[Swan] Error with LibreSwan to Huawei VRP Connection
Ian Barnes
ian.lidtech at gmail.com
Wed Nov 2 19:39:26 UTC 2016
Hi All,
I've got a breakdown of the configs from the remote end:
ACL name LOCALID
rule permit ip source 172.25.48.43 0 destination 10.0.64.66 0
rule permit ip source 172.25.48.36 0 destination 10.0.64.66
rule permit ip source 172.25.48.43 0 destination 10.0.64.1
rule permit ip source 172.25.48.36 0 destination 10.0.64.1
rule permit ip source 172.25.48.43 0 destination 10.0.64.10
rule permit ip source 172.25.48.36 0 destination 10.0.64.10
rule permit ip source 172.25.48.43 0 destination 10.0.64.201
rule permit ip source 172.25.48.36 0 destination 10.0.64.201
Ike Proposal 10
encryption-algorithm 3des
authentication-algorithm md5
dh-group2
sa duration 28800
ike peer LOCALID
pre-shared key "SOMEPSKHERE"
ike-proposal 10
remote-address externalIP
remote-id LOCALID
Local-id-type ip
ipsec proposal LOCALID
encapsulation-mode tunnel
esp authentication-algorithm sha1
esp encryption-algorithm 3des
ipsec policy LOCALID 1 isakmp
security acl name LOCALID
ike-peer LOCALID
proposal LOCALID
sa duration time-based 3600
interface Tunnel 0/0/41
ip address remoteIDIP 255.255.255.255
tunnel-protocol ipsec
ipsec policy LOCALID
ip route-static 10.0.64.136 255.255.255.255 Tunnel0/0/41 externalIP
ip route-static 10.0.64.1 255.255.255.255 Tunnel0/0/41 externalIP
ip route-static 10.0.64.10 255.255.255.255 Tunnel0/0/41 externalIP
ip route-static 10.0.64.201 255.255.255.255 Tunnel0/0/41 externalIP
ip route-static 10.0.64.137 255.255.255.255 Tunnel0/0/41 externalIP
ip route-static 10.0.64.66 255.255.255.255 Tunnel0/0/41 externalIP
And here are the remote Huawei logs: http://pastebin.com/G90q7Aed
Any ideas as to what could be wrong would be great - quite stuck at the
moment!
Regards
Ian
On Wed, Nov 2, 2016 at 10:32 AM Ian Barnes <ian.lidtech at gmail.com> wrote:
> Hi Nick,
>
> That was part of debugging over the last few days trying to see if it made
> any difference - but it didnt. The connection itself never gets
> established, it just sits pending phase 2 and then stops after 10 attempts.
>
> Cheers
> Ian
>
>
> On Wed, Nov 2, 2016 at 10:26 AM Nick Howitt <nick at howitts.co.uk> wrote:
>
> How long is the connection running before it times out? 1h? Is there any
> reason you've set rekey=no?
>
> Nick
>
> On 2016-11-02 07:31, Ian Barnes wrote:
> > Hi Nick,
> >
> > Great thanks for the feedback. I've removed all spaces and am seeing
> > the same result. I'm awaiting some logs from the remote which I'll
> > forward on as soon as I get it.
> >
> > Regards
> > Ian
> >
> > On Wed, Nov 2, 2016 at 9:22 AM, Nick Howitt <nick at howitts.co.uk>
> > wrote:
> >
> >> Don't have any blank lines in a conn definition.
> >>
> >> On 2 November 2016 02:54:43 GMT+00:00, Ian Barnes
> >> <ian.lidtech at gmail.com> wrote:
> >>
> >>> Hi All,
> >>>
> >>> I'm having huge issues setting up an IPSec tunnel from a Libreswan
> >>> system to Huawei VRP device and was hoping someone could assist me
> >>> in pinpointing what the error is
> >>>
> >>> Here are the logs from the connection:
> >>> http://pastebin.com/vCY5GLG0 [2]
> >>>
> >>> HERE IS MY IPSEC.CONF
> >>> #
> >>>
> >>> version 2.0 # conforms to second version of ipsec.conf
> >>> specification
> >>>
> >>> # basic configuration
> >>> config setup
> >>> nat_traversal=yes
> >>>
> >>> virtual_private=%v:10.0.0.0/16 [3]
> >>> oe=off
> >>> protostack=netkey
> >>>
> >>> interfaces=%defaultroute
> >>> klipsdebug=none
> >>> uniqueids=yes
> >>>
> >>> plutodebug="control parsing"
> >>> plutostderrlog=/var/log/ipsec.log
> >>>
> >>> #You may put your configuration (.conf) file in the
> >>> "/etc/ipsec.d/" and uncomment this.
> >>> include /etc/ipsec.d/*.conf
> >>>
> >>> HERE IS MY HOST-PRD.CONF
> >>>
> >>> conn host-prd
> >>> ##### Local
> >>> left=externalIP
> >>> leftid=@LOCALID
> >>> leftsubnet=externalIP/32
> >>> leftnexthop=%defaultroute
> >>>
> >>> ##### Remote
> >>> right=REMOTEIDIP
> >>> rightid=REMOTEIDIP
> >>> rightsubnets={172.25.48.43/32 [4] 172.25.48.36/32 [5]}
> >>> rightnexthop=%defaultroute
> >>>
> >>> ##### Auth Options
> >>> authby=secret
> >>> rekey=no
> >>> aggrmode=no
> >>> forceencaps=no
> >>>
> >>> ##### Phase 1
> >>> ike=3des-md5-modp1024
> >>> ikelifetime="28800"
> >>>
> >>> ##### Phase 2
> >>> esp=3des-md5
> >>> keylife="3600"
> >>> pfs=no
> >>>
> >>> ##### Connection Options
> >>> type=tunnel
> >>> auto=start
> >>> compress=no
> >>>
> >>> HERE IS MY IPSEC.SECRETS
> >>> @LOCALID REMOTEIDIP : PSK "SOMEPSKHERE"
> >>>
> >>> HERE IS AN IPSEC VERIFY (SIDE NOTE: I CANT FIND THE ERRORS?!)
> >>>
> >>> Verifying installed system and configuration files
> >>>
> >>> Version check and ipsec on-path [OK]
> >>> Libreswan 3.15 (netkey) on 2.6.32-504.16.2.el6.x86_64
> >>> Checking for IPsec support in kernel [OK]
> >>> NETKEY: Testing XFRM related proc values
> >>> ICMP default/send_redirects [OK]
> >>> ICMP default/accept_redirects [OK]
> >>> XFRM larval drop [OK]
> >>> Pluto ipsec.conf syntax [OK]
> >>> Hardware random device [N/A]
> >>> Two or more interfaces found, checking IP forwarding [OK]
> >>> Checking rp_filter [ENABLED]
> >>> /proc/sys/net/ipv4/conf/default/rp_filter [ENABLED]
> >>> /proc/sys/net/ipv4/conf/lo/rp_filter [ENABLED]
> >>> /proc/sys/net/ipv4/conf/eth0/rp_filter [ENABLED]
> >>> /proc/sys/net/ipv4/conf/eth1/rp_filter [ENABLED]
> >>> rp_filter is not fully aware of IPsec and should be disabled
> >>> Checking that pluto is running [OK]
> >>> Pluto listening for IKE on udp 500 [OK]
> >>> Pluto listening for IKE/NAT-T on udp 4500 [OK]
> >>> Pluto ipsec.secret syntax [OK]
> >>> Checking 'ip' command [OK]
> >>> Checking 'iptables' command [OK]
> >>> Checking 'prelink' command does not interfere with FIPSChecking
> >>> for obsolete ipsec.conf options [OK]
> >>> Opportunistic Encryption [DISABLED]
> >>>
> >>> ipsec verify: encountered 9 errors - see 'man ipsec_verify' for
> >>> help
> >>>
> >>> HERE IS AN IPSEC STATUS AFTER A FEW MINUTES
> >>>
> >>> 000 using kernel interface: netkey
> >>> 000 interface lo/lo ::1 at 500
> >>> 000 interface lo/lo 127.0.0.1 at 4500
> >>> 000 interface lo/lo 127.0.0.1 at 500
> >>> 000 interface eth0/eth0 externalIP at 4500
> >>> 000 interface eth0/eth0 externalIP at 500
> >>> 000 interface eth1/eth1 10.0.64.10 at 4500
> >>> 000 interface eth1/eth1 10.0.64.10 at 500
> >>> 000
> >>> 000
> >>> 000 fips mode=disabled;
> >>> 000 SElinux=disabled
> >>> 000
> >>> 000 config setup options:
> >>> 000
> >>> 000 configdir=/etc, configfile=/etc/ipsec.conf,
> >>> secrets=/etc/ipsec.secrets, ipsecdir=/etc/ipsec.d,
> >>> dumpdir=/var/run/pluto, statsbin=unset
> >>> 000 sbindir=/usr/sbin, libexecdir=/usr/libexec/ipsec
> >>> 000 pluto_version=3.15, pluto_vendorid=OE-Libreswan-3.15
> >>> 000 nhelpers=-1, uniqueids=yes, perpeerlog=no, shuntlifetime=900s,
> >>> xfrmlifetime=300s
> >>> 000 ddos-cookies-treshold=50000, ddos-max-halfopen=25000,
> >>> ddos-mode=auto
> >>> 000 ikeport=500, strictcrlpolicy=no, crlcheckinterval=0,
> >>> listen=<any>, nflog-all=0
> >>> 000 secctx-attr-type=32001
> >>> 000 myid = (none)
> >>> 000 debug parsing+control
> >>> 000
> >>> 000 nat-traversal=yes, keep-alive=20, nat-ikeport=4500
> >>> 000 virtual-private (%priv):
> >>> 000
> >>> 000 ESP algorithms supported:
> >>> 000
> >>> 000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8,
> >>> keysizemin=192, keysizemax=192
> >>> 000 algorithm ESP encrypt: id=6, name=ESP_CAST, ivlen=8,
> >>> keysizemin=128, keysizemax=128
> >>> 000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0,
> >>> keysizemin=0, keysizemax=0
> >>> 000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8,
> >>> keysizemin=128, keysizemax=256
> >>> 000 algorithm ESP encrypt: id=13, name=ESP_AES_CTR, ivlen=8,
> >>> keysizemin=128, keysizemax=256
> >>> 000 algorithm ESP encrypt: id=14, name=ESP_AES_CCM_A, ivlen=8,
> >>> keysizemin=128, keysizemax=256
> >>> 000 algorithm ESP encrypt: id=15, name=ESP_AES_CCM_B, ivlen=8,
> >>> keysizemin=128, keysizemax=256
> >>> 000 algorithm ESP encrypt: id=16, name=ESP_AES_CCM_C, ivlen=8,
> >>> keysizemin=128, keysizemax=256
> >>> 000 algorithm ESP encrypt: id=18, name=ESP_AES_GCM_A, ivlen=8,
> >>> keysizemin=128, keysizemax=256
> >>> 000 algorithm ESP encrypt: id=19, name=ESP_AES_GCM_B, ivlen=12,
> >>> keysizemin=128, keysizemax=256
> >>> 000 algorithm ESP encrypt: id=20, name=ESP_AES_GCM_C, ivlen=16,
> >>> keysizemin=128, keysizemax=256
> >>> 000 algorithm ESP encrypt: id=22, name=ESP_CAMELLIA, ivlen=8,
> >>> keysizemin=128, keysizemax=256
> >>> 000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8,
> >>> keysizemin=128, keysizemax=256
> >>> 000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8,
> >>> keysizemin=128, keysizemax=256
> >>> 000 algorithm AH/ESP auth: id=1, name=AUTH_ALGORITHM_HMAC_MD5,
> >>> keysizemin=128, keysizemax=128
> >>> 000 algorithm AH/ESP auth: id=2, name=AUTH_ALGORITHM_HMAC_SHA1,
> >>> keysizemin=160, keysizemax=160
> >>> 000 algorithm AH/ESP auth: id=5,
> >>> name=AUTH_ALGORITHM_HMAC_SHA2_256, keysizemin=256, keysizemax=256
> >>> 000 algorithm AH/ESP auth: id=6,
> >>> name=AUTH_ALGORITHM_HMAC_SHA2_384, keysizemin=384, keysizemax=384
> >>> 000 algorithm AH/ESP auth: id=7,
> >>> name=AUTH_ALGORITHM_HMAC_SHA2_512, keysizemin=512, keysizemax=512
> >>> 000 algorithm AH/ESP auth: id=8, name=AUTH_ALGORITHM_HMAC_RIPEMD,
> >>> keysizemin=160, keysizemax=160
> >>> 000 algorithm AH/ESP auth: id=9, name=AUTH_ALGORITHM_AES_XCBC,
> >>> keysizemin=128, keysizemax=128
> >>> 000 algorithm AH/ESP auth: id=251, name=AUTH_ALGORITHM_NULL_KAME,
> >>> keysizemin=0, keysizemax=0
> >>> 000
> >>> 000 IKE algorithms supported:
> >>> 000
> >>> 000 algorithm IKE encrypt: v1id=0, v1name=0??, v2id=16,
> >>> v2name=AES_CCM_C, blocksize=16, keydeflen=128
> >>> 000 algorithm IKE encrypt: v1id=0, v1name=0??, v2id=15,
> >>> v2name=AES_CCM_B, blocksize=16, keydeflen=128
> >>> 000 algorithm IKE encrypt: v1id=0, v1name=0??, v2id=14,
> >>> v2name=AES_CCM_A, blocksize=16, keydeflen=128
> >>> 000 algorithm IKE encrypt: v1id=5, v1name=OAKLEY_3DES_CBC, v2id=3,
> >>> v2name=3DES, blocksize=8, keydeflen=192
> >>> 000 algorithm IKE encrypt: v1id=24, v1name=OAKLEY_CAMELLIA_CTR,
> >>> v2id=24, v2name=CAMELLIA_CTR, blocksize=16, keydeflen=128
> >>> 000 algorithm IKE encrypt: v1id=8, v1name=OAKLEY_CAMELLIA_CBC,
> >>> v2id=23, v2name=CAMELLIA_CBC, blocksize=16, keydeflen=128
> >>> 000 algorithm IKE encrypt: v1id=20, v1name=OAKLEY_AES_GCM_C,
> >>> v2id=20, v2name=AES_GCM_C, blocksize=16, keydeflen=128
> >>> 000 algorithm IKE encrypt: v1id=19, v1name=OAKLEY_AES_GCM_B,
> >>> v2id=19, v2name=AES_GCM_B, blocksize=16, keydeflen=128
> >>> 000 algorithm IKE encrypt: v1id=18, v1name=OAKLEY_AES_GCM_A,
> >>> v2id=18, v2name=AES_GCM_A, blocksize=16, keydeflen=128
> >>> 000 algorithm IKE encrypt: v1id=13, v1name=OAKLEY_AES_CTR,
> >>> v2id=13, v2name=AES_CTR, blocksize=16, keydeflen=128
> >>> 000 algorithm IKE encrypt: v1id=7, v1name=OAKLEY_AES_CBC, v2id=12,
> >>> v2name=AES_CBC, blocksize=16, keydeflen=128
> >>> 000 algorithm IKE encrypt: v1id=65004, v1name=OAKLEY_SERPENT_CBC,
> >>> v2id=65004, v2name=SERPENT_CBC, blocksize=16, keydeflen=128
> >>> 000 algorithm IKE encrypt: v1id=65005, v1name=OAKLEY_TWOFISH_CBC,
> >>> v2id=65005, v2name=TWOFISH_CBC, blocksize=16, keydeflen=128
> >>> 000 algorithm IKE encrypt: v1id=65289,
> >>> v1name=OAKLEY_TWOFISH_CBC_SSH, v2id=65289, v2name=TWOFISH_CBC_SSH,
> >>> blocksize=16, keydeflen=128
> >>> 000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashlen=16
> >>> 000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashlen=20
> >>> 000 algorithm IKE hash: id=4, name=OAKLEY_SHA2_256, hashlen=32
> >>> 000 algorithm IKE hash: id=5, name=OAKLEY_SHA2_384, hashlen=48
> >>> 000 algorithm IKE hash: id=6, name=OAKLEY_SHA2_512, hashlen=64
> >>> 000 algorithm IKE hash: id=9, name=DISABLED-OAKLEY_AES_XCBC,
> >>> hashlen=16
> >>> 000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024,
> >>> bits=1024
> >>> 000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536,
> >>> bits=1536
> >>> 000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048,
> >>> bits=2048
> >>> 000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072,
> >>> bits=3072
> >>> 000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096,
> >>> bits=4096
> >>> 000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144,
> >>> bits=6144
> >>> 000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192,
> >>> bits=8192
> >>> 000 algorithm IKE dh group: id=22, name=OAKLEY_GROUP_DH22,
> >>> bits=1024
> >>> 000 algorithm IKE dh group: id=23, name=OAKLEY_GROUP_DH23,
> >>> bits=2048
> >>> 000 algorithm IKE dh group: id=24, name=OAKLEY_GROUP_DH24,
> >>> bits=2048
> >>> 000
> >>> 000 stats db_ops: {curr_cnt, total_cnt, maxsz} :context={0,2,64}
> >>> trans={0,2,6144} attrs={0,2,4096}
> >>> 000
> >>> 000 Connection list:
> >>> 000
> >>> 000 "host-prd/0x1":
> >>>
> >>
> >
> externalIP/32===externalIP<externalIP>[@LIDTECH]---defaultGW...REMOTEIDIP<REMOTEIDIP>===
> 172.25.48.43/32
> >>> [4]; prospective erouted; eroute owner: #0
> >>> 000 "host-prd/0x1": oriented; my_ip=unset; their_ip=unset
> >>> 000 "host-prd/0x1": xauth info: us:none, them:none,
> >>> my_xauthuser=[any]; their_xauthuser=[any]
> >>> 000 "host-prd/0x1": modecfg info: us:none, them:none, modecfg
> >>> policy:push, dns1:unset, dns2:unset, domain:unset, banner:unset;
> >>> 000 "host-prd/0x1": labeled_ipsec:no;
> >>> 000 "host-prd/0x1": policy_label:unset;
> >>> 000 "host-prd/0x1": ike_life: 28800s; ipsec_life: 3600s;
> >>> rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0;
> >>> 000 "host-prd/0x1": retransmit-interval: 500ms;
> >>> retransmit-timeout: 60s;
> >>> 000 "host-prd/0x1": sha2_truncbug:no; initial_contact:no;
> >>> cisco_unity:no; send_vendorid:no;
> >>> 000 "host-prd/0x1": policy:
> >>>
> >>
> >
> PSK+ENCRYPT+TUNNEL+DONT_REKEY+UP+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW;
> >>> 000 "host-prd/0x1": conn_prio: 32,32; interface: eth0; metric:
> >>> 0; mtu: unset; sa_prio:auto; nflog-group: unset;
> >>> 000 "host-prd/0x1": newest ISAKMP SA: #0; newest IPsec SA: #0;
> >>> 000 "host-prd/0x1": aliases: host-prd
> >>> 000 "host-prd/0x1": IKE algorithms wanted:
> >>> 3DES_CBC(5)_000-MD5(1)_000-MODP1024(2)
> >>> 000 "host-prd/0x1": IKE algorithms found:
> >>> 3DES_CBC(5)_192-MD5(1)_128-MODP1024(2)
> >>> 000 "host-prd/0x1": ESP algorithms wanted:
> >>> 3DES(3)_000-MD5(1)_000
> >>> 000 "host-prd/0x1": ESP algorithms loaded:
> >>> 3DES(3)_000-MD5(1)_000
> >>> 000 "host-prd/0x2":
> >>>
> >>
> >
> externalIP/32===externalIP<externalIP>[@LIDTECH]---defaultGW...REMOTEIDIP<REMOTEIDIP>===
> 172.25.48.36/32
> >>> [5]; prospective erouted; eroute owner: #0
> >>> 000 "host-prd/0x2": oriented; my_ip=unset; their_ip=unset
> >>> 000 "host-prd/0x2": xauth info: us:none, them:none,
> >>> my_xauthuser=[any]; their_xauthuser=[any]
> >>> 000 "host-prd/0x2": modecfg info: us:none, them:none, modecfg
> >>> policy:push, dns1:unset, dns2:unset, domain:unset, banner:unset;
> >>> 000 "host-prd/0x2": labeled_ipsec:no;
> >>> 000 "host-prd/0x2": policy_label:unset;
> >>> 000 "host-prd/0x2": ike_life: 28800s; ipsec_life: 3600s;
> >>> rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0;
> >>> 000 "host-prd/0x2": retransmit-interval: 500ms;
> >>> retransmit-timeout: 60s;
> >>> 000 "host-prd/0x2": sha2_truncbug:no; initial_contact:no;
> >>> cisco_unity:no; send_vendorid:no;
> >>> 000 "host-prd/0x2": policy:
> >>>
> >>
> >
> PSK+ENCRYPT+TUNNEL+DONT_REKEY+UP+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW;
> >>> 000 "host-prd/0x2": conn_prio: 32,32; interface: eth0; metric:
> >>> 0; mtu: unset; sa_prio:auto; nflog-group: unset;
> >>> 000 "host-prd/0x2": newest ISAKMP SA: #0; newest IPsec SA: #0;
> >>> 000 "host-prd/0x2": aliases: host-prd
> >>> 000 "host-prd/0x2": IKE algorithms wanted:
> >>> 3DES_CBC(5)_000-MD5(1)_000-MODP1024(2)
> >>> 000 "host-prd/0x2": IKE algorithms found:
> >>> 3DES_CBC(5)_192-MD5(1)_128-MODP1024(2)
> >>> 000 "host-prd/0x2": ESP algorithms wanted:
> >>> 3DES(3)_000-MD5(1)_000
> >>> 000 "host-prd/0x2": ESP algorithms loaded:
> >>> 3DES(3)_000-MD5(1)_000
> >>> 000
> >>> 000 Total IPsec connections: loaded 2, active 0
> >>> 000
> >>> 000 State Information: DDoS cookies not required, Accepting new
> >>> IKE connections
> >>> 000 IKE SAs: total(0), half-open(0), open(0), authenticated(0),
> >>> anonymous(0)
> >>> 000 IPsec SAs: total(0), authenticated(0), anonymous(0)
> >>> 000
> >>> 000 Bare Shunt list:
> >>> 000
> >>>
> >>> HERE IS THE LAST PART OF AN IPSEC STATUS BEFORE THE CONNECTION
> >>> "TIMES OUT":
> >>>
> >>> 000 #1: "host-prd/0x2":500 STATE_MAIN_I3 (sent MI3, expecting
> >>> MR3); EVENT_v1_RETRANSMIT in 0s; nodpd; idle; import:admin
> >>> initiate
> >>> 000 #1: pending Phase 2 for "mtn-ug-prd/0x1" replacing #0
> >>> 000 #1: pending Phase 2 for "mtn-ug-prd/0x2" replacing #0
> >>>
> >>> My suspicion is that this is a misconfiguration on their end, but
> >>> not sure what though...
> >>>
> >>> Any advice would be great - thanks in advance
> >>>
> >>> Ian
> >>>
> >>> -------------------------
> >>>
> >>> Swan mailing list
> >>> Swan at lists.libreswan.org
> >>> https://lists.libreswan.org/mailman/listinfo/swan [1]
> >>
> >> --
> >> Sent from my Android device with K-9 Mail. Please excuse my brevity.
> >
> >
> >
> > Links:
> > ------
> > [1] https://lists.libreswan.org/mailman/listinfo/swan
> > [2] http://pastebin.com/vCY5GLG0
> > [3] http://10.0.0.0/16
> > [4] http://172.25.48.43/32
> > [5] http://172.25.48.36/32
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20161102/aa66a1c4/attachment-0001.html>
More information about the Swan
mailing list