[Swan] cannot locate my private key for RSA Signature
klwilson227 at comcast.net
klwilson227 at comcast.net
Sat Feb 17 19:36:28 UTC 2018
I have just installed two Centos7 systems and am attempting to get libreswan
setup.
Naively used DHCP for the hosts initially. Moved to static later on not sure
if this is part of the issues I am having.
I ran the following on both machines:
Ipsec nssinit
Ipsec newhostkey
Then I configured the host-to-host.conf two endpoints with there IP and keys
that :
I configured the kernel to fix ipsec verify errors.
After a few failures, I moved to using static IP address and set the host
and domain names.
I rebooted and validated the static IPs.
I reran ipsec newhostkey and reconfigured both key endpoints hoping this
would fix my issue.
However, when running ipsec auto -up host-to-host
I get the following error:
003 "host-to-host" #4: unable to locate my private key for RSA Signature
224 "host-to-host" #4: STATE_MAIN_I2: AUTHENTICATION_FAILED to
192.168.89.6:500
After googling, Not sure where to look next.
Kevin
Iptables barf:
k1
Sat Feb 17 13:46:56 EST 2018
+ _________________________ version
+ ipsec --version
Linux Libreswan 3.20 (netkey) on 3.10.0-693.17.1.el7.x86_64
+ _________________________ /proc/version
+ cat /proc/version
Linux version 3.10.0-693.17.1.el7.x86_64 (builder at kbuilder.dev.centos.org)
(gcc version 4.8.5 20150623 (Red Hat 4.8.5-16) (GCC) ) #1 SMP Thu Jan 25
20:13:58 UTC 2018
+ _________________________ /proc/net/ipsec_eroute
+ test -r /proc/net/ipsec_eroute
+ _________________________ netstat-rn
+ netstat -nr
+ head -n 100
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt
Iface
192.168.89.0 0.0.0.0 255.255.255.0 U 0 0 0
enp0s8
+ _________________________ /proc/net/ipsec_spi
+ test -r /proc/net/ipsec_spi
+ _________________________ /proc/net/ipsec_spigrp
+ test -r /proc/net/ipsec_spigrp
+ _________________________ /proc/net/ipsec_tncfg
+ test -r /proc/net/ipsec_tncfg
+ _________________________ /proc/net/pfkey
+ test -r /proc/net/pfkey
+ cat /proc/net/pfkey
sk RefCnt Rmem Wmem User Inode
+ _________________________ ip-xfrm-state
+ ip xfrm state
+ _________________________ ip-xfrm-policy
+ ip xfrm policy
src ::/0 dst ::/0 proto ipv6-icmp type 135
dir fwd priority 1 ptype main
src ::/0 dst ::/0 proto ipv6-icmp type 135
dir in priority 1 ptype main
src ::/0 dst ::/0 proto ipv6-icmp type 136
dir out priority 1 ptype main
src ::/0 dst ::/0 proto ipv6-icmp type 136
dir fwd priority 1 ptype main
src ::/0 dst ::/0 proto ipv6-icmp type 136
dir in priority 1 ptype main
src ::/0 dst ::/0 proto ipv6-icmp type 135
dir out priority 1 ptype main
src 192.168.89.7/32 dst 192.168.89.6/32
dir out priority 2080 ptype main
tmpl src 0.0.0.0 dst 0.0.0.0
proto esp reqid 0 mode transport
src ::/0 dst ::/0
socket out priority 0 ptype main
src ::/0 dst ::/0
socket in priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket out priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket in priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket out priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket in priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket out priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket in priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket out priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket in priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket out priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket in priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket out priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket in priority 0 ptype main
+ _________________________ ip-xfrm-stats
+ cat /proc/net/xfrm_stat
XfrmInError 0
XfrmInBufferError 0
XfrmInHdrError 0
XfrmInNoStates 0
XfrmInStateProtoError 0
XfrmInStateModeError 0
XfrmInStateSeqError 0
XfrmInStateExpired 0
XfrmInStateMismatch 0
XfrmInStateInvalid 0
XfrmInTmplMismatch 0
XfrmInNoPols 0
XfrmInPolBlock 0
XfrmInPolError 0
XfrmOutError 0
XfrmOutBundleGenError 0
XfrmOutBundleCheckError 0
XfrmOutNoStates 21
XfrmOutStateProtoError 0
XfrmOutStateModeError 0
XfrmOutStateSeqError 0
XfrmOutStateExpired 0
XfrmOutPolBlock 0
XfrmOutPolDead 0
XfrmOutPolError 0
XfrmFwdHdrError 0
XfrmOutStateInvalid 0
+ _________________________ ip-l2tp-tunnel
+ test -d /sys/module/l2tp_core
+ test -d /sys/module/ip_vti
+ ip -s tunnel show
ip_vti0: ip/ip remote any local any ttl inherit nopmtudisc key 0
RX: Packets Bytes Errors CsumErrs OutOfSeq Mcasts
0 0 0 0 0 0
TX: Packets Bytes Errors DeadLoop NoRoute NoBufs
0 0 0 0 0 0
+ _________________________ ip-tunnel
+ ip -s tunnel show
ip_vti0: ip/ip remote any local any ttl inherit nopmtudisc key 0
RX: Packets Bytes Errors CsumErrs OutOfSeq Mcasts
0 0 0 0 0 0
TX: Packets Bytes Errors DeadLoop NoRoute NoBufs
0 0 0 0 0 0
+ _________________________ /proc/crypto
+ test -r /proc/crypto
+ cat /proc/crypto
name : rfc3686(ctr(aes))
driver : rfc3686(ctr-aes-aesni)
module : kernel
priority : 400
refcnt : 1
selftest : passed
type : ablkcipher
async : yes
blocksize : 1
min keysize : 20
max keysize : 36
ivsize : 8
geniv : seqiv
name : __ctr-aes-aesni
driver : cryptd(__driver-ctr-aes-aesni)
module : cryptd
priority : 50
refcnt : 1
selftest : passed
type : ablkcipher
async : yes
blocksize : 1
min keysize : 16
max keysize : 32
ivsize : 16
geniv : <default>
name : ctr(aes)
driver : ctr-aes-aesni
module : kernel
priority : 400
refcnt : 1
selftest : passed
type : givcipher
async : yes
blocksize : 1
min keysize : 16
max keysize : 32
ivsize : 16
geniv : chainiv
name : stdrng
driver : drbg_nopr_hmac_sha256
module : drbg
priority : 221
refcnt : 2
selftest : passed
type : rng
seedsize : 0
name : stdrng
driver : drbg_nopr_hmac_sha512
module : drbg
priority : 220
refcnt : 1
selftest : passed
type : rng
seedsize : 0
name : stdrng
driver : drbg_nopr_hmac_sha384
module : drbg
priority : 219
refcnt : 1
selftest : passed
type : rng
seedsize : 0
name : stdrng
driver : drbg_nopr_hmac_sha1
module : drbg
priority : 218
refcnt : 1
selftest : passed
type : rng
seedsize : 0
name : stdrng
driver : drbg_nopr_sha256
module : drbg
priority : 217
refcnt : 1
selftest : passed
type : rng
seedsize : 0
name : stdrng
driver : drbg_nopr_sha512
module : drbg
priority : 216
refcnt : 1
selftest : passed
type : rng
seedsize : 0
name : stdrng
driver : drbg_nopr_sha384
module : drbg
priority : 215
refcnt : 1
selftest : passed
type : rng
seedsize : 0
name : stdrng
driver : drbg_nopr_sha1
module : drbg
priority : 214
refcnt : 1
selftest : passed
type : rng
seedsize : 0
name : stdrng
driver : drbg_nopr_ctr_aes256
module : drbg
priority : 213
refcnt : 1
selftest : passed
type : rng
seedsize : 0
name : stdrng
driver : drbg_nopr_ctr_aes192
module : drbg
priority : 212
refcnt : 1
selftest : passed
type : rng
seedsize : 0
name : stdrng
driver : drbg_nopr_ctr_aes128
module : drbg
priority : 211
refcnt : 1
selftest : passed
type : rng
seedsize : 0
name : stdrng
driver : drbg_pr_hmac_sha256
module : drbg
priority : 210
refcnt : 1
selftest : passed
type : rng
seedsize : 0
name : stdrng
driver : drbg_pr_hmac_sha512
module : drbg
priority : 209
refcnt : 1
selftest : passed
type : rng
seedsize : 0
name : stdrng
driver : drbg_pr_hmac_sha384
module : drbg
priority : 208
refcnt : 1
selftest : passed
type : rng
seedsize : 0
name : stdrng
driver : drbg_pr_hmac_sha1
module : drbg
priority : 207
refcnt : 1
selftest : passed
type : rng
seedsize : 0
name : stdrng
driver : drbg_pr_sha256
module : drbg
priority : 206
refcnt : 1
selftest : passed
type : rng
seedsize : 0
name : stdrng
driver : drbg_pr_sha512
module : drbg
priority : 205
refcnt : 1
selftest : passed
type : rng
seedsize : 0
name : stdrng
driver : drbg_pr_sha384
module : drbg
priority : 204
refcnt : 1
selftest : passed
type : rng
seedsize : 0
name : stdrng
driver : drbg_pr_sha1
module : drbg
priority : 203
refcnt : 1
selftest : passed
type : rng
seedsize : 0
name : stdrng
driver : drbg_pr_ctr_aes256
module : drbg
priority : 202
refcnt : 1
selftest : passed
type : rng
seedsize : 0
name : stdrng
driver : drbg_pr_ctr_aes192
module : drbg
priority : 201
refcnt : 1
selftest : passed
type : rng
seedsize : 0
name : ecb(aes)
driver : ecb(aes-aesni)
module : kernel
priority : 300
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 0
geniv : <default>
name : stdrng
driver : drbg_pr_ctr_aes128
module : drbg
priority : 200
refcnt : 1
selftest : passed
type : rng
seedsize : 0
name : fips(ansi_cprng)
driver : fips_ansi_cprng
module : ansi_cprng
priority : 300
refcnt : 1
selftest : passed
type : rng
seedsize : 48
name : stdrng
driver : ansi_cprng
module : ansi_cprng
priority : 100
refcnt : 1
selftest : passed
type : rng
seedsize : 48
name : cbc(des3_ede)
driver : cbc(des3_ede-generic)
module : kernel
priority : 0
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 8
min keysize : 24
max keysize : 24
ivsize : 8
geniv : <default>
name : cbc(des)
driver : cbc(des-generic)
module : kernel
priority : 0
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 8
min keysize : 8
max keysize : 8
ivsize : 8
geniv : <default>
name : cmac(aes)
driver : cmac(aes-aesni)
module : cmac
priority : 300
refcnt : 1
selftest : passed
type : shash
blocksize : 16
digestsize : 16
name : xcbc(aes)
driver : xcbc(aes-aesni)
module : xcbc
priority : 300
refcnt : 1
selftest : passed
type : shash
blocksize : 16
digestsize : 16
name : hmac(rmd160)
driver : hmac(rmd160-generic)
module : kernel
priority : 0
refcnt : 1
selftest : passed
type : shash
blocksize : 64
digestsize : 20
name : rmd160
driver : rmd160-generic
module : rmd160
priority : 0
refcnt : 1
selftest : passed
type : shash
blocksize : 64
digestsize : 20
name : hmac(sha512)
driver : hmac(sha512-ssse3)
module : kernel
priority : 150
refcnt : 1
selftest : passed
type : shash
blocksize : 128
digestsize : 64
name : hmac(sha384)
driver : hmac(sha384-ssse3)
module : kernel
priority : 150
refcnt : 1
selftest : passed
type : shash
blocksize : 128
digestsize : 48
name : hmac(md5)
driver : hmac(md5-generic)
module : kernel
priority : 0
refcnt : 1
selftest : passed
type : shash
blocksize : 64
digestsize : 16
name : digest_null
driver : digest_null-generic
module : crypto_null
priority : 0
refcnt : 1
selftest : passed
type : shash
blocksize : 1
digestsize : 0
name : compress_null
driver : compress_null-generic
module : crypto_null
priority : 0
refcnt : 1
selftest : passed
type : compression
name : ecb(cipher_null)
driver : ecb-cipher_null
module : crypto_null
priority : 100
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 1
min keysize : 0
max keysize : 0
ivsize : 0
geniv : <default>
name : cipher_null
driver : cipher_null-generic
module : crypto_null
priority : 0
refcnt : 1
selftest : passed
type : cipher
blocksize : 1
min keysize : 0
max keysize : 0
name : camellia
driver : camellia-generic
module : camellia_generic
priority : 100
refcnt : 1
selftest : passed
type : cipher
blocksize : 16
min keysize : 16
max keysize : 32
name : xts(camellia)
driver : xts-camellia-aesni-avx2
module : camellia_aesni_avx2
priority : 500
refcnt : 1
selftest : passed
type : ablkcipher
async : yes
blocksize : 16
min keysize : 32
max keysize : 64
ivsize : 16
geniv : <default>
name : lrw(camellia)
driver : lrw-camellia-aesni-avx2
module : camellia_aesni_avx2
priority : 500
refcnt : 1
selftest : passed
type : ablkcipher
async : yes
blocksize : 16
min keysize : 32
max keysize : 48
ivsize : 16
geniv : <default>
name : ctr(camellia)
driver : ctr-camellia-aesni-avx2
module : camellia_aesni_avx2
priority : 500
refcnt : 1
selftest : passed
type : ablkcipher
async : yes
blocksize : 1
min keysize : 16
max keysize : 32
ivsize : 16
geniv : chainiv
name : cbc(camellia)
driver : cbc-camellia-aesni-avx2
module : camellia_aesni_avx2
priority : 500
refcnt : 1
selftest : passed
type : ablkcipher
async : yes
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 16
geniv : <default>
name : __ecb-camellia-aesni-avx2
driver : cryptd(__driver-ecb-camellia-aesni-avx2)
module : cryptd
priority : 50
refcnt : 1
selftest : passed
type : ablkcipher
async : yes
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 0
geniv : <default>
name : ecb(camellia)
driver : ecb-camellia-aesni-avx2
module : camellia_aesni_avx2
priority : 500
refcnt : 1
selftest : passed
type : ablkcipher
async : yes
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 0
geniv : <default>
name : __xts-camellia-aesni-avx2
driver : __driver-xts-camellia-aesni-avx2
module : camellia_aesni_avx2
priority : 0
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 16
min keysize : 32
max keysize : 64
ivsize : 16
geniv : <default>
name : __lrw-camellia-aesni-avx2
driver : __driver-lrw-camellia-aesni-avx2
module : camellia_aesni_avx2
priority : 0
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 16
min keysize : 32
max keysize : 48
ivsize : 16
geniv : <default>
name : __ctr-camellia-aesni-avx2
driver : __driver-ctr-camellia-aesni-avx2
module : camellia_aesni_avx2
priority : 0
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 1
min keysize : 16
max keysize : 32
ivsize : 16
geniv : <default>
name : __cbc-camellia-aesni-avx2
driver : __driver-cbc-camellia-aesni-avx2
module : camellia_aesni_avx2
priority : 0
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 0
geniv : <default>
name : __ecb-camellia-aesni-avx2
driver : __driver-ecb-camellia-aesni-avx2
module : camellia_aesni_avx2
priority : 0
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 0
geniv : <default>
name : xts(camellia)
driver : xts-camellia-aesni
module : camellia_aesni_avx_x86_64
priority : 400
refcnt : 1
selftest : passed
type : ablkcipher
async : yes
blocksize : 16
min keysize : 32
max keysize : 64
ivsize : 16
geniv : <default>
name : lrw(camellia)
driver : lrw-camellia-aesni
module : camellia_aesni_avx_x86_64
priority : 400
refcnt : 1
selftest : passed
type : ablkcipher
async : yes
blocksize : 16
min keysize : 32
max keysize : 48
ivsize : 16
geniv : <default>
name : ctr(camellia)
driver : ctr-camellia-aesni
module : camellia_aesni_avx_x86_64
priority : 400
refcnt : 1
selftest : passed
type : ablkcipher
async : yes
blocksize : 1
min keysize : 16
max keysize : 32
ivsize : 16
geniv : chainiv
name : cbc(camellia)
driver : cbc-camellia-aesni
module : camellia_aesni_avx_x86_64
priority : 400
refcnt : 1
selftest : passed
type : ablkcipher
async : yes
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 16
geniv : <default>
name : __ecb-camellia-aesni
driver : cryptd(__driver-ecb-camellia-aesni)
module : cryptd
priority : 50
refcnt : 1
selftest : passed
type : ablkcipher
async : yes
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 0
geniv : <default>
name : ecb(camellia)
driver : ecb-camellia-aesni
module : camellia_aesni_avx_x86_64
priority : 400
refcnt : 1
selftest : passed
type : ablkcipher
async : yes
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 0
geniv : <default>
name : __xts-camellia-aesni
driver : __driver-xts-camellia-aesni
module : camellia_aesni_avx_x86_64
priority : 0
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 16
min keysize : 32
max keysize : 64
ivsize : 16
geniv : <default>
name : __lrw-camellia-aesni
driver : __driver-lrw-camellia-aesni
module : camellia_aesni_avx_x86_64
priority : 0
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 16
min keysize : 32
max keysize : 48
ivsize : 16
geniv : <default>
name : __ctr-camellia-aesni
driver : __driver-ctr-camellia-aesni
module : camellia_aesni_avx_x86_64
priority : 0
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 1
min keysize : 16
max keysize : 32
ivsize : 16
geniv : <default>
name : __cbc-camellia-aesni
driver : __driver-cbc-camellia-aesni
module : camellia_aesni_avx_x86_64
priority : 0
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 0
geniv : <default>
name : __ecb-camellia-aesni
driver : __driver-ecb-camellia-aesni
module : camellia_aesni_avx_x86_64
priority : 0
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 0
geniv : <default>
name : xts(camellia)
driver : xts-camellia-asm
module : camellia_x86_64
priority : 300
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 16
min keysize : 32
max keysize : 64
ivsize : 16
geniv : <default>
name : lrw(camellia)
driver : lrw-camellia-asm
module : camellia_x86_64
priority : 300
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 16
min keysize : 32
max keysize : 48
ivsize : 16
geniv : <default>
name : ctr(camellia)
driver : ctr-camellia-asm
module : camellia_x86_64
priority : 300
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 1
min keysize : 16
max keysize : 32
ivsize : 16
geniv : <default>
name : cbc(camellia)
driver : cbc-camellia-asm
module : camellia_x86_64
priority : 300
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 16
geniv : <default>
name : ecb(camellia)
driver : ecb-camellia-asm
module : camellia_x86_64
priority : 300
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 0
geniv : <default>
name : camellia
driver : camellia-asm
module : camellia_x86_64
priority : 200
refcnt : 1
selftest : passed
type : cipher
blocksize : 16
min keysize : 16
max keysize : 32
name : xts(cast6)
driver : xts-cast6-avx
module : cast6_avx_x86_64
priority : 200
refcnt : 1
selftest : passed
type : ablkcipher
async : yes
blocksize : 16
min keysize : 32
max keysize : 64
ivsize : 16
geniv : <default>
name : lrw(cast6)
driver : lrw-cast6-avx
module : cast6_avx_x86_64
priority : 200
refcnt : 1
selftest : passed
type : ablkcipher
async : yes
blocksize : 16
min keysize : 32
max keysize : 48
ivsize : 16
geniv : <default>
name : ctr(cast6)
driver : ctr-cast6-avx
module : cast6_avx_x86_64
priority : 200
refcnt : 1
selftest : passed
type : ablkcipher
async : yes
blocksize : 1
min keysize : 16
max keysize : 32
ivsize : 16
geniv : chainiv
name : cbc(cast6)
driver : cbc-cast6-avx
module : cast6_avx_x86_64
priority : 200
refcnt : 1
selftest : passed
type : ablkcipher
async : yes
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 16
geniv : <default>
name : __ecb-cast6-avx
driver : cryptd(__driver-ecb-cast6-avx)
module : cryptd
priority : 50
refcnt : 1
selftest : passed
type : ablkcipher
async : yes
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 0
geniv : <default>
name : ecb(cast6)
driver : ecb-cast6-avx
module : cast6_avx_x86_64
priority : 200
refcnt : 1
selftest : passed
type : ablkcipher
async : yes
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 0
geniv : <default>
name : __xts-cast6-avx
driver : __driver-xts-cast6-avx
module : cast6_avx_x86_64
priority : 0
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 16
min keysize : 32
max keysize : 64
ivsize : 16
geniv : <default>
name : __lrw-cast6-avx
driver : __driver-lrw-cast6-avx
module : cast6_avx_x86_64
priority : 0
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 16
min keysize : 32
max keysize : 48
ivsize : 16
geniv : <default>
name : __ctr-cast6-avx
driver : __driver-ctr-cast6-avx
module : cast6_avx_x86_64
priority : 0
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 1
min keysize : 16
max keysize : 32
ivsize : 16
geniv : <default>
name : __cbc-cast6-avx
driver : __driver-cbc-cast6-avx
module : cast6_avx_x86_64
priority : 0
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 0
geniv : <default>
name : __ecb-cast6-avx
driver : __driver-ecb-cast6-avx
module : cast6_avx_x86_64
priority : 0
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 0
geniv : <default>
name : cast6
driver : cast6-generic
module : cast6_generic
priority : 100
refcnt : 1
selftest : passed
type : cipher
blocksize : 16
min keysize : 16
max keysize : 32
name : ctr(cast5)
driver : ctr-cast5-avx
module : cast5_avx_x86_64
priority : 200
refcnt : 1
selftest : passed
type : ablkcipher
async : yes
blocksize : 1
min keysize : 5
max keysize : 16
ivsize : 8
geniv : chainiv
name : cbc(cast5)
driver : cbc-cast5-avx
module : cast5_avx_x86_64
priority : 200
refcnt : 1
selftest : passed
type : ablkcipher
async : yes
blocksize : 8
min keysize : 5
max keysize : 16
ivsize : 8
geniv : <default>
name : __ecb-cast5-avx
driver : cryptd(__driver-ecb-cast5-avx)
module : cryptd
priority : 50
refcnt : 1
selftest : passed
type : ablkcipher
async : yes
blocksize : 8
min keysize : 5
max keysize : 16
ivsize : 0
geniv : <default>
name : ecb(cast5)
driver : ecb-cast5-avx
module : cast5_avx_x86_64
priority : 200
refcnt : 1
selftest : passed
type : ablkcipher
async : yes
blocksize : 8
min keysize : 5
max keysize : 16
ivsize : 0
geniv : <default>
name : __ctr-cast5-avx
driver : __driver-ctr-cast5-avx
module : cast5_avx_x86_64
priority : 0
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 1
min keysize : 5
max keysize : 16
ivsize : 8
geniv : <default>
name : __cbc-cast5-avx
driver : __driver-cbc-cast5-avx
module : cast5_avx_x86_64
priority : 0
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 8
min keysize : 5
max keysize : 16
ivsize : 0
geniv : <default>
name : __ecb-cast5-avx
driver : __driver-ecb-cast5-avx
module : cast5_avx_x86_64
priority : 0
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 8
min keysize : 5
max keysize : 16
ivsize : 0
geniv : <default>
name : cast5
driver : cast5-generic
module : cast5_generic
priority : 100
refcnt : 1
selftest : passed
type : cipher
blocksize : 8
min keysize : 5
max keysize : 16
name : deflate
driver : deflate-generic
module : deflate
priority : 0
refcnt : 1
selftest : passed
type : compression
name : xts(serpent)
driver : xts-serpent-avx2
module : serpent_avx2
priority : 600
refcnt : 1
selftest : passed
type : ablkcipher
async : yes
blocksize : 16
min keysize : 0
max keysize : 64
ivsize : 16
geniv : <default>
name : lrw(serpent)
driver : lrw-serpent-avx2
module : serpent_avx2
priority : 600
refcnt : 1
selftest : passed
type : ablkcipher
async : yes
blocksize : 16
min keysize : 16
max keysize : 48
ivsize : 16
geniv : <default>
name : ctr(serpent)
driver : ctr-serpent-avx2
module : serpent_avx2
priority : 600
refcnt : 1
selftest : passed
type : ablkcipher
async : yes
blocksize : 1
min keysize : 0
max keysize : 32
ivsize : 16
geniv : chainiv
name : cbc(serpent)
driver : cbc-serpent-avx2
module : serpent_avx2
priority : 600
refcnt : 1
selftest : passed
type : ablkcipher
async : yes
blocksize : 16
min keysize : 0
max keysize : 32
ivsize : 16
geniv : <default>
name : __ecb-serpent-avx2
driver : cryptd(__driver-ecb-serpent-avx2)
module : cryptd
priority : 50
refcnt : 1
selftest : passed
type : ablkcipher
async : yes
blocksize : 16
min keysize : 0
max keysize : 32
ivsize : 0
geniv : <default>
name : ecb(serpent)
driver : ecb-serpent-avx2
module : serpent_avx2
priority : 600
refcnt : 1
selftest : passed
type : ablkcipher
async : yes
blocksize : 16
min keysize : 0
max keysize : 32
ivsize : 0
geniv : <default>
name : __xts-serpent-avx2
driver : __driver-xts-serpent-avx2
module : serpent_avx2
priority : 0
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 16
min keysize : 0
max keysize : 64
ivsize : 16
geniv : <default>
name : __lrw-serpent-avx2
driver : __driver-lrw-serpent-avx2
module : serpent_avx2
priority : 0
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 16
min keysize : 16
max keysize : 48
ivsize : 16
geniv : <default>
name : __ctr-serpent-avx2
driver : __driver-ctr-serpent-avx2
module : serpent_avx2
priority : 0
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 1
min keysize : 0
max keysize : 32
ivsize : 16
geniv : <default>
name : __cbc-serpent-avx2
driver : __driver-cbc-serpent-avx2
module : serpent_avx2
priority : 0
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 16
min keysize : 0
max keysize : 32
ivsize : 0
geniv : <default>
name : __ecb-serpent-avx2
driver : __driver-ecb-serpent-avx2
module : serpent_avx2
priority : 0
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 16
min keysize : 0
max keysize : 32
ivsize : 0
geniv : <default>
name : xts(serpent)
driver : xts-serpent-avx
module : serpent_avx_x86_64
priority : 500
refcnt : 1
selftest : passed
type : ablkcipher
async : yes
blocksize : 16
min keysize : 0
max keysize : 64
ivsize : 16
geniv : <default>
name : lrw(serpent)
driver : lrw-serpent-avx
module : serpent_avx_x86_64
priority : 500
refcnt : 1
selftest : passed
type : ablkcipher
async : yes
blocksize : 16
min keysize : 16
max keysize : 48
ivsize : 16
geniv : <default>
name : ctr(serpent)
driver : ctr-serpent-avx
module : serpent_avx_x86_64
priority : 500
refcnt : 1
selftest : passed
type : ablkcipher
async : yes
blocksize : 1
min keysize : 0
max keysize : 32
ivsize : 16
geniv : chainiv
name : cbc(serpent)
driver : cbc-serpent-avx
module : serpent_avx_x86_64
priority : 500
refcnt : 1
selftest : passed
type : ablkcipher
async : yes
blocksize : 16
min keysize : 0
max keysize : 32
ivsize : 16
geniv : <default>
name : __ecb-serpent-avx
driver : cryptd(__driver-ecb-serpent-avx)
module : cryptd
priority : 50
refcnt : 1
selftest : passed
type : ablkcipher
async : yes
blocksize : 16
min keysize : 0
max keysize : 32
ivsize : 0
geniv : <default>
name : ecb(serpent)
driver : ecb-serpent-avx
module : serpent_avx_x86_64
priority : 500
refcnt : 1
selftest : passed
type : ablkcipher
async : yes
blocksize : 16
min keysize : 0
max keysize : 32
ivsize : 0
geniv : <default>
name : __xts-serpent-avx
driver : __driver-xts-serpent-avx
module : serpent_avx_x86_64
priority : 0
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 16
min keysize : 0
max keysize : 64
ivsize : 16
geniv : <default>
name : __lrw-serpent-avx
driver : __driver-lrw-serpent-avx
module : serpent_avx_x86_64
priority : 0
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 16
min keysize : 16
max keysize : 48
ivsize : 16
geniv : <default>
name : __ctr-serpent-avx
driver : __driver-ctr-serpent-avx
module : serpent_avx_x86_64
priority : 0
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 1
min keysize : 0
max keysize : 32
ivsize : 16
geniv : <default>
name : __cbc-serpent-avx
driver : __driver-cbc-serpent-avx
module : serpent_avx_x86_64
priority : 0
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 16
min keysize : 0
max keysize : 32
ivsize : 0
geniv : <default>
name : __ecb-serpent-avx
driver : __driver-ecb-serpent-avx
module : serpent_avx_x86_64
priority : 0
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 16
min keysize : 0
max keysize : 32
ivsize : 0
geniv : <default>
name : xts(serpent)
driver : xts-serpent-sse2
module : serpent_sse2_x86_64
priority : 400
refcnt : 1
selftest : passed
type : ablkcipher
async : yes
blocksize : 16
min keysize : 0
max keysize : 64
ivsize : 16
geniv : <default>
name : lrw(serpent)
driver : lrw-serpent-sse2
module : serpent_sse2_x86_64
priority : 400
refcnt : 1
selftest : passed
type : ablkcipher
async : yes
blocksize : 16
min keysize : 16
max keysize : 48
ivsize : 16
geniv : <default>
name : ctr(serpent)
driver : ctr-serpent-sse2
module : serpent_sse2_x86_64
priority : 400
refcnt : 1
selftest : passed
type : ablkcipher
async : yes
blocksize : 1
min keysize : 0
max keysize : 32
ivsize : 16
geniv : chainiv
name : cbc(serpent)
driver : cbc-serpent-sse2
module : serpent_sse2_x86_64
priority : 400
refcnt : 1
selftest : passed
type : ablkcipher
async : yes
blocksize : 16
min keysize : 0
max keysize : 32
ivsize : 16
geniv : <default>
name : __ecb-serpent-sse2
driver : cryptd(__driver-ecb-serpent-sse2)
module : cryptd
priority : 50
refcnt : 1
selftest : passed
type : ablkcipher
async : yes
blocksize : 16
min keysize : 0
max keysize : 32
ivsize : 0
geniv : <default>
name : ecb(serpent)
driver : ecb-serpent-sse2
module : serpent_sse2_x86_64
priority : 400
refcnt : 1
selftest : passed
type : ablkcipher
async : yes
blocksize : 16
min keysize : 0
max keysize : 32
ivsize : 0
geniv : <default>
name : __xts-serpent-sse2
driver : __driver-xts-serpent-sse2
module : serpent_sse2_x86_64
priority : 0
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 16
min keysize : 0
max keysize : 64
ivsize : 16
geniv : <default>
name : __lrw-serpent-sse2
driver : __driver-lrw-serpent-sse2
module : serpent_sse2_x86_64
priority : 0
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 16
min keysize : 16
max keysize : 48
ivsize : 16
geniv : <default>
name : __ctr-serpent-sse2
driver : __driver-ctr-serpent-sse2
module : serpent_sse2_x86_64
priority : 0
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 1
min keysize : 0
max keysize : 32
ivsize : 16
geniv : <default>
name : __cbc-serpent-sse2
driver : __driver-cbc-serpent-sse2
module : serpent_sse2_x86_64
priority : 0
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 16
min keysize : 0
max keysize : 32
ivsize : 0
geniv : <default>
name : __ecb-serpent-sse2
driver : __driver-ecb-serpent-sse2
module : serpent_sse2_x86_64
priority : 0
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 16
min keysize : 0
max keysize : 32
ivsize : 0
geniv : <default>
name : tnepres
driver : tnepres-generic
module : serpent_generic
priority : 0
refcnt : 1
selftest : passed
type : cipher
blocksize : 16
min keysize : 0
max keysize : 32
name : serpent
driver : serpent-generic
module : serpent_generic
priority : 100
refcnt : 1
selftest : passed
type : cipher
blocksize : 16
min keysize : 0
max keysize : 32
name : blowfish
driver : blowfish-generic
module : blowfish_generic
priority : 100
refcnt : 1
selftest : passed
type : cipher
blocksize : 8
min keysize : 4
max keysize : 56
name : ctr(blowfish)
driver : ctr-blowfish-asm
module : blowfish_x86_64
priority : 300
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 1
min keysize : 4
max keysize : 56
ivsize : 8
geniv : <default>
name : cbc(blowfish)
driver : cbc-blowfish-asm
module : blowfish_x86_64
priority : 300
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 8
min keysize : 4
max keysize : 56
ivsize : 8
geniv : <default>
name : ecb(blowfish)
driver : ecb-blowfish-asm
module : blowfish_x86_64
priority : 300
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 8
min keysize : 4
max keysize : 56
ivsize : 0
geniv : <default>
name : blowfish
driver : blowfish-asm
module : blowfish_x86_64
priority : 200
refcnt : 1
selftest : passed
type : cipher
blocksize : 8
min keysize : 4
max keysize : 56
name : twofish
driver : twofish-generic
module : twofish_generic
priority : 100
refcnt : 1
selftest : passed
type : cipher
blocksize : 16
min keysize : 16
max keysize : 32
name : xts(twofish)
driver : xts-twofish-avx
module : twofish_avx_x86_64
priority : 400
refcnt : 1
selftest : passed
type : ablkcipher
async : yes
blocksize : 16
min keysize : 32
max keysize : 64
ivsize : 16
geniv : <default>
name : lrw(twofish)
driver : lrw-twofish-avx
module : twofish_avx_x86_64
priority : 400
refcnt : 1
selftest : passed
type : ablkcipher
async : yes
blocksize : 16
min keysize : 32
max keysize : 48
ivsize : 16
geniv : <default>
name : ctr(twofish)
driver : ctr-twofish-avx
module : twofish_avx_x86_64
priority : 400
refcnt : 1
selftest : passed
type : ablkcipher
async : yes
blocksize : 1
min keysize : 16
max keysize : 32
ivsize : 16
geniv : chainiv
name : cbc(twofish)
driver : cbc-twofish-avx
module : twofish_avx_x86_64
priority : 400
refcnt : 1
selftest : passed
type : ablkcipher
async : yes
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 16
geniv : <default>
name : __ecb-twofish-avx
driver : cryptd(__driver-ecb-twofish-avx)
module : cryptd
priority : 50
refcnt : 1
selftest : passed
type : ablkcipher
async : yes
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 0
geniv : <default>
name : ecb(twofish)
driver : ecb-twofish-avx
module : twofish_avx_x86_64
priority : 400
refcnt : 1
selftest : passed
type : ablkcipher
async : yes
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 0
geniv : <default>
name : __xts-twofish-avx
driver : __driver-xts-twofish-avx
module : twofish_avx_x86_64
priority : 0
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 16
min keysize : 32
max keysize : 64
ivsize : 16
geniv : <default>
name : __lrw-twofish-avx
driver : __driver-lrw-twofish-avx
module : twofish_avx_x86_64
priority : 0
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 16
min keysize : 32
max keysize : 48
ivsize : 16
geniv : <default>
name : __ctr-twofish-avx
driver : __driver-ctr-twofish-avx
module : twofish_avx_x86_64
priority : 0
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 1
min keysize : 16
max keysize : 32
ivsize : 16
geniv : <default>
name : __cbc-twofish-avx
driver : __driver-cbc-twofish-avx
module : twofish_avx_x86_64
priority : 0
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 0
geniv : <default>
name : __ecb-twofish-avx
driver : __driver-ecb-twofish-avx
module : twofish_avx_x86_64
priority : 0
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 0
geniv : <default>
name : xts(twofish)
driver : xts-twofish-3way
module : twofish_x86_64_3way
priority : 300
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 16
min keysize : 32
max keysize : 64
ivsize : 16
geniv : <default>
name : lrw(twofish)
driver : lrw-twofish-3way
module : twofish_x86_64_3way
priority : 300
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 16
min keysize : 32
max keysize : 48
ivsize : 16
geniv : <default>
name : ctr(twofish)
driver : ctr-twofish-3way
module : twofish_x86_64_3way
priority : 300
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 1
min keysize : 16
max keysize : 32
ivsize : 16
geniv : <default>
name : cbc(twofish)
driver : cbc-twofish-3way
module : twofish_x86_64_3way
priority : 300
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 16
geniv : <default>
name : ecb(twofish)
driver : ecb-twofish-3way
module : twofish_x86_64_3way
priority : 300
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 0
geniv : <default>
name : twofish
driver : twofish-asm
module : twofish_x86_64
priority : 200
refcnt : 1
selftest : passed
type : cipher
blocksize : 16
min keysize : 16
max keysize : 32
name : sha384
driver : sha384-ssse3
module : sha512_ssse3
priority : 150
refcnt : 1
selftest : passed
type : shash
blocksize : 128
digestsize : 48
name : sha512
driver : sha512-ssse3
module : sha512_ssse3
priority : 150
refcnt : 1
selftest : passed
type : shash
blocksize : 128
digestsize : 64
name : sha384
driver : sha384-generic
module : sha512_generic
priority : 0
refcnt : 1
selftest : passed
type : shash
blocksize : 128
digestsize : 48
name : sha512
driver : sha512-generic
module : sha512_generic
priority : 0
refcnt : 1
selftest : passed
type : shash
blocksize : 128
digestsize : 64
name : des3_ede
driver : des3_ede-generic
module : des_generic
priority : 0
refcnt : 1
selftest : passed
type : cipher
blocksize : 8
min keysize : 24
max keysize : 24
name : des
driver : des-generic
module : des_generic
priority : 0
refcnt : 1
selftest : passed
type : cipher
blocksize : 8
min keysize : 8
max keysize : 8
name : crc32
driver : crc32-pclmul
module : crc32_pclmul
priority : 200
refcnt : 1
selftest : passed
type : shash
blocksize : 1
digestsize : 4
name : __ghash
driver : cryptd(__ghash-pclmulqdqni)
module : cryptd
priority : 50
refcnt : 1
selftest : passed
type : ahash
async : yes
blocksize : 16
digestsize : 16
name : ghash
driver : ghash-clmulni
module : ghash_clmulni_intel
priority : 400
refcnt : 1
selftest : passed
type : ahash
async : yes
blocksize : 16
digestsize : 16
name : __ghash
driver : __ghash-pclmulqdqni
module : ghash_clmulni_intel
priority : 0
refcnt : 1
selftest : passed
type : shash
blocksize : 16
digestsize : 16
name : xts(aes)
driver : xts-aes-aesni
module : aesni_intel
priority : 400
refcnt : 1
selftest : passed
type : ablkcipher
async : yes
blocksize : 16
min keysize : 32
max keysize : 64
ivsize : 16
geniv : <default>
name : lrw(aes)
driver : lrw-aes-aesni
module : aesni_intel
priority : 400
refcnt : 1
selftest : passed
type : ablkcipher
async : yes
blocksize : 16
min keysize : 32
max keysize : 48
ivsize : 16
geniv : <default>
name : __xts-aes-aesni
driver : __driver-xts-aes-aesni
module : aesni_intel
priority : 0
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 16
min keysize : 32
max keysize : 64
ivsize : 16
geniv : <default>
name : __lrw-aes-aesni
driver : __driver-lrw-aes-aesni
module : aesni_intel
priority : 0
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 16
min keysize : 32
max keysize : 48
ivsize : 16
geniv : <default>
name : pcbc(aes)
driver : pcbc-aes-aesni
module : aesni_intel
priority : 400
refcnt : 1
selftest : passed
type : ablkcipher
async : yes
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 16
geniv : <default>
name : rfc4106(gcm(aes))
driver : rfc4106-gcm-aesni
module : aesni_intel
priority : 400
refcnt : 1
selftest : passed
type : nivaead
async : yes
blocksize : 1
ivsize : 8
maxauthsize : 16
geniv : seqiv
name : __gcm-aes-aesni
driver : __driver-gcm-aes-aesni
module : aesni_intel
priority : 0
refcnt : 1
selftest : passed
type : aead
async : no
blocksize : 1
ivsize : 0
maxauthsize : 0
geniv : <built-in>
name : ctr(aes)
driver : ctr-aes-aesni
module : aesni_intel
priority : 400
refcnt : 1
selftest : passed
type : ablkcipher
async : yes
blocksize : 1
min keysize : 16
max keysize : 32
ivsize : 16
geniv : chainiv
name : __ctr-aes-aesni
driver : __driver-ctr-aes-aesni
module : aesni_intel
priority : 0
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 1
min keysize : 16
max keysize : 32
ivsize : 16
geniv : <default>
name : cbc(aes)
driver : cbc-aes-aesni
module : aesni_intel
priority : 400
refcnt : 1
selftest : passed
type : ablkcipher
async : yes
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 16
geniv : <default>
name : __ecb-aes-aesni
driver : cryptd(__driver-ecb-aes-aesni)
module : cryptd
priority : 50
refcnt : 1
selftest : passed
type : ablkcipher
async : yes
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 0
geniv : <default>
name : ecb(aes)
driver : ecb-aes-aesni
module : aesni_intel
priority : 400
refcnt : 1
selftest : passed
type : ablkcipher
async : yes
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 0
geniv : <default>
name : __cbc-aes-aesni
driver : __driver-cbc-aes-aesni
module : aesni_intel
priority : 0
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 0
geniv : <default>
name : __ecb-aes-aesni
driver : __driver-ecb-aes-aesni
module : aesni_intel
priority : 0
refcnt : 1
selftest : passed
type : blkcipher
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 0
geniv : <default>
name : __aes-aesni
driver : __driver-aes-aesni
module : aesni_intel
priority : 0
refcnt : 1
selftest : passed
type : cipher
blocksize : 16
min keysize : 16
max keysize : 32
name : aes
driver : aes-aesni
module : aesni_intel
priority : 300
refcnt : 1
selftest : passed
type : cipher
blocksize : 16
min keysize : 16
max keysize : 32
name : crct10dif
driver : crct10dif-generic
module : crct10dif_generic
priority : 100
refcnt : 1
selftest : passed
type : shash
blocksize : 1
digestsize : 2
name : crct10dif
driver : crct10dif-pclmul
module : crct10dif_pclmul
priority : 200
refcnt : 2
selftest : passed
type : shash
blocksize : 1
digestsize : 2
name : crc32c
driver : crc32c-intel
module : crc32c_intel
priority : 200
refcnt : 2
selftest : passed
type : shash
blocksize : 1
digestsize : 4
name : hmac(sha256)
driver : hmac(sha256-ssse3)
module : kernel
priority : 150
refcnt : 2
selftest : passed
type : shash
blocksize : 64
digestsize : 32
name : hmac(sha1)
driver : hmac(sha1-ssse3)
module : kernel
priority : 150
refcnt : 2
selftest : passed
type : shash
blocksize : 64
digestsize : 20
name : lzo
driver : lzo-generic
module : kernel
priority : 0
refcnt : 1
selftest : passed
type : compression
name : crc32c
driver : crc32c-generic
module : kernel
priority : 100
refcnt : 1
selftest : passed
type : shash
blocksize : 1
digestsize : 4
name : aes
driver : aes-generic
module : kernel
priority : 100
refcnt : 1
selftest : passed
type : cipher
blocksize : 16
min keysize : 16
max keysize : 32
name : sha224
driver : sha224-generic
module : kernel
priority : 0
refcnt : 1
selftest : passed
type : shash
blocksize : 64
digestsize : 28
name : sha256
driver : sha256-generic
module : kernel
priority : 0
refcnt : 1
selftest : passed
type : shash
blocksize : 64
digestsize : 32
name : sha1
driver : sha1-generic
module : kernel
priority : 0
refcnt : 1
selftest : passed
type : shash
blocksize : 64
digestsize : 20
name : md5
driver : md5-generic
module : kernel
priority : 0
refcnt : 1
selftest : passed
type : shash
blocksize : 64
digestsize : 16
name : sha224
driver : sha224-ssse3
module : kernel
priority : 150
refcnt : 1
selftest : passed
type : shash
blocksize : 64
digestsize : 28
name : sha256
driver : sha256-ssse3
module : kernel
priority : 150
refcnt : 3
selftest : passed
type : shash
blocksize : 64
digestsize : 32
name : sha1
driver : sha1-ssse3
module : kernel
priority : 150
refcnt : 5
selftest : passed
type : shash
blocksize : 64
digestsize : 20
name : aes
driver : aes-asm
module : kernel
priority : 200
refcnt : 1
selftest : passed
type : cipher
blocksize : 16
min keysize : 16
max keysize : 32
+ __________________________/proc/sys/net/core/xfrm-star
/usr/libexec/ipsec/barf: line 206:
__________________________/proc/sys/net/core/xfrm-star: No such file or
directory
+ for i in '/proc/sys/net/core/xfrm_*'
+ echo -n '/proc/sys/net/core/xfrm_acq_expires: '
/proc/sys/net/core/xfrm_acq_expires: + cat
/proc/sys/net/core/xfrm_acq_expires
300
+ for i in '/proc/sys/net/core/xfrm_*'
+ echo -n '/proc/sys/net/core/xfrm_aevent_etime: '
/proc/sys/net/core/xfrm_aevent_etime: + cat
/proc/sys/net/core/xfrm_aevent_etime
10
+ for i in '/proc/sys/net/core/xfrm_*'
+ echo -n '/proc/sys/net/core/xfrm_aevent_rseqth: '
/proc/sys/net/core/xfrm_aevent_rseqth: + cat
/proc/sys/net/core/xfrm_aevent_rseqth
2
+ for i in '/proc/sys/net/core/xfrm_*'
+ echo -n '/proc/sys/net/core/xfrm_larval_drop: '
/proc/sys/net/core/xfrm_larval_drop: + cat
/proc/sys/net/core/xfrm_larval_drop
1
+ _________________________ /proc/sys/net/ipsec-star
+ test -d /proc/sys/net/ipsec
+ _________________________ ipsec/status
+ ipsec whack --status
000 using kernel interface: netkey
000 interface lo/lo ::1 at 500
000 interface lo/lo 127.0.0.1 at 4500
000 interface lo/lo 127.0.0.1 at 500
000 interface enp0s3/enp0s3 10.0.2.15 at 4500
000 interface enp0s3/enp0s3 10.0.2.15 at 500
000 interface enp0s8/enp0s8 192.168.89.7 at 4500
000 interface enp0s8/enp0s8 192.168.89.7 at 500
000
000
000 fips mode=disabled;
000 SElinux=enabled
000 seccomp=unsupported
000
000 config setup options:
000
000 configdir=/etc, configfile=/etc/ipsec.conf, secrets=/etc/ipsec.secrets,
ipsecdir=/etc/ipsec.d, nssdir=/etc/ipsec.d, dumpdir=/var/run/pluto/,
statsbin=unset
000 sbindir=/usr/sbin, libexecdir=/usr/libexec/ipsec
000 pluto_version=3.20, pluto_vendorid=OE-Libreswan-3.20
000 nhelpers=-1, uniqueids=yes, perpeerlog=no, shuntlifetime=900s,
xfrmlifetime=300s
000 ddos-cookies-threshold=50000, ddos-max-halfopen=25000, ddos-mode=auto
000 ikeport=500, strictcrlpolicy=no, crlcheckinterval=0, listen=<any>,
nflog-all=0
000 ocsp-enable=no, ocsp-strict=no, ocsp-timeout=2, ocsp-uri=<unset>
000 ocsp-trust-name=<unset>
000 ocsp-cache-size=1000, ocsp-cache-min-age=3600, ocsp-cache-max-age=86400,
ocsp-method=get
000 secctx-attr-type=32001
000 myid = (none)
000 debug none
000
000 nat-traversal=yes, keep-alive=20, nat-ikeport=4500
000 virtual-private (%priv):
000 - allowed subnets: 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12,
25.0.0.0/8, 100.64.0.0/10, fd00::/8, fe80::/10
000
000 ESP algorithms supported:
000
000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192,
keysizemax=192
000 algorithm ESP encrypt: id=6, name=ESP_CAST, ivlen=8, keysizemin=128,
keysizemax=128
000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0,
keysizemax=0
000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128,
keysizemax=256
000 algorithm ESP encrypt: id=13, name=ESP_AES_CTR, ivlen=8, keysizemin=128,
keysizemax=256
000 algorithm ESP encrypt: id=14, name=ESP_AES_CCM_A, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=15, name=ESP_AES_CCM_B, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=16, name=ESP_AES_CCM_C, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=18, name=ESP_AES_GCM_A, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=19, name=ESP_AES_GCM_B, ivlen=12,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=20, name=ESP_AES_GCM_C, ivlen=16,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=22, name=ESP_CAMELLIA, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8,
keysizemin=128, keysizemax=256
000 algorithm AH/ESP auth: id=1, name=AUTH_ALGORITHM_HMAC_MD5,
keysizemin=128, keysizemax=128
000 algorithm AH/ESP auth: id=2, name=AUTH_ALGORITHM_HMAC_SHA1,
keysizemin=160, keysizemax=160
000 algorithm AH/ESP auth: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256,
keysizemin=256, keysizemax=256
000 algorithm AH/ESP auth: id=6, name=AUTH_ALGORITHM_HMAC_SHA2_384,
keysizemin=384, keysizemax=384
000 algorithm AH/ESP auth: id=7, name=AUTH_ALGORITHM_HMAC_SHA2_512,
keysizemin=512, keysizemax=512
000 algorithm AH/ESP auth: id=8, name=AUTH_ALGORITHM_HMAC_RIPEMD,
keysizemin=160, keysizemax=160
000 algorithm AH/ESP auth: id=9, name=AUTH_ALGORITHM_AES_XCBC,
keysizemin=128, keysizemax=128
000 algorithm AH/ESP auth: id=250, name=AUTH_ALGORITHM_AES_CMAC_96,
keysizemin=128, keysizemax=128
000 algorithm AH/ESP auth: id=251, name=AUTH_ALGORITHM_NULL_KAME,
keysizemin=0, keysizemax=0
000
000 IKE algorithms supported:
000
000 algorithm IKE encrypt: v1id=5, v1name=OAKLEY_3DES_CBC, v2id=3,
v2name=3DES, blocksize=8, keydeflen=192
000 algorithm IKE encrypt: v1id=8, v1name=OAKLEY_CAMELLIA_CBC, v2id=23,
v2name=CAMELLIA_CBC, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: v1id=20, v1name=OAKLEY_AES_GCM_C, v2id=20,
v2name=AES_GCM_C, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: v1id=19, v1name=OAKLEY_AES_GCM_B, v2id=19,
v2name=AES_GCM_B, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: v1id=18, v1name=OAKLEY_AES_GCM_A, v2id=18,
v2name=AES_GCM_A, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: v1id=13, v1name=OAKLEY_AES_CTR, v2id=13,
v2name=AES_CTR, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: v1id=7, v1name=OAKLEY_AES_CBC, v2id=12,
v2name=AES_CBC, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: v1id=65004, v1name=OAKLEY_SERPENT_CBC,
v2id=65004, v2name=SERPENT_CBC, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: v1id=65005, v1name=OAKLEY_TWOFISH_CBC,
v2id=65005, v2name=TWOFISH_CBC, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: v1id=65289, v1name=OAKLEY_TWOFISH_CBC_SSH,
v2id=65289, v2name=TWOFISH_CBC_SSH, blocksize=16, keydeflen=128
000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashlen=16
000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashlen=20
000 algorithm IKE hash: id=4, name=OAKLEY_SHA2_256, hashlen=32
000 algorithm IKE hash: id=5, name=OAKLEY_SHA2_384, hashlen=48
000 algorithm IKE hash: id=6, name=OAKLEY_SHA2_512, hashlen=64
000 algorithm IKE DH Key Exchange: name=MODP1024, bits=1024
000 algorithm IKE DH Key Exchange: name=MODP1536, bits=1536
000 algorithm IKE DH Key Exchange: name=MODP2048, bits=2048
000 algorithm IKE DH Key Exchange: name=MODP3072, bits=3072
000 algorithm IKE DH Key Exchange: name=MODP4096, bits=4096
000 algorithm IKE DH Key Exchange: name=MODP6144, bits=6144
000 algorithm IKE DH Key Exchange: name=MODP8192, bits=8192
000 algorithm IKE DH Key Exchange: name=DH19, bits=512
000 algorithm IKE DH Key Exchange: name=DH20, bits=768
000 algorithm IKE DH Key Exchange: name=DH21, bits=1056
000 algorithm IKE DH Key Exchange: name=DH22, bits=1024
000 algorithm IKE DH Key Exchange: name=DH23, bits=2048
000 algorithm IKE DH Key Exchange: name=DH24, bits=2048
000
000 stats db_ops: {curr_cnt, total_cnt, maxsz} :context={0,0,0}
trans={0,0,0} attrs={0,0,0}
000
000 Connection list:
000
000 "host-to-host":
192.168.89.7/32===192.168.89.7<192.168.89.7>[@k1]...192.168.89.6<192.168.89.
6>[@k2]===192.168.89.6/32; erouted HOLD; eroute owner: #0
000 "host-to-host": oriented; my_ip=unset; their_ip=unset
000 "host-to-host": xauth us:none, xauth them:none, my_username=[any];
their_username=[any]
000 "host-to-host": our auth:rsasig, their auth:rsasig
000 "host-to-host": modecfg info: us:none, them:none, modecfg policy:push,
dns1:unset, dns2:unset, domain:unset, banner:unset, cat:unset;
000 "host-to-host": labeled_ipsec:no;
000 "host-to-host": policy_label:unset;
000 "host-to-host": ike_life: 3600s; ipsec_life: 28800s; replay_window:
32; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0;
000 "host-to-host": retransmit-interval: 500ms; retransmit-timeout: 60s;
000 "host-to-host": sha2-truncbug:no; initial-contact:no; cisco-unity:no;
fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no;
000 "host-to-host": policy:
RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_AL
LOW+ESN_NO;
000 "host-to-host": conn_prio: 32,32; interface: enp0s8; metric: 0; mtu:
unset; sa_prio:auto; sa_tfc:none;
000 "host-to-host": nflog-group: unset; mark: unset; vti-iface:unset;
vti-routing:no; vti-shared:no;
000 "host-to-host": dpd: action:restart; delay:5; timeout:30; nat-t:
encaps:auto; nat_keepalive:yes; ikev1_natt:both
000 "host-to-host": newest ISAKMP SA: #0; newest IPsec SA: #0;
000 "v6neighbor-hole-in": ::/0===::1<::1>:58/34560...%any:58/34816===::/0;
prospective erouted; eroute owner: #0
000 "v6neighbor-hole-in": oriented; my_ip=unset; their_ip=unset
000 "v6neighbor-hole-in": xauth us:none, xauth them:none,
my_username=[any]; their_username=[any]
000 "v6neighbor-hole-in": our auth:unset, their auth:unset
000 "v6neighbor-hole-in": modecfg info: us:none, them:none, modecfg
policy:push, dns1:unset, dns2:unset, domain:unset, banner:unset, cat:unset;
000 "v6neighbor-hole-in": labeled_ipsec:no;
000 "v6neighbor-hole-in": policy_label:unset;
000 "v6neighbor-hole-in": ike_life: 0s; ipsec_life: 0s; replay_window: 0;
rekey_margin: 0s; rekey_fuzz: 0%; keyingtries: 0;
000 "v6neighbor-hole-in": retransmit-interval: 0ms; retransmit-timeout:
0s;
000 "v6neighbor-hole-in": sha2-truncbug:no; initial-contact:no;
cisco-unity:no; fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no;
000 "v6neighbor-hole-in": policy:
PFS+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO+PASS+NEVER_NEG
OTIATE;
000 "v6neighbor-hole-in": conn_prio: 0,0; interface: lo; metric: 0; mtu:
unset; sa_prio:1; sa_tfc:none;
000 "v6neighbor-hole-in": nflog-group: unset; mark: unset;
vti-iface:unset; vti-routing:no; vti-shared:no;
000 "v6neighbor-hole-in": newest ISAKMP SA: #0; newest IPsec SA: #0;
000 "v6neighbor-hole-out": ::/0===::1<::1>:58/34816...%any:58/34560===::/0;
prospective erouted; eroute owner: #0
000 "v6neighbor-hole-out": oriented; my_ip=unset; their_ip=unset
000 "v6neighbor-hole-out": xauth us:none, xauth them:none,
my_username=[any]; their_username=[any]
000 "v6neighbor-hole-out": our auth:unset, their auth:unset
000 "v6neighbor-hole-out": modecfg info: us:none, them:none, modecfg
policy:push, dns1:unset, dns2:unset, domain:unset, banner:unset, cat:unset;
000 "v6neighbor-hole-out": labeled_ipsec:no;
000 "v6neighbor-hole-out": policy_label:unset;
000 "v6neighbor-hole-out": ike_life: 0s; ipsec_life: 0s; replay_window: 0;
rekey_margin: 0s; rekey_fuzz: 0%; keyingtries: 0;
000 "v6neighbor-hole-out": retransmit-interval: 0ms; retransmit-timeout:
0s;
000 "v6neighbor-hole-out": sha2-truncbug:no; initial-contact:no;
cisco-unity:no; fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no;
000 "v6neighbor-hole-out": policy:
PFS+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO+PASS+NEVER_NEG
OTIATE;
000 "v6neighbor-hole-out": conn_prio: 0,0; interface: lo; metric: 0; mtu:
unset; sa_prio:1; sa_tfc:none;
000 "v6neighbor-hole-out": nflog-group: unset; mark: unset;
vti-iface:unset; vti-routing:no; vti-shared:no;
000 "v6neighbor-hole-out": newest ISAKMP SA: #0; newest IPsec SA: #0;
000
000 Total IPsec connections: loaded 3, active 0
000
000 State Information: DDoS cookies not required, Accepting new IKE
connections
000 IKE SAs: total(0), half-open(0), open(0), authenticated(0), anonymous(0)
000 IPsec SAs: total(0), authenticated(0), anonymous(0)
000
000 Bare Shunt list:
000
+ _________________________ ifconfig-a
+ ifconfig -a
enp0s3: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
ether 08:00:27:38:73:c0 txqueuelen 1000 (Ethernet)
RX packets 383 bytes 33368 (32.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 398 bytes 33722 (32.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
enp0s8: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.89.7 netmask 255.255.255.0 broadcast 192.168.89.255
inet6 fe80::3cde:79d1:e916:b159 prefixlen 64 scopeid 0x20<link>
ether 08:00:27:56:a0:05 txqueuelen 1000 (Ethernet)
RX packets 829 bytes 122460 (119.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 256 bytes 63139 (61.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
ip_vti0: flags=128<NOARP> mtu 1480
tunnel txqueuelen 1 (IPIP Tunnel)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 256 bytes 20736 (20.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 256 bytes 20736 (20.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
+ _________________________ ip-addr-list
+ ip addr list
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s3: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast
state DOWN qlen 1000
link/ether 08:00:27:38:73:c0 brd ff:ff:ff:ff:ff:ff
3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
UP qlen 1000
link/ether 08:00:27:56:a0:05 brd ff:ff:ff:ff:ff:ff
inet 192.168.89.7/24 brd 192.168.89.255 scope global enp0s8
valid_lft forever preferred_lft forever
inet6 fe80::3cde:79d1:e916:b159/64 scope link
valid_lft forever preferred_lft forever
4: ip_vti0 at NONE: <NOARP> mtu 1480 qdisc noop state DOWN qlen 1
link/ipip 0.0.0.0 brd 0.0.0.0
+ _________________________ ip-route-list
+ ip route list
192.168.89.0/24 dev enp0s8 proto kernel scope link src 192.168.89.7 metric
100
+ _________________________ ip-rule-list
+ ip rule list
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
+ _________________________ ipsec_verify
+ ipsec verify --nocolour
Verifying installed system and configuration files
Version check and ipsec on-path [OK]
Libreswan 3.20 (netkey) on 3.10.0-693.17.1.el7.x86_64
Checking for IPsec support in kernel [OK]
NETKEY: Testing XFRM related proc values
ICMP default/send_redirects [OK]
ICMP default/accept_redirects [OK]
XFRM larval drop [OK]
Pluto ipsec.conf syntax [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking rp_filter [OK]
Checking that pluto is running [OK]
Pluto listening for IKE on udp 500 [OK]
Pluto listening for IKE/NAT-T on udp 4500 [OK]
Pluto ipsec.secret syntax [OK]
Checking 'ip' command [OK]
Checking 'iptables' command [OK]
Checking 'prelink' command does not interfere with FIPS [OK]
Checking for obsolete ipsec.conf options [OK]
+ _________________________ mii-tool
+ '[' -x /sbin/mii-tool ']'
+ /sbin/mii-tool -v
No interface specified
usage: /sbin/mii-tool [-VvRrwl] [-A media,... | -F media] [-p addr]
<interface ...>
-V, --version display version information
-v, --verbose more verbose output
-R, --reset reset MII to poweron state
-r, --restart restart autonegotiation
-w, --watch monitor for link status changes
-l, --log with -w, write events to syslog
-A, --advertise=media,... advertise only specified media
-F, --force=media force specified media technology
-p, --phy=addr set PHY (MII address) to report
media: 1000baseTx-HD, 1000baseTx-FD,
100baseT4, 100baseTx-FD, 100baseTx-HD,
10baseT-FD, 10baseT-HD,
(to advertise both HD and FD) 1000baseTx, 100baseTx, 10baseT
+ _________________________ ipsec/directory
+ ipsec --directory
/usr/libexec/ipsec
+ _________________________ hostname/fqdn
+ hostname --fqdn
k1.home
+ _________________________ hostname/ipaddress
+ hostname --ip-address
127.0.0.1
+ _________________________ uptime
+ uptime
13:46:56 up 2:37, 1 user, load average: 0.00, 0.01, 0.05
+ _________________________ ps
+ ps alxwf
+ egrep -i 'ppid|pluto|ipsec|klips'
F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME COMMAND
4 0 3002 1040 20 0 113136 1552 do_wai S+ tty1 0:00 \_
/bin/sh /usr/libexec/ipsec/barf
1 0 3053 3002 20 0 113136 240 - R+ tty1 0:00
\_ /bin/sh /usr/libexec/ipsec/barf
4 0 2866 1 20 0 204920 8228 ep_pol Ssl ? 0:00
/usr/libexec/ipsec/pluto --leak-detective --config /etc/ipsec.conf --nofork
+ _________________________ ipsec/conf
+ ipsec _keycensor
+ ipsec readwriteconf --config /etc/ipsec.conf
#conn host-to-host loaded
#conn v6neighbor-hole-in loaded
#conn v6neighbor-hole-out loaded
config setup
dumpdir=/var/run/pluto/
virtual-private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0
.0.0/8,%v4:100.64.0.0/10,%v6:fd00::/8,%v6:fe80::/10
protostack=netkey
# begin conn host-to-host
conn host-to-host
left=192.168.89.7
leftid="@k1"
leftrsasigkey=[keyid AwEAAexla]
left=192.168.89.7
right=192.168.89.6
rightid="@k2"
rightrsasigkey=[keyid AwEAAejt9]
right=192.168.89.6
auto=start
dpddelay=5
dpdtimeout=30
dpdaction=restart
auto=start
type=tunnel
compress=no
pfs=yes
ikepad=yes
authby=never
phase2=esp
ikev2=permit
esn=no
# end conn host-to-host
# begin conn v6neighbor-hole-in
conn v6neighbor-hole-in
left=::1
leftsubnet=::/0
leftprotoport=58/34560
left=::1
right=::
rightsubnet=::/0
rightprotoport=58/34816
right=::0
auto=ondemand
connaddrfamily=ipv6
type=pass
authby=never
priority=1
auto=ondemand
type=passthrough
# end conn v6neighbor-hole-in
# begin conn v6neighbor-hole-out
conn v6neighbor-hole-out
left=::1
leftsubnet=::/0
leftprotoport=58/34816
left=::1
right=::
rightsubnet=::/0
rightprotoport=58/34560
right=::0
auto=ondemand
connaddrfamily=ipv6
type=pass
authby=never
priority=1
auto=ondemand
type=passthrough
# end conn v6neighbor-hole-out
# end of config
+ _________________________ ipsec/secrets
+ cat /etc/ipsec.secrets
+ ipsec _secretcensor
include /etc/ipsec.d/*.secrets
+ _________________________ ipsec/listall
+ ipsec whack --listall
000
000 List of RSA Public Keys:
000
000 Feb 17 12:21:16 2018, 3488 RSA Key AwEAAejt9 (no private key), until ---
-- --:--:-- ---- ok (expires never)
000 ID_FQDN '@k2'
000 Feb 17 12:21:16 2018, 3120 RSA Key AwEAAexla (no private key), until ---
-- --:--:-- ---- ok (expires never)
000 ID_FQDN '@k1'
000
000 List of Pre-shared secrets (from /etc/ipsec.secrets)
000
000
000 List of X.509 End Certificates:
000
000 List of X.509 CA Certificates:
000
000 List of CRLs:
+ _________________________ nss/contents
+ certutil -L -d sql:/etc/ipsec.d
Certificate Nickname Trust
Attributes
SSL,S/MIME,JAR/XPI
+ _________________________ nss/crls
+ crlutil -L -d sql:/etc/ipsec.d
CRL names CRL Type
+ '[' /etc/ipsec.d/policies ']'
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/block
+ base=block
+ _________________________ ipsec/policies/block
+ cat /etc/ipsec.d/policies/block
# This file defines the set of CIDRs (network/mask-length) to which
# communication should never be allowed. One IPv4 or IPv6 CIDR per line.
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/clear
+ base=clear
+ _________________________ ipsec/policies/clear
+ cat /etc/ipsec.d/policies/clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be in the clear. One IPv4 or IPv6 CIDR per
line.
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/clear-or-private
+ base=clear-or-private
+ _________________________ ipsec/policies/clear-or-private
+ cat /etc/ipsec.d/policies/clear-or-private
# This file defines the set of CIDRs (network/mask-length) to which
# we will communicate in the clear, or, if the other side initiates IPSEC,
# using encryption. This behaviour is also called "Opportunistic
Responder".
# One IPv4 or IPv6 CIDR per line.
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/private
+ base=private
+ _________________________ ipsec/policies/private
+ cat /etc/ipsec.d/policies/private
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be private (i.e. encrypted). One IPv4
# or IPv6 CIDR per line.
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/private-or-clear
+ base=private-or-clear
+ _________________________ ipsec/policies/private-or-clear
+ cat /etc/ipsec.d/policies/private-or-clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should be private, if possible, but in the clear otherwise.
# One IPv4 or IPv6 CIDR per line.
#
# If the target has a TXT (later IPSECKEY) record that specifies
# authentication material, we will require private (i.e. encrypted)
# communications. If no such record is found, communications will be
# in the clear.
#
# 0.0.0.0/0
+ _________________________ ipsec/ls-execdir
+ ls -l /usr/libexec/ipsec
total 4256
-rwxr-xr-x. 1 root root 200376 Nov 30 15:29 _import_crl
-rwxr-xr-x. 1 root root 1410 Nov 30 15:28 _keycensor
-rwxr-xr-x. 1 root root 3053 Nov 30 15:28 _plutorun
-rwxr-xr-x. 1 root root 1904 Nov 30 15:28 _secretcensor
-rwxr-xr-x. 1 root root 14167 Nov 30 15:28 _stackmanager
-rwxr-xr-x. 1 root root 4330 Nov 30 15:28 _updown
-rwxr-xr-x. 1 root root 18644 Nov 30 15:28 _updown.klips
-rwxr-xr-x. 1 root root 20969 Nov 30 15:28 _updown.netkey
-rwxr-xr-x. 1 root root 237048 Nov 30 15:29 addconn
-rwxr-xr-x. 1 root root 4885 Nov 30 15:28 auto
-rwxr-xr-x. 1 root root 12108 Nov 30 15:28 barf
-rwxr-xr-x. 1 root root 1182552 Nov 30 15:29 cavp
-rwxr-xr-x. 1 root root 91648 Nov 30 15:29 eroute
-rwxr-xr-x. 1 root root 71272 Nov 30 15:29 klipsdebug
-rwxr-xr-x. 1 root root 2990 Nov 30 15:28 look
-rwxr-xr-x. 1 root root 3106 Nov 30 15:28 newhostkey
-rwxr-xr-x. 1 root root 66432 Nov 30 15:29 pf_key
-rwxr-xr-x. 1 root root 1247664 Nov 30 15:29 pluto
-rwxr-xr-x. 1 root root 216184 Nov 30 15:29 readwriteconf
-rwxr-xr-x. 1 root root 205240 Nov 30 15:29 rsasigkey
-rwxr-xr-x. 1 root root 6307 Nov 30 15:28 setup
-rwxr-xr-x. 1 root root 205536 Nov 30 15:29 showhostkey
-rwxr-xr-x. 1 root root 187776 Nov 30 15:29 spi
-rwxr-xr-x. 1 root root 83408 Nov 30 15:29 spigrp
-rwxr-xr-x. 1 root root 133272 Nov 30 15:29 tncfg
-rwxr-xr-x. 1 root root 12344 Nov 30 15:28 verify
-rwxr-xr-x. 1 root root 69472 Nov 30 15:29 whack
+ _________________________ /proc/net/dev
+ cat /proc/net/dev
Inter-| Receive | Transmit
face |bytes packets errs drop fifo frame compressed multicast|bytes
packets errs drop fifo colls carrier compressed
enp0s3: 33368 383 0 0 0 0 0 0 33722
398 0 0 0 0 0 0
enp0s8: 122736 832 0 0 0 0 0 0 63139
256 0 0 0 0 0 0
lo: 20736 256 0 0 0 0 0 0 20736
256 0 0 0 0 0 0
ip_vti0: 0 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0
+ _________________________ /proc/net/route
+ cat /proc/net/route
Iface Destination Gateway Flags RefCnt Use Metric
Mask MTU Window IRTT
enp0s8 0059A8C0 00000000 0001 0 0 100
00FFFFFF 0 0 0
+ _________________________ /proc/sys/net/ipv4/ip_no_pmtu_disc
+ cat /proc/sys/net/ipv4/ip_no_pmtu_disc
0
+ _________________________ /proc/sys/net/ipv4/ip_forward
+ cat /proc/sys/net/ipv4/ip_forward
1
+ _________________________ /proc/sys/net/ipv4/tcp_ecn
+ cat /proc/sys/net/ipv4/tcp_ecn
2
+ _________________________ /proc/sys/net/ipv4/conf/star-rp_filter
+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/rp_filter default/rp_filter enp0s3/rp_filter
enp0s8/rp_filter ip_vti0/rp_filter lo/rp_filter
all/rp_filter:0
default/rp_filter:0
enp0s3/rp_filter:0
enp0s8/rp_filter:0
ip_vti0/rp_filter:0
lo/rp_filter:0
+ _________________________ /proc/sys/net/ipv4/conf/star-star-redirects
+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/accept_redirects all/secure_redirects all/send_redirects
default/accept_redirects default/secure_redirects default/send_redirects
enp0s3/accept_redirects enp0s3/secure_redirects enp0s3/send_redirects
enp0s8/accept_redirects enp0s8/secure_redirects enp0s8/send_redirects
ip_vti0/accept_redirects ip_vti0/secure_redirects ip_vti0/send_redirects
lo/accept_redirects lo/secure_redirects lo/send_redirects
all/accept_redirects:0
all/secure_redirects:1
all/send_redirects:0
default/accept_redirects:0
default/secure_redirects:1
default/send_redirects:0
enp0s3/accept_redirects:0
enp0s3/secure_redirects:1
enp0s3/send_redirects:0
enp0s8/accept_redirects:0
enp0s8/secure_redirects:1
enp0s8/send_redirects:0
ip_vti0/accept_redirects:0
ip_vti0/secure_redirects:1
ip_vti0/send_redirects:0
lo/accept_redirects:1
lo/secure_redirects:1
lo/send_redirects:1
+ _________________________ /proc/sys/net/ipv4/tcp_window_scaling
+ cat /proc/sys/net/ipv4/tcp_window_scaling
1
+ _________________________ /proc/sys/net/ipv4/tcp_adv_win_scale
+ cat /proc/sys/net/ipv4/tcp_adv_win_scale
1
+ _________________________ uname-a
+ uname -a
Linux k1 3.10.0-693.17.1.el7.x86_64 #1 SMP Thu Jan 25 20:13:58 UTC 2018
x86_64 x86_64 x86_64 GNU/Linux
+ _________________________ config-built-with
+ test -r /proc/config_built_with
+ _________________________ distro-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release
/etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/redhat-release
+ cat /etc/redhat-release
CentOS Linux release 7.4.1708 (Core)
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release
/etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/debian-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release
/etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/SuSE-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release
/etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/mandrake-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release
/etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/mandriva-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release
/etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/gentoo-release
+ _________________________ /proc/net/ipsec_version
+ test -r /proc/net/ipsec_version
+ test -r /proc/net/pfkey
++ uname -r
+ echo 'NETKEY (3.10.0-693.17.1.el7.x86_64) support detected '
NETKEY (3.10.0-693.17.1.el7.x86_64) support detected
+ _________________________ iptables
+ test -e /proc/net/ip_tables_names
+ test -r /sbin/iptables-save -o -r /usr/sbin/iptables-save
+ iptables-save --modprobe=/dev/null
# Generated by iptables-save v1.4.21 on Sat Feb 17 13:46:56 2018
*nat
:PREROUTING ACCEPT [217:17092]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT_direct - [0:0]
:POSTROUTING_ZONES - [0:0]
:POSTROUTING_ZONES_SOURCE - [0:0]
:POSTROUTING_direct - [0:0]
:POST_public - [0:0]
:POST_public_allow - [0:0]
:POST_public_deny - [0:0]
:POST_public_log - [0:0]
:PREROUTING_ZONES - [0:0]
:PREROUTING_ZONES_SOURCE - [0:0]
:PREROUTING_direct - [0:0]
:PRE_public - [0:0]
:PRE_public_allow - [0:0]
:PRE_public_deny - [0:0]
:PRE_public_log - [0:0]
-A PREROUTING -j PREROUTING_direct
-A PREROUTING -j PREROUTING_ZONES_SOURCE
-A PREROUTING -j PREROUTING_ZONES
-A OUTPUT -j OUTPUT_direct
-A POSTROUTING -j POSTROUTING_direct
-A POSTROUTING -j POSTROUTING_ZONES_SOURCE
-A POSTROUTING -j POSTROUTING_ZONES
-A POSTROUTING_ZONES -o enp0s8 -g POST_public
-A POSTROUTING_ZONES -g POST_public
-A POST_public -j POST_public_log
-A POST_public -j POST_public_deny
-A POST_public -j POST_public_allow
-A PREROUTING_ZONES -i enp0s8 -g PRE_public
-A PREROUTING_ZONES -g PRE_public
-A PRE_public -j PRE_public_log
-A PRE_public -j PRE_public_deny
-A PRE_public -j PRE_public_allow
COMMIT
# Completed on Sat Feb 17 13:46:56 2018
# Generated by iptables-save v1.4.21 on Sat Feb 17 13:46:56 2018
*mangle
:PREROUTING ACCEPT [217:17092]
:INPUT ACCEPT [217:17092]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:FORWARD_direct - [0:0]
:INPUT_direct - [0:0]
:OUTPUT_direct - [0:0]
:POSTROUTING_direct - [0:0]
:PREROUTING_ZONES - [0:0]
:PREROUTING_ZONES_SOURCE - [0:0]
:PREROUTING_direct - [0:0]
:PRE_public - [0:0]
:PRE_public_allow - [0:0]
:PRE_public_deny - [0:0]
:PRE_public_log - [0:0]
-A PREROUTING -j PREROUTING_direct
-A PREROUTING -j PREROUTING_ZONES_SOURCE
-A PREROUTING -j PREROUTING_ZONES
-A INPUT -j INPUT_direct
-A FORWARD -j FORWARD_direct
-A OUTPUT -j OUTPUT_direct
-A POSTROUTING -j POSTROUTING_direct
-A PREROUTING_ZONES -i enp0s8 -g PRE_public
-A PREROUTING_ZONES -g PRE_public
-A PRE_public -j PRE_public_log
-A PRE_public -j PRE_public_deny
-A PRE_public -j PRE_public_allow
COMMIT
# Completed on Sat Feb 17 13:46:56 2018
# Generated by iptables-save v1.4.21 on Sat Feb 17 13:46:56 2018
*security
:INPUT ACCEPT [631:75215]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [687:93359]
:FORWARD_direct - [0:0]
:INPUT_direct - [0:0]
:OUTPUT_direct - [0:0]
-A INPUT -j INPUT_direct
-A FORWARD -j FORWARD_direct
-A OUTPUT -j OUTPUT_direct
COMMIT
# Completed on Sat Feb 17 13:46:56 2018
# Generated by iptables-save v1.4.21 on Sat Feb 17 13:46:56 2018
*raw
:PREROUTING ACCEPT [217:17092]
:OUTPUT ACCEPT [0:0]
:OUTPUT_direct - [0:0]
:PREROUTING_ZONES - [0:0]
:PREROUTING_ZONES_SOURCE - [0:0]
:PREROUTING_direct - [0:0]
:PRE_public - [0:0]
:PRE_public_allow - [0:0]
:PRE_public_deny - [0:0]
:PRE_public_log - [0:0]
-A PREROUTING -j PREROUTING_direct
-A PREROUTING -j PREROUTING_ZONES_SOURCE
-A PREROUTING -j PREROUTING_ZONES
-A OUTPUT -j OUTPUT_direct
-A PREROUTING_ZONES -i enp0s8 -g PRE_public
-A PREROUTING_ZONES -g PRE_public
-A PRE_public -j PRE_public_log
-A PRE_public -j PRE_public_deny
-A PRE_public -j PRE_public_allow
COMMIT
# Completed on Sat Feb 17 13:46:56 2018
# Generated by iptables-save v1.4.21 on Sat Feb 17 13:46:56 2018
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:FORWARD_IN_ZONES - [0:0]
:FORWARD_IN_ZONES_SOURCE - [0:0]
:FORWARD_OUT_ZONES - [0:0]
:FORWARD_OUT_ZONES_SOURCE - [0:0]
:FORWARD_direct - [0:0]
:FWDI_public - [0:0]
:FWDI_public_allow - [0:0]
:FWDI_public_deny - [0:0]
:FWDI_public_log - [0:0]
:FWDO_public - [0:0]
:FWDO_public_allow - [0:0]
:FWDO_public_deny - [0:0]
:FWDO_public_log - [0:0]
:INPUT_ZONES - [0:0]
:INPUT_ZONES_SOURCE - [0:0]
:INPUT_direct - [0:0]
:IN_public - [0:0]
:IN_public_allow - [0:0]
:IN_public_deny - [0:0]
:IN_public_log - [0:0]
:OUTPUT_direct - [0:0]
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -j INPUT_direct
-A INPUT -j INPUT_ZONES_SOURCE
-A INPUT -j INPUT_ZONES
-A INPUT -m conntrack --ctstate INVALID -j DROP
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i lo -j ACCEPT
-A FORWARD -j FORWARD_direct
-A FORWARD -j FORWARD_IN_ZONES_SOURCE
-A FORWARD -j FORWARD_IN_ZONES
-A FORWARD -j FORWARD_OUT_ZONES_SOURCE
-A FORWARD -j FORWARD_OUT_ZONES
-A FORWARD -m conntrack --ctstate INVALID -j DROP
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
-A OUTPUT -j OUTPUT_direct
-A FORWARD_IN_ZONES -i enp0s8 -g FWDI_public
-A FORWARD_IN_ZONES -g FWDI_public
-A FORWARD_OUT_ZONES -o enp0s8 -g FWDO_public
-A FORWARD_OUT_ZONES -g FWDO_public
-A FWDI_public -j FWDI_public_log
-A FWDI_public -j FWDI_public_deny
-A FWDI_public -j FWDI_public_allow
-A FWDI_public -p icmp -j ACCEPT
-A FWDO_public -j FWDO_public_log
-A FWDO_public -j FWDO_public_deny
-A FWDO_public -j FWDO_public_allow
-A INPUT_ZONES -i enp0s8 -g IN_public
-A INPUT_ZONES -g IN_public
-A IN_public -j IN_public_log
-A IN_public -j IN_public_deny
-A IN_public -j IN_public_allow
-A IN_public -p icmp -j ACCEPT
-A IN_public_allow -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j
ACCEPT
COMMIT
# Completed on Sat Feb 17 13:46:56 2018
+ _________________________ ip6tables
+ test -e ip6_tables_names
+ _________________________ /proc/modules
+ test -f /proc/modules
+ cat /proc/modules
udp_diag 12801 0 - Live 0xffffffffc05f3000
inet_diag 18949 1 udp_diag, Live 0xffffffffc05e9000
drbg 30186 1 - Live 0xffffffffc05e0000
ansi_cprng 12989 0 - Live 0xffffffffc05db000
rmd160 16744 0 - Live 0xffffffffc05d5000
crypto_null 12840 0 - Live 0xffffffffc05d0000
ip_vti 13496 0 - Live 0xffffffffc05c3000
ip_tunnel 25163 1 ip_vti, Live 0xffffffffc05c8000
af_key 40225 0 - Live 0xffffffffc05b8000
ah6 17218 0 - Live 0xffffffffc05b2000
ah4 17247 0 - Live 0xffffffffc05ac000
esp6 17252 0 - Live 0xffffffffc05a6000
esp4 17247 0 - Live 0xffffffffc05a0000
xfrm4_mode_beet 12691 0 - Live 0xffffffffc059b000
xfrm4_tunnel 12857 0 - Live 0xffffffffc0596000
tunnel4 13252 1 xfrm4_tunnel, Live 0xffffffffc0591000
xfrm4_mode_tunnel 13227 0 - Live 0xffffffffc058c000
xfrm4_mode_transport 12631 0 - Live 0xffffffffc0587000
xfrm6_mode_transport 12631 0 - Live 0xffffffffc0582000
xfrm6_mode_ro 12564 0 - Live 0xffffffffc057d000
xfrm6_mode_beet 12658 0 - Live 0xffffffffc0578000
xfrm6_mode_tunnel 13227 0 - Live 0xffffffffc0573000
ipcomp 12700 0 - Live 0xffffffffc056e000
ipcomp6 12701 0 - Live 0xffffffffc0569000
xfrm6_tunnel 13661 1 ipcomp6, Live 0xffffffffc0564000
tunnel6 13254 1 xfrm6_tunnel, Live 0xffffffffc055f000
xfrm_ipcomp 13413 2 ipcomp,ipcomp6, Live 0xffffffffc055a000
cmac 12788 0 - Live 0xffffffffc0555000
camellia_generic 29348 0 - Live 0xffffffffc054c000
camellia_aesni_avx2 26188 0 - Live 0xffffffffc0540000
camellia_aesni_avx_x86_64 27590 1 camellia_aesni_avx2, Live
0xffffffffc0534000
camellia_x86_64 52986 2 camellia_aesni_avx2,camellia_aesni_avx_x86_64, Live
0xffffffffc0522000
cast6_avx_x86_64 66979 0 - Live 0xffffffffc0510000
cast6_generic 21523 1 cast6_avx_x86_64, Live 0xffffffffc0509000
cast5_avx_x86_64 49872 0 - Live 0xffffffffc04fb000
cast5_generic 21429 1 cast5_avx_x86_64, Live 0xffffffffc04f4000
cast_common 12983 4
cast6_avx_x86_64,cast6_generic,cast5_avx_x86_64,cast5_generic, Live
0xffffffffc04ef000
deflate 12617 0 - Live 0xffffffffc04ea000
cts 12925 0 - Live 0xffffffffc04e5000
gcm 23457 0 - Live 0xffffffffc04da000
ccm 17773 0 - Live 0xffffffffc04d4000
serpent_avx2 46292 0 - Live 0xffffffffc04c7000
serpent_avx_x86_64 48578 1 serpent_avx2, Live 0xffffffffc04b6000
serpent_sse2_x86_64 50408 0 - Live 0xffffffffc04a8000
serpent_generic 29823 3 serpent_avx2,serpent_avx_x86_64,serpent_sse2_x86_64,
Live 0xffffffffc049f000
blowfish_generic 12530 0 - Live 0xffffffffc049a000
blowfish_x86_64 21966 0 - Live 0xffffffffc0493000
blowfish_common 16739 2 blowfish_generic,blowfish_x86_64, Live
0xffffffffc048d000
twofish_generic 16635 0 - Live 0xffffffffc0487000
twofish_avx_x86_64 51795 0 - Live 0xffffffffc0475000
twofish_x86_64_3way 27146 1 twofish_avx_x86_64, Live 0xffffffffc0469000
xts 12914 3 camellia_x86_64,serpent_sse2_x86_64,twofish_x86_64_3way, Live
0xffffffffc0464000
twofish_x86_64 12907 2 twofish_avx_x86_64,twofish_x86_64_3way, Live
0xffffffffc045f000
twofish_common 21113 4
twofish_generic,twofish_avx_x86_64,twofish_x86_64_3way,twofish_x86_64, Live
0xffffffffc0451000
xcbc 12815 0 - Live 0xffffffffc045a000
sha512_ssse3 42080 0 - Live 0xffffffffc043f000
sha512_generic 13131 1 sha512_ssse3, Live 0xffffffffc044c000
mcryptd 15269 0 - Live 0xffffffffc0433000
des_generic 21379 0 - Live 0xffffffffc0438000
ip6t_rpfilter 12595 1 - Live 0xffffffffc042e000
ipt_REJECT 12541 2 - Live 0xffffffffc0429000
nf_reject_ipv4 13373 1 ipt_REJECT, Live 0xffffffffc0424000
ip6t_REJECT 12625 2 - Live 0xffffffffc041f000
nf_reject_ipv6 13717 1 ip6t_REJECT, Live 0xffffffffc041a000
xt_conntrack 12760 11 - Live 0xffffffffc040b000
ip_set 36439 0 - Live 0xffffffffc0410000
nfnetlink 14696 1 ip_set, Live 0xffffffffc0400000
ebtable_nat 12807 1 - Live 0xffffffffc03fb000
ebtable_broute 12731 1 - Live 0xffffffffc0406000
bridge 136173 1 ebtable_broute, Live 0xffffffffc03d8000
stp 12976 1 bridge, Live 0xffffffffc03d3000
llc 14552 2 bridge,stp, Live 0xffffffffc03ca000
ip6table_nat 12864 1 - Live 0xffffffffc03c5000
nf_conntrack_ipv6 18935 7 - Live 0xffffffffc03bf000
nf_defrag_ipv6 35104 1 nf_conntrack_ipv6, Live 0xffffffffc03b1000
nf_nat_ipv6 14131 1 ip6table_nat, Live 0xffffffffc03a8000
ip6table_mangle 12700 1 - Live 0xffffffffc03a3000
ip6table_security 12710 1 - Live 0xffffffffc039e000
ip6table_raw 12683 1 - Live 0xffffffffc0399000
iptable_nat 12875 1 - Live 0xffffffffc0394000
nf_conntrack_ipv4 15053 6 - Live 0xffffffffc038f000
nf_defrag_ipv4 12729 1 nf_conntrack_ipv4, Live 0xffffffffc0381000
nf_nat_ipv4 14115 1 iptable_nat, Live 0xffffffffc0378000
nf_nat 26787 2 nf_nat_ipv6,nf_nat_ipv4, Live 0xffffffffc0387000
nf_conntrack 133387 6
xt_conntrack,nf_conntrack_ipv6,nf_nat_ipv6,nf_conntrack_ipv4,nf_nat_ipv4,nf_
nat, Live 0xffffffffc0356000
iptable_mangle 12695 1 - Live 0xffffffffc0351000
iptable_security 12705 1 - Live 0xffffffffc034c000
iptable_raw 12678 1 - Live 0xffffffffc0347000
ebtable_filter 12827 1 - Live 0xffffffffc032f000
ebtables 35009 3 ebtable_nat,ebtable_broute,ebtable_filter, Live
0xffffffffc033d000
ip6table_filter 12815 1 - Live 0xffffffffc02bf000
ip6_tables 26864 5
ip6table_nat,ip6table_mangle,ip6table_security,ip6table_raw,ip6table_filter,
Live 0xffffffffc02b3000
iptable_filter 12810 1 - Live 0xffffffffc012d000
intel_powerclamp 14419 0 - Live 0xffffffffc0338000
iosf_mbi 13523 0 - Live 0xffffffffc032a000
crc32_pclmul 13113 0 - Live 0xffffffffc0325000
ghash_clmulni_intel 13259 0 - Live 0xffffffffc02a9000
aesni_intel 69884 0 - Live 0xffffffffc0312000
lrw 13286 10
camellia_aesni_avx2,camellia_aesni_avx_x86_64,camellia_x86_64,cast6_avx_x86_
64,serpent_avx2,serpent_avx_x86_64,serpent_sse2_x86_64,twofish_avx_x86_64,tw
ofish_x86_64_3way,aesni_intel, Live 0xffffffffc030d000
gf128mul 14951 2 xts,lrw, Live 0xffffffffc0308000
glue_helper 13990 10
camellia_aesni_avx2,camellia_aesni_avx_x86_64,camellia_x86_64,cast6_avx_x86_
64,serpent_avx2,serpent_avx_x86_64,serpent_sse2_x86_64,twofish_avx_x86_64,tw
ofish_x86_64_3way,aesni_intel, Live 0xffffffffc024f000
ablk_helper 13597 9
camellia_aesni_avx2,camellia_aesni_avx_x86_64,cast6_avx_x86_64,cast5_avx_x86
_64,serpent_avx2,serpent_avx_x86_64,serpent_sse2_x86_64,twofish_avx_x86_64,a
esni_intel, Live 0xffffffffc02ae000
cryptd 20359 3 ghash_clmulni_intel,aesni_intel,ablk_helper, Live
0xffffffffc0302000
ppdev 17671 0 - Live 0xffffffffc02fc000
pcspkr 12718 0 - Live 0xffffffffc024a000
snd_intel8x0 38225 0 - Live 0xffffffffc02f1000
snd_ac97_codec 130556 1 snd_intel8x0, Live 0xffffffffc02d0000
ac97_bus 12730 1 snd_ac97_codec, Live 0xffffffffc027f000
sg 40721 0 - Live 0xffffffffc02c5000
snd_seq 62699 0 - Live 0xffffffffc0298000
snd_seq_device 14356 1 snd_seq, Live 0xffffffffc014b000
video 24520 0 - Live 0xffffffffc0278000
parport_pc 28165 0 - Live 0xffffffffc0290000
parport 42299 2 ppdev,parport_pc, Live 0xffffffffc0284000
snd_pcm 106416 2 snd_intel8x0,snd_ac97_codec, Live 0xffffffffc025d000
snd_timer 29810 2 snd_seq,snd_pcm, Live 0xffffffffc0254000
snd 83383 6
snd_intel8x0,snd_ac97_codec,snd_seq,snd_seq_device,snd_pcm,snd_timer, Live
0xffffffffc0135000
soundcore 15047 1 snd, Live 0xffffffffc008b000
i2c_piix4 22390 0 - Live 0xffffffffc0092000
i2c_core 40756 1 i2c_piix4, Live 0xffffffffc009a000
ip_tables 27078 5
iptable_nat,iptable_mangle,iptable_security,iptable_raw,iptable_filter, Live
0xffffffffc0083000
xfs 978100 2 - Live 0xffffffffc015a000
libcrc32c 12644 3 nf_nat,nf_conntrack,xfs, Live 0xffffffffc007e000
sr_mod 22416 0 - Live 0xffffffffc0073000
cdrom 42556 1 sr_mod, Live 0xffffffffc0121000
ata_generic 12910 0 - Live 0xffffffffc011c000
sd_mod 46322 3 - Live 0xffffffffc010f000
crc_t10dif 12714 1 sd_mod, Live 0xffffffffc0107000
crct10dif_generic 12647 0 - Live 0xffffffffc00ff000
pata_acpi 13038 0 - Live 0xffffffffc00ed000
ahci 34042 2 - Live 0xffffffffc00f2000
libahci 31992 1 ahci, Live 0xffffffffc00e4000
ata_piix 35038 0 - Live 0xffffffffc0150000
libata 238896 5 ata_generic,pata_acpi,ahci,libahci,ata_piix, Live
0xffffffffc00a8000
e1000 137500 0 - Live 0xffffffffc0050000
crct10dif_pclmul 14289 1 - Live 0xffffffffc0048000
crct10dif_common 12595 3 crc_t10dif,crct10dif_generic,crct10dif_pclmul, Live
0xffffffffc003a000
crc32c_intel 22079 1 - Live 0xffffffffc0041000
serio_raw 13413 0 - Live 0xffffffffc0027000
dm_mirror 22124 0 - Live 0xffffffffc0033000
dm_region_hash 20813 1 dm_mirror, Live 0xffffffffc0020000
dm_log 18411 2 dm_mirror,dm_region_hash, Live 0xffffffffc002d000
dm_mod 123303 8 dm_mirror,dm_log, Live 0xffffffffc0000000
+ _________________________ /proc/meminfo
+ cat /proc/meminfo
MemTotal: 1016188 kB
MemFree: 739176 kB
MemAvailable: 739940 kB
Buffers: 2108 kB
Cached: 92148 kB
SwapCached: 0 kB
Active: 103168 kB
Inactive: 64400 kB
Active(anon): 73620 kB
Inactive(anon): 6392 kB
Active(file): 29548 kB
Inactive(file): 58008 kB
Unevictable: 0 kB
Mlocked: 0 kB
SwapTotal: 839676 kB
SwapFree: 839676 kB
Dirty: 108 kB
Writeback: 0 kB
AnonPages: 73344 kB
Mapped: 25056 kB
Shmem: 6700 kB
Slab: 78848 kB
SReclaimable: 56916 kB
SUnreclaim: 21932 kB
KernelStack: 1600 kB
PageTables: 3704 kB
NFS_Unstable: 0 kB
Bounce: 0 kB
WritebackTmp: 0 kB
CommitLimit: 1347768 kB
Committed_AS: 283708 kB
VmallocTotal: 34359738367 kB
VmallocUsed: 5768 kB
VmallocChunk: 34359729904 kB
HardwareCorrupted: 0 kB
AnonHugePages: 16384 kB
HugePages_Total: 0
HugePages_Free: 0
HugePages_Rsvd: 0
HugePages_Surp: 0
Hugepagesize: 2048 kB
DirectMap4k: 53184 kB
DirectMap2M: 995328 kB
+ _________________________ /proc/net/ipsec-ls
+ test -f /proc/net/ipsec_version
+ _________________________ usr/src/linux/.config
+ test -f /proc/config.gz
++ uname -r
+ test -f /lib/modules/3.10.0-693.17.1.el7.x86_64/build/.config
+ echo 'no .config file found, cannot list kernel properties'
no .config file found, cannot list kernel properties
+ _________________________ etc/syslog.conf
+ _________________________ etc/syslog-ng/syslog-ng.conf
+ cat /etc/syslog-ng/syslog-ng.conf
cat: /etc/syslog-ng/syslog-ng.conf: No such file or directory
+ cat /etc/syslog.conf
cat: /etc/syslog.conf: No such file or directory
+ _________________________ etc/resolv.conf
+ cat /etc/resolv.conf
# Generated by NetworkManager
+ _________________________ lib/modules-ls
+ ls -ltr /lib/modules
total 8
drwxr-xr-x. 7 root root 4096 Feb 17 03:28 3.10.0-693.el7.x86_64
drwxr-xr-x. 7 root root 4096 Feb 17 03:50 3.10.0-693.17.1.el7.x86_64
+ _________________________ fipscheck
+ cat /proc/sys/crypto/fips_enabled
0
+ _________________________ /proc/ksyms-netif_rx
+ test -r /proc/ksyms
+ test -r /proc/kallsyms
+ egrep netif_rx /proc/kallsyms
ffffffff81588180 t netif_rx_internal
ffffffff815882c0 T netif_rx
ffffffff815884d0 T netif_rx_ni
ffffffff819908c0 r __tracepoint_ptr_netif_rx_ni_entry
ffffffff819908c8 r __tracepoint_ptr_netif_rx_entry
ffffffff819908e8 r __tracepoint_ptr_netif_rx
ffffffff81992770 r __tpstrtab_netif_rx_ni_entry
ffffffff81992782 r __tpstrtab_netif_rx_entry
ffffffff819927f5 r __tpstrtab_netif_rx
ffffffff819a5ac0 r __ksymtab_netif_rx
ffffffff819a5ad0 r __ksymtab_netif_rx_ni
ffffffff819bdd60 r __kcrctab_netif_rx
ffffffff819bdd68 r __kcrctab_netif_rx_ni
ffffffff819e4ecd r __kstrtab_netif_rx_ni
ffffffff819e4ed9 r __kstrtab_netif_rx
ffffffff81ae5de0 d event_netif_rx_ni_entry
ffffffff81ae5e80 d event_netif_rx_entry
ffffffff81ae6100 d event_netif_rx
ffffffff81b000c0 D __tracepoint_netif_rx_ni_entry
ffffffff81b00100 D __tracepoint_netif_rx_entry
ffffffff81b00200 D __tracepoint_netif_rx
ffffffff81ccba68 t __event_netif_rx_ni_entry
ffffffff81ccba70 t __event_netif_rx_entry
ffffffff81ccba90 t __event_netif_rx
+ _________________________ lib/modules-netif_rx
+ modulegoo kernel/net/ipv4/ipip.o netif_rx
+ set +x
3.10.0-693.17.1.el7.x86_64:
3.10.0-693.el7.x86_64:
+ _________________________ kern.debug
+ test -f /var/log/kern.debug
+ _________________________ klog
+ egrep -i 'klips|ipsec'
+ dmesg
[ 1260.023927] IPv4 over IPsec tunneling driver
+ _________________________ plog
+ test -x /usr/bin/journalctl
+ case "$1" in
+ cat
+ journalctl -u ipsec.service --no-pager --since '1 hour ago'
-- Logs begin at Sat 2018-02-17 11:09:07 EST, end at Sat 2018-02-17 13:46:56
EST. --
Feb 17 13:46:56 k1 pluto[2866]: loading secrets from "/etc/ipsec.secrets"
Feb 17 13:46:56 k1 pluto[2866]: no secrets filename matched
"/etc/ipsec.d/*.secrets"
+ _________________________ date
+ date
Sat Feb 17 13:46:56 EST 2018
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20180217/2f0e91b5/attachment-0001.html>
More information about the Swan
mailing list