Starting UML PATH/start.sh spawn PATH single Linux version XXXX On node 0 totalpages: 8192 Kernel command line: Calibrating delay loop... XXXX bogomips Dentry-cache hash table entries: NUMBERS Inode-cache hash table entries: NUMBERS Mount-cache hash table entries: NUMBERS Buffer-cache hash table entries: NUMBERS Page-cache hash table entries: NUMEBRS POSIX conformance testing by UNIFIX Linux NET4.0 for Linux 2.4 Based upon Swansea University Computer Society NET3.039 Initializing RT netlink socket Starting kswapd VFS: Diskquotas version dquot_6.4.0 initialized devfs: VERSION Richard Gooch (rgooch@atnf.csiro.au) devfs: boot_options Q pty: 256 Unix98 ptys configured SLIP: version 0.8.4-NET3.019-NEWTTY (dynamic channels, max=256). loop: loaded (max 8 devices) PPP generic driver version VERSION Universal TUN/TAP device driver VERSION NET4: Linux TCP/IP 1.0 for NET4.0 IP Protocols: ICMP, UDP, TCP IP: routing cache hash table of 512 buckets, 4Kbytes TCP: Hash tables configured (established 2048 bind 2048) IPv4 over IPv4 tunneling driver GRE over IPv4 tunneling driver NET4: Unix domain sockets 1.0/SMP for Linux NET4.0. Mounted devfs on /dev INIT: version 2.78 booting Activating swap... Calculating module dependancies done. Loading modules: LIST Checking all file systems... Parallelizing fsck version 1.18 (11-Nov-1999) Setting kernel variables. Mounting local filesystems... /dev/shm on /tmp type tmpfs (rw) /dev/shm on /var/run type tmpfs (rw) devpts on /dev/pts type devpts (rw,mode=0622) none on /usr/share type hostfs (ro) Enabling packet forwarding: done. Configuring network interfaces: done. Cleaning: /tmp /var/lock /var/run. Initializing random number generator... done. Recovering nvi editor sessions... done. Give root password for maintenance (or type Control-D for normal startup): east:~# klogd -c 4 -x -f /tmp/klog.log east:~# set +o emacs east:~# ICP=/testing/scripts/ipsec.conf.pairs east:~# export PATH="$ICP/bin:$PATH" east:~# cd $ICP east:/testing/scripts/ipsec.conf.pairs# ipsec setup start ipsec_setup: Starting FreeS/WAN IPsec VERSION east:/testing/scripts/ipsec.conf.pairs# cat /var/run/pluto/ipsec.info defaultroutephys=eth1 defaultroutevirt=ipsec0 defaultrouteaddr=192.1.2.23 defaultroutenexthop=192.1.2.254 east:/testing/scripts/ipsec.conf.pairs# ( cd ignat ; drill ; differ+ ; cd .. ; ) ++ ipsec setup --config v2 --showonly start ++ ipsec setup --config v2 --showonly stop ++ ipsec _confread --config v2 --search auto route ++ auto v2 ignore ignore - ++ ipsec _confread --config v2 --varprefix YYZ --search auto ignore ++ . /tmp/list.ignore.v2 +++ YYZ_confreadnames=OEself +++ export YYZ_confreadnames +++ YYZ_confreadstatus= +++ export YYZ_confreadstatus ++ '[' X- '!=' X- -a -z '' -a -n OEself ']' ++ auto v2 manual manual - ++ ipsec _confread --config v2 --varprefix YYZ --search auto manual ++ . /tmp/list.manual.v2 +++ YYZ_confreadnames= +++ export YYZ_confreadnames +++ YYZ_confreadstatus= +++ export YYZ_confreadstatus ++ '[' X- '!=' X- -a -z '' -a -n '' ']' ++ auto v2 add 'add route start' add ++ ipsec _confread --config v2 --varprefix YYZ --search auto add route start ++ . /tmp/list.add.v2 +++ YYZ_confreadnames=packetdefault mms singtel1 block amethon elogic mms1 singtel clear-or-private clear Sasme lateral private-or-clear wap private +++ export YYZ_confreadnames +++ YYZ_confreadstatus= +++ export YYZ_confreadstatus ++ '[' Xadd '!=' X- -a -z '' -a -n 'packetdefault mms singtel1 block amethon elogic mms1 singtel clear-or-private clear Sasme lateral private-or-clear wap private' ']' ++ ipsec auto --showonly --config v2 --add packetdefault ++ ipsec auto --showonly --config v2 --add mms ++ ipsec auto --showonly --config v2 --add singtel1 ++ ipsec auto --showonly --config v2 --add block ++ ipsec auto --showonly --config v2 --add amethon ++ ipsec auto --showonly --config v2 --add elogic ++ ipsec auto --showonly --config v2 --add mms1 ++ ipsec auto --showonly --config v2 --add singtel ++ ipsec auto --showonly --config v2 --add clear-or-private ++ ipsec auto --showonly --config v2 --add clear ++ ipsec auto --showonly --config v2 --add Sasme ++ ipsec auto --showonly --config v2 --add lateral ++ ipsec auto --showonly --config v2 --add private-or-clear ++ ipsec auto --showonly --config v2 --add wap ++ ipsec auto --showonly --config v2 --add private ++ auto v2 route 'route start' route ++ ipsec _confread --config v2 --varprefix YYZ --search auto route start ++ . /tmp/list.route.v2 +++ YYZ_confreadnames=packetdefault mms block amethon elogic mms1 clear-or-private clear private-or-clear wap private +++ export YYZ_confreadnames +++ YYZ_confreadstatus= +++ export YYZ_confreadstatus ++ '[' Xroute '!=' X- -a -z '' -a -n 'packetdefault mms block amethon elogic mms1 clear-or-private clear private-or-clear wap private' ']' ++ ipsec auto --showonly --config v2 --route packetdefault ++ ipsec auto --showonly --config v2 --route mms ++ ipsec auto --showonly --config v2 --route block ++ ipsec auto --showonly --config v2 --route amethon ++ ipsec auto --showonly --config v2 --route elogic ++ ipsec auto --showonly --config v2 --route mms1 ++ ipsec auto --showonly --config v2 --route clear-or-private ++ ipsec auto --showonly --config v2 --route clear ++ ipsec auto --showonly --config v2 --route private-or-clear ++ ipsec auto --showonly --config v2 --route wap ++ ipsec auto --showonly --config v2 --route private ++ auto v2 start start up ++ ipsec _confread --config v2 --varprefix YYZ --search auto start ++ . /tmp/list.start.v2 +++ YYZ_confreadnames=mms amethon elogic mms1 wap +++ export YYZ_confreadnames +++ YYZ_confreadstatus= +++ export YYZ_confreadstatus ++ '[' Xup '!=' X- -a -z '' -a -n 'mms amethon elogic mms1 wap' ']' ++ ipsec auto --showonly --config v2 --up mms ++ ipsec auto --showonly --config v2 --up amethon ++ ipsec auto --showonly --config v2 --up elogic ++ ipsec auto --showonly --config v2 --up mms1 ++ ipsec auto --showonly --config v2 --up wap diff -u auto.add.v1 /tmp/auto.add.v2 @@ -1,5 +1,13 @@ PATH="/usr/local/sbin:/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin" export PATH +ipsec whack --name packetdefault --encrypt --tunnel --failpass --pfs --ikelifetime "3600" --rsasig \ + --host "192.1.2.45" --client "0.0.0.0/0" --nexthop "192.1.2.254" --updown "ipsec _updown" --id "%myid" --dnskeyondemand \ + --to --host "%opportunistic" --nexthop "%direct" --updown "ipsec _updown" \ + --ipseclifetime "3600" --rekeymargin "540" \ + --keyingtries "3" --dontrekey \ + || exit $? +PATH="/usr/local/sbin:/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin" +export PATH ipsec whack --label "\"mms\" leftrsasigkey" --keyid "@203.19.245.83" --pubkeyrsa "0sAQP...." \ || exit $? ipsec whack --label "\"mms\" rightrsasigkey" --keyid "@203.202.188.202" --pubkeyrsa "0sAQ..." \ @@ -20,6 +28,14 @@ || exit $? PATH="/usr/local/sbin:/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin" export PATH +ipsec whack --name block --reject --pfs \ + --host "192.1.2.45" --nexthop "192.1.2.254" --updown "ipsec _updown" --id "%myid" --dnskeyondemand \ + --to --host "%group" --nexthop "%direct" --updown "ipsec _updown" --dnskeyondemand \ + --ipseclifetime "28800" --rekeymargin "540" \ + --keyingtries "0" \ + || exit $? +PATH="/usr/local/sbin:/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin" +export PATH ipsec whack --name amethon --encrypt --tunnel --pfs --disablearrivalcheck --psk \ --host "203.174.137.190" --client "192.168.5.0/24" --nexthop "%direct" --updown "ipsec _updown" --id "203.174.137.190" \ --to --host "203.202.188.202" --client "10.59.4.16/30" --nexthop "203.202.188.201" --updown "ipsec _updown" \ @@ -60,6 +76,22 @@ || exit $? PATH="/usr/local/sbin:/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin" export PATH +ipsec whack --name clear-or-private --encrypt --pass --failpass --pfs --ikelifetime "3600" --rsasig \ + --host "192.1.2.45" --nexthop "192.1.2.254" --updown "ipsec _updown" --id "%myid" --dnskeyondemand \ + --to --host "%opportunisticgroup" --nexthop "%direct" --updown "ipsec _updown" --dnskeyondemand \ + --ipseclifetime "3600" --rekeymargin "540" \ + --keyingtries "3" --dontrekey \ + || exit $? +PATH="/usr/local/sbin:/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin" +export PATH +ipsec whack --name clear --pass --pfs \ + --host "192.1.2.45" --nexthop "192.1.2.254" --updown "ipsec _updown" --id "%myid" --dnskeyondemand \ + --to --host "%group" --nexthop "%direct" --updown "ipsec _updown" --dnskeyondemand \ + --ipseclifetime "28800" --rekeymargin "540" \ + --keyingtries "0" \ + || exit $? +PATH="/usr/local/sbin:/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin" +export PATH ipsec whack --label "\"Sasme\" leftrsasigkey" --keyid "@ipsec.ninemsn.com.au" --pubkeyrsa "0sAQP..." \ || exit $? ipsec whack --label "\"Sasme\" rightrsasigkey" --keyid "@203.202.188.202" --pubkeyrsa "0sAQP..." \ @@ -80,6 +112,14 @@ || exit $? PATH="/usr/local/sbin:/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin" export PATH +ipsec whack --name private-or-clear --encrypt --tunnel --failpass --pfs --ikelifetime "3600" --rsasig \ + --host "192.1.2.45" --nexthop "192.1.2.254" --updown "ipsec _updown" --id "%myid" --dnskeyondemand \ + --to --host "%opportunisticgroup" --nexthop "%direct" --updown "ipsec _updown" --dnskeyondemand \ + --ipseclifetime "3600" --rekeymargin "540" \ + --keyingtries "3" --dontrekey \ + || exit $? +PATH="/usr/local/sbin:/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin" +export PATH ipsec whack --label "\"wap\" leftrsasigkey" --keyid "@202.139.125.54" --pubkeyrsa "0sAQN..." \ || exit $? ipsec whack --label "\"wap\" rightrsasigkey" --keyid "@203.202.188.202" --pubkeyrsa "0sAQP...." \ @@ -89,4 +129,12 @@ --to --host "203.202.188.202" --client "10.59.4.16/30" --nexthop "203.202.188.201" --updown "ipsec _updown" --id "@203.202.188.202" \ --ipseclifetime "28800" --rekeymargin "540" \ --keyingtries "0" \ + || exit $? +PATH="/usr/local/sbin:/sbin:/usr/sbin:/usr/local/bin:/bin:/usr/bin" +export PATH +ipsec whack --name private --encrypt --tunnel --faildrop --pfs --ikelifetime "3600" --rsasig \ + --host "192.1.2.45" --nexthop "192.1.2.254" --updown "ipsec _updown" --id "%myid" --dnskeyondemand \ + --to --host "%opportunisticgroup" --nexthop "%direct" --updown "ipsec _updown" --dnskeyondemand \ + --ipseclifetime "3600" --rekeymargin "540" \ + --keyingtries "3" --dontrekey \ || exit $? diff -u auto.route.v1 /tmp/auto.route.v2 @@ -1,5 +1,11 @@ +ipsec whack --name packetdefault --route ipsec whack --name mms --route +ipsec whack --name block --route ipsec whack --name amethon --route ipsec whack --name elogic --route ipsec whack --name mms1 --route +ipsec whack --name clear-or-private --route +ipsec whack --name clear --route +ipsec whack --name private-or-clear --route ipsec whack --name wap --route +ipsec whack --name private --route diff -u auto.start.v1 /tmp/auto.start.v2 diff -u confread.search.route.v1 /tmp/confread.search.route.v2 @@ -1 +1,7 @@ += packetdefault += block += clear-or-private += clear += private-or-clear += private ! diff -u list.add.v1 /tmp/list.add.v2 @@ -1,4 +1,4 @@ -YYZ_confreadnames="mms singtel1 amethon elogic mms1 singtel Sasme lateral wap" +YYZ_confreadnames="packetdefault mms singtel1 block amethon elogic mms1 singtel clear-or-private clear Sasme lateral private-or-clear wap private" export YYZ_confreadnames YYZ_confreadstatus="" export YYZ_confreadstatus diff -u list.ignore.v1 /tmp/list.ignore.v2 diff -u list.manual.v1 /tmp/list.manual.v2 diff -u list.route.v1 /tmp/list.route.v2 @@ -1,4 +1,4 @@ -YYZ_confreadnames="mms amethon elogic mms1 wap" +YYZ_confreadnames="packetdefault mms block amethon elogic mms1 clear-or-private clear private-or-clear wap private" export YYZ_confreadnames YYZ_confreadstatus="" export YYZ_confreadstatus diff -u list.start.v1 /tmp/list.start.v2 diff -u setup.start.out.v1 /tmp/setup.start.out.v2 @@ -7,8 +7,8 @@ ipsec_setup: echo $$ > /var/run/pluto/ipsec_setup.pid ipsec_setup: test -s /var/run/pluto/ipsec_setup.pid || { echo "...unable to create /var/run/pluto/ipsec_setup.pid, aborting start!" ; rm -f /var/run/pluto/ipsec_setup.pid ; exit 1 ; } ipsec_setup: > /var/run/pluto/ipsec.info -ipsec_setup: ipsec _startklips --info /var/run/pluto/ipsec.info --debug "none" --omtu "" --fragicmp "" --hidetos "" --default "drop" --log "daemon.error" %defaultroute || { rm -f /var/run/pluto/ipsec_setup.pid ; exit 1 ; } -ipsec_setup: test -f /proc/net/ipsec_version || { echo "OOPS, should have aborted! Broken shell!" ; exit 1 ; } +ipsec_setup: ipsec _startklips --info /var/run/pluto/ipsec.info --debug "none" --omtu "" --fragicmp "" --hidetos "" --log "daemon.error" %defaultroute || { rm -f /var/run/pluto/ipsec_setup.pid ; exit 1 ; } +ipsec_setup: test -f /proc/net/ipsec_version || test -f /proc/net/pfkey || { echo "OOPS, should have aborted! Broken shell!" ; exit 1 ; } ipsec_setup: test -d /var/lock/subsys && touch /var/lock/subsys/ipsec ipsec_setup: ipsec _plutorun --debug "none" --uniqueids "yes" --dump "" --wait "no" --pre "" --post "" --log "daemon.error" --pid "/var/run/pluto/pluto.pid" || { ifl=` ifconfig | sed -n -e "/^ipsec/s/ .*//p" ` ; test "X$ifl" != "X" && for i in $ifl ; do ifconfig $i down ; ipsec tncfg --detach --virtual $i ; done ; test -r /proc/net/ipsec_klipsdebug && ipsec klipsdebug --none ; ipsec eroute --clear ; ipsec spi --clear ; lsmod 2>&1 | grep "^ipsec" > /dev/null && rmmod ipsec ; rm -f /var/run/pluto/ipsec_setup.pid ; exit 1 ; } ipsec_setup: echo "...FreeS/WAN IPsec started" | logger -p daemon.error -t ipsec_setup diff -u setup.stop.out.v1 /tmp/setup.stop.out.v2 east:/testing/scripts/ipsec.conf.pairs# ipsec setup stop ipsec_setup: Stopping FreeS/WAN IPsec... IPSEC EVENT: KLIPS device ipsec0 shut down. east:/testing/scripts/ipsec.conf.pairs# kill `cat /var/run/klogd.pid`; cat /tmp/klog.log klogd 1.3-3#33.1, log source = /proc/kmsg started. east:/testing/scripts/ipsec.conf.pairs# halt -p -f Power down.