<div dir="ltr"><div>Hi to all,</div><div><br></div><div>I am trying to configure a VPN, site to site, with IKEV1 and a preshared key on IPv4.</div><div><br></div><div>I followed the configuration at</div><div><a href="https://www.strongswan.org/testing/testresults/ikev1/net2net-psk/">https://www.strongswan.org/testing/testresults/ikev1/net2net-psk/</a></div><div>(closest configuration I could find, though the examples seem to have been designed for local networks)</div><div><br></div><div>However the computer does not manage to connect</div><div><br></div><div>thyfate@DataLearning-001:~$ sudo ipsec start</div><div>Starting strongSwan 5.1.2 IPsec [starter]...</div><div>charon is already running (/var/run/charon.pid exists) -- skipping daemon start</div><div>starter is already running (/var/run/starter.charon.pid exists) -- no fork done</div><div>thyfate@DataLearning-001:~$ sudo ipsec up ciscoios</div><div>initiating Main Mode IKE_SA ciscoios[3554] to 83.XXX.XXX.XXX</div><div>generating ID_PROT request 0 [ SA V V V V ]</div><div>sending packet: from 93.XXX.XXX.XXX[500] to 83.XXX.XXX.XXX[500] (196 bytes)</div><div>sending retransmit 1 of request message ID 0, seq 1</div><div>sending packet: from 93.XXX.XXX.XXX[500] to 83.XXX.XXX.XXX[500] (196 bytes)</div><div>sending retransmit 2 of request message ID 0, seq 1</div><div>sending packet: from 93.XXX.XXX.XXX[500] to 83.XXX.XXX.XXX[500] (196 bytes)</div><div>sending retransmit 3 of request message ID 0, seq 1</div><div>sending packet: from 93.XXX.XXX.XXX[500] to 83.XXX.XXX.XXX[500] (196 bytes)</div><div>sending retransmit 4 of request message ID 0, seq 1</div><div>sending packet: from 93.XXX.XXX.XXX[500] to 83.XXX.XXX.XXX[500] (196 bytes)</div><div>sending retransmit 5 of request message ID 0, seq 1</div><div>sending packet: from 93.XXX.XXX.XXX[500] to 83.XXX.XXX.XXX[500] (196 bytes)</div><div>giving up after 5 retransmits</div><div>establishing IKE_SA failed, peer not responding</div><div>establishing connection 'ciscoios' failed</div><div><br></div><div>Any help would be greatly appreciated !</div><div><br></div><div>Thanks in advance,</div><div><br></div><div><br></div><div><br></div><div>Below some details on the setup:</div><div><br></div><div>I am using Ubuntu 14.04. My computer is behind an ISP-provided router box where ports 500 and 4500 have been NAT - forwarded, both on TCP and UDP. My computer external address is 93.XXX.XXX.XXX and the local network the computer is on has ranges 192.168.1.XXX, the specific machine having ip 192.168.1.104. On the other side, a Cisco ASA 5520 is used to create the VPN on an external ip address of 83.XXX.XXX.XXX.</div><div><br></div><div>Strongswan was installed with the following command line</div><div><br></div><div>sudo apt-get install strongswan strongswan-plugin-af-alg strongswan-plugin-agent strongswan-plugin-certexpire strongswan-plugin-coupling strongswan-plugin-curl strongswan-plugin-dhcp strongswan-plugin-duplicheck strongswan-plugin-eap-aka strongswan-plugin-eap-aka-3gpp2 strongswan-plugin-eap-dynamic strongswan-plugin-eap-gtc strongswan-plugin-eap-mschapv2 strongswan-plugin-eap-peap strongswan-plugin-eap-radius strongswan-plugin-eap-tls strongswan-plugin-eap-ttls strongswan-plugin-error-notify strongswan-plugin-farp strongswan-plugin-fips-prf strongswan-plugin-gcrypt strongswan-plugin-gmp strongswan-plugin-ipseckey strongswan-plugin-kernel-libipsec strongswan-plugin-ldap strongswan-plugin-led strongswan-plugin-load-tester strongswan-plugin-lookip strongswan-plugin-ntru strongswan-plugin-pgp strongswan-plugin-pkcs11 strongswan-plugin-pubkey strongswan-plugin-radattr strongswan-plugin-sshkey strongswan-plugin-systime-fix strongswan-plugin-whitelist strongswan-plugin-xauth-eap strongswan-plugin-xauth-generic strongswan-plugin-xauth-noauth strongswan-plugin-xauth-pam</div><div><br></div><div>The following configuration files are used:</div><div><br></div><div>============================================================</div><div>/etc/strongswan.conf</div><div>============================================================</div><div># strongswan.conf - strongSwan configuration file</div><div>#</div><div># Refer to the strongswan.conf(5) manpage for details</div><div>#</div><div># Configuration changes should be made in the included files</div><div><br></div><div>charon {</div><div><span style="white-space:pre">      </span>load_modular = yes</div><div><span style="white-space:pre">    </span>plugins {</div><div><span style="white-space:pre">             </span>include strongswan.d/charon/*.conf</div><div><span style="white-space:pre">    </span>}</div><div>}</div><div><br></div><div>include strongswan.d/*.conf</div><div><br></div><div><br></div><div><br></div><div>============================================================</div><div>/etc/ipsec.conf</div><div>============================================================</div><div># ipsec.conf - strongSwan IPsec configuration file</div><div><br></div><div># basic configuration</div><div><br></div><div>config setup</div><div><span style="white-space:pre"> </span># strictcrlpolicy=yes</div><div><span style="white-space:pre"> </span># uniqueids = no</div><div><br></div><div># Add connections here.</div><div><br></div><div># Sample VPN connections</div><div><br></div><div>#conn sample-self-signed</div><div>#      leftsubnet=<a href="http://10.1.0.0/16">10.1.0.0/16</a></div><div>#      leftcert=selfCert.der</div><div>#      leftsendcert=never</div><div>#      right=192.168.0.2</div><div>#      rightsubnet=<a href="http://10.2.0.0/16">10.2.0.0/16</a></div><div>#      rightcert=peerCert.der</div><div>#      auto=start</div><div><br></div><div>#conn sample-with-ca-cert</div><div>#      leftsubnet=<a href="http://10.1.0.0/16">10.1.0.0/16</a></div><div>#      leftcert=myCert.pem</div><div>#      right=192.168.0.2</div><div>#      rightsubnet=<a href="http://10.2.0.0/16">10.2.0.0/16</a></div><div>#      rightid="C=CH, O=Linux strongSwan CN=peer name"</div><div>#      auto=start</div><div><br></div><div>conn %default</div><div>        ikelifetime=1440m</div><div>        keylife=60m</div><div>        rekeymargin=3m</div><div>        keyingtries=1</div><div>        keyexchange=ikev1</div><div>        authby=secret</div><div><br></div><div>conn ciscoios</div><div>        left=93.XXX.XXX.XXX                  #strongswan outside address</div><div>        leftsubnet=<a href="http://172.31.17.0/28">172.31.17.0/28</a>         #network behind strongswan</div><div>        leftid=93.XXX.XXX.XXX                #IKEID sent by strongswan</div><div>        leftfirewall=no</div><div>        right=83.XXX.XXX.XXX                 #IOS outside address</div><div>        rightsubnet=<a href="http://172.21.148.0/28">172.21.148.0/28</a>        #network behind IOS</div><div>        rightid=83.XXX.XXX.XXX               #IKEID sent by IOS</div><div>        auto=add</div><div>        ike=aes256-sha-modp1024           #P1: modp1024 = DH group 2</div><div>        esp=aes256-sha1                   #P2</div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div>============================================================</div><div>/etc/ipsec.secrets</div><div>============================================================</div><div># This file holds shared secrets or RSA private keys for authentication.</div><div><br></div><div># RSA private key for this host, authenticating it to any other host</div><div># which knows the public part.  Suitable public keys, for ipsec.conf, DNS,</div><div># or configuration of other implementations, can be extracted conveniently</div><div># with "ipsec showhostkey".</div><div><br></div><div>83.XXX.XXX.XXX : PSK "XXXXXX"</div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div>============================================================</div><div>Various command line results</div><div>============================================================</div><div>thyfate@DataLearning-001:~$ sudo ipsec --version</div><div>Linux strongSwan U5.1.2/K3.16.0-77-generic</div><div>Institute for Internet Technologies and Applications</div><div>University of Applied Sciences Rapperswil, Switzerland</div><div>See 'ipsec --copyright' for copyright information.</div><div><br></div><div><br></div><div><br></div><div><br></div><div>thyfate@DataLearning-001:~$ sudo ipsec statusall</div><div>[sudo] password for thyfate: </div><div>Status of IKE charon daemon (strongSwan 5.1.2, Linux 3.16.0-77-generic, x86_64):</div><div>  uptime: 42 days, since Jul 24 07:41:43 2017</div><div>  malloc: sbrk 2904064, mmap 266240, used 581776, free 2322288</div><div>  worker threads: 10 of 16 idle, 6/0/0/0 working, job queue: 0/0/0/0, scheduled: 1</div><div>  loaded plugins: charon test-vectors curl unbound ldap pkcs11 aes rc2 sha1 sha2 md4 md5 rdrand random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp sshkey ipseckey pem openssl gcrypt af-alg fips-prf gmp xcbc cmac hmac ctr ccm gcm ntru attr kernel-netlink resolve socket-default farp stroke updown eap-identity eap-aka eap-aka-3gpp2 eap-gtc eap-mschapv2 eap-dynamic eap-radius eap-tls eap-ttls eap-peap xauth-generic xauth-eap xauth-noauth dhcp whitelist lookip error-notify certexpire led duplicheck radattr addrblock</div><div>Listening IP addresses:</div><div>  192.168.1.104</div><div>Connections:</div><div>    ciscoios:  93.XXX.XXX.XXX...83.XXX.XXX.XXX  IKEv1</div><div>    ciscoios:   local:  [93.XXX.XXX.XXX] uses pre-shared key authentication</div><div>    ciscoios:   remote: [83.XXX.XXX.XXX] uses pre-shared key authentication</div><div>    ciscoios:   child:  <a href="http://0.0.0.0/0">0.0.0.0/0</a> === <a href="http://172.21.148.0/28">172.21.148.0/28</a> TUNNEL</div><div>Security Associations (1 up, 0 connecting):</div><div>    ciscoios[3554]: CONNECTING, 93.XXX.XXX.XXX[%any]...83.XXX.XXX.XXX[%any]</div><div>    ciscoios[3554]: IKEv1 SPIs: 1b151f2a679038df_i* 0000000000000000_r</div><div>    ciscoios[3554]: Tasks queued: QUICK_MODE </div><div>    ciscoios[3554]: Tasks active: ISAKMP_VENDOR ISAKMP_CERT_PRE MAIN_MODE ISAKMP_CERT_POST ISAKMP_NATD </div><div><br></div><div><br></div><div><br></div><div><br></div><div>thyfate@DataLearning-001:~$ sudo ipsec listall</div><div>[sudo] password for thyfate: </div><div><br></div><div>List of registered IKE algorithms:</div><div><br></div><div>  encryption: DES_CBC[openssl] 3DES_CBC[openssl] CAST_CBC[openssl] BLOWFISH_CBC[openssl] NULL[openssl] AES_CBC[aes]</div><div>              AES_CTR[gcrypt] CAMELLIA_CBC[openssl] CAMELLIA_CTR[gcrypt] DES_ECB[openssl] SERPENT_CBC[gcrypt]</div><div>              TWOFISH_CBC[gcrypt] RC2_CBC[rc2]</div><div>  integrity:  HMAC_MD5_96[openssl] HMAC_SHA1_96[openssl] AES_XCBC_96[af-alg] HMAC_MD5_128[openssl]</div><div>              HMAC_SHA1_160[openssl] AES_CMAC_96[cmac] HMAC_SHA2_256_128[openssl] HMAC_SHA2_384_192[openssl]</div><div>              HMAC_SHA2_512_256[openssl] HMAC_SHA1_128[openssl] HMAC_SHA2_256_96[af-alg] HMAC_SHA2_256_256[openssl]</div><div>              HMAC_SHA2_384_384[openssl] HMAC_SHA2_512_512[openssl] CAMELLIA_XCBC_96[af-alg]</div><div>  aead:       AES_CCM_8[ccm] AES_CCM_12[ccm] AES_CCM_16[ccm] AES_GCM_8[openssl] AES_GCM_12[openssl] AES_GCM_16[openssl]</div><div>              CAMELLIA_CCM_8[ccm] CAMELLIA_CCM_12[ccm] CAMELLIA_CCM_16[ccm]</div><div>  hasher:     HASH_MD4[md4] HASH_MD5[md5] HASH_SHA1[sha1] HASH_SHA224[sha2] HASH_SHA256[sha2] HASH_SHA384[sha2]</div><div>              HASH_SHA512[sha2]</div><div>  prf:        PRF_HMAC_MD5[openssl] PRF_HMAC_SHA1[openssl] PRF_AES128_XCBC[af-alg] PRF_HMAC_SHA2_256[openssl]</div><div>              PRF_HMAC_SHA2_384[openssl] PRF_HMAC_SHA2_512[openssl] PRF_AES128_CMAC[cmac] PRF_FIPS_SHA1_160[fips-prf]</div><div>              PRF_KEYED_SHA1[sha1] PRF_CAMELLIA128_XCBC[af-alg]</div><div>  dh-group:   MODP_768[openssl] MODP_1024[openssl] MODP_1536[openssl] MODP_2048[openssl] MODP_3072[openssl]</div><div>              MODP_4096[openssl] MODP_6144[openssl] MODP_8192[openssl] ECP_256[openssl] ECP_384[openssl]</div><div>              ECP_521[openssl] MODP_1024_160[openssl] MODP_2048_224[openssl] MODP_2048_256[openssl] ECP_192[openssl]</div><div>              ECP_224[openssl] ECP_224_BP[openssl] ECP_256_BP[openssl] ECP_384_BP[openssl] ECP_512_BP[openssl]</div><div>              NTRU_112[ntru] NTRU_128[ntru] NTRU_192[ntru] NTRU_256[ntru] MODP_CUSTOM[openssl]</div><div>  random-gen: RNG_WEAK[rdrand] RNG_STRONG[rdrand] RNG_TRUE[rdrand]</div><div>  nonce-gen:  [nonce]</div><div><br></div><div>List of loaded Plugins:</div><div><br></div><div>charon:</div><div>    CUSTOM:libcharon</div><div>        NONCE_GEN</div><div>        CUSTOM:libcharon-receiver</div><div>        CUSTOM:kernel-ipsec</div><div>        CUSTOM:kernel-net</div><div>    CUSTOM:libcharon-receiver</div><div>        HASHER:HASH_SHA1</div><div>        RNG:RNG_STRONG</div><div>        CUSTOM:socket</div><div>test-vectors:</div><div>    CUSTOM:test-vectors</div><div>curl:</div><div>    FETCHER:file://</div><div>    FETCHER:http://</div><div>    FETCHER:https://</div><div>    FETCHER:ftp://</div><div>unbound:</div><div>    RESOLVER</div><div>ldap:</div><div>    FETCHER:ldap://</div><div>    FETCHER:ldaps://</div><div>pkcs11:</div><div>    CUSTOM:pkcs11-certs</div><div>        CERT_DECODE:X509</div><div>    PRIVKEY:ANY</div><div>aes:</div><div>    CRYPTER:AES_CBC-16</div><div>    CRYPTER:AES_CBC-24</div><div>    CRYPTER:AES_CBC-32</div><div>rc2:</div><div>    CRYPTER:RC2_CBC-0</div><div>sha1:</div><div>    HASHER:HASH_SHA1</div><div>    PRF:PRF_KEYED_SHA1</div><div>sha2:</div><div>    HASHER:HASH_SHA224</div><div>    HASHER:HASH_SHA256</div><div>    HASHER:HASH_SHA384</div><div>    HASHER:HASH_SHA512</div><div>md4:</div><div>    HASHER:HASH_MD4</div><div>md5:</div><div>    HASHER:HASH_MD5</div><div>rdrand:</div><div>    RNG:RNG_WEAK</div><div>    RNG:RNG_STRONG</div><div>    RNG:RNG_TRUE</div><div>        CRYPTER:AES_CBC-16</div><div>random:</div><div>    RNG:RNG_STRONG</div><div>    RNG:RNG_TRUE</div><div>nonce:</div><div>    NONCE_GEN</div><div>        RNG:RNG_WEAK</div><div>x509:</div><div>    CERT_ENCODE:X509</div><div>        HASHER:HASH_SHA1</div><div>    CERT_DECODE:X509</div><div>        HASHER:HASH_SHA1</div><div>        PUBKEY:RSA (soft)</div><div>        PUBKEY:ECDSA (soft)</div><div>        PUBKEY:DSA (soft)</div><div>    CERT_ENCODE:X509_AC</div><div>    CERT_DECODE:X509_AC</div><div>    CERT_ENCODE:X509_CRL</div><div>    CERT_DECODE:X509_CRL</div><div>    CERT_ENCODE:X509_OCSP_REQUEST</div><div>        HASHER:HASH_SHA1</div><div>        RNG:RNG_WEAK</div><div>    CERT_DECODE:X509_OCSP_RESPONSE</div><div>    CERT_ENCODE:PKCS10_REQUEST</div><div>    CERT_DECODE:PKCS10_REQUEST</div><div>revocation:</div><div>    CUSTOM:revocation</div><div>        CERT_ENCODE:X509_OCSP_REQUEST (soft)</div><div>        CERT_DECODE:X509_OCSP_RESPONSE (soft)</div><div>        CERT_DECODE:X509_CRL (soft)</div><div>        CERT_DECODE:X509 (soft)</div><div>        FETCHER:(null) (soft)</div><div>constraints:</div><div>    CUSTOM:constraints</div><div>        CERT_DECODE:X509 (soft)</div><div>pubkey:</div><div>    CERT_ENCODE:TRUSTED_PUBKEY</div><div>    CERT_DECODE:TRUSTED_PUBKEY</div><div>        PUBKEY:RSA (soft)</div><div>        PUBKEY:ECDSA (soft)</div><div>        PUBKEY:DSA (soft)</div><div>pkcs1:</div><div>    PRIVKEY:RSA</div><div>    PUBKEY:ANY</div><div>    PUBKEY:RSA</div><div>pkcs7:</div><div>    CONTAINER_DECODE:PKCS7</div><div>    CONTAINER_ENCODE:PKCS7_DATA</div><div>    CONTAINER_ENCODE:PKCS7_SIGNED_DATA</div><div>    CONTAINER_ENCODE:PKCS7_ENVELOPED_DATA</div><div>pkcs8:</div><div>    PRIVKEY:ANY</div><div>    PRIVKEY:RSA</div><div>    PRIVKEY:ECDSA</div><div>pkcs12:</div><div>    CONTAINER_DECODE:PKCS12</div><div>        CONTAINER_DECODE:PKCS7</div><div>        CERT_DECODE:X509 (soft)</div><div>        PRIVKEY:ANY (soft)</div><div>        HASHER:HASH_SHA1 (soft)</div><div>        CRYPTER:3DES_CBC-24 (soft)</div><div>        CRYPTER:RC2_CBC-0 (soft)</div><div>pgp:</div><div>    PRIVKEY:ANY</div><div>    PRIVKEY:RSA</div><div>    PUBKEY:ANY</div><div>    PUBKEY:RSA</div><div>    CERT_DECODE:PGP</div><div>sshkey:</div><div>    PUBKEY:ANY</div><div>ipseckey:</div><div>    CUSTOM:ipseckey</div><div>        RESOLVER</div><div>        PUBKEY:RSA</div><div>        CERT_ENCODE:TRUSTED_PUBKEY</div><div>pem:</div><div>    PRIVKEY:ANY</div><div>        PRIVKEY:ANY</div><div>        HASHER:HASH_MD5 (soft)</div><div>    PRIVKEY:RSA</div><div>        PRIVKEY:RSA</div><div>        HASHER:HASH_MD5 (soft)</div><div>    PRIVKEY:ECDSA</div><div>        PRIVKEY:ECDSA</div><div>        HASHER:HASH_MD5 (soft)</div><div>    PRIVKEY:DSA (not loaded)</div><div>        PRIVKEY:DSA</div><div>        HASHER:HASH_MD5 (soft)</div><div>    PUBKEY:ANY</div><div>        PUBKEY:ANY</div><div>    PUBKEY:RSA</div><div>        PUBKEY:RSA</div><div>    PUBKEY:ECDSA</div><div>        PUBKEY:ECDSA</div><div>    PUBKEY:DSA (not loaded)</div><div>        PUBKEY:DSA</div><div>    CERT_DECODE:ANY</div><div>        CERT_DECODE:X509 (soft)</div><div>        CERT_DECODE:PGP (soft)</div><div>    CERT_DECODE:X509</div><div>        CERT_DECODE:X509</div><div>    CERT_DECODE:X509_CRL</div><div>        CERT_DECODE:X509_CRL</div><div>    CERT_DECODE:X509_OCSP_REQUEST (not loaded)</div><div>        CERT_DECODE:X509_OCSP_REQUEST</div><div>    CERT_DECODE:X509_OCSP_RESPONSE</div><div>        CERT_DECODE:X509_OCSP_RESPONSE</div><div>    CERT_DECODE:X509_AC</div><div>        CERT_DECODE:X509_AC</div><div>    CERT_DECODE:PKCS10_REQUEST</div><div>        CERT_DECODE:PKCS10_REQUEST</div><div>    CERT_DECODE:TRUSTED_PUBKEY</div><div>        CERT_DECODE:TRUSTED_PUBKEY</div><div>    CERT_DECODE:PGP</div><div>        CERT_DECODE:PGP</div><div>    CONTAINER_DECODE:PKCS12</div><div>        CONTAINER_DECODE:PKCS12</div><div>openssl:</div><div>    CRYPTER:AES_CBC-16</div><div>    CRYPTER:AES_CBC-24</div><div>    CRYPTER:AES_CBC-32</div><div>    CRYPTER:CAMELLIA_CBC-16</div><div>    CRYPTER:CAMELLIA_CBC-24</div><div>    CRYPTER:CAMELLIA_CBC-32</div><div>    CRYPTER:CAST_CBC-0</div><div>    CRYPTER:BLOWFISH_CBC-0</div><div>    CRYPTER:3DES_CBC-24</div><div>    CRYPTER:DES_CBC-8</div><div>    CRYPTER:DES_ECB-8</div><div>    CRYPTER:NULL-0</div><div>    HASHER:HASH_MD4</div><div>    HASHER:HASH_MD5</div><div>    HASHER:HASH_SHA1</div><div>    HASHER:HASH_SHA224</div><div>    HASHER:HASH_SHA256</div><div>    HASHER:HASH_SHA384</div><div>    HASHER:HASH_SHA512</div><div>    PRF:PRF_KEYED_SHA1</div><div>    PRF:PRF_HMAC_MD5</div><div>    PRF:PRF_HMAC_SHA1</div><div>    PRF:PRF_HMAC_SHA2_256</div><div>    PRF:PRF_HMAC_SHA2_384</div><div>    PRF:PRF_HMAC_SHA2_512</div><div>    SIGNER:HMAC_MD5_96</div><div>    SIGNER:HMAC_MD5_128</div><div>    SIGNER:HMAC_SHA1_96</div><div>    SIGNER:HMAC_SHA1_128</div><div>    SIGNER:HMAC_SHA1_160</div><div>    SIGNER:HMAC_SHA2_256_128</div><div>    SIGNER:HMAC_SHA2_256_256</div><div>    SIGNER:HMAC_SHA2_384_192</div><div>    SIGNER:HMAC_SHA2_384_384</div><div>    SIGNER:HMAC_SHA2_512_256</div><div>    SIGNER:HMAC_SHA2_512_512</div><div>    AEAD:AES_GCM_8-16</div><div>    AEAD:AES_GCM_8-24</div><div>    AEAD:AES_GCM_8-32</div><div>    AEAD:AES_GCM_12-16</div><div>    AEAD:AES_GCM_12-24</div><div>    AEAD:AES_GCM_12-32</div><div>    AEAD:AES_GCM_16-16</div><div>    AEAD:AES_GCM_16-24</div><div>    AEAD:AES_GCM_16-32</div><div>    DH:MODP_2048</div><div>    DH:MODP_2048_224</div><div>    DH:MODP_2048_256</div><div>    DH:MODP_1536</div><div>    DH:MODP_3072</div><div>    DH:MODP_4096</div><div>    DH:MODP_6144</div><div>    DH:MODP_8192</div><div>    DH:MODP_1024</div><div>    DH:MODP_1024_160</div><div>    DH:MODP_768</div><div>    DH:MODP_CUSTOM</div><div>    PRIVKEY:RSA</div><div>    PRIVKEY:ANY</div><div>    PRIVKEY_GEN:RSA</div><div>    PUBKEY:RSA</div><div>    PUBKEY:ANY</div><div>    PRIVKEY_SIGN:RSA_EMSA_PKCS1_NULL</div><div>    PUBKEY_VERIFY:RSA_EMSA_PKCS1_NULL</div><div>    PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA1</div><div>    PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA1</div><div>    PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA224</div><div>    PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA256</div><div>    PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA224</div><div>    PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA256</div><div>    PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA384</div><div>    PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA512</div><div>    PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA384</div><div>    PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA512</div><div>    PRIVKEY_SIGN:RSA_EMSA_PKCS1_MD5</div><div>    PUBKEY_VERIFY:RSA_EMSA_PKCS1_MD5</div><div>    PRIVKEY_DECRYPT:ENCRYPT_RSA_PKCS1</div><div>    PUBKEY_ENCRYPT:ENCRYPT_RSA_PKCS1</div><div>    CERT_DECODE:X509</div><div>        PUBKEY:RSA (soft)</div><div>        PUBKEY:ECDSA (soft)</div><div>        PUBKEY:DSA (soft)</div><div>    CERT_DECODE:X509_CRL</div><div>    CONTAINER_DECODE:PKCS7</div><div>    CONTAINER_DECODE:PKCS12</div><div>    DH:ECP_256</div><div>    DH:ECP_384</div><div>    DH:ECP_521</div><div>    DH:ECP_224</div><div>    DH:ECP_192</div><div>    DH:ECP_224_BP</div><div>    DH:ECP_256_BP</div><div>    DH:ECP_384_BP</div><div>    DH:ECP_512_BP</div><div>    PRIVKEY:ECDSA</div><div>    PRIVKEY_GEN:ECDSA</div><div>    PUBKEY:ECDSA</div><div>    PRIVKEY_SIGN:ECDSA_WITH_NULL</div><div>    PUBKEY_VERIFY:ECDSA_WITH_NULL</div><div>    PRIVKEY_SIGN:ECDSA_WITH_SHA1_DER</div><div>    PUBKEY_VERIFY:ECDSA_WITH_SHA1_DER</div><div>    PRIVKEY_SIGN:ECDSA_WITH_SHA256_DER</div><div>    PUBKEY_VERIFY:ECDSA_WITH_SHA256_DER</div><div>    PRIVKEY_SIGN:ECDSA-256</div><div>    PUBKEY_VERIFY:ECDSA-256</div><div>    PRIVKEY_SIGN:ECDSA_WITH_SHA384_DER</div><div>    PRIVKEY_SIGN:ECDSA_WITH_SHA512_DER</div><div>    PUBKEY_VERIFY:ECDSA_WITH_SHA384_DER</div><div>    PUBKEY_VERIFY:ECDSA_WITH_SHA512_DER</div><div>    PRIVKEY_SIGN:ECDSA-384</div><div>    PRIVKEY_SIGN:ECDSA-521</div><div>    PUBKEY_VERIFY:ECDSA-384</div><div>    PUBKEY_VERIFY:ECDSA-521</div><div>    RNG:RNG_STRONG</div><div>    RNG:RNG_WEAK</div><div>gcrypt:</div><div>    CRYPTER:AES_CTR-16</div><div>    CRYPTER:AES_CTR-24</div><div>    CRYPTER:AES_CTR-32</div><div>    CRYPTER:AES_CBC-16</div><div>    CRYPTER:AES_CBC-24</div><div>    CRYPTER:AES_CBC-32</div><div>    CRYPTER:BLOWFISH_CBC-16</div><div>    CRYPTER:CAMELLIA_CTR-16</div><div>    CRYPTER:CAMELLIA_CTR-24</div><div>    CRYPTER:CAMELLIA_CTR-32</div><div>    CRYPTER:CAMELLIA_CBC-16</div><div>    CRYPTER:CAMELLIA_CBC-24</div><div>    CRYPTER:CAMELLIA_CBC-32</div><div>    CRYPTER:CAST_CBC-0</div><div>    CRYPTER:3DES_CBC-24</div><div>    CRYPTER:DES_CBC-8</div><div>    CRYPTER:DES_ECB-8</div><div>    CRYPTER:SERPENT_CBC-16</div><div>    CRYPTER:SERPENT_CBC-24</div><div>    CRYPTER:SERPENT_CBC-32</div><div>    CRYPTER:TWOFISH_CBC-16</div><div>    CRYPTER:TWOFISH_CBC-32</div><div>    HASHER:HASH_MD4</div><div>    HASHER:HASH_MD5</div><div>    HASHER:HASH_SHA1</div><div>    HASHER:HASH_SHA224</div><div>    HASHER:HASH_SHA256</div><div>    HASHER:HASH_SHA384</div><div>    HASHER:HASH_SHA512</div><div>    DH:MODP_2048</div><div>    DH:MODP_2048_224</div><div>    DH:MODP_2048_256</div><div>    DH:MODP_1536</div><div>    DH:MODP_3072</div><div>    DH:MODP_4096</div><div>    DH:MODP_6144</div><div>    DH:MODP_8192</div><div>    DH:MODP_1024</div><div>    DH:MODP_1024_160</div><div>    DH:MODP_768</div><div>    DH:MODP_CUSTOM</div><div>    PUBKEY:RSA</div><div>    PRIVKEY:RSA</div><div>    PRIVKEY_GEN:RSA</div><div>    RNG:RNG_WEAK</div><div>    RNG:RNG_STRONG</div><div>    RNG:RNG_TRUE</div><div>af-alg:</div><div>    HASHER:HASH_MD4</div><div>    HASHER:HASH_MD5</div><div>    HASHER:HASH_SHA1</div><div>    HASHER:HASH_SHA224</div><div>    HASHER:HASH_SHA256</div><div>    HASHER:HASH_SHA384</div><div>    HASHER:HASH_SHA512</div><div>    SIGNER:HMAC_SHA1_96</div><div>    SIGNER:HMAC_SHA1_128</div><div>    SIGNER:HMAC_SHA1_160</div><div>    SIGNER:HMAC_SHA2_256_96</div><div>    SIGNER:HMAC_SHA2_256_128</div><div>    SIGNER:HMAC_MD5_96</div><div>    SIGNER:HMAC_MD5_128</div><div>    SIGNER:HMAC_SHA2_256_256</div><div>    SIGNER:HMAC_SHA2_384_192</div><div>    SIGNER:HMAC_SHA2_384_384</div><div>    SIGNER:HMAC_SHA2_512_256</div><div>    SIGNER:HMAC_SHA2_512_512</div><div>    SIGNER:AES_XCBC_96</div><div>    SIGNER:CAMELLIA_XCBC_96</div><div>    PRF:PRF_HMAC_SHA1</div><div>    PRF:PRF_HMAC_SHA2_256</div><div>    PRF:PRF_HMAC_MD5</div><div>    PRF:PRF_HMAC_SHA2_384</div><div>    PRF:PRF_HMAC_SHA2_512</div><div>    PRF:PRF_AES128_XCBC</div><div>    PRF:PRF_CAMELLIA128_XCBC</div><div>    CRYPTER:DES_CBC-8</div><div>    CRYPTER:DES_ECB-8</div><div>    CRYPTER:3DES_CBC-24</div><div>    CRYPTER:AES_CBC-16</div><div>    CRYPTER:AES_CBC-24</div><div>    CRYPTER:AES_CBC-32</div><div>    CRYPTER:AES_CTR-16</div><div>    CRYPTER:AES_CTR-24</div><div>    CRYPTER:AES_CTR-32</div><div>    CRYPTER:CAMELLIA_CBC-16</div><div>    CRYPTER:CAMELLIA_CBC-24</div><div>    CRYPTER:CAMELLIA_CBC-32</div><div>    CRYPTER:CAMELLIA_CTR-16</div><div>    CRYPTER:CAMELLIA_CTR-24</div><div>    CRYPTER:CAMELLIA_CTR-32</div><div>    CRYPTER:CAST_CBC-16</div><div>    CRYPTER:BLOWFISH_CBC-16</div><div>    CRYPTER:BLOWFISH_CBC-24</div><div>    CRYPTER:BLOWFISH_CBC-32</div><div>    CRYPTER:SERPENT_CBC-16</div><div>    CRYPTER:SERPENT_CBC-24</div><div>    CRYPTER:SERPENT_CBC-32</div><div>    CRYPTER:TWOFISH_CBC-16</div><div>    CRYPTER:TWOFISH_CBC-24</div><div>    CRYPTER:TWOFISH_CBC-32</div><div>fips-prf:</div><div>    PRF:PRF_FIPS_SHA1_160</div><div>        PRF:PRF_KEYED_SHA1</div><div>gmp:</div><div>    DH:MODP_2048</div><div>        RNG:RNG_STRONG</div><div>    DH:MODP_2048_224</div><div>        RNG:RNG_STRONG</div><div>    DH:MODP_2048_256</div><div>        RNG:RNG_STRONG</div><div>    DH:MODP_1536</div><div>        RNG:RNG_STRONG</div><div>    DH:MODP_3072</div><div>        RNG:RNG_STRONG</div><div>    DH:MODP_4096</div><div>        RNG:RNG_STRONG</div><div>    DH:MODP_6144</div><div>        RNG:RNG_STRONG</div><div>    DH:MODP_8192</div><div>        RNG:RNG_STRONG</div><div>    DH:MODP_1024</div><div>        RNG:RNG_STRONG</div><div>    DH:MODP_1024_160</div><div>        RNG:RNG_STRONG</div><div>    DH:MODP_768</div><div>        RNG:RNG_STRONG</div><div>    DH:MODP_CUSTOM</div><div>        RNG:RNG_STRONG</div><div>    PRIVKEY:RSA</div><div>    PRIVKEY_GEN:RSA</div><div>        RNG:RNG_TRUE</div><div>    PUBKEY:RSA</div><div>    PRIVKEY_SIGN:RSA_EMSA_PKCS1_NULL</div><div>    PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA1</div><div>        HASHER:HASH_SHA1</div><div>    PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA224</div><div>        HASHER:HASH_SHA224</div><div>    PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA256</div><div>        HASHER:HASH_SHA256</div><div>    PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA384</div><div>        HASHER:HASH_SHA384</div><div>    PRIVKEY_SIGN:RSA_EMSA_PKCS1_SHA512</div><div>        HASHER:HASH_SHA512</div><div>    PRIVKEY_SIGN:RSA_EMSA_PKCS1_MD5</div><div>        HASHER:HASH_MD5</div><div>    PUBKEY_VERIFY:RSA_EMSA_PKCS1_NULL</div><div>    PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA1</div><div>        HASHER:HASH_SHA1</div><div>    PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA224</div><div>        HASHER:HASH_SHA224</div><div>    PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA256</div><div>        HASHER:HASH_SHA256</div><div>    PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA384</div><div>        HASHER:HASH_SHA384</div><div>    PUBKEY_VERIFY:RSA_EMSA_PKCS1_SHA512</div><div>        HASHER:HASH_SHA512</div><div>    PUBKEY_VERIFY:RSA_EMSA_PKCS1_MD5</div><div>        HASHER:HASH_MD5</div><div>    PRIVKEY_DECRYPT:ENCRYPT_RSA_PKCS1</div><div>    PUBKEY_ENCRYPT:ENCRYPT_RSA_PKCS1</div><div>        RNG:RNG_WEAK</div><div>xcbc:</div><div>    PRF:PRF_AES128_XCBC</div><div>        CRYPTER:AES_CBC-16</div><div>    PRF:PRF_CAMELLIA128_XCBC</div><div>        CRYPTER:CAMELLIA_CBC-16</div><div>    SIGNER:CAMELLIA_XCBC_96</div><div>        CRYPTER:CAMELLIA_CBC-16</div><div>    SIGNER:AES_XCBC_96</div><div>        CRYPTER:AES_CBC-16</div><div>cmac:</div><div>    PRF:PRF_AES128_CMAC</div><div>        CRYPTER:AES_CBC-16</div><div>    SIGNER:AES_CMAC_96</div><div>        CRYPTER:AES_CBC-16</div><div>hmac:</div><div>    PRF:PRF_HMAC_SHA1</div><div>        HASHER:HASH_SHA1</div><div>    PRF:PRF_HMAC_MD5</div><div>        HASHER:HASH_MD5</div><div>    PRF:PRF_HMAC_SHA2_256</div><div>        HASHER:HASH_SHA256</div><div>    PRF:PRF_HMAC_SHA2_384</div><div>        HASHER:HASH_SHA384</div><div>    PRF:PRF_HMAC_SHA2_512</div><div>        HASHER:HASH_SHA512</div><div>    SIGNER:HMAC_SHA1_96</div><div>        HASHER:HASH_SHA1</div><div>    SIGNER:HMAC_SHA1_128</div><div>        HASHER:HASH_SHA1</div><div>    SIGNER:HMAC_SHA1_160</div><div>        HASHER:HASH_SHA1</div><div>    SIGNER:HMAC_MD5_96</div><div>        HASHER:HASH_MD5</div><div>    SIGNER:HMAC_MD5_128</div><div>        HASHER:HASH_MD5</div><div>    SIGNER:HMAC_SHA2_256_128</div><div>        HASHER:HASH_SHA256</div><div>    SIGNER:HMAC_SHA2_256_256</div><div>        HASHER:HASH_SHA256</div><div>    SIGNER:HMAC_SHA2_384_192</div><div>        HASHER:HASH_SHA384</div><div>    SIGNER:HMAC_SHA2_384_384</div><div>        HASHER:HASH_SHA384</div><div>    SIGNER:HMAC_SHA2_512_256</div><div>        HASHER:HASH_SHA512</div><div>    SIGNER:HMAC_SHA2_512_512</div><div>        HASHER:HASH_SHA512</div><div>ctr:</div><div>    CRYPTER:AES_CTR-16</div><div>        CRYPTER:AES_CBC-16</div><div>    CRYPTER:AES_CTR-24</div><div>        CRYPTER:AES_CBC-24</div><div>    CRYPTER:AES_CTR-32</div><div>        CRYPTER:AES_CBC-32</div><div>    CRYPTER:CAMELLIA_CTR-16</div><div>        CRYPTER:CAMELLIA_CBC-16</div><div>    CRYPTER:CAMELLIA_CTR-24</div><div>        CRYPTER:CAMELLIA_CBC-24</div><div>    CRYPTER:CAMELLIA_CTR-32</div><div>        CRYPTER:CAMELLIA_CBC-32</div><div>ccm:</div><div>    AEAD:AES_CCM_8-16</div><div>        CRYPTER:AES_CBC-16</div><div>    AEAD:AES_CCM_8-24</div><div>        CRYPTER:AES_CBC-24</div><div>    AEAD:AES_CCM_8-32</div><div>        CRYPTER:AES_CBC-32</div><div>    AEAD:AES_CCM_12-16</div><div>        CRYPTER:AES_CBC-16</div><div>    AEAD:AES_CCM_12-24</div><div>        CRYPTER:AES_CBC-24</div><div>    AEAD:AES_CCM_12-32</div><div>        CRYPTER:AES_CBC-32</div><div>    AEAD:AES_CCM_16-16</div><div>        CRYPTER:AES_CBC-16</div><div>    AEAD:AES_CCM_16-24</div><div>        CRYPTER:AES_CBC-24</div><div>    AEAD:AES_CCM_16-32</div><div>        CRYPTER:AES_CBC-32</div><div>    AEAD:CAMELLIA_CCM_8-16</div><div>        CRYPTER:CAMELLIA_CBC-16</div><div>    AEAD:CAMELLIA_CCM_8-24</div><div>        CRYPTER:CAMELLIA_CBC-24</div><div>    AEAD:CAMELLIA_CCM_8-32</div><div>        CRYPTER:CAMELLIA_CBC-32</div><div>    AEAD:CAMELLIA_CCM_12-16</div><div>        CRYPTER:CAMELLIA_CBC-16</div><div>    AEAD:CAMELLIA_CCM_12-24</div><div>        CRYPTER:CAMELLIA_CBC-24</div><div>    AEAD:CAMELLIA_CCM_12-32</div><div>        CRYPTER:CAMELLIA_CBC-32</div><div>    AEAD:CAMELLIA_CCM_16-16</div><div>        CRYPTER:CAMELLIA_CBC-16</div><div>    AEAD:CAMELLIA_CCM_16-24</div><div>        CRYPTER:CAMELLIA_CBC-24</div><div>    AEAD:CAMELLIA_CCM_16-32</div><div>        CRYPTER:CAMELLIA_CBC-32</div><div>gcm:</div><div>    AEAD:AES_GCM_8-16</div><div>        CRYPTER:AES_CBC-16</div><div>    AEAD:AES_GCM_8-24</div><div>        CRYPTER:AES_CBC-24</div><div>    AEAD:AES_GCM_8-32</div><div>        CRYPTER:AES_CBC-32</div><div>    AEAD:AES_GCM_12-16</div><div>        CRYPTER:AES_CBC-16</div><div>    AEAD:AES_GCM_12-24</div><div>        CRYPTER:AES_CBC-24</div><div>    AEAD:AES_GCM_12-32</div><div>        CRYPTER:AES_CBC-32</div><div>    AEAD:AES_GCM_16-16</div><div>        CRYPTER:AES_CBC-16</div><div>    AEAD:AES_GCM_16-24</div><div>        CRYPTER:AES_CBC-24</div><div>    AEAD:AES_GCM_16-32</div><div>        CRYPTER:AES_CBC-32</div><div>ntru:</div><div>    DH:NTRU_112</div><div>    DH:NTRU_128</div><div>    DH:NTRU_192</div><div>    DH:NTRU_256</div><div>        RNG:RNG_TRUE</div><div>        SIGNER:HMAC_SHA2_256_256</div><div>        HASHER:HASH_SHA256</div><div>        HASHER:HASH_SHA1 (soft)</div><div>attr:</div><div>    CUSTOM:attr</div><div>kernel-netlink:</div><div>    CUSTOM:kernel-ipsec</div><div>    CUSTOM:kernel-net</div><div>resolve:</div><div>    CUSTOM:resolve</div><div>socket-default:</div><div>    CUSTOM:socket</div><div>        CUSTOM:kernel-ipsec (soft)</div><div>farp:</div><div>    CUSTOM:farp</div><div>stroke:</div><div>    CUSTOM:stroke</div><div>        PRIVKEY:RSA (soft)</div><div>        PRIVKEY:ECDSA (soft)</div><div>        PRIVKEY:DSA (soft)</div><div>        CERT_DECODE:ANY (soft)</div><div>        CERT_DECODE:X509 (soft)</div><div>        CERT_DECODE:X509_CRL (soft)</div><div>        CERT_DECODE:X509_AC (soft)</div><div>        CERT_DECODE:TRUSTED_PUBKEY (soft)</div><div>updown:</div><div>    CUSTOM:updown</div><div>eap-identity:</div><div>    EAP_SERVER:ID</div><div>    EAP_CLIENT:ID</div><div>eap-aka:</div><div>    CUSTOM:aka-manager</div><div>    EAP_SERVER:AKA</div><div>        RNG:RNG_WEAK</div><div>        HASHER:HASH_SHA1</div><div>        PRF:PRF_FIPS_SHA1_160</div><div>        SIGNER:HMAC_SHA1_128</div><div>        CRYPTER:AES_CBC-16</div><div>    EAP_CLIENT:AKA</div><div>        RNG:RNG_WEAK</div><div>        HASHER:HASH_SHA1</div><div>        PRF:PRF_FIPS_SHA1_160</div><div>        SIGNER:HMAC_SHA1_128</div><div>        CRYPTER:AES_CBC-16</div><div>eap-aka-3gpp2:</div><div>    CUSTOM:eap-aka-3gpp2-functions</div><div>        PRF:PRF_KEYED_SHA1</div><div>    CUSTOM:aka-card</div><div>        CUSTOM:aka-manager</div><div>        CUSTOM:eap-aka-3gpp2-functions</div><div>    CUSTOM:aka-provider</div><div>        CUSTOM:aka-manager</div><div>        CUSTOM:eap-aka-3gpp2-functions</div><div>eap-gtc:</div><div>    EAP_SERVER:GTC</div><div>    EAP_CLIENT:GTC</div><div>eap-mschapv2:</div><div>    EAP_SERVER:MSCHAPV2</div><div>        CRYPTER:DES_ECB-8</div><div>        HASHER:HASH_MD4</div><div>        HASHER:HASH_SHA1</div><div>        RNG:RNG_WEAK</div><div>    EAP_CLIENT:MSCHAPV2</div><div>        CRYPTER:DES_ECB-8</div><div>        HASHER:HASH_MD4</div><div>        HASHER:HASH_SHA1</div><div>        RNG:RNG_WEAK</div><div>eap-dynamic:</div><div>    EAP_SERVER:DYN</div><div>eap-radius:</div><div>    EAP_SERVER:RAD</div><div>        CUSTOM:eap-radius</div><div>    XAUTH_SERVER:radius</div><div>        CUSTOM:eap-radius</div><div>    CUSTOM:eap-radius</div><div>        HASHER:HASH_MD5</div><div>        SIGNER:HMAC_MD5_128</div><div>        RNG:RNG_WEAK</div><div>eap-tls:</div><div>    EAP_SERVER:TLS</div><div>        HASHER:HASH_MD5</div><div>        HASHER:HASH_SHA1</div><div>        RNG:RNG_WEAK</div><div>    EAP_CLIENT:TLS</div><div>        HASHER:HASH_MD5</div><div>        HASHER:HASH_SHA1</div><div>        RNG:RNG_WEAK</div><div>        RNG:RNG_STRONG</div><div>eap-ttls:</div><div>    EAP_SERVER:TTLS</div><div>        EAP_SERVER:ID</div><div>        HASHER:HASH_MD5</div><div>        HASHER:HASH_SHA1</div><div>        RNG:RNG_WEAK</div><div>    EAP_CLIENT:TTLS</div><div>        EAP_CLIENT:ID</div><div>        HASHER:HASH_MD5</div><div>        HASHER:HASH_SHA1</div><div>        RNG:RNG_WEAK</div><div>        RNG:RNG_STRONG</div><div>eap-peap:</div><div>    EAP_SERVER:PEAP</div><div>        EAP_SERVER:ID</div><div>        HASHER:HASH_MD5</div><div>        HASHER:HASH_SHA1</div><div>        RNG:RNG_WEAK</div><div>    EAP_CLIENT:PEAP</div><div>        EAP_CLIENT:ID</div><div>        HASHER:HASH_MD5</div><div>        HASHER:HASH_SHA1</div><div>        RNG:RNG_WEAK</div><div>        RNG:RNG_STRONG</div><div>xauth-generic:</div><div>    XAUTH_SERVER:generic</div><div>    XAUTH_CLIENT:generic</div><div>xauth-eap:</div><div>    XAUTH_SERVER:eap</div><div>xauth-noauth:</div><div>    XAUTH_SERVER:noauth</div><div>dhcp:</div><div>    CUSTOM:dhcp</div><div>        RNG:RNG_WEAK</div><div>whitelist:</div><div>    CUSTOM:whitelist</div><div>lookip:</div><div>    CUSTOM:lookip</div><div>error-notify:</div><div>    CUSTOM:error-notify</div><div>certexpire:</div><div>    CUSTOM:certexpire</div><div>led:</div><div>    CUSTOM:led</div><div>duplicheck:</div><div>    CUSTOM:duplicheck</div><div>radattr:</div><div>    CUSTOM:radattr</div><div>addrblock:</div><div>    CUSTOM:addrblock</div><div>        CERT_DECODE:X509 (soft)</div><div><br></div><div><br></div><div><br></div><div><br></div><div><br></div><div>thyfate@DataLearning-001:~$ sudo ip -s xfrm policy</div><div>src <a href="http://0.0.0.0/0">0.0.0.0/0</a> dst <a href="http://0.0.0.0/0">0.0.0.0/0</a> uid 0</div><div><span style="white-space:pre">      </span>socket in action allow index 507 priority 0 share any flag  (0x00000000)</div><div><span style="white-space:pre">     </span>lifetime config:</div><div><span style="white-space:pre">      </span>  limit: soft 0(bytes), hard 0(bytes)</div><div><span style="white-space:pre">        </span>  limit: soft 0(packets), hard 0(packets)</div><div><span style="white-space:pre">    </span>  expire add: soft 0(sec), hard 0(sec)</div><div><span style="white-space:pre">       </span>  expire use: soft 0(sec), hard 0(sec)</div><div><span style="white-space:pre">       </span>lifetime current:</div><div><span style="white-space:pre">     </span>  0(bytes), 0(packets)</div><div><span style="white-space:pre">       </span>  add 2017-07-24 07:42:21 use 2017-09-02 10:13:15</div><div>src <a href="http://0.0.0.0/0">0.0.0.0/0</a> dst <a href="http://0.0.0.0/0">0.0.0.0/0</a> uid 0</div><div><span style="white-space:pre">  </span>socket out action allow index 500 priority 0 share any flag  (0x00000000)</div><div><span style="white-space:pre">    </span>lifetime config:</div><div><span style="white-space:pre">      </span>  limit: soft 0(bytes), hard 0(bytes)</div><div><span style="white-space:pre">        </span>  limit: soft 0(packets), hard 0(packets)</div><div><span style="white-space:pre">    </span>  expire add: soft 0(sec), hard 0(sec)</div><div><span style="white-space:pre">       </span>  expire use: soft 0(sec), hard 0(sec)</div><div><span style="white-space:pre">       </span>lifetime current:</div><div><span style="white-space:pre">     </span>  0(bytes), 0(packets)</div><div><span style="white-space:pre">       </span>  add 2017-07-24 07:42:21 use 2017-09-02 10:13:15</div><div>src <a href="http://0.0.0.0/0">0.0.0.0/0</a> dst <a href="http://0.0.0.0/0">0.0.0.0/0</a> uid 0</div><div><span style="white-space:pre">  </span>socket in action allow index 491 priority 0 share any flag  (0x00000000)</div><div><span style="white-space:pre">     </span>lifetime config:</div><div><span style="white-space:pre">      </span>  limit: soft 0(bytes), hard 0(bytes)</div><div><span style="white-space:pre">        </span>  limit: soft 0(packets), hard 0(packets)</div><div><span style="white-space:pre">    </span>  expire add: soft 0(sec), hard 0(sec)</div><div><span style="white-space:pre">       </span>  expire use: soft 0(sec), hard 0(sec)</div><div><span style="white-space:pre">       </span>lifetime current:</div><div><span style="white-space:pre">     </span>  0(bytes), 0(packets)</div><div><span style="white-space:pre">       </span>  add 2017-07-24 07:42:21 use 2017-09-04 08:15:37</div><div>src <a href="http://0.0.0.0/0">0.0.0.0/0</a> dst <a href="http://0.0.0.0/0">0.0.0.0/0</a> uid 0</div><div><span style="white-space:pre">  </span>socket out action allow index 484 priority 0 share any flag  (0x00000000)</div><div><span style="white-space:pre">    </span>lifetime config:</div><div><span style="white-space:pre">      </span>  limit: soft 0(bytes), hard 0(bytes)</div><div><span style="white-space:pre">        </span>  limit: soft 0(packets), hard 0(packets)</div><div><span style="white-space:pre">    </span>  expire add: soft 0(sec), hard 0(sec)</div><div><span style="white-space:pre">       </span>  expire use: soft 0(sec), hard 0(sec)</div><div><span style="white-space:pre">       </span>lifetime current:</div><div><span style="white-space:pre">     </span>  0(bytes), 0(packets)</div><div><span style="white-space:pre">       </span>  add 2017-07-24 07:42:21 use 2017-09-04 02:54:33</div><div>src ::/0 dst ::/0 uid 0</div><div><span style="white-space:pre">      </span>socket in action allow index 475 priority 0 share any flag  (0x00000000)</div><div><span style="white-space:pre">     </span>lifetime config:</div><div><span style="white-space:pre">      </span>  limit: soft 0(bytes), hard 0(bytes)</div><div><span style="white-space:pre">        </span>  limit: soft 0(packets), hard 0(packets)</div><div><span style="white-space:pre">    </span>  expire add: soft 0(sec), hard 0(sec)</div><div><span style="white-space:pre">       </span>  expire use: soft 0(sec), hard 0(sec)</div><div><span style="white-space:pre">       </span>lifetime current:</div><div><span style="white-space:pre">     </span>  0(bytes), 0(packets)</div><div><span style="white-space:pre">       </span>  add 2017-07-24 07:42:21 use -</div><div>src ::/0 dst ::/0 uid 0</div><div><span style="white-space:pre">        </span>socket out action allow index 468 priority 0 share any flag  (0x00000000)</div><div><span style="white-space:pre">    </span>lifetime config:</div><div><span style="white-space:pre">      </span>  limit: soft 0(bytes), hard 0(bytes)</div><div><span style="white-space:pre">        </span>  limit: soft 0(packets), hard 0(packets)</div><div><span style="white-space:pre">    </span>  expire add: soft 0(sec), hard 0(sec)</div><div><span style="white-space:pre">       </span>  expire use: soft 0(sec), hard 0(sec)</div><div><span style="white-space:pre">       </span>lifetime current:</div><div><span style="white-space:pre">     </span>  0(bytes), 0(packets)</div><div><span style="white-space:pre">       </span>  add 2017-07-24 07:42:21 use -</div><div>src ::/0 dst ::/0 uid 0</div><div><span style="white-space:pre">        </span>socket in action allow index 459 priority 0 share any flag  (0x00000000)</div><div><span style="white-space:pre">     </span>lifetime config:</div><div><span style="white-space:pre">      </span>  limit: soft 0(bytes), hard 0(bytes)</div><div><span style="white-space:pre">        </span>  limit: soft 0(packets), hard 0(packets)</div><div><span style="white-space:pre">    </span>  expire add: soft 0(sec), hard 0(sec)</div><div><span style="white-space:pre">       </span>  expire use: soft 0(sec), hard 0(sec)</div><div><span style="white-space:pre">       </span>lifetime current:</div><div><span style="white-space:pre">     </span>  0(bytes), 0(packets)</div><div><span style="white-space:pre">       </span>  add 2017-07-24 07:42:21 use -</div><div>src ::/0 dst ::/0 uid 0</div><div><span style="white-space:pre">        </span>socket out action allow index 452 priority 0 share any flag  (0x00000000)</div><div><span style="white-space:pre">    </span>lifetime config:</div><div><span style="white-space:pre">      </span>  limit: soft 0(bytes), hard 0(bytes)</div><div><span style="white-space:pre">        </span>  limit: soft 0(packets), hard 0(packets)</div><div><span style="white-space:pre">    </span>  expire add: soft 0(sec), hard 0(sec)</div><div><span style="white-space:pre">       </span>  expire use: soft 0(sec), hard 0(sec)</div><div><span style="white-space:pre">       </span>lifetime current:</div><div><span style="white-space:pre">     </span>  0(bytes), 0(packets)</div><div><span style="white-space:pre">       </span>  add 2017-07-24 07:42:21 use -</div><div>thyfate@DataLearning-001:~$ sudo ip -s xfrm state</div><div>thyfate@DataLearning-001:~$ ip route list table 220</div><div>thyfate@DataLearning-001:~$ sudo iptables -L</div><div>Chain INPUT (policy ACCEPT)</div><div>target     prot opt source               destination         </div><div>fail2ban-ssh  tcp  --  anywhere             anywhere             multiport dports ssh</div><div><br></div><div>Chain FORWARD (policy ACCEPT)</div><div>target     prot opt source               destination         </div><div><br></div><div>Chain OUTPUT (policy ACCEPT)</div><div>target     prot opt source               destination         </div><div><br></div><div>Chain fail2ban-ssh (1 references)</div><div>target     prot opt source               destination         </div><div>RETURN     all  --  anywhere             anywhere            </div><div><br></div><div><br></div><div><br></div><div><br></div><div>thyfate@DataLearning-001:~$ sudo iptables-save</div><div># Generated by iptables-save v1.4.21 on Mon Sep  4 08:39:12 2017</div><div>*nat</div><div>:PREROUTING ACCEPT [14381:2557534]</div><div>:INPUT ACCEPT [14224:2540988]</div><div>:OUTPUT ACCEPT [18294:1425542]</div><div>:POSTROUTING ACCEPT [18294:1425542]</div><div>-A POSTROUTING -s <a href="http://172.31.17.0/28">172.31.17.0/28</a> -o eth0 -j MASQUERADE</div><div>COMMIT</div><div># Completed on Mon Sep  4 08:39:12 2017</div><div># Generated by iptables-save v1.4.21 on Mon Sep  4 08:39:12 2017</div><div>*filter</div><div>:INPUT ACCEPT [676542:524740723]</div><div>:FORWARD ACCEPT [0:0]</div><div>:OUTPUT ACCEPT [434134:197554510]</div><div>:fail2ban-ssh - [0:0]</div><div>-A INPUT -p tcp -m multiport --dports 22 -j fail2ban-ssh</div><div>-A fail2ban-ssh -j RETURN</div><div>COMMIT</div><div># Completed on Mon Sep  4 08:39:12 2017</div><div><br></div></div>