stefaniobrunhara
(usa CentOS)
Enviado em 02/09/2015 - 08:44h
Pessoal fiz um teste baixando os fontes e compilando para ver se era algum problema de versão do rpm do centos, mas mesmo assim não consegui funcionar o IPSEC.
Estou apanhando feio! kkk
wget
http://download.openswan.org/openswan/openswan-2.6.45.tar.gz
tar -xvzf openswan-2.6.45.tar.gz
cd openswan-2.6.45
make programs
sudo make install
vim /etc/ipsec.conf
config setup
plutodebug=all
plutostderrlog=/var/log/pluto.log
protostack=netkey
nat_traversal=yes
oe=off
conn SiteA <-- SiteB changed in the another machine
pfs=yes
auto=add
compress=no
type=tunnel
authby=secret
ike=3des-md5
phase2=esp
phase2alg=3des-md5
left=200.50.14.186
leftsubnet=192.168.0.0/22
leftnexthop=%defaultroute
right=189.184.218.234
rightsubnet=192.168.15.0/24
rightnexthop=%defaultroute
[root at ns15 openswan-2.6.45]# ipsec verify
Checking if IPsec got installed and started correctly:
Version check and ipsec on-path [OK]
Openswan U2.6.45/K2.6.32-573.3.1.el6.i686 (netkey)
See `ipsec --copyright' for copyright information.
Checking for IPsec support in kernel [OK]
NETKEY: Testing XFRM related proc values
ICMP default/send_redirects [OK]
ICMP default/accept_redirects [OK]
XFRM larval drop [OK]
Hardware random device check [N/A]
Two or more interfaces found, checking IP forwarding [OK]
Checking rp_filter [OK]
Checking that pluto is running [OK]
Pluto listening for IKE on udp 500 [OK]
Pluto listening for IKE on tcp 500 [NOT IMPLEMENTED]
Pluto listening for IKE/NAT-T on udp 4500 [OK]
Pluto listening for IKE/NAT-T on tcp 4500 [NOT IMPLEMENTED]
Pluto listening for IKE on tcp 10000 (cisco) [NOT IMPLEMENTED]
Checking NAT and MASQUERADEing [TEST INCOMPLETE]
Checking 'ip' command [IP XFRM BROKEN]
<-------- ????
Checking 'iptables' command [OK]
Log SiteA
processing connection SiteA
| received encrypted packet from 189.184.218.234:500
| decrypting 24 bytes using algorithm OAKLEY_3DES_CBC
| decrypted:
| 00 00 00 14 0d 63 da 95 b1 05 c4 79 3c b9 c4 5a
| 66 61 d6 6d 00 00 00 00
| next IV: 98 11 e6 de 00 1d ab 0a
| got payload 0x100(ISAKMP_NEXT_HASH) needed: 0x100 opt: 0x0
| ***parse ISAKMP Hash Payload:
| next payload type: ISAKMP_NEXT_NONE
| length: 20
| removing 4 bytes of padding
| HASH(3) computed: 0d 63 da 95 b1 05 c4 79 3c b9 c4 5a 66 61 d6 6d
| state #2: install_ipsec_sa() for outbound only
| route owner of "SiteA" unrouted: NULL; eroute owner: NULL
| could_route called for SiteA (kind=CK_PERMANENT)
| state #2: now setting up incoming SA
| sr for #2: unrouted
| route owner of "SiteA" unrouted: NULL; eroute owner: NULL
| route_and_eroute with c: SiteA (next: none) ero:null esr:{(nil)} ro:null
rosr:{(nil)} and state: 2
| eroute_connection: between 200.50.14.186<->189.184.218.234
| eroute_connection add eroute 192.168.0.0/22:0 --0-> 192.168.15.0/24:0 =>
tun.0 at 189.184.218.234 (raw_eroute)
| creating SPD to 200.50.14.186->spi=00000000 at 189.184.218.234 proto=4
| raw_eroute result=1
| command executing up-client
| executing up-client: 2>&1 PLUTO_VERB='up-client' PLUTO_VERSION='2.0'
PLUTO_CONNECTION='SiteA' PLUTO_INTERFACE='eth1'
PLUTO_NEXT_HOP='200.50.14.185' PLUTO_ME='200.50.14.186'
PLUTO_MY_ID='200.50.14.186' PLUTO_MY_CLIENT='192.168.0.0/22'
PLUTO_MY_CLIENT_NET='192.168.0.0' PLUTO_MY_CLIENT_MASK='255.255.252.0'
PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='189.184.218.234'
PLUTO_PEER_ID='189.184.218.234' PLUTO_PEER_CLIENT='192.168.15.0/24'
PLUTO_PEER_CLIENT_NET='192.168.15.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0'
PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA=''
PLUTO_STACK='netkey'
PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW+SAREFTRACK'
PLUTO_CONN_ADDRFAMILY='ipv4' PLUTO_XAUTH_USERNAME=''
PLUTO_IS_PEER_CISCO='0' PLUTO_CISCO_DNS_INFO='' PLUTO_CISCO_DOMAIN_INFO=''
PLUTO_PEER_BANNER='' PLUTO_NM_CONFIGURED='0' ipsec _updown
| popen(): cmd is 838 chars long
| cmd( 0):2>&1 PLUTO_VERB='up-client' PLUTO_VERSION='2.0'
PLUTO_CONNECTION='SiteA' PLU:
| cmd( 80):TO_INTERFACE='eth1' PLUTO_NEXT_HOP='200.50.14.185'
PLUTO_ME='200.50.14.186' PLUT:
| cmd( 160):O_MY_ID='200.50.14.186' PLUTO_MY_CLIENT='192.168.0.0/22'
PLUTO_MY_CLIENT_NET='1:
| cmd( 240):92.168.0.0' PLUTO_MY_CLIENT_MASK='255.255.252.0'
PLUTO_MY_PORT='0' PLUTO_MY_PROT:
| cmd( 320):OCOL='0' PLUTO_PEER='189.184.218.234'
PLUTO_PEER_ID='189.184.218.234' PLUTO_PEER:
| cmd( 400):_CLIENT='192.168.15.0/24' PLUTO_PEER_CLIENT_NET='192.168.15.0'
PLUTO_PEER_CLIENT:
| cmd( 480):_MASK='255.255.255.0' PLUTO_PEER_PORT='0'
PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA=:
| cmd( 560):'' PLUTO_STACK='netkey'
PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW+S:
| cmd( 640):AREFTRACK' PLUTO_CONN_ADDRFAMILY='ipv4' PLUTO_XAUTH_USERNAME=''
PLUTO_IS_PEER_C:
| cmd( 720):ISCO='0' PLUTO_CISCO_DNS_INFO='' PLUTO_CISCO_DOMAIN_INFO=''
PLUTO_PEER_BANNER='':
| cmd( 800): PLUTO_NM_CONFIGURED='0' ipsec _updown:
| route_and_eroute: firewall_notified: true
| command executing prepare-client
| executing prepare-client: 2>&1 PLUTO_VERB='prepare-client'
PLUTO_VERSION='2.0' PLUTO_CONNECTION='SiteA' PLUTO_INTERFACE='eth1'
PLUTO_NEXT_HOP='200.50.14.185' PLUTO_ME='200.50.14.186'
PLUTO_MY_ID='200.50.14.186' PLUTO_MY_CLIENT='192.168.0.0/22'
PLUTO_MY_CLIENT_NET='192.168.0.0' PLUTO_MY_CLIENT_MASK='255.255.252.0'
PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='189.184.218.234'
PLUTO_PEER_ID='189.184.218.234' PLUTO_PEER_CLIENT='192.168.15.0/24'
PLUTO_PEER_CLIENT_NET='192.168.15.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0'
PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA=''
PLUTO_STACK='netkey'
PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW+SAREFTRACK'
PLUTO_CONN_ADDRFAMILY='ipv4' PLUTO_XAUTH_USERNAME=''
PLUTO_IS_PEER_CISCO='0' PLUTO_CISCO_DNS_INFO='' PLUTO_CISCO_DOMAIN_INFO=''
PLUTO_PEER_BANNER='' PLUTO_NM_CONFIGURED='0' ipsec _updown
| popen(): cmd is 843 chars long
| cmd( 0):2>&1 PLUTO_VERB='prepare-client' PLUTO_VERSION='2.0'
PLUTO_CONNECTION='SiteA:
| cmd( 80):' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='200.50.14.185'
PLUTO_ME='200.50.14.186':
| cmd( 160): PLUTO_MY_ID='200.50.14.186' PLUTO_MY_CLIENT='192.168.0.0/22'
PLUTO_MY_CLIENT_N:
| cmd( 240):ET='192.168.0.0' PLUTO_MY_CLIENT_MASK='255.255.252.0'
PLUTO_MY_PORT='0' PLUTO_MY:
| cmd( 320):_PROTOCOL='0' PLUTO_PEER='189.184.218.234'
PLUTO_PEER_ID='189.184.218.234' PLUTO:
| cmd( 400):_PEER_CLIENT='192.168.15.0/24'
PLUTO_PEER_CLIENT_NET='192.168.15.0' PLUTO_PEER_C:
| cmd( 480):LIENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0'
PLUTO_PEER_PROTOCOL='0' PLUTO_PEE:
| cmd( 560):R_CA='' PLUTO_STACK='netkey'
PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEv2AL:
| cmd( 640):LOW+SAREFTRACK' PLUTO_CONN_ADDRFAMILY='ipv4'
PLUTO_XAUTH_USERNAME='' PLUTO_IS_P:
| cmd( 720):EER_CISCO='0' PLUTO_CISCO_DNS_INFO='' PLUTO_CISCO_DOMAIN_INFO=''
PLUTO_PEER_BANN:
| cmd( 800):ER='' PLUTO_NM_CONFIGURED='0' ipsec _updown:
| command executing route-client
| executing route-client: 2>&1 PLUTO_VERB='route-client' PLUTO_VERSION='2.0'
PLUTO_CONNECTION='SiteA' PLUTO_INTERFACE='eth1'
PLUTO_NEXT_HOP='200.50.14.185' PLUTO_ME='200.50.14.186'
PLUTO_MY_ID='200.50.14.186' PLUTO_MY_CLIENT='192.168.0.0/22'
PLUTO_MY_CLIENT_NET='192.168.0.0' PLUTO_MY_CLIENT_MASK='255.255.252.0'
PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='189.184.218.234'
PLUTO_PEER_ID='189.184.218.234' PLUTO_PEER_CLIENT='192.168.15.0/24'
PLUTO_PEER_CLIENT_NET='192.168.15.0' PLUTO_PEER_CLIENT_MASK='255.255.255.0'
PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA=''
PLUTO_STACK='netkey'
PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW+SAREFTRACK'
PLUTO_CONN_ADDRFAMILY='ipv4' PLUTO_XAUTH_USERNAME=''
PLUTO_IS_PEER_CISCO='0' PLUTO_CISCO_DNS_INFO='' PLUTO_CISCO_DOMAIN_INFO=''
PLUTO_PEER_BANNER='' PLUTO_NM_CONFIGURED='0' ipsec _updown
| popen(): cmd is 841 chars long
| cmd( 0):2>&1 PLUTO_VERB='route-client' PLUTO_VERSION='2.0'
PLUTO_CONNECTION='SiteA' :
| cmd( 80):PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='200.50.14.185'
PLUTO_ME='200.50.14.186' P:
| cmd( 160):LUTO_MY_ID='200.50.14.186' PLUTO_MY_CLIENT='192.168.0.0/22'
PLUTO_MY_CLIENT_NET:
| cmd( 240):='192.168.0.0' PLUTO_MY_CLIENT_MASK='255.255.252.0'
PLUTO_MY_PORT='0' PLUTO_MY_P:
| cmd( 320):ROTOCOL='0' PLUTO_PEER='189.184.218.234'
PLUTO_PEER_ID='189.184.218.234' PLUTO_P:
| cmd( 400):EER_CLIENT='192.168.15.0/24'
PLUTO_PEER_CLIENT_NET='192.168.15.0' PLUTO_PEER_CLI:
| cmd( 480):ENT_MASK='255.255.255.0' PLUTO_PEER_PORT='0'
PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_:
| cmd( 560):CA='' PLUTO_STACK='netkey'
PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+IKEv2ALLO:
| cmd( 640):W+SAREFTRACK' PLUTO_CONN_ADDRFAMILY='ipv4'
PLUTO_XAUTH_USERNAME='' PLUTO_IS_PEE:
| cmd( 720):R_CISCO='0' PLUTO_CISCO_DNS_INFO='' PLUTO_CISCO_DOMAIN_INFO=''
PLUTO_PEER_BANNER:
| cmd( 800):='' PLUTO_NM_CONFIGURED='0' ipsec _updown:
| route_and_eroute: instance "SiteA", setting eroute_owner
{spd=0x692970,sr=0xbf9d4714} to #2 (was #0) (newest_ipsec_sa=#0)
| inI2: instance SiteA[0], setting newest_ipsec_sa to #2 (was #0)
(spd.eroute=#0)
| complete state transition with STF_OK
"SiteA" #2: transition from state STATE_QUICK_R1 to state STATE_QUICK_R2
| deleting event for #2
| inserting event EVENT_SA_REPLACE, timeout in 28530 seconds for #2
| event added after event EVENT_REINIT_SECRET
"SiteA" #2: STATE_QUICK_R2: IPsec SA established tunnel mode
{ESP=>0xb6e9b17d <0xfa2f6ea4 xfrm=3DES_0-HMAC_MD5 NATOA=none NATD=none
DPD=none}
| modecfg pull: noquirk policy:push not-client
| phase 1 is done, looking for phase 2 to unpend
| * processed 0 messages from cryptographic helpers
| next event EVENT_NAT_T_KEEPALIVE in 20 seconds
| next event EVENT_NAT_T_KEEPALIVE in 20 seconds
Log SiteB
| processing connection SiteA
"SiteA": deleting connection
| processing connection SiteA
"SiteA" #2: deleting state (STATE_QUICK_I2)
| deleting event for #2
"SiteA" #2: deleting state #2 (STATE_QUICK_I2)
| **emit ISAKMP Message:
| initiator cookie:
| 9c 2d 85 03 88 28 00 66
| responder cookie:
| bc 3f d2 07 3d bc a4 00
| next payload type: ISAKMP_NEXT_HASH
| ISAKMP version: ISAKMP Version 1.0 (rfc2407)
| exchange type: ISAKMP_XCHG_INFO
| flags: ISAKMP_FLAG_ENCRYPTION
| message ID: 5a 24 44 e0
| ***emit ISAKMP Hash Payload:
| next payload type: ISAKMP_NEXT_D
| emitting 16 zero bytes of HASH(1) into ISAKMP Hash Payload
| emitting length of ISAKMP Hash Payload: 20
| ***emit ISAKMP Delete Payload:
| next payload type: ISAKMP_NEXT_NONE
| DOI: ISAKMP_DOI_IPSEC
| protocol ID: 3
| SPI size: 4
| number of SPIs: 1
| emitting 4 raw bytes of delete payload into ISAKMP Delete Payload
| delete payload b6 e9 b1 7d
| emitting length of ISAKMP Delete Payload: 16
| HASH(1) computed:
| bc 32 f8 77 91 10 9c 23 e7 5c b2 65 d5 01 5d 58
| last Phase 1 IV: a5 b7 3d 13 53 0c a9 65
| current Phase 1 IV: a5 b7 3d 13 53 0c a9 65
| computed Phase 2 IV:
| ed d2 23 0b 9d ec 77 f0 19 5d 75 1a 48 7c e5 b1
| encrypting:
| 0c 00 00 14 bc 32 f8 77 91 10 9c 23 e7 5c b2 65
| d5 01 5d 58 00 00 00 10 00 00 00 01 03 04 00 01
| b6 e9 b1 7d
| IV:
| ed d2 23 0b 9d ec 77 f0 19 5d 75 1a 48 7c e5 b1
| unpadded size is: 36
| emitting 4 zero bytes of encryption padding into ISAKMP Message
| encrypting 40 using OAKLEY_3DES_CBC
| next IV: 1c 55 05 58 43 43 59 28
| emitting length of ISAKMP Message: 68
| sending 68 bytes for delete notify through eth1:500 to 200.50.14.186:500
(using #1)
| 9c 2d 85 03 88 28 00 66 bc 3f d2 07 3d bc a4 00
| 08 10 05 01 5a 24 44 e0 00 00 00 44 c8 37 16 71
| 2a 5f f8 86 9b 99 f5 e7 76 ad 4b f0 94 ce f5 1f
| b7 98 47 5e fb fe 5e 30 0c 31 fa a0 1c 55 05 58
| 43 43 59 28
| deleting event for #2
| no suspended cryptographic state for 2
| ICOOKIE: 9c 2d 85 03 88 28 00 66
| RCOOKIE: bc 3f d2 07 3d bc a4 00
| state hash entry 24
| delete esp.fa2f6ea4 at 200.50.14.186
| delete inbound eroute 192.168.0.0/22:0 --0-> 192.168.15.0/24:0 =>
unk255.10000 at 189.184.218.234 (raw_eroute)
| creating SPD to 200.50.14.186->spi=00010000 at 189.184.218.234 proto=255
| raw_eroute result=1
| delete esp.b6e9b17d at 189.184.218.234
| processing connection SiteA
"SiteA" #1: deleting state (STATE_MAIN_I4)
| deleting event for #1
"SiteA" #1: deleting state #1 (STATE_MAIN_I4)
| **emit ISAKMP Message:
| initiator cookie:
| 9c 2d 85 03 88 28 00 66
| responder cookie:
| bc 3f d2 07 3d bc a4 00
| next payload type: ISAKMP_NEXT_HASH
| ISAKMP version: ISAKMP Version 1.0 (rfc2407)
| exchange type: ISAKMP_XCHG_INFO
| flags: ISAKMP_FLAG_ENCRYPTION
| message ID: 16 ca 13 6f
| ***emit ISAKMP Hash Payload:
| next payload type: ISAKMP_NEXT_D
| emitting 16 zero bytes of HASH(1) into ISAKMP Hash Payload
| emitting length of ISAKMP Hash Payload: 20
| ***emit ISAKMP Delete Payload:
| next payload type: ISAKMP_NEXT_NONE
| DOI: ISAKMP_DOI_IPSEC
| protocol ID: 1
| SPI size: 16
| number of SPIs: 1
| emitting 16 raw bytes of delete payload into ISAKMP Delete Payload
| delete payload 9c 2d 85 03 88 28 00 66 bc 3f d2 07 3d bc a4 00
| emitting length of ISAKMP Delete Payload: 28
| HASH(1) computed:
| be 02 17 f0 b0 5c d1 cb aa bb 32 cd e5 53 64 87
| last Phase 1 IV: a5 b7 3d 13 53 0c a9 65
| current Phase 1 IV: a5 b7 3d 13 53 0c a9 65
| computed Phase 2 IV:
| cf 20 07 71 56 98 9e 06 23 b9 2c 73 55 05 1d 60
| encrypting:
| 0c 00 00 14 be 02 17 f0 b0 5c d1 cb aa bb 32 cd
| e5 53 64 87 00 00 00 1c 00 00 00 01 01 10 00 01
| 9c 2d 85 03 88 28 00 66 bc 3f d2 07 3d bc a4 00
| IV:
| cf 20 07 71 56 98 9e 06 23 b9 2c 73 55 05 1d 60
| unpadded size is: 48
| encrypting 48 using OAKLEY_3DES_CBC
| next IV: e8 27 42 28 65 36 75 24
| emitting length of ISAKMP Message: 76
| sending 76 bytes for delete notify through eth1:500 to 200.50.14.186:500
(using #1)
| 9c 2d 85 03 88 28 00 66 bc 3f d2 07 3d bc a4 00
| 08 10 05 01 16 ca 13 6f 00 00 00 4c f3 20 d8 a5
| 58 66 4a 8b d1 95 3f 1a 72 43 22 3f bc aa 7c 64
| 3f a5 e9 f0 ff fd 32 10 45 59 64 f2 9b eb c2 0a
| 9a 2d 39 0f e8 27 42 28 65 36 75 24
| deleting event for #1
| no suspended cryptographic state for 1
| ICOOKIE: 9c 2d 85 03 88 28 00 66
| RCOOKIE: bc 3f d2 07 3d bc a4 00
| state hash entry 24
| request to delete a unrouted policy with netkey kernel --- experimental
| creating SPD to 189.184.218.234->spi=00000000 at 0.0.0.0 proto=61
| creating SPD to 189.184.218.234->spi=00000000 at 0.0.0.0 proto=61
| route owner of "SiteA" unrouted: NULL
| command executing unroute-client
| executing unroute-client: 2>&1 PLUTO_VERB='unroute-client'
PLUTO_VERSION='2.0' PLUTO_CONNECTION='SiteA' PLUTO_INTERFACE='eth1'
PLUTO_NEXT_HOP='189.184.218.233' PLUTO_ME='189.184.218.234'
PLUTO_MY_ID='189.184.218.234' PLUTO_MY_CLIENT='192.168.15.0/24'
PLUTO_MY_CLIENT_NET='192.168.15.0' PLUTO_MY_CLIENT_MASK='255.255.255.0'
PLUTO_MY_PORT='0' PLUTO_MY_PROTOCOL='0' PLUTO_PEER='200.50.14.186'
PLUTO_PEER_ID='200.50.14.186' PLUTO_PEER_CLIENT='192.168.0.0/22'
PLUTO_PEER_CLIENT_NET='192.168.0.0' PLUTO_PEER_CLIENT_MASK='255.255.252.0'
PLUTO_PEER_PORT='0' PLUTO_PEER_PROTOCOL='0' PLUTO_PEER_CA=''
PLUTO_STACK='netkey'
PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+IKEv2ALLOW+SAREFTRACK'
PLUTO_CONN_ADDRFAMILY='ipv4' PLUTO_IS_PEER_CISCO='0'
PLUTO_CISCO_DNS_INFO='' PLUTO_CISCO_DOMAIN_INFO='' PLUTO_PEER_BANNER=''
PLUTO_NM_CONFIGURED='0' ipsec _updown
| popen(): cmd is 826 chars long
| cmd( 0):2>&1 PLUTO_VERB='unroute-client' PLUTO_VERSION='2.0'
PLUTO_CONNECTION='SiteA:
| cmd( 80):' PLUTO_INTERFACE='eth1' PLUTO_NEXT_HOP='189.184.218.233'
PLUTO_ME='189.184.218.:
| cmd( 160):234' PLUTO_MY_ID='189.184.218.234'
PLUTO_MY_CLIENT='192.168.15.0/24' PLUTO_MY_CL:
| cmd( 240):IENT_NET='192.168.15.0' PLUTO_MY_CLIENT_MASK='255.255.255.0'
PLUTO_MY_PORT='0' P:
| cmd( 320):LUTO_MY_PROTOCOL='0' PLUTO_PEER='200.50.14.186'
PLUTO_PEER_ID='200.50.14.186' :
| cmd( 400):PLUTO_PEER_CLIENT='192.168.0.0/22'
PLUTO_PEER_CLIENT_NET='192.168.0.0' PLUTO_PEE:
| cmd( 480):R_CLIENT_MASK='255.255.252.0' PLUTO_PEER_PORT='0'
PLUTO_PEER_PROTOCOL='0' PLUTO_:
| cmd( 560):PEER_CA='' PLUTO_STACK='netkey'
PLUTO_CONN_POLICY='PSK+ENCRYPT+TUNNEL+PFS+UP+I:
| cmd( 640):KEv2ALLOW+SAREFTRACK' PLUTO_CONN_ADDRFAMILY='ipv4'
PLUTO_IS_PEER_CISCO='0' PLU:
| cmd( 720):TO_CISCO_DNS_INFO='' PLUTO_CISCO_DOMAIN_INFO=''
PLUTO_PEER_BANNER='' PLUTO_NM_CO:
| cmd( 800):NFIGURED='0' ipsec _updown:
| alg_info_delref(0x1b5ccd8) alg_info->ref_cnt=1
| alg_info_delref(0x1b5ccd8) freeing alg_info
| alg_info_delref(0x1b5c460) alg_info->ref_cnt=1
| alg_info_delref(0x1b5c460) freeing alg_info