Networkmanager, plasma et L2TP/IPSec [Réglé]
squid-f Membre non connecté
-
- Voir le profil du membre squid-f
- Inscrit le : 03/04/2016
- Groupes :
-
Membre d'Honneur
Reprise du message précédent
Pourtant, dig trouve mageialinux-onlinesi tu gardes une console ouverte avec la commande :
Code BASH :
journalctl -fpuis, en étant connecté au VPN, tu vas d'abord sur bing.com pour sur https://www.mageialinux-online.org/mlo/
quels sont les messages qui apparaissent dans la console ? Ou, y en a-t-il ?
A+
babs3 Membre non connecté
-
- Voir le profil du membre babs3
- Inscrit le : 22/05/2013
- Groupes :
Je n'ai uniquement cela qui apparait à l'activation du VPN via journalctl -f :
janv. 03 15:25:45 localhost.localdomain kded5[1982]: plasma-nm: Unhandled VPN connection state change: 3
janv. 03 15:25:46 localhost.localdomain kded5[1982]: plasma-nm: Unhandled VPN connection state change: 4
Ensuite il n'y a rien tant en allant sur bing.com (qui marche) que https://www.mageialinux-online.org/mlo/ qui ne fonctionne pas.
Jacques
squid-f Membre non connecté
-
- Voir le profil du membre squid-f
- Inscrit le : 03/04/2016
- Groupes :
-
Membre d'Honneur
Code BASH :
dig bing.comCode BASH :
dig mageialinux-online.orgsquid-f Membre non connecté
-
- Voir le profil du membre squid-f
- Inscrit le : 03/04/2016
- Groupes :
-
Membre d'Honneur
A+
babs3 Membre non connecté
-
- Voir le profil du membre babs3
- Inscrit le : 22/05/2013
- Groupes :
dig bing.com
; <<>> DiG 9.11.37Mageia-1.1.mga8 <<>> bing.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27988
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1472
;; QUESTION SECTION:
;bing.com. IN A
;; ANSWER SECTION:
bing.com. 2177 IN A 13.107.21.200
bing.com. 2177 IN A 204.79.197.200
;; Query time: 9 msec
;; SERVER: 192.168.1.254#53(192.168.1.254)
;; WHEN: mar. janv. 03 15:57:55 CET 2023
;; MSG SIZE rcvd: 69
dig mageialinux-online.org
; <<>> DiG 9.11.37Mageia-1.1.mga8 <<>> mageialinux-online.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61837
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;mageialinux-online.org. IN A
;; ANSWER SECTION:
mageialinux-online.org. 1840 IN A 80.247.225.3
;; Query time: 6 msec
;; SERVER: 192.168.1.254#53(192.168.1.254)
;; WHEN: mar. janv. 03 15:58:23 CET 2023
;; MSG SIZE rcvd: 67
A noter sur les conseils du sysadmin de l'entreprise :
mtr 8.8.8.8 192.168.8.254 -rznc1 -T -P53
Start: 2023-01-03T15:59:12+0100
HOST: localhost.localdomain Loss% Snt Last Avg Best Wrst StDev
1. AS15169 8.8.8.8 0.0% 1 0.2 0.2 0.2 0.2 0.0
Start: 2023-01-03T15:59:19+0100
HOST: localhost.localdomain Loss% Snt Last Avg Best Wrst StDev
1. AS??? 192.168.8.254 0.0% 1 0.1 0.1 0.1 0.1 0.0
et sa réaction "Je ne comprends même pas comment on peut avoir ce résultat via mtr: c'est comme s'il n'y avait aucun routeur entre toi et la destination et que celle-ci répondait en moins de 0.1ms, ce qui est impossible. Il y a probablement quelque chose qui ne fonctionne pas au niveau de ton client VPN"
En root, avec VPN :
mtr -4 bing.com
mtr: Permission denied
mtr bing.com
cela marche et cela donne la même chose que sans le VPN avec des ip v6.
C'est comme si avec le VPN activé, il fait passer une partie du traffic en dehors du VPN en ip v6.
mtr mageialinux-online.org
mtr: Permission denied
[root@localhost jacques]# mtr -4 mageialinux-online.org
mtr: Permission denied
Sans VPN :
mtr -6 mageialinux-online.org
mtr: Failed to resolve host: mageialinux-online.org: Name or service not known
mtr -4 mageialinux-online.org fonctionne
Jacques
Édité par babs3 Le 03/01/2023 à 16h08
squid-f Membre non connecté
-
- Voir le profil du membre squid-f
- Inscrit le : 03/04/2016
- Groupes :
-
Membre d'Honneur
Edit: tu as un cache DNS d'installé du type unbound ou dnsmasq ?
babs3 Membre non connecté
-
- Voir le profil du membre babs3
- Inscrit le : 22/05/2013
- Groupes :
squid-f :
Et si tu désactives IPv6 pour le VPN dans NetworkManager ?
Edit: tu as un cache DNS d'installé du type unbound ou dnsmasq ?
Edit: tu as un cache DNS d'installé du type unbound ou dnsmasq ?
Comment désactive-ton IPv6 ?
J'ai vu sur la config que l'on pouvait activer "IPv4 est requis pour cette connexion". Je l'ai fait pour le VPN et je l'ai fait ensuite aussi pour la connection wifi freebox.
Ensuite à chaque fois bing est accessible et un mtr bing.com passe par des ipv6.
A noter si je passe par la connexion cellulaire orange intégrée au portable, alors que cela marche sans le VPN :
mtr bing.com
mtr: Failed to resolve host: bing.com: Name or service not known
Jacques
Pour le DNS j'ai une magiea de base. Comment fois si il y a un cache DNS ?
rpm -qa|grep unbound
lib64unbound8-1.16.3-1.mga8
rien pour dnsmasq
Édité par babs3 Le 03/01/2023 à 16h18
babs3 Membre non connecté
-
- Voir le profil du membre babs3
- Inscrit le : 22/05/2013
- Groupes :
Jacques
squid-f Membre non connecté
-
- Voir le profil du membre squid-f
- Inscrit le : 03/04/2016
- Groupes :
-
Membre d'Honneur
squid-f :
Pour regarder une autre piste, celle de libreswan, pourrais-tu poster le csystemctl status unboundontenu du fichier /etc/ipsec.conf
A+
A+
Entretemps, j'avais eu l'idée ci-dessus
Pour vérifier que unbound n'est pas activé :
Code BASH :
systemctl status unbound
Pour désactiver IPv6, clic de droit sur l'applet NM > Configurer les connexions réseau...> Sélectionner ta connexion VPN> Onglet IPv6> Méthode=Ignoré
A+
babs3 Membre non connecté
-
- Voir le profil du membre babs3
- Inscrit le : 22/05/2013
- Groupes :
Le fichier est plutot vide :
cat /etc/ipsec.conf
Caché :
# if it exists, include system wide crypto-policy defaults
include /etc/crypto-policies/back-ends/libreswan.config
# It is best to add your IPsec connections as separate files
# in /etc/ipsec.d/
include /etc/ipsec.d/*.conf
[root@localhost tmp]# cat /etc/ipsec.conf
# /etc/ipsec.conf - Libreswan 4.0 configuration file
#
# see 'man ipsec.conf' and 'man pluto' for more information
#
# For example configurations and documentation, see https://libreswan.org/wiki/
config setup
# If logfile= is unset, syslog is used to send log messages too.
# Note that on busy VPN servers, the amount of logging can trigger
# syslogd (or journald) to rate limit messages.
#logfile=/var/log/pluto.log
#
# Debugging should only be used to find bugs, not configuration issues!
# "base" regular debug, "tmi" is excessive (!) and "private" will log
# sensitive key material (not available in FIPS mode). The "cpu-usage"
# value logs timing information and should not be used with other
# debug options as it will defeat getting accurate timing information.
# Default is "none"
# plutodebug="base"
# plutodebug="tmi"
#plutodebug="none"
#
# Some machines use a DNS resolver on localhost with broken DNSSEC
# support. This can be tested using the command:
# dig +dnssec DNSnameOfRemoveServer
# If that fails but omitting '+dnssec' works, the system's resolver is
# broken and you might need to disable DNSSEC.
# dnssec-enable=no
#
# To enable IKE and IPsec over TCP for VPN server. Requires at least
# Linux 5.7 kernel or a kernel with TCP backport (like RHEL8 4.18.0-291)
# listen-tcp=yes
# To enable IKE and IPsec over TCP for VPN client, also specify
# tcp-remote-port=4500 in the client's conn section.
# if it exists, include system wide crypto-policy defaults
include /etc/crypto-policies/back-ends/libreswan.config
# It is best to add your IPsec connections as separate files
# in /etc/ipsec.d/
include /etc/ipsec.d/*.conf
# if it exists, include system wide crypto-policy defaults
include /etc/crypto-policies/back-ends/libreswan.config
# It is best to add your IPsec connections as separate files
# in /etc/ipsec.d/
include /etc/ipsec.d/*.conf
[root@localhost tmp]# cat /etc/ipsec.conf
# /etc/ipsec.conf - Libreswan 4.0 configuration file
#
# see 'man ipsec.conf' and 'man pluto' for more information
#
# For example configurations and documentation, see https://libreswan.org/wiki/
config setup
# If logfile= is unset, syslog is used to send log messages too.
# Note that on busy VPN servers, the amount of logging can trigger
# syslogd (or journald) to rate limit messages.
#logfile=/var/log/pluto.log
#
# Debugging should only be used to find bugs, not configuration issues!
# "base" regular debug, "tmi" is excessive (!) and "private" will log
# sensitive key material (not available in FIPS mode). The "cpu-usage"
# value logs timing information and should not be used with other
# debug options as it will defeat getting accurate timing information.
# Default is "none"
# plutodebug="base"
# plutodebug="tmi"
#plutodebug="none"
#
# Some machines use a DNS resolver on localhost with broken DNSSEC
# support. This can be tested using the command:
# dig +dnssec DNSnameOfRemoveServer
# If that fails but omitting '+dnssec' works, the system's resolver is
# broken and you might need to disable DNSSEC.
# dnssec-enable=no
#
# To enable IKE and IPsec over TCP for VPN server. Requires at least
# Linux 5.7 kernel or a kernel with TCP backport (like RHEL8 4.18.0-291)
# listen-tcp=yes
# To enable IKE and IPsec over TCP for VPN client, also specify
# tcp-remote-port=4500 in the client's conn section.
# if it exists, include system wide crypto-policy defaults
include /etc/crypto-policies/back-ends/libreswan.config
# It is best to add your IPsec connections as separate files
# in /etc/ipsec.d/
include /etc/ipsec.d/*.conf
Sinon on trouve :
/etc/ipsec.d/ipsec.nm-l2tp.secrets
/etc/ipsec.d/policies/ les fichiers :
block clear-or-private private
clear portexcludes.conf private-or-clear
systemctl status unbound
Unit unbound.service could not be found
Et pour ipv6 il n'y a pas d'onglet ipv6 pour les VPN.
Il y a un onglet sur ma connexion wifi par contre.
Si je fais methode "ignoré" sur l'onglet ipv6 pour la connexion wifi il me fait quand même un mtr bing.com avec des l'ipv6 sans le VPN et avec VPN.
Édité par babs3 Le 03/01/2023 à 18h06
squid-f Membre non connecté
-
- Voir le profil du membre squid-f
- Inscrit le : 03/04/2016
- Groupes :
-
Membre d'Honneur
Que retournent :
Code BASH :
systemctl status ipsec
Code BASH :
journalctl -u ipsecCode BASH :
(en espérant que pluto.log ne soit pas trop gros...)cat /var/log/pluto.log
A+
babs3 Membre non connecté
-
- Voir le profil du membre babs3
- Inscrit le : 22/05/2013
- Groupes :
systemctl status ipsec
Caché :
● ipsec.service - Internet Key Exchange (IKE) Protocol Daemon for IPsec
Loaded: loaded (/usr/lib/systemd/system/ipsec.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2023-01-03 17:49:46 CET; 1h 5min ago
Docs: man:ipsec(8)
man:pluto(8)
man:ipsec.conf(5)
Process: 71887 ExecStartPre=/usr/libexec/ipsec/addconn --config /etc/ipsec.conf --checkconfig (code=ex>
Process: 71888 ExecStartPre=/usr/libexec/ipsec/_stackmanager start (code=exited, status=0/SUCCESS)
Process: 72131 ExecStartPre=/usr/sbin/ipsec --checknss (code=exited, status=0/SUCCESS)
Process: 72132 ExecStartPre=/usr/sbin/ipsec --checknflog (code=exited, status=0/SUCCESS)
Main PID: 72143 (pluto)
Status: "Startup completed."
Tasks: 8 (limit: 18961)
Memory: 3.8M
CPU: 704ms
CGroup: /system.slice/ipsec.service
└─72143 /usr/libexec/ipsec/pluto --leak-detective --config /etc/ipsec.conf --nofork
janv. 03 17:49:47 localhost.localdomain pluto[72143]: netlink_acquire got message with length 60 < 232 byt>
janv. 03 17:49:47 localhost.localdomain pluto[72143]: netlink_acquire got message with length 60 < 232 byt>
janv. 03 17:49:47 localhost.localdomain pluto[72143]: netlink_acquire got message with length 60 < 232 byt>
janv. 03 17:49:47 localhost.localdomain pluto[72143]: netlink_acquire got message with length 68 < 232 byt>
janv. 03 17:49:47 localhost.localdomain pluto[72143]: netlink_acquire got message with length 52 < 232 byt>
janv. 03 17:49:47 localhost.localdomain pluto[72143]: netlink_acquire got message with length 68 < 232 byt>
janv. 03 17:50:34 localhost.localdomain pluto[72143]: "f2ccfd79-5d0e-43e2-8fb2-0f759fe634cf": terminating >
janv. 03 17:50:34 localhost.localdomain pluto[72143]: "f2ccfd79-5d0e-43e2-8fb2-0f759fe634cf" #2: deleting >
janv. 03 17:50:34 localhost.localdomain pluto[72143]: "f2ccfd79-5d0e-43e2-8fb2-0f759fe634cf" #2: ESP traff>
janv. 03 17:50:34 localhost.localdomain pluto[72143]: "f2ccfd79-5d0e-43e2-8fb2-0f759fe634cf" #1: deleting >
● ipsec.service - Internet Key Exchange (IKE) Protocol Daemon for IPsec
Loaded: loaded (/usr/lib/systemd/system/ipsec.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2023-01-03 17:49:46 CET; 1h 5min ago
Docs: man:ipsec(8)
man:pluto(8)
man:ipsec.conf(5)
Process: 71887 ExecStartPre=/usr/libexec/ipsec/addconn --config /etc/ipsec.conf --checkconfig (code=ex>
Process: 71888 ExecStartPre=/usr/libexec/ipsec/_stackmanager start (code=exited, status=0/SUCCESS)
Process: 72131 ExecStartPre=/usr/sbin/ipsec --checknss (code=exited, status=0/SUCCESS)
Process: 72132 ExecStartPre=/usr/sbin/ipsec --checknflog (code=exited, status=0/SUCCESS)
Main PID: 72143 (pluto)
Status: "Startup completed."
Tasks: 8 (limit: 18961)
Memory: 3.8M
CPU: 704ms
CGroup: /system.slice/ipsec.service
└─72143 /usr/libexec/ipsec/pluto --leak-detective --config /etc/ipsec.conf --nofork
janv. 03 17:49:47 localhost.localdomain pluto[72143]: netlink_acquire got message with length 60 < 232 byt>
janv. 03 17:49:47 localhost.localdomain pluto[72143]: netlink_acquire got message with length 60 < 232 byt>
janv. 03 17:49:47 localhost.localdomain pluto[72143]: netlink_acquire got message with length 60 < 232 byt>
janv. 03 17:49:47 localhost.localdomain pluto[72143]: netlink_acquire got message with length 68 < 232 byt>
janv. 03 17:49:47 localhost.localdomain pluto[72143]: netlink_acquire got message with length 52 < 232 byt>
janv. 03 17:49:47 localhost.localdomain pluto[72143]: netlink_acquire got message with length 68 < 232 byt>
janv. 03 17:50:34 localhost.localdomain pluto[72143]: "f2ccfd79-5d0e-43e2-8fb2-0f759fe634cf": terminating >
janv. 03 17:50:34 localhost.localdomain pluto[72143]: "f2ccfd79-5d0e-43e2-8fb2-0f759fe634cf" #2: deleting >
janv. 03 17:50:34 localhost.localdomain pluto[72143]: "f2ccfd79-5d0e-43e2-8fb2-0f759fe634cf" #2: ESP traff>
janv. 03 17:50:34 localhost.localdomain pluto[72143]: "f2ccfd79-5d0e-43e2-8fb2-0f759fe634cf" #1: deleting >
journalctl -u ipsec
C'est très gros aussi je n'ai mis que la fin après activation du VPN :
Caché :
-- Logs begin at Thu 2022-10-27 21:13:14 CEST, end at Tue 2023-01-03 18:56:33 CET. --
(...)
janv. 03 19:00:52 localhost.localdomain systemd[1]: Stopping Internet Key Exchange (IKE) Protocol Daemon for IPsec...
janv. 03 19:00:52 localhost.localdomain pluto[75903]: shutting down
janv. 03 19:00:52 localhost.localdomain pluto[75903]: forgetting secrets
janv. 03 19:00:52 localhost.localdomain whack[76078]: 002 shutting down
janv. 03 19:00:52 localhost.localdomain pluto[75903]: shutting down interface wlo1 [2a01:e0a:13a:73f0:ba9a:2aff:fefc:7bb9]:500
janv. 03 19:00:52 localhost.localdomain pluto[75903]: shutting down interface lo [::1]:500
janv. 03 19:00:52 localhost.localdomain pluto[75903]: shutting down interface lo 127.0.0.1:4500
janv. 03 19:00:52 localhost.localdomain pluto[75903]: shutting down interface lo 127.0.0.1:500
janv. 03 19:00:52 localhost.localdomain pluto[75903]: shutting down interface wlo1 192.168.1.100:4500
janv. 03 19:00:52 localhost.localdomain pluto[75903]: shutting down interface wlo1 192.168.1.100:500
janv. 03 19:00:52 localhost.localdomain pluto[75903]: leak detective found no leaks
janv. 03 19:00:52 localhost.localdomain systemd[1]: ipsec.service: Succeeded.
janv. 03 19:00:52 localhost.localdomain systemd[1]: Stopped Internet Key Exchange (IKE) Protocol Daemon for IPsec.
janv. 03 19:00:52 localhost.localdomain systemd[1]: Starting Internet Key Exchange (IKE) Protocol Daemon for IPsec...
janv. 03 19:00:53 localhost.localdomain ipsec[76334]: nflog ipsec capture disabled
janv. 03 19:00:53 localhost.localdomain pluto[76345]: Initializing NSS using read-write database "sql:/var/lib/ipsec/nss"
janv. 03 19:00:53 localhost.localdomain pluto[76345]: FIPS Mode: NO
janv. 03 19:00:53 localhost.localdomain pluto[76345]: NSS crypto library initialized
janv. 03 19:00:53 localhost.localdomain pluto[76345]: FIPS mode disabled for pluto daemon
janv. 03 19:00:53 localhost.localdomain pluto[76345]: FIPS HMAC integrity support [disabled]
janv. 03 19:00:53 localhost.localdomain pluto[76345]: libcap-ng support [enabled]
janv. 03 19:00:53 localhost.localdomain pluto[76345]: Linux audit support [enabled]
janv. 03 19:00:53 localhost.localdomain pluto[76345]: Warning: kernel has no audit support
janv. 03 19:00:53 localhost.localdomain pluto[76345]: Starting Pluto (Libreswan Version 4.6 IKEv2 IKEv1 XFRM XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (NSS-PRF) DNSSEC SYSTEMD_WATCHDOG LABELED_IPSEC (SELINUX) S>
janv. 03 19:00:53 localhost.localdomain pluto[76345]: core dump dir: /run/pluto
janv. 03 19:00:53 localhost.localdomain pluto[76345]: secrets file: /etc/ipsec.secrets
janv. 03 19:00:53 localhost.localdomain pluto[76345]: leak-detective enabled
janv. 03 19:00:53 localhost.localdomain pluto[76345]: NSS crypto [enabled]
janv. 03 19:00:53 localhost.localdomain pluto[76345]: XAUTH PAM support [enabled]
janv. 03 19:00:53 localhost.localdomain pluto[76345]: initializing libevent in pthreads mode: headers: 2.1.12-stable (2010c00); library: 2.1.12-stable (2010c00)
janv. 03 19:00:53 localhost.localdomain pluto[76345]: NAT-Traversal support [enabled]
janv. 03 19:00:53 localhost.localdomain pluto[76345]: Encryption algorithms:
janv. 03 19:00:53 localhost.localdomain pluto[76345]: AES_CCM_16 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm, aes_ccm_c
janv. 03 19:00:53 localhost.localdomain pluto[76345]: AES_CCM_12 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm_b
janv. 03 19:00:53 localhost.localdomain pluto[76345]: AES_CCM_8 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm_a
janv. 03 19:00:53 localhost.localdomain pluto[76345]: 3DES_CBC [*192] IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CBC) 3des
janv. 03 19:00:53 localhost.localdomain pluto[76345]: CAMELLIA_CTR {256,192,*128} IKEv1: ESP IKEv2: ESP
janv. 03 19:00:53 localhost.localdomain pluto[76345]: CAMELLIA_CBC {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP NSS(CBC) camellia
janv. 03 19:00:53 localhost.localdomain pluto[76345]: AES_GCM_16 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm, aes_gcm_c
janv. 03 19:00:53 localhost.localdomain pluto[76345]: AES_GCM_12 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm_b
janv. 03 19:00:53 localhost.localdomain pluto[76345]: AES_GCM_8 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm_a
janv. 03 19:00:53 localhost.localdomain pluto[76345]: AES_CTR {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CTR) aesctr
janv. 03 19:00:53 localhost.localdomain pluto[76345]: AES_CBC {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CBC) aes
janv. 03 19:00:53 localhost.localdomain pluto[76345]: NULL_AUTH_AES_GMAC {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_gmac
janv. 03 19:00:53 localhost.localdomain pluto[76345]: NULL [] IKEv1: ESP IKEv2: ESP
janv. 03 19:00:53 localhost.localdomain pluto[76345]: CHACHA20_POLY1305 [*256] IKEv1: IKEv2: IKE ESP NSS(AEAD) chacha20poly1305
janv. 03 19:00:53 localhost.localdomain pluto[76345]: Hash algorithms:
janv. 03 19:00:53 localhost.localdomain pluto[76345]: MD5 IKEv1: IKE IKEv2: NSS
janv. 03 19:00:53 localhost.localdomain pluto[76345]: SHA1 IKEv1: IKE IKEv2: IKE FIPS NSS sha
janv. 03 19:00:53 localhost.localdomain pluto[76345]: SHA2_256 IKEv1: IKE IKEv2: IKE FIPS NSS sha2, sha256
janv. 03 19:00:53 localhost.localdomain pluto[76345]: SHA2_384 IKEv1: IKE IKEv2: IKE FIPS NSS sha384
janv. 03 19:00:53 localhost.localdomain pluto[76345]: SHA2_512 IKEv1: IKE IKEv2: IKE FIPS NSS sha512
janv. 03 19:00:53 localhost.localdomain pluto[76345]: PRF algorithms:
janv. 03 19:00:53 localhost.localdomain pluto[76345]: HMAC_MD5 IKEv1: IKE IKEv2: IKE native(HMAC) md5
janv. 03 19:00:53 localhost.localdomain pluto[76345]: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS NSS sha, sha1
janv. 03 19:00:53 localhost.localdomain pluto[76345]: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS NSS sha2, sha256, sha2_256
janv. 03 19:00:53 localhost.localdomain pluto[76345]: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS NSS sha384, sha2_384
janv. 03 19:00:53 localhost.localdomain pluto[76345]: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS NSS sha512, sha2_512
janv. 03 19:00:53 localhost.localdomain pluto[76345]: AES_XCBC IKEv1: IKEv2: IKE native(XCBC) aes128_xcbc
janv. 03 19:00:53 localhost.localdomain pluto[76345]: Integrity algorithms:
janv. 03 19:00:53 localhost.localdomain pluto[76345]: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH native(HMAC) md5, hmac_md5
janv. 03 19:00:53 localhost.localdomain pluto[76345]: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha, sha1, sha1_96, hmac_sha1
janv. 03 19:00:53 localhost.localdomain pluto[76345]: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha512, sha2_512, sha2_512_256, hmac_sha2_512
janv. 03 19:00:53 localhost.localdomain pluto[76345]: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha384, sha2_384, sha2_384_192, hmac_sha2_384
janv. 03 19:00:53 localhost.localdomain pluto[76345]: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
janv. 03 19:00:53 localhost.localdomain pluto[76345]: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH
janv. 03 19:00:53 localhost.localdomain pluto[76345]: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96
janv. 03 19:00:53 localhost.localdomain pluto[76345]: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac
janv. 03 19:00:53 localhost.localdomain pluto[76345]: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null
janv. 03 19:00:53 localhost.localdomain pluto[76345]: DH algorithms:
janv. 03 19:00:53 localhost.localdomain pluto[76345]: NONE IKEv1: IKEv2: IKE ESP AH FIPS NSS(MODP) null, dh0
janv. 03 19:00:53 localhost.localdomain pluto[76345]: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH NSS(MODP) dh5
janv. 03 19:00:53 localhost.localdomain pluto[76345]: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh14
janv. 03 19:00:53 localhost.localdomain pluto[76345]: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh15
janv. 03 19:00:53 localhost.localdomain pluto[76345]: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh16
janv. 03 19:00:53 localhost.localdomain pluto[76345]: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh17
janv. 03 19:00:53 localhost.localdomain pluto[76345]: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh18
janv. 03 19:00:53 localhost.localdomain pluto[76345]: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_256, ecp256
janv. 03 19:00:53 localhost.localdomain pluto[76345]: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_384, ecp384
janv. 03 19:00:53 localhost.localdomain pluto[76345]: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_521, ecp521
janv. 03 19:00:53 localhost.localdomain pluto[76345]: DH31 IKEv1: IKE IKEv2: IKE ESP AH NSS(ECP) curve25519
janv. 03 19:00:53 localhost.localdomain pluto[76345]: testing CAMELLIA_CBC:
janv. 03 19:00:53 localhost.localdomain pluto[76345]: Camellia: 16 bytes with 128-bit key
janv. 03 19:00:53 localhost.localdomain pluto[76345]: Camellia: 16 bytes with 128-bit key
janv. 03 19:00:53 localhost.localdomain pluto[76345]: Camellia: 16 bytes with 256-bit key
janv. 03 19:00:53 localhost.localdomain pluto[76345]: Camellia: 16 bytes with 256-bit key
janv. 03 19:00:53 localhost.localdomain systemd[1]: Started Internet Key Exchange (IKE) Protocol Daemon for IPsec.
janv. 03 19:00:53 localhost.localdomain pluto[76345]: testing AES_GCM_16:
janv. 03 19:00:53 localhost.localdomain pluto[76345]: empty string
janv. 03 19:00:53 localhost.localdomain pluto[76345]: one block
janv. 03 19:00:53 localhost.localdomain pluto[76345]: two blocks
janv. 03 19:00:53 localhost.localdomain pluto[76345]: two blocks with associated data
janv. 03 19:00:53 localhost.localdomain pluto[76345]: testing AES_CTR:
janv. 03 19:00:53 localhost.localdomain pluto[76345]: Encrypting 16 octets using AES-CTR with 128-bit key
janv. 03 19:00:53 localhost.localdomain pluto[76345]: Encrypting 32 octets using AES-CTR with 128-bit key
janv. 03 19:00:53 localhost.localdomain pluto[76345]: Encrypting 36 octets using AES-CTR with 128-bit key
janv. 03 19:00:53 localhost.localdomain pluto[76345]: Encrypting 16 octets using AES-CTR with 192-bit key
janv. 03 19:00:53 localhost.localdomain pluto[76345]: Encrypting 32 octets using AES-CTR with 192-bit key
janv. 03 19:00:53 localhost.localdomain pluto[76345]: Encrypting 36 octets using AES-CTR with 192-bit key
janv. 03 19:00:53 localhost.localdomain pluto[76345]: Encrypting 16 octets using AES-CTR with 256-bit key
janv. 03 19:00:53 localhost.localdomain pluto[76345]: Encrypting 32 octets using AES-CTR with 256-bit key
janv. 03 19:00:53 localhost.localdomain pluto[76345]: Encrypting 36 octets using AES-CTR with 256-bit key
janv. 03 19:00:53 localhost.localdomain pluto[76345]: testing AES_CBC:
janv. 03 19:00:53 localhost.localdomain pluto[76345]: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
janv. 03 19:00:53 localhost.localdomain pluto[76345]: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
janv. 03 19:00:53 localhost.localdomain pluto[76345]: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
janv. 03 19:00:53 localhost.localdomain pluto[76345]: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
janv. 03 19:00:53 localhost.localdomain pluto[76345]: testing AES_XCBC:
janv. 03 19:00:53 localhost.localdomain pluto[76345]: RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input
janv. 03 19:00:53 localhost.localdomain pluto[76345]: RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input
janv. 03 19:00:53 localhost.localdomain pluto[76345]: RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input
janv. 03 19:00:53 localhost.localdomain pluto[76345]: RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input
janv. 03 19:00:53 localhost.localdomain pluto[76345]: RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input
janv. 03 19:00:53 localhost.localdomain pluto[76345]: RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input
janv. 03 19:00:53 localhost.localdomain pluto[76345]: RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input
janv. 03 19:00:53 localhost.localdomain pluto[76345]: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16)
janv. 03 19:00:53 localhost.localdomain pluto[76345]: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10)
janv. 03 19:00:53 localhost.localdomain pluto[76345]: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18)
janv. 03 19:00:53 localhost.localdomain pluto[76345]: testing HMAC_MD5:
janv. 03 19:00:53 localhost.localdomain pluto[76345]: RFC 2104: MD5_HMAC test 1
janv. 03 19:00:53 localhost.localdomain pluto[76345]: RFC 2104: MD5_HMAC test 2
janv. 03 19:00:53 localhost.localdomain pluto[76345]: RFC 2104: MD5_HMAC test 3
janv. 03 19:00:53 localhost.localdomain pluto[76345]: 8 CPU cores online
janv. 03 19:00:53 localhost.localdomain pluto[76345]: starting up 7 helper threads
janv. 03 19:00:53 localhost.localdomain pluto[76345]: started thread for helper 0
janv. 03 19:00:53 localhost.localdomain pluto[76345]: started thread for helper 1
janv. 03 19:00:53 localhost.localdomain pluto[76345]: started thread for helper 2
janv. 03 19:00:53 localhost.localdomain pluto[76345]: helper(2) seccomp security disabled for crypto helper 2
janv. 03 19:00:53 localhost.localdomain pluto[76345]: helper(1) seccomp security disabled for crypto helper 1
janv. 03 19:00:53 localhost.localdomain pluto[76345]: started thread for helper 3
janv. 03 19:00:53 localhost.localdomain pluto[76345]: helper(3) seccomp security disabled for crypto helper 3
janv. 03 19:00:53 localhost.localdomain pluto[76345]: helper(4) seccomp security disabled for crypto helper 4
janv. 03 19:00:53 localhost.localdomain pluto[76345]: started thread for helper 4
janv. 03 19:00:53 localhost.localdomain pluto[76345]: helper(5) seccomp security disabled for crypto helper 5
janv. 03 19:00:53 localhost.localdomain pluto[76345]: started thread for helper 5
janv. 03 19:00:53 localhost.localdomain pluto[76345]: helper(6) seccomp security disabled for crypto helper 6
janv. 03 19:00:53 localhost.localdomain pluto[76345]: started thread for helper 6
janv. 03 19:00:53 localhost.localdomain pluto[76345]: using Linux xfrm kernel support code on #1 SMP Thu Dec 8 21:42:04 UTC 2022
janv. 03 19:00:53 localhost.localdomain pluto[76345]: helper(7) seccomp security disabled for crypto helper 7
janv. 03 19:00:53 localhost.localdomain pluto[76345]: kernel: xfrm XFRM_MSG_UPDPOLICY for flow add port bypass(in) encountered unexpected policy
janv. 03 19:00:53 localhost.localdomain pluto[76345]: kernel: xfrm XFRM_MSG_UPDPOLICY for flow add port bypass(fwd) encountered unexpected policy
janv. 03 19:00:53 localhost.localdomain pluto[76345]: kernel: xfrm XFRM_MSG_UPDPOLICY for flow add port bypass(out) encountered unexpected policy
janv. 03 19:00:53 localhost.localdomain pluto[76345]: kernel: xfrm XFRM_MSG_UPDPOLICY for flow add port bypass(in) encountered unexpected policy
janv. 03 19:00:53 localhost.localdomain pluto[76345]: kernel: xfrm XFRM_MSG_UPDPOLICY for flow add port bypass(fwd) encountered unexpected policy
janv. 03 19:00:53 localhost.localdomain pluto[76345]: kernel: xfrm XFRM_MSG_UPDPOLICY for flow add port bypass(out) encountered unexpected policy
janv. 03 19:00:53 localhost.localdomain pluto[76345]: selinux support is NOT enabled.
janv. 03 19:00:53 localhost.localdomain pluto[76345]: systemd watchdog for ipsec service configured with timeout of 200000000 usecs
janv. 03 19:00:53 localhost.localdomain pluto[76345]: watchdog: sending probes every 100 secs
janv. 03 19:00:53 localhost.localdomain pluto[76345]: seccomp security disabled
janv. 03 19:00:53 localhost.localdomain pluto[76345]: listening for IKE messages
janv. 03 19:00:53 localhost.localdomain pluto[76345]: Kernel supports NIC esp-hw-offload
janv. 03 19:00:53 localhost.localdomain pluto[76345]: adding UDP interface wlo1 192.168.1.100:500
janv. 03 19:00:53 localhost.localdomain pluto[76345]: adding UDP interface wlo1 192.168.1.100:4500
janv. 03 19:00:53 localhost.localdomain pluto[76345]: adding UDP interface lo 127.0.0.1:500
janv. 03 19:00:53 localhost.localdomain pluto[76345]: adding UDP interface lo 127.0.0.1:4500
janv. 03 19:00:53 localhost.localdomain pluto[76345]: adding UDP interface lo [::1]:500
janv. 03 19:00:53 localhost.localdomain pluto[76345]: adding UDP interface wlo1 [2a01:e0a:13a:73f0:ba9a:2aff:fefc:7bb9]:500
janv. 03 19:00:53 localhost.localdomain pluto[76345]: loading secrets from "/etc/ipsec.secrets"
janv. 03 19:00:53 localhost.localdomain pluto[76345]: loading secrets from "/etc/ipsec.d/ipsec.nm-l2tp.secrets"
janv. 03 19:00:53 localhost.localdomain pluto[76345]: listening for IKE messages
janv. 03 19:00:53 localhost.localdomain pluto[76345]: forgetting secrets
janv. 03 19:00:53 localhost.localdomain pluto[76345]: loading secrets from "/etc/ipsec.secrets"
janv. 03 19:00:53 localhost.localdomain pluto[76345]: loading secrets from "/etc/ipsec.d/ipsec.nm-l2tp.secrets"
janv. 03 19:00:53 localhost.localdomain pluto[76345]: "f2ccfd79-5d0e-43e2-8fb2-0f759fe634cf": added IKEv1 connection
janv. 03 19:00:53 localhost.localdomain pluto[76345]: "f2ccfd79-5d0e-43e2-8fb2-0f759fe634cf" #1: initiating IKEv1 Main Mode connection
janv. 03 19:00:53 localhost.localdomain pluto[76345]: "f2ccfd79-5d0e-43e2-8fb2-0f759fe634cf" #1: sent Main Mode request
janv. 03 19:00:53 localhost.localdomain pluto[76345]: "f2ccfd79-5d0e-43e2-8fb2-0f759fe634cf" #1: WARNING: connection f2ccfd79-5d0e-43e2-8fb2-0f759fe634cf PSK length of 8 bytes is too short for HMAC_SHA2_256 PRF in FIPS mode (16 bytes r>
janv. 03 19:00:53 localhost.localdomain pluto[76345]: "f2ccfd79-5d0e-43e2-8fb2-0f759fe634cf" #1: sent Main Mode I2
janv. 03 19:00:53 localhost.localdomain pluto[76345]: "f2ccfd79-5d0e-43e2-8fb2-0f759fe634cf" #1: sent Main Mode I3
janv. 03 19:00:53 localhost.localdomain pluto[76345]: "f2ccfd79-5d0e-43e2-8fb2-0f759fe634cf" #1: Peer ID is ID_IPV4_ADDR: '147.78.144.136'
janv. 03 19:00:53 localhost.localdomain pluto[76345]: "f2ccfd79-5d0e-43e2-8fb2-0f759fe634cf" #1: IKE SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}
janv. 03 19:00:53 localhost.localdomain pluto[76345]: "f2ccfd79-5d0e-43e2-8fb2-0f759fe634cf" #2: initiating Quick Mode IKEv1+PSK+ENCRYPT+PFS+UP+IKE_FRAG_ALLOW+ESN_NO+ESN_YES {using isakmp#1 msgid:e9c02a5b proposal=AES_CBC_256-HMAC_SHA1>
janv. 03 19:00:53 localhost.localdomain pluto[76345]: "f2ccfd79-5d0e-43e2-8fb2-0f759fe634cf" #2: sent Quick Mode request
janv. 03 19:00:53 localhost.localdomain pluto[76345]: "f2ccfd79-5d0e-43e2-8fb2-0f759fe634cf" #2: NAT-Traversal: received 2 NAT-OA. Ignored because peer is not NATed
janv. 03 19:00:53 localhost.localdomain pluto[76345]: "f2ccfd79-5d0e-43e2-8fb2-0f759fe634cf" #2: IPsec SA established transport mode {ESPinUDP=>0x743d749f <0xea4349fb xfrm=AES_CBC_256-HMAC_SHA1_96 NATD=147.78.144.136:4500 DPD=passive}
janv. 03 19:00:54 localhost.localdomain pluto[76345]: netlink_acquire got message with length 60 < 232 bytes; ignore message
janv. 03 19:00:54 localhost.localdomain pluto[76345]: netlink_acquire got message with length 60 < 232 bytes; ignore message
janv. 03 19:00:54 localhost.localdomain pluto[76345]: netlink_acquire got message with length 60 < 232 bytes; ignore message
janv. 03 19:00:54 localhost.localdomain pluto[76345]: netlink_acquire got message with length 60 < 232 bytes; ignore message
janv. 03 19:00:54 localhost.localdomain pluto[76345]: netlink_acquire got message with length 68 < 232 bytes; ignore message
janv. 03 19:00:54 localhost.localdomain pluto[76345]: netlink_acquire got message with length 52 < 232 bytes; ignore message
janv. 03 19:00:54 localhost.localdomain pluto[76345]: netlink_acquire got message with length 68 < 232 bytes; ignore message
et après désactivation :
janv. 03 19:03:19 localhost.localdomain pluto[76345]: "f2ccfd79-5d0e-43e2-8fb2-0f759fe634cf": terminating SAs using this connection
janv. 03 19:03:19 localhost.localdomain pluto[76345]: "f2ccfd79-5d0e-43e2-8fb2-0f759fe634cf" #2: deleting state (STATE_QUICK_I2) aged 146.544509s and sending notification
janv. 03 19:03:19 localhost.localdomain pluto[76345]: "f2ccfd79-5d0e-43e2-8fb2-0f759fe634cf" #2: ESP traffic information: in=896B out=993B
janv. 03 19:03:19 localhost.localdomain pluto[76345]: "f2ccfd79-5d0e-43e2-8fb2-0f759fe634cf" #1: deleting state (STATE_MAIN_I4) aged 146.615605s and sending notification
-- Logs begin at Thu 2022-10-27 21:13:14 CEST, end at Tue 2023-01-03 18:56:33 CET. --
(...)
janv. 03 19:00:52 localhost.localdomain systemd[1]: Stopping Internet Key Exchange (IKE) Protocol Daemon for IPsec...
janv. 03 19:00:52 localhost.localdomain pluto[75903]: shutting down
janv. 03 19:00:52 localhost.localdomain pluto[75903]: forgetting secrets
janv. 03 19:00:52 localhost.localdomain whack[76078]: 002 shutting down
janv. 03 19:00:52 localhost.localdomain pluto[75903]: shutting down interface wlo1 [2a01:e0a:13a:73f0:ba9a:2aff:fefc:7bb9]:500
janv. 03 19:00:52 localhost.localdomain pluto[75903]: shutting down interface lo [::1]:500
janv. 03 19:00:52 localhost.localdomain pluto[75903]: shutting down interface lo 127.0.0.1:4500
janv. 03 19:00:52 localhost.localdomain pluto[75903]: shutting down interface lo 127.0.0.1:500
janv. 03 19:00:52 localhost.localdomain pluto[75903]: shutting down interface wlo1 192.168.1.100:4500
janv. 03 19:00:52 localhost.localdomain pluto[75903]: shutting down interface wlo1 192.168.1.100:500
janv. 03 19:00:52 localhost.localdomain pluto[75903]: leak detective found no leaks
janv. 03 19:00:52 localhost.localdomain systemd[1]: ipsec.service: Succeeded.
janv. 03 19:00:52 localhost.localdomain systemd[1]: Stopped Internet Key Exchange (IKE) Protocol Daemon for IPsec.
janv. 03 19:00:52 localhost.localdomain systemd[1]: Starting Internet Key Exchange (IKE) Protocol Daemon for IPsec...
janv. 03 19:00:53 localhost.localdomain ipsec[76334]: nflog ipsec capture disabled
janv. 03 19:00:53 localhost.localdomain pluto[76345]: Initializing NSS using read-write database "sql:/var/lib/ipsec/nss"
janv. 03 19:00:53 localhost.localdomain pluto[76345]: FIPS Mode: NO
janv. 03 19:00:53 localhost.localdomain pluto[76345]: NSS crypto library initialized
janv. 03 19:00:53 localhost.localdomain pluto[76345]: FIPS mode disabled for pluto daemon
janv. 03 19:00:53 localhost.localdomain pluto[76345]: FIPS HMAC integrity support [disabled]
janv. 03 19:00:53 localhost.localdomain pluto[76345]: libcap-ng support [enabled]
janv. 03 19:00:53 localhost.localdomain pluto[76345]: Linux audit support [enabled]
janv. 03 19:00:53 localhost.localdomain pluto[76345]: Warning: kernel has no audit support
janv. 03 19:00:53 localhost.localdomain pluto[76345]: Starting Pluto (Libreswan Version 4.6 IKEv2 IKEv1 XFRM XFRMI esp-hw-offload FORK PTHREAD_SETSCHEDPRIO NSS (IPsec profile) (NSS-PRF) DNSSEC SYSTEMD_WATCHDOG LABELED_IPSEC (SELINUX) S>
janv. 03 19:00:53 localhost.localdomain pluto[76345]: core dump dir: /run/pluto
janv. 03 19:00:53 localhost.localdomain pluto[76345]: secrets file: /etc/ipsec.secrets
janv. 03 19:00:53 localhost.localdomain pluto[76345]: leak-detective enabled
janv. 03 19:00:53 localhost.localdomain pluto[76345]: NSS crypto [enabled]
janv. 03 19:00:53 localhost.localdomain pluto[76345]: XAUTH PAM support [enabled]
janv. 03 19:00:53 localhost.localdomain pluto[76345]: initializing libevent in pthreads mode: headers: 2.1.12-stable (2010c00); library: 2.1.12-stable (2010c00)
janv. 03 19:00:53 localhost.localdomain pluto[76345]: NAT-Traversal support [enabled]
janv. 03 19:00:53 localhost.localdomain pluto[76345]: Encryption algorithms:
janv. 03 19:00:53 localhost.localdomain pluto[76345]: AES_CCM_16 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm, aes_ccm_c
janv. 03 19:00:53 localhost.localdomain pluto[76345]: AES_CCM_12 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm_b
janv. 03 19:00:53 localhost.localdomain pluto[76345]: AES_CCM_8 {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_ccm_a
janv. 03 19:00:53 localhost.localdomain pluto[76345]: 3DES_CBC [*192] IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CBC) 3des
janv. 03 19:00:53 localhost.localdomain pluto[76345]: CAMELLIA_CTR {256,192,*128} IKEv1: ESP IKEv2: ESP
janv. 03 19:00:53 localhost.localdomain pluto[76345]: CAMELLIA_CBC {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP NSS(CBC) camellia
janv. 03 19:00:53 localhost.localdomain pluto[76345]: AES_GCM_16 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm, aes_gcm_c
janv. 03 19:00:53 localhost.localdomain pluto[76345]: AES_GCM_12 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm_b
janv. 03 19:00:53 localhost.localdomain pluto[76345]: AES_GCM_8 {256,192,*128} IKEv1: ESP IKEv2: IKE ESP FIPS NSS(GCM) aes_gcm_a
janv. 03 19:00:53 localhost.localdomain pluto[76345]: AES_CTR {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CTR) aesctr
janv. 03 19:00:53 localhost.localdomain pluto[76345]: AES_CBC {256,192,*128} IKEv1: IKE ESP IKEv2: IKE ESP FIPS NSS(CBC) aes
janv. 03 19:00:53 localhost.localdomain pluto[76345]: NULL_AUTH_AES_GMAC {256,192,*128} IKEv1: ESP IKEv2: ESP FIPS aes_gmac
janv. 03 19:00:53 localhost.localdomain pluto[76345]: NULL [] IKEv1: ESP IKEv2: ESP
janv. 03 19:00:53 localhost.localdomain pluto[76345]: CHACHA20_POLY1305 [*256] IKEv1: IKEv2: IKE ESP NSS(AEAD) chacha20poly1305
janv. 03 19:00:53 localhost.localdomain pluto[76345]: Hash algorithms:
janv. 03 19:00:53 localhost.localdomain pluto[76345]: MD5 IKEv1: IKE IKEv2: NSS
janv. 03 19:00:53 localhost.localdomain pluto[76345]: SHA1 IKEv1: IKE IKEv2: IKE FIPS NSS sha
janv. 03 19:00:53 localhost.localdomain pluto[76345]: SHA2_256 IKEv1: IKE IKEv2: IKE FIPS NSS sha2, sha256
janv. 03 19:00:53 localhost.localdomain pluto[76345]: SHA2_384 IKEv1: IKE IKEv2: IKE FIPS NSS sha384
janv. 03 19:00:53 localhost.localdomain pluto[76345]: SHA2_512 IKEv1: IKE IKEv2: IKE FIPS NSS sha512
janv. 03 19:00:53 localhost.localdomain pluto[76345]: PRF algorithms:
janv. 03 19:00:53 localhost.localdomain pluto[76345]: HMAC_MD5 IKEv1: IKE IKEv2: IKE native(HMAC) md5
janv. 03 19:00:53 localhost.localdomain pluto[76345]: HMAC_SHA1 IKEv1: IKE IKEv2: IKE FIPS NSS sha, sha1
janv. 03 19:00:53 localhost.localdomain pluto[76345]: HMAC_SHA2_256 IKEv1: IKE IKEv2: IKE FIPS NSS sha2, sha256, sha2_256
janv. 03 19:00:53 localhost.localdomain pluto[76345]: HMAC_SHA2_384 IKEv1: IKE IKEv2: IKE FIPS NSS sha384, sha2_384
janv. 03 19:00:53 localhost.localdomain pluto[76345]: HMAC_SHA2_512 IKEv1: IKE IKEv2: IKE FIPS NSS sha512, sha2_512
janv. 03 19:00:53 localhost.localdomain pluto[76345]: AES_XCBC IKEv1: IKEv2: IKE native(XCBC) aes128_xcbc
janv. 03 19:00:53 localhost.localdomain pluto[76345]: Integrity algorithms:
janv. 03 19:00:53 localhost.localdomain pluto[76345]: HMAC_MD5_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH native(HMAC) md5, hmac_md5
janv. 03 19:00:53 localhost.localdomain pluto[76345]: HMAC_SHA1_96 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha, sha1, sha1_96, hmac_sha1
janv. 03 19:00:53 localhost.localdomain pluto[76345]: HMAC_SHA2_512_256 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha512, sha2_512, sha2_512_256, hmac_sha2_512
janv. 03 19:00:53 localhost.localdomain pluto[76345]: HMAC_SHA2_384_192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha384, sha2_384, sha2_384_192, hmac_sha2_384
janv. 03 19:00:53 localhost.localdomain pluto[76345]: HMAC_SHA2_256_128 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS sha2, sha256, sha2_256, sha2_256_128, hmac_sha2_256
janv. 03 19:00:53 localhost.localdomain pluto[76345]: HMAC_SHA2_256_TRUNCBUG IKEv1: ESP AH IKEv2: AH
janv. 03 19:00:53 localhost.localdomain pluto[76345]: AES_XCBC_96 IKEv1: ESP AH IKEv2: IKE ESP AH native(XCBC) aes_xcbc, aes128_xcbc, aes128_xcbc_96
janv. 03 19:00:53 localhost.localdomain pluto[76345]: AES_CMAC_96 IKEv1: ESP AH IKEv2: ESP AH FIPS aes_cmac
janv. 03 19:00:53 localhost.localdomain pluto[76345]: NONE IKEv1: ESP IKEv2: IKE ESP FIPS null
janv. 03 19:00:53 localhost.localdomain pluto[76345]: DH algorithms:
janv. 03 19:00:53 localhost.localdomain pluto[76345]: NONE IKEv1: IKEv2: IKE ESP AH FIPS NSS(MODP) null, dh0
janv. 03 19:00:53 localhost.localdomain pluto[76345]: MODP1536 IKEv1: IKE ESP AH IKEv2: IKE ESP AH NSS(MODP) dh5
janv. 03 19:00:53 localhost.localdomain pluto[76345]: MODP2048 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh14
janv. 03 19:00:53 localhost.localdomain pluto[76345]: MODP3072 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh15
janv. 03 19:00:53 localhost.localdomain pluto[76345]: MODP4096 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh16
janv. 03 19:00:53 localhost.localdomain pluto[76345]: MODP6144 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh17
janv. 03 19:00:53 localhost.localdomain pluto[76345]: MODP8192 IKEv1: IKE ESP AH IKEv2: IKE ESP AH FIPS NSS(MODP) dh18
janv. 03 19:00:53 localhost.localdomain pluto[76345]: DH19 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_256, ecp256
janv. 03 19:00:53 localhost.localdomain pluto[76345]: DH20 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_384, ecp384
janv. 03 19:00:53 localhost.localdomain pluto[76345]: DH21 IKEv1: IKE IKEv2: IKE ESP AH FIPS NSS(ECP) ecp_521, ecp521
janv. 03 19:00:53 localhost.localdomain pluto[76345]: DH31 IKEv1: IKE IKEv2: IKE ESP AH NSS(ECP) curve25519
janv. 03 19:00:53 localhost.localdomain pluto[76345]: testing CAMELLIA_CBC:
janv. 03 19:00:53 localhost.localdomain pluto[76345]: Camellia: 16 bytes with 128-bit key
janv. 03 19:00:53 localhost.localdomain pluto[76345]: Camellia: 16 bytes with 128-bit key
janv. 03 19:00:53 localhost.localdomain pluto[76345]: Camellia: 16 bytes with 256-bit key
janv. 03 19:00:53 localhost.localdomain pluto[76345]: Camellia: 16 bytes with 256-bit key
janv. 03 19:00:53 localhost.localdomain systemd[1]: Started Internet Key Exchange (IKE) Protocol Daemon for IPsec.
janv. 03 19:00:53 localhost.localdomain pluto[76345]: testing AES_GCM_16:
janv. 03 19:00:53 localhost.localdomain pluto[76345]: empty string
janv. 03 19:00:53 localhost.localdomain pluto[76345]: one block
janv. 03 19:00:53 localhost.localdomain pluto[76345]: two blocks
janv. 03 19:00:53 localhost.localdomain pluto[76345]: two blocks with associated data
janv. 03 19:00:53 localhost.localdomain pluto[76345]: testing AES_CTR:
janv. 03 19:00:53 localhost.localdomain pluto[76345]: Encrypting 16 octets using AES-CTR with 128-bit key
janv. 03 19:00:53 localhost.localdomain pluto[76345]: Encrypting 32 octets using AES-CTR with 128-bit key
janv. 03 19:00:53 localhost.localdomain pluto[76345]: Encrypting 36 octets using AES-CTR with 128-bit key
janv. 03 19:00:53 localhost.localdomain pluto[76345]: Encrypting 16 octets using AES-CTR with 192-bit key
janv. 03 19:00:53 localhost.localdomain pluto[76345]: Encrypting 32 octets using AES-CTR with 192-bit key
janv. 03 19:00:53 localhost.localdomain pluto[76345]: Encrypting 36 octets using AES-CTR with 192-bit key
janv. 03 19:00:53 localhost.localdomain pluto[76345]: Encrypting 16 octets using AES-CTR with 256-bit key
janv. 03 19:00:53 localhost.localdomain pluto[76345]: Encrypting 32 octets using AES-CTR with 256-bit key
janv. 03 19:00:53 localhost.localdomain pluto[76345]: Encrypting 36 octets using AES-CTR with 256-bit key
janv. 03 19:00:53 localhost.localdomain pluto[76345]: testing AES_CBC:
janv. 03 19:00:53 localhost.localdomain pluto[76345]: Encrypting 16 bytes (1 block) using AES-CBC with 128-bit key
janv. 03 19:00:53 localhost.localdomain pluto[76345]: Encrypting 32 bytes (2 blocks) using AES-CBC with 128-bit key
janv. 03 19:00:53 localhost.localdomain pluto[76345]: Encrypting 48 bytes (3 blocks) using AES-CBC with 128-bit key
janv. 03 19:00:53 localhost.localdomain pluto[76345]: Encrypting 64 bytes (4 blocks) using AES-CBC with 128-bit key
janv. 03 19:00:53 localhost.localdomain pluto[76345]: testing AES_XCBC:
janv. 03 19:00:53 localhost.localdomain pluto[76345]: RFC 3566 Test Case 1: AES-XCBC-MAC-96 with 0-byte input
janv. 03 19:00:53 localhost.localdomain pluto[76345]: RFC 3566 Test Case 2: AES-XCBC-MAC-96 with 3-byte input
janv. 03 19:00:53 localhost.localdomain pluto[76345]: RFC 3566 Test Case 3: AES-XCBC-MAC-96 with 16-byte input
janv. 03 19:00:53 localhost.localdomain pluto[76345]: RFC 3566 Test Case 4: AES-XCBC-MAC-96 with 20-byte input
janv. 03 19:00:53 localhost.localdomain pluto[76345]: RFC 3566 Test Case 5: AES-XCBC-MAC-96 with 32-byte input
janv. 03 19:00:53 localhost.localdomain pluto[76345]: RFC 3566 Test Case 6: AES-XCBC-MAC-96 with 34-byte input
janv. 03 19:00:53 localhost.localdomain pluto[76345]: RFC 3566 Test Case 7: AES-XCBC-MAC-96 with 1000-byte input
janv. 03 19:00:53 localhost.localdomain pluto[76345]: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 16)
janv. 03 19:00:53 localhost.localdomain pluto[76345]: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 10)
janv. 03 19:00:53 localhost.localdomain pluto[76345]: RFC 4434 Test Case AES-XCBC-PRF-128 with 20-byte input (key length 18)
janv. 03 19:00:53 localhost.localdomain pluto[76345]: testing HMAC_MD5:
janv. 03 19:00:53 localhost.localdomain pluto[76345]: RFC 2104: MD5_HMAC test 1
janv. 03 19:00:53 localhost.localdomain pluto[76345]: RFC 2104: MD5_HMAC test 2
janv. 03 19:00:53 localhost.localdomain pluto[76345]: RFC 2104: MD5_HMAC test 3
janv. 03 19:00:53 localhost.localdomain pluto[76345]: 8 CPU cores online
janv. 03 19:00:53 localhost.localdomain pluto[76345]: starting up 7 helper threads
janv. 03 19:00:53 localhost.localdomain pluto[76345]: started thread for helper 0
janv. 03 19:00:53 localhost.localdomain pluto[76345]: started thread for helper 1
janv. 03 19:00:53 localhost.localdomain pluto[76345]: started thread for helper 2
janv. 03 19:00:53 localhost.localdomain pluto[76345]: helper(2) seccomp security disabled for crypto helper 2
janv. 03 19:00:53 localhost.localdomain pluto[76345]: helper(1) seccomp security disabled for crypto helper 1
janv. 03 19:00:53 localhost.localdomain pluto[76345]: started thread for helper 3
janv. 03 19:00:53 localhost.localdomain pluto[76345]: helper(3) seccomp security disabled for crypto helper 3
janv. 03 19:00:53 localhost.localdomain pluto[76345]: helper(4) seccomp security disabled for crypto helper 4
janv. 03 19:00:53 localhost.localdomain pluto[76345]: started thread for helper 4
janv. 03 19:00:53 localhost.localdomain pluto[76345]: helper(5) seccomp security disabled for crypto helper 5
janv. 03 19:00:53 localhost.localdomain pluto[76345]: started thread for helper 5
janv. 03 19:00:53 localhost.localdomain pluto[76345]: helper(6) seccomp security disabled for crypto helper 6
janv. 03 19:00:53 localhost.localdomain pluto[76345]: started thread for helper 6
janv. 03 19:00:53 localhost.localdomain pluto[76345]: using Linux xfrm kernel support code on #1 SMP Thu Dec 8 21:42:04 UTC 2022
janv. 03 19:00:53 localhost.localdomain pluto[76345]: helper(7) seccomp security disabled for crypto helper 7
janv. 03 19:00:53 localhost.localdomain pluto[76345]: kernel: xfrm XFRM_MSG_UPDPOLICY for flow add port bypass(in) encountered unexpected policy
janv. 03 19:00:53 localhost.localdomain pluto[76345]: kernel: xfrm XFRM_MSG_UPDPOLICY for flow add port bypass(fwd) encountered unexpected policy
janv. 03 19:00:53 localhost.localdomain pluto[76345]: kernel: xfrm XFRM_MSG_UPDPOLICY for flow add port bypass(out) encountered unexpected policy
janv. 03 19:00:53 localhost.localdomain pluto[76345]: kernel: xfrm XFRM_MSG_UPDPOLICY for flow add port bypass(in) encountered unexpected policy
janv. 03 19:00:53 localhost.localdomain pluto[76345]: kernel: xfrm XFRM_MSG_UPDPOLICY for flow add port bypass(fwd) encountered unexpected policy
janv. 03 19:00:53 localhost.localdomain pluto[76345]: kernel: xfrm XFRM_MSG_UPDPOLICY for flow add port bypass(out) encountered unexpected policy
janv. 03 19:00:53 localhost.localdomain pluto[76345]: selinux support is NOT enabled.
janv. 03 19:00:53 localhost.localdomain pluto[76345]: systemd watchdog for ipsec service configured with timeout of 200000000 usecs
janv. 03 19:00:53 localhost.localdomain pluto[76345]: watchdog: sending probes every 100 secs
janv. 03 19:00:53 localhost.localdomain pluto[76345]: seccomp security disabled
janv. 03 19:00:53 localhost.localdomain pluto[76345]: listening for IKE messages
janv. 03 19:00:53 localhost.localdomain pluto[76345]: Kernel supports NIC esp-hw-offload
janv. 03 19:00:53 localhost.localdomain pluto[76345]: adding UDP interface wlo1 192.168.1.100:500
janv. 03 19:00:53 localhost.localdomain pluto[76345]: adding UDP interface wlo1 192.168.1.100:4500
janv. 03 19:00:53 localhost.localdomain pluto[76345]: adding UDP interface lo 127.0.0.1:500
janv. 03 19:00:53 localhost.localdomain pluto[76345]: adding UDP interface lo 127.0.0.1:4500
janv. 03 19:00:53 localhost.localdomain pluto[76345]: adding UDP interface lo [::1]:500
janv. 03 19:00:53 localhost.localdomain pluto[76345]: adding UDP interface wlo1 [2a01:e0a:13a:73f0:ba9a:2aff:fefc:7bb9]:500
janv. 03 19:00:53 localhost.localdomain pluto[76345]: loading secrets from "/etc/ipsec.secrets"
janv. 03 19:00:53 localhost.localdomain pluto[76345]: loading secrets from "/etc/ipsec.d/ipsec.nm-l2tp.secrets"
janv. 03 19:00:53 localhost.localdomain pluto[76345]: listening for IKE messages
janv. 03 19:00:53 localhost.localdomain pluto[76345]: forgetting secrets
janv. 03 19:00:53 localhost.localdomain pluto[76345]: loading secrets from "/etc/ipsec.secrets"
janv. 03 19:00:53 localhost.localdomain pluto[76345]: loading secrets from "/etc/ipsec.d/ipsec.nm-l2tp.secrets"
janv. 03 19:00:53 localhost.localdomain pluto[76345]: "f2ccfd79-5d0e-43e2-8fb2-0f759fe634cf": added IKEv1 connection
janv. 03 19:00:53 localhost.localdomain pluto[76345]: "f2ccfd79-5d0e-43e2-8fb2-0f759fe634cf" #1: initiating IKEv1 Main Mode connection
janv. 03 19:00:53 localhost.localdomain pluto[76345]: "f2ccfd79-5d0e-43e2-8fb2-0f759fe634cf" #1: sent Main Mode request
janv. 03 19:00:53 localhost.localdomain pluto[76345]: "f2ccfd79-5d0e-43e2-8fb2-0f759fe634cf" #1: WARNING: connection f2ccfd79-5d0e-43e2-8fb2-0f759fe634cf PSK length of 8 bytes is too short for HMAC_SHA2_256 PRF in FIPS mode (16 bytes r>
janv. 03 19:00:53 localhost.localdomain pluto[76345]: "f2ccfd79-5d0e-43e2-8fb2-0f759fe634cf" #1: sent Main Mode I2
janv. 03 19:00:53 localhost.localdomain pluto[76345]: "f2ccfd79-5d0e-43e2-8fb2-0f759fe634cf" #1: sent Main Mode I3
janv. 03 19:00:53 localhost.localdomain pluto[76345]: "f2ccfd79-5d0e-43e2-8fb2-0f759fe634cf" #1: Peer ID is ID_IPV4_ADDR: '147.78.144.136'
janv. 03 19:00:53 localhost.localdomain pluto[76345]: "f2ccfd79-5d0e-43e2-8fb2-0f759fe634cf" #1: IKE SA established {auth=PRESHARED_KEY cipher=AES_CBC_256 integ=HMAC_SHA2_256 group=MODP2048}
janv. 03 19:00:53 localhost.localdomain pluto[76345]: "f2ccfd79-5d0e-43e2-8fb2-0f759fe634cf" #2: initiating Quick Mode IKEv1+PSK+ENCRYPT+PFS+UP+IKE_FRAG_ALLOW+ESN_NO+ESN_YES {using isakmp#1 msgid:e9c02a5b proposal=AES_CBC_256-HMAC_SHA1>
janv. 03 19:00:53 localhost.localdomain pluto[76345]: "f2ccfd79-5d0e-43e2-8fb2-0f759fe634cf" #2: sent Quick Mode request
janv. 03 19:00:53 localhost.localdomain pluto[76345]: "f2ccfd79-5d0e-43e2-8fb2-0f759fe634cf" #2: NAT-Traversal: received 2 NAT-OA. Ignored because peer is not NATed
janv. 03 19:00:53 localhost.localdomain pluto[76345]: "f2ccfd79-5d0e-43e2-8fb2-0f759fe634cf" #2: IPsec SA established transport mode {ESPinUDP=>0x743d749f <0xea4349fb xfrm=AES_CBC_256-HMAC_SHA1_96 NATD=147.78.144.136:4500 DPD=passive}
janv. 03 19:00:54 localhost.localdomain pluto[76345]: netlink_acquire got message with length 60 < 232 bytes; ignore message
janv. 03 19:00:54 localhost.localdomain pluto[76345]: netlink_acquire got message with length 60 < 232 bytes; ignore message
janv. 03 19:00:54 localhost.localdomain pluto[76345]: netlink_acquire got message with length 60 < 232 bytes; ignore message
janv. 03 19:00:54 localhost.localdomain pluto[76345]: netlink_acquire got message with length 60 < 232 bytes; ignore message
janv. 03 19:00:54 localhost.localdomain pluto[76345]: netlink_acquire got message with length 68 < 232 bytes; ignore message
janv. 03 19:00:54 localhost.localdomain pluto[76345]: netlink_acquire got message with length 52 < 232 bytes; ignore message
janv. 03 19:00:54 localhost.localdomain pluto[76345]: netlink_acquire got message with length 68 < 232 bytes; ignore message
et après désactivation :
janv. 03 19:03:19 localhost.localdomain pluto[76345]: "f2ccfd79-5d0e-43e2-8fb2-0f759fe634cf": terminating SAs using this connection
janv. 03 19:03:19 localhost.localdomain pluto[76345]: "f2ccfd79-5d0e-43e2-8fb2-0f759fe634cf" #2: deleting state (STATE_QUICK_I2) aged 146.544509s and sending notification
janv. 03 19:03:19 localhost.localdomain pluto[76345]: "f2ccfd79-5d0e-43e2-8fb2-0f759fe634cf" #2: ESP traffic information: in=896B out=993B
janv. 03 19:03:19 localhost.localdomain pluto[76345]: "f2ccfd79-5d0e-43e2-8fb2-0f759fe634cf" #1: deleting state (STATE_MAIN_I4) aged 146.615605s and sending notification
cat /var/log/pluto.log
cat: /var/log/pluto.log: Aucun fichier ou dossier de ce type
Merci !
Jacques
squid-f Membre non connecté
-
- Voir le profil du membre squid-f
- Inscrit le : 03/04/2016
- Groupes :
-
Membre d'Honneur
Pour être sûr, je voudrais le résultat de systemctl status ipsec après l'activation du vpn.
Code BASH :
systemctl status ipsec > status.txtet poster le fichier status.txt car, sinon, le résultat posté ici est tronqué.
A+
squid-f Membre non connecté
-
- Voir le profil du membre squid-f
- Inscrit le : 03/04/2016
- Groupes :
-
Membre d'Honneur
J'aurai moins de temps aujourd'hui et demain.
Unbound ne fonctionne pas selon les infos sur tous les services activités que tu as fournies.
dig trouve tous les sites en utilisant le DNS de ton opérateur, même en mode vpn. C'est peut-être normal, même si je m'attendais plutôt à voir un serveur via le vpn.
Je pense aussi, comme ton responsable réseau, que la configuration du client vpn manque quelque chose. C'est pour cela que je pose des questions sur ipsec et libreswan. Mais je ne connais pas en détail, donc, j'y vais à tâtons ; désolé.
N'hésite pas de continuer à poster ici.
A+
babs3 Membre non connecté
-
- Voir le profil du membre babs3
- Inscrit le : 22/05/2013
- Groupes :
Pour le fait que des requêtes ne passent pas par le VPN c'est ce dont mon responsable réseau s'étonne aussi.
Voici le fichier status.txt :
status.txt
Merci !
Jacques
Édité par babs3 Le 04/01/2023 à 09h52
squid-f Membre non connecté
-
- Voir le profil du membre squid-f
- Inscrit le : 03/04/2016
- Groupes :
-
Membre d'Honneur
Que donne
Code BASH :
ipsec verify
J’ai trouvé un article intéressant qui me fait penser que la configuration n’est pas terminée:
https://kifarunix.com/install-and-configure-libreswan-vpn-client-on-ubuntu-debian/
A+
Répondre
Vous n'êtes pas autorisé à écrire dans cette catégorie