[Swan] If this can ease the work (Debian/Ubuntu packagers), an application of the sent URL

Philippe Vouters philippe.vouters at laposte.net
Sun Feb 2 15:43:54 EET 2014 

An application of the previously sent URL on Libreswan 3.7 i686 RPM on a 
Fedora 19 i686 computer.

[philippe at victor ~]$ *sudo alien -k download/libreswan-3.7-1.fc19.i686.rpm *
Warning: Skipping conversion of scripts in package libreswan: postinst 
postrm prerm
Warning: Use the --scripts parameter to include the scripts.
libreswan_3.7-1.fc19_i386.deb generated
[philippe at victor ~]$ *sudo dpkg -i libreswan_3.7-1.fc19_i386.deb*
Selecting previously unselected package libreswan.
(Reading database ... 0 files and directories currently installed.)
Unpacking libreswan (from libreswan_3.7-1.fc19_i386.deb) ...
Setting up libreswan (3.7-1.fc19) ...

Configuration file `/etc/pam.d/pluto'
  ==> File on system created by you or by a script.
  ==> File also in package provided by package maintainer.
    What would you like to do about it ?  Your options are:
     Y or I  : install the package maintainer's version
     N or O  : keep your currently-installed version
       D     : show the differences between the versions
       Z     : start a shell to examine the situation
  The default action is to keep your current version.
*** pluto (Y/I/N/O/D/Z) [default=N] ?

Configuration file `/etc/ipsec.conf'
  ==> File on system created by you or by a script.
  ==> File also in package provided by package maintainer.
    What would you like to do about it ?  Your options are:
     Y or I  : install the package maintainer's version
     N or O  : keep your currently-installed version
       D     : show the differences between the versions
       Z     : start a shell to examine the situation
  The default action is to keep your current version.
*** ipsec.conf (Y/I/N/O/D/Z) [default=N] ?
[philippe at victor ~]$ *sudo dpkg -l*
Desired=Unknown/Install/Remove/Purge/Hold
| 
Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name           Version      Architecture Description
+++-==============-============-============-=================================
ii  libreswan      3.7-1.fc19   i386         IPsec implementation with 
IKEv1 a
[philippe at victor ~]$ *sudo service ipsec start*
Redirecting to /bin/systemctl start  ipsec.service
[philippe at victor ~]$ *sudo ipsec auto status*
ipsec auto: warning: obsolete command syntax used
000 using kernel interface: netkey
000 interface lo/lo 127.0.0.1
000 interface lo/lo 127.0.0.1
000 interface enp2s0/enp2s0 192.168.1.2
000 interface enp2s0/enp2s0 192.168.1.2
000
000 fips mode=disabled;
000 SElinux=disabled
000
000 config setup options:
000
000 configdir=/etc, configfile=/etc/ipsec.conf, 
secrets=/etc/ipsec.secrets, ipsecdir=/etc/ipsec.d, 
dumpdir=/var/run/pluto, statsbin=unset
000 sbindir=/usr/sbin, libdir=/usr/libexec/ipsec, 
libexecdir=/usr/libexec/ipsec
000 pluto_version=3.7, pluto_vendorid=OE-Libreswan-3.7
000 nhelpers=-1, uniqueids=yes, retransmits=yes, force_busy=no
000 ikeport=500, strictcrlpolicy=no, crlcheckinterval=0, listen=<any>
000 secctx_attr_value=32001
000 myid = (none)
000 debug controlmore
000
000 nat_traversal=yes, keep_alive=20, nat_ikeport=4500, 
disable_port_floating=no
000 virtual_private (%priv):
000 - allowed 1 subnet: 192.168.0.0/16
000 - disallowed 1 subnet: 192.168.1.0/24
000
000 ESP algorithms supported:
000
000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8, keysizemin=64, 
keysizemax=64
000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192, 
keysizemax=192
000 algorithm ESP encrypt: id=6, name=ESP_CAST, ivlen=8, keysizemin=40, 
keysizemax=128
000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8, 
keysizemin=40, keysizemax=448
000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0, 
keysizemax=0
000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128, 
keysizemax=256
000 algorithm ESP encrypt: id=13, name=ESP_AES_CTR, ivlen=8, 
keysizemin=160, keysizemax=288
000 algorithm ESP encrypt: id=14, name=ESP_AES_CCM_A, ivlen=8, 
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=15, name=ESP_AES_CCM_B, ivlen=8, 
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=16, name=ESP_AES_CCM_C, ivlen=8, 
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=18, name=ESP_AES_GCM_A, ivlen=8, 
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=19, name=ESP_AES_GCM_B, ivlen=12, 
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=20, name=ESP_AES_GCM_C, ivlen=16, 
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=22, name=ESP_CAMELLIA, ivlen=8, 
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8, 
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8, 
keysizemin=128, keysizemax=256
000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5, 
keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, 
keysizemin=160, keysizemax=160
000 algorithm ESP auth attr: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256, 
keysizemin=256, keysizemax=256
000 algorithm ESP auth attr: id=6, name=AUTH_ALGORITHM_HMAC_SHA2_384, 
keysizemin=384, keysizemax=384
000 algorithm ESP auth attr: id=7, name=AUTH_ALGORITHM_HMAC_SHA2_512, 
keysizemin=512, keysizemax=512
000 algorithm ESP auth attr: id=8, name=AUTH_ALGORITHM_HMAC_RIPEMD, 
keysizemin=160, keysizemax=160
000 algorithm ESP auth attr: id=9, name=AUTH_ALGORITHM_AES_CBC, 
keysizemin=128, keysizemax=128
000 algorithm ESP auth attr: id=251, name=AUTH_ALGORITHM_NULL_KAME, 
keysizemin=0, keysizemax=0
000
000 IKE algorithms supported:
000
000 algorithm IKE encrypt: v1id=0, v1name=0??, v2id=20, 
v2name=AES_GCM_C, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: v1id=0, v1name=0??, v2id=19, 
v2name=AES_GCM_B, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: v1id=0, v1name=0??, v2id=18, 
v2name=AES_GCM_A, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: v1id=0, v1name=0??, v2id=16, 
v2name=AES_CCM_C, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: v1id=0, v1name=0??, v2id=15, 
v2name=AES_CCM_B, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: v1id=0, v1name=0??, v2id=14, 
v2name=AES_CCM_A, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: v1id=5, v1name=OAKLEY_3DES_CBC, v2id=3, 
v2name=3DES, blocksize=8, keydeflen=192
000 algorithm IKE encrypt: v1id=7, v1name=OAKLEY_AES_CBC, v2id=12, 
v2name=AES_CBC, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: v1id=65004, v1name=OAKLEY_SERPENT_CBC, 
v2id=65004, v2name=SERPENT_CBC, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: v1id=65005, v1name=OAKLEY_TWOFISH_CBC, 
v2id=65005, v2name=TWOFISH_CBC, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: v1id=65289, v1name=OAKLEY_TWOFISH_CBC_SSH, 
v2id=65289, v2name=TWOFISH_CBC_SSH, blocksize=16, keydeflen=128
000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16
000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20
000 algorithm IKE hash: id=4, name=OAKLEY_SHA2_256, hashsize=32
000 algorithm IKE hash: id=5, name=OAKLEY_SHA2_384, hashsize=48
000 algorithm IKE hash: id=6, name=OAKLEY_SHA2_512, hashsize=64
000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
000 algorithm IKE dh group: id=22, name=OAKLEY_GROUP_DH22, bits=1024
000 algorithm IKE dh group: id=23, name=OAKLEY_GROUP_DH23, bits=2048
000 algorithm IKE dh group: id=24, name=OAKLEY_GROUP_DH24, bits=2048
000
000 stats db_ops: {curr_cnt, total_cnt, maxsz} :context={0,0,0} 
trans={0,0,0} attrs={0,0,0}
000
000 Connection list:
000
000 "testrouterrsa": 192.168.1.2[C=SK, ST=Slovakia, L=Bratislava, 
O=COMPANY a s, OU=CISCO-GROUP, CN=Test Testing, 
E=testuser at domain.sk,+MC+XC+S=C]...62.168.78.235<62.168.78.235>[@router.domain.sk,MS+XS+S=C]===192.168.0.0/16; 
unrouted; eroute owner: #0
000 "testrouterrsa":     oriented; my_ip=unset; their_ip=unset; 
mycert=le-976f6301-afea-4b42-b7cf-09f633d7b382;
000 "testrouterrsa":   xauth info: us:client, them:server, 
my_xauthuser=testuser; their_xauthuser=[any]; ;
000 "testrouterrsa":   modecfg info: us:client, them:server, modecfg 
policy:push, dns1:unset, dns2:unset, domain:unset, banner:unset;
000 "testrouterrsa":   labeled_ipsec:no, loopback:no;
000 "testrouterrsa":    policy_label:unset;
000 "testrouterrsa":   CAs: 'DC=sk, DC=domain, CN=domain-CA'...'%any'
000 "testrouterrsa":   ike_life: 3600s; ipsec_life: 28800s; 
rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0;
000 "testrouterrsa":   sha2_truncbug:no; initial_contact:no; 
cisco_unity:no; send_vendorid:no;
000 "testrouterrsa":   policy: 
RSASIG+ENCRYPT+TUNNEL+XAUTH+IKEv2ALLOW+SAREFTRACK+IKE_FRAG;
000 "testrouterrsa":   conn_prio: 32,16; interface: enp2s0; metric: 0; 
mtu: unset; sa_prio:auto;
000 "testrouterrsa":   newest ISAKMP SA: #0; newest IPsec SA: #0;
000 "testrouterrsa":   IKE algorithms wanted: 
3DES_CBC(5)_000-SHA1(2)_000-MODP1024(2)
000 "testrouterrsa":   IKE algorithms found: 
3DES_CBC(5)_192-SHA1(2)_160-MODP1024(2)
000 "testrouterrsa":   ESP algorithms wanted: 3DES(3)_000-SHA1(2)_000
000 "testrouterrsa":   ESP algorithms loaded: 3DES(3)_192-SHA1(2)_160
000
000 Total IPsec connections: loaded 1, active 0
000
000 State list:
000
000 Shunt list:
000
[philippe at victor ~]$

-- 
Philippe Vouters (Fontainebleau/France)
URL: http://vouters.dyndns.org/
SIP: sip:Vouters at sip.linphone.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20140202/3a5b917c/attachment.html>

More information about the Swan mailing list