[Swan] STATE_MAIN_I1: retransmission; will wait 0.5 seconds for response
Alex
mysqlstudent at gmail.com
Thu May 31 14:45:21 UTC 2018
Hi, I posted the message below a day or so ago and haven't received
any responses. Is there something else I should include to help
troubleshoot this further?
I'm really kind of stuck and just don't know what to do. I've also
upgraded to the latest fedora28 on the local side, thinking it was a
bug, but it uses the same libreswan as fedora27.
My short question is, under what conditions is the message
"STATE_MAIN_I1: retransmission; will wait 0.5 seconds for response"
produced, and is it possible it's a bug?
The system was working fine for more than a year and I don't know what
changed to cause this.
On Tue, May 29, 2018 at 4:37 PM, Alex <mysqlstudent at gmail.com> wrote:
> Hi,
>
> I have a fedora27 system with libreswan-3.23-1.fc27.x86_64 on the
> local side and libreswan-3.22-1.fc25.x86_64 on the remote side and
> having a problem with my site-to-site VPN. It was working until about
> two hours ago and something changed. I have no idea what's causing the
> problem or what's changed and hoped someone could help.
>
> I have mail pending on a server on the other side of the VPN that I
> now can't access.
>
> May 29 16:30:04 orion pluto[14295]: assign_holdpass() delete_bare_shunt() failed
> May 29 16:30:04 orion pluto[14295]: initiate_ondemand_body() failed to
> install negotiation_shunt,
> May 29 16:30:04 orion pluto[14295]: initiate on demand from
> 192.168.1.7:8 to 64.1.11.5:0 proto=1 because: acquire
> May 29 16:30:08 orion pluto[14295]: "VPN-GDHQ-GDXO" #24:
> STATE_MAIN_I1: retransmission; will wait 32 seconds for response
> May 29 16:30:40 orion pluto[14295]: "VPN-GDHQ-GDXO" #24:
> STATE_MAIN_I1: 60 second timeout exceeded after 7 retransmits. No
> response (or no acceptable response) to our first IKEv1 message
> May 29 16:30:40 orion pluto[14295]: "VPN-GDHQ-GDXO" #24: starting
> keying attempt 25 of an unlimited number
> May 29 16:30:40 orion pluto[14295]: "VPN-GDHQ-GDXO" #25: initiating
> Main Mode to replace #24
> May 29 16:30:40 orion pluto[14295]: "VPN-GDHQ-GDXO" #24: deleting
> state (STATE_MAIN_I1)
> May 29 16:30:41 orion pluto[14295]: "VPN-GDHQ-GDXO" #25:
> STATE_MAIN_I1: retransmission; will wait 0.5 seconds for response
> May 29 16:30:41 orion pluto[14295]: "VPN-GDHQ-GDXO" #25:
> STATE_MAIN_I1: retransmission; will wait 1 seconds for response
> May 29 16:30:42 orion pluto[14295]: "VPN-GDHQ-GDXO" #25:
> STATE_MAIN_I1: retransmission; will wait 2 seconds for response
> May 29 16:30:44 orion pluto[14295]: "VPN-GDHQ-GDXO" #25:
> STATE_MAIN_I1: retransmission; will wait 4 seconds for response
> May 29 16:30:48 orion pluto[14295]: "VPN-GDHQ-GDXO" #25:
> STATE_MAIN_I1: retransmission; will wait 8 seconds for response
> May 29 16:30:56 orion pluto[14295]: "VPN-GDHQ-GDXO" #25:
> STATE_MAIN_I1: retransmission; will wait 16 seconds for response
>
> My ipsec whack status and current configuration is below. I've changed
> our domain to 'example'. orion.example.com is the local side.
>
> 000 using kernel interface: netkey
> 000 interface br0/br0 ::ec4:7aff:fea9:18de at 500
> 000 interface lo/lo ::1 at 500
> 000 interface lo/lo 127.0.0.1 at 4500
> 000 interface lo/lo 127.0.0.1 at 500
> 000 interface eth1/eth1 192.168.1.1 at 4500
> 000 interface eth1/eth1 192.168.1.1 at 500
> 000 interface eth1:2/eth1:2 192.168.6.1 at 4500
> 000 interface eth1:2/eth1:2 192.168.6.1 at 500
> 000 interface eth1:0/eth1:0 192.168.1.2 at 4500
> 000 interface eth1:0/eth1:0 192.168.1.2 at 500
> 000 interface eth1:1/eth1:1 192.168.1.100 at 4500
> 000 interface eth1:1/eth1:1 192.168.1.100 at 500
> 000 interface eth1:3/eth1:3 192.168.1.101 at 4500
> 000 interface eth1:3/eth1:3 192.168.1.101 at 500
> 000 interface br0/br0 68.195.199.42 at 4500
> 000 interface br0/br0 68.195.199.42 at 500
> 000 interface br0:0/br0:0 68.195.199.44 at 4500
> 000 interface br0:0/br0:0 68.195.199.44 at 500
> 000 interface virbr0/virbr0 192.168.122.1 at 4500
> 000 interface virbr0/virbr0 192.168.122.1 at 500
> 000
> 000
> 000 fips mode=disabled;
> 000 SElinux=disabled
> 000 seccomp=unsupported
> 000
> 000 config setup options:
> 000
> 000 configdir=/etc, configfile=/etc/ipsec.conf,
> secrets=/etc/ipsec.secrets, ipsecdir=/etc/ipsec.d
> 000 nssdir=/etc/ipsec.d, dumpdir=/run/pluto, statsbin=unset
> 000 dnssec-rootkey-file=/var/lib/unbound/root.key, dnssec-trusted=<unset>
> 000 sbindir=/usr/sbin, libexecdir=/usr/libexec/ipsec
> 000 pluto_version=3.23, pluto_vendorid=OE-Libreswan-3.23
> 000 nhelpers=0, uniqueids=yes, dnssec-enable=yes, perpeerlog=no,
> logappend=yes, logip=yes, shuntlifetime=900s, xfrmlifetime=300s
> 000 ddos-cookies-threshold=50000, ddos-max-halfopen=25000, ddos-mode=auto
> 000 ikeport=500, ikebuf=0, msg_errqueue=yes, strictcrlpolicy=no,
> crlcheckinterval=0, listen=<any>, nflog-all=0
> 000 ocsp-enable=no, ocsp-strict=no, ocsp-timeout=2, ocsp-uri=<unset>
> 000 ocsp-trust-name=<unset>
> 000 ocsp-cache-size=1000, ocsp-cache-min-age=3600,
> ocsp-cache-max-age=86400, ocsp-method=get
> 000 secctx-attr-type=32001
> 000 debug none
> 000
> 000 nat-traversal=yes, keep-alive=20, nat-ikeport=4500
> 000 virtual-private (%priv):
> 000
> 000 ESP algorithms supported:
> 000
> 000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8,
> keysizemin=192, keysizemax=192
> 000 algorithm ESP encrypt: id=6, name=ESP_CAST, ivlen=8,
> keysizemin=128, keysizemax=128
> 000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0,
> keysizemin=0, keysizemax=0
> 000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8,
> keysizemin=128, keysizemax=256
> 000 algorithm ESP encrypt: id=13, name=ESP_AES_CTR, ivlen=8,
> keysizemin=128, keysizemax=256
> 000 algorithm ESP encrypt: id=14, name=ESP_AES_CCM_A, ivlen=8,
> keysizemin=128, keysizemax=256
> 000 algorithm ESP encrypt: id=15, name=ESP_AES_CCM_B, ivlen=8,
> keysizemin=128, keysizemax=256
> 000 algorithm ESP encrypt: id=16, name=ESP_AES_CCM_C, ivlen=8,
> keysizemin=128, keysizemax=256
> 000 algorithm ESP encrypt: id=18, name=ESP_AES_GCM_A, ivlen=8,
> keysizemin=128, keysizemax=256
> 000 algorithm ESP encrypt: id=19, name=ESP_AES_GCM_B, ivlen=8,
> keysizemin=128, keysizemax=256
> 000 algorithm ESP encrypt: id=20, name=ESP_AES_GCM_C, ivlen=8,
> keysizemin=128, keysizemax=256
> 000 algorithm ESP encrypt: id=22, name=ESP_CAMELLIA, ivlen=8,
> keysizemin=128, keysizemax=256
> 000 algorithm ESP encrypt: id=23, name=ESP_NULL_AUTH_AES_GMAC,
> ivlen=8, keysizemin=128, keysizemax=256
> 000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8,
> keysizemin=128, keysizemax=256
> 000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8,
> keysizemin=128, keysizemax=256
> 000 algorithm AH/ESP auth: id=1, name=AUTH_ALGORITHM_HMAC_MD5,
> keysizemin=128, keysizemax=128
> 000 algorithm AH/ESP auth: id=2, name=AUTH_ALGORITHM_HMAC_SHA1,
> keysizemin=160, keysizemax=160
> 000 algorithm AH/ESP auth: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256,
> keysizemin=256, keysizemax=256
> 000 algorithm AH/ESP auth: id=6, name=AUTH_ALGORITHM_HMAC_SHA2_384,
> keysizemin=384, keysizemax=384
> 000 algorithm AH/ESP auth: id=7, name=AUTH_ALGORITHM_HMAC_SHA2_512,
> keysizemin=512, keysizemax=512
> 000 algorithm AH/ESP auth: id=8, name=AUTH_ALGORITHM_HMAC_RIPEMD,
> keysizemin=160, keysizemax=160
> 000 algorithm AH/ESP auth: id=9, name=AUTH_ALGORITHM_AES_XCBC,
> keysizemin=128, keysizemax=128
> 000 algorithm AH/ESP auth: id=250, name=AUTH_ALGORITHM_AES_CMAC_96,
> keysizemin=128, keysizemax=128
> 000 algorithm AH/ESP auth: id=251, name=AUTH_ALGORITHM_NULL_KAME,
> keysizemin=0, keysizemax=0
> 000
> 000 IKE algorithms supported:
> 000
> 000 algorithm IKE encrypt: v1id=5, v1name=OAKLEY_3DES_CBC, v2id=3,
> v2name=3DES, blocksize=8, keydeflen=192
> 000 algorithm IKE encrypt: v1id=8, v1name=OAKLEY_CAMELLIA_CBC,
> v2id=23, v2name=CAMELLIA_CBC, blocksize=16, keydeflen=128
> 000 algorithm IKE encrypt: v1id=-1, v1name=n/a, v2id=20,
> v2name=AES_GCM_C, blocksize=16, keydeflen=128
> 000 algorithm IKE encrypt: v1id=-1, v1name=n/a, v2id=19,
> v2name=AES_GCM_B, blocksize=16, keydeflen=128
> 000 algorithm IKE encrypt: v1id=-1, v1name=n/a, v2id=18,
> v2name=AES_GCM_A, blocksize=16, keydeflen=128
> 000 algorithm IKE encrypt: v1id=13, v1name=OAKLEY_AES_CTR, v2id=13,
> v2name=AES_CTR, blocksize=16, keydeflen=128
> 000 algorithm IKE encrypt: v1id=7, v1name=OAKLEY_AES_CBC, v2id=12,
> v2name=AES_CBC, blocksize=16, keydeflen=128
> 000 algorithm IKE encrypt: v1id=65004, v1name=OAKLEY_SERPENT_CBC,
> v2id=65004, v2name=SERPENT_CBC, blocksize=16, keydeflen=128
> 000 algorithm IKE encrypt: v1id=65005, v1name=OAKLEY_TWOFISH_CBC,
> v2id=65005, v2name=TWOFISH_CBC, blocksize=16, keydeflen=128
> 000 algorithm IKE encrypt: v1id=65289, v1name=OAKLEY_TWOFISH_CBC_SSH,
> v2id=65289, v2name=TWOFISH_CBC_SSH, blocksize=16, keydeflen=128
> 000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashlen=16
> 000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashlen=20
> 000 algorithm IKE hash: id=4, name=OAKLEY_SHA2_256, hashlen=32
> 000 algorithm IKE hash: id=5, name=OAKLEY_SHA2_384, hashlen=48
> 000 algorithm IKE hash: id=6, name=OAKLEY_SHA2_512, hashlen=64
> 000 algorithm IKE DH Key Exchange: name=MODP1024, bits=1024
> 000 algorithm IKE DH Key Exchange: name=MODP1536, bits=1536
> 000 algorithm IKE DH Key Exchange: name=MODP2048, bits=2048
> 000 algorithm IKE DH Key Exchange: name=MODP3072, bits=3072
> 000 algorithm IKE DH Key Exchange: name=MODP4096, bits=4096
> 000 algorithm IKE DH Key Exchange: name=MODP6144, bits=6144
> 000 algorithm IKE DH Key Exchange: name=MODP8192, bits=8192
> 000 algorithm IKE DH Key Exchange: name=DH19, bits=512
> 000 algorithm IKE DH Key Exchange: name=DH20, bits=768
> 000 algorithm IKE DH Key Exchange: name=DH21, bits=1056
> 000 algorithm IKE DH Key Exchange: name=DH23, bits=2048
> 000 algorithm IKE DH Key Exchange: name=DH24, bits=2048
> 000
> 000 stats db_ops: {curr_cnt, total_cnt, maxsz} :context={0,2,64}
> trans={0,2,6936} attrs={0,2,4624}
> 000
> 000 Connection list:
> 000
> 000 "VPN-GDHQ-GDXO":
> 192.168.1.0/24===68.195.199.42<68.195.199.42>[CN=orion.example.com,
> O=GDXO]---68.195.199.41...65.46.77.6<65.46.72.6>[CN=cyclops.example.com,
> O=GDXO]===64.1.11.0/27; prospective erouted; eroute owner: #0
> 000 "VPN-GDHQ-GDXO": oriented; my_ip=unset; their_ip=unset;
> mycert=orion; hiscert=cyclops; my_updown=ipsec _updown;
> 000 "VPN-GDHQ-GDXO": xauth us:none, xauth them:none,
> my_username=[any]; their_username=[any]
> 000 "VPN-GDHQ-GDXO": our auth:rsasig, their auth:rsasig
> 000 "VPN-GDHQ-GDXO": modecfg info: us:none, them:none, modecfg
> policy:push, dns:unset, domains:unset, banner:unset, cat:unset;
> 000 "VPN-GDHQ-GDXO": labeled_ipsec:no;
> 000 "VPN-GDHQ-GDXO": policy_label:unset;
> 000 "VPN-GDHQ-GDXO": CAs: 'CN=GDXO Authority, O=GDXO'...'CN=GDXO
> Authority, O=GDXO'
> 000 "VPN-GDHQ-GDXO": ike_life: 14400s; ipsec_life: 3600s;
> replay_window: 32; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries:
> 0;
> 000 "VPN-GDHQ-GDXO": retransmit-interval: 500ms; retransmit-timeout: 60s;
> 000 "VPN-GDHQ-GDXO": sha2-truncbug:no; initial-contact:no;
> cisco-unity:no; fake-strongswan:no; send-vendorid:no;
> send-no-esp-tfc:no;
> 000 "VPN-GDHQ-GDXO": policy:
> RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO;
> 000 "VPN-GDHQ-GDXO": conn_prio: 24,27; interface: br0; metric: 0;
> mtu: unset; sa_prio:auto; sa_tfc:none;
> 000 "VPN-GDHQ-GDXO": nflog-group: unset; mark: unset;
> vti-iface:unset; vti-routing:no; vti-shared:no; nic-offload:auto;
> 000 "VPN-GDHQ-GDXO": our idtype: ID_DER_ASN1_DN; our
> id=CN=orion.example.com, O=GDXO; their idtype: ID_DER_ASN1_DN; their
> id=CN=cyclops.example.com, O=GDXO
> 000 "VPN-GDHQ-GDXO": dpd: action:hold; delay:0; timeout:0; nat-t:
> encaps:auto; nat_keepalive:yes; ikev1_natt:both
> 000 "VPN-GDHQ-GDXO": newest ISAKMP SA: #0; newest IPsec SA: #0;
> 000 "VPN-GDHQ-GDXO": IKE algorithms: AES_CBC-HMAC_SHA2_256-MODP2048,
> AES_CBC-HMAC_SHA2_512-MODP2048, AES_CBC-HMAC_SHA1-MODP2048,
> AES_CBC-HMAC_SHA2_256-MODP1536, AES_CBC-HMAC_SHA2_512-MODP1536,
> AES_CBC-HMAC_SHA1-MODP1536
> 000 "VPN-GDHQ-GDXO": ESP algorithms: AES_CBC-HMAC_SHA1_96
> 000 "VPN-GDHQ-GDXO-2":
> 192.168.1.0/24===68.195.199.42<68.195.193.42>[CN=orion.example.com,
> O=GDXO]---68.195.199.41...65.46.77.6<65.46.72.6>[CN=cyclops.example.com,
> O=GDXO]===66.104.200.96/28; prospective erouted; eroute owner: #0
> 000 "VPN-GDHQ-GDXO-2": oriented; my_ip=unset; their_ip=unset;
> mycert=orion; hiscert=cyclops; my_updown=ipsec _updown;
> 000 "VPN-GDHQ-GDXO-2": xauth us:none, xauth them:none,
> my_username=[any]; their_username=[any]
> 000 "VPN-GDHQ-GDXO-2": our auth:rsasig, their auth:rsasig
> 000 "VPN-GDHQ-GDXO-2": modecfg info: us:none, them:none, modecfg
> policy:push, dns:unset, domains:unset, banner:unset, cat:unset;
> 000 "VPN-GDHQ-GDXO-2": labeled_ipsec:no;
> 000 "VPN-GDHQ-GDXO-2": policy_label:unset;
> 000 "VPN-GDHQ-GDXO-2": CAs: 'CN=GDXO Authority, O=GDXO'...'CN=GDXO
> Authority, O=GDXO'
> 000 "VPN-GDHQ-GDXO-2": ike_life: 14400s; ipsec_life: 3600s;
> replay_window: 32; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries:
> 0;
> 000 "VPN-GDHQ-GDXO-2": retransmit-interval: 500ms; retransmit-timeout: 60s;
> 000 "VPN-GDHQ-GDXO-2": sha2-truncbug:no; initial-contact:no;
> cisco-unity:no; fake-strongswan:no; send-vendorid:no;
> send-no-esp-tfc:no;
> 000 "VPN-GDHQ-GDXO-2": policy:
> RSASIG+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO;
> 000 "VPN-GDHQ-GDXO-2": conn_prio: 24,28; interface: br0; metric: 0;
> mtu: unset; sa_prio:auto; sa_tfc:none;
> 000 "VPN-GDHQ-GDXO-2": nflog-group: unset; mark: unset;
> vti-iface:unset; vti-routing:no; vti-shared:no; nic-offload:auto;
> 000 "VPN-GDHQ-GDXO-2": our idtype: ID_DER_ASN1_DN; our
> id=CN=orion.example.com, O=GDXO; their idtype: ID_DER_ASN1_DN; their
> id=CN=cyclops.example.com, O=GDXO
> 000 "VPN-GDHQ-GDXO-2": dpd: action:hold; delay:0; timeout:0; nat-t:
> encaps:auto; nat_keepalive:yes; ikev1_natt:both
> 000 "VPN-GDHQ-GDXO-2": newest ISAKMP SA: #0; newest IPsec SA: #0;
> 000 "VPN-GDHQ-GDXO-2": IKE algorithms:
> AES_CBC-HMAC_SHA2_256-MODP2048, AES_CBC-HMAC_SHA2_512-MODP2048,
> AES_CBC-HMAC_SHA1-MODP2048, AES_CBC-HMAC_SHA2_256-MODP1536,
> AES_CBC-HMAC_SHA2_512-MODP1536, AES_CBC-HMAC_SHA1-MODP1536
> 000 "VPN-GDHQ-GDXO-2": ESP algorithms: AES_CBC-HMAC_SHA1_96
> 000
> 000 Total IPsec connections: loaded 2, active 0
> 000
> 000 State Information: DDoS cookies not required, Accepting new IKE connections
> 000 IKE SAs: total(1), half-open(1), open(0), authenticated(0), anonymous(0)
> 000 IPsec SAs: total(0), authenticated(0), anonymous(0)
> 000
> 000 #8: "VPN-GDHQ-GDXO":500 STATE_MAIN_I1 (sent MI1, expecting MR1);
> EVENT_v1_RETRANSMIT in 1s; nodpd; idle; import:admin initiate
> 000 #8: pending Phase 2 for "VPN-GDHQ-GDXO-2" replacing #0
> 000 #8: pending Phase 2 for "VPN-GDHQ-GDXO" replacing #0
> 000
> 000 Bare Shunt list:
> 000
>
> # ipsec auto --listcerts
> 000
> 000 List of X.509 End Certificates:
> 000
> 000 End certificate "orion" - SN: 0x00ac38455c
> 000 subject: CN=orion.example.com, O=GDXO
> 000 issuer: CN=GDXO Authority, O=GDXO
> 000 not before: Tue Jan 02 02:51:00 2018
> 000 not after: Sun Jan 02 02:51:00 2022
> 000 4096 bit RSA: has private key
> 000
> 000 End certificate "cyclops" - SN: 0x00ac3845b1
> 000 subject: CN=cyclops.example.com, O=GDXO
> 000 issuer: CN=GDXO Authority, O=GDXO
> 000 not before: Tue Jan 02 02:51:46 2018
> 000 not after: Sun Jan 02 02:51:46 2022
> 000 4096 bit RSA: has private key
>
> # cat /etc/ipsec.conf|grep -vE '#|^$'
> config setup
> klipsdebug=all
> interfaces=%defaultroute
> uniqueids=yes
> protostack=netkey
> nhelpers=0
> conn %default
> auto=add
> keyingtries=0
> disablearrivalcheck=no
> keyexchange=ike
> ikelifetime=240m
> keylife=60m
> pfs=yes
> compress=no
> leftrsasigkey=%cert
> rightrsasigkey=%cert
> type=tunnel
> authby=rsasig
> esp=aes
> ike=aes
> conn VPN-GDHQ-GDXO
> auto=start
> left=68.195.199.42
> leftnexthop=68.195.199.41
> leftsubnet=192.168.1.0/24
> leftid="CN=orion.example.com, O=GDXO"
> leftcert=orion
> right=65.46.77.6
> rightnexthop=65.46.77.5
> rightsubnet=64.1.11.0/27
> rightid="CN=cyclops.example.com, O=GDXO"
> rightcert=cyclops
> conn VPN-GDHQ-GDXO-2
> auto=start
> left=68.195.199.42
> leftnexthop=68.195.199.41
> leftsubnet=192.168.1.0/24
> leftid="CN=orion.example.com, O=GDXO"
> leftcert=orion
> right=65.46.77.6
> rightnexthop=65.46.77.5
> rightsubnet=66.104.200.96/28
> rightid="CN=cyclops.example.com, O=GDXO"
> rightcert=cyclops
>
> # ipsec verify
> Verifying installed system and configuration files
>
> Version check and ipsec on-path [OK]
> Libreswan 3.23 (netkey) on 4.16.3-200.fc27.x86_64
> Checking for IPsec support in kernel [OK]
> NETKEY: Testing XFRM related proc values
> ICMP default/send_redirects [OK]
> ICMP default/accept_redirects [OK]
> XFRM larval drop [OK]
> Pluto ipsec.conf syntax [OK]
> Two or more interfaces found, checking IP forwarding [OK]
> Checking rp_filter [OK]
> Checking that pluto is running [OK]
> Pluto listening for IKE on udp 500 [OK]
> Pluto listening for IKE/NAT-T on udp 4500 [OK]
> Pluto ipsec.secret syntax [OK]
> Checking 'ip' command [OK]
> Checking 'iptables' command [OK]
> Checking 'prelink' command does not interfere with FIPS [OK]
> Checking for obsolete ipsec.conf options [OK]
>
> # route -n
> Kernel IP routing table
> Destination Gateway Genmask Flags Metric Ref Use Iface
> 0.0.0.0 68.195.199.41 0.0.0.0 UG 0 0 0 br0
> 68.195.199.40 0.0.0.0 255.255.255.248 U 0 0 0 br0
> 169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 eth1
> 169.254.0.0 0.0.0.0 255.255.0.0 U 1004 0 0 br0
> 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
> 192.168.6.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
> 192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
More information about the Swan
mailing list