<div dir="ltr"><div>Does anyone know why when I try to log to a log file either in /var/log or my home folder that I get permission denied? This is what I'm seeing in syslog. I'm running "sudo ipsec start" so I thought that it would have the correct permissions to write the log file.<br>
<br>Thanks,<br></div> Brian<br><div><div><br><div class="gmail_quote">---------- Forwarded message ----------<br>From: <b class="gmail_sendername">Brian Watson</b> <span dir="ltr"><<a href="mailto:bwats9999@gmail.com">bwats9999@gmail.com</a>></span><br>
Date: Wed, May 7, 2014 at 8:20 AM<br>Subject: Re: [strongSwan] Questions for getting Strongswan up and running<br>To: Noel Kuntze <<a href="mailto:noel@familie-kuntze.de">noel@familie-kuntze.de</a>><br><br><br><div dir="ltr">
I had been using openssl, but I'll install libgmp also.<br></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><br><div class="gmail_quote">On Tue, May 6, 2014 at 5:41 PM, Noel Kuntze <span dir="ltr"><<a href="mailto:noel@familie-kuntze.de" target="_blank">noel@familie-kuntze.de</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><br>
-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA256<br>
<br>
</div>Did you install libgmp already? You need that for the DH exchange. As a replacement, you could also use openssl, but you need to replace gmp with openssl in the load statement.<br>
<br>
Am 07.05.2014 00:26, schrieb Brian Watson:<br>
<div>> If I do "sudo ipsec start" again it says that it's already running. I then do "sudo ipsec up home" and that's when I get the NO_PROPOSAL_CHOSEN error that i'm trying to debug. I'll be leaving soon, but will check for syntax errors. Thanks for all your help! This is interesting.<br>
><br>
><br>
</div><div>> On Tue, May 6, 2014 at 5:13 PM, Noel Kuntze <<a href="mailto:noel@familie-kuntze.de" target="_blank">noel@familie-kuntze.de</a> <mailto:<a href="mailto:noel@familie-kuntze.de" target="_blank">noel@familie-kuntze.de</a>>> wrote:<br>
><br>
><br>
> Okay, that should be fairly recent. Check your strongswan.conf for syntax errors. Does strongswan run after you started it or does it stop itself?<br>
><br>
> Am 07.05.2014 00:06, schrieb Brian Watson:<br>
> > I do the following:<br>
><br>
> > 1. sudo ipsec start (so yes it's running as root)<br>
> > 2. It says the following:<br>
> > !! Your strongswan.conf contains manual plugin load options for charon.<br>
> > !! This is recommended for experts only, see<br>
> > !! <a href="http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad" target="_blank">http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad</a><br>
> > 3. The log file doesn't get created.<br>
> > 4. Version - U5.1.2/K3.13.0-24-generic<br>
><br>
><br>
</div><div>> > On Tue, May 6, 2014 at 4:50 PM, Noel Kuntze <<a href="mailto:noel@familie-kuntze.de" target="_blank">noel@familie-kuntze.de</a> <mailto:<a href="mailto:noel@familie-kuntze.de" target="_blank">noel@familie-kuntze.de</a>> <mailto:<a href="mailto:noel@familie-kuntze.de" target="_blank">noel@familie-kuntze.de</a> <mailto:<a href="mailto:noel@familie-kuntze.de" target="_blank">noel@familie-kuntze.de</a>>>> wrote:<br>
><br>
><br>
> > Okay, as what user ist strongSwan running? Is it as root?<br>
> > Does the file get created?<br>
> > What does ipsec say when you start strongSwan?<br>
> > What version of strongSwan are you using?<br>
><br>
><br>
> > Am 06.05.2014 23:49, schrieb Brian Watson:<br>
> > > Yes, I just checked and the extra curly brace is there even though I didn't include it in the email. I also changed append=no to yes to see if that would have an effect, but it didn't.<br>
><br>
><br>
</div><div><div>> > > On Tue, May 6, 2014 at 4:32 PM, Brian Watson <<a href="mailto:bwats9999@gmail.com" target="_blank">bwats9999@gmail.com</a> <mailto:<a href="mailto:bwats9999@gmail.com" target="_blank">bwats9999@gmail.com</a>> <mailto:<a href="mailto:bwats9999@gmail.com" target="_blank">bwats9999@gmail.com</a> <mailto:<a href="mailto:bwats9999@gmail.com" target="_blank">bwats9999@gmail.com</a>>> <mailto:<a href="mailto:bwats9999@gmail.com" target="_blank">bwats9999@gmail.com</a> <mailto:<a href="mailto:bwats9999@gmail.com" target="_blank">bwats9999@gmail.com</a>> <mailto:<a href="mailto:bwats9999@gmail.com" target="_blank">bwats9999@gmail.com</a> <mailto:<a href="mailto:bwats9999@gmail.com" target="_blank">bwats9999@gmail.com</a>>>>> wrote:<br>
><br>
> > > I've been trying to get the log file to work, but something isn't quite right. I have the following info in my strongswan.conf file:<br>
><br>
> > > charon {<br>
> > > load = aes des sha1 sha2 md5 openssl random nonce hmac stroke kernel-netlink socket-default updown<br>
> > > send_vendor_id=yes<br>
> > > # two defined file loggers<br>
> > > filelog {<br>
> > > /var/log/charon.log {<br>
> > > # add a timestamp prefix<br>
> > > time_format = %b %e %T<br>
> > > # prepend connection name, simplifies grepping<br>
> > > ike_name = yes<br>
> > > # overwrite existing files<br>
> > > append = no<br>
> > > # increase default loglevel for all daemon subsystems<br>
> > > default = 2<br>
> > > # flush each line to disk<br>
> > > flush_line = yes<br>
> > > }<br>
> > > stderr {<br>
> > > # more detailed loglevel for a specific subsystem, overriding the<br>
> > > # default loglevel.<br>
> > > ike = 2<br>
> > > knl = 3<br>
> > > }<br>
> > > }<br>
><br>
> > > I'm also trying different variations like changing the name and location of the log file and I also tried to use stdout, but nothing happening. Any ideas?<br>
><br>
> > > Thanks,<br>
> > > Brian<br>
><br>
><br>
</div></div><div>> > > On Tue, May 6, 2014 at 10:59 AM, Noel Kuntze <<a href="mailto:noel@familie-kuntze.de" target="_blank">noel@familie-kuntze.de</a> <mailto:<a href="mailto:noel@familie-kuntze.de" target="_blank">noel@familie-kuntze.de</a>> <mailto:<a href="mailto:noel@familie-kuntze.de" target="_blank">noel@familie-kuntze.de</a> <mailto:<a href="mailto:noel@familie-kuntze.de" target="_blank">noel@familie-kuntze.de</a>>> <mailto:<a href="mailto:noel@familie-kuntze.de" target="_blank">noel@familie-kuntze.de</a> <mailto:<a href="mailto:noel@familie-kuntze.de" target="_blank">noel@familie-kuntze.de</a>> <mailto:<a href="mailto:noel@familie-kuntze.de" target="_blank">noel@familie-kuntze.de</a> <mailto:<a href="mailto:noel@familie-kuntze.de" target="_blank">noel@familie-kuntze.de</a>>>>> wrote:<br>
><br>
><br>
> > > Hello Brian,<br>
><br>
> > > The two peers couldn't negotiate a shared cipher-hmac-modp 3-tupel in phase one.<br>
> > > I advise setting up logging to a file [1] and looking for the cipher proposal the two peers send each other and adjusting them with the "ike=" parameter in the connection section.<br>
> > > Be advised, that you can not simply copy an paste the proposal in ipsec.conf. Look for the fitting description of the tupel in the example configurations [2].<br>
> > > Also, read the manpage about the "ike" parameter.<br>
><br>
> > > [1] <a href="http://wiki.strongswan.org/projects/strongswan/wiki/LoggerConfiguration" target="_blank">http://wiki.strongswan.org/projects/strongswan/wiki/LoggerConfiguration</a><br>
> > > [2] <a href="http://www.strongswan.org/uml/testresults/all.html" target="_blank">http://www.strongswan.org/uml/testresults/all.html</a><br>
><br>
> > > Regards,<br>
> > > Noel Kuntze<br>
><br>
> > > Am 06.05.2014 17:47, schrieb Brian Watson:<br>
> > > > Hi Noel,<br>
> > > > Thanks for the tip! I'm making progress and updated both strongswan.conf files, but now I get the following error for which I'm investigating:<br>
><br>
> > > > initiating IKE_SA home[3] to 127.0.0.2<br>
> > > > generating IKE_SA_INIT request 0 [ SA KE No N(NATD_S_IP) N(NATD_D_IP) ]<br>
> > > > sending packet: from 127.0.0.3[500] to 127.0.0.2[500] (892 bytes)<br>
> > > > received packet: from 127.0.0.2[500] to 127.0.0.3[500] (36 bytes)<br>
> > > > parsed IKE_SA_INIT response 0 [ N(NO_PROP) ]<br>
> > > > received NO_PROPOSAL_CHOSEN notify error<br>
> > > > establishing connection 'home' failed<br>
><br>
> > > > Any ideas?<br>
><br>
> > > > Thanks,<br>
> > > > Brian<br>
><br>
><br>
><br>
</div><div>> > > > On Tue, May 6, 2014 at 10:11 AM, Noel Kuntze <<a href="mailto:noel@familie-kuntze.de" target="_blank">noel@familie-kuntze.de</a> <mailto:<a href="mailto:noel@familie-kuntze.de" target="_blank">noel@familie-kuntze.de</a>> <mailto:<a href="mailto:noel@familie-kuntze.de" target="_blank">noel@familie-kuntze.de</a> <mailto:<a href="mailto:noel@familie-kuntze.de" target="_blank">noel@familie-kuntze.de</a>>> <mailto:<a href="mailto:noel@familie-kuntze.de" target="_blank">noel@familie-kuntze.de</a> <mailto:<a href="mailto:noel@familie-kuntze.de" target="_blank">noel@familie-kuntze.de</a>> <mailto:<a href="mailto:noel@familie-kuntze.de" target="_blank">noel@familie-kuntze.de</a> <mailto:<a href="mailto:noel@familie-kuntze.de" target="_blank">noel@familie-kuntze.de</a>>>> <mailto:<a href="mailto:noel@familie-kuntze.de" target="_blank">noel@familie-kuntze.de</a> <mailto:<a href="mailto:noel@familie-kuntze.de" target="_blank">noel@familie-kuntze.de</a>> <mailto:<a href="mailto:noel@familie-kuntze.de" target="_blank">noel@familie-kuntze.de</a> <mailto:<a href="mailto:noel@familie-kuntze.de" target="_blank">noel@familie-kuntze.de</a>>> <mailto:<a href="mailto:noel@familie-kuntze.de" target="_blank">noel@familie-kuntze.de</a> <mailto:<a href="mailto:noel@familie-kuntze.de" target="_blank">noel@familie-kuntze.de</a>> <mailto:<a href="mailto:noel@familie-kuntze.de" target="_blank">noel@familie-kuntze.de</a> <mailto:<a href="mailto:noel@familie-kuntze.de" target="_blank">noel@familie-kuntze.de</a>>>>>> wrote:<br>
><br>
><br>
> > > > Hello Brian,<br>
><br>
> > > > Plugins in StrongSwan provide suppoer for cryptographic operations, like Diffie-Hellman keyexchanges and ciphers.<br>
> > > > StrongSwan itself only comes with a small number of plugins for ciphers like aes or des, but not DH, which is used to negotiate the key in phase one.<br>
> > > > Plugins provide access to 3rd party APIs, like the ones of openssl and libgmp.<br>
> > > > The default proposal StrongSwan sends includes a DH exchange over a modulus of 2048 bit, which is provided by either libgmp or openssl.<br>
> > > > It seems you do not have libgmp installed on your box. Please install it, then try again. As an alternative, you could also use openssl.<br>
> > > > To use openssl instead of libgmp for cryptography, just replace gmp with openssl in the load argument in strongswan.conf.<br>
><br>
> > > > Regards,<br>
> > > > Noel Kuntze<br>
><br>
> > > > Am 06.05.2014 16:54, schrieb Brian Watson:<br>
> > > > > I also have done the following:<br>
><br>
> > > > > 1. ipsec up home<br>
><br>
> > > > > 2. I get the following in response<br>
> > > > > initiating IKE_SA home[1] to 127.0.0.2<br>
> > > > > configured DH group MODP_2048 not supported<br>
> > > > > tried to check-in and delete nonexisting IKE_SA<br>
> > > > > establishing connection 'home' failed<br>
><br>
> > > > > Thanks!<br>
> > > > > Brian<br>
><br>
><br>
</div><div><div>> > > > > On Tue, May 6, 2014 at 9:06 AM, Brian Watson <<a href="mailto:bwats9999@gmail.com" target="_blank">bwats9999@gmail.com</a> <mailto:<a href="mailto:bwats9999@gmail.com" target="_blank">bwats9999@gmail.com</a>> <mailto:<a href="mailto:bwats9999@gmail.com" target="_blank">bwats9999@gmail.com</a> <mailto:<a href="mailto:bwats9999@gmail.com" target="_blank">bwats9999@gmail.com</a>>> <mailto:<a href="mailto:bwats9999@gmail.com" target="_blank">bwats9999@gmail.com</a> <mailto:<a href="mailto:bwats9999@gmail.com" target="_blank">bwats9999@gmail.com</a>> <mailto:<a href="mailto:bwats9999@gmail.com" target="_blank">bwats9999@gmail.com</a> <mailto:<a href="mailto:bwats9999@gmail.com" target="_blank">bwats9999@gmail.com</a>>>> <mailto:<a href="mailto:bwats9999@gmail.com" target="_blank">bwats9999@gmail.com</a> <mailto:<a href="mailto:bwats9999@gmail.com" target="_blank">bwats9999@gmail.com</a>> <mailto:<a href="mailto:bwats9999@gmail.com" target="_blank">bwats9999@gmail.com</a> <mailto:<a href="mailto:bwats9999@gmail.com" target="_blank">bwats9999@gmail.com</a>>> <mailto:<a href="mailto:bwats9999@gmail.com" target="_blank">bwats9999@gmail.com</a> <mailto:<a href="mailto:bwats9999@gmail.com" target="_blank">bwats9999@gmail.com</a>> <mailto:<a href="mailto:bwats9999@gmail.com" target="_blank">bwats9999@gmail.com</a> <mailto:<a href="mailto:bwats9999@gmail.com" target="_blank">bwats9999@gmail.com</a>>>>> <mailto:<a href="mailto:bwats9999@gmail.com" target="_blank">bwats9999@gmail.com</a> <mailto:<a href="mailto:bwats9999@gmail.com" target="_blank">bwats9999@gmail.com</a>> <mailto:<a href="mailto:bwats9999@gmail.com" target="_blank">bwats9999@gmail.com</a> <mailto:<a href="mailto:bwats9999@gmail.com" target="_blank">bwats9999@gmail.com</a>>> <mailto:<a href="mailto:bwats9999@gmail.com" target="_blank">bwats9999@gmail.com</a> <mailto:<a href="mailto:bwats9999@gmail.com" target="_blank">bwats9999@gmail.com</a>> <mailto:<a href="mailto:bwats9999@gmail.com" target="_blank">bwats9999@gmail.com</a> <mailto:<a href="mailto:bwats9999@gmail.com" target="_blank">bwats9999@gmail.com</a>>>> <mailto:<a href="mailto:bwats9999@gmail.com" target="_blank">bwats9999@gmail.com</a> <mailto:<a href="mailto:bwats9999@gmail.com" target="_blank">bwats9999@gmail.com</a>> <mailto:<a href="mailto:bwats9999@gmail.com" target="_blank">bwats9999@gmail.com</a> <mailto:<a href="mailto:bwats9999@gmail.com" target="_blank">bwats9999@gmail.com</a>>> <mailto:<a href="mailto:bwats9999@gmail.com" target="_blank">bwats9999@gmail.com</a> <mailto:<a href="mailto:bwats9999@gmail.com" target="_blank">bwats9999@gmail.com</a>> <mailto:<a href="mailto:bwats9999@gmail.com" target="_blank">bwats9999@gmail.com</a> <mailto:<a href="mailto:bwats9999@gmail.com" target="_blank">bwats9999@gmail.com</a>>>>>>> wrote:<br>
><br>
> > > > > I have setup strongswan with the config files on 2 virtual boxes running Ubuntu 14.04. I have the following with the 2nd virtual machine basically mirroring the first with the exception of the ip address being swapped around:<br>
><br>
> > > > > 1. I setup the config files on 2 Ubuntu virtualbox machines<br>
> > > > > ipsec.conf<br>
> > > > > -------------------------<br>
> > > > > config setup<br>
><br>
> > > > > conn %default<br>
> > > > > ikelifetime=60m<br>
> > > > > keylife=20m<br>
> > > > > rekeymargin=3m<br>
> > > > > keyingtries=1<br>
> > > > > keyexchange=ikev2<br>
> > > > > authby=secret<br>
><br>
> > > > > conn home<br>
> > > > > left=127.0.0.2<br>
> > > > > leftfirewall=no<br>
> > > > > right=127.0.0.3<br>
> > > > > auto=add<br>
><br>
> > > > > ipsec.secrets<br>
> > > > > ------------------------------<br>
> > > > > 127.0.0.2 : PSK <shared secret><br>
><br>
> > > > > strongswan.conf<br>
> > > > > -------------------------------<br>
> > > > > charon {<br>
> > > > > load = aes des sha1 sha2 md5 gmp random nonce hmac stroke kernel-netlink socket-default updown<br>
> > > > > }<br>
><br>
> > > > > 2. I issue "sudo ipsec start" and status commands and get the following:<br>
><br>
> > > > > Starting strongSwan 5.1.2 IPsec [starter]...<br>
> > > > > !! Your strongswan.conf contains manual plugin load options for charon.<br>
> > > > > !! This is recommended for experts only, see<br>
> > > > > !! <a href="http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad" target="_blank">http://wiki.strongswan.org/projects/strongswan/wiki/PluginLoad</a><br>
> > > > > brianswan3@brianswan3-VirtualBox:/etc$ sudo ipsec status<br>
> > > > > Security Associations (0 up, 0 connecting):<br>
> > > > > none<br>
><br>
> > > > > 3. The fact that it shows no security associations implies to me that it didn't work. Is this true and is there something obvious that I'm doing wrong?<br>
><br>
> > > > > Thanks,<br>
> > > > > Brian<br>
><br>
><br>
><br>
><br>
> > > > > _______________________________________________<br>
> > > > > Users mailing list<br>
</div></div>> > > > > <a href="mailto:Users@lists.strongswan.org" target="_blank">Users@lists.strongswan.org</a> <mailto:<a href="mailto:Users@lists.strongswan.org" target="_blank">Users@lists.strongswan.org</a>> <mailto:<a href="mailto:Users@lists.strongswan.org" target="_blank">Users@lists.strongswan.org</a> <mailto:<a href="mailto:Users@lists.strongswan.org" target="_blank">Users@lists.strongswan.org</a>>> <mailto:<a href="mailto:Users@lists.strongswan.org" target="_blank">Users@lists.strongswan.org</a> <mailto:<a href="mailto:Users@lists.strongswan.org" target="_blank">Users@lists.strongswan.org</a>> <mailto:<a href="mailto:Users@lists.strongswan.org" target="_blank">Users@lists.strongswan.org</a> <mailto:<a href="mailto:Users@lists.strongswan.org" target="_blank">Users@lists.strongswan.org</a>>>> <mailto:<a href="mailto:Users@lists.strongswan.org" target="_blank">Users@lists.strongswan.org</a> <mailto:<a href="mailto:Users@lists.strongswan.org" target="_blank">Users@lists.strongswan.org</a>> <mailto:<a href="mailto:Users@lists.strongswan.org" target="_blank">Users@lists.strongswan.org</a> <mailto:<a href="mailto:Users@lists.strongswan.org" target="_blank">Users@lists.strongswan.org</a>>> <mailto:<a href="mailto:Users@lists.strongswan.org" target="_blank">Users@lists.strongswan.org</a> <mailto:<a href="mailto:Users@lists.strongswan.org" target="_blank">Users@lists.strongswan.org</a>> <mailto:<a href="mailto:Users@lists.strongswan.org" target="_blank">Users@lists.strongswan.org</a> <mailto:<a href="mailto:Users@lists.strongswan.org" target="_blank">Users@lists.strongswan.org</a>>>>><br>
<div>> > > > > <a href="https://lists.strongswan.org/mailman/listinfo/users" target="_blank">https://lists.strongswan.org/mailman/listinfo/users</a><br>
><br>
><br>
> > > > _______________________________________________<br>
> > > > Users mailing list<br>
</div>> > > > <a href="mailto:Users@lists.strongswan.org" target="_blank">Users@lists.strongswan.org</a> <mailto:<a href="mailto:Users@lists.strongswan.org" target="_blank">Users@lists.strongswan.org</a>> <mailto:<a href="mailto:Users@lists.strongswan.org" target="_blank">Users@lists.strongswan.org</a> <mailto:<a href="mailto:Users@lists.strongswan.org" target="_blank">Users@lists.strongswan.org</a>>> <mailto:<a href="mailto:Users@lists.strongswan.org" target="_blank">Users@lists.strongswan.org</a> <mailto:<a href="mailto:Users@lists.strongswan.org" target="_blank">Users@lists.strongswan.org</a>> <mailto:<a href="mailto:Users@lists.strongswan.org" target="_blank">Users@lists.strongswan.org</a> <mailto:<a href="mailto:Users@lists.strongswan.org" target="_blank">Users@lists.strongswan.org</a>>>> <mailto:<a href="mailto:Users@lists.strongswan.org" target="_blank">Users@lists.strongswan.org</a> <mailto:<a href="mailto:Users@lists.strongswan.org" target="_blank">Users@lists.strongswan.org</a>> <mailto:<a href="mailto:Users@lists.strongswan.org" target="_blank">Users@lists.strongswan.org</a> <mailto:<a href="mailto:Users@lists.strongswan.org" target="_blank">Users@lists.strongswan.org</a>>> <mailto:<a href="mailto:Users@lists.strongswan.org" target="_blank">Users@lists.strongswan.org</a> <mailto:<a href="mailto:Users@lists.strongswan.org" target="_blank">Users@lists.strongswan.org</a>> <mailto:<a href="mailto:Users@lists.strongswan.org" target="_blank">Users@lists.strongswan.org</a> <mailto:<a href="mailto:Users@lists.strongswan.org" target="_blank">Users@lists.strongswan.org</a>>>>><br>
<div>> > > > <a href="https://lists.strongswan.org/mailman/listinfo/users" target="_blank">https://lists.strongswan.org/mailman/listinfo/users</a><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
><br>
<br>
-----BEGIN PGP SIGNATURE-----<br>
Version: GnuPG v2.0.22 (GNU/Linux)<br>
Comment: Using GnuPG with Thunderbird - <a href="http://www.enigmail.net/" target="_blank">http://www.enigmail.net/</a><br>
<br>
</div>iQIcBAEBCAAGBQJTaWUYAAoJEDg5KY9j7GZYFB0P/2DX+EXkCKbnQKNLiqQn9pL7<br>
rWHTeIrqskl4GDo1OlJWz+Zlsk/rSC7eyOVdT8APQppf2XFgprRaTORku1CNE/tn<br>
b6skkfhv7HuXbsUN8kFKEaldzt6LtEOSSw6a+OqTXVDlhTLCcT7ypvitdrwvp/x6<br>
OcFWwakFWz1id7cLaJ2BV3W+3wa1KhtSMZevnpiAEVF/k1Ln7sxiBEPqegYN7vfZ<br>
/NSX0zIoPjVClOLL3SM17hvd8Ino04EqnbY4h0gf3de7LnN0jgyZcOv/oXNWvvKk<br>
4T5Ccsbh23DRwrKqR7+JHzqZjUH8oj3iPcglVcFfbYtm5pPIi5HoX7DPi/RrdU5e<br>
TIJEtA4nyNkLw3yoV3E0l40oiT+pwdMLqaiI2ymtIlkBGKSu5FhG8bqlB/9AJFq5<br>
BC0nRabUrqMZgpe8q2NOV4Xr+/r0x1ao7UKYozxESgiYMjn0a7cTImVf4z7RFZsB<br>
pq3RgNN9cwrJIXH6LNbYpByp4DjNKaR+qogfcqzllsw63mMRoVfmCErxa0yKzI9q<br>
fLT4Sdc6hOHWr0X3Q4kb4ZBvtPz4P8dHQjFCd7mhXHJJWZfcgi1X3gEUKy/TPVHm<br>
p+/0RCfaxZWm9bDHV8XGL4aBINxLDBGIeMGyAzItb73CE+PdeGPFo6zZG7BV5ucT<br>
wXneE117DU71KQVSjQWk<br>
=q7K3<br>
-----END PGP SIGNATURE-----<br>
<br>
<br>
</blockquote></div><br></div>
</div></div></div><br></div></div></div>