OPENSWAN I方打印

最新推荐文章于 2020-06-18 15:41:31 发布
最新推荐文章于 2020-06-18 15:41:31 发布
阅读量439 收藏
点赞数
分类专栏: openswan
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/mengshi12/article/details/77602171
版权

Plutorun started on Sat Aug 26 10:26:58 CST 2017
adjusting ipsec.d to /etc/ipsec.d
Labelled IPsec not enabled; value 32001 ignored.
Starting Pluto (Openswan Version 2.6.49.1; Vendor ID OSWhKaciWM}g) pid:28166
LEAK_DETECTIVE support [disabled]
OCF support for IKE [disabled]
SAref support [disabled]: Protocol not available
SAbind support [disabled]: Protocol not available
NSS support [disabled]
HAVE_STATSD notification support not compiled in
Setting NAT-Traversal port-4500 floating to on
port floating activation criteria nat_t=1/port_float=1
NAT-Traversal support [enabled]
| opening /dev/urandom
using /dev/urandom as source of random entropy
| inserting event EVENT_REINIT_SECRET, timeout in 3600 seconds (head of queue)
| inserting event EVENT_PENDING_DDNS, timeout in 60 seconds (head of queue)
| inserting event EVENT_PENDING_PHASE2, timeout in 120 seconds
| event added after event EVENT_PENDING_DDNS
ike_alg_register_enc(): Activating OAKLEY_AES_CBC: Ok (ret=0)
ike_alg_register_hash(): Activating OAKLEY_SHA2_512: Ok (ret=0)
ike_alg_register_hash(): Activating OAKLEY_SHA2_256: Ok (ret=0)
starting up 1 cryptographic helpers
started helper pid=28169 (fd:7)
Kernel interface auto-pick
Using Linux XFRM/NETKEY IPsec interface code on 3.16.0-23-generic
| process 28166 listening for PF_KEY_V2 on file descriptor 10
| finish_pfkey_msg: K_SADB_REGISTER message 1 for AH
| 02 07 00 02 02 00 00 00 01 00 00 00 06 6e 00 00
| opening /dev/urandom
using /dev/urandom as source of random entropy
! helper 0 waiting on fd: 8
| pfkey_get: K_SADB_REGISTER message 1
| AH registered with kernel.
| finish_pfkey_msg: K_SADB_REGISTER message 2 for ESP
| 02 07 00 03 02 00 00 00 02 00 00 00 06 6e 00 00
| pfkey_get: K_SADB_REGISTER message 2
| alg_init():memset(0xb774ff00, 0, 2048) memset(0xb7750700, 0, 2048)
| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: sadb_msg_len=22 sadb_supported_len=72
| kernel_alg_add():satype=3, exttype=14, alg_id=251
| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[0], exttype=14, satype=3, alg_id=251, alg_ivlen=0, alg_minbits=0, alg_maxbits=0, res=0, ret=1
| kernel_alg_add():satype=3, exttype=14, alg_id=2
| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[1], exttype=14, satype=3, alg_id=2, alg_ivlen=0, alg_minbits=128, alg_maxbits=128, res=0, ret=1
| kernel_alg_add():satype=3, exttype=14, alg_id=3
| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[2], exttype=14, satype=3, alg_id=3, alg_ivlen=0, alg_minbits=160, alg_maxbits=160, res=0, ret=1
| kernel_alg_add():satype=3, exttype=14, alg_id=5
| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[3], exttype=14, satype=3, alg_id=5, alg_ivlen=0, alg_minbits=256, alg_maxbits=256, res=0, ret=1
| kernel_alg_add():satype=3, exttype=14, alg_id=6
| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[4], exttype=14, satype=3, alg_id=6, alg_ivlen=0, alg_minbits=384, alg_maxbits=384, res=0, ret=1
| kernel_alg_add():satype=3, exttype=14, alg_id=7
| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[5], exttype=14, satype=3, alg_id=7, alg_ivlen=0, alg_minbits=512, alg_maxbits=512, res=0, ret=1
| kernel_alg_add():satype=3, exttype=14, alg_id=8
| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[6], exttype=14, satype=3, alg_id=8, alg_ivlen=0, alg_minbits=160, alg_maxbits=160, res=0, ret=1
| kernel_alg_add():satype=3, exttype=14, alg_id=9
| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[7], exttype=14, satype=3, alg_id=9, alg_ivlen=0, alg_minbits=128, alg_maxbits=128, res=0, ret=1
| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: sadb_msg_len=22 sadb_supported_len=88
| kernel_alg_add():satype=3, exttype=15, alg_id=11
| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[8], exttype=15, satype=3, alg_id=11, alg_ivlen=0, alg_minbits=0, alg_maxbits=0, res=0, ret=1
| kernel_alg_add():satype=3, exttype=15, alg_id=2
| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[9], exttype=15, satype=3, alg_id=2, alg_ivlen=8, alg_minbits=64, alg_maxbits=64, res=0, ret=1
| kernel_alg_add():satype=3, exttype=15, alg_id=3
| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[10], exttype=15, satype=3, alg_id=3, alg_ivlen=8, alg_minbits=192, alg_maxbits=192, res=0, ret=1
| kernel_alg_add():satype=3, exttype=15, alg_id=6
| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[11], exttype=15, satype=3, alg_id=6, alg_ivlen=8, alg_minbits=40, alg_maxbits=128, res=0, ret=1
| kernel_alg_add():satype=3, exttype=15, alg_id=7
| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[12], exttype=15, satype=3, alg_id=7, alg_ivlen=8, alg_minbits=40, alg_maxbits=448, res=0, ret=1
| kernel_alg_add():satype=3, exttype=15, alg_id=12
| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[13], exttype=15, satype=3, alg_id=12, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1
| kernel_alg_add():satype=3, exttype=15, alg_id=252
| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[14], exttype=15, satype=3, alg_id=252, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1
| kernel_alg_add():satype=3, exttype=15, alg_id=22
| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[15], exttype=15, satype=3, alg_id=22, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1
| kernel_alg_add():satype=3, exttype=15, alg_id=253
| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[16], exttype=15, satype=3, alg_id=253, alg_ivlen=8, alg_minbits=128, alg_maxbits=256, res=0, ret=1
| kernel_alg_add():satype=3, exttype=15, alg_id=13
| kernel_alg_register_pfkey(): SADB_SATYPE_ESP: alg[17], exttype=15, satype=3, alg_id=13, alg_ivlen=8, alg_minbits=160, alg_maxbits=288, res=0, ret=1
| kernel_alg_add():satype=3, exttype=15, alg_id=18
| kernel_alg_add():satype=3, exttype=15, alg_id=19
| kernel_alg_add():satype=3, exttype=15, alg_id=20
| kernel_alg_add():satype=3, exttype=15, alg_id=14
| kernel_alg_add():satype=3, exttype=15, alg_id=15
| kernel_alg_add():satype=3, exttype=15, alg_id=16
ike_alg_register_enc(): Activating aes_ccm_8: Ok (ret=0)
ike_alg_add(): ERROR: algo_type ‘0’, algo_id ‘0’, Algorithm type already exists
ike_alg_register_enc(): Activating aes_ccm_12: FAILED (ret=-17)
ike_alg_add(): ERROR: algo_type ‘0’, algo_id ‘0’, Algorithm type already exists
ike_alg_register_enc(): Activating aes_ccm_16: FAILED (ret=-17)
ike_alg_add(): ERROR: algo_type ‘0’, algo_id ‘0’, Algorithm type already exists
ike_alg_register_enc(): Activating aes_gcm_8: FAILED (ret=-17)
ike_alg_add(): ERROR: algo_type ‘0’, algo_id ‘0’, Algorithm type already exists
ike_alg_register_enc(): Activating aes_gcm_12: FAILED (ret=-17)
ike_alg_add(): ERROR: algo_type ‘0’, algo_id ‘0’, Algorithm type already exists
ike_alg_register_enc(): Activating aes_gcm_16: FAILED (ret=-17)
| ESP registered with kernel.
| finish_pfkey_msg: K_SADB_REGISTER message 3 for IPCOMP
| 02 07 00 09 02 00 00 00 03 00 00 00 06 6e 00 00
| pfkey_get: K_SADB_REGISTER message 3
| IPCOMP registered with kernel.
| Changed path to directory ‘/etc/ipsec.d/cacerts’
loaded CA cert file ‘ca.pem’ (700 bytes)
| file content is not binary ASN.1
| —–BEGIN CERTIFICATE—–
| —–END CERTIFICATE—–
| file coded in PEM format
| L0 - certificate:
| 30 82 01 d8 30 82 01 41 a0 03 02 01 02 02 01 01
| 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 30
| 29 31 0b 30 09 06 03 55 04 06 13 02 43 4e 31 0b
| 30 09 06 03 55 04 0a 13 02 5a 47 31 0d 30 0b 06
| 03 55 04 03 13 04 72 6f 6f 74 30 1e 17 0d 31 37
| 30 38 30 35 31 32 35 35 30 30 5a 17 0d 32 37 30
| 38 30 35 31 32 35 35 30 30 5a 30 29 31 0b 30 09
| 06 03 55 04 06 13 02 43 4e 31 0b 30 09 06 03 55
| 04 0a 13 02 5a 47 31 0d 30 0b 06 03 55 04 03 13
| 04 72 6f 6f 74 30 81 9f 30 0d 06 09 2a 86 48 86
| f7 0d 01 01 01 05 00 03 81 8d 00 30 81 89 02 81
| 81 00 ea a2 90 dc 1b b2 e8 72 61 2f 05 12 52 ea
| c8 0b 22 16 b6 10 d8 5b d5 93 4e bc 09 54 92 50
| ef 8b 56 09 8a fa b6 8d 3c 05 43 06 72 79 bd 1f
| 30 3f 2e 93 23 84 0a 87 9d 4f 07 b1 80 b7 7f d3
| 94 77 43 a4 a5 ba a2 a0 ef aa 3a 50 34 10 e3 2a
| a7 48 47 02 cd 56 aa 96 1d 70 8f 44 63 cc e9 88
| 0a 62 65 37 93 22 d1 2d 50 af da d1 5e 01 79 84
| 7f 28 83 bb cd aa 5a 5a e3 ba a9 a4 4a 7f 9b 87
| a3 a3 02 03 01 00 01 a3 10 30 0e 30 0c 06 03 55
| 1d 13 04 05 30 03 01 01 ff 30 0d 06 09 2a 86 48
| 86 f7 0d 01 01 05 05 00 03 81 81 00 80 59 4e bd
| f0 7a d0 4d 05 0a c0 e4 2c fe 58 c5 b2 46 6b 26
| 2d 52 4b 9c 00 bf 5a 54 44 5a 10 9d 12 ab f5 ad
| 0d ea 07 64 f5 f1 a3 7c d5 5a 05 2b 04 68 a4 35
| 80 29 45 99 7f ad 8d 08 4a 0e 39 a2 14 82 23 bd
| 5b d3 a9 48 c7 93 20 d4 03 1d 15 04 5d 7c 2b 44
| 36 ca 34 98 31 fa c2 ac 78 01 c7 b5 cf 96 30 24
| bc ef 9c 07 e9 8d de 52 53 24 97 3c f2 d5 8c 98
| 4b 96 fe 03 60 4e 3c 04 94 05 dc 3b
| L1 - tbsCertificate:
| 30 82 01 41 a0 03 02 01 02 02 01 01 30 0d 06 09
| 2a 86 48 86 f7 0d 01 01 05 05 00 30 29 31 0b 30
| 09 06 03 55 04 06 13 02 43 4e 31 0b 30 09 06 03
| 55 04 0a 13 02 5a 47 31 0d 30 0b 06 03 55 04 03
| 13 04 72 6f 6f 74 30 1e 17 0d 31 37 30 38 30 35
| 31 32 35 35 30 30 5a 17 0d 32 37 30 38 30 35 31
| 32 35 35 30 30 5a 30 29 31 0b 30 09 06 03 55 04
| 06 13 02 43 4e 31 0b 30 09 06 03 55 04 0a 13 02
| 5a 47 31 0d 30 0b 06 03 55 04 03 13 04 72 6f 6f
| 74 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01
| 01 05 00 03 81 8d 00 30 81 89 02 81 81 00 ea a2
| 90 dc 1b b2 e8 72 61 2f 05 12 52 ea c8 0b 22 16
| b6 10 d8 5b d5 93 4e bc 09 54 92 50 ef 8b 56 09
| 8a fa b6 8d 3c 05 43 06 72 79 bd 1f 30 3f 2e 93
| 23 84 0a 87 9d 4f 07 b1 80 b7 7f d3 94 77 43 a4
| a5 ba a2 a0 ef aa 3a 50 34 10 e3 2a a7 48 47 02
| cd 56 aa 96 1d 70 8f 44 63 cc e9 88 0a 62 65 37
| 93 22 d1 2d 50 af da d1 5e 01 79 84 7f 28 83 bb
| cd aa 5a 5a e3 ba a9 a4 4a 7f 9b 87 a3 a3 02 03
| 01 00 01 a3 10 30 0e 30 0c 06 03 55 1d 13 04 05
| 30 03 01 01 ff
| L2 - DEFAULT v1:
| L3 - version:
| 02
| v3
| L2 - serialNumber:
| 01
| L2 - signature:
| L3 - algorithmIdentifier:
| L4 - algorithm:
| ‘sha-1WithRSAEncryption’
| L2 - issuer:
| 30 29 31 0b 30 09 06 03 55 04 06 13 02 43 4e 31
| 0b 30 09 06 03 55 04 0a 13 02 5a 47 31 0d 30 0b
| 06 03 55 04 03 13 04 72 6f 6f 74
| ‘C=CN, O=ZG, CN=root’
| L2 - validity:
| L3 - notBefore:
| L4 - utcTime:
| ‘Aug 05 12:55:00 UTC 2017’
| L3 - notAfter:
| L4 - utcTime:
| ‘Aug 05 12:55:00 UTC 2027’
| L2 - subject:
| 30 29 31 0b 30 09 06 03 55 04 06 13 02 43 4e 31
| 0b 30 09 06 03 55 04 0a 13 02 5a 47 31 0d 30 0b
| 06 03 55 04 03 13 04 72 6f 6f 74
| ‘C=CN, O=ZG, CN=root’
| L2 - subjectPublicKeyInfo:
| L3 - algorithm:
| L4 - algorithmIdentifier:
| L5 - algorithm:
| ‘rsaEncryption’
| L3 - subjectPublicKey:
| L4 - RSAPublicKey:
| L5 - modulus:
| 00 ea a2 90 dc 1b b2 e8 72 61 2f 05 12 52 ea c8
| 0b 22 16 b6 10 d8 5b d5 93 4e bc 09 54 92 50 ef
| 8b 56 09 8a fa b6 8d 3c 05 43 06 72 79 bd 1f 30
| 3f 2e 93 23 84 0a 87 9d 4f 07 b1 80 b7 7f d3 94
| 77 43 a4 a5 ba a2 a0 ef aa 3a 50 34 10 e3 2a a7
| 48 47 02 cd 56 aa 96 1d 70 8f 44 63 cc e9 88 0a
| 62 65 37 93 22 d1 2d 50 af da d1 5e 01 79 84 7f
| 28 83 bb cd aa 5a 5a e3 ba a9 a4 4a 7f 9b 87 a3
| a3
| L5 - publicExponent:
| 01 00 01
| L2 - optional extensions:
| L3 - extensions:
| L4 - extension:
| L5 - extnID:
| ‘basicConstraints’
| L5 - critical:
| FALSE
| L5 - extnValue:
| 30 03 01 01 ff
| L6 - basicConstraints:
| L7 - CA:
| ff
| TRUE
| L1 - signatureAlgorithm:
| L2 - algorithmIdentifier:
| L3 - algorithm:
| ‘sha-1WithRSAEncryption’
| L1 - signatureValue:
| 00 80 59 4e bd f0 7a d0 4d 05 0a c0 e4 2c fe 58
| c5 b2 46 6b 26 2d 52 4b 9c 00 bf 5a 54 44 5a 10
| 9d 12 ab f5 ad 0d ea 07 64 f5 f1 a3 7c d5 5a 05
| 2b 04 68 a4 35 80 29 45 99 7f ad 8d 08 4a 0e 39
| a2 14 82 23 bd 5b d3 a9 48 c7 93 20 d4 03 1d 15
| 04 5d 7c 2b 44 36 ca 34 98 31 fa c2 ac 78 01 c7
| b5 cf 96 30 24 bc ef 9c 07 e9 8d de 52 53 24 97
| 3c f2 d5 8c 98 4b 96 fe 03 60 4e 3c 04 94 05 dc
| 3b
| authcert inserted
| Changed path to directory ‘/etc/ipsec.d/aacerts’
| Changed path to directory ‘/etc/ipsec.d/ocspcerts’
| Found 0 items in directory ‘/etc/ipsec.d/crls’
| inserting event EVENT_LOG_DAILY, timeout in 48782 seconds
| event added after event EVENT_REINIT_SECRET
| next event EVENT_PENDING_DDNS in 60 seconds
|
| *received whack message
| Added new connection linux-to-linux with policy RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW+IKEv2Init+SAREFTRACK
loading certificate from /etc/ipsec.d/certs/hdcert.pem
loaded host cert file ‘/etc/ipsec.d/certs/hdcert.pem’ (721 bytes)
| file content is not binary ASN.1
| —–BEGIN CERTIFICATE—–
| —–END CERTIFICATE—–
| file coded in PEM format
| L0 - certificate:
| 30 82 01 e6 30 82 01 4f a0 03 02 01 02 02 01 02
| 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 30
| 29 31 0b 30 09 06 03 55 04 06 13 02 43 4e 31 0b
| 30 09 06 03 55 04 0a 13 02 5a 47 31 0d 30 0b 06
| 03 55 04 03 13 04 72 6f 6f 74 30 1e 17 0d 31 37
| 30 38 31 39 30 31 33 30 30 30 5a 17 0d 31 38 30
| 38 31 39 30 31 33 30 30 30 5a 30 28 31 0b 30 09
| 06 03 55 04 06 13 02 63 6e 31 0c 30 0a 06 03 55
| 04 0a 13 03 7a 74 65 31 0b 30 09 06 03 55 04 03
| 13 02 68 64 30 81 9f 30 0d 06 09 2a 86 48 86 f7
| 0d 01 01 01 05 00 03 81 8d 00 30 81 89 02 81 81
| 00 9f f0 82 74 be f4 a6 f0 09 c5 d3 03 27 3a 0f
| a0 0b 10 c3 05 fb 49 6f 5d ef 80 5b 38 ba b3 9e
| c5 db ff 64 16 28 4c 0e 2b fd 46 4a ea ad 4b b7
| c5 9d 61 65 35 46 67 6f dc a0 56 04 1e 36 e0 a5
| f7 3b 2e 17 7a 44 f4 f2 e0 1b 98 20 41 88 6a 94
| 19 9c 38 9b 2b 60 97 ea f3 20 76 96 c6 08 96 33
| 84 11 39 5f 53 d3 f9 d8 5c ef e1 1b b7 74 ca e4
| bd f8 27 be d9 f7 74 42 db 96 43 bc c6 67 5b e4
| 63 02 03 01 00 01 a3 1f 30 1d 30 09 06 03 55 1d
| 13 04 02 30 00 30 10 06 03 55 1d 11 01 01 ff 04
| 06 30 04 82 02 68 64 30 0d 06 09 2a 86 48 86 f7
| 0d 01 01 05 05 00 03 81 81 00 c7 a0 c0 00 90 e6
| 5a cb 2e 28 e8 24 0f f0 42 d9 7d 0b d2 4a ef 88
| 40 1a 31 89 8d 3a bc 36 c2 68 0e 75 31 93 74 5e
| 3c 18 3f b2 81 c8 9a ae e8 cf fc 66 25 bb 96 33
| 41 e8 31 45 22 f7 ff 6c ef c2 55 91 aa bb 83 0e
| 38 86 fa 87 bf 49 89 bf b8 bb 6a 13 3f 4e b5 a7
| df e6 ca 2a b3 cf a5 86 c0 52 a0 f6 69 63 16 cc
| c3 ff 35 55 c8 6f 91 08 c9 97 37 be 6d 02 a4 10
| ad 4e ac a2 3b 53 71 4d 3b ed
| L1 - tbsCertificate:
| 30 82 01 4f a0 03 02 01 02 02 01 02 30 0d 06 09
| 2a 86 48 86 f7 0d 01 01 05 05 00 30 29 31 0b 30
| 09 06 03 55 04 06 13 02 43 4e 31 0b 30 09 06 03
| 55 04 0a 13 02 5a 47 31 0d 30 0b 06 03 55 04 03
| 13 04 72 6f 6f 74 30 1e 17 0d 31 37 30 38 31 39
| 30 31 33 30 30 30 5a 17 0d 31 38 30 38 31 39 30
| 31 33 30 30 30 5a 30 28 31 0b 30 09 06 03 55 04
| 06 13 02 63 6e 31 0c 30 0a 06 03 55 04 0a 13 03
| 7a 74 65 31 0b 30 09 06 03 55 04 03 13 02 68 64
| 30 81 9f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01
| 05 00 03 81 8d 00 30 81 89 02 81 81 00 9f f0 82
| 74 be f4 a6 f0 09 c5 d3 03 27 3a 0f a0 0b 10 c3
| 05 fb 49 6f 5d ef 80 5b 38 ba b3 9e c5 db ff 64
| 16 28 4c 0e 2b fd 46 4a ea ad 4b b7 c5 9d 61 65
| 35 46 67 6f dc a0 56 04 1e 36 e0 a5 f7 3b 2e 17
| 7a 44 f4 f2 e0 1b 98 20 41 88 6a 94 19 9c 38 9b
| 2b 60 97 ea f3 20 76 96 c6 08 96 33 84 11 39 5f
| 53 d3 f9 d8 5c ef e1 1b b7 74 ca e4 bd f8 27 be
| d9 f7 74 42 db 96 43 bc c6 67 5b e4 63 02 03 01
| 00 01 a3 1f 30 1d 30 09 06 03 55 1d 13 04 02 30
| 00 30 10 06 03 55 1d 11 01 01 ff 04 06 30 04 82
| 02 68 64
| L2 - DEFAULT v1:
| L3 - version:
| 02
| v3
| L2 - serialNumber:
| 02
| L2 - signature:
| L3 - algorithmIdentifier:
| L4 - algorithm:
| ‘sha-1WithRSAEncryption’
| L2 - issuer:
| 30 29 31 0b 30 09 06 03 55 04 06 13 02 43 4e 31
| 0b 30 09 06 03 55 04 0a 13 02 5a 47 31 0d 30 0b
| 06 03 55 04 03 13 04 72 6f 6f 74
| ‘C=CN, O=ZG, CN=root’
| L2 - validity:
| L3 - notBefore:
| L4 - utcTime:
| ‘Aug 19 01:30:00 UTC 2017’
| L3 - notAfter:
| L4 - utcTime:
| ‘Aug 19 01:30:00 UTC 2018’
| L2 - subject:
| 30 28 31 0b 30 09 06 03 55 04 06 13 02 63 6e 31
| 0c 30 0a 06 03 55 04 0a 13 03 7a 74 65 31 0b 30
| 09 06 03 55 04 03 13 02 68 64
| ‘C=cn, O=zte, CN=hd’
| L2 - subjectPublicKeyInfo:
| L3 - algorithm:
| L4 - algorithmIdentifier:
| L5 - algorithm:
| ‘rsaEncryption’
| L3 - subjectPublicKey:
| L4 - RSAPublicKey:
| L5 - modulus:
| 00 9f f0 82 74 be f4 a6 f0 09 c5 d3 03 27 3a 0f
| a0 0b 10 c3 05 fb 49 6f 5d ef 80 5b 38 ba b3 9e
| c5 db ff 64 16 28 4c 0e 2b fd 46 4a ea ad 4b b7
| c5 9d 61 65 35 46 67 6f dc a0 56 04 1e 36 e0 a5
| f7 3b 2e 17 7a 44 f4 f2 e0 1b 98 20 41 88 6a 94
| 19 9c 38 9b 2b 60 97 ea f3 20 76 96 c6 08 96 33
| 84 11 39 5f 53 d3 f9 d8 5c ef e1 1b b7 74 ca e4
| bd f8 27 be d9 f7 74 42 db 96 43 bc c6 67 5b e4
| 63
| L5 - publicExponent:
| 01 00 01
| L2 - optional extensions:
| L3 - extensions:
| L4 - extension:
| L5 - extnID:
| ‘basicConstraints’
| L5 - critical:
| FALSE
| L5 - extnValue:
| 30 00
| L6 - basicConstraints:
| L7 - CA:
| FALSE
| L4 - extension:
| L5 - extnID:
| ‘subjectAltName’
| L5 - critical:
| ff
| TRUE
| L5 - extnValue:
| 30 04 82 02 68 64
| L6 - generalNames:
| L7 - generalName:
| L8 - dnsName:
| 68 64
| ‘hd’
| L1 - signatureAlgorithm:
| L2 - algorithmIdentifier:
| L3 - algorithm:
| ‘sha-1WithRSAEncryption’
| L1 - signatureValue:
| 00 c7 a0 c0 00 90 e6 5a cb 2e 28 e8 24 0f f0 42
| d9 7d 0b d2 4a ef 88 40 1a 31 89 8d 3a bc 36 c2
| 68 0e 75 31 93 74 5e 3c 18 3f b2 81 c8 9a ae e8
| cf fc 66 25 bb 96 33 41 e8 31 45 22 f7 ff 6c ef
| c2 55 91 aa bb 83 0e 38 86 fa 87 bf 49 89 bf b8
| bb 6a 13 3f 4e b5 a7 df e6 ca 2a b3 cf a5 86 c0
| 52 a0 f6 69 63 16 cc c3 ff 35 55 c8 6f 91 08 c9
| 97 37 be 6d 02 a4 10 ad 4e ac a2 3b 53 71 4d 3b
| ed
| not before : Aug 19 01:30:00 UTC 2017
| current time: Aug 26 02:26:58 UTC 2017
| not after : Aug 19 01:30:00 UTC 2018
| certificate is valid
| counting wild cards for C=cn, O=zte, CN=hd is 0
| counting wild cards for C=cn, O=zte, CN=wq is 0
| orient linux-to-linux matching on public/private keys: this=no[%address] that=no[%address]
| orient linux-to-linux finished with: 0 [none]
| find_ID_host_pair: looking for me=C=cn, O=zte, CN=hd him=C=cn, O=zte, CN=wq (exact)
| concluded with
adding connection: “linux-to-linux”
| 192.168.1.102[C=cn, O=zte, CN=hd]…192.168.1.101[C=cn, O=zte, CN=wq]
| ike_life: 28800s; ipsec_life: 3600s; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0; policy: RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW+IKEv2Init+SAREFTRACK
| * processed 0 messages from cryptographic helpers
| next event EVENT_PENDING_DDNS in 60 seconds
| next event EVENT_PENDING_DDNS in 60 seconds
|
| *received whack message
listening for IKE messages
| found lo with address 127.0.0.1
| found eth0 with address 192.168.1.102
| NAT-Traversal: Trying new style NAT-T
| NAT-Traversal: ESPINUDP(1) setup succeeded for new style NAT-T family IPv4
adding interface eth0/eth0 192.168.1.102:500 (AF_INET)
| NAT-Traversal: Trying new style NAT-T
| NAT-Traversal: ESPINUDP(2) setup succeeded for new style NAT-T family IPv4
adding interface eth0/eth0 192.168.1.102:4500
| NAT-Traversal: Trying new style NAT-T
| NAT-Traversal: ESPINUDP(1) setup succeeded for new style NAT-T family IPv4
adding interface lo/lo 127.0.0.1:500 (AF_INET)
| NAT-Traversal: Trying new style NAT-T
| NAT-Traversal: ESPINUDP(2) setup succeeded for new style NAT-T family IPv4
adding interface lo/lo 127.0.0.1:4500
| found lo with address 0000:0000:0000:0000:0000:0000:0000:0001
adding interface lo/lo ::1:500 (AF_INET6)
| orient linux-to-linux checking against if: lo (AF_INET6:::1:500)
| orient linux-to-linux checking against if: lo (AF_INET:127.0.0.1:4500)
| orient linux-to-linux checking against if: lo (AF_INET:127.0.0.1:500)
| orient linux-to-linux checking against if: eth0 (AF_INET:192.168.1.102:4500)
| orient linux-to-linux checking against if: eth0 (AF_INET:192.168.1.102:500)
| orient matched on IP
| orient linux-to-linux finished with: 1 [192.168.1.102]
| connection linux-to-linux is now oriented
| find_host_pair: looking for me=192.168.1.102:500 %address him=192.168.1.101:500 exact-match
| find_host_pair: concluded with
| connect_to_host_pair: 192.168.1.102:500 %address 192.168.1.101:500 -> hp:none
| find_ID_host_pair: looking for me=C=cn, O=zte, CN=hd him=C=cn, O=zte, CN=wq (exact)
| comparing to me=C=cn, O=zte, CN=hd him=C=cn, O=zte, CN=wq (linux-to-linux)
| concluded with linux-to-linux
loading secrets from “/etc/ipsec.secrets”
loaded private key file ‘/etc/ipsec.d/private/hdkey.key’ (887 bytes)
| file content is not binary ASN.1
| —–BEGIN RSA PRIVATE KEY—–
| —–END RSA PRIVATE KEY—–
| file coded in PEM format
| L0 - RSAPrivateKey:
| L1 - version:
| L1 - modulus:
| L1 - publicExponent:
| L1 - privateExponent:
| L1 - prime1:
| L1 - prime2:
| L1 - exponent1:
| L1 - exponent2:
| L1 - coefficient:
loaded private key for keyid: PPK_RSA:AwEAAZ/wg
| * processed 0 messages from cryptographic helpers
| next event EVENT_PENDING_DDNS in 60 seconds
| next event EVENT_PENDING_DDNS in 60 seconds
|
| *received whack message
| processing connection linux-to-linux
| route owner of “linux-to-linux” unrouted: NULL; eroute owner: NULL
| could_route called for linux-to-linux (kind=CK_PERMANENT)
| route owner of “linux-to-linux” unrouted: NULL; eroute owner: NULL
| route_and_eroute with c: linux-to-linux (next: none) ero:null esr:{(nil)} ro:null rosr:{(nil)} and state: 0
| request to add a prospective erouted policy with netkey kernel — experimental
| creating SPD to 192.168.1.102->spi=00000104@0.0.0.0 proto=61
| creating SPD to 192.168.1.102->spi=00000104@0.0.0.0 proto=61
| route_and_eroute: firewall_notified: true
| command executing prepare-host
| executing prepare-host: 2>&1 PLUTO_VERB=’prepare-host’ PLUTO_VERSION=’2.0’ PLUTO_CONNECTION=’linux-to-linux’ PLUTO_INTERFACE=’eth0’ PLUTO_NEXT_HOP=’192.168.1.101’ PLUTO_ME=’192.168.1.102’ PLUTO_MY_ID=’C=cn, O=zte, CN=hd’ PLUTO_MY_CLIENT=’192.168.1.102/32’ PLUTO_MY_CLIENT_NET=’192.168.1.102’ PLUTO_MY_CLIENT_MASK=’255.255.255.255’ PLUTO_MY_PORT=’0’ PLUTO_MY_PROTOCOL=’0’ PLUTO_PEER=’192.168.1.101’ PLUTO_PEER_ID=’C=cn, O=zte, CN=wq’ PLUTO_PEER_CLIENT=’192.168.1.101/32’ PLUTO_PEER_CLIENT_NET=’192.168.1.101’ PLUTO_PEER_CLIENT_MASK=’255.255.255.255’ PLUTO_PEER_PORT=’0’ PLUTO_PEER_PROTOCOL=’0’ PLUTO_PEER_CA=” PLUTO_STACK=’netkey’ PLUTO_CONN_POLICY=’RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW+IKEv2Init+SAREFTRACK’ PLUTO_CONN_ADDRFAMILY=’ipv4’ PLUTO_IS_PEER_CISCO=’0’ PLUTO_CISCO_DNS_INFO=” PLUTO_CISCO_DOMAIN_INFO=” PLUTO_PEER_BANNER=” PLUTO_NM_CONFIGURED=’0’ ipsec _updown
| command executing route-host
| executing route-host: 2>&1 PLUTO_VERB=’route-host’ PLUTO_VERSION=’2.0’ PLUTO_CONNECTION=’linux-to-linux’ PLUTO_INTERFACE=’eth0’ PLUTO_NEXT_HOP=’192.168.1.101’ PLUTO_ME=’192.168.1.102’ PLUTO_MY_ID=’C=cn, O=zte, CN=hd’ PLUTO_MY_CLIENT=’192.168.1.102/32’ PLUTO_MY_CLIENT_NET=’192.168.1.102’ PLUTO_MY_CLIENT_MASK=’255.255.255.255’ PLUTO_MY_PORT=’0’ PLUTO_MY_PROTOCOL=’0’ PLUTO_PEER=’192.168.1.101’ PLUTO_PEER_ID=’C=cn, O=zte, CN=wq’ PLUTO_PEER_CLIENT=’192.168.1.101/32’ PLUTO_PEER_CLIENT_NET=’192.168.1.101’ PLUTO_PEER_CLIENT_MASK=’255.255.255.255’ PLUTO_PEER_PORT=’0’ PLUTO_PEER_PROTOCOL=’0’ PLUTO_PEER_CA=” PLUTO_STACK=’netkey’ PLUTO_CONN_POLICY=’RSASIG+ENCRYPT+TUNNEL+PFS+IKEv2ALLOW+IKEv2Init+SAREFTRACK’ PLUTO_CONN_ADDRFAMILY=’ipv4’ PLUTO_IS_PEER_CISCO=’0’ PLUTO_CISCO_DNS_INFO=” PLUTO_CISCO_DOMAIN_INFO=” PLUTO_PEER_BANNER=” PLUTO_NM_CONFIGURED=’0’ ipsec _updown
| * processed 0 messages from cryptographic helpers
| next event EVENT_PENDING_DDNS in 60 seconds
| next event EVENT_PENDING_DDNS in 60 seconds
|
| *received whack message
| processing connection linux-to-linux
| empty esp_info, returning defaults
| creating state object #1 at 0xb8c31058
| orient linux-to-linux checking against if: lo (AF_INET6:::1:500)
| orient linux-to-linux checking against if: lo (AF_INET:127.0.0.1:4500)
| orient linux-to-linux checking against if: lo (AF_INET:127.0.0.1:500)
| orient linux-to-linux checking against if: eth0 (AF_INET:192.168.1.102:4500)
| orient linux-to-linux checking against if: eth0 (AF_INET:192.168.1.102:500)
| orient matched on IP
| orient linux-to-linux finished with: 1 [192.168.1.102]
| processing connection linux-to-linux
| ICOOKIE: 8f d8 7d 3b c5 f0 f1 0b
| RCOOKIE: 00 00 00 00 00 00 00 00
| state hash entry 28
| inserting state object #1 bucket: 28
| inserting event EVENT_SO_DISCARD, timeout in 0 seconds for #1 (head of queue)
| processing connection linux-to-linux
| Queuing pending Quick Mode with 192.168.1.101 “linux-to-linux”
“linux-to-linux” #1: initiating v2 parent SA
“linux-to-linux” #1: STATE_PARENT_I1: initiate
| no IKE algorithms for this connection
| 0: w->pcw_dead: 0 w->pcw_work: 0 cnt: 1
| asking helper 0 to do build_kenonce op on seq: 1 (len=2672, pcw_work=1)
| crypto helper write of request: cnt=2672

猛士12
关注
专栏目录
Openswan的安装及配置
xueaiwen的博客
12-22 5128
一、系统环境 系统:centos 7 openswan版本:2.6.51.5 二、安装编译 1、下载安装包Openswan-2.6.51.5.zip:https://download.openswan.org/openswan/,将安装包拷贝到安装目录,本人安装到 /usr/local 目录。 2、卸载系统自带的libreswan yum remove libreswan* 3、安装gmp yum install -y gmp* 4、切换到安装目录,解压...
Ipsec Openswan 26sec等基础知识扫盲
终身学习的程序猿
05-08 8490
最近在整理openswan clips,linux netkey等 面的东西. 理清openswan什么版本支持ipv6,pluto和racoon作用等等知识 . 希望对研究ipsec,vpn面的朋友有帮助.整理不足之处还请指正. 问题提出:什么是xfrm,racoon,netkey,PF_KEY,netlink,clips,26sec,Setkey,KAME,ipsec?
OPENSWAN R打印
mengshi12的专栏
08-26 959
Plutorun started on Sun Aug 20 17:37:08 CST 2017 adjusting ipsec.d to /etc/ipsec.d Labelled IPsec not enabled; value 32001 ignored. Starting Pluto (Openswan Version 2.6.49.1; Vendor ID OSWhKaciWM}g)
Openswan中遇到的问题以及解决办法
热门推荐
专栏
01-17 3万+
Linux version 2.6.32-71.el6.i686 (mockbuild@c6b5.bsys.dev.centos.org) (gcc version 4.4.4 20100726 (Red Hat 4.4.4-13) (GCC) ) ipsec --version:Linux Openswan 2.6.38 (klips) 遇到的诸多问题: 安装完openswan之后
openswan源码ubantu下编译、安装、基本环境搭建
遇见你是我最美丽的意外
04-30 9403
openswan的编译过程 1. 下载源码: 对于openswan源码,我们是从官网上下载的。这里提供两个不同的网站: 专门下载openswan源码的网站 ​ openswan官网1源码下载 openswan官网页面 ​ openswan官网2源码下载 2. 在虚拟机上解压后编译: 我解压后的源码目录为:root@ubantu:/usr/src/openswan-2.6.51.5#...
C语言 · 数组查找及替换
weixin_34408624的博客
02-15 2076
算法训练 数组查找及替换   时间限制:1.0s   内存限制:512.0MB      问题描述   给定某整数数组和某一整数b。要求删除数组中可以被b整除的所有元素,同时将该数组各元素按从小到大排序。如果数组元素数值在A到Z的ASCII之间,替换为对应字母。元素个数不超过100,b在1至100之间。 输入格式   第一行为数组元素个数和整数b  第二行为数组各个元素 输出格式   按照要...
openswan pluto性能优化
最新发布
02-19
openswan源码中的pluto进程在处理隧道数量比较少时效率问题没有那么突出,而当隧道增加到成千上万条时,它的性能问题显得格外的突出。当添加1万~2万条隧道时,cpu的利用率很高,性能下载很多。本文章从优化pluto中...
openswan-2.6.38
01-08
openswan-2.6.38源码,搬运自openswan.org openswan-2.6.38.tar.gz
openswan-2.4.12
06-24
openswan, openswan-2.4.12, ipsec 官网下载地址 http://ftp.openswan.org/openswan/ http://ftp.openswan.org/openswan/old/openswan-2.4/ /* 无需资源分 */
openSwan-2.4.7.tar.gz
03-22
openSwan 2.4.7:构建安全的IPsec虚拟私有网络》 openSwan是一款开源软件,主要用于实现IPsec(Internet Protocol Security)虚拟私有网络,它为互联网上的通信提供了加密和身份验证服务,从而保障了数据的安全...
pluto实现分析(2)——代码函数调用关系
bytxl的专栏
11-03 3629
本文档的Copyleft归yfydz所有,使用GPL发布,可以自由拷贝,转载,转载时请保持文档的完整性, 严禁用于任何商业用途。 msn: yfydz_no1@hotmail.com 来源:http://yfydz.cublog.cn   4. 代码函数调用关系表 main   -> getopt_long   -> init_ctl_socket   ->
openswan + l2tp 配置ipsec×××
weixin_33709590的博客
05-11 306
以下是本人在Debian lenny上配置L2TP ×××的记录,你可完全参考,只需修改IP:173.255.200.20为你的IP地址即可。 一:安装配置openswan 听说debian lenny源中的openswan有问题,只有安装2.6.24版才能正常使用。 1...
Linux 2.6.19.x 内核编译配置选项简介
weixin_34038293的博客
06-24 953
Linux 2.6.19.x 内核编译配置选项简介[url]http://lamp.linux.gov.cn/Linux/kernel_options.html[/url]作者:金步国版权声明本文作者是一位自由软件爱好者,所以本文虽然不是软件,但是本着 GPL 的精神发布。任何人都可以自由使用、转载、复制和再分发,但必须保留作者署名,亦不得对声明中的任何条款作任何形式的修改,...
基于openswan klips的IPsec实现分析(九)加密算法维护
终身学习的程序猿
06-18 3541
基于openswan klips的IPsec VPN实现分析(九)加密算法维护 转载请注明出处:http://blog.csdn.net/rosetta 本节将介绍klips加密算法的维护,并介绍如何增加新加密算法的支持,下一节将讲认证算法维护和增加。 这里说的加密算法是指对称加密算法,是在通信过程中对传送的信息加解密时使用的,比如:AES,3DES,sm4等。
构建与集成OpenSwan虚拟专用网络指南
"openswan手册——Building and Integrating Virtual Private Networks with Openswan" 《openswan手册》是针对OpenSwan项目的一份详尽指南,由OpenSwan的开发者编写,旨在教会读者如何构建符合行业标准、具有军事...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值