road-eastnet-psk" #1: XAUTH client - possibly awaiting CFG_set {auth=PRESHARED_KEY cipher=3DES_CBC_192 integ=HMAC_SHA1 group=MODP1536}
"modecfg-road-eastnet-psk" #1: modecfg: Sending IP request (MODECFG_I1)
"modecfg-road-eastnet-psk" #1: Received IPv4 address: 192.0.2.209/32
"modecfg-road-eastnet-psk" #1: received and ignored CISCO_SPLIT_INC subnet 192.0.2.0/24
"modecfg-road-eastnet-psk" #1: ISAKMP SA established {auth=PRESHARED_KEY cipher=3DES_CBC_192 integ=HMAC_SHA1 group=MODP1536}
"modecfg-road-eastnet-psk" #2: initiating Quick Mode IKEv1+PSK+ENCRYPT+TUNNEL+PFS+UP+XAUTH+MODECFG_PULL+AGGRESSIVE+IKE_FRAG_ALLOW+ESN_NO+ESN_YES
"modecfg-road-eastnet-psk" #2: sent Quick Mode request
"modecfg-road-eastnet-psk" #2: IPsec SA established tunnel mode {ESP=>0xESPESP <0xESPESP xfrm=AES_CBC_128-HMAC_SHA1_96 DPD=passive username=use3}
road #
 ipsec whack --trafficstatus
#2: "modecfg-road-eastnet-psk", username=use3, type=ESP, add_time=1234567890, inBytes=0, outBytes=0, maxBytes=2^63B, lease=192.0.2.209/32
road #
 ../../guestbin/ping-once.sh --up 192.0.2.254
up
road #
 ipsec whack --trafficstatus
#2: "modecfg-road-eastnet-psk", username=use3, type=ESP, add_time=1234567890, inBytes=84, outBytes=84, maxBytes=2^63B, lease=192.0.2.209/32
road #
 echo done
done
road #
 ../../guestbin/ipsec-kernel-state.sh
src 192.1.3.209 dst 192.1.2.23
	proto esp spi 0xSPISPI reqid REQID mode tunnel
	replay-window 0 flag af-unspec
	auth-trunc hmac(sha1) 0xHASHKEY 96
	enc cbc(aes) 0xENCKEY
	lastused YYYY-MM-DD HH:MM:SS
src 192.1.2.23 dst 192.1.3.209
	proto esp spi 0xSPISPI reqid REQID mode tunnel
	replay-window 0 flag af-unspec
	auth-trunc hmac(sha1) 0xHASHKEY 96
	enc cbc(aes) 0xENCKEY
	lastused YYYY-MM-DD HH:MM:SS
	anti-replay esn context:
	 seq-hi 0x0, seq 0xXX, oseq-hi 0x0, oseq 0xXX
	 replay_window 128, bitmap-length 4
	 00000000 00000000 00000000 XXXXXXXX 
road #
 ../../guestbin/ipsec-kernel-policy.sh
src 192.0.2.0/24 dst 192.0.2.209/32
	dir fwd priority PRIORITY ptype main
	tmpl src 192.1.2.23 dst 192.1.3.209
		proto esp reqid REQID mode tunnel
src 192.0.2.0/24 dst 192.0.2.209/32
	dir in priority PRIORITY ptype main
	tmpl src 192.1.2.23 dst 192.1.3.209
		proto esp reqid REQID mode tunnel
src 192.0.2.209/32 dst 192.0.2.0/24
	dir out priority PRIORITY ptype main
	tmpl src 192.1.3.209 dst 192.1.2.23
		proto esp reqid REQID mode tunnel
road #