[Swan] cannot locate my private key for RSA Signature

klwilson227 at comcast.net klwilson227 at comcast.net
Sat Feb 17 19:36:28 UTC 2018


I have just installed two Centos7 systems and am attempting to get libreswan
setup. 

Naively used DHCP for the hosts initially. Moved to static later on not sure
if this is part of the issues I am having. 

 

I ran the following on both machines:

Ipsec nssinit 

Ipsec newhostkey

 

Then I configured the host-to-host.conf two endpoints with there IP and keys
that :

 

I configured the kernel to fix ipsec verify errors.

 

After a few failures, I moved to using static IP address and set the host
and domain names.

I rebooted and validated the static IPs. 

 

I reran ipsec newhostkey and reconfigured both key endpoints hoping this
would fix my issue. 

However, when running ipsec auto -up host-to-host

 

I get the following error:

003 "host-to-host" #4: unable to locate my private key for RSA Signature

224 "host-to-host" #4: STATE_MAIN_I2: AUTHENTICATION_FAILED to
192.168.89.6:500

 

After googling, Not sure where to look next. 

 

Kevin

Iptables barf:

k1

Sat Feb 17 13:46:56 EST 2018

+ _________________________ version

+ ipsec --version

Linux Libreswan 3.20 (netkey) on 3.10.0-693.17.1.el7.x86_64

+ _________________________ /proc/version

+ cat /proc/version

Linux version 3.10.0-693.17.1.el7.x86_64 (builder at kbuilder.dev.centos.org)
(gcc version 4.8.5 20150623 (Red Hat 4.8.5-16) (GCC) ) #1 SMP Thu Jan 25
20:13:58 UTC 2018

+ _________________________ /proc/net/ipsec_eroute

+ test -r /proc/net/ipsec_eroute

+ _________________________ netstat-rn

+ netstat -nr

+ head -n 100

Kernel IP routing table

Destination     Gateway         Genmask         Flags   MSS Window  irtt
Iface

192.168.89.0    0.0.0.0         255.255.255.0   U         0 0          0
enp0s8

+ _________________________ /proc/net/ipsec_spi

+ test -r /proc/net/ipsec_spi

+ _________________________ /proc/net/ipsec_spigrp

+ test -r /proc/net/ipsec_spigrp

+ _________________________ /proc/net/ipsec_tncfg

+ test -r /proc/net/ipsec_tncfg

+ _________________________ /proc/net/pfkey

+ test -r /proc/net/pfkey

+ cat /proc/net/pfkey

sk       RefCnt Rmem   Wmem   User   Inode

+ _________________________ ip-xfrm-state

+ ip xfrm state

+ _________________________ ip-xfrm-policy

+ ip xfrm policy

src ::/0 dst ::/0 proto ipv6-icmp type 135 

        dir fwd priority 1 ptype main 

src ::/0 dst ::/0 proto ipv6-icmp type 135 

        dir in priority 1 ptype main 

src ::/0 dst ::/0 proto ipv6-icmp type 136 

        dir out priority 1 ptype main 

src ::/0 dst ::/0 proto ipv6-icmp type 136 

        dir fwd priority 1 ptype main 

src ::/0 dst ::/0 proto ipv6-icmp type 136 

        dir in priority 1 ptype main 

src ::/0 dst ::/0 proto ipv6-icmp type 135 

        dir out priority 1 ptype main 

src 192.168.89.7/32 dst 192.168.89.6/32 

        dir out priority 2080 ptype main 

        tmpl src 0.0.0.0 dst 0.0.0.0

                proto esp reqid 0 mode transport

src ::/0 dst ::/0 

        socket out priority 0 ptype main 

src ::/0 dst ::/0 

        socket in priority 0 ptype main 

src 0.0.0.0/0 dst 0.0.0.0/0 

        socket out priority 0 ptype main 

src 0.0.0.0/0 dst 0.0.0.0/0 

        socket in priority 0 ptype main 

src 0.0.0.0/0 dst 0.0.0.0/0 

        socket out priority 0 ptype main 

src 0.0.0.0/0 dst 0.0.0.0/0 

        socket in priority 0 ptype main 

src 0.0.0.0/0 dst 0.0.0.0/0 

        socket out priority 0 ptype main 

src 0.0.0.0/0 dst 0.0.0.0/0 

        socket in priority 0 ptype main 

src 0.0.0.0/0 dst 0.0.0.0/0 

        socket out priority 0 ptype main 

src 0.0.0.0/0 dst 0.0.0.0/0 

        socket in priority 0 ptype main 

src 0.0.0.0/0 dst 0.0.0.0/0 

        socket out priority 0 ptype main 

src 0.0.0.0/0 dst 0.0.0.0/0 

        socket in priority 0 ptype main 

src 0.0.0.0/0 dst 0.0.0.0/0 

        socket out priority 0 ptype main 

src 0.0.0.0/0 dst 0.0.0.0/0 

        socket in priority 0 ptype main 

+ _________________________ ip-xfrm-stats

+ cat /proc/net/xfrm_stat

XfrmInError                     0

XfrmInBufferError               0

XfrmInHdrError                  0

XfrmInNoStates                  0

XfrmInStateProtoError           0

XfrmInStateModeError            0

XfrmInStateSeqError             0

XfrmInStateExpired              0

XfrmInStateMismatch             0

XfrmInStateInvalid              0

XfrmInTmplMismatch              0

XfrmInNoPols                    0

XfrmInPolBlock                  0

XfrmInPolError                  0

XfrmOutError                    0

XfrmOutBundleGenError           0

XfrmOutBundleCheckError         0

XfrmOutNoStates                 21

XfrmOutStateProtoError          0

XfrmOutStateModeError           0

XfrmOutStateSeqError            0

XfrmOutStateExpired             0

XfrmOutPolBlock                 0

XfrmOutPolDead                  0

XfrmOutPolError                 0

XfrmFwdHdrError                 0

XfrmOutStateInvalid             0

+ _________________________ ip-l2tp-tunnel

+ test -d /sys/module/l2tp_core

+ test -d /sys/module/ip_vti

+ ip -s tunnel show

ip_vti0: ip/ip  remote any  local any  ttl inherit  nopmtudisc key 0

RX: Packets    Bytes        Errors CsumErrs OutOfSeq Mcasts

    0          0            0      0        0        0       

TX: Packets    Bytes        Errors DeadLoop NoRoute  NoBufs

    0          0            0      0        0        0     

+ _________________________ ip-tunnel

+ ip -s tunnel show

ip_vti0: ip/ip  remote any  local any  ttl inherit  nopmtudisc key 0

RX: Packets    Bytes        Errors CsumErrs OutOfSeq Mcasts

    0          0            0      0        0        0       

TX: Packets    Bytes        Errors DeadLoop NoRoute  NoBufs

    0          0            0      0        0        0     

+ _________________________ /proc/crypto

+ test -r /proc/crypto

+ cat /proc/crypto

name         : rfc3686(ctr(aes))

driver       : rfc3686(ctr-aes-aesni)

module       : kernel

priority     : 400

refcnt       : 1

selftest     : passed

type         : ablkcipher

async        : yes

blocksize    : 1

min keysize  : 20

max keysize  : 36

ivsize       : 8

geniv        : seqiv

 

name         : __ctr-aes-aesni

driver       : cryptd(__driver-ctr-aes-aesni)

module       : cryptd

priority     : 50

refcnt       : 1

selftest     : passed

type         : ablkcipher

async        : yes

blocksize    : 1

min keysize  : 16

max keysize  : 32

ivsize       : 16

geniv        : <default>

 

name         : ctr(aes)

driver       : ctr-aes-aesni

module       : kernel

priority     : 400

refcnt       : 1

selftest     : passed

type         : givcipher

async        : yes

blocksize    : 1

min keysize  : 16

max keysize  : 32

ivsize       : 16

geniv        : chainiv

 

name         : stdrng

driver       : drbg_nopr_hmac_sha256

module       : drbg

priority     : 221

refcnt       : 2

selftest     : passed

type         : rng

seedsize     : 0

 

name         : stdrng

driver       : drbg_nopr_hmac_sha512

module       : drbg

priority     : 220

refcnt       : 1

selftest     : passed

type         : rng

seedsize     : 0

 

name         : stdrng

driver       : drbg_nopr_hmac_sha384

module       : drbg

priority     : 219

refcnt       : 1

selftest     : passed

type         : rng

seedsize     : 0

 

name         : stdrng

driver       : drbg_nopr_hmac_sha1

module       : drbg

priority     : 218

refcnt       : 1

selftest     : passed

type         : rng

seedsize     : 0

 

name         : stdrng

driver       : drbg_nopr_sha256

module       : drbg

priority     : 217

refcnt       : 1

selftest     : passed

type         : rng

seedsize     : 0

 

name         : stdrng

driver       : drbg_nopr_sha512

module       : drbg

priority     : 216

refcnt       : 1

selftest     : passed

type         : rng

seedsize     : 0

 

name         : stdrng

driver       : drbg_nopr_sha384

module       : drbg

priority     : 215

refcnt       : 1

selftest     : passed

type         : rng

seedsize     : 0

 

name         : stdrng

driver       : drbg_nopr_sha1

module       : drbg

priority     : 214

refcnt       : 1

selftest     : passed

type         : rng

seedsize     : 0

 

name         : stdrng

driver       : drbg_nopr_ctr_aes256

module       : drbg

priority     : 213

refcnt       : 1

selftest     : passed

type         : rng

seedsize     : 0

 

name         : stdrng

driver       : drbg_nopr_ctr_aes192

module       : drbg

priority     : 212

refcnt       : 1

selftest     : passed

type         : rng

seedsize     : 0

 

name         : stdrng

driver       : drbg_nopr_ctr_aes128

module       : drbg

priority     : 211

refcnt       : 1

selftest     : passed

type         : rng

seedsize     : 0

 

name         : stdrng

driver       : drbg_pr_hmac_sha256

module       : drbg

priority     : 210

refcnt       : 1

selftest     : passed

type         : rng

seedsize     : 0

 

name         : stdrng

driver       : drbg_pr_hmac_sha512

module       : drbg

priority     : 209

refcnt       : 1

selftest     : passed

type         : rng

seedsize     : 0

 

name         : stdrng

driver       : drbg_pr_hmac_sha384

module       : drbg

priority     : 208

refcnt       : 1

selftest     : passed

type         : rng

seedsize     : 0

 

name         : stdrng

driver       : drbg_pr_hmac_sha1

module       : drbg

priority     : 207

refcnt       : 1

selftest     : passed

type         : rng

seedsize     : 0

 

name         : stdrng

driver       : drbg_pr_sha256

module       : drbg

priority     : 206

refcnt       : 1

selftest     : passed

type         : rng

seedsize     : 0

 

name         : stdrng

driver       : drbg_pr_sha512

module       : drbg

priority     : 205

refcnt       : 1

selftest     : passed

type         : rng

seedsize     : 0

 

name         : stdrng

driver       : drbg_pr_sha384

module       : drbg

priority     : 204

refcnt       : 1

selftest     : passed

type         : rng

seedsize     : 0

 

name         : stdrng

driver       : drbg_pr_sha1

module       : drbg

priority     : 203

refcnt       : 1

selftest     : passed

type         : rng

seedsize     : 0

 

name         : stdrng

driver       : drbg_pr_ctr_aes256

module       : drbg

priority     : 202

refcnt       : 1

selftest     : passed

type         : rng

seedsize     : 0

 

name         : stdrng

driver       : drbg_pr_ctr_aes192

module       : drbg

priority     : 201

refcnt       : 1

selftest     : passed

type         : rng

seedsize     : 0

 

name         : ecb(aes)

driver       : ecb(aes-aesni)

module       : kernel

priority     : 300

refcnt       : 1

selftest     : passed

type         : blkcipher

blocksize    : 16

min keysize  : 16

max keysize  : 32

ivsize       : 0

geniv        : <default>

 

name         : stdrng

driver       : drbg_pr_ctr_aes128

module       : drbg

priority     : 200

refcnt       : 1

selftest     : passed

type         : rng

seedsize     : 0

 

name         : fips(ansi_cprng)

driver       : fips_ansi_cprng

module       : ansi_cprng

priority     : 300

refcnt       : 1

selftest     : passed

type         : rng

seedsize     : 48

 

name         : stdrng

driver       : ansi_cprng

module       : ansi_cprng

priority     : 100

refcnt       : 1

selftest     : passed

type         : rng

seedsize     : 48

 

name         : cbc(des3_ede)

driver       : cbc(des3_ede-generic)

module       : kernel

priority     : 0

refcnt       : 1

selftest     : passed

type         : blkcipher

blocksize    : 8

min keysize  : 24

max keysize  : 24

ivsize       : 8

geniv        : <default>

 

name         : cbc(des)

driver       : cbc(des-generic)

module       : kernel

priority     : 0

refcnt       : 1

selftest     : passed

type         : blkcipher

blocksize    : 8

min keysize  : 8

max keysize  : 8

ivsize       : 8

geniv        : <default>

 

name         : cmac(aes)

driver       : cmac(aes-aesni)

module       : cmac

priority     : 300

refcnt       : 1

selftest     : passed

type         : shash

blocksize    : 16

digestsize   : 16

 

name         : xcbc(aes)

driver       : xcbc(aes-aesni)

module       : xcbc

priority     : 300

refcnt       : 1

selftest     : passed

type         : shash

blocksize    : 16

digestsize   : 16

 

name         : hmac(rmd160)

driver       : hmac(rmd160-generic)

module       : kernel

priority     : 0

refcnt       : 1

selftest     : passed

type         : shash

blocksize    : 64

digestsize   : 20

 

name         : rmd160

driver       : rmd160-generic

module       : rmd160

priority     : 0

refcnt       : 1

selftest     : passed

type         : shash

blocksize    : 64

digestsize   : 20

 

name         : hmac(sha512)

driver       : hmac(sha512-ssse3)

module       : kernel

priority     : 150

refcnt       : 1

selftest     : passed

type         : shash

blocksize    : 128

digestsize   : 64

 

name         : hmac(sha384)

driver       : hmac(sha384-ssse3)

module       : kernel

priority     : 150

refcnt       : 1

selftest     : passed

type         : shash

blocksize    : 128

digestsize   : 48

 

name         : hmac(md5)

driver       : hmac(md5-generic)

module       : kernel

priority     : 0

refcnt       : 1

selftest     : passed

type         : shash

blocksize    : 64

digestsize   : 16

 

name         : digest_null

driver       : digest_null-generic

module       : crypto_null

priority     : 0

refcnt       : 1

selftest     : passed

type         : shash

blocksize    : 1

digestsize   : 0

 

name         : compress_null

driver       : compress_null-generic

module       : crypto_null

priority     : 0

refcnt       : 1

selftest     : passed

type         : compression

 

name         : ecb(cipher_null)

driver       : ecb-cipher_null

module       : crypto_null

priority     : 100

refcnt       : 1

selftest     : passed

type         : blkcipher

blocksize    : 1

min keysize  : 0

max keysize  : 0

ivsize       : 0

geniv        : <default>

 

name         : cipher_null

driver       : cipher_null-generic

module       : crypto_null

priority     : 0

refcnt       : 1

selftest     : passed

type         : cipher

blocksize    : 1

min keysize  : 0

max keysize  : 0

 

name         : camellia

driver       : camellia-generic

module       : camellia_generic

priority     : 100

refcnt       : 1

selftest     : passed

type         : cipher

blocksize    : 16

min keysize  : 16

max keysize  : 32

 

name         : xts(camellia)

driver       : xts-camellia-aesni-avx2

module       : camellia_aesni_avx2

priority     : 500

refcnt       : 1

selftest     : passed

type         : ablkcipher

async        : yes

blocksize    : 16

min keysize  : 32

max keysize  : 64

ivsize       : 16

geniv        : <default>

 

name         : lrw(camellia)

driver       : lrw-camellia-aesni-avx2

module       : camellia_aesni_avx2

priority     : 500

refcnt       : 1

selftest     : passed

type         : ablkcipher

async        : yes

blocksize    : 16

min keysize  : 32

max keysize  : 48

ivsize       : 16

geniv        : <default>

 

name         : ctr(camellia)

driver       : ctr-camellia-aesni-avx2

module       : camellia_aesni_avx2

priority     : 500

refcnt       : 1

selftest     : passed

type         : ablkcipher

async        : yes

blocksize    : 1

min keysize  : 16

max keysize  : 32

ivsize       : 16

geniv        : chainiv

 

name         : cbc(camellia)

driver       : cbc-camellia-aesni-avx2

module       : camellia_aesni_avx2

priority     : 500

refcnt       : 1

selftest     : passed

type         : ablkcipher

async        : yes

blocksize    : 16

min keysize  : 16

max keysize  : 32

ivsize       : 16

geniv        : <default>

 

name         : __ecb-camellia-aesni-avx2

driver       : cryptd(__driver-ecb-camellia-aesni-avx2)

module       : cryptd

priority     : 50

refcnt       : 1

selftest     : passed

type         : ablkcipher

async        : yes

blocksize    : 16

min keysize  : 16

max keysize  : 32

ivsize       : 0

geniv        : <default>

 

name         : ecb(camellia)

driver       : ecb-camellia-aesni-avx2

module       : camellia_aesni_avx2

priority     : 500

refcnt       : 1

selftest     : passed

type         : ablkcipher

async        : yes

blocksize    : 16

min keysize  : 16

max keysize  : 32

ivsize       : 0

geniv        : <default>

 

name         : __xts-camellia-aesni-avx2

driver       : __driver-xts-camellia-aesni-avx2

module       : camellia_aesni_avx2

priority     : 0

refcnt       : 1

selftest     : passed

type         : blkcipher

blocksize    : 16

min keysize  : 32

max keysize  : 64

ivsize       : 16

geniv        : <default>

 

name         : __lrw-camellia-aesni-avx2

driver       : __driver-lrw-camellia-aesni-avx2

module       : camellia_aesni_avx2

priority     : 0

refcnt       : 1

selftest     : passed

type         : blkcipher

blocksize    : 16

min keysize  : 32

max keysize  : 48

ivsize       : 16

geniv        : <default>

 

name         : __ctr-camellia-aesni-avx2

driver       : __driver-ctr-camellia-aesni-avx2

module       : camellia_aesni_avx2

priority     : 0

refcnt       : 1

selftest     : passed

type         : blkcipher

blocksize    : 1

min keysize  : 16

max keysize  : 32

ivsize       : 16

geniv        : <default>

 

name         : __cbc-camellia-aesni-avx2

driver       : __driver-cbc-camellia-aesni-avx2

module       : camellia_aesni_avx2

priority     : 0

refcnt       : 1

selftest     : passed

type         : blkcipher

blocksize    : 16

min keysize  : 16

max keysize  : 32

ivsize       : 0

geniv        : <default>

 

name         : __ecb-camellia-aesni-avx2

driver       : __driver-ecb-camellia-aesni-avx2

module       : camellia_aesni_avx2

priority     : 0

refcnt       : 1

selftest     : passed

type         : blkcipher

blocksize    : 16

min keysize  : 16

max keysize  : 32

ivsize       : 0

geniv        : <default>

 

name         : xts(camellia)

driver       : xts-camellia-aesni

module       : camellia_aesni_avx_x86_64

priority     : 400

refcnt       : 1

selftest     : passed

type         : ablkcipher

async        : yes

blocksize    : 16

min keysize  : 32

max keysize  : 64

ivsize       : 16

geniv        : <default>

 

name         : lrw(camellia)

driver       : lrw-camellia-aesni

module       : camellia_aesni_avx_x86_64

priority     : 400

refcnt       : 1

selftest     : passed

type         : ablkcipher

async        : yes

blocksize    : 16

min keysize  : 32

max keysize  : 48

ivsize       : 16

geniv        : <default>

 

name         : ctr(camellia)

driver       : ctr-camellia-aesni

module       : camellia_aesni_avx_x86_64

priority     : 400

refcnt       : 1

selftest     : passed

type         : ablkcipher

async        : yes

blocksize    : 1

min keysize  : 16

max keysize  : 32

ivsize       : 16

geniv        : chainiv

 

name         : cbc(camellia)

driver       : cbc-camellia-aesni

module       : camellia_aesni_avx_x86_64

priority     : 400

refcnt       : 1

selftest     : passed

type         : ablkcipher

async        : yes

blocksize    : 16

min keysize  : 16

max keysize  : 32

ivsize       : 16

geniv        : <default>

 

name         : __ecb-camellia-aesni

driver       : cryptd(__driver-ecb-camellia-aesni)

module       : cryptd

priority     : 50

refcnt       : 1

selftest     : passed

type         : ablkcipher

async        : yes

blocksize    : 16

min keysize  : 16

max keysize  : 32

ivsize       : 0

geniv        : <default>

 

name         : ecb(camellia)

driver       : ecb-camellia-aesni

module       : camellia_aesni_avx_x86_64

priority     : 400

refcnt       : 1

selftest     : passed

type         : ablkcipher

async        : yes

blocksize    : 16

min keysize  : 16

max keysize  : 32

ivsize       : 0

geniv        : <default>

 

name         : __xts-camellia-aesni

driver       : __driver-xts-camellia-aesni

module       : camellia_aesni_avx_x86_64

priority     : 0

refcnt       : 1

selftest     : passed

type         : blkcipher

blocksize    : 16

min keysize  : 32

max keysize  : 64

ivsize       : 16

geniv        : <default>

 

name         : __lrw-camellia-aesni

driver       : __driver-lrw-camellia-aesni

module       : camellia_aesni_avx_x86_64

priority     : 0

refcnt       : 1

selftest     : passed

type         : blkcipher

blocksize    : 16

min keysize  : 32

max keysize  : 48

ivsize       : 16

geniv        : <default>

 

name         : __ctr-camellia-aesni

driver       : __driver-ctr-camellia-aesni

module       : camellia_aesni_avx_x86_64

priority     : 0

refcnt       : 1

selftest     : passed

type         : blkcipher

blocksize    : 1

min keysize  : 16

max keysize  : 32

ivsize       : 16

geniv        : <default>

 

name         : __cbc-camellia-aesni

driver       : __driver-cbc-camellia-aesni

module       : camellia_aesni_avx_x86_64

priority     : 0

refcnt       : 1

selftest     : passed

type         : blkcipher

blocksize    : 16

min keysize  : 16

max keysize  : 32

ivsize       : 0

geniv        : <default>

 

name         : __ecb-camellia-aesni

driver       : __driver-ecb-camellia-aesni

module       : camellia_aesni_avx_x86_64

priority     : 0

refcnt       : 1

selftest     : passed

type         : blkcipher

blocksize    : 16

min keysize  : 16

max keysize  : 32

ivsize       : 0

geniv        : <default>

 

name         : xts(camellia)

driver       : xts-camellia-asm

module       : camellia_x86_64

priority     : 300

refcnt       : 1

selftest     : passed

type         : blkcipher

blocksize    : 16

min keysize  : 32

max keysize  : 64

ivsize       : 16

geniv        : <default>

 

name         : lrw(camellia)

driver       : lrw-camellia-asm

module       : camellia_x86_64

priority     : 300

refcnt       : 1

selftest     : passed

type         : blkcipher

blocksize    : 16

min keysize  : 32

max keysize  : 48

ivsize       : 16

geniv        : <default>

 

name         : ctr(camellia)

driver       : ctr-camellia-asm

module       : camellia_x86_64

priority     : 300

refcnt       : 1

selftest     : passed

type         : blkcipher

blocksize    : 1

min keysize  : 16

max keysize  : 32

ivsize       : 16

geniv        : <default>

 

name         : cbc(camellia)

driver       : cbc-camellia-asm

module       : camellia_x86_64

priority     : 300

refcnt       : 1

selftest     : passed

type         : blkcipher

blocksize    : 16

min keysize  : 16

max keysize  : 32

ivsize       : 16

geniv        : <default>

 

name         : ecb(camellia)

driver       : ecb-camellia-asm

module       : camellia_x86_64

priority     : 300

refcnt       : 1

selftest     : passed

type         : blkcipher

blocksize    : 16

min keysize  : 16

max keysize  : 32

ivsize       : 0

geniv        : <default>

 

name         : camellia

driver       : camellia-asm

module       : camellia_x86_64

priority     : 200

refcnt       : 1

selftest     : passed

type         : cipher

blocksize    : 16

min keysize  : 16

max keysize  : 32

 

name         : xts(cast6)

driver       : xts-cast6-avx

module       : cast6_avx_x86_64

priority     : 200

refcnt       : 1

selftest     : passed

type         : ablkcipher

async        : yes

blocksize    : 16

min keysize  : 32

max keysize  : 64

ivsize       : 16

geniv        : <default>

 

name         : lrw(cast6)

driver       : lrw-cast6-avx

module       : cast6_avx_x86_64

priority     : 200

refcnt       : 1

selftest     : passed

type         : ablkcipher

async        : yes

blocksize    : 16

min keysize  : 32

max keysize  : 48

ivsize       : 16

geniv        : <default>

 

name         : ctr(cast6)

driver       : ctr-cast6-avx

module       : cast6_avx_x86_64

priority     : 200

refcnt       : 1

selftest     : passed

type         : ablkcipher

async        : yes

blocksize    : 1

min keysize  : 16

max keysize  : 32

ivsize       : 16

geniv        : chainiv

 

name         : cbc(cast6)

driver       : cbc-cast6-avx

module       : cast6_avx_x86_64

priority     : 200

refcnt       : 1

selftest     : passed

type         : ablkcipher

async        : yes

blocksize    : 16

min keysize  : 16

max keysize  : 32

ivsize       : 16

geniv        : <default>

 

name         : __ecb-cast6-avx

driver       : cryptd(__driver-ecb-cast6-avx)

module       : cryptd

priority     : 50

refcnt       : 1

selftest     : passed

type         : ablkcipher

async        : yes

blocksize    : 16

min keysize  : 16

max keysize  : 32

ivsize       : 0

geniv        : <default>

 

name         : ecb(cast6)

driver       : ecb-cast6-avx

module       : cast6_avx_x86_64

priority     : 200

refcnt       : 1

selftest     : passed

type         : ablkcipher

async        : yes

blocksize    : 16

min keysize  : 16

max keysize  : 32

ivsize       : 0

geniv        : <default>

 

name         : __xts-cast6-avx

driver       : __driver-xts-cast6-avx

module       : cast6_avx_x86_64

priority     : 0

refcnt       : 1

selftest     : passed

type         : blkcipher

blocksize    : 16

min keysize  : 32

max keysize  : 64

ivsize       : 16

geniv        : <default>

 

name         : __lrw-cast6-avx

driver       : __driver-lrw-cast6-avx

module       : cast6_avx_x86_64

priority     : 0

refcnt       : 1

selftest     : passed

type         : blkcipher

blocksize    : 16

min keysize  : 32

max keysize  : 48

ivsize       : 16

geniv        : <default>

 

name         : __ctr-cast6-avx

driver       : __driver-ctr-cast6-avx

module       : cast6_avx_x86_64

priority     : 0

refcnt       : 1

selftest     : passed

type         : blkcipher

blocksize    : 1

min keysize  : 16

max keysize  : 32

ivsize       : 16

geniv        : <default>

 

name         : __cbc-cast6-avx

driver       : __driver-cbc-cast6-avx

module       : cast6_avx_x86_64

priority     : 0

refcnt       : 1

selftest     : passed

type         : blkcipher

blocksize    : 16

min keysize  : 16

max keysize  : 32

ivsize       : 0

geniv        : <default>

 

name         : __ecb-cast6-avx

driver       : __driver-ecb-cast6-avx

module       : cast6_avx_x86_64

priority     : 0

refcnt       : 1

selftest     : passed

type         : blkcipher

blocksize    : 16

min keysize  : 16

max keysize  : 32

ivsize       : 0

geniv        : <default>

 

name         : cast6

driver       : cast6-generic

module       : cast6_generic

priority     : 100

refcnt       : 1

selftest     : passed

type         : cipher

blocksize    : 16

min keysize  : 16

max keysize  : 32

 

name         : ctr(cast5)

driver       : ctr-cast5-avx

module       : cast5_avx_x86_64

priority     : 200

refcnt       : 1

selftest     : passed

type         : ablkcipher

async        : yes

blocksize    : 1

min keysize  : 5

max keysize  : 16

ivsize       : 8

geniv        : chainiv

 

name         : cbc(cast5)

driver       : cbc-cast5-avx

module       : cast5_avx_x86_64

priority     : 200

refcnt       : 1

selftest     : passed

type         : ablkcipher

async        : yes

blocksize    : 8

min keysize  : 5

max keysize  : 16

ivsize       : 8

geniv        : <default>

 

name         : __ecb-cast5-avx

driver       : cryptd(__driver-ecb-cast5-avx)

module       : cryptd

priority     : 50

refcnt       : 1

selftest     : passed

type         : ablkcipher

async        : yes

blocksize    : 8

min keysize  : 5

max keysize  : 16

ivsize       : 0

geniv        : <default>

 

name         : ecb(cast5)

driver       : ecb-cast5-avx

module       : cast5_avx_x86_64

priority     : 200

refcnt       : 1

selftest     : passed

type         : ablkcipher

async        : yes

blocksize    : 8

min keysize  : 5

max keysize  : 16

ivsize       : 0

geniv        : <default>

 

name         : __ctr-cast5-avx

driver       : __driver-ctr-cast5-avx

module       : cast5_avx_x86_64

priority     : 0

refcnt       : 1

selftest     : passed

type         : blkcipher

blocksize    : 1

min keysize  : 5

max keysize  : 16

ivsize       : 8

geniv        : <default>

 

name         : __cbc-cast5-avx

driver       : __driver-cbc-cast5-avx

module       : cast5_avx_x86_64

priority     : 0

refcnt       : 1

selftest     : passed

type         : blkcipher

blocksize    : 8

min keysize  : 5

max keysize  : 16

ivsize       : 0

geniv        : <default>

 

name         : __ecb-cast5-avx

driver       : __driver-ecb-cast5-avx

module       : cast5_avx_x86_64

priority     : 0

refcnt       : 1

selftest     : passed

type         : blkcipher

blocksize    : 8

min keysize  : 5

max keysize  : 16

ivsize       : 0

geniv        : <default>

 

name         : cast5

driver       : cast5-generic

module       : cast5_generic

priority     : 100

refcnt       : 1

selftest     : passed

type         : cipher

blocksize    : 8

min keysize  : 5

max keysize  : 16

 

name         : deflate

driver       : deflate-generic

module       : deflate

priority     : 0

refcnt       : 1

selftest     : passed

type         : compression

 

name         : xts(serpent)

driver       : xts-serpent-avx2

module       : serpent_avx2

priority     : 600

refcnt       : 1

selftest     : passed

type         : ablkcipher

async        : yes

blocksize    : 16

min keysize  : 0

max keysize  : 64

ivsize       : 16

geniv        : <default>

 

name         : lrw(serpent)

driver       : lrw-serpent-avx2

module       : serpent_avx2

priority     : 600

refcnt       : 1

selftest     : passed

type         : ablkcipher

async        : yes

blocksize    : 16

min keysize  : 16

max keysize  : 48

ivsize       : 16

geniv        : <default>

 

name         : ctr(serpent)

driver       : ctr-serpent-avx2

module       : serpent_avx2

priority     : 600

refcnt       : 1

selftest     : passed

type         : ablkcipher

async        : yes

blocksize    : 1

min keysize  : 0

max keysize  : 32

ivsize       : 16

geniv        : chainiv

 

name         : cbc(serpent)

driver       : cbc-serpent-avx2

module       : serpent_avx2

priority     : 600

refcnt       : 1

selftest     : passed

type         : ablkcipher

async        : yes

blocksize    : 16

min keysize  : 0

max keysize  : 32

ivsize       : 16

geniv        : <default>

 

name         : __ecb-serpent-avx2

driver       : cryptd(__driver-ecb-serpent-avx2)

module       : cryptd

priority     : 50

refcnt       : 1

selftest     : passed

type         : ablkcipher

async        : yes

blocksize    : 16

min keysize  : 0

max keysize  : 32

ivsize       : 0

geniv        : <default>

 

name         : ecb(serpent)

driver       : ecb-serpent-avx2

module       : serpent_avx2

priority     : 600

refcnt       : 1

selftest     : passed

type         : ablkcipher

async        : yes

blocksize    : 16

min keysize  : 0

max keysize  : 32

ivsize       : 0

geniv        : <default>

 

name         : __xts-serpent-avx2

driver       : __driver-xts-serpent-avx2

module       : serpent_avx2

priority     : 0

refcnt       : 1

selftest     : passed

type         : blkcipher

blocksize    : 16

min keysize  : 0

max keysize  : 64

ivsize       : 16

geniv        : <default>

 

name         : __lrw-serpent-avx2

driver       : __driver-lrw-serpent-avx2

module       : serpent_avx2

priority     : 0

refcnt       : 1

selftest     : passed

type         : blkcipher

blocksize    : 16

min keysize  : 16

max keysize  : 48

ivsize       : 16

geniv        : <default>

 

name         : __ctr-serpent-avx2

driver       : __driver-ctr-serpent-avx2

module       : serpent_avx2

priority     : 0

refcnt       : 1

selftest     : passed

type         : blkcipher

blocksize    : 1

min keysize  : 0

max keysize  : 32

ivsize       : 16

geniv        : <default>

 

name         : __cbc-serpent-avx2

driver       : __driver-cbc-serpent-avx2

module       : serpent_avx2

priority     : 0

refcnt       : 1

selftest     : passed

type         : blkcipher

blocksize    : 16

min keysize  : 0

max keysize  : 32

ivsize       : 0

geniv        : <default>

 

name         : __ecb-serpent-avx2

driver       : __driver-ecb-serpent-avx2

module       : serpent_avx2

priority     : 0

refcnt       : 1

selftest     : passed

type         : blkcipher

blocksize    : 16

min keysize  : 0

max keysize  : 32

ivsize       : 0

geniv        : <default>

 

name         : xts(serpent)

driver       : xts-serpent-avx

module       : serpent_avx_x86_64

priority     : 500

refcnt       : 1

selftest     : passed

type         : ablkcipher

async        : yes

blocksize    : 16

min keysize  : 0

max keysize  : 64

ivsize       : 16

geniv        : <default>

 

name         : lrw(serpent)

driver       : lrw-serpent-avx

module       : serpent_avx_x86_64

priority     : 500

refcnt       : 1

selftest     : passed

type         : ablkcipher

async        : yes

blocksize    : 16

min keysize  : 16

max keysize  : 48

ivsize       : 16

geniv        : <default>

 

name         : ctr(serpent)

driver       : ctr-serpent-avx

module       : serpent_avx_x86_64

priority     : 500

refcnt       : 1

selftest     : passed

type         : ablkcipher

async        : yes

blocksize    : 1

min keysize  : 0

max keysize  : 32

ivsize       : 16

geniv        : chainiv

 

name         : cbc(serpent)

driver       : cbc-serpent-avx

module       : serpent_avx_x86_64

priority     : 500

refcnt       : 1

selftest     : passed

type         : ablkcipher

async        : yes

blocksize    : 16

min keysize  : 0

max keysize  : 32

ivsize       : 16

geniv        : <default>

 

name         : __ecb-serpent-avx

driver       : cryptd(__driver-ecb-serpent-avx)

module       : cryptd

priority     : 50

refcnt       : 1

selftest     : passed

type         : ablkcipher

async        : yes

blocksize    : 16

min keysize  : 0

max keysize  : 32

ivsize       : 0

geniv        : <default>

 

name         : ecb(serpent)

driver       : ecb-serpent-avx

module       : serpent_avx_x86_64

priority     : 500

refcnt       : 1

selftest     : passed

type         : ablkcipher

async        : yes

blocksize    : 16

min keysize  : 0

max keysize  : 32

ivsize       : 0

geniv        : <default>

 

name         : __xts-serpent-avx

driver       : __driver-xts-serpent-avx

module       : serpent_avx_x86_64

priority     : 0

refcnt       : 1

selftest     : passed

type         : blkcipher

blocksize    : 16

min keysize  : 0

max keysize  : 64

ivsize       : 16

geniv        : <default>

 

name         : __lrw-serpent-avx

driver       : __driver-lrw-serpent-avx

module       : serpent_avx_x86_64

priority     : 0

refcnt       : 1

selftest     : passed

type         : blkcipher

blocksize    : 16

min keysize  : 16

max keysize  : 48

ivsize       : 16

geniv        : <default>

 

name         : __ctr-serpent-avx

driver       : __driver-ctr-serpent-avx

module       : serpent_avx_x86_64

priority     : 0

refcnt       : 1

selftest     : passed

type         : blkcipher

blocksize    : 1

min keysize  : 0

max keysize  : 32

ivsize       : 16

geniv        : <default>

 

name         : __cbc-serpent-avx

driver       : __driver-cbc-serpent-avx

module       : serpent_avx_x86_64

priority     : 0

refcnt       : 1

selftest     : passed

type         : blkcipher

blocksize    : 16

min keysize  : 0

max keysize  : 32

ivsize       : 0

geniv        : <default>

 

name         : __ecb-serpent-avx

driver       : __driver-ecb-serpent-avx

module       : serpent_avx_x86_64

priority     : 0

refcnt       : 1

selftest     : passed

type         : blkcipher

blocksize    : 16

min keysize  : 0

max keysize  : 32

ivsize       : 0

geniv        : <default>

 

name         : xts(serpent)

driver       : xts-serpent-sse2

module       : serpent_sse2_x86_64

priority     : 400

refcnt       : 1

selftest     : passed

type         : ablkcipher

async        : yes

blocksize    : 16

min keysize  : 0

max keysize  : 64

ivsize       : 16

geniv        : <default>

 

name         : lrw(serpent)

driver       : lrw-serpent-sse2

module       : serpent_sse2_x86_64

priority     : 400

refcnt       : 1

selftest     : passed

type         : ablkcipher

async        : yes

blocksize    : 16

min keysize  : 16

max keysize  : 48

ivsize       : 16

geniv        : <default>

 

name         : ctr(serpent)

driver       : ctr-serpent-sse2

module       : serpent_sse2_x86_64

priority     : 400

refcnt       : 1

selftest     : passed

type         : ablkcipher

async        : yes

blocksize    : 1

min keysize  : 0

max keysize  : 32

ivsize       : 16

geniv        : chainiv

 

name         : cbc(serpent)

driver       : cbc-serpent-sse2

module       : serpent_sse2_x86_64

priority     : 400

refcnt       : 1

selftest     : passed

type         : ablkcipher

async        : yes

blocksize    : 16

min keysize  : 0

max keysize  : 32

ivsize       : 16

geniv        : <default>

 

name         : __ecb-serpent-sse2

driver       : cryptd(__driver-ecb-serpent-sse2)

module       : cryptd

priority     : 50

refcnt       : 1

selftest     : passed

type         : ablkcipher

async        : yes

blocksize    : 16

min keysize  : 0

max keysize  : 32

ivsize       : 0

geniv        : <default>

 

name         : ecb(serpent)

driver       : ecb-serpent-sse2

module       : serpent_sse2_x86_64

priority     : 400

refcnt       : 1

selftest     : passed

type         : ablkcipher

async        : yes

blocksize    : 16

min keysize  : 0

max keysize  : 32

ivsize       : 0

geniv        : <default>

 

name         : __xts-serpent-sse2

driver       : __driver-xts-serpent-sse2

module       : serpent_sse2_x86_64

priority     : 0

refcnt       : 1

selftest     : passed

type         : blkcipher

blocksize    : 16

min keysize  : 0

max keysize  : 64

ivsize       : 16

geniv        : <default>

 

name         : __lrw-serpent-sse2

driver       : __driver-lrw-serpent-sse2

module       : serpent_sse2_x86_64

priority     : 0

refcnt       : 1

selftest     : passed

type         : blkcipher

blocksize    : 16

min keysize  : 16

max keysize  : 48

ivsize       : 16

geniv        : <default>

 

name         : __ctr-serpent-sse2

driver       : __driver-ctr-serpent-sse2

module       : serpent_sse2_x86_64

priority     : 0

refcnt       : 1

selftest     : passed

type         : blkcipher

blocksize    : 1

min keysize  : 0

max keysize  : 32

ivsize       : 16

geniv        : <default>

 

name         : __cbc-serpent-sse2

driver       : __driver-cbc-serpent-sse2

module       : serpent_sse2_x86_64

priority     : 0

refcnt       : 1

selftest     : passed

type         : blkcipher

blocksize    : 16

min keysize  : 0

max keysize  : 32

ivsize       : 0

geniv        : <default>

 

name         : __ecb-serpent-sse2

driver       : __driver-ecb-serpent-sse2

module       : serpent_sse2_x86_64

priority     : 0

refcnt       : 1

selftest     : passed

type         : blkcipher

blocksize    : 16

min keysize  : 0

max keysize  : 32

ivsize       : 0

geniv        : <default>

 

name         : tnepres

driver       : tnepres-generic

module       : serpent_generic

priority     : 0

refcnt       : 1

selftest     : passed

type         : cipher

blocksize    : 16

min keysize  : 0

max keysize  : 32

 

name         : serpent

driver       : serpent-generic

module       : serpent_generic

priority     : 100

refcnt       : 1

selftest     : passed

type         : cipher

blocksize    : 16

min keysize  : 0

max keysize  : 32

 

name         : blowfish

driver       : blowfish-generic

module       : blowfish_generic

priority     : 100

refcnt       : 1

selftest     : passed

type         : cipher

blocksize    : 8

min keysize  : 4

max keysize  : 56

 

name         : ctr(blowfish)

driver       : ctr-blowfish-asm

module       : blowfish_x86_64

priority     : 300

refcnt       : 1

selftest     : passed

type         : blkcipher

blocksize    : 1

min keysize  : 4

max keysize  : 56

ivsize       : 8

geniv        : <default>

 

name         : cbc(blowfish)

driver       : cbc-blowfish-asm

module       : blowfish_x86_64

priority     : 300

refcnt       : 1

selftest     : passed

type         : blkcipher

blocksize    : 8

min keysize  : 4

max keysize  : 56

ivsize       : 8

geniv        : <default>

 

name         : ecb(blowfish)

driver       : ecb-blowfish-asm

module       : blowfish_x86_64

priority     : 300

refcnt       : 1

selftest     : passed

type         : blkcipher

blocksize    : 8

min keysize  : 4

max keysize  : 56

ivsize       : 0

geniv        : <default>

 

name         : blowfish

driver       : blowfish-asm

module       : blowfish_x86_64

priority     : 200

refcnt       : 1

selftest     : passed

type         : cipher

blocksize    : 8

min keysize  : 4

max keysize  : 56

 

name         : twofish

driver       : twofish-generic

module       : twofish_generic

priority     : 100

refcnt       : 1

selftest     : passed

type         : cipher

blocksize    : 16

min keysize  : 16

max keysize  : 32

 

name         : xts(twofish)

driver       : xts-twofish-avx

module       : twofish_avx_x86_64

priority     : 400

refcnt       : 1

selftest     : passed

type         : ablkcipher

async        : yes

blocksize    : 16

min keysize  : 32

max keysize  : 64

ivsize       : 16

geniv        : <default>

 

name         : lrw(twofish)

driver       : lrw-twofish-avx

module       : twofish_avx_x86_64

priority     : 400

refcnt       : 1

selftest     : passed

type         : ablkcipher

async        : yes

blocksize    : 16

min keysize  : 32

max keysize  : 48

ivsize       : 16

geniv        : <default>

 

name         : ctr(twofish)

driver       : ctr-twofish-avx

module       : twofish_avx_x86_64

priority     : 400

refcnt       : 1

selftest     : passed

type         : ablkcipher

async        : yes

blocksize    : 1

min keysize  : 16

max keysize  : 32

ivsize       : 16

geniv        : chainiv

 

name         : cbc(twofish)

driver       : cbc-twofish-avx

module       : twofish_avx_x86_64

priority     : 400

refcnt       : 1

selftest     : passed

type         : ablkcipher

async        : yes

blocksize    : 16

min keysize  : 16

max keysize  : 32

ivsize       : 16

geniv        : <default>

 

name         : __ecb-twofish-avx

driver       : cryptd(__driver-ecb-twofish-avx)

module       : cryptd

priority     : 50

refcnt       : 1

selftest     : passed

type         : ablkcipher

async        : yes

blocksize    : 16

min keysize  : 16

max keysize  : 32

ivsize       : 0

geniv        : <default>

 

name         : ecb(twofish)

driver       : ecb-twofish-avx

module       : twofish_avx_x86_64

priority     : 400

refcnt       : 1

selftest     : passed

type         : ablkcipher

async        : yes

blocksize    : 16

min keysize  : 16

max keysize  : 32

ivsize       : 0

geniv        : <default>

 

name         : __xts-twofish-avx

driver       : __driver-xts-twofish-avx

module       : twofish_avx_x86_64

priority     : 0

refcnt       : 1

selftest     : passed

type         : blkcipher

blocksize    : 16

min keysize  : 32

max keysize  : 64

ivsize       : 16

geniv        : <default>

 

name         : __lrw-twofish-avx

driver       : __driver-lrw-twofish-avx

module       : twofish_avx_x86_64

priority     : 0

refcnt       : 1

selftest     : passed

type         : blkcipher

blocksize    : 16

min keysize  : 32

max keysize  : 48

ivsize       : 16

geniv        : <default>

 

name         : __ctr-twofish-avx

driver       : __driver-ctr-twofish-avx

module       : twofish_avx_x86_64

priority     : 0

refcnt       : 1

selftest     : passed

type         : blkcipher

blocksize    : 1

min keysize  : 16

max keysize  : 32

ivsize       : 16

geniv        : <default>

 

name         : __cbc-twofish-avx

driver       : __driver-cbc-twofish-avx

module       : twofish_avx_x86_64

priority     : 0

refcnt       : 1

selftest     : passed

type         : blkcipher

blocksize    : 16

min keysize  : 16

max keysize  : 32

ivsize       : 0

geniv        : <default>

 

name         : __ecb-twofish-avx

driver       : __driver-ecb-twofish-avx

module       : twofish_avx_x86_64

priority     : 0

refcnt       : 1

selftest     : passed

type         : blkcipher

blocksize    : 16

min keysize  : 16

max keysize  : 32

ivsize       : 0

geniv        : <default>

 

name         : xts(twofish)

driver       : xts-twofish-3way

module       : twofish_x86_64_3way

priority     : 300

refcnt       : 1

selftest     : passed

type         : blkcipher

blocksize    : 16

min keysize  : 32

max keysize  : 64

ivsize       : 16

geniv        : <default>

 

name         : lrw(twofish)

driver       : lrw-twofish-3way

module       : twofish_x86_64_3way

priority     : 300

refcnt       : 1

selftest     : passed

type         : blkcipher

blocksize    : 16

min keysize  : 32

max keysize  : 48

ivsize       : 16

geniv        : <default>

 

name         : ctr(twofish)

driver       : ctr-twofish-3way

module       : twofish_x86_64_3way

priority     : 300

refcnt       : 1

selftest     : passed

type         : blkcipher

blocksize    : 1

min keysize  : 16

max keysize  : 32

ivsize       : 16

geniv        : <default>

 

name         : cbc(twofish)

driver       : cbc-twofish-3way

module       : twofish_x86_64_3way

priority     : 300

refcnt       : 1

selftest     : passed

type         : blkcipher

blocksize    : 16

min keysize  : 16

max keysize  : 32

ivsize       : 16

geniv        : <default>

 

name         : ecb(twofish)

driver       : ecb-twofish-3way

module       : twofish_x86_64_3way

priority     : 300

refcnt       : 1

selftest     : passed

type         : blkcipher

blocksize    : 16

min keysize  : 16

max keysize  : 32

ivsize       : 0

geniv        : <default>

 

name         : twofish

driver       : twofish-asm

module       : twofish_x86_64

priority     : 200

refcnt       : 1

selftest     : passed

type         : cipher

blocksize    : 16

min keysize  : 16

max keysize  : 32

 

name         : sha384

driver       : sha384-ssse3

module       : sha512_ssse3

priority     : 150

refcnt       : 1

selftest     : passed

type         : shash

blocksize    : 128

digestsize   : 48

 

name         : sha512

driver       : sha512-ssse3

module       : sha512_ssse3

priority     : 150

refcnt       : 1

selftest     : passed

type         : shash

blocksize    : 128

digestsize   : 64

 

name         : sha384

driver       : sha384-generic

module       : sha512_generic

priority     : 0

refcnt       : 1

selftest     : passed

type         : shash

blocksize    : 128

digestsize   : 48

 

name         : sha512

driver       : sha512-generic

module       : sha512_generic

priority     : 0

refcnt       : 1

selftest     : passed

type         : shash

blocksize    : 128

digestsize   : 64

 

name         : des3_ede

driver       : des3_ede-generic

module       : des_generic

priority     : 0

refcnt       : 1

selftest     : passed

type         : cipher

blocksize    : 8

min keysize  : 24

max keysize  : 24

 

name         : des

driver       : des-generic

module       : des_generic

priority     : 0

refcnt       : 1

selftest     : passed

type         : cipher

blocksize    : 8

min keysize  : 8

max keysize  : 8

 

name         : crc32

driver       : crc32-pclmul

module       : crc32_pclmul

priority     : 200

refcnt       : 1

selftest     : passed

type         : shash

blocksize    : 1

digestsize   : 4

 

name         : __ghash

driver       : cryptd(__ghash-pclmulqdqni)

module       : cryptd

priority     : 50

refcnt       : 1

selftest     : passed

type         : ahash

async        : yes

blocksize    : 16

digestsize   : 16

 

name         : ghash

driver       : ghash-clmulni

module       : ghash_clmulni_intel

priority     : 400

refcnt       : 1

selftest     : passed

type         : ahash

async        : yes

blocksize    : 16

digestsize   : 16

 

name         : __ghash

driver       : __ghash-pclmulqdqni

module       : ghash_clmulni_intel

priority     : 0

refcnt       : 1

selftest     : passed

type         : shash

blocksize    : 16

digestsize   : 16

 

name         : xts(aes)

driver       : xts-aes-aesni

module       : aesni_intel

priority     : 400

refcnt       : 1

selftest     : passed

type         : ablkcipher

async        : yes

blocksize    : 16

min keysize  : 32

max keysize  : 64

ivsize       : 16

geniv        : <default>

 

name         : lrw(aes)

driver       : lrw-aes-aesni

module       : aesni_intel

priority     : 400

refcnt       : 1

selftest     : passed

type         : ablkcipher

async        : yes

blocksize    : 16

min keysize  : 32

max keysize  : 48

ivsize       : 16

geniv        : <default>

 

name         : __xts-aes-aesni

driver       : __driver-xts-aes-aesni

module       : aesni_intel

priority     : 0

refcnt       : 1

selftest     : passed

type         : blkcipher

blocksize    : 16

min keysize  : 32

max keysize  : 64

ivsize       : 16

geniv        : <default>

 

name         : __lrw-aes-aesni

driver       : __driver-lrw-aes-aesni

module       : aesni_intel

priority     : 0

refcnt       : 1

selftest     : passed

type         : blkcipher

blocksize    : 16

min keysize  : 32

max keysize  : 48

ivsize       : 16

geniv        : <default>

 

name         : pcbc(aes)

driver       : pcbc-aes-aesni

module       : aesni_intel

priority     : 400

refcnt       : 1

selftest     : passed

type         : ablkcipher

async        : yes

blocksize    : 16

min keysize  : 16

max keysize  : 32

ivsize       : 16

geniv        : <default>

 

name         : rfc4106(gcm(aes))

driver       : rfc4106-gcm-aesni

module       : aesni_intel

priority     : 400

refcnt       : 1

selftest     : passed

type         : nivaead

async        : yes

blocksize    : 1

ivsize       : 8

maxauthsize  : 16

geniv        : seqiv

 

name         : __gcm-aes-aesni

driver       : __driver-gcm-aes-aesni

module       : aesni_intel

priority     : 0

refcnt       : 1

selftest     : passed

type         : aead

async        : no

blocksize    : 1

ivsize       : 0

maxauthsize  : 0

geniv        : <built-in>

 

name         : ctr(aes)

driver       : ctr-aes-aesni

module       : aesni_intel

priority     : 400

refcnt       : 1

selftest     : passed

type         : ablkcipher

async        : yes

blocksize    : 1

min keysize  : 16

max keysize  : 32

ivsize       : 16

geniv        : chainiv

 

name         : __ctr-aes-aesni

driver       : __driver-ctr-aes-aesni

module       : aesni_intel

priority     : 0

refcnt       : 1

selftest     : passed

type         : blkcipher

blocksize    : 1

min keysize  : 16

max keysize  : 32

ivsize       : 16

geniv        : <default>

 

name         : cbc(aes)

driver       : cbc-aes-aesni

module       : aesni_intel

priority     : 400

refcnt       : 1

selftest     : passed

type         : ablkcipher

async        : yes

blocksize    : 16

min keysize  : 16

max keysize  : 32

ivsize       : 16

geniv        : <default>

 

name         : __ecb-aes-aesni

driver       : cryptd(__driver-ecb-aes-aesni)

module       : cryptd

priority     : 50

refcnt       : 1

selftest     : passed

type         : ablkcipher

async        : yes

blocksize    : 16

min keysize  : 16

max keysize  : 32

ivsize       : 0

geniv        : <default>

 

name         : ecb(aes)

driver       : ecb-aes-aesni

module       : aesni_intel

priority     : 400

refcnt       : 1

selftest     : passed

type         : ablkcipher

async        : yes

blocksize    : 16

min keysize  : 16

max keysize  : 32

ivsize       : 0

geniv        : <default>

 

name         : __cbc-aes-aesni

driver       : __driver-cbc-aes-aesni

module       : aesni_intel

priority     : 0

refcnt       : 1

selftest     : passed

type         : blkcipher

blocksize    : 16

min keysize  : 16

max keysize  : 32

ivsize       : 0

geniv        : <default>

 

name         : __ecb-aes-aesni

driver       : __driver-ecb-aes-aesni

module       : aesni_intel

priority     : 0

refcnt       : 1

selftest     : passed

type         : blkcipher

blocksize    : 16

min keysize  : 16

max keysize  : 32

ivsize       : 0

geniv        : <default>

 

name         : __aes-aesni

driver       : __driver-aes-aesni

module       : aesni_intel

priority     : 0

refcnt       : 1

selftest     : passed

type         : cipher

blocksize    : 16

min keysize  : 16

max keysize  : 32

 

name         : aes

driver       : aes-aesni

module       : aesni_intel

priority     : 300

refcnt       : 1

selftest     : passed

type         : cipher

blocksize    : 16

min keysize  : 16

max keysize  : 32

 

name         : crct10dif

driver       : crct10dif-generic

module       : crct10dif_generic

priority     : 100

refcnt       : 1

selftest     : passed

type         : shash

blocksize    : 1

digestsize   : 2

 

name         : crct10dif

driver       : crct10dif-pclmul

module       : crct10dif_pclmul

priority     : 200

refcnt       : 2

selftest     : passed

type         : shash

blocksize    : 1

digestsize   : 2

 

name         : crc32c

driver       : crc32c-intel

module       : crc32c_intel

priority     : 200

refcnt       : 2

selftest     : passed

type         : shash

blocksize    : 1

digestsize   : 4

 

name         : hmac(sha256)

driver       : hmac(sha256-ssse3)

module       : kernel

priority     : 150

refcnt       : 2

selftest     : passed

type         : shash

blocksize    : 64

digestsize   : 32

 

name         : hmac(sha1)

driver       : hmac(sha1-ssse3)

module       : kernel

priority     : 150

refcnt       : 2

selftest     : passed

type         : shash

blocksize    : 64

digestsize   : 20

 

name         : lzo

driver       : lzo-generic

module       : kernel

priority     : 0

refcnt       : 1

selftest     : passed

type         : compression

 

name         : crc32c

driver       : crc32c-generic

module       : kernel

priority     : 100

refcnt       : 1

selftest     : passed

type         : shash

blocksize    : 1

digestsize   : 4

 

name         : aes

driver       : aes-generic

module       : kernel

priority     : 100

refcnt       : 1

selftest     : passed

type         : cipher

blocksize    : 16

min keysize  : 16

max keysize  : 32

 

name         : sha224

driver       : sha224-generic

module       : kernel

priority     : 0

refcnt       : 1

selftest     : passed

type         : shash

blocksize    : 64

digestsize   : 28

 

name         : sha256

driver       : sha256-generic

module       : kernel

priority     : 0

refcnt       : 1

selftest     : passed

type         : shash

blocksize    : 64

digestsize   : 32

 

name         : sha1

driver       : sha1-generic

module       : kernel

priority     : 0

refcnt       : 1

selftest     : passed

type         : shash

blocksize    : 64

digestsize   : 20

 

name         : md5

driver       : md5-generic

module       : kernel

priority     : 0

refcnt       : 1

selftest     : passed

type         : shash

blocksize    : 64

digestsize   : 16

 

name         : sha224

driver       : sha224-ssse3

module       : kernel

priority     : 150

refcnt       : 1

selftest     : passed

type         : shash

blocksize    : 64

digestsize   : 28

 

name         : sha256

driver       : sha256-ssse3

module       : kernel

priority     : 150

refcnt       : 3

selftest     : passed

type         : shash

blocksize    : 64

digestsize   : 32

 

name         : sha1

driver       : sha1-ssse3

module       : kernel

priority     : 150

refcnt       : 5

selftest     : passed

type         : shash

blocksize    : 64

digestsize   : 20

 

name         : aes

driver       : aes-asm

module       : kernel

priority     : 200

refcnt       : 1

selftest     : passed

type         : cipher

blocksize    : 16

min keysize  : 16

max keysize  : 32

 

+ __________________________/proc/sys/net/core/xfrm-star

/usr/libexec/ipsec/barf: line 206:
__________________________/proc/sys/net/core/xfrm-star: No such file or
directory

+ for i in '/proc/sys/net/core/xfrm_*'

+ echo -n '/proc/sys/net/core/xfrm_acq_expires: '

/proc/sys/net/core/xfrm_acq_expires: + cat
/proc/sys/net/core/xfrm_acq_expires

300

+ for i in '/proc/sys/net/core/xfrm_*'

+ echo -n '/proc/sys/net/core/xfrm_aevent_etime: '

/proc/sys/net/core/xfrm_aevent_etime: + cat
/proc/sys/net/core/xfrm_aevent_etime

10

+ for i in '/proc/sys/net/core/xfrm_*'

+ echo -n '/proc/sys/net/core/xfrm_aevent_rseqth: '

/proc/sys/net/core/xfrm_aevent_rseqth: + cat
/proc/sys/net/core/xfrm_aevent_rseqth

2

+ for i in '/proc/sys/net/core/xfrm_*'

+ echo -n '/proc/sys/net/core/xfrm_larval_drop: '

/proc/sys/net/core/xfrm_larval_drop: + cat
/proc/sys/net/core/xfrm_larval_drop

1

+ _________________________ /proc/sys/net/ipsec-star

+ test -d /proc/sys/net/ipsec

+ _________________________ ipsec/status

+ ipsec whack --status

000 using kernel interface: netkey

000 interface lo/lo ::1 at 500

000 interface lo/lo 127.0.0.1 at 4500

000 interface lo/lo 127.0.0.1 at 500

000 interface enp0s3/enp0s3 10.0.2.15 at 4500

000 interface enp0s3/enp0s3 10.0.2.15 at 500

000 interface enp0s8/enp0s8 192.168.89.7 at 4500

000 interface enp0s8/enp0s8 192.168.89.7 at 500

000  

000  

000 fips mode=disabled;

000 SElinux=enabled

000 seccomp=unsupported

000  

000 config setup options:

000  

000 configdir=/etc, configfile=/etc/ipsec.conf, secrets=/etc/ipsec.secrets,
ipsecdir=/etc/ipsec.d, nssdir=/etc/ipsec.d, dumpdir=/var/run/pluto/,
statsbin=unset

000 sbindir=/usr/sbin, libexecdir=/usr/libexec/ipsec

000 pluto_version=3.20, pluto_vendorid=OE-Libreswan-3.20

000 nhelpers=-1, uniqueids=yes, perpeerlog=no, shuntlifetime=900s,
xfrmlifetime=300s

000 ddos-cookies-threshold=50000, ddos-max-halfopen=25000, ddos-mode=auto

000 ikeport=500, strictcrlpolicy=no, crlcheckinterval=0, listen=<any>,
nflog-all=0

000 ocsp-enable=no, ocsp-strict=no, ocsp-timeout=2, ocsp-uri=<unset>

000 ocsp-trust-name=<unset>

000 ocsp-cache-size=1000, ocsp-cache-min-age=3600, ocsp-cache-max-age=86400,
ocsp-method=get

000 secctx-attr-type=32001

000 myid = (none)

000 debug none

000  

000 nat-traversal=yes, keep-alive=20, nat-ikeport=4500

000 virtual-private (%priv):

000 - allowed subnets: 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12,
25.0.0.0/8, 100.64.0.0/10, fd00::/8, fe80::/10

000  

000 ESP algorithms supported:

000  

000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192,
keysizemax=192

000 algorithm ESP encrypt: id=6, name=ESP_CAST, ivlen=8, keysizemin=128,
keysizemax=128

000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0,
keysizemax=0

000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128,
keysizemax=256

000 algorithm ESP encrypt: id=13, name=ESP_AES_CTR, ivlen=8, keysizemin=128,
keysizemax=256

000 algorithm ESP encrypt: id=14, name=ESP_AES_CCM_A, ivlen=8,
keysizemin=128, keysizemax=256

000 algorithm ESP encrypt: id=15, name=ESP_AES_CCM_B, ivlen=8,
keysizemin=128, keysizemax=256

000 algorithm ESP encrypt: id=16, name=ESP_AES_CCM_C, ivlen=8,
keysizemin=128, keysizemax=256

000 algorithm ESP encrypt: id=18, name=ESP_AES_GCM_A, ivlen=8,
keysizemin=128, keysizemax=256

000 algorithm ESP encrypt: id=19, name=ESP_AES_GCM_B, ivlen=12,
keysizemin=128, keysizemax=256

000 algorithm ESP encrypt: id=20, name=ESP_AES_GCM_C, ivlen=16,
keysizemin=128, keysizemax=256

000 algorithm ESP encrypt: id=22, name=ESP_CAMELLIA, ivlen=8,
keysizemin=128, keysizemax=256

000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8,
keysizemin=128, keysizemax=256

000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8,
keysizemin=128, keysizemax=256

000 algorithm AH/ESP auth: id=1, name=AUTH_ALGORITHM_HMAC_MD5,
keysizemin=128, keysizemax=128

000 algorithm AH/ESP auth: id=2, name=AUTH_ALGORITHM_HMAC_SHA1,
keysizemin=160, keysizemax=160

000 algorithm AH/ESP auth: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256,
keysizemin=256, keysizemax=256

000 algorithm AH/ESP auth: id=6, name=AUTH_ALGORITHM_HMAC_SHA2_384,
keysizemin=384, keysizemax=384

000 algorithm AH/ESP auth: id=7, name=AUTH_ALGORITHM_HMAC_SHA2_512,
keysizemin=512, keysizemax=512

000 algorithm AH/ESP auth: id=8, name=AUTH_ALGORITHM_HMAC_RIPEMD,
keysizemin=160, keysizemax=160

000 algorithm AH/ESP auth: id=9, name=AUTH_ALGORITHM_AES_XCBC,
keysizemin=128, keysizemax=128

000 algorithm AH/ESP auth: id=250, name=AUTH_ALGORITHM_AES_CMAC_96,
keysizemin=128, keysizemax=128

000 algorithm AH/ESP auth: id=251, name=AUTH_ALGORITHM_NULL_KAME,
keysizemin=0, keysizemax=0

000  

000 IKE algorithms supported:

000  

000 algorithm IKE encrypt: v1id=5, v1name=OAKLEY_3DES_CBC, v2id=3,
v2name=3DES, blocksize=8, keydeflen=192

000 algorithm IKE encrypt: v1id=8, v1name=OAKLEY_CAMELLIA_CBC, v2id=23,
v2name=CAMELLIA_CBC, blocksize=16, keydeflen=128

000 algorithm IKE encrypt: v1id=20, v1name=OAKLEY_AES_GCM_C, v2id=20,
v2name=AES_GCM_C, blocksize=16, keydeflen=128

000 algorithm IKE encrypt: v1id=19, v1name=OAKLEY_AES_GCM_B, v2id=19,
v2name=AES_GCM_B, blocksize=16, keydeflen=128

000 algorithm IKE encrypt: v1id=18, v1name=OAKLEY_AES_GCM_A, v2id=18,
v2name=AES_GCM_A, blocksize=16, keydeflen=128

000 algorithm IKE encrypt: v1id=13, v1name=OAKLEY_AES_CTR, v2id=13,
v2name=AES_CTR, blocksize=16, keydeflen=128

000 algorithm IKE encrypt: v1id=7, v1name=OAKLEY_AES_CBC, v2id=12,
v2name=AES_CBC, blocksize=16, keydeflen=128

000 algorithm IKE encrypt: v1id=65004, v1name=OAKLEY_SERPENT_CBC,
v2id=65004, v2name=SERPENT_CBC, blocksize=16, keydeflen=128

000 algorithm IKE encrypt: v1id=65005, v1name=OAKLEY_TWOFISH_CBC,
v2id=65005, v2name=TWOFISH_CBC, blocksize=16, keydeflen=128

000 algorithm IKE encrypt: v1id=65289, v1name=OAKLEY_TWOFISH_CBC_SSH,
v2id=65289, v2name=TWOFISH_CBC_SSH, blocksize=16, keydeflen=128

000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashlen=16

000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashlen=20

000 algorithm IKE hash: id=4, name=OAKLEY_SHA2_256, hashlen=32

000 algorithm IKE hash: id=5, name=OAKLEY_SHA2_384, hashlen=48

000 algorithm IKE hash: id=6, name=OAKLEY_SHA2_512, hashlen=64

000 algorithm IKE DH Key Exchange: name=MODP1024, bits=1024

000 algorithm IKE DH Key Exchange: name=MODP1536, bits=1536

000 algorithm IKE DH Key Exchange: name=MODP2048, bits=2048

000 algorithm IKE DH Key Exchange: name=MODP3072, bits=3072

000 algorithm IKE DH Key Exchange: name=MODP4096, bits=4096

000 algorithm IKE DH Key Exchange: name=MODP6144, bits=6144

000 algorithm IKE DH Key Exchange: name=MODP8192, bits=8192

000 algorithm IKE DH Key Exchange: name=DH19, bits=512

000 algorithm IKE DH Key Exchange: name=DH20, bits=768

000 algorithm IKE DH Key Exchange: name=DH21, bits=1056

000 algorithm IKE DH Key Exchange: name=DH22, bits=1024

000 algorithm IKE DH Key Exchange: name=DH23, bits=2048

000 algorithm IKE DH Key Exchange: name=DH24, bits=2048

000  

000 stats db_ops: {curr_cnt, total_cnt, maxsz} :context={0,0,0}
trans={0,0,0} attrs={0,0,0} 

000  

000 Connection list:

000  

000 "host-to-host":
192.168.89.7/32===192.168.89.7<192.168.89.7>[@k1]...192.168.89.6<192.168.89.
6>[@k2]===192.168.89.6/32; erouted HOLD; eroute owner: #0

000 "host-to-host":     oriented; my_ip=unset; their_ip=unset

000 "host-to-host":   xauth us:none, xauth them:none,  my_username=[any];
their_username=[any]

000 "host-to-host":   our auth:rsasig, their auth:rsasig

000 "host-to-host":   modecfg info: us:none, them:none, modecfg policy:push,
dns1:unset, dns2:unset, domain:unset, banner:unset, cat:unset;

000 "host-to-host":   labeled_ipsec:no;

000 "host-to-host":   policy_label:unset;

000 "host-to-host":   ike_life: 3600s; ipsec_life: 28800s; replay_window:
32; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0;

000 "host-to-host":   retransmit-interval: 500ms; retransmit-timeout: 60s;

000 "host-to-host":   sha2-truncbug:no; initial-contact:no; cisco-unity:no;
fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no;

000 "host-to-host":   policy:
RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_AL
LOW+ESN_NO;

000 "host-to-host":   conn_prio: 32,32; interface: enp0s8; metric: 0; mtu:
unset; sa_prio:auto; sa_tfc:none;

000 "host-to-host":   nflog-group: unset; mark: unset; vti-iface:unset;
vti-routing:no; vti-shared:no;

000 "host-to-host":   dpd: action:restart; delay:5; timeout:30; nat-t:
encaps:auto; nat_keepalive:yes; ikev1_natt:both

000 "host-to-host":   newest ISAKMP SA: #0; newest IPsec SA: #0;

000 "v6neighbor-hole-in": ::/0===::1<::1>:58/34560...%any:58/34816===::/0;
prospective erouted; eroute owner: #0

000 "v6neighbor-hole-in":     oriented; my_ip=unset; their_ip=unset

000 "v6neighbor-hole-in":   xauth us:none, xauth them:none,
my_username=[any]; their_username=[any]

000 "v6neighbor-hole-in":   our auth:unset, their auth:unset

000 "v6neighbor-hole-in":   modecfg info: us:none, them:none, modecfg
policy:push, dns1:unset, dns2:unset, domain:unset, banner:unset, cat:unset;

000 "v6neighbor-hole-in":   labeled_ipsec:no;

000 "v6neighbor-hole-in":   policy_label:unset;

000 "v6neighbor-hole-in":   ike_life: 0s; ipsec_life: 0s; replay_window: 0;
rekey_margin: 0s; rekey_fuzz: 0%; keyingtries: 0;

000 "v6neighbor-hole-in":   retransmit-interval: 0ms; retransmit-timeout:
0s;

000 "v6neighbor-hole-in":   sha2-truncbug:no; initial-contact:no;
cisco-unity:no; fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no;

000 "v6neighbor-hole-in":   policy:
PFS+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO+PASS+NEVER_NEG
OTIATE;

000 "v6neighbor-hole-in":   conn_prio: 0,0; interface: lo; metric: 0; mtu:
unset; sa_prio:1; sa_tfc:none;

000 "v6neighbor-hole-in":   nflog-group: unset; mark: unset;
vti-iface:unset; vti-routing:no; vti-shared:no;

000 "v6neighbor-hole-in":   newest ISAKMP SA: #0; newest IPsec SA: #0;

000 "v6neighbor-hole-out": ::/0===::1<::1>:58/34816...%any:58/34560===::/0;
prospective erouted; eroute owner: #0

000 "v6neighbor-hole-out":     oriented; my_ip=unset; their_ip=unset

000 "v6neighbor-hole-out":   xauth us:none, xauth them:none,
my_username=[any]; their_username=[any]

000 "v6neighbor-hole-out":   our auth:unset, their auth:unset

000 "v6neighbor-hole-out":   modecfg info: us:none, them:none, modecfg
policy:push, dns1:unset, dns2:unset, domain:unset, banner:unset, cat:unset;

000 "v6neighbor-hole-out":   labeled_ipsec:no;

000 "v6neighbor-hole-out":   policy_label:unset;

000 "v6neighbor-hole-out":   ike_life: 0s; ipsec_life: 0s; replay_window: 0;
rekey_margin: 0s; rekey_fuzz: 0%; keyingtries: 0;

000 "v6neighbor-hole-out":   retransmit-interval: 0ms; retransmit-timeout:
0s;

000 "v6neighbor-hole-out":   sha2-truncbug:no; initial-contact:no;
cisco-unity:no; fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no;

000 "v6neighbor-hole-out":   policy:
PFS+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO+PASS+NEVER_NEG
OTIATE;

000 "v6neighbor-hole-out":   conn_prio: 0,0; interface: lo; metric: 0; mtu:
unset; sa_prio:1; sa_tfc:none;

000 "v6neighbor-hole-out":   nflog-group: unset; mark: unset;
vti-iface:unset; vti-routing:no; vti-shared:no;

000 "v6neighbor-hole-out":   newest ISAKMP SA: #0; newest IPsec SA: #0;

000  

000 Total IPsec connections: loaded 3, active 0

000  

000 State Information: DDoS cookies not required, Accepting new IKE
connections

000 IKE SAs: total(0), half-open(0), open(0), authenticated(0), anonymous(0)

000 IPsec SAs: total(0), authenticated(0), anonymous(0)

000  

000 Bare Shunt list:

000  

+ _________________________ ifconfig-a

+ ifconfig -a

enp0s3: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500

        ether 08:00:27:38:73:c0  txqueuelen 1000  (Ethernet)

        RX packets 383  bytes 33368 (32.5 KiB)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 398  bytes 33722 (32.9 KiB)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

 

enp0s8: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500

        inet 192.168.89.7  netmask 255.255.255.0  broadcast 192.168.89.255

        inet6 fe80::3cde:79d1:e916:b159  prefixlen 64  scopeid 0x20<link>

        ether 08:00:27:56:a0:05  txqueuelen 1000  (Ethernet)

        RX packets 829  bytes 122460 (119.5 KiB)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 256  bytes 63139 (61.6 KiB)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

 

ip_vti0: flags=128<NOARP>  mtu 1480

        tunnel   txqueuelen 1  (IPIP Tunnel)

        RX packets 0  bytes 0 (0.0 B)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 0  bytes 0 (0.0 B)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

 

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536

        inet 127.0.0.1  netmask 255.0.0.0

        inet6 ::1  prefixlen 128  scopeid 0x10<host>

        loop  txqueuelen 1  (Local Loopback)

        RX packets 256  bytes 20736 (20.2 KiB)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 256  bytes 20736 (20.2 KiB)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

 

+ _________________________ ip-addr-list

+ ip addr list

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

    inet 127.0.0.1/8 scope host lo

       valid_lft forever preferred_lft forever

    inet6 ::1/128 scope host 

       valid_lft forever preferred_lft forever

2: enp0s3: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast
state DOWN qlen 1000

    link/ether 08:00:27:38:73:c0 brd ff:ff:ff:ff:ff:ff

3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
UP qlen 1000

    link/ether 08:00:27:56:a0:05 brd ff:ff:ff:ff:ff:ff

    inet 192.168.89.7/24 brd 192.168.89.255 scope global enp0s8

       valid_lft forever preferred_lft forever

    inet6 fe80::3cde:79d1:e916:b159/64 scope link 

       valid_lft forever preferred_lft forever

4: ip_vti0 at NONE: <NOARP> mtu 1480 qdisc noop state DOWN qlen 1

    link/ipip 0.0.0.0 brd 0.0.0.0

+ _________________________ ip-route-list

+ ip route list

192.168.89.0/24 dev enp0s8 proto kernel scope link src 192.168.89.7 metric
100 

+ _________________________ ip-rule-list

+ ip rule list

0:      from all lookup local 

32766:  from all lookup main 

32767:  from all lookup default 

+ _________________________ ipsec_verify

+ ipsec verify --nocolour

Verifying installed system and configuration files

 

Version check and ipsec on-path                         [OK]

Libreswan 3.20 (netkey) on 3.10.0-693.17.1.el7.x86_64

Checking for IPsec support in kernel                    [OK]

NETKEY: Testing XFRM related proc values

         ICMP default/send_redirects                    [OK]

         ICMP default/accept_redirects                  [OK]

         XFRM larval drop                               [OK]

Pluto ipsec.conf syntax                                 [OK]

Two or more interfaces found, checking IP forwarding    [OK]

Checking rp_filter                                      [OK]

Checking that pluto is running                          [OK]

Pluto listening for IKE on udp 500                     [OK]

Pluto listening for IKE/NAT-T on udp 4500              [OK]

Pluto ipsec.secret syntax                              [OK]

Checking 'ip' command                                   [OK]

Checking 'iptables' command                             [OK]

Checking 'prelink' command does not interfere with FIPS [OK]

Checking for obsolete ipsec.conf options                [OK]

+ _________________________ mii-tool

+ '[' -x /sbin/mii-tool ']'

+ /sbin/mii-tool -v

No interface specified

usage: /sbin/mii-tool [-VvRrwl] [-A media,... | -F media] [-p addr]
<interface ...>

       -V, --version               display version information

       -v, --verbose               more verbose output

       -R, --reset                 reset MII to poweron state

       -r, --restart               restart autonegotiation

       -w, --watch                 monitor for link status changes

       -l, --log                   with -w, write events to syslog

       -A, --advertise=media,...   advertise only specified media

       -F, --force=media           force specified media technology

       -p, --phy=addr              set PHY (MII address) to report

media: 1000baseTx-HD, 1000baseTx-FD,

       100baseT4, 100baseTx-FD, 100baseTx-HD,

       10baseT-FD, 10baseT-HD,

       (to advertise both HD and FD) 1000baseTx, 100baseTx, 10baseT

+ _________________________ ipsec/directory

+ ipsec --directory

/usr/libexec/ipsec

+ _________________________ hostname/fqdn

+ hostname --fqdn

k1.home

+ _________________________ hostname/ipaddress

+ hostname --ip-address

127.0.0.1

+ _________________________ uptime

+ uptime

13:46:56 up  2:37,  1 user,  load average: 0.00, 0.01, 0.05

+ _________________________ ps

+ ps alxwf

+ egrep -i 'ppid|pluto|ipsec|klips'

F   UID   PID  PPID PRI  NI    VSZ   RSS WCHAN  STAT TTY        TIME COMMAND

4     0  3002  1040  20   0 113136  1552 do_wai S+   tty1       0:00      \_
/bin/sh /usr/libexec/ipsec/barf

1     0  3053  3002  20   0 113136   240 -      R+   tty1       0:00
\_ /bin/sh /usr/libexec/ipsec/barf

4     0  2866     1  20   0 204920  8228 ep_pol Ssl  ?          0:00
/usr/libexec/ipsec/pluto --leak-detective --config /etc/ipsec.conf --nofork

+ _________________________ ipsec/conf

+ ipsec _keycensor

+ ipsec readwriteconf --config /etc/ipsec.conf

#conn host-to-host loaded

#conn v6neighbor-hole-in loaded

#conn v6neighbor-hole-out loaded

config setup

        dumpdir=/var/run/pluto/

 
virtual-private=%v4:10.0.0.0/8,%v4:192.168.0.0/16,%v4:172.16.0.0/12,%v4:25.0
.0.0/8,%v4:100.64.0.0/10,%v6:fd00::/8,%v6:fe80::/10

        protostack=netkey

 

 

# begin conn host-to-host

conn host-to-host

        left=192.168.89.7

        leftid="@k1"

        leftrsasigkey=[keyid AwEAAexla]

        left=192.168.89.7

        right=192.168.89.6

        rightid="@k2"

        rightrsasigkey=[keyid AwEAAejt9]

        right=192.168.89.6

        auto=start

        dpddelay=5

        dpdtimeout=30

        dpdaction=restart

        auto=start

        type=tunnel

        compress=no

        pfs=yes

        ikepad=yes

        authby=never

        phase2=esp

        ikev2=permit

        esn=no

# end conn host-to-host

 

# begin conn v6neighbor-hole-in

conn v6neighbor-hole-in

        left=::1

        leftsubnet=::/0

        leftprotoport=58/34560

        left=::1

        right=::

        rightsubnet=::/0

        rightprotoport=58/34816

        right=::0

        auto=ondemand

        connaddrfamily=ipv6

        type=pass

        authby=never

        priority=1

        auto=ondemand

        type=passthrough

# end conn v6neighbor-hole-in

 

# begin conn v6neighbor-hole-out

conn v6neighbor-hole-out

        left=::1

        leftsubnet=::/0

        leftprotoport=58/34816

        left=::1

        right=::

        rightsubnet=::/0

        rightprotoport=58/34560

        right=::0

        auto=ondemand

        connaddrfamily=ipv6

        type=pass

        authby=never

        priority=1

        auto=ondemand

        type=passthrough

# end conn v6neighbor-hole-out

 

# end of config

+ _________________________ ipsec/secrets

+ cat /etc/ipsec.secrets

+ ipsec _secretcensor

include /etc/ipsec.d/*.secrets

+ _________________________ ipsec/listall

+ ipsec whack --listall

000  

000 List of RSA Public Keys:

000  

000 Feb 17 12:21:16 2018, 3488 RSA Key AwEAAejt9 (no private key), until ---
-- --:--:-- ---- ok (expires never)

000        ID_FQDN '@k2'

000 Feb 17 12:21:16 2018, 3120 RSA Key AwEAAexla (no private key), until ---
-- --:--:-- ---- ok (expires never)

000        ID_FQDN '@k1'

000  

000 List of Pre-shared secrets (from /etc/ipsec.secrets)

000  

000  

000 List of X.509 End Certificates:

000  

000 List of X.509 CA Certificates:

000  

000 List of CRLs:

+ _________________________ nss/contents

+ certutil -L -d sql:/etc/ipsec.d

 

Certificate Nickname                                         Trust
Attributes

 
SSL,S/MIME,JAR/XPI

 

+ _________________________ nss/crls

+ crlutil -L -d sql:/etc/ipsec.d

 

 

CRL names                                CRL Type

 

+ '[' /etc/ipsec.d/policies ']'

+ for policy in '$POLICIES/*'

++ basename /etc/ipsec.d/policies/block

+ base=block

+ _________________________ ipsec/policies/block

+ cat /etc/ipsec.d/policies/block

# This file defines the set of CIDRs (network/mask-length) to which

# communication should never be allowed. One IPv4 or IPv6 CIDR per line.

 

+ for policy in '$POLICIES/*'

++ basename /etc/ipsec.d/policies/clear

+ base=clear

+ _________________________ ipsec/policies/clear

+ cat /etc/ipsec.d/policies/clear

# This file defines the set of CIDRs (network/mask-length) to which

# communication should always be in the clear. One IPv4 or IPv6 CIDR per
line.

 

+ for policy in '$POLICIES/*'

++ basename /etc/ipsec.d/policies/clear-or-private

+ base=clear-or-private

+ _________________________ ipsec/policies/clear-or-private

+ cat /etc/ipsec.d/policies/clear-or-private

# This file defines the set of CIDRs (network/mask-length) to which

# we will communicate in the clear, or, if the other side initiates IPSEC,

# using encryption.  This behaviour is also called "Opportunistic
Responder".

# One IPv4 or IPv6 CIDR per line.

+ for policy in '$POLICIES/*'

++ basename /etc/ipsec.d/policies/private

+ base=private

+ _________________________ ipsec/policies/private

+ cat /etc/ipsec.d/policies/private

# This file defines the set of CIDRs (network/mask-length) to which

# communication should always be private (i.e. encrypted). One IPv4

# or IPv6 CIDR per line.

+ for policy in '$POLICIES/*'

++ basename /etc/ipsec.d/policies/private-or-clear

+ base=private-or-clear

+ _________________________ ipsec/policies/private-or-clear

+ cat /etc/ipsec.d/policies/private-or-clear

# This file defines the set of CIDRs (network/mask-length) to which

# communication should be private, if possible, but in the clear otherwise.

# One IPv4 or IPv6 CIDR per line.

#

# If the target has a TXT (later IPSECKEY) record that specifies

# authentication material, we will require private (i.e. encrypted)

# communications.  If no such record is found, communications will be

# in the clear.

#

# 0.0.0.0/0

+ _________________________ ipsec/ls-execdir

+ ls -l /usr/libexec/ipsec

total 4256

-rwxr-xr-x. 1 root root  200376 Nov 30 15:29 _import_crl

-rwxr-xr-x. 1 root root    1410 Nov 30 15:28 _keycensor

-rwxr-xr-x. 1 root root    3053 Nov 30 15:28 _plutorun

-rwxr-xr-x. 1 root root    1904 Nov 30 15:28 _secretcensor

-rwxr-xr-x. 1 root root   14167 Nov 30 15:28 _stackmanager

-rwxr-xr-x. 1 root root    4330 Nov 30 15:28 _updown

-rwxr-xr-x. 1 root root   18644 Nov 30 15:28 _updown.klips

-rwxr-xr-x. 1 root root   20969 Nov 30 15:28 _updown.netkey

-rwxr-xr-x. 1 root root  237048 Nov 30 15:29 addconn

-rwxr-xr-x. 1 root root    4885 Nov 30 15:28 auto

-rwxr-xr-x. 1 root root   12108 Nov 30 15:28 barf

-rwxr-xr-x. 1 root root 1182552 Nov 30 15:29 cavp

-rwxr-xr-x. 1 root root   91648 Nov 30 15:29 eroute

-rwxr-xr-x. 1 root root   71272 Nov 30 15:29 klipsdebug

-rwxr-xr-x. 1 root root    2990 Nov 30 15:28 look

-rwxr-xr-x. 1 root root    3106 Nov 30 15:28 newhostkey

-rwxr-xr-x. 1 root root   66432 Nov 30 15:29 pf_key

-rwxr-xr-x. 1 root root 1247664 Nov 30 15:29 pluto

-rwxr-xr-x. 1 root root  216184 Nov 30 15:29 readwriteconf

-rwxr-xr-x. 1 root root  205240 Nov 30 15:29 rsasigkey

-rwxr-xr-x. 1 root root    6307 Nov 30 15:28 setup

-rwxr-xr-x. 1 root root  205536 Nov 30 15:29 showhostkey

-rwxr-xr-x. 1 root root  187776 Nov 30 15:29 spi

-rwxr-xr-x. 1 root root   83408 Nov 30 15:29 spigrp

-rwxr-xr-x. 1 root root  133272 Nov 30 15:29 tncfg

-rwxr-xr-x. 1 root root   12344 Nov 30 15:28 verify

-rwxr-xr-x. 1 root root   69472 Nov 30 15:29 whack

+ _________________________ /proc/net/dev

+ cat /proc/net/dev

Inter-|   Receive                                                |  Transmit

face |bytes    packets errs drop fifo frame compressed multicast|bytes
packets errs drop fifo colls carrier compressed

enp0s3:   33368     383    0    0    0     0          0         0    33722
398    0    0    0     0       0          0

enp0s8:  122736     832    0    0    0     0          0         0    63139
256    0    0    0     0       0          0

    lo:   20736     256    0    0    0     0          0         0    20736
256    0    0    0     0       0          0

ip_vti0:       0       0    0    0    0     0          0         0        0
0    0    0    0     0       0          0

+ _________________________ /proc/net/route

+ cat /proc/net/route

Iface   Destination     Gateway         Flags   RefCnt  Use     Metric
Mask            MTU     Window  IRTT


enp0s8  0059A8C0        00000000        0001    0       0       100
00FFFFFF        0       0       0


+ _________________________ /proc/sys/net/ipv4/ip_no_pmtu_disc

+ cat /proc/sys/net/ipv4/ip_no_pmtu_disc

0

+ _________________________ /proc/sys/net/ipv4/ip_forward

+ cat /proc/sys/net/ipv4/ip_forward

1

+ _________________________ /proc/sys/net/ipv4/tcp_ecn

+ cat /proc/sys/net/ipv4/tcp_ecn

2

+ _________________________ /proc/sys/net/ipv4/conf/star-rp_filter

+ cd /proc/sys/net/ipv4/conf

+ egrep '^' all/rp_filter default/rp_filter enp0s3/rp_filter
enp0s8/rp_filter ip_vti0/rp_filter lo/rp_filter

all/rp_filter:0

default/rp_filter:0

enp0s3/rp_filter:0

enp0s8/rp_filter:0

ip_vti0/rp_filter:0

lo/rp_filter:0

+ _________________________ /proc/sys/net/ipv4/conf/star-star-redirects

+ cd /proc/sys/net/ipv4/conf

+ egrep '^' all/accept_redirects all/secure_redirects all/send_redirects
default/accept_redirects default/secure_redirects default/send_redirects
enp0s3/accept_redirects enp0s3/secure_redirects enp0s3/send_redirects
enp0s8/accept_redirects enp0s8/secure_redirects enp0s8/send_redirects
ip_vti0/accept_redirects ip_vti0/secure_redirects ip_vti0/send_redirects
lo/accept_redirects lo/secure_redirects lo/send_redirects

all/accept_redirects:0

all/secure_redirects:1

all/send_redirects:0

default/accept_redirects:0

default/secure_redirects:1

default/send_redirects:0

enp0s3/accept_redirects:0

enp0s3/secure_redirects:1

enp0s3/send_redirects:0

enp0s8/accept_redirects:0

enp0s8/secure_redirects:1

enp0s8/send_redirects:0

ip_vti0/accept_redirects:0

ip_vti0/secure_redirects:1

ip_vti0/send_redirects:0

lo/accept_redirects:1

lo/secure_redirects:1

lo/send_redirects:1

+ _________________________ /proc/sys/net/ipv4/tcp_window_scaling

+ cat /proc/sys/net/ipv4/tcp_window_scaling

1

+ _________________________ /proc/sys/net/ipv4/tcp_adv_win_scale

+ cat /proc/sys/net/ipv4/tcp_adv_win_scale

1

+ _________________________ uname-a

+ uname -a

Linux k1 3.10.0-693.17.1.el7.x86_64 #1 SMP Thu Jan 25 20:13:58 UTC 2018
x86_64 x86_64 x86_64 GNU/Linux

+ _________________________ config-built-with

+ test -r /proc/config_built_with

+ _________________________ distro-release

+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release
/etc/mandrake-release /etc/mandriva-release /etc/gentoo-release

+ test -f /etc/redhat-release

+ cat /etc/redhat-release

CentOS Linux release 7.4.1708 (Core) 

+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release
/etc/mandrake-release /etc/mandriva-release /etc/gentoo-release

+ test -f /etc/debian-release

+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release
/etc/mandrake-release /etc/mandriva-release /etc/gentoo-release

+ test -f /etc/SuSE-release

+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release
/etc/mandrake-release /etc/mandriva-release /etc/gentoo-release

+ test -f /etc/mandrake-release

+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release
/etc/mandrake-release /etc/mandriva-release /etc/gentoo-release

+ test -f /etc/mandriva-release

+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release
/etc/mandrake-release /etc/mandriva-release /etc/gentoo-release

+ test -f /etc/gentoo-release

+ _________________________ /proc/net/ipsec_version

+ test -r /proc/net/ipsec_version

+ test -r /proc/net/pfkey

++ uname -r

+ echo 'NETKEY (3.10.0-693.17.1.el7.x86_64) support detected '

NETKEY (3.10.0-693.17.1.el7.x86_64) support detected 

+ _________________________ iptables

+ test -e /proc/net/ip_tables_names

+ test -r /sbin/iptables-save -o -r /usr/sbin/iptables-save

+ iptables-save --modprobe=/dev/null

# Generated by iptables-save v1.4.21 on Sat Feb 17 13:46:56 2018

*nat

:PREROUTING ACCEPT [217:17092]

:INPUT ACCEPT [0:0]

:OUTPUT ACCEPT [0:0]

:POSTROUTING ACCEPT [0:0]

:OUTPUT_direct - [0:0]

:POSTROUTING_ZONES - [0:0]

:POSTROUTING_ZONES_SOURCE - [0:0]

:POSTROUTING_direct - [0:0]

:POST_public - [0:0]

:POST_public_allow - [0:0]

:POST_public_deny - [0:0]

:POST_public_log - [0:0]

:PREROUTING_ZONES - [0:0]

:PREROUTING_ZONES_SOURCE - [0:0]

:PREROUTING_direct - [0:0]

:PRE_public - [0:0]

:PRE_public_allow - [0:0]

:PRE_public_deny - [0:0]

:PRE_public_log - [0:0]

-A PREROUTING -j PREROUTING_direct

-A PREROUTING -j PREROUTING_ZONES_SOURCE

-A PREROUTING -j PREROUTING_ZONES

-A OUTPUT -j OUTPUT_direct

-A POSTROUTING -j POSTROUTING_direct

-A POSTROUTING -j POSTROUTING_ZONES_SOURCE

-A POSTROUTING -j POSTROUTING_ZONES

-A POSTROUTING_ZONES -o enp0s8 -g POST_public

-A POSTROUTING_ZONES -g POST_public

-A POST_public -j POST_public_log

-A POST_public -j POST_public_deny

-A POST_public -j POST_public_allow

-A PREROUTING_ZONES -i enp0s8 -g PRE_public

-A PREROUTING_ZONES -g PRE_public

-A PRE_public -j PRE_public_log

-A PRE_public -j PRE_public_deny

-A PRE_public -j PRE_public_allow

COMMIT

# Completed on Sat Feb 17 13:46:56 2018

# Generated by iptables-save v1.4.21 on Sat Feb 17 13:46:56 2018

*mangle

:PREROUTING ACCEPT [217:17092]

:INPUT ACCEPT [217:17092]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [0:0]

:POSTROUTING ACCEPT [0:0]

:FORWARD_direct - [0:0]

:INPUT_direct - [0:0]

:OUTPUT_direct - [0:0]

:POSTROUTING_direct - [0:0]

:PREROUTING_ZONES - [0:0]

:PREROUTING_ZONES_SOURCE - [0:0]

:PREROUTING_direct - [0:0]

:PRE_public - [0:0]

:PRE_public_allow - [0:0]

:PRE_public_deny - [0:0]

:PRE_public_log - [0:0]

-A PREROUTING -j PREROUTING_direct

-A PREROUTING -j PREROUTING_ZONES_SOURCE

-A PREROUTING -j PREROUTING_ZONES

-A INPUT -j INPUT_direct

-A FORWARD -j FORWARD_direct

-A OUTPUT -j OUTPUT_direct

-A POSTROUTING -j POSTROUTING_direct

-A PREROUTING_ZONES -i enp0s8 -g PRE_public

-A PREROUTING_ZONES -g PRE_public

-A PRE_public -j PRE_public_log

-A PRE_public -j PRE_public_deny

-A PRE_public -j PRE_public_allow

COMMIT

# Completed on Sat Feb 17 13:46:56 2018

# Generated by iptables-save v1.4.21 on Sat Feb 17 13:46:56 2018

*security

:INPUT ACCEPT [631:75215]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [687:93359]

:FORWARD_direct - [0:0]

:INPUT_direct - [0:0]

:OUTPUT_direct - [0:0]

-A INPUT -j INPUT_direct

-A FORWARD -j FORWARD_direct

-A OUTPUT -j OUTPUT_direct

COMMIT

# Completed on Sat Feb 17 13:46:56 2018

# Generated by iptables-save v1.4.21 on Sat Feb 17 13:46:56 2018

*raw

:PREROUTING ACCEPT [217:17092]

:OUTPUT ACCEPT [0:0]

:OUTPUT_direct - [0:0]

:PREROUTING_ZONES - [0:0]

:PREROUTING_ZONES_SOURCE - [0:0]

:PREROUTING_direct - [0:0]

:PRE_public - [0:0]

:PRE_public_allow - [0:0]

:PRE_public_deny - [0:0]

:PRE_public_log - [0:0]

-A PREROUTING -j PREROUTING_direct

-A PREROUTING -j PREROUTING_ZONES_SOURCE

-A PREROUTING -j PREROUTING_ZONES

-A OUTPUT -j OUTPUT_direct

-A PREROUTING_ZONES -i enp0s8 -g PRE_public

-A PREROUTING_ZONES -g PRE_public

-A PRE_public -j PRE_public_log

-A PRE_public -j PRE_public_deny

-A PRE_public -j PRE_public_allow

COMMIT

# Completed on Sat Feb 17 13:46:56 2018

# Generated by iptables-save v1.4.21 on Sat Feb 17 13:46:56 2018

*filter

:INPUT ACCEPT [0:0]

:FORWARD ACCEPT [0:0]

:OUTPUT ACCEPT [0:0]

:FORWARD_IN_ZONES - [0:0]

:FORWARD_IN_ZONES_SOURCE - [0:0]

:FORWARD_OUT_ZONES - [0:0]

:FORWARD_OUT_ZONES_SOURCE - [0:0]

:FORWARD_direct - [0:0]

:FWDI_public - [0:0]

:FWDI_public_allow - [0:0]

:FWDI_public_deny - [0:0]

:FWDI_public_log - [0:0]

:FWDO_public - [0:0]

:FWDO_public_allow - [0:0]

:FWDO_public_deny - [0:0]

:FWDO_public_log - [0:0]

:INPUT_ZONES - [0:0]

:INPUT_ZONES_SOURCE - [0:0]

:INPUT_direct - [0:0]

:IN_public - [0:0]

:IN_public_allow - [0:0]

:IN_public_deny - [0:0]

:IN_public_log - [0:0]

:OUTPUT_direct - [0:0]

-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

-A INPUT -i lo -j ACCEPT

-A INPUT -j INPUT_direct

-A INPUT -j INPUT_ZONES_SOURCE

-A INPUT -j INPUT_ZONES

-A INPUT -m conntrack --ctstate INVALID -j DROP

-A INPUT -j REJECT --reject-with icmp-host-prohibited

-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT

-A FORWARD -i lo -j ACCEPT

-A FORWARD -j FORWARD_direct

-A FORWARD -j FORWARD_IN_ZONES_SOURCE

-A FORWARD -j FORWARD_IN_ZONES

-A FORWARD -j FORWARD_OUT_ZONES_SOURCE

-A FORWARD -j FORWARD_OUT_ZONES

-A FORWARD -m conntrack --ctstate INVALID -j DROP

-A FORWARD -j REJECT --reject-with icmp-host-prohibited

-A OUTPUT -j OUTPUT_direct

-A FORWARD_IN_ZONES -i enp0s8 -g FWDI_public

-A FORWARD_IN_ZONES -g FWDI_public

-A FORWARD_OUT_ZONES -o enp0s8 -g FWDO_public

-A FORWARD_OUT_ZONES -g FWDO_public

-A FWDI_public -j FWDI_public_log

-A FWDI_public -j FWDI_public_deny

-A FWDI_public -j FWDI_public_allow

-A FWDI_public -p icmp -j ACCEPT

-A FWDO_public -j FWDO_public_log

-A FWDO_public -j FWDO_public_deny

-A FWDO_public -j FWDO_public_allow

-A INPUT_ZONES -i enp0s8 -g IN_public

-A INPUT_ZONES -g IN_public

-A IN_public -j IN_public_log

-A IN_public -j IN_public_deny

-A IN_public -j IN_public_allow

-A IN_public -p icmp -j ACCEPT

-A IN_public_allow -p tcp -m tcp --dport 22 -m conntrack --ctstate NEW -j
ACCEPT

COMMIT

# Completed on Sat Feb 17 13:46:56 2018

+ _________________________ ip6tables

+ test -e ip6_tables_names

+ _________________________ /proc/modules

+ test -f /proc/modules

+ cat /proc/modules

udp_diag 12801 0 - Live 0xffffffffc05f3000

inet_diag 18949 1 udp_diag, Live 0xffffffffc05e9000

drbg 30186 1 - Live 0xffffffffc05e0000

ansi_cprng 12989 0 - Live 0xffffffffc05db000

rmd160 16744 0 - Live 0xffffffffc05d5000

crypto_null 12840 0 - Live 0xffffffffc05d0000

ip_vti 13496 0 - Live 0xffffffffc05c3000

ip_tunnel 25163 1 ip_vti, Live 0xffffffffc05c8000

af_key 40225 0 - Live 0xffffffffc05b8000

ah6 17218 0 - Live 0xffffffffc05b2000

ah4 17247 0 - Live 0xffffffffc05ac000

esp6 17252 0 - Live 0xffffffffc05a6000

esp4 17247 0 - Live 0xffffffffc05a0000

xfrm4_mode_beet 12691 0 - Live 0xffffffffc059b000

xfrm4_tunnel 12857 0 - Live 0xffffffffc0596000

tunnel4 13252 1 xfrm4_tunnel, Live 0xffffffffc0591000

xfrm4_mode_tunnel 13227 0 - Live 0xffffffffc058c000

xfrm4_mode_transport 12631 0 - Live 0xffffffffc0587000

xfrm6_mode_transport 12631 0 - Live 0xffffffffc0582000

xfrm6_mode_ro 12564 0 - Live 0xffffffffc057d000

xfrm6_mode_beet 12658 0 - Live 0xffffffffc0578000

xfrm6_mode_tunnel 13227 0 - Live 0xffffffffc0573000

ipcomp 12700 0 - Live 0xffffffffc056e000

ipcomp6 12701 0 - Live 0xffffffffc0569000

xfrm6_tunnel 13661 1 ipcomp6, Live 0xffffffffc0564000

tunnel6 13254 1 xfrm6_tunnel, Live 0xffffffffc055f000

xfrm_ipcomp 13413 2 ipcomp,ipcomp6, Live 0xffffffffc055a000

cmac 12788 0 - Live 0xffffffffc0555000

camellia_generic 29348 0 - Live 0xffffffffc054c000

camellia_aesni_avx2 26188 0 - Live 0xffffffffc0540000

camellia_aesni_avx_x86_64 27590 1 camellia_aesni_avx2, Live
0xffffffffc0534000

camellia_x86_64 52986 2 camellia_aesni_avx2,camellia_aesni_avx_x86_64, Live
0xffffffffc0522000

cast6_avx_x86_64 66979 0 - Live 0xffffffffc0510000

cast6_generic 21523 1 cast6_avx_x86_64, Live 0xffffffffc0509000

cast5_avx_x86_64 49872 0 - Live 0xffffffffc04fb000

cast5_generic 21429 1 cast5_avx_x86_64, Live 0xffffffffc04f4000

cast_common 12983 4
cast6_avx_x86_64,cast6_generic,cast5_avx_x86_64,cast5_generic, Live
0xffffffffc04ef000

deflate 12617 0 - Live 0xffffffffc04ea000

cts 12925 0 - Live 0xffffffffc04e5000

gcm 23457 0 - Live 0xffffffffc04da000

ccm 17773 0 - Live 0xffffffffc04d4000

serpent_avx2 46292 0 - Live 0xffffffffc04c7000

serpent_avx_x86_64 48578 1 serpent_avx2, Live 0xffffffffc04b6000

serpent_sse2_x86_64 50408 0 - Live 0xffffffffc04a8000

serpent_generic 29823 3 serpent_avx2,serpent_avx_x86_64,serpent_sse2_x86_64,
Live 0xffffffffc049f000

blowfish_generic 12530 0 - Live 0xffffffffc049a000

blowfish_x86_64 21966 0 - Live 0xffffffffc0493000

blowfish_common 16739 2 blowfish_generic,blowfish_x86_64, Live
0xffffffffc048d000

twofish_generic 16635 0 - Live 0xffffffffc0487000

twofish_avx_x86_64 51795 0 - Live 0xffffffffc0475000

twofish_x86_64_3way 27146 1 twofish_avx_x86_64, Live 0xffffffffc0469000

xts 12914 3 camellia_x86_64,serpent_sse2_x86_64,twofish_x86_64_3way, Live
0xffffffffc0464000

twofish_x86_64 12907 2 twofish_avx_x86_64,twofish_x86_64_3way, Live
0xffffffffc045f000

twofish_common 21113 4
twofish_generic,twofish_avx_x86_64,twofish_x86_64_3way,twofish_x86_64, Live
0xffffffffc0451000

xcbc 12815 0 - Live 0xffffffffc045a000

sha512_ssse3 42080 0 - Live 0xffffffffc043f000

sha512_generic 13131 1 sha512_ssse3, Live 0xffffffffc044c000

mcryptd 15269 0 - Live 0xffffffffc0433000

des_generic 21379 0 - Live 0xffffffffc0438000

ip6t_rpfilter 12595 1 - Live 0xffffffffc042e000

ipt_REJECT 12541 2 - Live 0xffffffffc0429000

nf_reject_ipv4 13373 1 ipt_REJECT, Live 0xffffffffc0424000

ip6t_REJECT 12625 2 - Live 0xffffffffc041f000

nf_reject_ipv6 13717 1 ip6t_REJECT, Live 0xffffffffc041a000

xt_conntrack 12760 11 - Live 0xffffffffc040b000

ip_set 36439 0 - Live 0xffffffffc0410000

nfnetlink 14696 1 ip_set, Live 0xffffffffc0400000

ebtable_nat 12807 1 - Live 0xffffffffc03fb000

ebtable_broute 12731 1 - Live 0xffffffffc0406000

bridge 136173 1 ebtable_broute, Live 0xffffffffc03d8000

stp 12976 1 bridge, Live 0xffffffffc03d3000

llc 14552 2 bridge,stp, Live 0xffffffffc03ca000

ip6table_nat 12864 1 - Live 0xffffffffc03c5000

nf_conntrack_ipv6 18935 7 - Live 0xffffffffc03bf000

nf_defrag_ipv6 35104 1 nf_conntrack_ipv6, Live 0xffffffffc03b1000

nf_nat_ipv6 14131 1 ip6table_nat, Live 0xffffffffc03a8000

ip6table_mangle 12700 1 - Live 0xffffffffc03a3000

ip6table_security 12710 1 - Live 0xffffffffc039e000

ip6table_raw 12683 1 - Live 0xffffffffc0399000

iptable_nat 12875 1 - Live 0xffffffffc0394000

nf_conntrack_ipv4 15053 6 - Live 0xffffffffc038f000

nf_defrag_ipv4 12729 1 nf_conntrack_ipv4, Live 0xffffffffc0381000

nf_nat_ipv4 14115 1 iptable_nat, Live 0xffffffffc0378000

nf_nat 26787 2 nf_nat_ipv6,nf_nat_ipv4, Live 0xffffffffc0387000

nf_conntrack 133387 6
xt_conntrack,nf_conntrack_ipv6,nf_nat_ipv6,nf_conntrack_ipv4,nf_nat_ipv4,nf_
nat, Live 0xffffffffc0356000

iptable_mangle 12695 1 - Live 0xffffffffc0351000

iptable_security 12705 1 - Live 0xffffffffc034c000

iptable_raw 12678 1 - Live 0xffffffffc0347000

ebtable_filter 12827 1 - Live 0xffffffffc032f000

ebtables 35009 3 ebtable_nat,ebtable_broute,ebtable_filter, Live
0xffffffffc033d000

ip6table_filter 12815 1 - Live 0xffffffffc02bf000

ip6_tables 26864 5
ip6table_nat,ip6table_mangle,ip6table_security,ip6table_raw,ip6table_filter,
Live 0xffffffffc02b3000

iptable_filter 12810 1 - Live 0xffffffffc012d000

intel_powerclamp 14419 0 - Live 0xffffffffc0338000

iosf_mbi 13523 0 - Live 0xffffffffc032a000

crc32_pclmul 13113 0 - Live 0xffffffffc0325000

ghash_clmulni_intel 13259 0 - Live 0xffffffffc02a9000

aesni_intel 69884 0 - Live 0xffffffffc0312000

lrw 13286 10
camellia_aesni_avx2,camellia_aesni_avx_x86_64,camellia_x86_64,cast6_avx_x86_
64,serpent_avx2,serpent_avx_x86_64,serpent_sse2_x86_64,twofish_avx_x86_64,tw
ofish_x86_64_3way,aesni_intel, Live 0xffffffffc030d000

gf128mul 14951 2 xts,lrw, Live 0xffffffffc0308000

glue_helper 13990 10
camellia_aesni_avx2,camellia_aesni_avx_x86_64,camellia_x86_64,cast6_avx_x86_
64,serpent_avx2,serpent_avx_x86_64,serpent_sse2_x86_64,twofish_avx_x86_64,tw
ofish_x86_64_3way,aesni_intel, Live 0xffffffffc024f000

ablk_helper 13597 9
camellia_aesni_avx2,camellia_aesni_avx_x86_64,cast6_avx_x86_64,cast5_avx_x86
_64,serpent_avx2,serpent_avx_x86_64,serpent_sse2_x86_64,twofish_avx_x86_64,a
esni_intel, Live 0xffffffffc02ae000

cryptd 20359 3 ghash_clmulni_intel,aesni_intel,ablk_helper, Live
0xffffffffc0302000

ppdev 17671 0 - Live 0xffffffffc02fc000

pcspkr 12718 0 - Live 0xffffffffc024a000

snd_intel8x0 38225 0 - Live 0xffffffffc02f1000

snd_ac97_codec 130556 1 snd_intel8x0, Live 0xffffffffc02d0000

ac97_bus 12730 1 snd_ac97_codec, Live 0xffffffffc027f000

sg 40721 0 - Live 0xffffffffc02c5000

snd_seq 62699 0 - Live 0xffffffffc0298000

snd_seq_device 14356 1 snd_seq, Live 0xffffffffc014b000

video 24520 0 - Live 0xffffffffc0278000

parport_pc 28165 0 - Live 0xffffffffc0290000

parport 42299 2 ppdev,parport_pc, Live 0xffffffffc0284000

snd_pcm 106416 2 snd_intel8x0,snd_ac97_codec, Live 0xffffffffc025d000

snd_timer 29810 2 snd_seq,snd_pcm, Live 0xffffffffc0254000

snd 83383 6
snd_intel8x0,snd_ac97_codec,snd_seq,snd_seq_device,snd_pcm,snd_timer, Live
0xffffffffc0135000

soundcore 15047 1 snd, Live 0xffffffffc008b000

i2c_piix4 22390 0 - Live 0xffffffffc0092000

i2c_core 40756 1 i2c_piix4, Live 0xffffffffc009a000

ip_tables 27078 5
iptable_nat,iptable_mangle,iptable_security,iptable_raw,iptable_filter, Live
0xffffffffc0083000

xfs 978100 2 - Live 0xffffffffc015a000

libcrc32c 12644 3 nf_nat,nf_conntrack,xfs, Live 0xffffffffc007e000

sr_mod 22416 0 - Live 0xffffffffc0073000

cdrom 42556 1 sr_mod, Live 0xffffffffc0121000

ata_generic 12910 0 - Live 0xffffffffc011c000

sd_mod 46322 3 - Live 0xffffffffc010f000

crc_t10dif 12714 1 sd_mod, Live 0xffffffffc0107000

crct10dif_generic 12647 0 - Live 0xffffffffc00ff000

pata_acpi 13038 0 - Live 0xffffffffc00ed000

ahci 34042 2 - Live 0xffffffffc00f2000

libahci 31992 1 ahci, Live 0xffffffffc00e4000

ata_piix 35038 0 - Live 0xffffffffc0150000

libata 238896 5 ata_generic,pata_acpi,ahci,libahci,ata_piix, Live
0xffffffffc00a8000

e1000 137500 0 - Live 0xffffffffc0050000

crct10dif_pclmul 14289 1 - Live 0xffffffffc0048000

crct10dif_common 12595 3 crc_t10dif,crct10dif_generic,crct10dif_pclmul, Live
0xffffffffc003a000

crc32c_intel 22079 1 - Live 0xffffffffc0041000

serio_raw 13413 0 - Live 0xffffffffc0027000

dm_mirror 22124 0 - Live 0xffffffffc0033000

dm_region_hash 20813 1 dm_mirror, Live 0xffffffffc0020000

dm_log 18411 2 dm_mirror,dm_region_hash, Live 0xffffffffc002d000

dm_mod 123303 8 dm_mirror,dm_log, Live 0xffffffffc0000000

+ _________________________ /proc/meminfo

+ cat /proc/meminfo

MemTotal:        1016188 kB

MemFree:          739176 kB

MemAvailable:     739940 kB

Buffers:            2108 kB

Cached:            92148 kB

SwapCached:            0 kB

Active:           103168 kB

Inactive:          64400 kB

Active(anon):      73620 kB

Inactive(anon):     6392 kB

Active(file):      29548 kB

Inactive(file):    58008 kB

Unevictable:           0 kB

Mlocked:               0 kB

SwapTotal:        839676 kB

SwapFree:         839676 kB

Dirty:               108 kB

Writeback:             0 kB

AnonPages:         73344 kB

Mapped:            25056 kB

Shmem:              6700 kB

Slab:              78848 kB

SReclaimable:      56916 kB

SUnreclaim:        21932 kB

KernelStack:        1600 kB

PageTables:         3704 kB

NFS_Unstable:          0 kB

Bounce:                0 kB

WritebackTmp:          0 kB

CommitLimit:     1347768 kB

Committed_AS:     283708 kB

VmallocTotal:   34359738367 kB

VmallocUsed:        5768 kB

VmallocChunk:   34359729904 kB

HardwareCorrupted:     0 kB

AnonHugePages:     16384 kB

HugePages_Total:       0

HugePages_Free:        0

HugePages_Rsvd:        0

HugePages_Surp:        0

Hugepagesize:       2048 kB

DirectMap4k:       53184 kB

DirectMap2M:      995328 kB

+ _________________________ /proc/net/ipsec-ls

+ test -f /proc/net/ipsec_version

+ _________________________ usr/src/linux/.config

+ test -f /proc/config.gz

++ uname -r

+ test -f /lib/modules/3.10.0-693.17.1.el7.x86_64/build/.config

+ echo 'no .config file found, cannot list kernel properties'

no .config file found, cannot list kernel properties

+ _________________________ etc/syslog.conf

+ _________________________ etc/syslog-ng/syslog-ng.conf

+ cat /etc/syslog-ng/syslog-ng.conf

cat: /etc/syslog-ng/syslog-ng.conf: No such file or directory

+ cat /etc/syslog.conf

cat: /etc/syslog.conf: No such file or directory

+ _________________________ etc/resolv.conf

+ cat /etc/resolv.conf

# Generated by NetworkManager

+ _________________________ lib/modules-ls

+ ls -ltr /lib/modules

total 8

drwxr-xr-x. 7 root root 4096 Feb 17 03:28 3.10.0-693.el7.x86_64

drwxr-xr-x. 7 root root 4096 Feb 17 03:50 3.10.0-693.17.1.el7.x86_64

+ _________________________ fipscheck

+ cat /proc/sys/crypto/fips_enabled

0

+ _________________________ /proc/ksyms-netif_rx

+ test -r /proc/ksyms

+ test -r /proc/kallsyms

+ egrep netif_rx /proc/kallsyms

ffffffff81588180 t netif_rx_internal

ffffffff815882c0 T netif_rx

ffffffff815884d0 T netif_rx_ni

ffffffff819908c0 r __tracepoint_ptr_netif_rx_ni_entry

ffffffff819908c8 r __tracepoint_ptr_netif_rx_entry

ffffffff819908e8 r __tracepoint_ptr_netif_rx

ffffffff81992770 r __tpstrtab_netif_rx_ni_entry

ffffffff81992782 r __tpstrtab_netif_rx_entry

ffffffff819927f5 r __tpstrtab_netif_rx

ffffffff819a5ac0 r __ksymtab_netif_rx

ffffffff819a5ad0 r __ksymtab_netif_rx_ni

ffffffff819bdd60 r __kcrctab_netif_rx

ffffffff819bdd68 r __kcrctab_netif_rx_ni

ffffffff819e4ecd r __kstrtab_netif_rx_ni

ffffffff819e4ed9 r __kstrtab_netif_rx

ffffffff81ae5de0 d event_netif_rx_ni_entry

ffffffff81ae5e80 d event_netif_rx_entry

ffffffff81ae6100 d event_netif_rx

ffffffff81b000c0 D __tracepoint_netif_rx_ni_entry

ffffffff81b00100 D __tracepoint_netif_rx_entry

ffffffff81b00200 D __tracepoint_netif_rx

ffffffff81ccba68 t __event_netif_rx_ni_entry

ffffffff81ccba70 t __event_netif_rx_entry

ffffffff81ccba90 t __event_netif_rx

+ _________________________ lib/modules-netif_rx

+ modulegoo kernel/net/ipv4/ipip.o netif_rx

+ set +x

3.10.0-693.17.1.el7.x86_64: 

3.10.0-693.el7.x86_64: 

+ _________________________ kern.debug

+ test -f /var/log/kern.debug

+ _________________________ klog

+ egrep -i 'klips|ipsec'

+ dmesg

[ 1260.023927] IPv4 over IPsec tunneling driver

+ _________________________ plog

+ test -x /usr/bin/journalctl

+ case "$1" in

+ cat

+ journalctl -u ipsec.service --no-pager --since '1 hour ago'

-- Logs begin at Sat 2018-02-17 11:09:07 EST, end at Sat 2018-02-17 13:46:56
EST. --

Feb 17 13:46:56 k1 pluto[2866]: loading secrets from "/etc/ipsec.secrets"

Feb 17 13:46:56 k1 pluto[2866]: no secrets filename matched
"/etc/ipsec.d/*.secrets"

+ _________________________ date

+ date

Sat Feb 17 13:46:56 EST 2018

 

 

 

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20180217/2f0e91b5/attachment-0001.html>


More information about the Swan mailing list