<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
</head>
<body dir="ltr">
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgba(0, 0, 0, 0);">
Hi,<br>
<br>
I have setup a VPN between ASA and strongswan using IKE1. The strongswan work as remote VPN using PSK XAuth.
<br>
<br>
The VPN tunnel is up but I can not ping the remote site. Below is the configuration and some output.
<br>
<br>
My observation at the moment is that the Linux kernel has setup everything but the TS traffic just does not leave the Linux box. When I ping remote site, I can see "ip xfrm state" actually shows a flow for my traffic... but the flow is somehow dropped by either
the kernel or strongswan.<br>
<br>
Can you please let me know what else I should do to further troubleshoot the issue?<br>
<br>
<b>Configuration <br>
</b><br>
<div>connections {</div>
<div></div>
<div></div>
<div> home {</div>
<div> aggressive = yes</div>
<div> dpd_delay = 30</div>
<div> dpd_timeout = 90</div>
<div> version = 1</div>
<div> remote_addrs = 126.2.1.4</div>
<div> # uncomment if the responder only supports crappy crypto. But seriously,</div>
<div> # every single one of those algorithms is broken. Better spend some $$$</div>
<div> # on a better solution.</div>
<div> proposals = aes256-sha1-modp1024</div>
<div> vips = 0.0.0.0,::</div>
<div> local-1 {</div>
<div> auth = psk</div>
<div> id = acompanyTest</div>
<div> }</div>
<div> local-2 {</div>
<div> auth = xauth-generic</div>
<div> xauth_id = acompanyTest</div>
<div> }</div>
<div> remote-1 {</div>
<div> auth = psk</div>
<div> # You might have to set this to the correct value, if the responder isn't configure correctly.</div>
<div> #id = 126.2.1.4</div>
<div> }</div>
<div></div>
<div> children {</div>
<div> home {</div>
<div> remote_ts = 10.2.1.0/24</div>
<div> #local_ts=192.168.199.0/24,0.0.0.0</div>
<div> # uncomment if the responder only supports crappy crypto. But seriously,</div>
<div> # every single one of those algorithms is broken. Better spend some $$$</div>
<div> # on a better solution.</div>
<div> # esp_proposals = 3des-md5!</div>
<div> # Use this, if you want PFS with DH group 2.</div>
<div> # esp_proposals = 3des-md5-modp1024!</div>
<div> esp_proposals = aes128-sha1-modp768</div>
<div> }</div>
<div> }</div>
<div> }</div>
<div>}</div>
<div></div>
<div> secrets {</div>
<div> ike-home {</div>
<div> id = 126.2.1.4</div>
<div> secret = "acompany123" </div>
<div> }</div>
<div> eap-home {</div>
<div> id = acompanyTest</div>
<div> secret = "acompany123" </div>
<div> }</div>
<div> }</div>
<div></div>
<br>
# ipsec statusall
<div>Status of IKE charon daemon (strongSwan 5.6.2, Linux 3.0.35-2666-gbdde708-g889281e-dirty, armv7l):</div>
<div> uptime: 18 minutes, since Mar 12 18:15:45 2018</div>
<div> malloc: sbrk 253952, mmap 0, used 158560, free 95392</div>
<div> worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 6</div>
<div> loaded plugins: charon aes des rc2 sha2 sha1 md5 mgf1 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem fips-prf gmp curve25519 xcbc cmac hmac attr kernel-netlink resolve socket-default stroke vici updown
xauth-generic counters</div>
<div>Listening IP addresses:</div>
<div> 192.168.199.100</div>
<div> 192.168.199.254</div>
<div> 192.168.199.141</div>
<div> 192.168.126.1</div>
<div> 10.39.63.211</div>
<div>Connections:</div>
<div> site: %any...126.2.1.4 IKEv1</div>
<div> site: local: [mylocalsite] uses pre-shared key authentication</div>
<div> site: remote: uses pre-shared key authentication</div>
<div> site: child: 192.168.199.0/24 === 10.2.1.0/24 TUNNEL</div>
<div> home: %any...126.2.1.4 IKEv1 Aggressive, dpddelay=30s</div>
<div> home: local: [acompanyTest] uses pre-shared key authentication</div>
<div> home: local: uses XAuth authentication: generic with XAuth identity 'acompanyTest'</div>
<div> home: remote: uses pre-shared key authentication</div>
<div> home: child: dynamic === 10.2.1.0/24 TUNNEL, dpdaction=clear</div>
<div>Routed Connections:</div>
<div> site{1}: ROUTED, TUNNEL, reqid 1</div>
<div> site{1}: 192.168.199.0/24 === 10.2.1.0/24</div>
<div>Security Associations (1 up, 0 connecting):</div>
<div> home[1]: ESTABLISHED 17 minutes ago, 10.39.63.211[acompanyTest]...126.2.1.4[126.2.1.4]</div>
<div> home[1]: IKEv1 SPIs: 504550d01ee905e2_i* 2311e0ae0c6c454f_r, rekeying in 3 hours</div>
<div> home[1]: IKE proposal: AES_CBC_256/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024</div>
<div> home{2}: INSTALLED, TUNNEL, reqid 2, ESP in UDP SPIs: cc621d5e_i 3545bd6a_o</div>
<div> home{2}: AES_CBC_128/HMAC_SHA1_96/MODP_768, 0 bytes_i, 0 bytes_o, rekeying in 40 minutes</div>
<div> home{2}: 10.2.1.211/32 === 10.2.1.0/24</div>
<div>root@wheezy-armel:~ 18:33:49 </div>
<div># ifconfig</div>
<div>eth0 Link encap:Ethernet HWaddr 50:ff:99:30:13:10 </div>
<div> inet addr:192.168.199.100 Bcast:192.168.199.255 Mask:255.255.255.0</div>
<div> inet6 addr: fe80::52ff:99ff:fe30:1310/64 Scope:Link</div>
<div> UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1</div>
<div> RX packets:3585 errors:0 dropped:0 overruns:0 frame:0</div>
<div> TX packets:1318 errors:0 dropped:0 overruns:0 carrier:0</div>
<div> collisions:0 txqueuelen:1000 </div>
<div> RX bytes:422967 (413.0 KiB) TX bytes:177070 (172.9 KiB)</div>
<div></div>
<div>eth1 Link encap:Ethernet HWaddr 50:ff:99:30:13:11 </div>
<div> inet addr:192.168.199.141 Bcast:192.168.199.255 Mask:255.255.255.0</div>
<div> inet6 addr: fe80::52ff:99ff:fe30:1311/64 Scope:Link</div>
<div> UP BROADCAST MULTICAST MTU:1500 Metric:1</div>
<div> RX packets:11288 errors:0 dropped:0 overruns:0 frame:0</div>
<div> TX packets:25 errors:0 dropped:0 overruns:0 carrier:0</div>
<div> collisions:0 txqueuelen:1000 </div>
<div> RX bytes:2799722 (2.6 MiB) TX bytes:3078 (3.0 KiB)</div>
<div> Interrupt:155 Base address:0x8000 </div>
<div></div>
<div>lo Link encap:Local Loopback </div>
<div> inet addr:127.0.0.1 Mask:255.0.0.0</div>
<div> inet6 addr: ::1/128 Scope:Host</div>
<div> UP LOOPBACK RUNNING MTU:16436 Metric:1</div>
<div> RX packets:1334 errors:0 dropped:0 overruns:0 frame:0</div>
<div> TX packets:1334 errors:0 dropped:0 overruns:0 carrier:0</div>
<div> collisions:0 txqueuelen:0 </div>
<div> RX bytes:465386 (454.4 KiB) TX bytes:465386 (454.4 KiB)</div>
<div></div>
<div>usb0 Link encap:Ethernet HWaddr 02:1e:10:1f:00:00 </div>
<div> inet addr:10.39.63.211 Bcast:10.39.63.215 Mask:255.255.255.248</div>
<div> inet6 addr: fe80::1e:10ff:fe1f:0/64 Scope:Link</div>
<div> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1</div>
<div> RX packets:1049 errors:0 dropped:0 overruns:0 frame:0</div>
<div> TX packets:973 errors:0 dropped:0 overruns:0 carrier:0</div>
<div> collisions:0 txqueuelen:1000 </div>
<div> RX bytes:67244 (65.6 KiB) TX bytes:153707 (150.1 KiB)</div>
<div></div>
<div>wlan0 Link encap:Ethernet HWaddr 08:ea:40:72:28:b7 </div>
<div> inet addr:192.168.126.1 Bcast:192.168.126.255 Mask:255.255.255.0</div>
<div> inet6 addr: fe80::aea:40ff:fe72:28b7/64 Scope:Link</div>
<div> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1</div>
<div> RX packets:3229 errors:0 dropped:0 overruns:0 frame:0</div>
<div> TX packets:1 errors:0 dropped:0 overruns:0 carrier:0</div>
<div> collisions:0 txqueuelen:1000 </div>
<div> RX bytes:0 (0.0 B) TX bytes:112 (112.0 B)</div>
<div></div>
<div><br>
</div>
<div># route -n</div>
<div>Kernel IP routing table</div>
<div>Destination Gateway Genmask Flags Metric Ref Use Iface</div>
<div>0.0.0.0 10.39.63.209 0.0.0.0 UG 0 0 0 usb0</div>
<div>10.39.63.208 0.0.0.0 255.255.255.248 U 0 0 0 usb0</div>
<div>192.168.126.0 0.0.0.0 255.255.255.0 U 0 0 0 wlan0</div>
<div>192.168.199.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0</div>
<div>192.168.199.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1</div>
<div><br>
# ip route show table 220</div>
<div>10.2.1.0/24 via 10.39.63.209 dev usb0 proto static src 192.168.199.100 </div>
<div><br>
</div>
<div># ip -s xfrm state</div>
<div>src 10.39.63.211 dst 126.2.1.4</div>
<div> proto esp spi 0x3545bd6a(893762922) reqid 2(0x00000002) mode tunnel</div>
<div> replay-window 0 seq 0x00000000 flag af-unspec (0x00100000)</div>
<div> auth-trunc hmac(sha1) 0xaeb85f4b30fec0ccc1240cf9f6204a74e1785df5 (160 bits) 96</div>
<div> enc cbc(aes) 0xa0711780a30caaad143960ede951ef46 (128 bits)</div>
<div> encap type espinudp sport 4500 dport 4500 addr 0.0.0.0</div>
<div> lifetime config:</div>
<div> limit: soft (INF)(bytes), hard (INF)(bytes)</div>
<div> limit: soft (INF)(packets), hard (INF)(packets)</div>
<div> expire add: soft 3501(sec), hard 3960(sec)</div>
<div> expire use: soft 0(sec), hard 0(sec)</div>
<div> lifetime current:</div>
<div> 0(bytes), 0(packets)</div>
<div> add 2018-03-12 18:15:52 use -</div>
<div> stats:</div>
<div> replay-window 0 replay 0 failed 0</div>
<div>src 126.2.1.4 dst 10.39.63.211</div>
<div> proto esp spi 0xcc621d5e(3428982110) reqid 2(0x00000002) mode tunnel</div>
<div> replay-window 32 seq 0x00000000 flag af-unspec (0x00100000)</div>
<div> auth-trunc hmac(sha1) 0xbe6d3dc8b3c032f0059ece1a0234cbd87858d25e (160 bits) 96</div>
<div> enc cbc(aes) 0x7d99b233194ab31328cec11ea2ce7aa1 (128 bits)</div>
<div> encap type espinudp sport 4500 dport 4500 addr 0.0.0.0</div>
<div> lifetime config:</div>
<div> limit: soft (INF)(bytes), hard (INF)(bytes)</div>
<div> limit: soft (INF)(packets), hard (INF)(packets)</div>
<div> expire add: soft 3596(sec), hard 3960(sec)</div>
<div> expire use: soft 0(sec), hard 0(sec)</div>
<div> lifetime current:</div>
<div> 0(bytes), 0(packets)</div>
<div> add 2018-03-12 18:15:52 use -</div>
<div> stats:</div>
<div> replay-window 0 replay 0 failed 0</div>
<div>root@wheezy-armel:~ 18:34:25 </div>
<div># ping -i 192.168.199.100 10.2.1.60</div>
<div>PING 10.2.1.60 (10.2.1.60) 56(84) bytes of data.</div>
<div>^C</div>
<div>--- 10.2.1.60 ping statistics ---</div>
<div>1 packets transmitted, 0 received, 100% packet loss, time 0ms</div>
<div></div>
<div><br>
</div>
<div># ip -s xfrm state</div>
<div>src 10.39.63.211 dst 126.2.1.4</div>
<div> proto esp spi 0x00000000(0) reqid 1(0x00000001) mode tunnel</div>
<div> replay-window 0 seq 0x00000003 flag (0x00000000)</div>
<div> sel src 192.168.199.100/32 dst 10.2.1.60/32 proto udp sport 48645 dport 1025 uid 0</div>
<div> lifetime config:</div>
<div> limit: soft (INF)(bytes), hard (INF)(bytes)</div>
<div> limit: soft (INF)(packets), hard (INF)(packets)</div>
<div> expire add: soft 0(sec), hard 165(sec)</div>
<div> expire use: soft 0(sec), hard 0(sec)</div>
<div> lifetime current:</div>
<div> 0(bytes), 0(packets)</div>
<div> add 2018-03-12 18:34:35 use -</div>
<div> stats:</div>
<div> replay-window 0 replay 0 failed 0</div>
<div>src 10.39.63.211 dst 126.2.1.4</div>
<div> proto esp spi 0x3545bd6a(893762922) reqid 2(0x00000002) mode tunnel</div>
<div> replay-window 0 seq 0x00000000 flag af-unspec (0x00100000)</div>
<div> auth-trunc hmac(sha1) 0xaeb85f4b30fec0ccc1240cf9f6204a74e1785df5 (160 bits) 96</div>
<div> enc cbc(aes) 0xa0711780a30caaad143960ede951ef46 (128 bits)</div>
<div> encap type espinudp sport 4500 dport 4500 addr 0.0.0.0</div>
<div> lifetime config:</div>
<div> limit: soft (INF)(bytes), hard (INF)(bytes)</div>
<div> limit: soft (INF)(packets), hard (INF)(packets)</div>
<div> expire add: soft 3501(sec), hard 3960(sec)</div>
<div> expire use: soft 0(sec), hard 0(sec)</div>
<div> lifetime current:</div>
<div> 0(bytes), 0(packets)</div>
<div> add 2018-03-12 18:15:52 use -</div>
<div> stats:</div>
<div> replay-window 0 replay 0 failed 0</div>
<div>src 126.2.1.4 dst 10.39.63.211</div>
<div> proto esp spi 0xcc621d5e(3428982110) reqid 2(0x00000002) mode tunnel</div>
<div> replay-window 32 seq 0x00000000 flag af-unspec (0x00100000)</div>
<div> auth-trunc hmac(sha1) 0xbe6d3dc8b3c032f0059ece1a0234cbd87858d25e (160 bits) 96</div>
<div> enc cbc(aes) 0x7d99b233194ab31328cec11ea2ce7aa1 (128 bits)</div>
<div> encap type espinudp sport 4500 dport 4500 addr 0.0.0.0</div>
<div> lifetime config:</div>
<div> limit: soft (INF)(bytes), hard (INF)(bytes)</div>
<div> limit: soft (INF)(packets), hard (INF)(packets)</div>
<div> expire add: soft 3596(sec), hard 3960(sec)</div>
<div> expire use: soft 0(sec), hard 0(sec)</div>
<div> lifetime current:</div>
<div> 0(bytes), 0(packets)</div>
<div> add 2018-03-12 18:15:52 use -</div>
<div> stats:</div>
<div> replay-window 0 replay 0 failed 0</div>
<div>root@wheezy-armel:~ 18:34:37 </div>
<div># ip -s xfrm policy</div>
<div>src 10.2.1.211/32 dst 10.2.1.0/24 uid 0</div>
<div> dir out action allow index 105 priority 371327 share any flag (0x00000000)</div>
<div> lifetime config:</div>
<div> limit: soft (INF)(bytes), hard (INF)(bytes)</div>
<div> limit: soft (INF)(packets), hard (INF)(packets)</div>
<div> expire add: soft 0(sec), hard 0(sec)</div>
<div> expire use: soft 0(sec), hard 0(sec)</div>
<div> lifetime current:</div>
<div> 0(bytes), 0(packets)</div>
<div> add 2018-03-12 18:15:52 use -</div>
<div> tmpl src 10.39.63.211 dst 126.2.1.4</div>
<div> proto esp spi 0x3545bd6a(893762922) reqid 2(0x00000002) mode tunnel</div>
<div> level required share any </div>
<div> enc-mask ffffffff auth-mask ffffffff comp-mask ffffffff</div>
<div>src 10.2.1.0/24 dst 10.2.1.211/32 uid 0</div>
<div> dir fwd action allow index 98 priority 371327 share any flag (0x00000000)</div>
<div> lifetime config:</div>
<div> limit: soft (INF)(bytes), hard (INF)(bytes)</div>
<div> limit: soft (INF)(packets), hard (INF)(packets)</div>
<div> expire add: soft 0(sec), hard 0(sec)</div>
<div> expire use: soft 0(sec), hard 0(sec)</div>
<div> lifetime current:</div>
<div> 0(bytes), 0(packets)</div>
<div> add 2018-03-12 18:15:52 use -</div>
<div> tmpl src 126.2.1.4 dst 10.39.63.211</div>
<div> proto esp spi 0x00000000(0) reqid 2(0x00000002) mode tunnel</div>
<div> level required share any </div>
<div> enc-mask ffffffff auth-mask ffffffff comp-mask ffffffff</div>
<div>src 10.2.1.0/24 dst 10.2.1.211/32 uid 0</div>
<div> dir in action allow index 88 priority 371327 share any flag (0x00000000)</div>
<div> lifetime config:</div>
<div> limit: soft (INF)(bytes), hard (INF)(bytes)</div>
<div> limit: soft (INF)(packets), hard (INF)(packets)</div>
<div> expire add: soft 0(sec), hard 0(sec)</div>
<div> expire use: soft 0(sec), hard 0(sec)</div>
<div> lifetime current:</div>
<div> 0(bytes), 0(packets)</div>
<div> add 2018-03-12 18:15:52 use -</div>
<div> tmpl src 126.2.1.4 dst 10.39.63.211</div>
<div> proto esp spi 0x00000000(0) reqid 2(0x00000002) mode tunnel</div>
<div> level required share any </div>
<div> enc-mask ffffffff auth-mask ffffffff comp-mask ffffffff</div>
<div>src 192.168.199.0/24 dst 10.2.1.0/24 uid 0</div>
<div> dir out action allow index 81 priority 375424 share any flag (0x00000000)</div>
<div> lifetime config:</div>
<div> limit: soft (INF)(bytes), hard (INF)(bytes)</div>
<div> limit: soft (INF)(packets), hard (INF)(packets)</div>
<div> expire add: soft 0(sec), hard 0(sec)</div>
<div> expire use: soft 0(sec), hard 0(sec)</div>
<div> lifetime current:</div>
<div> 0(bytes), 0(packets)</div>
<div> add 2018-03-12 18:15:48 use -</div>
<div> tmpl src 10.39.63.211 dst 126.2.1.4</div>
<div> proto esp spi 0x00000000(0) reqid 1(0x00000001) mode tunnel</div>
<div> level required share any </div>
<div> enc-mask ffffffff auth-mask ffffffff comp-mask ffffffff</div>
<div>src 10.2.1.0/24 dst 192.168.199.0/24 uid 0</div>
<div> dir fwd action allow index 74 priority 375424 share any flag (0x00000000)</div>
<div> lifetime config:</div>
<div> limit: soft (INF)(bytes), hard (INF)(bytes)</div>
<div> limit: soft (INF)(packets), hard (INF)(packets)</div>
<div> expire add: soft 0(sec), hard 0(sec)</div>
<div> expire use: soft 0(sec), hard 0(sec)</div>
<div> lifetime current:</div>
<div> 0(bytes), 0(packets)</div>
<div> add 2018-03-12 18:15:48 use -</div>
<div> tmpl src 126.2.1.4 dst 10.39.63.211</div>
<div> proto esp spi 0x00000000(0) reqid 1(0x00000001) mode tunnel</div>
<div> level required share any </div>
<div> enc-mask ffffffff auth-mask ffffffff comp-mask ffffffff</div>
<div>src 10.2.1.0/24 dst 192.168.199.0/24 uid 0</div>
<div> dir in action allow index 64 priority 375424 share any flag (0x00000000)</div>
<div> lifetime config:</div>
<div> limit: soft (INF)(bytes), hard (INF)(bytes)</div>
<div> limit: soft (INF)(packets), hard (INF)(packets)</div>
<div> expire add: soft 0(sec), hard 0(sec)</div>
<div> expire use: soft 0(sec), hard 0(sec)</div>
<div> lifetime current:</div>
<div> 0(bytes), 0(packets)</div>
<div> add 2018-03-12 18:15:48 use -</div>
<div> tmpl src 126.2.1.4 dst 10.39.63.211</div>
<div> proto esp spi 0x00000000(0) reqid 1(0x00000001) mode tunnel</div>
<div> level required share any </div>
<div> enc-mask ffffffff auth-mask ffffffff comp-mask ffffffff</div>
<div>src 0.0.0.0/0 dst 0.0.0.0/0 uid 0</div>
<div> socket in action allow index 59 priority 0 share any flag (0x00000000)</div>
<div> lifetime config:</div>
<div> limit: soft 0(bytes), hard 0(bytes)</div>
<div> limit: soft 0(packets), hard 0(packets)</div>
<div> expire add: soft 0(sec), hard 0(sec)</div>
<div> expire use: soft 0(sec), hard 0(sec)</div>
<div> lifetime current:</div>
<div> 0(bytes), 0(packets)</div>
<div> add 2018-03-12 18:15:44 use 2018-03-12 18:34:33</div>
<div>src 0.0.0.0/0 dst 0.0.0.0/0 uid 0</div>
<div> socket out action allow index 52 priority 0 share any flag (0x00000000)</div>
<div> lifetime config:</div>
<div> limit: soft 0(bytes), hard 0(bytes)</div>
<div> limit: soft 0(packets), hard 0(packets)</div>
<div> expire add: soft 0(sec), hard 0(sec)</div>
<div> expire use: soft 0(sec), hard 0(sec)</div>
<div> lifetime current:</div>
<div> 0(bytes), 0(packets)</div>
<div> add 2018-03-12 18:15:44 use 2018-03-12 18:34:28</div>
<div>src 0.0.0.0/0 dst 0.0.0.0/0 uid 0</div>
<div> socket in action allow index 43 priority 0 share any flag (0x00000000)</div>
<div> lifetime config:</div>
<div> limit: soft 0(bytes), hard 0(bytes)</div>
<div> limit: soft 0(packets), hard 0(packets)</div>
<div> expire add: soft 0(sec), hard 0(sec)</div>
<div> expire use: soft 0(sec), hard 0(sec)</div>
<div> lifetime current:</div>
<div> 0(bytes), 0(packets)</div>
<div> add 2018-03-12 18:15:44 use 2018-03-12 18:34:39</div>
<div>src 0.0.0.0/0 dst 0.0.0.0/0 uid 0</div>
<div> socket out action allow index 36 priority 0 share any flag (0x00000000)</div>
<div> lifetime config:</div>
<div> limit: soft 0(bytes), hard 0(bytes)</div>
<div> limit: soft 0(packets), hard 0(packets)</div>
<div> expire add: soft 0(sec), hard 0(sec)</div>
<div> expire use: soft 0(sec), hard 0(sec)</div>
<div> lifetime current:</div>
<div> 0(bytes), 0(packets)</div>
<div> add 2018-03-12 18:15:44 use 2018-03-12 18:34:39</div>
<div>src ::/0 dst ::/0 uid 0</div>
<div> socket in action allow index 27 priority 0 share any flag (0x00000000)</div>
<div> lifetime config:</div>
<div> limit: soft 0(bytes), hard 0(bytes)</div>
<div> limit: soft 0(packets), hard 0(packets)</div>
<div> expire add: soft 0(sec), hard 0(sec)</div>
<div> expire use: soft 0(sec), hard 0(sec)</div>
<div> lifetime current:</div>
<div> 0(bytes), 0(packets)</div>
<div> add 2018-03-12 18:15:44 use -</div>
<div>src ::/0 dst ::/0 uid 0</div>
<div> socket out action allow index 20 priority 0 share any flag (0x00000000)</div>
<div> lifetime config:</div>
<div> limit: soft 0(bytes), hard 0(bytes)</div>
<div> limit: soft 0(packets), hard 0(packets)</div>
<div> expire add: soft 0(sec), hard 0(sec)</div>
<div> expire use: soft 0(sec), hard 0(sec)</div>
<div> lifetime current:</div>
<div> 0(bytes), 0(packets)</div>
<div> add 2018-03-12 18:15:44 use -</div>
<div>src ::/0 dst ::/0 uid 0</div>
<div> socket in action allow index 11 priority 0 share any flag (0x00000000)</div>
<div> lifetime config:</div>
<div> limit: soft 0(bytes), hard 0(bytes)</div>
<div> limit: soft 0(packets), hard 0(packets)</div>
<div> expire add: soft 0(sec), hard 0(sec)</div>
<div> expire use: soft 0(sec), hard 0(sec)</div>
<div> lifetime current:</div>
<div> 0(bytes), 0(packets)</div>
<div> add 2018-03-12 18:15:44 use -</div>
<div>src ::/0 dst ::/0 uid 0</div>
<div> socket out action allow index 4 priority 0 share any flag (0x00000000)</div>
<div> lifetime config:</div>
<div> limit: soft 0(bytes), hard 0(bytes)</div>
<div> limit: soft 0(packets), hard 0(packets)</div>
<div> expire add: soft 0(sec), hard 0(sec)</div>
<div> expire use: soft 0(sec), hard 0(sec)</div>
<div> lifetime current:</div>
<div> 0(bytes), 0(packets)</div>
<div> add 2018-03-12 18:15:44 use -</div>
<div><br>
<br>
Thanks<br>
<br>
George<br>
</div>
</div>
</body>
</html>