<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body bgcolor="#FFFFFF" text="#000000">
An application of the previously sent URL on Libreswan 3.7 i686 RPM
on a Fedora 19 i686 computer.<br>
<br>
[philippe@victor ~]$ <b>sudo alien -k
download/libreswan-3.7-1.fc19.i686.rpm </b><br>
Warning: Skipping conversion of scripts in package libreswan:
postinst postrm prerm<br>
Warning: Use the --scripts parameter to include the scripts.<br>
libreswan_3.7-1.fc19_i386.deb generated<br>
[philippe@victor ~]$ <b>sudo dpkg -i libreswan_3.7-1.fc19_i386.deb</b><br>
Selecting previously unselected package libreswan.<br>
(Reading database ... 0 files and directories currently installed.)<br>
Unpacking libreswan (from libreswan_3.7-1.fc19_i386.deb) ...<br>
Setting up libreswan (3.7-1.fc19) ...<br>
<br>
Configuration file `/etc/pam.d/pluto'<br>
==> File on system created by you or by a script.<br>
==> File also in package provided by package maintainer.<br>
What would you like to do about it ? Your options are:<br>
Y or I : install the package maintainer's version<br>
N or O : keep your currently-installed version<br>
D : show the differences between the versions<br>
Z : start a shell to examine the situation<br>
The default action is to keep your current version.<br>
*** pluto (Y/I/N/O/D/Z) [default=N] ? <br>
<br>
Configuration file `/etc/ipsec.conf'<br>
==> File on system created by you or by a script.<br>
==> File also in package provided by package maintainer.<br>
What would you like to do about it ? Your options are:<br>
Y or I : install the package maintainer's version<br>
N or O : keep your currently-installed version<br>
D : show the differences between the versions<br>
Z : start a shell to examine the situation<br>
The default action is to keep your current version.<br>
*** ipsec.conf (Y/I/N/O/D/Z) [default=N] ? <br>
[philippe@victor ~]$ <b>sudo dpkg -l</b><br>
Desired=Unknown/Install/Remove/Purge/Hold<br>
|
Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend<br>
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)<br>
||/ Name Version Architecture Description<br>
+++-==============-============-============-=================================<br>
ii libreswan 3.7-1.fc19 i386 IPsec implementation
with IKEv1 a<br>
[philippe@victor ~]$ <b>sudo service ipsec start</b> <br>
Redirecting to /bin/systemctl start ipsec.service<br>
[philippe@victor ~]$ <b>sudo ipsec auto status</b><br>
ipsec auto: warning: obsolete command syntax used<br>
000 using kernel interface: netkey<br>
000 interface lo/lo 127.0.0.1<br>
000 interface lo/lo 127.0.0.1<br>
000 interface enp2s0/enp2s0 192.168.1.2<br>
000 interface enp2s0/enp2s0 192.168.1.2<br>
000 <br>
000 fips mode=disabled;<br>
000 SElinux=disabled<br>
000 <br>
000 config setup options:<br>
000 <br>
000 configdir=/etc, configfile=/etc/ipsec.conf,
secrets=/etc/ipsec.secrets, ipsecdir=/etc/ipsec.d,
dumpdir=/var/run/pluto, statsbin=unset<br>
000 sbindir=/usr/sbin, libdir=/usr/libexec/ipsec,
libexecdir=/usr/libexec/ipsec<br>
000 pluto_version=3.7, pluto_vendorid=OE-Libreswan-3.7<br>
000 nhelpers=-1, uniqueids=yes, retransmits=yes, force_busy=no<br>
000 ikeport=500, strictcrlpolicy=no, crlcheckinterval=0,
listen=<any><br>
000 secctx_attr_value=32001<br>
000 myid = (none)<br>
000 debug controlmore<br>
000 <br>
000 nat_traversal=yes, keep_alive=20, nat_ikeport=4500,
disable_port_floating=no<br>
000 virtual_private (%priv):<br>
000 - allowed 1 subnet: 192.168.0.0/16<br>
000 - disallowed 1 subnet: 192.168.1.0/24<br>
000 <br>
000 ESP algorithms supported:<br>
000 <br>
000 algorithm ESP encrypt: id=2, name=ESP_DES, ivlen=8,
keysizemin=64, keysizemax=64<br>
000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8,
keysizemin=192, keysizemax=192<br>
000 algorithm ESP encrypt: id=6, name=ESP_CAST, ivlen=8,
keysizemin=40, keysizemax=128<br>
000 algorithm ESP encrypt: id=7, name=ESP_BLOWFISH, ivlen=8,
keysizemin=40, keysizemax=448<br>
000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0,
keysizemin=0, keysizemax=0<br>
000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8,
keysizemin=128, keysizemax=256<br>
000 algorithm ESP encrypt: id=13, name=ESP_AES_CTR, ivlen=8,
keysizemin=160, keysizemax=288<br>
000 algorithm ESP encrypt: id=14, name=ESP_AES_CCM_A, ivlen=8,
keysizemin=128, keysizemax=256<br>
000 algorithm ESP encrypt: id=15, name=ESP_AES_CCM_B, ivlen=8,
keysizemin=128, keysizemax=256<br>
000 algorithm ESP encrypt: id=16, name=ESP_AES_CCM_C, ivlen=8,
keysizemin=128, keysizemax=256<br>
000 algorithm ESP encrypt: id=18, name=ESP_AES_GCM_A, ivlen=8,
keysizemin=128, keysizemax=256<br>
000 algorithm ESP encrypt: id=19, name=ESP_AES_GCM_B, ivlen=12,
keysizemin=128, keysizemax=256<br>
000 algorithm ESP encrypt: id=20, name=ESP_AES_GCM_C, ivlen=16,
keysizemin=128, keysizemax=256<br>
000 algorithm ESP encrypt: id=22, name=ESP_CAMELLIA, ivlen=8,
keysizemin=128, keysizemax=256<br>
000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8,
keysizemin=128, keysizemax=256<br>
000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8,
keysizemin=128, keysizemax=256<br>
000 algorithm ESP auth attr: id=1, name=AUTH_ALGORITHM_HMAC_MD5,
keysizemin=128, keysizemax=128<br>
000 algorithm ESP auth attr: id=2, name=AUTH_ALGORITHM_HMAC_SHA1,
keysizemin=160, keysizemax=160<br>
000 algorithm ESP auth attr: id=5,
name=AUTH_ALGORITHM_HMAC_SHA2_256, keysizemin=256, keysizemax=256<br>
000 algorithm ESP auth attr: id=6,
name=AUTH_ALGORITHM_HMAC_SHA2_384, keysizemin=384, keysizemax=384<br>
000 algorithm ESP auth attr: id=7,
name=AUTH_ALGORITHM_HMAC_SHA2_512, keysizemin=512, keysizemax=512<br>
000 algorithm ESP auth attr: id=8, name=AUTH_ALGORITHM_HMAC_RIPEMD,
keysizemin=160, keysizemax=160<br>
000 algorithm ESP auth attr: id=9, name=AUTH_ALGORITHM_AES_CBC,
keysizemin=128, keysizemax=128<br>
000 algorithm ESP auth attr: id=251, name=AUTH_ALGORITHM_NULL_KAME,
keysizemin=0, keysizemax=0<br>
000 <br>
000 IKE algorithms supported:<br>
000 <br>
000 algorithm IKE encrypt: v1id=0, v1name=0??, v2id=20,
v2name=AES_GCM_C, blocksize=16, keydeflen=128<br>
000 algorithm IKE encrypt: v1id=0, v1name=0??, v2id=19,
v2name=AES_GCM_B, blocksize=16, keydeflen=128<br>
000 algorithm IKE encrypt: v1id=0, v1name=0??, v2id=18,
v2name=AES_GCM_A, blocksize=16, keydeflen=128<br>
000 algorithm IKE encrypt: v1id=0, v1name=0??, v2id=16,
v2name=AES_CCM_C, blocksize=16, keydeflen=128<br>
000 algorithm IKE encrypt: v1id=0, v1name=0??, v2id=15,
v2name=AES_CCM_B, blocksize=16, keydeflen=128<br>
000 algorithm IKE encrypt: v1id=0, v1name=0??, v2id=14,
v2name=AES_CCM_A, blocksize=16, keydeflen=128<br>
000 algorithm IKE encrypt: v1id=5, v1name=OAKLEY_3DES_CBC, v2id=3,
v2name=3DES, blocksize=8, keydeflen=192<br>
000 algorithm IKE encrypt: v1id=7, v1name=OAKLEY_AES_CBC, v2id=12,
v2name=AES_CBC, blocksize=16, keydeflen=128<br>
000 algorithm IKE encrypt: v1id=65004, v1name=OAKLEY_SERPENT_CBC,
v2id=65004, v2name=SERPENT_CBC, blocksize=16, keydeflen=128<br>
000 algorithm IKE encrypt: v1id=65005, v1name=OAKLEY_TWOFISH_CBC,
v2id=65005, v2name=TWOFISH_CBC, blocksize=16, keydeflen=128<br>
000 algorithm IKE encrypt: v1id=65289,
v1name=OAKLEY_TWOFISH_CBC_SSH, v2id=65289, v2name=TWOFISH_CBC_SSH,
blocksize=16, keydeflen=128<br>
000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashsize=16<br>
000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashsize=20<br>
000 algorithm IKE hash: id=4, name=OAKLEY_SHA2_256, hashsize=32<br>
000 algorithm IKE hash: id=5, name=OAKLEY_SHA2_384, hashsize=48<br>
000 algorithm IKE hash: id=6, name=OAKLEY_SHA2_512, hashsize=64<br>
000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024,
bits=1024<br>
000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536,
bits=1536<br>
000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048,
bits=2048<br>
000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072,
bits=3072<br>
000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096,
bits=4096<br>
000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144,
bits=6144<br>
000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192,
bits=8192<br>
000 algorithm IKE dh group: id=22, name=OAKLEY_GROUP_DH22, bits=1024<br>
000 algorithm IKE dh group: id=23, name=OAKLEY_GROUP_DH23, bits=2048<br>
000 algorithm IKE dh group: id=24, name=OAKLEY_GROUP_DH24, bits=2048<br>
000 <br>
000 stats db_ops: {curr_cnt, total_cnt, maxsz} :context={0,0,0}
trans={0,0,0} attrs={0,0,0} <br>
000 <br>
000 Connection list:<br>
000 <br>
000 "testrouterrsa": 192.168.1.2[C=SK, ST=Slovakia, L=Bratislava,
O=COMPANY a s, OU=CISCO-GROUP, CN=Test Testing,
<a class="moz-txt-link-abbreviated" href="mailto:E=testuser@domain.sk,+MC+XC+S=C">E=testuser@domain.sk,+MC+XC+S=C</a>]...62.168.78.235<62.168.78.235>[@router.domain.sk,MS+XS+S=C]===192.168.0.0/16;
unrouted; eroute owner: #0<br>
000 "testrouterrsa": oriented; my_ip=unset; their_ip=unset;
mycert=le-976f6301-afea-4b42-b7cf-09f633d7b382;<br>
000 "testrouterrsa": xauth info: us:client, them:server,
my_xauthuser=testuser; their_xauthuser=[any]; ;<br>
000 "testrouterrsa": modecfg info: us:client, them:server, modecfg
policy:push, dns1:unset, dns2:unset, domain:unset, banner:unset;<br>
000 "testrouterrsa": labeled_ipsec:no, loopback:no; <br>
000 "testrouterrsa": policy_label:unset; <br>
000 "testrouterrsa": CAs: 'DC=sk, DC=domain,
CN=domain-CA'...'%any'<br>
000 "testrouterrsa": ike_life: 3600s; ipsec_life: 28800s;
rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0;<br>
000 "testrouterrsa": sha2_truncbug:no; initial_contact:no;
cisco_unity:no; send_vendorid:no;<br>
000 "testrouterrsa": policy:
RSASIG+ENCRYPT+TUNNEL+XAUTH+IKEv2ALLOW+SAREFTRACK+IKE_FRAG; <br>
000 "testrouterrsa": conn_prio: 32,16; interface: enp2s0; metric:
0; mtu: unset; sa_prio:auto;<br>
000 "testrouterrsa": newest ISAKMP SA: #0; newest IPsec SA: #0; <br>
000 "testrouterrsa": IKE algorithms wanted:
3DES_CBC(5)_000-SHA1(2)_000-MODP1024(2)<br>
000 "testrouterrsa": IKE algorithms found:
3DES_CBC(5)_192-SHA1(2)_160-MODP1024(2)<br>
000 "testrouterrsa": ESP algorithms wanted:
3DES(3)_000-SHA1(2)_000<br>
000 "testrouterrsa": ESP algorithms loaded:
3DES(3)_192-SHA1(2)_160<br>
000 <br>
000 Total IPsec connections: loaded 1, active 0<br>
000 <br>
000 State list:<br>
000 <br>
000 Shunt list:<br>
000 <br>
[philippe@victor ~]$ <br>
<br>
<pre class="moz-signature" cols="72">--
Philippe Vouters (Fontainebleau/France)
URL: <a class="moz-txt-link-freetext" href="http://vouters.dyndns.org/">http://vouters.dyndns.org/</a>
SIP: <a class="moz-txt-link-abbreviated" href="mailto:sip:Vouters@sip.linphone.org">sip:Vouters@sip.linphone.org</a></pre>
</body>
</html>