Wednesday, August 9, 2017

How to setup VPN server PPTP on CentOS



             How to setup PPTP server on CentOS

 

My setup is cloudstack  as  below:

VM --------------------------VR (Virtual Router) -----------------------Public network (windows)
v1n1(pptp server)               public interface 10.147.46.102


  Configuring pptp server in the Centos VM (v1n1)

 1. Install the pptp server in cents
      #rpm -i http://poptop.sourceforge.net/yum/stable/rhel6/pptp-release-current.noarch.rpm
          warning: /var/tmp/rpm-tmp.zgYGDb: Header V3 DSA/SHA1 Signature, key ID 862acc42: NOKEY
      # yum -y install pptpd

2. Before updating the configuration take backup of the configuration.
 Copy the below below configuration files into your pptp server.

[root@v1n1 ~]# cat /etc/*-release
CentOS release 6.5 (Final)
CentOS release 6.5 (Final)
CentOS release 6.5 (Final)

[root@v1n1 ~]# cat /etc/pptpd.conf
#start of custom file
#logwtmp
option /etc/ppp/options.pptpd
localip 192.168.0.1   # local vpn IP
remoteip 192.168.0.234-238,192.168.0.245[root@v1n1 ~]# cat /etc/ppp/chap-secrets
# Secrets for authentication using CHAP
# client    server    secret            IP addresses
test1 * test1 *
test2 * test2 *
[root@v1n1 ~]#
#remoteip 192.168.0.100-200  # ip range for connections
listen 10.1.1.242 # eth0 my example public IP and network interface
#end of custom file
debug
[root@v1n1 ~]#
[root@v1n1 ~]# cat /etc/ppp/options.pptpd
#custom settings for a simple fast pptp server
ms-dns 8.8.8.8
ms-dns 4.2.2.2
lock
name pptpd
#require-mschap-v2
require-chap
# Require MPPE 128-bit encryption
# (note that MPPE requires the use of MSCHAP-V2 during authentication)
# require-mppe-128
[root@v1n1 ~]# 

 3. Add the below config in sysctl.conf and run using sysctl -p
net.ipv4.ip_forward = 1


4. Start your pptp server using below command
/etc/init.d/pptpd restart-kill && /etc/init.d/pptpd start

5. make sure you have the below iptables configuration to allow the pptp and gre

[root@v1n1 ~]# iptables -L -nv
Chain INPUT (policy ACCEPT 604 packets, 57798 bytes)
 pkts bytes target     prot opt in     out     source               destination        
 496K   47M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
    2   120 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0          
    0     0 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0          
    3   192 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           state NEW tcp dpt:22
   39  2028 ACCEPT     tcp  --  eth0   *       0.0.0.0/0            0.0.0.0/0           tcp dpt:1723
    2   109 ACCEPT     47   --  eth0   *       0.0.0.0/0            0.0.0.0/0          

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination        
  199 12913 ACCEPT     all  --  ppp+   eth0    0.0.0.0/0            0.0.0.0/0          
  217 24050 ACCEPT     all  --  eth0   ppp+    0.0.0.0/0            0.0.0.0/0          

Chain OUTPUT (policy ACCEPT 4117 packets, 527K bytes)
 pkts bytes target     prot opt in     out     source               destination        
[root@v1n1 ~]#
[root@v1n1 ~]# iptables-save
# Generated by iptables-save v1.4.7 on Wed Aug  9 09:19:50 2017
*nat
:PREROUTING ACCEPT [190:16147]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [13:1119]
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Wed Aug  9 09:19:50 2017
# Generated by iptables-save v1.4.7 on Wed Aug  9 09:19:50 2017
*filter
:INPUT ACCEPT [604:57798]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [4130:529629]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -i eth0 -p tcp -m tcp --dport 1723 -j ACCEPT
-A INPUT -i eth0 -p gre -j ACCEPT
-A FORWARD -i ppp+ -o eth0 -j ACCEPT
-A FORWARD -i eth0 -o ppp+ -j ACCEPT
COMMIT
# Completed on Wed Aug  9 09:19:50 2017
[root@v1n1 ~]#


Configurations with in the VR:

1. Configure port forwarding to VM v1n1 on the VR and also configure firewall on 10.147.46.102 (FIREWALL_10.147.46.102 chain) to allow the pptp port TCP 1723. Here the public interface is eth3.  

2. Insert the pptp modules in VR.
root@r-123-JAY:~# modprobe nf_conntrack_pptp
root@r-123-JAY:~# modprobe nf_nat_pptp 


root@r-123-JAY:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 02:00:1a:98:00:09 brd ff:ff:ff:ff:ff:ff
    inet 10.1.1.1/24 brd 10.1.1.255 scope global eth0
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 0e:00:a9:fe:00:b6 brd ff:ff:ff:ff:ff:ff
    inet 169.254.0.182/16 brd 169.254.255.255 scope global eth1
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 1e:00:7f:00:00:27 brd ff:ff:ff:ff:ff:ff
    inet 10.147.55.100/24 brd 10.147.55.255 scope global eth2
5: eth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 1e:00:01:00:00:0e brd ff:ff:ff:ff:ff:ff
    inet 10.147.46.102/24 brd 10.147.46.255 scope global eth3
root@r-123-JAY:~#
 
root@r-123-JAY:~# iptables -t mangle -L -nv
Chain PREROUTING (policy ACCEPT 674 packets, 64448 bytes)
 pkts bytes target     prot opt in     out     source               destination        
  507 36204 FIREWALL_10.147.46.102  all  --  *      *       0.0.0.0/0            10.147.46.102      
    0     0 VPN_10.147.46.102  all  --  *      *       0.0.0.0/0            10.147.46.102      
    4   304 VPN_10.147.55.100  all  --  *      *       0.0.0.0/0            10.147.55.100      
    0     0 FIREWALL_10.147.55.100  all  --  *      *       0.0.0.0/0            10.147.55.100      
    0     0 VPN_10.147.55.100  all  --  *      *       0.0.0.0/0            10.147.55.100      
  662 63576 CONNMARK   all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED CONNMARK restore
    0     0 CONNMARK   all  --  eth2   *       0.0.0.0/0            0.0.0.0/0            state NEW CONNMARK set 0x2
    0     0 CONNMARK   all  --  eth3   *       0.0.0.0/0            0.0.0.0/0            state NEW CONNMARK set 0x3
    0     0 MARK       all  --  *      *       10.1.1.242           0.0.0.0/0            state NEW MARK set 0x3
    0     0 CONNMARK   all  --  *      *       10.1.1.242           0.0.0.0/0            state NEW CONNMARK save

Chain INPUT (policy ACCEPT 408 packets, 30668 bytes)
 pkts bytes target     prot opt in     out     source               destination        

Chain FORWARD (policy ACCEPT 777 packets, 70288 bytes)
 pkts bytes target     prot opt in     out     source               destination        

Chain OUTPUT (policy ACCEPT 318 packets, 40691 bytes)
 pkts bytes target     prot opt in     out     source               destination        

Chain POSTROUTING (policy ACCEPT 1095 packets, 111K bytes)
 pkts bytes target     prot opt in     out     source               destination        
    0     0 CHECKSUM   udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:68 CHECKSUM fill

Chain FIREWALL_10.147.46.102 (1 references)
 pkts bytes target     prot opt in     out     source               destination        
  507 36204 LOG        all  --  *      *       0.0.0.0/0            0.0.0.0/0            LOG flags 0 level 4 prefix "JAY"
    0     0 RETURN     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:1723
    0     0 RETURN     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:22
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0          

         

Chain FIREWALL_10.147.55.100 (1 references)
 pkts bytes target     prot opt in     out     source               destination        
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0            icmptype 255
    0     0 RETURN     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:4500
    0     0 RETURN     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:1701
    0     0 RETURN     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:500
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
    0     0 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0          

Chain VPN_10.147.46.102 (1 references)
 pkts bytes target     prot opt in     out     source               destination        
    0     0 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
    0     0 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0          

Chain VPN_10.147.55.100 (2 references)
 pkts bytes target     prot opt in     out     source               destination        
    0     0 ACCEPT     esp  --  *      *       0.0.0.0/0            0.0.0.0/0          
    0     0 ACCEPT     ah   --  *      *       0.0.0.0/0            0.0.0.0/0          
    4   304 ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
    0     0 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0          
root@r-123-JAY:~#
root@r-123-JAY:~#
root@r-123-JAY:~# iptables -t nat -L -nv
Chain PREROUTING (policy ACCEPT 173 packets, 11501 bytes)
 pkts bytes target     prot opt in     out     source               destination        
    0     0 DNAT       all  --  eth0   *       0.0.0.0/0            10.147.46.102        to:10.1.1.242
   29  1526 DNAT       all  --  *      *       0.0.0.0/0            10.147.46.102        to:10.1.1.242

Chain INPUT (policy ACCEPT 42 packets, 3024 bytes)
 pkts bytes target     prot opt in     out     source               destination        

Chain OUTPUT (policy ACCEPT 5 packets, 380 bytes)
 pkts bytes target     prot opt in     out     source               destination        
    0     0 DNAT       all  --  *      *       0.0.0.0/0            10.147.46.102        to:10.1.1.242

Chain POSTROUTING (policy ACCEPT 29 packets, 1526 bytes)
 pkts bytes target     prot opt in     out     source               destination        
    0     0 SNAT       all  --  *      eth0    10.1.1.0/24          10.1.1.242           to:10.1.1.1
  126  8097 SNAT       all  --  *      eth3    10.1.1.242           0.0.0.0/0            to:10.147.46.102
   10   760 SNAT       all  --  *      eth2    0.0.0.0/0            0.0.0.0/0            to:10.147.55.100
    0     0 SNAT       all  --  *      eth2    0.0.0.0/0            0.0.0.0/0            to:10.147.46.102
root@r-123-JAY:~#  

Configuration on the windows client:


 

ppp tunnel interface on pptp server after the client connection from the windows

 [root@v1n1 ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 02:00:54:41:00:08 brd ff:ff:ff:ff:ff:ff
    inet 10.1.1.242/24 brd 10.1.1.255 scope global eth0
    inet6 fe80::54ff:fe41:8/64 scope link
       valid_lft forever preferred_lft forever
42: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1400 qdisc pfifo_fast state UNKNOWN qlen 3
    link/ppp
    inet 192.168.0.1 peer 192.168.0.234/32 scope global ppp0
[root@v1n1 ~]#

Common errors:
 1. peer refused to authenticate: terminating link *
 This error means your options.pptpd has configured for the mschap-v2 (require-mschap-v2) and user,password are configured in /etc/ppp/chap-secrets. But the client is trying to connect with chap.

 Update your /etc/ppp/options.pptpd to require-chap and comment require-mppe-128


*Aug  9 09:38:49 v1n1 pptpd[20130]: CTRL: Client 10.147.38.153 control connection started
Aug  9 09:38:49 v1n1 pptpd[20130]: CTRL: Starting call (launching pppd, opening GRE)
Aug  9 09:38:49 v1n1 pppd[20131]: pppd 2.4.5 started by root, uid 0
Aug  9 09:38:49 v1n1 pppd[20131]: Using interface ppp0
Aug  9 09:38:49 v1n1 pppd[20131]: Connect: ppp0 <--> /dev/pts/1


Aug  9 09:38:52 v1n1 pppd[20131]: peer refused to authenticate: terminating link
Aug  9 09:38:52 v1n1 pppd[20131]: Connection terminated.
Aug  9 09:38:52 v1n1 pppd[20131]: Exit.
Aug  9 09:38:52 v1n1 pptpd[20130]: GRE: read(fd=6,buffer=611860,len=8196) from PTY failed: status = -1 error = Input/output error, usually caused by unexpected termination of pppd, check option syntax and pppd logs
Aug  9 09:38:52 v1n1 pptpd[20130]: CTRL: PTY read or GRE write failed (pty,gre)=(6,7)
Aug  9 09:38:52 v1n1 pptpd[20130]: CTRL: Client 10.147.38.153 control connection finished

Posted by at No comments:

Wednesday, August 2, 2017

Strongswan 5.2 Site to Site vpn configuration in debain

Strongswan Site to Site vpn configuration:

 I have two virtual routers. one is r-21 and the second one is r-22.

The below is the strongswan ipsec vpn configuration on both VRs.



root@r-21-QA:/etc/ipsec.d# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 0e:00:a9:fe:02:21 brd ff:ff:ff:ff:ff:ff
    inet 169.254.2.33/16 brd 169.254.255.255 scope global eth0
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 1e:00:0a:00:00:0f brd ff:ff:ff:ff:ff:ff
    inet 10.147.46.103/24 brd 10.147.46.255 scope global eth1
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 02:00:44:8c:00:03 brd ff:ff:ff:ff:ff:ff
    inet 10.1.1.1/24 brd 10.1.1.255 scope global eth2
5: eth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 02:00:4a:59:00:05 brd ff:ff:ff:ff:ff:ff
    inet 10.1.2.1/24 brd 10.1.2.255 scope global eth3
root@r-21-QA:/etc/ipsec.d#
root@r-21-QA:/etc/ipsec.d# ipsec --version
Linux strongSwan U5.2.1/K3.2.0-4-amd64
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil, Switzerland
See 'ipsec --copyright' for copyright information.
root@r-21-QA:/etc/ipsec.d#
root@r-21-QA:/etc/ipsec.d# cat /etc/ipsec.conf
# ipsec.conf - strongSwan IPsec configuration file

config setup
   nat_traversal=yes
   charonstart=yes
   plutostart=yes
   plutodebug=control

include /etc/ipsec.d/*.conf
root@r-21-QA:/etc/ipsec.d#
root@r-21-QA:/etc/ipsec.d# cat /etc/ipsec.d^C
root@r-21-QA:/etc/ipsec.d# pwd
/etc/ipsec.d
root@r-21-QA:/etc/ipsec.d# cat ipsec.vpn-10.147.46.104.conf
conn vpn-10.147.46.104
  left=10.147.46.103
  leftsubnet=10.1.0.0/16
  #leftnexthop=10.147.46.1
  right=10.147.46.104
  rightsubnet=10.2.1.0/24,10.2.2.0/24
  type=tunnel
  authby=secret
  keyexchange=ikev1
  ike=3des-md5
  ikelifetime=86400s
  esp=3des-md5
  lifetime=3600s
  #pfs=no
  keyingtries=2
  auto=start
root@r-21-QA:/etc/ipsec.d# cat ipsec.vpn-10.147.46.104.secrets
10.147.46.103 10.147.46.104 : PSK "123456789"
root@r-21-QA:/etc/ipsec.d#
root@r-21-QA:/etc/ipsec.d# ipsec status
Security Associations (1 up, 0 connecting):
vpn-10.147.46.104[1]: ESTABLISHED 69 minutes ago, 10.147.46.103[10.147.46.103]...10.147.46.104[10.147.46.104]
vpn-10.147.46.104{1}:  INSTALLED, TUNNEL, ESP SPIs: c5544282_i c5dc6c61_o
vpn-10.147.46.104{1}:   10.1.0.0/16 === 10.2.1.0/24
root@r-21-QA:/etc/ipsec.d#
root@r-21-QA:/etc/ipsec.d# ipsec statusall
Status of IKE charon daemon (strongSwan 5.2.1, Linux 3.2.0-4-amd64, x86_64):
  uptime: 69 minutes, since Aug 08 09:46:31 2016
  malloc: sbrk 532480, mmap 0, used 390112, free 142368
  worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 2
  loaded plugins: charon aes rc2 sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default farp stroke updown eap-identity eap-aka eap-md5 eap-gtc eap-mschapv2 eap-radius eap-tls eap-ttls eap-tnc xauth-generic xauth-eap xauth-pam tnc-tnccs dhcp lookip error-notify certexpire led addrblock unity
Listening IP addresses:
  169.254.2.33
  10.147.46.103
  10.1.1.1
  10.1.2.1
Connections:
vpn-10.147.46.104:  10.147.46.103...10.147.46.104  IKEv1
vpn-10.147.46.104:   local:  [10.147.46.103] uses pre-shared key authentication
vpn-10.147.46.104:   remote: [10.147.46.104] uses pre-shared key authentication
vpn-10.147.46.104:   child:  10.1.0.0/16 === 10.2.1.0/24 10.2.2.0/24 TUNNEL
    L2TP-PSK:  172.26.0.151...%any  IKEv1
    L2TP-PSK:   local:  [172.26.0.151] uses pre-shared key authentication
    L2TP-PSK:   remote: uses pre-shared key authentication
    L2TP-PSK:   child:  dynamic[udp/l2f] === 10.0.0.0/8[udp] TUNNEL
Security Associations (1 up, 0 connecting):
vpn-10.147.46.104[1]: ESTABLISHED 69 minutes ago, 10.147.46.103[10.147.46.103]...10.147.46.104[10.147.46.104]
vpn-10.147.46.104[1]: IKEv1 SPIs: 35b39d866a70abdf_i* 86bee069adbe4541_r, pre-shared key reauthentication in 22 hours
vpn-10.147.46.104[1]: IKE proposal: AES_CBC_128/HMAC_MD5_96/PRF_HMAC_MD5/MODP_2048
vpn-10.147.46.104{1}:  INSTALLED, TUNNEL, ESP SPIs: c5544282_i c5dc6c61_o
vpn-10.147.46.104{1}:  3DES_CBC/HMAC_MD5_96, 0 bytes_i, 0 bytes_o, rekeying in 16 minutes
vpn-10.147.46.104{1}:   10.1.0.0/16 === 10.2.1.0/24
root@r-21-QA:/etc/ipsec.d#
root@r-21-QA:/etc/ipsec.d# ipsec listall

List of registered IKE algorithms:

  encryption: AES_CBC[aes] RC2_CBC[rc2] 3DES_CBC[openssl] CAMELLIA_CBC[openssl] CAST_CBC[openssl] BLOWFISH_CBC[openssl]
              DES_CBC[openssl] DES_ECB[openssl] NULL[openssl]
  integrity:  HMAC_MD5_96[openssl] HMAC_MD5_128[openssl] HMAC_SHA1_96[openssl] HMAC_SHA1_128[openssl]
              HMAC_SHA1_160[openssl] HMAC_SHA2_256_128[openssl] HMAC_SHA2_256_256[openssl] HMAC_SHA2_384_192[openssl]
              HMAC_SHA2_384_384[openssl] HMAC_SHA2_512_256[openssl] HMAC_SHA2_512_512[openssl] CAMELLIA_XCBC_96[xcbc]
              AES_XCBC_96[xcbc]
  aead:       AES_GCM_8[openssl] AES_GCM_12[openssl] AES_GCM_16[openssl]
  hasher:     HASH_SHA1[sha1] HASH_SHA224[sha2] HASH_SHA256[sha2] HASH_SHA384[sha2] HASH_SHA512[sha2] HASH_MD5[md5]
              HASH_MD4[openssl]
  prf:        PRF_KEYED_SHA1[sha1] PRF_HMAC_MD5[openssl] PRF_HMAC_SHA1[openssl] PRF_HMAC_SHA2_256[openssl]
              PRF_HMAC_SHA2_384[openssl] PRF_HMAC_SHA2_512[openssl] PRF_FIPS_SHA1_160[fips-prf] PRF_AES128_XCBC[xcbc]
              PRF_CAMELLIA128_XCBC[xcbc]
  dh-group:   MODP_2048[openssl] MODP_2048_224[openssl] MODP_2048_256[openssl] MODP_1536[openssl] MODP_3072[openssl]
              MODP_4096[openssl] MODP_6144[openssl] MODP_8192[openssl] MODP_1024[openssl] MODP_1024_160[openssl]
              MODP_768[openssl] MODP_CUSTOM[openssl] ECP_256[openssl] ECP_384[openssl] ECP_521[openssl] ECP_224[openssl]
              ECP_192[openssl] ECP_224_BP[openssl] ECP_256_BP[openssl] ECP_384_BP[openssl] ECP_512_BP[openssl]
  random-gen: RNG_WEAK[openssl] RNG_STRONG[random] RNG_TRUE[random]
  nonce-gen:  [nonce]

List of loaded Plugins:

charon:
    CUSTOM:libcharon
        NONCE_GEN
        CUSTOM:libcharon-receiver
        CUSTOM:kernel-ipsec
        CUSTOM:kernel-net
    CUSTOM:libcharon-receiver
        HASHER:HASH_SHA1
        RNG:RNG_STRONG
        CUSTOM:socket
aes:
    CRYPTER:AES_CBC-16
    CRYPTER:AES_CBC-24
    CRYPTER:AES_CBC-32
rc2:
    CRYPTER:RC2_CBC-0
sha1:
    HASHER:HASH_SHA1
    PRF:PRF_KEYED_SHA1
sha2:
    HASHER:HASH_SHA224
    HASHER:HASH_SHA256
    HASHER:HASH_SHA384
    HASHER:HASH_SHA512
md5:
    HASHER:HASH_MD5
random:
    RNG:RNG_STRONG
    RNG:RNG_TRUE
nonce:
    NONCE_GEN
        RNG:RNG_WEAK
x509:
    CERT_ENCODE:X509
        HASHER:HASH_SHA1
    CERT_DECODE:X509
        HASHER:HASH_SHA1
        PUBKEY:ANY
    CERT_ENCODE:X509_AC
    CERT_DECODE:X509_AC
    CERT_ENCODE:X509_CRL
    CERT_DECODE:X509_CRL
    CERT_ENCODE:X509_OCSP_REQUEST
        HASHER:HASH_SHA1
        RNG:RNG_WEAK
    CERT_DECODE:X509_OCSP_RESPONSE
    CERT_ENCODE:PKCS10_REQUEST
    CERT_DECODE:PKCS10_REQUEST
revocation:
    CUSTOM:revocation
        CERT_ENCODE:X509_OCSP_REQUEST (soft)
        CERT_DECODE:X509_OCSP_RESPONSE (soft)
        CERT_DECODE:X509_CRL (soft)
        CERT_DECODE:X509 (soft)
        FETCHER:(null) (soft)
constraints:
    CUSTOM:constraints
        CERT_DECODE:X509 (soft)
pubkey:
    CERT_ENCODE:TRUSTED_PUBKEY
    CERT_DECODE:TRUSTED_PUBKEY
        PUBKEY:RSA (soft)
        PUBKEY:ECDSA (soft)
        PUBKEY:DSA (soft)
pkcs1:
    PRIVKEY:RSA
    PUBKEY:ANY
        PUBKEY:RSA (soft)
        PUBKEY:ECDSA (soft)
        PUBKEY:DSA (soft)
    PUBKEY:RSA
pkcs7:
    CONTAINER_DECODE:PKCS7
    CONTAINER_ENCODE:PKCS7_DATA
    CONTAINER_ENCODE:PKCS7_SIGNED_DATA
    CONTAINER_ENCODE:PKCS7_ENVELOPED_DATA
pkcs8:
    PRIVKEY:ANY
    PRIVKEY:RSA
    PRIVKEY:ECDSA
pkcs12:
    CONTAINER_DECODE:PKCS12
        CONTAINER_DECODE:PKCS7
        CERT_DECODE:X509 (soft)
        PRIVKEY:ANY (soft)
        HASHER:HASH_SHA1 (soft)
        CRYPTER:3DES_CBC-24 (soft)
        CRYPTER:RC2_CBC-0 (soft)
pgp:
    PRIVKEY:ANY
    PRIVKEY:RSA
    PUBKEY:ANY
    PUBKEY:RSA
    CERT_DECODE:PGP
dnskey:
    PUBKEY:ANY
    PUBKEY:RSA
sshkey:
    PUBKEY:ANY
    CERT_DECODE:TRUSTED_PUBKEY
pem:
    PRIVKEY:ANY
        PRIVKEY:ANY
        HASHER:HASH_MD5 (soft)
    PRIVKEY:RSA
        PRIVKEY:RSA
        HASHER:HASH_MD5 (soft)
    PRIVKEY:ECDSA
        PRIVKEY:ECDSA
        HASHER:HASH_MD5 (soft)
    PRIVKEY:DSA (not loaded)
        PRIVKEY:DSA
        HASHER:HASH_MD5 (soft)
    PUBKEY:ANY
        PUBKEY:ANY
    PUBKEY:RSA
        PUBKEY:RSA
    PUBKEY:ECDSA
        PUBKEY:ECDSA
    PUBKEY:DSA (not loaded)
        PUBKEY:DSA
    CERT_DECODE:ANY
        CERT_DECODE:X509 (soft)
        CERT_DECODE:PGP (soft)
    CERT_DECODE:X509
        CERT_DECODE:X509
    CERT_DECODE:X509_CRL
        CERT_DECODE:X509_CRL
    CERT_DECODE:X509_OCSP_REQUEST (not loaded)
        CERT_DECODE:X509_OCSP_REQUEST
    CERT_DECODE:X509_OCSP_RESPONSE
        CERT_DECODE:X509_OCSP_RESPONSE
    CERT_DECODE:X509_AC
        CERT_DECODE:X509_AC
    CERT_DECODE:PKCS10_REQUEST
        CERT_DECODE:PKCS10_REQUEST
    CERT_DECODE:TRUSTED_PUBKEY
        CERT_DECODE:TRUSTED_PUBKEY
    CERT_DECODE:PGP
        CERT_DECODE:PGP
    CONTAINER_DECODE:PKCS12
        CONTAINER_DECODE:PKCS12
openssl:
    CUSTOM:openssl-threading
    CRYPTER:AES_CBC-16
    CRYPTER:AES_CBC-24
    CRYPTER:AES_CBC-32
    CRYPTER:CAMELLIA_CBC-16
    CRYPTER:CAMELLIA_CBC-24
    CRYPTER:CAMELLIA_CBC-32
    CRYPTER:CAST_CBC-0
    CRYPTER:BLOWFISH_CBC-0
    CRYPTER:3DES_CBC-24
    CRYPTER:DES_CBC-8
    CRYPTER:DES_ECB-8
    CRYPTER:NULL-0
    HASHER:HASH_MD4
    HASHER:HASH_MD5
    HASHER:HASH_SHA1
    HASHER:HASH_SHA224
    HASHER:HASH_SHA256
    HASHER:HASH_SHA384
    HASHER:HASH_SHA512
    PRF:PRF_KEYED_SHA1
    PRF:PRF_HMAC_MD5
    PRF:PRF_HMAC_SHA1
    PRF:PRF_HMAC_SHA2_256
    PRF:PRF_HMAC_SHA2_384
    PRF:PRF_HMAC_SHA2_512
    SIGNER:HMAC_MD5_96
    SIGNER:HMAC_MD5_128
    SIGNER:HMAC_SHA1_96
    SIGNER:HMAC_SHA1_128
    SIGNER:HMAC_SHA1_160
    SIGNER:HMAC_SHA2_256_128
    SIGNER:HMAC_SHA2_256_256
    SIGNER:HMAC_SHA2_384_192
    SIGNER:HMAC_SHA2_384_384
    SIGNER:HMAC_SHA2_512_256
    SIGNER:HMAC_SHA2_512_512
    AEAD:AES_GCM_8-16
    AEAD:AES_GCM_8-24
    AEAD:AES_GCM_8-32
    AEAD:AES_GCM_12-16
    AEAD:AES_GCM_12-24
    AEAD:AES_GCM_12-32
    AEAD:AES_GCM_16-16
    AEAD:AES_GCM_16-24
    AEAD:AES_GCM_16-32
    DH:MODP_2048
    DH:MODP_2048_224
    DH:MODP_2048_256
    DH:MODP_1536
    DH:MODP_3072
    DH:MODP_4096
    DH:MODP_6144
    DH:MODP_8192
    DH:MODP_1024
    DH:MODP_1024_160
    DH:MODP_768
    DH:MODP_CUSTOM
    PRIVKEY:RSA
    PRIVKEY:ANY
    PRIVKEY_GEN:RSA
    PUBKEY:RSA
    PUBKEY:ANY
    PRIVKEY_SIGN:RSA_EMSA_PKCS1_NULL
    PUBKEY_VERIFY:RSA_EMSA_PKCS1_NULL
    PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA1
    PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA1
    PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA224
    PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA256
    PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA224
    PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA256
    PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA384
    PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA512
    PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA384
    PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA512
    PRIVKEY_SIGN:RSA_EMSA_PKCS1_MD5
    PUBKEY_VERIFY:RSA_EMSA_PKCS1_MD5
    PRIVKEY_DECRYPT:ENCRYPT_RSA_PKCS1
    PUBKEY_ENCRYPT:ENCRYPT_RSA_PKCS1
    CERT_DECODE:X509
        PUBKEY:RSA (soft)
        PUBKEY:ECDSA (soft)
        PUBKEY:DSA (soft)
    CERT_DECODE:X509_CRL
    CONTAINER_DECODE:PKCS7
    CONTAINER_DECODE:PKCS12
    DH:ECP_256
    DH:ECP_384
    DH:ECP_521
    DH:ECP_224
    DH:ECP_192
    DH:ECP_224_BP
    DH:ECP_256_BP
    DH:ECP_384_BP
    DH:ECP_512_BP
    PRIVKEY:ECDSA
    PRIVKEY_GEN:ECDSA
    PUBKEY:ECDSA
    PRIVKEY_SIGN:ECDSA_WITH_NULL
    PUBKEY_VERIFY:ECDSA_WITH_NULL
    PRIVKEY_SIGN:ECDSA_WITH_SHA1_DER
    PUBKEY_VERIFY:ECDSA_WITH_SHA1_DER
    PRIVKEY_SIGN:ECDSA_WITH_SHA256_DER
    PUBKEY_VERIFY:ECDSA_WITH_SHA256_DER
    PRIVKEY_SIGN:ECDSA-256
    PUBKEY_VERIFY:ECDSA-256
    PRIVKEY_SIGN:ECDSA_WITH_SHA384_DER
    PRIVKEY_SIGN:ECDSA_WITH_SHA512_DER
    PUBKEY_VERIFY:ECDSA_WITH_SHA384_DER
    PUBKEY_VERIFY:ECDSA_WITH_SHA512_DER
    PRIVKEY_SIGN:ECDSA-384
    PRIVKEY_SIGN:ECDSA-521
    PUBKEY_VERIFY:ECDSA-384
    PUBKEY_VERIFY:ECDSA-521
    RNG:RNG_STRONG
    RNG:RNG_WEAK
fips-prf:
    PRF:PRF_FIPS_SHA1_160
        PRF:PRF_KEYED_SHA1
gmp:
    DH:MODP_2048
        RNG:RNG_STRONG
    DH:MODP_2048_224
        RNG:RNG_STRONG
    DH:MODP_2048_256
        RNG:RNG_STRONG
    DH:MODP_1536
        RNG:RNG_STRONG
    DH:MODP_3072
        RNG:RNG_STRONG
    DH:MODP_4096
        RNG:RNG_STRONG
    DH:MODP_6144
        RNG:RNG_STRONG
    DH:MODP_8192
        RNG:RNG_STRONG
    DH:MODP_1024
        RNG:RNG_STRONG
    DH:MODP_1024_160
        RNG:RNG_STRONG
    DH:MODP_768
        RNG:RNG_STRONG
    DH:MODP_CUSTOM
        RNG:RNG_STRONG
    PRIVKEY:RSA
    PRIVKEY_GEN:RSA
        RNG:RNG_TRUE
    PUBKEY:RSA
    PRIVKEY_SIGN:RSA_EMSA_PKCS1_NULL
    PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA1
        HASHER:HASH_SHA1
    PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA224
        HASHER:HASH_SHA224
    PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA256
        HASHER:HASH_SHA256
    PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA384
        HASHER:HASH_SHA384
    PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA512
        HASHER:HASH_SHA512
    PRIVKEY_SIGN:RSA_EMSA_PKCS1_MD5
        HASHER:HASH_MD5
    PUBKEY_VERIFY:RSA_EMSA_PKCS1_NULL
    PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA1
        HASHER:HASH_SHA1
    PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA224
        HASHER:HASH_SHA224
    PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA256
        HASHER:HASH_SHA256
    PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA384
        HASHER:HASH_SHA384
    PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA512
        HASHER:HASH_SHA512
    PUBKEY_VERIFY:RSA_EMSA_PKCS1_MD5
        HASHER:HASH_MD5
    PRIVKEY_DECRYPT:ENCRYPT_RSA_PKCS1
    PUBKEY_ENCRYPT:ENCRYPT_RSA_PKCS1
        RNG:RNG_WEAK
agent:
    PRIVKEY:ANY
    PRIVKEY:RSA
    PRIVKEY:ECDSA
xcbc:
    PRF:PRF_AES128_XCBC
        CRYPTER:AES_CBC-16
    PRF:PRF_CAMELLIA128_XCBC
        CRYPTER:CAMELLIA_CBC-16
    SIGNER:CAMELLIA_XCBC_96
        CRYPTER:CAMELLIA_CBC-16
    SIGNER:AES_XCBC_96
        CRYPTER:AES_CBC-16
hmac:
    PRF:PRF_HMAC_SHA1
        HASHER:HASH_SHA1
    PRF:PRF_HMAC_MD5
        HASHER:HASH_MD5
    PRF:PRF_HMAC_SHA2_256
        HASHER:HASH_SHA256
    PRF:PRF_HMAC_SHA2_384
        HASHER:HASH_SHA384
    PRF:PRF_HMAC_SHA2_512
        HASHER:HASH_SHA512
    SIGNER:HMAC_SHA1_96
        HASHER:HASH_SHA1
    SIGNER:HMAC_SHA1_128
        HASHER:HASH_SHA1
    SIGNER:HMAC_SHA1_160
        HASHER:HASH_SHA1
    SIGNER:HMAC_MD5_96
        HASHER:HASH_MD5
    SIGNER:HMAC_MD5_128
        HASHER:HASH_MD5
    SIGNER:HMAC_SHA2_256_128
        HASHER:HASH_SHA256
    SIGNER:HMAC_SHA2_256_256
        HASHER:HASH_SHA256
    SIGNER:HMAC_SHA2_384_192
        HASHER:HASH_SHA384
    SIGNER:HMAC_SHA2_384_384
        HASHER:HASH_SHA384
    SIGNER:HMAC_SHA2_512_256
        HASHER:HASH_SHA512
    SIGNER:HMAC_SHA2_512_512
        HASHER:HASH_SHA512
gcm:
    AEAD:AES_GCM_8-16
        CRYPTER:AES_CBC-16
    AEAD:AES_GCM_8-24
        CRYPTER:AES_CBC-24
    AEAD:AES_GCM_8-32
        CRYPTER:AES_CBC-32
    AEAD:AES_GCM_12-16
        CRYPTER:AES_CBC-16
    AEAD:AES_GCM_12-24
        CRYPTER:AES_CBC-24
    AEAD:AES_GCM_12-32
        CRYPTER:AES_CBC-32
    AEAD:AES_GCM_16-16
        CRYPTER:AES_CBC-16
    AEAD:AES_GCM_16-24
        CRYPTER:AES_CBC-24
    AEAD:AES_GCM_16-32
        CRYPTER:AES_CBC-32
attr:
    CUSTOM:attr
kernel-netlink:
    CUSTOM:kernel-ipsec
    CUSTOM:kernel-net
resolve:
    CUSTOM:resolve
socket-default:
    CUSTOM:socket
        CUSTOM:kernel-ipsec (soft)
farp:
    CUSTOM:farp
stroke:
    CUSTOM:stroke
        PRIVKEY:RSA (soft)
        PRIVKEY:ECDSA (soft)
        PRIVKEY:DSA (soft)
        CERT_DECODE:ANY (soft)
        CERT_DECODE:X509 (soft)
        CERT_DECODE:X509_CRL (soft)
        CERT_DECODE:X509_AC (soft)
        CERT_DECODE:TRUSTED_PUBKEY (soft)
updown:
    CUSTOM:updown
eap-identity:
    EAP_SERVER:ID
    EAP_CLIENT:ID
eap-aka:
    CUSTOM:aka-manager
    EAP_SERVER:AKA
        RNG:RNG_WEAK
        HASHER:HASH_SHA1
        PRF:PRF_FIPS_SHA1_160
        SIGNER:HMAC_SHA1_128
        CRYPTER:AES_CBC-16
    EAP_CLIENT:AKA
        RNG:RNG_WEAK
        HASHER:HASH_SHA1
        PRF:PRF_FIPS_SHA1_160
        SIGNER:HMAC_SHA1_128
        CRYPTER:AES_CBC-16
eap-md5:
    EAP_SERVER:MD5
        HASHER:HASH_MD5
        RNG:RNG_WEAK
    EAP_CLIENT:MD5
        HASHER:HASH_MD5
        RNG:RNG_WEAK
eap-gtc:
    EAP_SERVER:GTC
    EAP_CLIENT:GTC
eap-mschapv2:
    EAP_SERVER:MSCHAPV2
        CRYPTER:DES_ECB-8
        HASHER:HASH_MD4
        HASHER:HASH_SHA1
        RNG:RNG_WEAK
    EAP_CLIENT:MSCHAPV2
        CRYPTER:DES_ECB-8
        HASHER:HASH_MD4
        HASHER:HASH_SHA1
        RNG:RNG_WEAK
eap-radius:
    EAP_SERVER:RAD
        CUSTOM:eap-radius
    XAUTH_SERVER:radius
        CUSTOM:eap-radius
    CUSTOM:eap-radius
        HASHER:HASH_MD5
        SIGNER:HMAC_MD5_128
        RNG:RNG_WEAK
eap-tls:
    EAP_SERVER:TLS
        HASHER:HASH_MD5
        HASHER:HASH_SHA1
        RNG:RNG_WEAK
    EAP_CLIENT:TLS
        HASHER:HASH_MD5
        HASHER:HASH_SHA1
        RNG:RNG_WEAK
        RNG:RNG_STRONG
eap-ttls:
    EAP_SERVER:TTLS
        EAP_SERVER:ID
        HASHER:HASH_MD5
        HASHER:HASH_SHA1
        RNG:RNG_WEAK
    EAP_CLIENT:TTLS
        EAP_CLIENT:ID
        HASHER:HASH_MD5
        HASHER:HASH_SHA1
        RNG:RNG_WEAK
        RNG:RNG_STRONG
eap-tnc:
    EAP_SERVER:TNC
        EAP_SERVER:TTLS
        CUSTOM:tnccs-manager
    EAP_CLIENT:TNC
        EAP_CLIENT:TTLS
        CUSTOM:tnccs-manager
    EAP_SERVER:PT
        EAP_SERVER:TTLS
        CUSTOM:tnccs-manager
    EAP_CLIENT:PT
        EAP_CLIENT:TTLS
        CUSTOM:tnccs-manager
xauth-generic:
    XAUTH_SERVER:generic
    XAUTH_CLIENT:generic
xauth-eap:
    XAUTH_SERVER:eap
xauth-pam:
    XAUTH_SERVER:pam
tnc-tnccs:
    CUSTOM:tnccs-manager
dhcp:
    CUSTOM:dhcp
        RNG:RNG_WEAK
lookip:
    CUSTOM:lookip
error-notify:
    CUSTOM:error-notify
certexpire:
    CUSTOM:certexpire
led:
    CUSTOM:led
addrblock:
    CUSTOM:addrblock
        CERT_DECODE:X509 (soft)
unity:
    CUSTOM:unity
root@r-21-QA:/etc/ipsec.d#

======================================================
root@r-22-QA:/etc/ipsec.d# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 0e:00:a9:fe:01:03 brd ff:ff:ff:ff:ff:ff
    inet 169.254.1.3/16 brd 169.254.255.255 scope global eth0
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 1e:00:75:00:00:10 brd ff:ff:ff:ff:ff:ff
    inet 10.147.46.104/24 brd 10.147.46.255 scope global eth1
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 02:00:56:d7:00:05 brd ff:ff:ff:ff:ff:ff
    inet 10.2.1.1/24 brd 10.2.1.255 scope global eth2
6: eth3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 02:00:78:4f:00:05 brd ff:ff:ff:ff:ff:ff
    inet 10.2.2.1/24 brd 10.2.2.255 scope global eth3
root@r-22-QA:/etc/ipsec.d#
root@r-22-QA:/etc/ipsec.d# ipsec --version
Linux strongSwan U5.2.1/K3.2.0-4-amd64
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil, Switzerland
See 'ipsec --copyright' for copyright information.
root@r-22-QA:/etc/ipsec.d#
root@r-22-QA:/etc/ipsec.d# cat ipsec.vpn-10.147.46.103.conf
conn vpn-10.147.46.103
  left=10.147.46.104
  leftsubnet=10.2.0.0/16
  leftnexthop=10.147.46.1
  right=10.147.46.103
  rightsubnet=10.1.0.0/16
  type=tunnel
  authby=secret
  keyexchange=ike
  ike=3des-md5-modp1024
  ikelifetime=86400s
  esp=3des-md5
  lifetime=3600s
  #pfs=no
  keyingtries=2
  auto=start
root@r-22-QA:/etc/ipsec.d#
root@r-22-QA:/etc/ipsec.d# cat ipsec.vpn-10.147.46.103.secrets
10.147.46.104 10.147.46.103 : PSK "123456789"
root@r-22-QA:/etc/ipsec.d# cat /etc/ipsec.conf
# ipsec.conf - strongSwan IPsec configuration file

config setup
   #nat_traversal=yes
   #charonstart=yes
   #plutostart=yes
   #plutodebug=control

include /etc/ipsec.d/*.conf
root@r-22-QA:/etc/ipsec.d# ipsec status
Security Associations (1 up, 0 connecting):
vpn-10.147.46.103[6]: ESTABLISHED 73 minutes ago, 10.147.46.104[10.147.46.104]...10.147.46.103[10.147.46.103]
vpn-10.147.46.103{5}:  INSTALLED, TUNNEL, ESP SPIs: c5dc6c61_i c5544282_o
vpn-10.147.46.103{5}:   10.2.1.0/24 === 10.1.0.0/16
root@r-22-QA:/etc/ipsec.d# ipsec statusall
Status of IKE charon daemon (strongSwan 5.2.1, Linux 3.2.0-4-amd64, x86_64):
  uptime: 92 minutes, since Aug 08 09:27:46 2016
  malloc: sbrk 536576, mmap 0, used 391504, free 145072
  worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 9
  loaded plugins: charon aes rc2 sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default farp stroke updown eap-identity eap-aka eap-md5 eap-gtc eap-mschapv2 eap-radius eap-tls eap-ttls eap-tnc xauth-generic xauth-eap xauth-pam tnc-tnccs dhcp lookip error-notify certexpire led addrblock unity
Listening IP addresses:
  169.254.1.3
  10.147.46.104
  10.2.1.1
  10.2.2.1
Connections:
vpn-10.147.46.103:  10.147.46.104...10.147.46.103  IKEv1/2
vpn-10.147.46.103:   local:  [10.147.46.104] uses pre-shared key authentication
vpn-10.147.46.103:   remote: [10.147.46.103] uses pre-shared key authentication
vpn-10.147.46.103:   child:  10.2.0.0/16 === 10.1.0.0/16 TUNNEL
    L2TP-PSK:  172.26.0.151...%any  IKEv1
    L2TP-PSK:   local:  [172.26.0.151] uses pre-shared key authentication
    L2TP-PSK:   remote: uses pre-shared key authentication
    L2TP-PSK:   child:  dynamic[udp/l2f] === 10.0.0.0/8[udp] TUNNEL
Security Associations (1 up, 0 connecting):
vpn-10.147.46.103[6]: ESTABLISHED 73 minutes ago, 10.147.46.104[10.147.46.104]...10.147.46.103[10.147.46.103]
vpn-10.147.46.103[6]: IKEv1 SPIs: 35b39d866a70abdf_i 86bee069adbe4541_r*, pre-shared key reauthentication in 22 hours
vpn-10.147.46.103[6]: IKE proposal: AES_CBC_128/HMAC_MD5_96/PRF_HMAC_MD5/MODP_2048
vpn-10.147.46.103{5}:  INSTALLED, TUNNEL, ESP SPIs: c5dc6c61_i c5544282_o
vpn-10.147.46.103{5}:  3DES_CBC/HMAC_MD5_96, 0 bytes_i, 0 bytes_o, rekeying in 16 minutes
vpn-10.147.46.103{5}:   10.2.1.0/24 === 10.1.0.0/16
root@r-22-QA:/etc/ipsec.d#
root@r-22-QA:/etc/ipsec.d# ipsec listall

List of registered IKE algorithms:

  encryption: AES_CBC[aes] RC2_CBC[rc2] 3DES_CBC[openssl] CAMELLIA_CBC[openssl] CAST_CBC[openssl] BLOWFISH_CBC[openssl]
              DES_CBC[openssl] DES_ECB[openssl] NULL[openssl]
  integrity:  HMAC_MD5_96[openssl] HMAC_MD5_128[openssl] HMAC_SHA1_96[openssl] HMAC_SHA1_128[openssl]
              HMAC_SHA1_160[openssl] HMAC_SHA2_256_128[openssl] HMAC_SHA2_256_256[openssl] HMAC_SHA2_384_192[openssl]
              HMAC_SHA2_384_384[openssl] HMAC_SHA2_512_256[openssl] HMAC_SHA2_512_512[openssl] CAMELLIA_XCBC_96[xcbc]
              AES_XCBC_96[xcbc]
  aead:       AES_GCM_8[openssl] AES_GCM_12[openssl] AES_GCM_16[openssl]
  hasher:     HASH_SHA1[sha1] HASH_SHA224[sha2] HASH_SHA256[sha2] HASH_SHA384[sha2] HASH_SHA512[sha2] HASH_MD5[md5]
              HASH_MD4[openssl]
  prf:        PRF_KEYED_SHA1[sha1] PRF_HMAC_MD5[openssl] PRF_HMAC_SHA1[openssl] PRF_HMAC_SHA2_256[openssl]
              PRF_HMAC_SHA2_384[openssl] PRF_HMAC_SHA2_512[openssl] PRF_FIPS_SHA1_160[fips-prf] PRF_AES128_XCBC[xcbc]
              PRF_CAMELLIA128_XCBC[xcbc]
  dh-group:   MODP_2048[openssl] MODP_2048_224[openssl] MODP_2048_256[openssl] MODP_1536[openssl] MODP_3072[openssl]
              MODP_4096[openssl] MODP_6144[openssl] MODP_8192[openssl] MODP_1024[openssl] MODP_1024_160[openssl]
              MODP_768[openssl] MODP_CUSTOM[openssl] ECP_256[openssl] ECP_384[openssl] ECP_521[openssl] ECP_224[openssl]
              ECP_192[openssl] ECP_224_BP[openssl] ECP_256_BP[openssl] ECP_384_BP[openssl] ECP_512_BP[openssl]
  random-gen: RNG_WEAK[openssl] RNG_STRONG[random] RNG_TRUE[random]
  nonce-gen:  [nonce]

List of loaded Plugins:

charon:
    CUSTOM:libcharon
        NONCE_GEN
        CUSTOM:libcharon-receiver
        CUSTOM:kernel-ipsec
        CUSTOM:kernel-net
    CUSTOM:libcharon-receiver
        HASHER:HASH_SHA1
        RNG:RNG_STRONG
        CUSTOM:socket
aes:
    CRYPTER:AES_CBC-16
    CRYPTER:AES_CBC-24
    CRYPTER:AES_CBC-32
rc2:
    CRYPTER:RC2_CBC-0
sha1:
    HASHER:HASH_SHA1
    PRF:PRF_KEYED_SHA1
sha2:
    HASHER:HASH_SHA224
    HASHER:HASH_SHA256
    HASHER:HASH_SHA384
    HASHER:HASH_SHA512
md5:
    HASHER:HASH_MD5
random:
    RNG:RNG_STRONG
    RNG:RNG_TRUE
nonce:
    NONCE_GEN
        RNG:RNG_WEAK
x509:
    CERT_ENCODE:X509
        HASHER:HASH_SHA1
    CERT_DECODE:X509
        HASHER:HASH_SHA1
        PUBKEY:ANY
    CERT_ENCODE:X509_AC
    CERT_DECODE:X509_AC
    CERT_ENCODE:X509_CRL
    CERT_DECODE:X509_CRL
    CERT_ENCODE:X509_OCSP_REQUEST
        HASHER:HASH_SHA1
        RNG:RNG_WEAK
    CERT_DECODE:X509_OCSP_RESPONSE
    CERT_ENCODE:PKCS10_REQUEST
    CERT_DECODE:PKCS10_REQUEST
revocation:
    CUSTOM:revocation
        CERT_ENCODE:X509_OCSP_REQUEST (soft)
        CERT_DECODE:X509_OCSP_RESPONSE (soft)
        CERT_DECODE:X509_CRL (soft)
        CERT_DECODE:X509 (soft)
        FETCHER:(null) (soft)
constraints:
    CUSTOM:constraints
        CERT_DECODE:X509 (soft)
pubkey:
    CERT_ENCODE:TRUSTED_PUBKEY
    CERT_DECODE:TRUSTED_PUBKEY
        PUBKEY:RSA (soft)
        PUBKEY:ECDSA (soft)
        PUBKEY:DSA (soft)
pkcs1:
    PRIVKEY:RSA
    PUBKEY:ANY
        PUBKEY:RSA (soft)
        PUBKEY:ECDSA (soft)
        PUBKEY:DSA (soft)
    PUBKEY:RSA
pkcs7:
    CONTAINER_DECODE:PKCS7
    CONTAINER_ENCODE:PKCS7_DATA
    CONTAINER_ENCODE:PKCS7_SIGNED_DATA
    CONTAINER_ENCODE:PKCS7_ENVELOPED_DATA
pkcs8:
    PRIVKEY:ANY
    PRIVKEY:RSA
    PRIVKEY:ECDSA
pkcs12:
    CONTAINER_DECODE:PKCS12
        CONTAINER_DECODE:PKCS7
        CERT_DECODE:X509 (soft)
        PRIVKEY:ANY (soft)
        HASHER:HASH_SHA1 (soft)
        CRYPTER:3DES_CBC-24 (soft)
        CRYPTER:RC2_CBC-0 (soft)
pgp:
    PRIVKEY:ANY
    PRIVKEY:RSA
    PUBKEY:ANY
    PUBKEY:RSA
    CERT_DECODE:PGP
dnskey:
    PUBKEY:ANY
    PUBKEY:RSA
sshkey:
    PUBKEY:ANY
    CERT_DECODE:TRUSTED_PUBKEY
pem:
    PRIVKEY:ANY
        PRIVKEY:ANY
        HASHER:HASH_MD5 (soft)
    PRIVKEY:RSA
        PRIVKEY:RSA
        HASHER:HASH_MD5 (soft)
    PRIVKEY:ECDSA
        PRIVKEY:ECDSA
        HASHER:HASH_MD5 (soft)
    PRIVKEY:DSA (not loaded)
        PRIVKEY:DSA
        HASHER:HASH_MD5 (soft)
    PUBKEY:ANY
        PUBKEY:ANY
    PUBKEY:RSA
        PUBKEY:RSA
    PUBKEY:ECDSA
        PUBKEY:ECDSA
    PUBKEY:DSA (not loaded)
        PUBKEY:DSA
    CERT_DECODE:ANY
        CERT_DECODE:X509 (soft)
        CERT_DECODE:PGP (soft)
    CERT_DECODE:X509
        CERT_DECODE:X509
    CERT_DECODE:X509_CRL
        CERT_DECODE:X509_CRL
    CERT_DECODE:X509_OCSP_REQUEST (not loaded)
        CERT_DECODE:X509_OCSP_REQUEST
    CERT_DECODE:X509_OCSP_RESPONSE
        CERT_DECODE:X509_OCSP_RESPONSE
    CERT_DECODE:X509_AC
        CERT_DECODE:X509_AC
    CERT_DECODE:PKCS10_REQUEST
        CERT_DECODE:PKCS10_REQUEST
    CERT_DECODE:TRUSTED_PUBKEY
        CERT_DECODE:TRUSTED_PUBKEY
    CERT_DECODE:PGP
        CERT_DECODE:PGP
    CONTAINER_DECODE:PKCS12
        CONTAINER_DECODE:PKCS12
openssl:
    CUSTOM:openssl-threading
    CRYPTER:AES_CBC-16
    CRYPTER:AES_CBC-24
    CRYPTER:AES_CBC-32
    CRYPTER:CAMELLIA_CBC-16
    CRYPTER:CAMELLIA_CBC-24
    CRYPTER:CAMELLIA_CBC-32
    CRYPTER:CAST_CBC-0
    CRYPTER:BLOWFISH_CBC-0
    CRYPTER:3DES_CBC-24
    CRYPTER:DES_CBC-8
    CRYPTER:DES_ECB-8
    CRYPTER:NULL-0
    HASHER:HASH_MD4
    HASHER:HASH_MD5
    HASHER:HASH_SHA1
    HASHER:HASH_SHA224
    HASHER:HASH_SHA256
    HASHER:HASH_SHA384
    HASHER:HASH_SHA512
    PRF:PRF_KEYED_SHA1
    PRF:PRF_HMAC_MD5
    PRF:PRF_HMAC_SHA1
    PRF:PRF_HMAC_SHA2_256
    PRF:PRF_HMAC_SHA2_384
    PRF:PRF_HMAC_SHA2_512
    SIGNER:HMAC_MD5_96
    SIGNER:HMAC_MD5_128
    SIGNER:HMAC_SHA1_96
    SIGNER:HMAC_SHA1_128
    SIGNER:HMAC_SHA1_160
    SIGNER:HMAC_SHA2_256_128
    SIGNER:HMAC_SHA2_256_256
    SIGNER:HMAC_SHA2_384_192
    SIGNER:HMAC_SHA2_384_384
    SIGNER:HMAC_SHA2_512_256
    SIGNER:HMAC_SHA2_512_512
    AEAD:AES_GCM_8-16
    AEAD:AES_GCM_8-24
    AEAD:AES_GCM_8-32
    AEAD:AES_GCM_12-16
    AEAD:AES_GCM_12-24
    AEAD:AES_GCM_12-32
    AEAD:AES_GCM_16-16
    AEAD:AES_GCM_16-24
    AEAD:AES_GCM_16-32
    DH:MODP_2048
    DH:MODP_2048_224
    DH:MODP_2048_256
    DH:MODP_1536
    DH:MODP_3072
    DH:MODP_4096
    DH:MODP_6144
    DH:MODP_8192
    DH:MODP_1024
    DH:MODP_1024_160
    DH:MODP_768
    DH:MODP_CUSTOM
    PRIVKEY:RSA
    PRIVKEY:ANY
    PRIVKEY_GEN:RSA
    PUBKEY:RSA
    PUBKEY:ANY
    PRIVKEY_SIGN:RSA_EMSA_PKCS1_NULL
    PUBKEY_VERIFY:RSA_EMSA_PKCS1_NULL
    PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA1
    PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA1
    PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA224
    PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA256
    PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA224
    PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA256
    PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA384
    PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA512
    PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA384
    PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA512
    PRIVKEY_SIGN:RSA_EMSA_PKCS1_MD5
    PUBKEY_VERIFY:RSA_EMSA_PKCS1_MD5
    PRIVKEY_DECRYPT:ENCRYPT_RSA_PKCS1
    PUBKEY_ENCRYPT:ENCRYPT_RSA_PKCS1
    CERT_DECODE:X509
        PUBKEY:RSA (soft)
        PUBKEY:ECDSA (soft)
        PUBKEY:DSA (soft)
    CERT_DECODE:X509_CRL
    CONTAINER_DECODE:PKCS7
    CONTAINER_DECODE:PKCS12
    DH:ECP_256
    DH:ECP_384
    DH:ECP_521
    DH:ECP_224
    DH:ECP_192
    DH:ECP_224_BP
    DH:ECP_256_BP
    DH:ECP_384_BP
    DH:ECP_512_BP
    PRIVKEY:ECDSA
    PRIVKEY_GEN:ECDSA
    PUBKEY:ECDSA
    PRIVKEY_SIGN:ECDSA_WITH_NULL
    PUBKEY_VERIFY:ECDSA_WITH_NULL
    PRIVKEY_SIGN:ECDSA_WITH_SHA1_DER
    PUBKEY_VERIFY:ECDSA_WITH_SHA1_DER
    PRIVKEY_SIGN:ECDSA_WITH_SHA256_DER
    PUBKEY_VERIFY:ECDSA_WITH_SHA256_DER
    PRIVKEY_SIGN:ECDSA-256
    PUBKEY_VERIFY:ECDSA-256
    PRIVKEY_SIGN:ECDSA_WITH_SHA384_DER
    PRIVKEY_SIGN:ECDSA_WITH_SHA512_DER
    PUBKEY_VERIFY:ECDSA_WITH_SHA384_DER
    PUBKEY_VERIFY:ECDSA_WITH_SHA512_DER
    PRIVKEY_SIGN:ECDSA-384
    PRIVKEY_SIGN:ECDSA-521
    PUBKEY_VERIFY:ECDSA-384
    PUBKEY_VERIFY:ECDSA-521
    RNG:RNG_STRONG
    RNG:RNG_WEAK
fips-prf:
    PRF:PRF_FIPS_SHA1_160
        PRF:PRF_KEYED_SHA1
gmp:
    DH:MODP_2048
        RNG:RNG_STRONG
    DH:MODP_2048_224
        RNG:RNG_STRONG
    DH:MODP_2048_256
        RNG:RNG_STRONG
    DH:MODP_1536
        RNG:RNG_STRONG
    DH:MODP_3072
        RNG:RNG_STRONG
    DH:MODP_4096
        RNG:RNG_STRONG
    DH:MODP_6144
        RNG:RNG_STRONG
    DH:MODP_8192
        RNG:RNG_STRONG
    DH:MODP_1024
        RNG:RNG_STRONG
    DH:MODP_1024_160
        RNG:RNG_STRONG
    DH:MODP_768
        RNG:RNG_STRONG
    DH:MODP_CUSTOM
        RNG:RNG_STRONG
    PRIVKEY:RSA
    PRIVKEY_GEN:RSA
        RNG:RNG_TRUE
    PUBKEY:RSA
    PRIVKEY_SIGN:RSA_EMSA_PKCS1_NULL
    PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA1
        HASHER:HASH_SHA1
    PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA224
        HASHER:HASH_SHA224
    PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA256
        HASHER:HASH_SHA256
    PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA384
        HASHER:HASH_SHA384
    PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA512
        HASHER:HASH_SHA512
    PRIVKEY_SIGN:RSA_EMSA_PKCS1_MD5
        HASHER:HASH_MD5
    PUBKEY_VERIFY:RSA_EMSA_PKCS1_NULL
    PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA1
        HASHER:HASH_SHA1
    PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA224
        HASHER:HASH_SHA224
    PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA256
        HASHER:HASH_SHA256
    PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA384
        HASHER:HASH_SHA384
    PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA512
        HASHER:HASH_SHA512
    PUBKEY_VERIFY:RSA_EMSA_PKCS1_MD5
        HASHER:HASH_MD5
    PRIVKEY_DECRYPT:ENCRYPT_RSA_PKCS1
    PUBKEY_ENCRYPT:ENCRYPT_RSA_PKCS1
        RNG:RNG_WEAK
agent:
    PRIVKEY:ANY
    PRIVKEY:RSA
    PRIVKEY:ECDSA
xcbc:
    PRF:PRF_AES128_XCBC
        CRYPTER:AES_CBC-16
    PRF:PRF_CAMELLIA128_XCBC
        CRYPTER:CAMELLIA_CBC-16
    SIGNER:CAMELLIA_XCBC_96
        CRYPTER:CAMELLIA_CBC-16
    SIGNER:AES_XCBC_96
        CRYPTER:AES_CBC-16
hmac:
    PRF:PRF_HMAC_SHA1
        HASHER:HASH_SHA1
    PRF:PRF_HMAC_MD5
        HASHER:HASH_MD5
    PRF:PRF_HMAC_SHA2_256
        HASHER:HASH_SHA256
    PRF:PRF_HMAC_SHA2_384
        HASHER:HASH_SHA384
    PRF:PRF_HMAC_SHA2_512
        HASHER:HASH_SHA512
    SIGNER:HMAC_SHA1_96
        HASHER:HASH_SHA1
    SIGNER:HMAC_SHA1_128
        HASHER:HASH_SHA1
    SIGNER:HMAC_SHA1_160
        HASHER:HASH_SHA1
    SIGNER:HMAC_MD5_96
        HASHER:HASH_MD5
    SIGNER:HMAC_MD5_128
        HASHER:HASH_MD5
    SIGNER:HMAC_SHA2_256_128
        HASHER:HASH_SHA256
    SIGNER:HMAC_SHA2_256_256
        HASHER:HASH_SHA256
    SIGNER:HMAC_SHA2_384_192
        HASHER:HASH_SHA384
    SIGNER:HMAC_SHA2_384_384
        HASHER:HASH_SHA384
    SIGNER:HMAC_SHA2_512_256
        HASHER:HASH_SHA512
    SIGNER:HMAC_SHA2_512_512
        HASHER:HASH_SHA512
gcm:
    AEAD:AES_GCM_8-16
        CRYPTER:AES_CBC-16
    AEAD:AES_GCM_8-24
        CRYPTER:AES_CBC-24
    AEAD:AES_GCM_8-32
        CRYPTER:AES_CBC-32
    AEAD:AES_GCM_12-16
        CRYPTER:AES_CBC-16
    AEAD:AES_GCM_12-24
        CRYPTER:AES_CBC-24
    AEAD:AES_GCM_12-32
        CRYPTER:AES_CBC-32
    AEAD:AES_GCM_16-16
        CRYPTER:AES_CBC-16
    AEAD:AES_GCM_16-24
        CRYPTER:AES_CBC-24
    AEAD:AES_GCM_16-32
        CRYPTER:AES_CBC-32
attr:
    CUSTOM:attr
kernel-netlink:
    CUSTOM:kernel-ipsec
    CUSTOM:kernel-net
resolve:
    CUSTOM:resolve
socket-default:
    CUSTOM:socket
        CUSTOM:kernel-ipsec (soft)
farp:
    CUSTOM:farp
stroke:
    CUSTOM:stroke
        PRIVKEY:RSA (soft)
        PRIVKEY:ECDSA (soft)
        PRIVKEY:DSA (soft)
        CERT_DECODE:ANY (soft)
        CERT_DECODE:X509 (soft)
        CERT_DECODE:X509_CRL (soft)
        CERT_DECODE:X509_AC (soft)
        CERT_DECODE:TRUSTED_PUBKEY (soft)
updown:
    CUSTOM:updown
eap-identity:
    EAP_SERVER:ID
    EAP_CLIENT:ID
eap-aka:
    CUSTOM:aka-manager
    EAP_SERVER:AKA
        RNG:RNG_WEAK
        HASHER:HASH_SHA1
        PRF:PRF_FIPS_SHA1_160
        SIGNER:HMAC_SHA1_128
        CRYPTER:AES_CBC-16
    EAP_CLIENT:AKA
        RNG:RNG_WEAK
        HASHER:HASH_SHA1
        PRF:PRF_FIPS_SHA1_160
        SIGNER:HMAC_SHA1_128
        CRYPTER:AES_CBC-16
eap-md5:
    EAP_SERVER:MD5
        HASHER:HASH_MD5
        RNG:RNG_WEAK
    EAP_CLIENT:MD5
        HASHER:HASH_MD5
        RNG:RNG_WEAK
eap-gtc:
    EAP_SERVER:GTC
    EAP_CLIENT:GTC
eap-mschapv2:
    EAP_SERVER:MSCHAPV2
        CRYPTER:DES_ECB-8
        HASHER:HASH_MD4
        HASHER:HASH_SHA1
        RNG:RNG_WEAK
    EAP_CLIENT:MSCHAPV2
        CRYPTER:DES_ECB-8
        HASHER:HASH_MD4
        HASHER:HASH_SHA1
        RNG:RNG_WEAK
eap-radius:
    EAP_SERVER:RAD
        CUSTOM:eap-radius
    XAUTH_SERVER:radius
        CUSTOM:eap-radius
    CUSTOM:eap-radius
        HASHER:HASH_MD5
        SIGNER:HMAC_MD5_128
        RNG:RNG_WEAK
eap-tls:
    EAP_SERVER:TLS
        HASHER:HASH_MD5
        HASHER:HASH_SHA1
        RNG:RNG_WEAK
    EAP_CLIENT:TLS
        HASHER:HASH_MD5
        HASHER:HASH_SHA1
        RNG:RNG_WEAK
        RNG:RNG_STRONG
eap-ttls:
    EAP_SERVER:TTLS
        EAP_SERVER:ID
        HASHER:HASH_MD5
        HASHER:HASH_SHA1
        RNG:RNG_WEAK
    EAP_CLIENT:TTLS
        EAP_CLIENT:ID
        HASHER:HASH_MD5
        HASHER:HASH_SHA1
        RNG:RNG_WEAK
        RNG:RNG_STRONG
eap-tnc:
    EAP_SERVER:TNC
        EAP_SERVER:TTLS
        CUSTOM:tnccs-manager
    EAP_CLIENT:TNC
        EAP_CLIENT:TTLS
        CUSTOM:tnccs-manager
    EAP_SERVER:PT
        EAP_SERVER:TTLS
        CUSTOM:tnccs-manager
    EAP_CLIENT:PT
        EAP_CLIENT:TTLS
        CUSTOM:tnccs-manager
xauth-generic:
    XAUTH_SERVER:generic
    XAUTH_CLIENT:generic
xauth-eap:
    XAUTH_SERVER:eap
xauth-pam:
    XAUTH_SERVER:pam
tnc-tnccs:
    CUSTOM:tnccs-manager
dhcp:
    CUSTOM:dhcp
        RNG:RNG_WEAK
lookip:
    CUSTOM:lookip
error-notify:
    CUSTOM:error-notify
certexpire:
    CUSTOM:certexpire
led:
    CUSTOM:led
addrblock:
    CUSTOM:addrblock
        CERT_DECODE:X509 (soft)
unity:
    CUSTOM:unity
root@r-22-QA:/etc/ipsec.d#

Posted by at No comments:
Subscribe to: Posts (Atom)