east-console-txtrr.txt

This a good VPN source

Starting UML PATH/start.sh
spawn PATH single
Linux version XXXX
On node 0 totalpages: 8192
Kernel command line:
Calibrating delay loop... XXXX bogomips
Dentry-cache hash table entries: NUMBERS
Inode-cache hash table entries: NUMBERS
Mount-cache hash table entries: NUMBERS
Buffer-cache hash table entries: NUMBERS
Page-cache hash table entries: NUMEBRS
POSIX conformance testing by UNIFIX
Linux NET4.0 for Linux 2.4
Based upon Swansea University Computer Society NET3.039
Initializing RT netlink socket
Starting kswapd
VFS: Diskquotas version dquot_6.4.0 initialized
devfs: VERSION Richard Gooch (rgooch@atnf.csiro.au)
devfs: boot_options Q
pty: 256 Unix98 ptys configured
SLIP: version 0.8.4-NET3.019-NEWTTY (dynamic channels, max=256).
loop: loaded (max 8 devices)
PPP generic driver version VERSION
Universal TUN/TAP device driver VERSION
NET4: Linux TCP/IP 1.0 for NET4.0
IP Protocols: ICMP, UDP, TCP
IP: routing cache hash table of 512 buckets, 4Kbytes
TCP: Hash tables configured (established 2048 bind 2048)
IPv4 over IPv4 tunneling driver
GRE over IPv4 tunneling driver
NET4: Unix domain sockets 1.0/SMP for Linux NET4.0.
Mounted devfs on /dev
INIT: version 2.78 booting
Activating swap...
Calculating module dependancies
done.
Loading modules: LIST

Checking all file systems...
Parallelizing fsck version 1.18 (11-Nov-1999)
Setting kernel variables.
Mounting local filesystems...
/dev/shm on /tmp type tmpfs (rw)
/dev/shm on /var/run type tmpfs (rw)
devpts on /dev/pts type devpts (rw,mode=0622)
none on /usr/share type hostfs (ro)
Enabling packet forwarding: done.
Configuring network interfaces: done.
Cleaning: /tmp /var/lock /var/run.
Initializing random number generator... done.
Recovering nvi editor sessions... done.
Give root password for maintenance
(or type Control-D for normal startup): 
east:~#
 klogd -c 4 -x -f /tmp/klog.log
east:~#
 set -u
east:~#
 route delete -net 192.0.1.0 netmask 255.255.255.0
east:~#
 route delete -net default
east:~#
 route add -net default gw 192.1.2.45
east:~#
 named
east:~#
 dig sunrise-oe.uml.freeswan.org a

; <<>> DiG VERSION<<>> sunrise-oe.uml.freeswan.org a
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12345
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;sunrise-oe.uml.freeswan.org.	IN	A

;; ANSWER SECTION:
sunrise-oe.uml.freeswan.org. 604800 IN	A	192.0.2.2

;; Query time: 25 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: DATE
;; MSG SIZE  rcvd: SIZE

east:~#
 netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
192.9.2.0       0.0.0.0         255.255.255.0   U        40 0          0 eth2
192.1.2.0       0.0.0.0         255.255.255.0   U        40 0          0 eth1
192.0.2.0       0.0.0.0         255.255.255.0   U        40 0          0 eth0
0.0.0.0         192.1.2.45      0.0.0.0         UG       40 0          0 eth1
east:~#
 export IPSEC_CONFS="/tmp/etc"
east:~#
 mkdir $IPSEC_CONFS
east:~#
 cp -a /etc/ipsec.conf /etc/ipsec.d $IPSEC_CONFS/
east:~#
 cp -a /testing/baseconfigs/japan/etc/ipsec.secrets $IPSEC_CONFS/
east:~#
 ipsec setup start
ipsec_setup: Starting Openswan IPsec VERSION
east:~#
 /testing/pluto/basic-pluto-01/whackwait.sh
east:~#
 ipsec auto --add private
east:~#
 ipsec whack --listen
002 listening for IKE messages
002 forgetting secrets
002 loading secrets from "/tmp/etc/ipsec.secrets"
002 loading group "/tmp/etc/ipsec.d/policies/private"
east:~#
 ipsec auto --route private
east:~#
east:~#
 : This should fail, but only because we do not know our own secret.
east:~#
 : We use --oppohere/--oppothere so that the negotiation is logged.
east:~#
 : Failure should come before negotiation is actually started.
east:~#
 : No shunt eroute will be created because of using --oppohere/--oppothere.
east:~#
 ipsec whack --oppohere 192.1.2.23 --oppothere 192.0.1.3
033 Can't Opportunistically initiate for 192.1.2.23 to 192.0.1.3: TXT RR for us has wrong key
east:~#
 ipsec eroute
0          0.0.0.0/0          -> 0.0.0.0/0          => %trap
0          192.1.2.23/32      -> 192.0.1.0/24       => %trap
east:~#
 : Try again, using traffic to prompt negotiation.
east:~#
 : This should result in a %drop
east:~#
 ping -c 2 -n 192.0.1.3
PING 192.0.1.3 (192.0.1.3): 56 data bytes

--- 192.0.1.3 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss
east:~#
 ipsec eroute
0          0.0.0.0/0          -> 0.0.0.0/0          => %trap
1          192.1.2.23/32      -> 192.0.1.0/24       => %trap
2          192.1.2.23/32      -> 192.0.1.3/32       => %drop
east:~#
 : the nether world according to pluto
east:~#
east:~#
 echo end
end
east:~#
 

east:~#
east:~#
 halt
INIT: Switching to runlevel: 0
INIT: Sending processes the TERM signal
east:~#
 kill `cat /var/run/klogd.pid`; cat /tmp/klog.log
klogd 1.3-3#33.1, log source = /proc/kmsg started.
east:~#
 halt
east:~#
 INIT: Sending processes the KILL signal
Stopping domain name service: named.
Stopping internet superserver: inetd.
Stopping portmap daemon: portmap.
ipsec_setup: Stopping Openswan IPsec...
IPSEC EVENT: KLIPS device ipsec0 shut down.

Stopping system log daemon: klogd syslogd.
Sending all processes the TERM signal... done.
Sending all processes the KILL signal... done.
Unmounting remote filesystems... done.
Deactivating swap... done.
Unmounting local filesystems... done.
Power down.