I am trying to connect multiple networks (Amazon VPCs)
together using LibreSWAN and Amazon VPN appliances. The libreswan instance ('hub')
can ping to hosts in both VPCs and traffic is attempting to
cross the hub, but is getting dropped before being forwarded.

In this scenario there are two VPCs being connected, and a
instance that happens to be in a 3rd VPC is performing the
routing and acting as a hub. I am attempting to essentially
reimplement the Transit VPC function
(https://aws.amazon.com/blogs/aws/aws-solution-transit-vpc/),
without the Cisco CSR and automated lambda configuration.

My issue is that the hub is able to reach both East and West,
but packets from either end arrive on hub but reach no further.

I notice that counters 'XfrmInNoPols' increments when I attempt to ping.
I suspect the issue is somewhere in the XFRM config, but its not
clear to me how to resolve the issue (if that is even the
issue).

Topology:
West (172.19.0.0/16) - (hub) - East (172.18.0.0/16). Hub is
connecting to both ends via VGW's, so cleartext packets for
east/west never leave Hub. As per normal VGW behavior, two
tunnels exist between each end and HUB.

The basis for this configuration is
https://github.com/patrickbcullen/Openswan-VPC, modified to
support a 2nd set of tunnels. One oddity about this script is it
set ups a 'network namespace'
(http://man7.org/linux/man-pages/man8/ip-netns.8.html) to handle
all the ipsec and routing.

The hub can ping nodes in east and west via the IPSEC tunnels.
The VGW's agree that ipsec and BGP is up, the the East/West
subnets see the propagated routes. The hub has routes to both
East and West. Iptables is fully open. rp_filter is set to 0 and
forwarding / ip_forward is set to 1 in sysctl.

I set up a ping generator in West that is attempting to ping
East. The packets reach the openswan network namespace in hub:

16:38:49.311665 IP 35.163.220.45 > 169.254.255.3:
ESP(spi=0x0a790d98,seq=0x4f5), length 132
16:38:49.311665 IP 172.19.58.64 > 172.18.57.207: ICMP echo
request, id 411, seq 1113, length 64

I have NFLOG / ulogd2 setup in iptables. It shows:

RAW-PREROUTING IN=eth0 OUT= MAC=d6:fd:61:4b:73:42:6a:3a:bb:e2:33:75:08:00 SRC=172.19.58.64 DST=172.18.57.207 LEN=84 TOS=00 PREC=0x00 TTL=254 ID=49803 DF PROTO=ICMP TYPE=8 CODE=0 ID=411 SEQ=1155 MARK=0
NAT-PREROUTING IN=eth0 OUT= MAC=d6:fd:61:4b:73:42:6a:3a:bb:e2:33:75:08:00 SRC=172.19.58.64 DST=172.18.57.207 LEN=84 TOS=00 PREC=0x00 TTL=254 ID=49803 DF PROTO=ICMP TYPE=8 CODE=0 ID=411 SEQ=1155 MARK=0

However the packet never reaches the FORWARD iptables chain:

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)

Pinging from East to West fails similarly.

The hub can ping both the source and destination:

# ping -c 1 172.18.57.207
64 bytes from 172.18.57.207: icmp_seq=1 ttl=254 time=1.74 ms
# ping -c 1 172.19.58.64
64 bytes from 172.19.58.64: icmp_seq=1 ttl=254 time=94.3 ms

Any suggestions on what might be blocking packets from
transiting hub? I've seen hints that 'eroute' might be filtering
the packets, but when I try to look at the eroute table with
'ipsec eroute' I get an error that NETKEY and eroute aren't
compatibile.

The host is a AWS EC2 AMI, latest version:
Linux version 4.4.30-32.54.amzn1.x86_64 (***@gobi-build-60008) (gcc version 4.8.3 20140911 (Red Hat 4.8.3-9) (GCC) ) #1 SMP Thu Nov 10 15:52:05 UTC 2016ux
Linux Openswan U2.6.37/K4.4.30-32.54.amzn1.x86_64 (netkey)

ipsec barf output:
Unable to find KLIPS messages, typically found in /var/log/messages or equivalent. You may need to run Libreswan for the first time; alternatively, your log files have been emptied (ie, logwatch) or we do not understand your logging configuration.
ip-172-28-10-214
Wed Nov 23 17:40:29 UTC 2016
+ _________________________ version
+ ipsec --version
Linux Libreswan 3.master-201646.git (netkey) on 4.4.30-32.54.amzn1.x86_64
+ _________________________ /proc/version
+ cat /proc/version
Linux version 4.4.30-32.54.amzn1.x86_64 (***@gobi-build-60008) (gcc version 4.8.3 20140911 (Red Hat 4.8.3-9) (GCC) ) #1 SMP Thu Nov 10 15:52:05 UTC 2016
+ _________________________ /proc/net/ipsec_eroute
+ test -r /proc/net/ipsec_eroute
+ _________________________ netstat-rn
+ head -n 100
+ netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 169.254.255.1 0.0.0.0 UG 0 0 0 eth0
169.254.12.52 0.0.0.0 255.255.255.252 U 0 0 0 eth0
169.254.12.220 0.0.0.0 255.255.255.252 U 0 0 0 eth0
169.254.47.0 0.0.0.0 255.255.255.252 U 0 0 0 eth0
169.254.47.12 0.0.0.0 255.255.255.252 U 0 0 0 eth0
169.254.255.0 0.0.0.0 255.255.255.240 U 0 0 0 eth0
172.18.0.0 169.254.47.13 255.255.0.0 UG 0 0 0 eth0
172.19.0.0 169.254.12.221 255.255.0.0 UG 0 0 0 eth0
+ _________________________ /proc/net/ipsec_spi
+ test -r /proc/net/ipsec_spi
+ _________________________ /proc/net/ipsec_spigrp
+ test -r /proc/net/ipsec_spigrp
+ _________________________ /proc/net/ipsec_tncfg
+ test -r /proc/net/ipsec_tncfg
+ _________________________ /proc/net/pfkey
+ test -r /proc/net/pfkey
+ cat /proc/net/pfkey
sk RefCnt Rmem Wmem User Inode
+ _________________________ ip-xfrm-state
+ ip xfrm stat (auth/enc snipped)
src 35.163.220.45 dst 169.254.255.3
proto esp spi 0xacfaf6f7 reqid 16393 mode tunnel
replay-window 32 flag af-unspec
encap type espinudp sport 4500 dport 4500 addr 0.0.0.0
anti-replay context: seq 0x4a, oseq 0x0, bitmap 0xffffffff
src 169.254.255.3 dst 35.163.220.45
proto esp spi 0x4b5ff21b reqid 16393 mode tunnel
replay-window 32 flag af-unspec
encap type espinudp sport 4500 dport 4500 addr 0.0.0.0
anti-replay context: seq 0x0, oseq 0x4b, bitmap 0x00000000
src 35.163.197.247 dst 169.254.255.2
proto esp spi 0x986f67b3 reqid 16389 mode tunnel
replay-window 32 flag af-unspec
encap type espinudp sport 4500 dport 4500 addr 0.0.0.0
anti-replay context: seq 0x32, oseq 0x0, bitmap 0xffffffff
src 169.254.255.2 dst 35.163.197.247
proto esp spi 0x004e43ab reqid 16389 mode tunnel
replay-window 32 flag af-unspec
encap type espinudp sport 4500 dport 4500 addr 0.0.0.0
anti-replay context: seq 0x0, oseq 0x49, bitmap 0x00000000
src 52.45.134.147 dst 169.254.255.4
proto esp spi 0x3cb3023f reqid 16397 mode tunnel
replay-window 32 flag af-unspec
encap type espinudp sport 4500 dport 4500 addr 0.0.0.0
anti-replay context: seq 0x29, oseq 0x0, bitmap 0xffffffff
src 169.254.255.4 dst 52.45.134.147
proto esp spi 0x0fde270c reqid 16397 mode tunnel
replay-window 32 flag af-unspec
encap type espinudp sport 4500 dport 4500 addr 0.0.0.0
anti-replay context: seq 0x0, oseq 0x4b, bitmap 0x00000000
src 52.45.232.151 dst 169.254.255.5
proto esp spi 0xd41ae7da reqid 16401 mode tunnel
replay-window 32 flag af-unspec
encap type espinudp sport 4500 dport 4500 addr 0.0.0.0
anti-replay context: seq 0x49, oseq 0x0, bitmap 0xffffffff
src 169.254.255.5 dst 52.45.232.151
proto esp spi 0xb34007bf reqid 16401 mode tunnel
replay-window 32 flag af-unspec
encap type espinudp sport 4500 dport 4500 addr 0.0.0.0
anti-replay context: seq 0x0, oseq 0x33, bitmap 0x00000000
+ _________________________ ip-xfrm-policy
+ ip xfrm policy
src 169.254.12.220/30 dst 0.0.0.0/0
dir out priority 2176 ptype main
tmpl src 169.254.255.3 dst 35.163.220.45
proto esp reqid 16393 mode tunnel
src 0.0.0.0/0 dst 169.254.12.220/30
dir fwd priority 2176 ptype main
tmpl src 35.163.220.45 dst 169.254.255.3
proto esp reqid 16393 mode tunnel
src 0.0.0.0/0 dst 169.254.12.220/30
dir in priority 2176 ptype main
tmpl src 35.163.220.45 dst 169.254.255.3
proto esp reqid 16393 mode tunnel
src 169.254.12.52/30 dst 0.0.0.0/0
dir out priority 2176 ptype main
tmpl src 169.254.255.2 dst 35.163.197.247
proto esp reqid 16389 mode tunnel
src 0.0.0.0/0 dst 169.254.12.52/30
dir fwd priority 2176 ptype main
tmpl src 35.163.197.247 dst 169.254.255.2
proto esp reqid 16389 mode tunnel
src 0.0.0.0/0 dst 169.254.12.52/30
dir in priority 2176 ptype main
tmpl src 35.163.197.247 dst 169.254.255.2
proto esp reqid 16389 mode tunnel
src 169.254.47.12/30 dst 0.0.0.0/0
dir out priority 2176 ptype main
tmpl src 169.254.255.4 dst 52.45.134.147
proto esp reqid 16397 mode tunnel
src 0.0.0.0/0 dst 169.254.47.12/30
dir fwd priority 2176 ptype main
tmpl src 52.45.134.147 dst 169.254.255.4
proto esp reqid 16397 mode tunnel
src 0.0.0.0/0 dst 169.254.47.12/30
dir in priority 2176 ptype main
tmpl src 52.45.134.147 dst 169.254.255.4
proto esp reqid 16397 mode tunnel
src 169.254.47.0/30 dst 0.0.0.0/0
dir out priority 2176 ptype main
tmpl src 169.254.255.5 dst 52.45.232.151
proto esp reqid 16401 mode tunnel
src 0.0.0.0/0 dst 169.254.47.0/30
dir fwd priority 2176 ptype main
tmpl src 52.45.232.151 dst 169.254.255.5
proto esp reqid 16401 mode tunnel
src 0.0.0.0/0 dst 169.254.47.0/30
dir in priority 2176 ptype main
tmpl src 52.45.232.151 dst 169.254.255.5
proto esp reqid 16401 mode tunnel
src ::/0 dst ::/0 proto ipv6-icmp type 135
dir fwd priority 1 ptype main
src ::/0 dst ::/0 proto ipv6-icmp type 135
dir in priority 1 ptype main
src ::/0 dst ::/0 proto ipv6-icmp type 136
dir out priority 1 ptype main
src ::/0 dst ::/0 proto ipv6-icmp type 136
dir fwd priority 1 ptype main
src ::/0 dst ::/0 proto ipv6-icmp type 136
dir in priority 1 ptype main
src ::/0 dst ::/0 proto ipv6-icmp type 135
dir out priority 1 ptype main
src ::/0 dst ::/0
socket out priority 0 ptype main
src ::/0 dst ::/0
socket in priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket out priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket in priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket out priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket in priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket out priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket in priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket out priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket in priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket out priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket in priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket out priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket in priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket out priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket in priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket out priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket in priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket out priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket in priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket out priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket in priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket out priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket in priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket out priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket in priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket out priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket in priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket out priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket in priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket out priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket in priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket out priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket in priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket out priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket in priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket out priority 0 ptype main
src 0.0.0.0/0 dst 0.0.0.0/0
socket in priority 0 ptype main
+ _________________________ ip-xfrm-stats
+ cat /proc/net/xfrm_stat
XfrmInError 0
XfrmInBufferError 0
XfrmInHdrError 0
XfrmInNoStates 4
XfrmInStateProtoError 0
XfrmInStateModeError 0
XfrmInStateSeqError 0
XfrmInStateExpired 0
XfrmInStateMismatch 0
XfrmInStateInvalid 0
XfrmInTmplMismatch 8649
XfrmInNoPols 48
XfrmInPolBlock 0
XfrmInPolError 0
XfrmOutError 0
XfrmOutBundleGenError 0
XfrmOutBundleCheckError 0
XfrmOutNoStates 24218
XfrmOutStateProtoError 0
XfrmOutStateModeError 0
XfrmOutStateSeqError 0
XfrmOutStateExpired 0
XfrmOutPolBlock 0
XfrmOutPolDead 0
XfrmOutPolError 0
XfrmFwdHdrError 0
XfrmOutStateInvalid 0
XfrmAcquireError 0
+ _________________________ ip-l2tp-tunnel
+ test -d /sys/module/l2tp_core
+ test -d /sys/module/ip_vti
+ ip -s tunnel show
ip_vti0: ip/ip remote any local any ttl inherit nopmtudisc key 0
RX: Packets Bytes Errors CsumErrs OutOfSeq Mcasts
0 0 0 0 0 0
TX: Packets Bytes Errors DeadLoop NoRoute NoBufs
0 0 0 0 0 0
+ _________________________ ip-tunnel
+ ip -s tunnel show
ip_vti0: ip/ip remote any local any ttl inherit nopmtudisc key 0
RX: Packets Bytes Errors CsumErrs OutOfSeq Mcasts
0 0 0 0 0 0
TX: Packets Bytes Errors DeadLoop NoRoute NoBufs
0 0 0 0 0 0
+ _________________________ /proc/crypto
+ test -r /proc/crypto
+ cat /proc/crypto
name : echainiv(authenc(hmac(sha1),cbc(aes)))
driver : echainiv(authenc(hmac(sha1-avx2),cbc-aes-aesni))
module : echainiv
priority : 4170
refcnt : 9
selftest : passed
internal : no
type : aead
async : yes
blocksize : 16
ivsize : 16
maxauthsize : 20
geniv : <none>

name : authenc(hmac(sha1),cbc(aes))
driver : authenc(hmac(sha1-avx2),cbc-aes-aesni)
module : authenc
priority : 4170
refcnt : 9
selftest : passed
internal : no
type : aead
async : yes
blocksize : 16
ivsize : 16
maxauthsize : 20
geniv : <none>

name : hmac(sha1)
driver : hmac(sha1-avx2)
module : kernel
priority : 170
refcnt : 17
selftest : passed
internal : no
type : shash
blocksize : 64
digestsize : 20

name : sha1
driver : sha1-avx2
module : sha1_ssse3
priority : 170
refcnt : 9
selftest : passed
internal : no
type : shash
blocksize : 64
digestsize : 20

name : sha1
driver : sha1-avx
module : sha1_ssse3
priority : 160
refcnt : 1
selftest : passed
internal : no
type : shash
blocksize : 64
digestsize : 20

name : sha1
driver : sha1-ssse3
module : sha1_ssse3
priority : 150
refcnt : 1
selftest : passed
internal : no
type : shash
blocksize : 64
digestsize : 20

name : salsa20
driver : salsa20-asm
module : salsa20_x86_64
priority : 200
refcnt : 1
selftest : passed
internal : no
type : blkcipher
blocksize : 1
min keysize : 16
max keysize : 32
ivsize : 8
geniv : <default>

name : poly1305
driver : poly1305-simd
module : poly1305_x86_64
priority : 300
refcnt : 1
selftest : passed
internal : no
type : shash
blocksize : 16
digestsize : 16

name : poly1305
driver : poly1305-generic
module : poly1305_generic
priority : 100
refcnt : 1
selftest : passed
internal : no
type : shash
blocksize : 16
digestsize : 16

name : ctr(des3_ede)
driver : ctr-des3_ede-asm
module : des3_ede_x86_64
priority : 300
refcnt : 1
selftest : passed
internal : no
type : blkcipher
blocksize : 1
min keysize : 24
max keysize : 24
ivsize : 8
geniv : <default>

name : cbc(des3_ede)
driver : cbc-des3_ede-asm
module : des3_ede_x86_64
priority : 300
refcnt : 1
selftest : passed
internal : no
type : blkcipher
blocksize : 8
min keysize : 24
max keysize : 24
ivsize : 8
geniv : <default>

name : ecb(des3_ede)
driver : ecb-des3_ede-asm
module : des3_ede_x86_64
priority : 300
refcnt : 1
selftest : passed
internal : no
type : blkcipher
blocksize : 8
min keysize : 24
max keysize : 24
ivsize : 0
geniv : <default>

name : des3_ede
driver : des3_ede-asm
module : des3_ede_x86_64
priority : 200
refcnt : 1
selftest : passed
internal : no
type : cipher
blocksize : 8
min keysize : 24
max keysize : 24

name : crc32
driver : crc32-pclmul
module : crc32_pclmul
priority : 200
refcnt : 1
selftest : passed
internal : no
type : shash
blocksize : 1
digestsize : 4

name : crc32c
driver : crc32c-intel
module : crc32c_intel
priority : 200
refcnt : 1
selftest : passed
internal : no
type : shash
blocksize : 1
digestsize : 4

name : chacha20
driver : chacha20-simd
module : chacha20_x86_64
priority : 300
refcnt : 1
selftest : passed
internal : no
type : blkcipher
blocksize : 1
min keysize : 32
max keysize : 32
ivsize : 16
geniv : seqiv

name : chacha20
driver : chacha20-generic
module : chacha20_generic
priority : 100
refcnt : 1
selftest : passed
internal : no
type : blkcipher
blocksize : 1
min keysize : 32
max keysize : 32
ivsize : 16
geniv : seqiv

name : __cbc-aes-aesni
driver : cryptd(__driver-cbc-aes-aesni)
module : cryptd
priority : 50
refcnt : 9
selftest : passed
internal : yes
type : ablkcipher
async : yes
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 0
geniv : <default>

name : cbc(aes)
driver : cbc-aes-aesni
module : kernel
priority : 400
refcnt : 9
selftest : passed
internal : no
type : givcipher
async : yes
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 16
geniv : eseqiv

name : rfc3686(ctr(aes))
driver : rfc3686(ctr-aes-aesni)
module : ctr
priority : 400
refcnt : 1
selftest : passed
internal : no
type : ablkcipher
async : yes
blocksize : 1
min keysize : 20
max keysize : 36
ivsize : 8
geniv : seqiv

name : cbc(des)
driver : cbc(des-generic)
module : cbc
priority : 100
refcnt : 1
selftest : passed
internal : no
type : blkcipher
blocksize : 8
min keysize : 8
max keysize : 8
ivsize : 8
geniv : <default>

name : cmac(aes)
driver : cmac(aes-aesni)
module : cmac
priority : 300
refcnt : 1
selftest : passed
internal : no
type : shash
blocksize : 16
digestsize : 16

name : xcbc(aes)
driver : xcbc(aes-aesni)
module : xcbc
priority : 300
refcnt : 1
selftest : passed
internal : no
type : shash
blocksize : 16
digestsize : 16

name : hmac(rmd160)
driver : hmac(rmd160-generic)
module : kernel
priority : 0
refcnt : 1
selftest : passed
internal : no
type : shash
blocksize : 64
digestsize : 20

name : rmd160
driver : rmd160-generic
module : rmd160
priority : 0
refcnt : 1
selftest : passed
internal : no
type : shash
blocksize : 64
digestsize : 20

name : hmac(sha512)
driver : hmac(sha512-avx2)
module : kernel
priority : 170
refcnt : 1
selftest : passed
internal : no
type : shash
blocksize : 128
digestsize : 64

name : hmac(sha384)
driver : hmac(sha384-avx2)
module : kernel
priority : 170
refcnt : 1
selftest : passed
internal : no
type : shash
blocksize : 128
digestsize : 48

name : hmac(sha256)
driver : hmac(sha256-avx2)
module : kernel
priority : 170
refcnt : 1
selftest : passed
internal : no
type : shash
blocksize : 64
digestsize : 32

name : hmac(md5)
driver : hmac(md5-generic)
module : kernel
priority : 0
refcnt : 1
selftest : passed
internal : no
type : shash
blocksize : 64
digestsize : 16

name : camellia
driver : camellia-generic
module : camellia_generic
priority : 100
refcnt : 1
selftest : passed
internal : no
type : cipher
blocksize : 16
min keysize : 16
max keysize : 32

name : xts(camellia)
driver : xts-camellia-aesni-avx2
module : camellia_aesni_avx2
priority : 500
refcnt : 1
selftest : passed
internal : no
type : ablkcipher
async : yes
blocksize : 16
min keysize : 32
max keysize : 64
ivsize : 16
geniv : <default>

name : lrw(camellia)
driver : lrw-camellia-aesni-avx2
module : camellia_aesni_avx2
priority : 500
refcnt : 1
selftest : passed
internal : no
type : ablkcipher
async : yes
blocksize : 16
min keysize : 32
max keysize : 48
ivsize : 16
geniv : <default>

name : ctr(camellia)
driver : ctr-camellia-aesni-avx2
module : camellia_aesni_avx2
priority : 500
refcnt : 1
selftest : passed
internal : no
type : ablkcipher
async : yes
blocksize : 1
min keysize : 16
max keysize : 32
ivsize : 16
geniv : chainiv

name : cbc(camellia)
driver : cbc-camellia-aesni-avx2
module : camellia_aesni_avx2
priority : 500
refcnt : 1
selftest : passed
internal : no
type : ablkcipher
async : yes
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 16
geniv : <default>

name : __ecb-camellia-aesni-avx2
driver : cryptd(__driver-ecb-camellia-aesni-avx2)
module : cryptd
priority : 50
refcnt : 1
selftest : passed
internal : yes
type : ablkcipher
async : yes
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 0
geniv : <default>

name : ecb(camellia)
driver : ecb-camellia-aesni-avx2
module : camellia_aesni_avx2
priority : 500
refcnt : 1
selftest : passed
internal : no
type : ablkcipher
async : yes
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 0
geniv : <default>

name : __xts-camellia-aesni-avx2
driver : __driver-xts-camellia-aesni-avx2
module : camellia_aesni_avx2
priority : 0
refcnt : 1
selftest : passed
internal : yes
type : blkcipher
blocksize : 16
min keysize : 32
max keysize : 64
ivsize : 16
geniv : <default>

name : __lrw-camellia-aesni-avx2
driver : __driver-lrw-camellia-aesni-avx2
module : camellia_aesni_avx2
priority : 0
refcnt : 1
selftest : passed
internal : yes
type : blkcipher
blocksize : 16
min keysize : 32
max keysize : 48
ivsize : 16
geniv : <default>

name : __ctr-camellia-aesni-avx2
driver : __driver-ctr-camellia-aesni-avx2
module : camellia_aesni_avx2
priority : 0
refcnt : 1
selftest : passed
internal : yes
type : blkcipher
blocksize : 1
min keysize : 16
max keysize : 32
ivsize : 16
geniv : <default>

name : __cbc-camellia-aesni-avx2
driver : __driver-cbc-camellia-aesni-avx2
module : camellia_aesni_avx2
priority : 0
refcnt : 1
selftest : passed
internal : yes
type : blkcipher
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 0
geniv : <default>

name : __ecb-camellia-aesni-avx2
driver : __driver-ecb-camellia-aesni-avx2
module : camellia_aesni_avx2
priority : 0
refcnt : 1
selftest : passed
internal : yes
type : blkcipher
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 0
geniv : <default>

name : xts(camellia)
driver : xts-camellia-aesni
module : camellia_aesni_avx_x86_64
priority : 400
refcnt : 1
selftest : passed
internal : no
type : ablkcipher
async : yes
blocksize : 16
min keysize : 32
max keysize : 64
ivsize : 16
geniv : <default>

name : lrw(camellia)
driver : lrw-camellia-aesni
module : camellia_aesni_avx_x86_64
priority : 400
refcnt : 1
selftest : passed
internal : no
type : ablkcipher
async : yes
blocksize : 16
min keysize : 32
max keysize : 48
ivsize : 16
geniv : <default>

name : ctr(camellia)
driver : ctr-camellia-aesni
module : camellia_aesni_avx_x86_64
priority : 400
refcnt : 1
selftest : passed
internal : no
type : ablkcipher
async : yes
blocksize : 1
min keysize : 16
max keysize : 32
ivsize : 16
geniv : chainiv

name : cbc(camellia)
driver : cbc-camellia-aesni
module : camellia_aesni_avx_x86_64
priority : 400
refcnt : 1
selftest : passed
internal : no
type : ablkcipher
async : yes
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 16
geniv : <default>

name : __ecb-camellia-aesni
driver : cryptd(__driver-ecb-camellia-aesni)
module : cryptd
priority : 50
refcnt : 1
selftest : passed
internal : yes
type : ablkcipher
async : yes
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 0
geniv : <default>

name : ecb(camellia)
driver : ecb-camellia-aesni
module : camellia_aesni_avx_x86_64
priority : 400
refcnt : 1
selftest : passed
internal : no
type : ablkcipher
async : yes
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 0
geniv : <default>

name : __xts-camellia-aesni
driver : __driver-xts-camellia-aesni
module : camellia_aesni_avx_x86_64
priority : 0
refcnt : 1
selftest : passed
internal : yes
type : blkcipher
blocksize : 16
min keysize : 32
max keysize : 64
ivsize : 16
geniv : <default>

name : __lrw-camellia-aesni
driver : __driver-lrw-camellia-aesni
module : camellia_aesni_avx_x86_64
priority : 0
refcnt : 1
selftest : passed
internal : yes
type : blkcipher
blocksize : 16
min keysize : 32
max keysize : 48
ivsize : 16
geniv : <default>

name : __ctr-camellia-aesni
driver : __driver-ctr-camellia-aesni
module : camellia_aesni_avx_x86_64
priority : 0
refcnt : 1
selftest : passed
internal : yes
type : blkcipher
blocksize : 1
min keysize : 16
max keysize : 32
ivsize : 16
geniv : <default>

name : __cbc-camellia-aesni
driver : __driver-cbc-camellia-aesni
module : camellia_aesni_avx_x86_64
priority : 0
refcnt : 1
selftest : passed
internal : yes
type : blkcipher
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 0
geniv : <default>

name : __ecb-camellia-aesni
driver : __driver-ecb-camellia-aesni
module : camellia_aesni_avx_x86_64
priority : 0
refcnt : 1
selftest : passed
internal : yes
type : blkcipher
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 0
geniv : <default>

name : xts(camellia)
driver : xts-camellia-asm
module : camellia_x86_64
priority : 300
refcnt : 1
selftest : passed
internal : no
type : blkcipher
blocksize : 16
min keysize : 32
max keysize : 64
ivsize : 16
geniv : <default>

name : lrw(camellia)
driver : lrw-camellia-asm
module : camellia_x86_64
priority : 300
refcnt : 1
selftest : passed
internal : no
type : blkcipher
blocksize : 16
min keysize : 32
max keysize : 48
ivsize : 16
geniv : <default>

name : ctr(camellia)
driver : ctr-camellia-asm
module : camellia_x86_64
priority : 300
refcnt : 1
selftest : passed
internal : no
type : blkcipher
blocksize : 1
min keysize : 16
max keysize : 32
ivsize : 16
geniv : <default>

name : cbc(camellia)
driver : cbc-camellia-asm
module : camellia_x86_64
priority : 300
refcnt : 1
selftest : passed
internal : no
type : blkcipher
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 16
geniv : <default>

name : ecb(camellia)
driver : ecb-camellia-asm
module : camellia_x86_64
priority : 300
refcnt : 1
selftest : passed
internal : no
type : blkcipher
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 0
geniv : <default>

name : camellia
driver : camellia-asm
module : camellia_x86_64
priority : 200
refcnt : 1
selftest : passed
internal : no
type : cipher
blocksize : 16
min keysize : 16
max keysize : 32

name : xts(cast6)
driver : xts-cast6-avx
module : cast6_avx_x86_64
priority : 200
refcnt : 1
selftest : passed
internal : no
type : ablkcipher
async : yes
blocksize : 16
min keysize : 32
max keysize : 64
ivsize : 16
geniv : <default>

name : lrw(cast6)
driver : lrw-cast6-avx
module : cast6_avx_x86_64
priority : 200
refcnt : 1
selftest : passed
internal : no
type : ablkcipher
async : yes
blocksize : 16
min keysize : 32
max keysize : 48
ivsize : 16
geniv : <default>

name : ctr(cast6)
driver : ctr-cast6-avx
module : cast6_avx_x86_64
priority : 200
refcnt : 1
selftest : passed
internal : no
type : ablkcipher
async : yes
blocksize : 1
min keysize : 16
max keysize : 32
ivsize : 16
geniv : chainiv

name : cbc(cast6)
driver : cbc-cast6-avx
module : cast6_avx_x86_64
priority : 200
refcnt : 1
selftest : passed
internal : no
type : ablkcipher
async : yes
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 16
geniv : <default>

name : __ecb-cast6-avx
driver : cryptd(__driver-ecb-cast6-avx)
module : cryptd
priority : 50
refcnt : 1
selftest : passed
internal : yes
type : ablkcipher
async : yes
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 0
geniv : <default>

name : ecb(cast6)
driver : ecb-cast6-avx
module : cast6_avx_x86_64
priority : 200
refcnt : 1
selftest : passed
internal : no
type : ablkcipher
async : yes
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 0
geniv : <default>

name : __xts-cast6-avx
driver : __driver-xts-cast6-avx
module : cast6_avx_x86_64
priority : 0
refcnt : 1
selftest : passed
internal : yes
type : blkcipher
blocksize : 16
min keysize : 32
max keysize : 64
ivsize : 16
geniv : <default>

name : __lrw-cast6-avx
driver : __driver-lrw-cast6-avx
module : cast6_avx_x86_64
priority : 0
refcnt : 1
selftest : passed
internal : yes
type : blkcipher
blocksize : 16
min keysize : 32
max keysize : 48
ivsize : 16
geniv : <default>

name : __ctr-cast6-avx
driver : __driver-ctr-cast6-avx
module : cast6_avx_x86_64
priority : 0
refcnt : 1
selftest : passed
internal : yes
type : blkcipher
blocksize : 1
min keysize : 16
max keysize : 32
ivsize : 16
geniv : <default>

name : __cbc-cast6-avx
driver : __driver-cbc-cast6-avx
module : cast6_avx_x86_64
priority : 0
refcnt : 1
selftest : passed
internal : yes
type : blkcipher
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 0
geniv : <default>

name : __ecb-cast6-avx
driver : __driver-ecb-cast6-avx
module : cast6_avx_x86_64
priority : 0
refcnt : 1
selftest : passed
internal : yes
type : blkcipher
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 0
geniv : <default>

name : cast6
driver : cast6-generic
module : cast6_generic
priority : 100
refcnt : 1
selftest : passed
internal : no
type : cipher
blocksize : 16
min keysize : 16
max keysize : 32

name : ctr(cast5)
driver : ctr-cast5-avx
module : cast5_avx_x86_64
priority : 200
refcnt : 1
selftest : passed
internal : no
type : ablkcipher
async : yes
blocksize : 1
min keysize : 5
max keysize : 16
ivsize : 8
geniv : chainiv

name : cbc(cast5)
driver : cbc-cast5-avx
module : cast5_avx_x86_64
priority : 200
refcnt : 1
selftest : passed
internal : no
type : ablkcipher
async : yes
blocksize : 8
min keysize : 5
max keysize : 16
ivsize : 8
geniv : <default>

name : __ecb-cast5-avx
driver : cryptd(__driver-ecb-cast5-avx)
module : cryptd
priority : 50
refcnt : 1
selftest : passed
internal : yes
type : ablkcipher
async : yes
blocksize : 8
min keysize : 5
max keysize : 16
ivsize : 0
geniv : <default>

name : ecb(cast5)
driver : ecb-cast5-avx
module : cast5_avx_x86_64
priority : 200
refcnt : 1
selftest : passed
internal : no
type : ablkcipher
async : yes
blocksize : 8
min keysize : 5
max keysize : 16
ivsize : 0
geniv : <default>

name : __ctr-cast5-avx
driver : __driver-ctr-cast5-avx
module : cast5_avx_x86_64
priority : 0
refcnt : 1
selftest : passed
internal : yes
type : blkcipher
blocksize : 1
min keysize : 5
max keysize : 16
ivsize : 8
geniv : <default>

name : __cbc-cast5-avx
driver : __driver-cbc-cast5-avx
module : cast5_avx_x86_64
priority : 0
refcnt : 1
selftest : passed
internal : yes
type : blkcipher
blocksize : 8
min keysize : 5
max keysize : 16
ivsize : 0
geniv : <default>

name : __ecb-cast5-avx
driver : __driver-ecb-cast5-avx
module : cast5_avx_x86_64
priority : 0
refcnt : 1
selftest : passed
internal : yes
type : blkcipher
blocksize : 8
min keysize : 5
max keysize : 16
ivsize : 0
geniv : <default>

name : cast5
driver : cast5-generic
module : cast5_generic
priority : 100
refcnt : 1
selftest : passed
internal : no
type : cipher
blocksize : 8
min keysize : 5
max keysize : 16

name : deflate
driver : deflate-generic
module : deflate
priority : 0
refcnt : 1
selftest : passed
internal : no
type : compression

name : xts(serpent)
driver : xts-serpent-avx2
module : serpent_avx2
priority : 600
refcnt : 1
selftest : passed
internal : no
type : ablkcipher
async : yes
blocksize : 16
min keysize : 0
max keysize : 64
ivsize : 16
geniv : <default>

name : lrw(serpent)
driver : lrw-serpent-avx2
module : serpent_avx2
priority : 600
refcnt : 1
selftest : passed
internal : no
type : ablkcipher
async : yes
blocksize : 16
min keysize : 16
max keysize : 48
ivsize : 16
geniv : <default>

name : ctr(serpent)
driver : ctr-serpent-avx2
module : serpent_avx2
priority : 600
refcnt : 1
selftest : passed
internal : no
type : ablkcipher
async : yes
blocksize : 1
min keysize : 0
max keysize : 32
ivsize : 16
geniv : chainiv

name : cbc(serpent)
driver : cbc-serpent-avx2
module : serpent_avx2
priority : 600
refcnt : 1
selftest : passed
internal : no
type : ablkcipher
async : yes
blocksize : 16
min keysize : 0
max keysize : 32
ivsize : 16
geniv : <default>

name : __ecb-serpent-avx2
driver : cryptd(__driver-ecb-serpent-avx2)
module : cryptd
priority : 50
refcnt : 1
selftest : passed
internal : yes
type : ablkcipher
async : yes
blocksize : 16
min keysize : 0
max keysize : 32
ivsize : 0
geniv : <default>

name : ecb(serpent)
driver : ecb-serpent-avx2
module : serpent_avx2
priority : 600
refcnt : 1
selftest : passed
internal : no
type : ablkcipher
async : yes
blocksize : 16
min keysize : 0
max keysize : 32
ivsize : 0
geniv : <default>

name : __xts-serpent-avx2
driver : __driver-xts-serpent-avx2
module : serpent_avx2
priority : 0
refcnt : 1
selftest : passed
internal : yes
type : blkcipher
blocksize : 16
min keysize : 0
max keysize : 64
ivsize : 16
geniv : <default>

name : __lrw-serpent-avx2
driver : __driver-lrw-serpent-avx2
module : serpent_avx2
priority : 0
refcnt : 1
selftest : passed
internal : yes
type : blkcipher
blocksize : 16
min keysize : 16
max keysize : 48
ivsize : 16
geniv : <default>

name : __ctr-serpent-avx2
driver : __driver-ctr-serpent-avx2
module : serpent_avx2
priority : 0
refcnt : 1
selftest : passed
internal : yes
type : blkcipher
blocksize : 1
min keysize : 0
max keysize : 32
ivsize : 16
geniv : <default>

name : __cbc-serpent-avx2
driver : __driver-cbc-serpent-avx2
module : serpent_avx2
priority : 0
refcnt : 1
selftest : passed
internal : yes
type : blkcipher
blocksize : 16
min keysize : 0
max keysize : 32
ivsize : 0
geniv : <default>

name : __ecb-serpent-avx2
driver : __driver-ecb-serpent-avx2
module : serpent_avx2
priority : 0
refcnt : 1
selftest : passed
internal : yes
type : blkcipher
blocksize : 16
min keysize : 0
max keysize : 32
ivsize : 0
geniv : <default>

name : xts(serpent)
driver : xts-serpent-avx
module : serpent_avx_x86_64
priority : 500
refcnt : 1
selftest : passed
internal : no
type : ablkcipher
async : yes
blocksize : 16
min keysize : 0
max keysize : 64
ivsize : 16
geniv : <default>

name : lrw(serpent)
driver : lrw-serpent-avx
module : serpent_avx_x86_64
priority : 500
refcnt : 1
selftest : passed
internal : no
type : ablkcipher
async : yes
blocksize : 16
min keysize : 16
max keysize : 48
ivsize : 16
geniv : <default>

name : ctr(serpent)
driver : ctr-serpent-avx
module : serpent_avx_x86_64
priority : 500
refcnt : 1
selftest : passed
internal : no
type : ablkcipher
async : yes
blocksize : 1
min keysize : 0
max keysize : 32
ivsize : 16
geniv : chainiv

name : cbc(serpent)
driver : cbc-serpent-avx
module : serpent_avx_x86_64
priority : 500
refcnt : 1
selftest : passed
internal : no
type : ablkcipher
async : yes
blocksize : 16
min keysize : 0
max keysize : 32
ivsize : 16
geniv : <default>

name : __ecb-serpent-avx
driver : cryptd(__driver-ecb-serpent-avx)
module : cryptd
priority : 50
refcnt : 1
selftest : passed
internal : yes
type : ablkcipher
async : yes
blocksize : 16
min keysize : 0
max keysize : 32
ivsize : 0
geniv : <default>

name : ecb(serpent)
driver : ecb-serpent-avx
module : serpent_avx_x86_64
priority : 500
refcnt : 1
selftest : passed
internal : no
type : ablkcipher
async : yes
blocksize : 16
min keysize : 0
max keysize : 32
ivsize : 0
geniv : <default>

name : __xts-serpent-avx
driver : __driver-xts-serpent-avx
module : serpent_avx_x86_64
priority : 0
refcnt : 1
selftest : passed
internal : yes
type : blkcipher
blocksize : 16
min keysize : 0
max keysize : 64
ivsize : 16
geniv : <default>

name : __lrw-serpent-avx
driver : __driver-lrw-serpent-avx
module : serpent_avx_x86_64
priority : 0
refcnt : 1
selftest : passed
internal : yes
type : blkcipher
blocksize : 16
min keysize : 16
max keysize : 48
ivsize : 16
geniv : <default>

name : __ctr-serpent-avx
driver : __driver-ctr-serpent-avx
module : serpent_avx_x86_64
priority : 0
refcnt : 1
selftest : passed
internal : yes
type : blkcipher
blocksize : 1
min keysize : 0
max keysize : 32
ivsize : 16
geniv : <default>

name : __cbc-serpent-avx
driver : __driver-cbc-serpent-avx
module : serpent_avx_x86_64
priority : 0
refcnt : 1
selftest : passed
internal : yes
type : blkcipher
blocksize : 16
min keysize : 0
max keysize : 32
ivsize : 0
geniv : <default>

name : __ecb-serpent-avx
driver : __driver-ecb-serpent-avx
module : serpent_avx_x86_64
priority : 0
refcnt : 1
selftest : passed
internal : yes
type : blkcipher
blocksize : 16
min keysize : 0
max keysize : 32
ivsize : 0
geniv : <default>

name : xts(serpent)
driver : xts-serpent-sse2
module : serpent_sse2_x86_64
priority : 400
refcnt : 1
selftest : passed
internal : no
type : ablkcipher
async : yes
blocksize : 16
min keysize : 0
max keysize : 64
ivsize : 16
geniv : <default>

name : lrw(serpent)
driver : lrw-serpent-sse2
module : serpent_sse2_x86_64
priority : 400
refcnt : 1
selftest : passed
internal : no
type : ablkcipher
async : yes
blocksize : 16
min keysize : 16
max keysize : 48
ivsize : 16
geniv : <default>

name : ctr(serpent)
driver : ctr-serpent-sse2
module : serpent_sse2_x86_64
priority : 400
refcnt : 1
selftest : passed
internal : no
type : ablkcipher
async : yes
blocksize : 1
min keysize : 0
max keysize : 32
ivsize : 16
geniv : chainiv

name : cbc(serpent)
driver : cbc-serpent-sse2
module : serpent_sse2_x86_64
priority : 400
refcnt : 1
selftest : passed
internal : no
type : ablkcipher
async : yes
blocksize : 16
min keysize : 0
max keysize : 32
ivsize : 16
geniv : <default>

name : __ecb-serpent-sse2
driver : cryptd(__driver-ecb-serpent-sse2)
module : cryptd
priority : 50
refcnt : 1
selftest : passed
internal : yes
type : ablkcipher
async : yes
blocksize : 16
min keysize : 0
max keysize : 32
ivsize : 0
geniv : <default>

name : ecb(serpent)
driver : ecb-serpent-sse2
module : serpent_sse2_x86_64
priority : 400
refcnt : 1
selftest : passed
internal : no
type : ablkcipher
async : yes
blocksize : 16
min keysize : 0
max keysize : 32
ivsize : 0
geniv : <default>

name : __xts-serpent-sse2
driver : __driver-xts-serpent-sse2
module : serpent_sse2_x86_64
priority : 0
refcnt : 1
selftest : passed
internal : yes
type : blkcipher
blocksize : 16
min keysize : 0
max keysize : 64
ivsize : 16
geniv : <default>

name : __lrw-serpent-sse2
driver : __driver-lrw-serpent-sse2
module : serpent_sse2_x86_64
priority : 0
refcnt : 1
selftest : passed
internal : yes
type : blkcipher
blocksize : 16
min keysize : 16
max keysize : 48
ivsize : 16
geniv : <default>

name : __ctr-serpent-sse2
driver : __driver-ctr-serpent-sse2
module : serpent_sse2_x86_64
priority : 0
refcnt : 1
selftest : passed
internal : yes
type : blkcipher
blocksize : 1
min keysize : 0
max keysize : 32
ivsize : 16
geniv : <default>

name : __cbc-serpent-sse2
driver : __driver-cbc-serpent-sse2
module : serpent_sse2_x86_64
priority : 0
refcnt : 1
selftest : passed
internal : yes
type : blkcipher
blocksize : 16
min keysize : 0
max keysize : 32
ivsize : 0
geniv : <default>

name : __ecb-serpent-sse2
driver : __driver-ecb-serpent-sse2
module : serpent_sse2_x86_64
priority : 0
refcnt : 1
selftest : passed
internal : yes
type : blkcipher
blocksize : 16
min keysize : 0
max keysize : 32
ivsize : 0
geniv : <default>

name : tnepres
driver : tnepres-generic
module : serpent_generic
priority : 0
refcnt : 1
selftest : passed
internal : no
type : cipher
blocksize : 16
min keysize : 0
max keysize : 32

name : serpent
driver : serpent-generic
module : serpent_generic
priority : 100
refcnt : 1
selftest : passed
internal : no
type : cipher
blocksize : 16
min keysize : 0
max keysize : 32

name : blowfish
driver : blowfish-generic
module : blowfish_generic
priority : 100
refcnt : 1
selftest : passed
internal : no
type : cipher
blocksize : 8
min keysize : 4
max keysize : 56

name : ctr(blowfish)
driver : ctr-blowfish-asm
module : blowfish_x86_64
priority : 300
refcnt : 1
selftest : passed
internal : no
type : blkcipher
blocksize : 1
min keysize : 4
max keysize : 56
ivsize : 8
geniv : <default>

name : cbc(blowfish)
driver : cbc-blowfish-asm
module : blowfish_x86_64
priority : 300
refcnt : 1
selftest : passed
internal : no
type : blkcipher
blocksize : 8
min keysize : 4
max keysize : 56
ivsize : 8
geniv : <default>

name : ecb(blowfish)
driver : ecb-blowfish-asm
module : blowfish_x86_64
priority : 300
refcnt : 1
selftest : passed
internal : no
type : blkcipher
blocksize : 8
min keysize : 4
max keysize : 56
ivsize : 0
geniv : <default>

name : blowfish
driver : blowfish-asm
module : blowfish_x86_64
priority : 200
refcnt : 1
selftest : passed
internal : no
type : cipher
blocksize : 8
min keysize : 4
max keysize : 56

name : twofish
driver : twofish-generic
module : twofish_generic
priority : 100
refcnt : 1
selftest : passed
internal : no
type : cipher
blocksize : 16
min keysize : 16
max keysize : 32

name : xts(twofish)
driver : xts-twofish-avx
module : twofish_avx_x86_64
priority : 400
refcnt : 1
selftest : passed
internal : no
type : ablkcipher
async : yes
blocksize : 16
min keysize : 32
max keysize : 64
ivsize : 16
geniv : <default>

name : lrw(twofish)
driver : lrw-twofish-avx
module : twofish_avx_x86_64
priority : 400
refcnt : 1
selftest : passed
internal : no
type : ablkcipher
async : yes
blocksize : 16
min keysize : 32
max keysize : 48
ivsize : 16
geniv : <default>

name : ctr(twofish)
driver : ctr-twofish-avx
module : twofish_avx_x86_64
priority : 400
refcnt : 1
selftest : passed
internal : no
type : ablkcipher
async : yes
blocksize : 1
min keysize : 16
max keysize : 32
ivsize : 16
geniv : chainiv

name : cbc(twofish)
driver : cbc-twofish-avx
module : twofish_avx_x86_64
priority : 400
refcnt : 1
selftest : passed
internal : no
type : ablkcipher
async : yes
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 16
geniv : <default>

name : __ecb-twofish-avx
driver : cryptd(__driver-ecb-twofish-avx)
module : cryptd
priority : 50
refcnt : 1
selftest : passed
internal : yes
type : ablkcipher
async : yes
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 0
geniv : <default>

name : ecb(twofish)
driver : ecb-twofish-avx
module : twofish_avx_x86_64
priority : 400
refcnt : 1
selftest : passed
internal : no
type : ablkcipher
async : yes
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 0
geniv : <default>

name : __xts-twofish-avx
driver : __driver-xts-twofish-avx
module : twofish_avx_x86_64
priority : 0
refcnt : 1
selftest : passed
internal : yes
type : blkcipher
blocksize : 16
min keysize : 32
max keysize : 64
ivsize : 16
geniv : <default>

name : __lrw-twofish-avx
driver : __driver-lrw-twofish-avx
module : twofish_avx_x86_64
priority : 0
refcnt : 1
selftest : passed
internal : yes
type : blkcipher
blocksize : 16
min keysize : 32
max keysize : 48
ivsize : 16
geniv : <default>

name : __ctr-twofish-avx
driver : __driver-ctr-twofish-avx
module : twofish_avx_x86_64
priority : 0
refcnt : 1
selftest : passed
internal : yes
type : blkcipher
blocksize : 1
min keysize : 16
max keysize : 32
ivsize : 16
geniv : <default>

name : __cbc-twofish-avx
driver : __driver-cbc-twofish-avx
module : twofish_avx_x86_64
priority : 0
refcnt : 1
selftest : passed
internal : yes
type : blkcipher
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 0
geniv : <default>

name : __ecb-twofish-avx
driver : __driver-ecb-twofish-avx
module : twofish_avx_x86_64
priority : 0
refcnt : 1
selftest : passed
internal : yes
type : blkcipher
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 0
geniv : <default>

name : xts(twofish)
driver : xts-twofish-3way
module : twofish_x86_64_3way
priority : 300
refcnt : 1
selftest : passed
internal : no
type : blkcipher
blocksize : 16
min keysize : 32
max keysize : 64
ivsize : 16
geniv : <default>

name : lrw(twofish)
driver : lrw-twofish-3way
module : twofish_x86_64_3way
priority : 300
refcnt : 1
selftest : passed
internal : no
type : blkcipher
blocksize : 16
min keysize : 32
max keysize : 48
ivsize : 16
geniv : <default>

name : ctr(twofish)
driver : ctr-twofish-3way
module : twofish_x86_64_3way
priority : 300
refcnt : 1
selftest : passed
internal : no
type : blkcipher
blocksize : 1
min keysize : 16
max keysize : 32
ivsize : 16
geniv : <default>

name : cbc(twofish)
driver : cbc-twofish-3way
module : twofish_x86_64_3way
priority : 300
refcnt : 1
selftest : passed
internal : no
type : blkcipher
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 16
geniv : <default>

name : ecb(twofish)
driver : ecb-twofish-3way
module : twofish_x86_64_3way
priority : 300
refcnt : 1
selftest : passed
internal : no
type : blkcipher
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 0
geniv : <default>

name : twofish
driver : twofish-asm
module : twofish_x86_64
priority : 200
refcnt : 1
selftest : passed
internal : no
type : cipher
blocksize : 16
min keysize : 16
max keysize : 32

name : sha224
driver : sha224-avx2
module : sha256_ssse3
priority : 170
refcnt : 1
selftest : passed
internal : no
type : shash
blocksize : 64
digestsize : 28

name : sha256
driver : sha256-avx2
module : sha256_ssse3
priority : 170
refcnt : 1
selftest : passed
internal : no
type : shash
blocksize : 64
digestsize : 32

name : sha224
driver : sha224-avx
module : sha256_ssse3
priority : 160
refcnt : 1
selftest : passed
internal : no
type : shash
blocksize : 64
digestsize : 28

name : sha256
driver : sha256-avx
module : sha256_ssse3
priority : 160
refcnt : 1
selftest : passed
internal : no
type : shash
blocksize : 64
digestsize : 32

name : sha224
driver : sha224-ssse3
module : sha256_ssse3
priority : 150
refcnt : 1
selftest : passed
internal : no
type : shash
blocksize : 64
digestsize : 28

name : sha256
driver : sha256-ssse3
module : sha256_ssse3
priority : 150
refcnt : 1
selftest : passed
internal : no
type : shash
blocksize : 64
digestsize : 32

name : sha384
driver : sha384-avx2
module : sha512_ssse3
priority : 170
refcnt : 1
selftest : passed
internal : no
type : shash
blocksize : 128
digestsize : 48

name : sha512
driver : sha512-avx2
module : sha512_ssse3
priority : 170
refcnt : 1
selftest : passed
internal : no
type : shash
blocksize : 128
digestsize : 64

name : sha384
driver : sha384-avx
module : sha512_ssse3
priority : 160
refcnt : 1
selftest : passed
internal : no
type : shash
blocksize : 128
digestsize : 48

name : sha512
driver : sha512-avx
module : sha512_ssse3
priority : 160
refcnt : 1
selftest : passed
internal : no
type : shash
blocksize : 128
digestsize : 64

name : sha384
driver : sha384-ssse3
module : sha512_ssse3
priority : 150
refcnt : 1
selftest : passed
internal : no
type : shash
blocksize : 128
digestsize : 48

name : sha512
driver : sha512-ssse3
module : sha512_ssse3
priority : 150
refcnt : 1
selftest : passed
internal : no
type : shash
blocksize : 128
digestsize : 64

name : sha384
driver : sha384-generic
module : sha512_generic
priority : 0
refcnt : 1
selftest : passed
internal : no
type : shash
blocksize : 128
digestsize : 48

name : sha512
driver : sha512-generic
module : sha512_generic
priority : 0
refcnt : 1
selftest : passed
internal : no
type : shash
blocksize : 128
digestsize : 64

name : des3_ede
driver : des3_ede-generic
module : des_generic
priority : 100
refcnt : 1
selftest : passed
internal : no
type : cipher
blocksize : 8
min keysize : 24
max keysize : 24

name : des
driver : des-generic
module : des_generic
priority : 100
refcnt : 1
selftest : passed
internal : no
type : cipher
blocksize : 8
min keysize : 8
max keysize : 8

name : __ctr-aes-aesni
driver : cryptd(__driver-ctr-aes-aesni)
module : cryptd
priority : 50
refcnt : 1
selftest : passed
internal : yes
type : ablkcipher
async : yes
blocksize : 1
min keysize : 16
max keysize : 32
ivsize : 16
geniv : <default>

name : stdrng
driver : drbg_nopr_hmac_sha256
module : drbg
priority : 221
refcnt : 2
selftest : passed
internal : no
type : rng
seedsize : 0

name : stdrng
driver : drbg_nopr_hmac_sha512
module : drbg
priority : 220
refcnt : 1
selftest : passed
internal : no
type : rng
seedsize : 0

name : stdrng
driver : drbg_nopr_hmac_sha384
module : drbg
priority : 219
refcnt : 1
selftest : passed
internal : no
type : rng
seedsize : 0

name : stdrng
driver : drbg_nopr_hmac_sha1
module : drbg
priority : 218
refcnt : 1
selftest : passed
internal : no
type : rng
seedsize : 0

name : stdrng
driver : drbg_nopr_sha256
module : drbg
priority : 217
refcnt : 1
selftest : passed
internal : no
type : rng
seedsize : 0

name : stdrng
driver : drbg_nopr_sha512
module : drbg
priority : 216
refcnt : 1
selftest : passed
internal : no
type : rng
seedsize : 0

name : stdrng
driver : drbg_nopr_sha384
module : drbg
priority : 215
refcnt : 1
selftest : passed
internal : no
type : rng
seedsize : 0

name : stdrng
driver : drbg_nopr_sha1
module : drbg
priority : 214
refcnt : 1
selftest : passed
internal : no
type : rng
seedsize : 0

name : stdrng
driver : drbg_nopr_ctr_aes256
module : drbg
priority : 213
refcnt : 1
selftest : passed
internal : no
type : rng
seedsize : 0

name : stdrng
driver : drbg_nopr_ctr_aes192
module : drbg
priority : 212
refcnt : 1
selftest : passed
internal : no
type : rng
seedsize : 0

name : stdrng
driver : drbg_nopr_ctr_aes128
module : drbg
priority : 211
refcnt : 1
selftest : passed
internal : no
type : rng
seedsize : 0

name : stdrng
driver : drbg_pr_hmac_sha256
module : drbg
priority : 210
refcnt : 1
selftest : passed
internal : no
type : rng
seedsize : 0

name : stdrng
driver : drbg_pr_hmac_sha512
module : drbg
priority : 209
refcnt : 1
selftest : passed
internal : no
type : rng
seedsize : 0

name : stdrng
driver : drbg_pr_hmac_sha384
module : drbg
priority : 208
refcnt : 1
selftest : passed
internal : no
type : rng
seedsize : 0

name : stdrng
driver : drbg_pr_hmac_sha1
module : drbg
priority : 207
refcnt : 1
selftest : passed
internal : no
type : rng
seedsize : 0

name : stdrng
driver : drbg_pr_sha256
module : drbg
priority : 206
refcnt : 1
selftest : passed
internal : no
type : rng
seedsize : 0

name : stdrng
driver : drbg_pr_sha512
module : drbg
priority : 205
refcnt : 1
selftest : passed
internal : no
type : rng
seedsize : 0

name : stdrng
driver : drbg_pr_sha384
module : drbg
priority : 204
refcnt : 1
selftest : passed
internal : no
type : rng
seedsize : 0

name : stdrng
driver : drbg_pr_sha1
module : drbg
priority : 203
refcnt : 1
selftest : passed
internal : no
type : rng
seedsize : 0

name : stdrng
driver : drbg_pr_ctr_aes256
module : drbg
priority : 202
refcnt : 1
selftest : passed
internal : no
type : rng
seedsize : 0

name : stdrng
driver : drbg_pr_ctr_aes192
module : drbg
priority : 201
refcnt : 1
selftest : passed
internal : no
type : rng
seedsize : 0

name : stdrng
driver : drbg_pr_ctr_aes128
module : drbg
priority : 200
refcnt : 1
selftest : passed
internal : no
type : rng
seedsize : 0

name : fips(ansi_cprng)
driver : fips_ansi_cprng
module : ansi_cprng
priority : 300
refcnt : 1
selftest : passed
internal : no
type : rng
seedsize : 48

name : stdrng
driver : ansi_cprng
module : ansi_cprng
priority : 100
refcnt : 1
selftest : passed
internal : no
type : rng
seedsize : 48

name : ctr(aes)
driver : ctr-aes-aesni
module : kernel
priority : 400
refcnt : 1
selftest : passed
internal : no
type : givcipher
async : yes
blocksize : 1
min keysize : 16
max keysize : 32
ivsize : 16
geniv : chainiv

name : __gcm-aes-aesni
driver : cryptd(__driver-gcm-aes-aesni)
module : cryptd
priority : 50
refcnt : 1
selftest : passed
internal : yes
type : aead
async : yes
blocksize : 1
ivsize : 8
maxauthsize : 16
geniv : <none>

name : rfc4106(gcm(aes))
driver : rfc4106-gcm-aesni
module : aesni_intel
priority : 400
refcnt : 1
selftest : passed
internal : no
type : aead
async : yes
blocksize : 1
ivsize : 8
maxauthsize : 16
geniv : <none>

name : __gcm-aes-aesni
driver : __driver-gcm-aes-aesni
module : aesni_intel
priority : 0
refcnt : 1
selftest : passed
internal : yes
type : aead
async : no
blocksize : 1
ivsize : 8
maxauthsize : 16
geniv : <none>

name : xts(aes)
driver : xts-aes-aesni
module : aesni_intel
priority : 400
refcnt : 1
selftest : passed
internal : no
type : ablkcipher
async : yes
blocksize : 16
min keysize : 32
max keysize : 64
ivsize : 16
geniv : <default>

name : lrw(aes)
driver : lrw-aes-aesni
module : aesni_intel
priority : 400
refcnt : 1
selftest : passed
internal : no
type : ablkcipher
async : yes
blocksize : 16
min keysize : 32
max keysize : 48
ivsize : 16
geniv : <default>

name : __xts-aes-aesni
driver : __driver-xts-aes-aesni
module : aesni_intel
priority : 0
refcnt : 1
selftest : passed
internal : yes
type : blkcipher
blocksize : 16
min keysize : 32
max keysize : 64
ivsize : 16
geniv : <default>

name : __lrw-aes-aesni
driver : __driver-lrw-aes-aesni
module : aesni_intel
priority : 0
refcnt : 1
selftest : passed
internal : yes
type : blkcipher
blocksize : 16
min keysize : 32
max keysize : 48
ivsize : 16
geniv : <default>

name : pcbc(aes)
driver : pcbc-aes-aesni
module : aesni_intel
priority : 400
refcnt : 1
selftest : passed
internal : no
type : ablkcipher
async : yes
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 16
geniv : <default>

name : ctr(aes)
driver : ctr-aes-aesni
module : aesni_intel
priority : 400
refcnt : 1
selftest : passed
internal : no
type : ablkcipher
async : yes
blocksize : 1
min keysize : 16
max keysize : 32
ivsize : 16
geniv : chainiv

name : __ctr-aes-aesni
driver : __driver-ctr-aes-aesni
module : aesni_intel
priority : 0
refcnt : 1
selftest : passed
internal : yes
type : blkcipher
blocksize : 1
min keysize : 16
max keysize : 32
ivsize : 16
geniv : <default>

name : cbc(aes)
driver : cbc-aes-aesni
module : aesni_intel
priority : 400
refcnt : 9
selftest : passed
internal : no
type : ablkcipher
async : yes
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 16
geniv : <default>

name : __ecb-aes-aesni
driver : cryptd(__driver-ecb-aes-aesni)
module : cryptd
priority : 50
refcnt : 1
selftest : passed
internal : yes
type : ablkcipher
async : yes
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 0
geniv : <default>

name : ecb(aes)
driver : ecb-aes-aesni
module : aesni_intel
priority : 400
refcnt : 1
selftest : passed
internal : no
type : ablkcipher
async : yes
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 0
geniv : <default>

name : __cbc-aes-aesni
driver : __driver-cbc-aes-aesni
module : aesni_intel
priority : 0
refcnt : 9
selftest : passed
internal : yes
type : blkcipher
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 0
geniv : <default>

name : __ecb-aes-aesni
driver : __driver-ecb-aes-aesni
module : aesni_intel
priority : 0
refcnt : 1
selftest : passed
internal : yes
type : blkcipher
blocksize : 16
min keysize : 16
max keysize : 32
ivsize : 0
geniv : <default>

name : __aes-aesni
driver : __driver-aes-aesni
module : aesni_intel
priority : 0
refcnt : 1
selftest : passed
internal : yes
type : cipher
blocksize : 16
min keysize : 16
max keysize : 32

name : aes
driver : aes-aesni
module : aesni_intel
priority : 300
refcnt : 1
selftest : passed
internal : no
type : cipher
blocksize : 16
min keysize : 16
max keysize : 32

name : aes
driver : aes-asm
module : aes_x86_64
priority : 200
refcnt : 1
selftest : passed
internal : no
type : cipher
blocksize : 16
min keysize : 16
max keysize : 32

name : lzo
driver : lzo-generic
module : kernel
priority : 0
refcnt : 1
selftest : passed
internal : no
type : compression

name : crct10dif
driver : crct10dif-generic
module : kernel
priority : 100
refcnt : 2
selftest : passed
internal : no
type : shash
blocksize : 1
digestsize : 2

name : crc32c
driver : crc32c-generic
module : kernel
priority : 100
refcnt : 1
selftest : passed
internal : no
type : shash
blocksize : 1
digestsize : 4

name : aes
driver : aes-generic
module : kernel
priority : 100
refcnt : 1
selftest : passed
internal : no
type : cipher
blocksize : 16
min keysize : 16
max keysize : 32

name : sha224
driver : sha224-generic
module : kernel
priority : 0
refcnt : 1
selftest : passed
internal : no
type : shash
blocksize : 64
digestsize : 28

name : sha256
driver : sha256-generic
module : kernel
priority : 0
refcnt : 2
selftest : passed
internal : no
type : shash
blocksize : 64
digestsize : 32

name : sha1
driver : sha1-generic
module : kernel
priority : 0
refcnt : 1
selftest : passed
internal : no
type : shash
blocksize : 64
digestsize : 20

name : md5
driver : md5-generic
module : kernel
priority : 0
refcnt : 1
selftest : passed
internal : no
type : shash
blocksize : 64
digestsize : 16

name : digest_null
driver : digest_null-generic
module : kernel
priority : 0
refcnt : 1
selftest : passed
internal : no
type : shash
blocksize : 1
digestsize : 0

name : compress_null
driver : compress_null-generic
module : kernel
priority : 0
refcnt : 1
selftest : passed
internal : no
type : compression

name : ecb(cipher_null)
driver : ecb-cipher_null
module : kernel
priority : 100
refcnt : 2
selftest : passed
internal : no
type : blkcipher
blocksize : 1
min keysize : 0
max keysize : 0
ivsize : 0
geniv : <default>

name : cipher_null
driver : cipher_null-generic
module : kernel
priority : 0
refcnt : 1
selftest : passed
internal : no
type : cipher
blocksize : 1
min keysize : 0
max keysize : 0

+ __________________________/proc/sys/net/core/xfrm-star
/usr/libexec/ipsec/barf: line 206: __________________________/proc/sys/net/core/xfrm-star: No such file or directory
+ for i in '/proc/sys/net/core/xfrm_*'
+ echo -n '/proc/sys/net/core/xfrm_acq_expires: '
/proc/sys/net/core/xfrm_acq_expires: + cat /proc/sys/net/core/xfrm_acq_expires
300
+ for i in '/proc/sys/net/core/xfrm_*'
+ echo -n '/proc/sys/net/core/xfrm_aevent_etime: '
/proc/sys/net/core/xfrm_aevent_etime: + cat /proc/sys/net/core/xfrm_aevent_etime
10
+ for i in '/proc/sys/net/core/xfrm_*'
+ echo -n '/proc/sys/net/core/xfrm_aevent_rseqth: '
/proc/sys/net/core/xfrm_aevent_rseqth: + cat /proc/sys/net/core/xfrm_aevent_rseqth
2
+ for i in '/proc/sys/net/core/xfrm_*'
+ echo -n '/proc/sys/net/core/xfrm_larval_drop: '
/proc/sys/net/core/xfrm_larval_drop: + cat /proc/sys/net/core/xfrm_larval_drop
1
+ _________________________ /proc/sys/net/ipsec-star
+ test -d /proc/sys/net/ipsec
+ _________________________ ipsec/status
+ ipsec whack --status
000 using kernel interface: netkey
000 interface lo/lo ::***@500
000 interface lo/lo ***@4500
000 interface lo/lo ***@500
000 interface eth0/eth0 ***@4500
000 interface eth0/eth0 ***@500
000 interface eth0/eth0 ***@4500
000 interface eth0/eth0 ***@500
000 interface eth0/eth0 ***@4500
000 interface eth0/eth0 ***@500
000 interface eth0/eth0 ***@4500
000 interface eth0/eth0 ***@500
000 interface eth0/eth0 ***@4500
000 interface eth0/eth0 ***@500
000 interface eth0/eth0 ***@4500
000 interface eth0/eth0 ***@500
000 interface eth0/eth0 ***@4500
000 interface eth0/eth0 ***@500
000 interface eth0/eth0 ***@4500
000 interface eth0/eth0 ***@500
000
000
000 fips mode=disabled;
000 SElinux=disabled
000 seccomp=unsupported
000
000 config setup options:
000
000 configdir=/etc, configfile=/etc/ipsec.conf, secrets=/etc/ipsec.secrets, ipsecdir=/etc/ipsec.d, nssdir=/etc/ipsec.d, dumpdir=/var/run/pluto, statsbin=unset
000 sbindir=/usr/sbin, libexecdir=/usr/libexec/ipsec
000 pluto_version=3.master-201646.git, pluto_vendorid=OE-Libreswan-3.master-201646.git
000 nhelpers=-1, uniqueids=yes, perpeerlog=no, shuntlifetime=900s, xfrmlifetime=300s
000 ddos-cookies-threshold=50000, ddos-max-halfopen=25000, ddos-mode=auto
000 ikeport=500, strictcrlpolicy=no, crlcheckinterval=0, listen=<any>, nflog-all=0
000 ocsp-enable=no, ocsp-strict=no, ocsp-timeout=2, ocsp-uri=<unset>
000 ocsp-trust-name=<unset>
000 ocsp-cache-size=1000, ocsp-cache-min-age=3600, ocsp-cache-max-age=86400, ocsp-method=get
000 secctx-attr-type=32001
000 myid = (none)
000 debug none
000
000 nat-traversal=yes, keep-alive=20, nat-ikeport=4500
000 virtual-private (%priv):
000
000 ESP algorithms supported:
000
000 algorithm ESP encrypt: id=3, name=ESP_3DES, ivlen=8, keysizemin=192, keysizemax=192
000 algorithm ESP encrypt: id=6, name=ESP_CAST, ivlen=8, keysizemin=128, keysizemax=128
000 algorithm ESP encrypt: id=11, name=ESP_NULL, ivlen=0, keysizemin=0, keysizemax=0
000 algorithm ESP encrypt: id=12, name=ESP_AES, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=13, name=ESP_AES_CTR, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=14, name=ESP_AES_CCM_A, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=15, name=ESP_AES_CCM_B, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=16, name=ESP_AES_CCM_C, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=18, name=ESP_AES_GCM_A, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=19, name=ESP_AES_GCM_B, ivlen=12, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=20, name=ESP_AES_GCM_C, ivlen=16, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=22, name=ESP_CAMELLIA, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=252, name=ESP_SERPENT, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm ESP encrypt: id=253, name=ESP_TWOFISH, ivlen=8, keysizemin=128, keysizemax=256
000 algorithm AH/ESP auth: id=1, name=AUTH_ALGORITHM_HMAC_MD5, keysizemin=128, keysizemax=128
000 algorithm AH/ESP auth: id=2, name=AUTH_ALGORITHM_HMAC_SHA1, keysizemin=160, keysizemax=160
000 algorithm AH/ESP auth: id=5, name=AUTH_ALGORITHM_HMAC_SHA2_256, keysizemin=256, keysizemax=256
000 algorithm AH/ESP auth: id=6, name=AUTH_ALGORITHM_HMAC_SHA2_384, keysizemin=384, keysizemax=384
000 algorithm AH/ESP auth: id=7, name=AUTH_ALGORITHM_HMAC_SHA2_512, keysizemin=512, keysizemax=512
000 algorithm AH/ESP auth: id=8, name=AUTH_ALGORITHM_HMAC_RIPEMD, keysizemin=160, keysizemax=160
000 algorithm AH/ESP auth: id=9, name=AUTH_ALGORITHM_AES_XCBC, keysizemin=128, keysizemax=128
000 algorithm AH/ESP auth: id=250, name=AUTH_ALGORITHM_AES_CMAC_96, keysizemin=128, keysizemax=128
000 algorithm AH/ESP auth: id=251, name=AUTH_ALGORITHM_NULL_KAME, keysizemin=0, keysizemax=0
000
000 IKE algorithms supported:
000
000 algorithm IKE encrypt: v1id=5, v1name=OAKLEY_3DES_CBC, v2id=3, v2name=3DES, blocksize=8, keydeflen=192
000 algorithm IKE encrypt: v1id=8, v1name=OAKLEY_CAMELLIA_CBC, v2id=23, v2name=CAMELLIA_CBC, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: v1id=20, v1name=OAKLEY_AES_GCM_C, v2id=20, v2name=AES_GCM_C, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: v1id=19, v1name=OAKLEY_AES_GCM_B, v2id=19, v2name=AES_GCM_B, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: v1id=18, v1name=OAKLEY_AES_GCM_A, v2id=18, v2name=AES_GCM_A, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: v1id=13, v1name=OAKLEY_AES_CTR, v2id=13, v2name=AES_CTR, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: v1id=7, v1name=OAKLEY_AES_CBC, v2id=12, v2name=AES_CBC, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: v1id=65004, v1name=OAKLEY_SERPENT_CBC, v2id=65004, v2name=SERPENT_CBC, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: v1id=65005, v1name=OAKLEY_TWOFISH_CBC, v2id=65005, v2name=TWOFISH_CBC, blocksize=16, keydeflen=128
000 algorithm IKE encrypt: v1id=65289, v1name=OAKLEY_TWOFISH_CBC_SSH, v2id=65289, v2name=TWOFISH_CBC_SSH, blocksize=16, keydeflen=128
000 algorithm IKE hash: id=1, name=OAKLEY_MD5, hashlen=16
000 algorithm IKE hash: id=2, name=OAKLEY_SHA1, hashlen=20
000 algorithm IKE hash: id=4, name=OAKLEY_SHA2_256, hashlen=32
000 algorithm IKE hash: id=5, name=OAKLEY_SHA2_384, hashlen=48
000 algorithm IKE hash: id=6, name=OAKLEY_SHA2_512, hashlen=64
000 algorithm IKE dh group: id=2, name=OAKLEY_GROUP_MODP1024, bits=1024
000 algorithm IKE dh group: id=5, name=OAKLEY_GROUP_MODP1536, bits=1536
000 algorithm IKE dh group: id=14, name=OAKLEY_GROUP_MODP2048, bits=2048
000 algorithm IKE dh group: id=15, name=OAKLEY_GROUP_MODP3072, bits=3072
000 algorithm IKE dh group: id=16, name=OAKLEY_GROUP_MODP4096, bits=4096
000 algorithm IKE dh group: id=17, name=OAKLEY_GROUP_MODP6144, bits=6144
000 algorithm IKE dh group: id=18, name=OAKLEY_GROUP_MODP8192, bits=8192
000 algorithm IKE dh group: id=23, name=OAKLEY_GROUP_DH23, bits=2048
000 algorithm IKE dh group: id=24, name=OAKLEY_GROUP_DH24, bits=2048
000
000 stats db_ops: {curr_cnt, total_cnt, maxsz} :context={0,8,64} trans={0,8,6528} attrs={0,8,4352}
000
000 Connection list:
000
000 "awstunnel1": 169.254.12.52/30===169.254.255.2<169.254.255.2>...35.163.197.247<35.163.197.247>===0.0.0.0/0; erouted; eroute owner: #7
000 "awstunnel1": oriented; my_ip=unset; their_ip=unset
000 "awstunnel1": xauth us:none, xauth them:none, my_username=[any]; their_username=[any]
000 "awstunnel1": modecfg info: us:none, them:none, modecfg policy:push, dns1:unset, dns2:unset, domain:unset, banner:unset, cat:unset;
000 "awstunnel1": labeled_ipsec:no;
000 "awstunnel1": policy_label:unset;
000 "awstunnel1": ike_life: 28800s; ipsec_life: 3600s; replay_window: 32; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0;
000 "awstunnel1": retransmit-interval: 500ms; retransmit-timeout: 60s;
000 "awstunnel1": sha2-truncbug:no; initial-contact:no; cisco-unity:no; fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no;
000 "awstunnel1": policy: PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO;
000 "awstunnel1": conn_prio: 30,0; interface: eth0; metric: 0; mtu: unset; sa_prio:auto; sa_tfc:none;
000 "awstunnel1": nflog-group: unset; mark: unset; vti-iface:unset; vti-routing:no; vti-shared:no;
000 "awstunnel1": dpd: action:restart; delay:10; timeout:30; nat-t: encaps:auto; nat_keepalive:yes; ikev1_natt:both
000 "awstunnel1": newest ISAKMP SA: #1; newest IPsec SA: #7;
000 "awstunnel1": IKE algorithms wanted: AES_CBC(7)_128-SHA1(2)-MODP2048(14), AES_CBC(7)_128-SHA1(2)-MODP1536(5), AES_CBC(7)_128-SHA1(2)-MODP1024(2)
000 "awstunnel1": IKE algorithms found: AES_CBC(7)_128-SHA1(2)-MODP2048(14), AES_CBC(7)_128-SHA1(2)-MODP1536(5), AES_CBC(7)_128-SHA1(2)-MODP1024(2)
000 "awstunnel1": IKE algorithm newest: AES_CBC_128-SHA1-MODP2048
000 "awstunnel1": ESP algorithms wanted: AES(12)_128-SHA1(2); pfsgroup=MODP1024(2)
000 "awstunnel1": ESP algorithms loaded: AES(12)_128-SHA1(2)
000 "awstunnel1": ESP algorithm newest: AES_128-HMAC_SHA1; pfsgroup=MODP1024
000 "awstunnel2": 169.254.12.220/30===169.254.255.3<169.254.255.3>...35.163.220.45<35.163.220.45>===0.0.0.0/0; erouted; eroute owner: #8
000 "awstunnel2": oriented; my_ip=unset; their_ip=unset
000 "awstunnel2": xauth us:none, xauth them:none, my_username=[any]; their_username=[any]
000 "awstunnel2": modecfg info: us:none, them:none, modecfg policy:push, dns1:unset, dns2:unset, domain:unset, banner:unset, cat:unset;
000 "awstunnel2": labeled_ipsec:no;
000 "awstunnel2": policy_label:unset;
000 "awstunnel2": ike_life: 28800s; ipsec_life: 3600s; replay_window: 32; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0;
000 "awstunnel2": retransmit-interval: 500ms; retransmit-timeout: 60s;
000 "awstunnel2": sha2-truncbug:no; initial-contact:no; cisco-unity:no; fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no;
000 "awstunnel2": policy: PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO;
000 "awstunnel2": conn_prio: 30,0; interface: eth0; metric: 0; mtu: unset; sa_prio:auto; sa_tfc:none;
000 "awstunnel2": nflog-group: unset; mark: unset; vti-iface:unset; vti-routing:no; vti-shared:no;
000 "awstunnel2": dpd: action:restart; delay:10; timeout:30; nat-t: encaps:auto; nat_keepalive:yes; ikev1_natt:both
000 "awstunnel2": newest ISAKMP SA: #2; newest IPsec SA: #8;
000 "awstunnel2": IKE algorithms wanted: AES_CBC(7)_128-SHA1(2)-MODP2048(14), AES_CBC(7)_128-SHA1(2)-MODP1536(5), AES_CBC(7)_128-SHA1(2)-MODP1024(2)
000 "awstunnel2": IKE algorithms found: AES_CBC(7)_128-SHA1(2)-MODP2048(14), AES_CBC(7)_128-SHA1(2)-MODP1536(5), AES_CBC(7)_128-SHA1(2)-MODP1024(2)
000 "awstunnel2": IKE algorithm newest: AES_CBC_128-SHA1-MODP2048
000 "awstunnel2": ESP algorithms wanted: AES(12)_128-SHA1(2); pfsgroup=MODP1024(2)
000 "awstunnel2": ESP algorithms loaded: AES(12)_128-SHA1(2)
000 "awstunnel2": ESP algorithm newest: AES_128-HMAC_SHA1; pfsgroup=MODP1024
000 "awstunnel3": 169.254.47.12/30===169.254.255.4<169.254.255.4>...52.45.134.147<52.45.134.147>===0.0.0.0/0; erouted; eroute owner: #6
000 "awstunnel3": oriented; my_ip=unset; their_ip=unset
000 "awstunnel3": xauth us:none, xauth them:none, my_username=[any]; their_username=[any]
000 "awstunnel3": modecfg info: us:none, them:none, modecfg policy:push, dns1:unset, dns2:unset, domain:unset, banner:unset, cat:unset;
000 "awstunnel3": labeled_ipsec:no;
000 "awstunnel3": policy_label:unset;
000 "awstunnel3": ike_life: 28800s; ipsec_life: 3600s; replay_window: 32; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0;
000 "awstunnel3": retransmit-interval: 500ms; retransmit-timeout: 60s;
000 "awstunnel3": sha2-truncbug:no; initial-contact:no; cisco-unity:no; fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no;
000 "awstunnel3": policy: PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO;
000 "awstunnel3": conn_prio: 30,0; interface: eth0; metric: 0; mtu: unset; sa_prio:auto; sa_tfc:none;
000 "awstunnel3": nflog-group: unset; mark: unset; vti-iface:unset; vti-routing:no; vti-shared:no;
000 "awstunnel3": dpd: action:restart; delay:10; timeout:30; nat-t: encaps:auto; nat_keepalive:yes; ikev1_natt:both
000 "awstunnel3": newest ISAKMP SA: #3; newest IPsec SA: #6;
000 "awstunnel3": IKE algorithms wanted: AES_CBC(7)_128-SHA1(2)-MODP2048(14), AES_CBC(7)_128-SHA1(2)-MODP1536(5), AES_CBC(7)_128-SHA1(2)-MODP1024(2)
000 "awstunnel3": IKE algorithms found: AES_CBC(7)_128-SHA1(2)-MODP2048(14), AES_CBC(7)_128-SHA1(2)-MODP1536(5), AES_CBC(7)_128-SHA1(2)-MODP1024(2)
000 "awstunnel3": IKE algorithm newest: AES_CBC_128-SHA1-MODP2048
000 "awstunnel3": ESP algorithms wanted: AES(12)_128-SHA1(2); pfsgroup=MODP1024(2)
000 "awstunnel3": ESP algorithms loaded: AES(12)_128-SHA1(2)
000 "awstunnel3": ESP algorithm newest: AES_128-HMAC_SHA1; pfsgroup=MODP1024
000 "awstunnel4": 169.254.47.0/30===169.254.255.5<169.254.255.5>...52.45.232.151<52.45.232.151>===0.0.0.0/0; erouted; eroute owner: #5
000 "awstunnel4": oriented; my_ip=unset; their_ip=unset
000 "awstunnel4": xauth us:none, xauth them:none, my_username=[any]; their_username=[any]
000 "awstunnel4": modecfg info: us:none, them:none, modecfg policy:push, dns1:unset, dns2:unset, domain:unset, banner:unset, cat:unset;
000 "awstunnel4": labeled_ipsec:no;
000 "awstunnel4": policy_label:unset;
000 "awstunnel4": ike_life: 28800s; ipsec_life: 3600s; replay_window: 32; rekey_margin: 540s; rekey_fuzz: 100%; keyingtries: 0;
000 "awstunnel4": retransmit-interval: 500ms; retransmit-timeout: 60s;
000 "awstunnel4": sha2-truncbug:no; initial-contact:no; cisco-unity:no; fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no;
000 "awstunnel4": policy: PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO;
000 "awstunnel4": conn_prio: 30,0; interface: eth0; metric: 0; mtu: unset; sa_prio:auto; sa_tfc:none;
000 "awstunnel4": nflog-group: unset; mark: unset; vti-iface:unset; vti-routing:no; vti-shared:no;
000 "awstunnel4": dpd: action:restart; delay:10; timeout:30; nat-t: encaps:auto; nat_keepalive:yes; ikev1_natt:both
000 "awstunnel4": newest ISAKMP SA: #4; newest IPsec SA: #5;
000 "awstunnel4": IKE algorithms wanted: AES_CBC(7)_128-SHA1(2)-MODP2048(14), AES_CBC(7)_128-SHA1(2)-MODP1536(5), AES_CBC(7)_128-SHA1(2)-MODP1024(2)
000 "awstunnel4": IKE algorithms found: AES_CBC(7)_128-SHA1(2)-MODP2048(14), AES_CBC(7)_128-SHA1(2)-MODP1536(5), AES_CBC(7)_128-SHA1(2)-MODP1024(2)
000 "awstunnel4": IKE algorithm newest: AES_CBC_128-SHA1-MODP2048
000 "awstunnel4": ESP algorithms wanted: AES(12)_128-SHA1(2); pfsgroup=MODP1024(2)
000 "awstunnel4": ESP algorithms loaded: AES(12)_128-SHA1(2)
000 "awstunnel4": ESP algorithm newest: AES_128-HMAC_SHA1; pfsgroup=MODP1024
000 "v6neighbor-hole-in": ::/0===::1<::1>:58/34560...%any:58/34816===::/0; prospective erouted; eroute owner: #0
000 "v6neighbor-hole-in": oriented; my_ip=unset; their_ip=unset
000 "v6neighbor-hole-in": xauth us:none, xauth them:none, my_username=[any]; their_username=[any]
000 "v6neighbor-hole-in": modecfg info: us:none, them:none, modecfg policy:push, dns1:unset, dns2:unset, domain:unset, banner:unset, cat:unset;
000 "v6neighbor-hole-in": labeled_ipsec:no;
000 "v6neighbor-hole-in": policy_label:unset;
000 "v6neighbor-hole-in": ike_life: 0s; ipsec_life: 0s; replay_window: 0; rekey_margin: 0s; rekey_fuzz: 0%; keyingtries: 0;
000 "v6neighbor-hole-in": retransmit-interval: 0ms; retransmit-timeout: 0s;
000 "v6neighbor-hole-in": sha2-truncbug:no; initial-contact:no; cisco-unity:no; fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no;
000 "v6neighbor-hole-in": policy: PFS+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO+PASS+NEVER_NEGOTIATE;
000 "v6neighbor-hole-in": conn_prio: 0,0; interface: lo; metric: 0; mtu: unset; sa_prio:1; sa_tfc:none;
000 "v6neighbor-hole-in": nflog-group: unset; mark: unset; vti-iface:unset; vti-routing:no; vti-shared:no;
000 "v6neighbor-hole-in": newest ISAKMP SA: #0; newest IPsec SA: #0;
000 "v6neighbor-hole-out": ::/0===::1<::1>:58/34816...%any:58/34560===::/0; prospective erouted; eroute owner: #0
000 "v6neighbor-hole-out": oriented; my_ip=unset; their_ip=unset
000 "v6neighbor-hole-out": xauth us:none, xauth them:none, my_username=[any]; their_username=[any]
000 "v6neighbor-hole-out": modecfg info: us:none, them:none, modecfg policy:push, dns1:unset, dns2:unset, domain:unset, banner:unset, cat:unset;
000 "v6neighbor-hole-out": labeled_ipsec:no;
000 "v6neighbor-hole-out": policy_label:unset;
000 "v6neighbor-hole-out": ike_life: 0s; ipsec_life: 0s; replay_window: 0; rekey_margin: 0s; rekey_fuzz: 0%; keyingtries: 0;
000 "v6neighbor-hole-out": retransmit-interval: 0ms; retransmit-timeout: 0s;
000 "v6neighbor-hole-out": sha2-truncbug:no; initial-contact:no; cisco-unity:no; fake-strongswan:no; send-vendorid:no; send-no-esp-tfc:no;
000 "v6neighbor-hole-out": policy: PFS+IKEV1_ALLOW+IKEV2_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO+PASS+NEVER_NEGOTIATE;
000 "v6neighbor-hole-out": conn_prio: 0,0; interface: lo; metric: 0; mtu: unset; sa_prio:1; sa_tfc:none;
000 "v6neighbor-hole-out": nflog-group: unset; mark: unset; vti-iface:unset; vti-routing:no; vti-shared:no;
000 "v6neighbor-hole-out": newest ISAKMP SA: #0; newest IPsec SA: #0;
000
000 Total IPsec connections: loaded 6, active 4
000
000 State Information: DDoS cookies not required, Accepting new IKE connections
000 IKE SAs: total(4), half-open(0), open(0), authenticated(4), anonymous(0)
000 IPsec SAs: total(4), authenticated(4), anonymous(0)
000
000 #7: "awstunnel1":4500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 2516s; newest IPSEC; eroute owner; isakmp#1; idle; import:admin initiate
000 #7: "awstunnel1" ***@35.163.197.247 ***@169.254.255.2 ***@35.163.197.247 ***@169.254.255.2 ref=0 refhim=0 Traffic: ESPin=3KB ESPout=4KB! ESPmax=4194303B
000 #1: "awstunnel1":4500 STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 27405s; newest ISAKMP; lastdpd=3s(seq in:28717 out:0); idle; import:admin initiate
000 #8: "awstunnel2":4500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 2283s; newest IPSEC; eroute owner; isakmp#2; idle; import:admin initiate
000 #8: "awstunnel2" ***@35.163.220.45 ***@169.254.255.3 ***@35.163.220.45 ***@169.254.255.3 ref=0 refhim=0 Traffic: ESPin=5KB ESPout=4KB! ESPmax=4194303B
000 #2: "awstunnel2":4500 STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 27791s; newest ISAKMP; lastdpd=3s(seq in:4796 out:0); idle; import:admin initiate
000 #6: "awstunnel3":4500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 2265s; newest IPSEC; eroute owner; isakmp#3; idle; import:admin initiate
000 #6: "awstunnel3" ***@52.45.134.147 ***@169.254.255.4 ***@52.45.134.147 ***@169.254.255.4 ref=0 refhim=0 Traffic: ESPin=2KB ESPout=4KB! ESPmax=4194303B
000 #3: "awstunnel3":4500 STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 27684s; newest ISAKMP; lastdpd=4s(seq in:23449 out:0); idle; import:admin initiate
000 #5: "awstunnel4":4500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 2274s; newest IPSEC; eroute owner; isakmp#4; idle; import:admin initiate
000 #5: "awstunnel4" ***@52.45.232.151 ***@169.254.255.5 ***@52.45.232.151 ***@169.254.255.5 ref=0 refhim=0 Traffic: ESPin=4KB ESPout=3KB! ESPmax=4194303B
000 #4: "awstunnel4":4500 STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 27443s; newest ISAKMP; lastdpd=4s(seq in:11024 out:0); idle; import:admin initiate
000
000 Bare Shunt list:
000
+ _________________________ ifconfig-a
+ ifconfig -a
eth0 Link encap:Ethernet HWaddr 2E:50:0C:06:55:6D
inet addr:169.254.255.2 Bcast:0.0.0.0 Mask:255.255.255.240
inet6 addr: fe80::2c50:cff:fe06:556d/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:620215 errors:0 dropped:0 overruns:0 frame:0
TX packets:684618 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:70779023 (67.5 MiB) TX bytes:74050997 (70.6 MiB)

ip_vti0 Link encap:IPIP Tunnel HWaddr
NOARP MTU:1428 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:25791 errors:0 dropped:0 overruns:0 frame:0
TX packets:25791 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1
RX bytes:8543592 (8.1 MiB) TX bytes:8543592 (8.1 MiB)

+ _________________________ ip-addr-list
+ ip addr list
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ***@NONE: <NOARP> mtu 1428 qdisc noop state DOWN group default qlen 1
link/ipip 0.0.0.0 brd 0.0.0.0
13: ***@if12: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 2e:50:0c:06:55:6d brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 169.254.255.2/28 scope global eth0
valid_lft forever preferred_lft forever
inet 169.254.12.54/30 scope global eth0
valid_lft forever preferred_lft forever
inet 169.254.12.222/30 scope global eth0
valid_lft forever preferred_lft forever
inet 169.254.47.14/30 scope global eth0
valid_lft forever preferred_lft forever
inet 169.254.47.2/30 scope global eth0
valid_lft forever preferred_lft forever
inet 169.254.255.3/28 scope global secondary eth0
valid_lft forever preferred_lft forever
inet 169.254.255.4/28 scope global secondary eth0
valid_lft forever preferred_lft forever
inet 169.254.255.5/28 scope global secondary eth0
valid_lft forever preferred_lft forever
inet6 fe80::2c50:cff:fe06:556d/64 scope link
valid_lft forever preferred_lft forever
+ _________________________ ip-route-list
+ ip route list
default via 169.254.255.1 dev eth0
169.254.12.52/30 dev eth0 proto kernel scope link src 169.254.12.54
169.254.12.220/30 dev eth0 proto kernel scope link src 169.254.12.222
169.254.47.0/30 dev eth0 proto kernel scope link src 169.254.47.2
169.254.47.12/30 dev eth0 proto kernel scope link src 169.254.47.14
169.254.255.0/28 dev eth0 proto kernel scope link src 169.254.255.2
172.18.0.0/16 via 169.254.47.13 dev eth0 proto zebra metric 100
172.19.0.0/16 via 169.254.12.221 dev eth0 proto zebra metric 100
+ _________________________ ip-rule-list
+ ip rule list
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
+ _________________________ ipsec_verify
+ ipsec verify --nocolour
Verifying installed system and configuration files

Version check and ipsec on-path [OK]
Libreswan 3.master-201646.git (netkey) on 4.4.30-32.54.amzn1.x86_64
Checking for IPsec support in kernel [OK]
NETKEY: Testing XFRM related proc values
ICMP default/send_redirects [OK]
ICMP default/accept_redirects [OK]
XFRM larval drop [OK]
Pluto ipsec.conf syntax [OK]
Two or more interfaces found, checking IP forwarding [OK]
Checking rp_filter [OK]
Checking that pluto is running [OK]
Pluto listening for IKE on udp 500 [OK]
Pluto listening for IKE/NAT-T on udp 4500 [OK]
Pluto ipsec.secret syntax [OK]
Checking 'ip' command [OK]
Checking 'iptables' command [OK]
Checking 'prelink' command does not interfere with FIPS [OK]
Checking for obsolete ipsec.conf options [OK]
+ _________________________ mii-tool
+ '[' -x /sbin/mii-tool ']'
+ /sbin/mii-tool -v
No interface specified
usage: /sbin/mii-tool [-VvRrwl] [-A media,... | -F media] <interface> ...
-V, --version display version information
-v, --verbose more verbose output
-R, --reset reset MII to poweron state
-r, --restart restart autonegotiation
-w, --watch monitor for link status changes
-l, --log with -w, write events to syslog
-A, --advertise=media,... advertise only specified media
-F, --force=media force specified media technology
media: 100baseT4, 100baseTx-FD, 100baseTx-HD, 10baseT-FD, 10baseT-HD,
(to advertise both HD and FD) 100baseTx, 10baseT
+ _________________________ ipsec/directory
+ ipsec --directory
/usr/libexec/ipsec
+ _________________________ hostname/fqdn
+ _________________________ hostname/ipaddress
+ _________________________ uptime
+ uptime
17:40:29 up 5 days, 2:02, 1 user, load average: 0.08, 0.02, 0.01
+ _________________________ ps
+ egrep -i 'ppid|pluto|ipsec|klips'
+ ps alxwf
F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME COMMAND
4 0 28944 27450 20 0 113092 2956 wait S+ pts/0 0:00 \_ /bin/sh /usr/libexec/ipsec/barf
0 0 28400 1 20 0 113084 2936 wait S pts/0 0:00 /bin/sh /usr/libexec/ipsec/_plutorun --config /etc/ipsec.conf --nofork
4 0 28407 28400 20 0 219856 12828 ep_pol Sl pts/0 0:00 \_ /usr/libexec/ipsec/pluto --config /etc/ipsec.conf --nofork
+ _________________________ ipsec/conf
+ ipsec _keycensor
+ ipsec readwriteconf --config /etc/ipsec.conf
#conn awstunnel1 loaded
#conn awstunnel2 loaded
#conn awstunnel3 loaded
#conn awstunnel4 loaded
#conn v6neighbor-hole-in loaded
#conn v6neighbor-hole-out loaded
config setup
virtual-private=oe=off
protostack=netkey


# begin conn awstunnel1
conn awstunnel1
left=169.254.255.2
leftid="169.254.255.2"
leftsubnet=169.254.12.52/30
left=169.254.255.2
right=35.163.197.247
rightid="35.163.197.247"
rightsubnet=0.0.0.0/0
right=35.163.197.247
auto=start
type=tunnel
authby=secret
keyexchange=ike
salifetime=3600
keyingtries=0
ikelifetime=28800
dpddelay=10
dpdtimeout=30
dpdaction=restart
aggrmode=no
ike=aes128-sha1
phase2alg=aes128-sha1;modp1024
auto=start
type=tunnel
compress=no
pfs=yes
ikepad=yes
authby=secret
phase2=esp
ikev2=never
esn=no
# end conn awstunnel1

# begin conn awstunnel2
conn awstunnel2
left=169.254.255.3
leftid="169.254.255.3"
leftsubnet=169.254.12.220/30
left=169.254.255.3
right=35.163.220.45
rightid="35.163.220.45"
rightsubnet=0.0.0.0/0
right=35.163.220.45
auto=start
type=tunnel
authby=secret
keyexchange=ike
salifetime=3600
keyingtries=0
ikelifetime=28800
dpddelay=10
dpdtimeout=30
dpdaction=restart
aggrmode=no
ike=aes128-sha1
phase2alg=aes128-sha1;modp1024
auto=start
type=tunnel
compress=no
pfs=yes
ikepad=yes
authby=secret
phase2=esp
ikev2=never
esn=no
# end conn awstunnel2

# begin conn awstunnel3
conn awstunnel3
left=169.254.255.4
leftid="169.254.255.4"
leftsubnet=169.254.47.12/30
left=169.254.255.4
right=52.45.134.147
rightid="52.45.134.147"
rightsubnet=0.0.0.0/0
right=52.45.134.147
auto=start
type=tunnel
authby=secret
keyexchange=ike
salifetime=3600
keyingtries=0
ikelifetime=28800
dpddelay=10
dpdtimeout=30
dpdaction=restart
aggrmode=no
ike=aes128-sha1
phase2alg=aes128-sha1;modp1024
auto=start
type=tunnel
compress=no
pfs=yes
ikepad=yes
authby=secret
phase2=esp
ikev2=never
esn=no
# end conn awstunnel3

# begin conn awstunnel4
conn awstunnel4
left=169.254.255.5
leftid="169.254.255.5"
leftsubnet=169.254.47.0/30
left=169.254.255.5
right=52.45.232.151
rightid="52.45.232.151"
rightsubnet=0.0.0.0/0
right=52.45.232.151
auto=start
type=tunnel
authby=secret
keyexchange=ike
salifetime=3600
keyingtries=0
ikelifetime=28800
dpddelay=10
dpdtimeout=30
dpdaction=restart
aggrmode=no
ike=aes128-sha1
phase2alg=aes128-sha1;modp1024
auto=start
type=tunnel
compress=no
pfs=yes
ikepad=yes
authby=secret
phase2=esp
ikev2=never
esn=no
# end conn awstunnel4

# begin conn v6neighbor-hole-in
conn v6neighbor-hole-in
left=::1
leftsubnet=::/0
leftprotoport=58/34560
left=::1
right=::
rightsubnet=::/0
rightprotoport=58/34816
right=::0
auto=ondemand
connaddrfamily=ipv6
type=pass
authby=never
priority=1
auto=ondemand
type=passthrough
# end conn v6neighbor-hole-in

# begin conn v6neighbor-hole-out
conn v6neighbor-hole-out
left=::1
leftsubnet=::/0
leftprotoport=58/34816
left=::1
right=::
rightsubnet=::/0
rightprotoport=58/34560
right=::0
auto=ondemand
connaddrfamily=ipv6
type=pass
authby=never
priority=1
auto=ondemand
type=passthrough
# end conn v6neighbor-hole-out

# end of config
+ _________________________ ipsec/secrets
+ ipsec _secretcensor
+ cat /etc/ipsec.secrets
include /etc/ipsec.d/*.secrets
+ _________________________ ipsec/listall
+ ipsec whack --listall
000
000 List of RSA Public Keys:
000
000
000 List of Pre-shared secrets (from /etc/ipsec.secrets)
000
000 1: PSK 52.45.232.151 169.254.255.5
000 1: PSK 52.45.134.147 169.254.255.4
000 1: PSK 35.163.220.45 169.254.255.3
000 1: PSK 35.163.197.247 169.254.255.2
000
000 List of X.509 End Certificates:
000
000 List of X.509 CA Certificates:
000
000 List of CRLs:
+ '[' /etc/ipsec.d/policies ']'
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/block
+ base=block
+ _________________________ ipsec/policies/block
+ cat /etc/ipsec.d/policies/block
# This file defines the set of CIDRs (network/mask-length) to which
# communication should never be allowed. One IPv4 or IPv6 CIDR per line.

+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/clear
+ base=clear
+ _________________________ ipsec/policies/clear
+ cat /etc/ipsec.d/policies/clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be in the clear. One IPv4 or IPv6 CIDR per line.
#
# If running a recursive DNS server with query minimalization, one could
# opt to always send DNS root server traffic in the clear to speedup
# starting with an empty cache. It is not required though.
# 198.41.0.4/32
# 192.228.79.201/32
# 192.33.4.12/32
# 199.7.91.13/32
# 192.203.230.10/32
# 192.5.5.241/32
# 192.112.36.4/32
# 198.97.190.53/32
# 192.36.148.17/32
# 192.58.128.30/32
# 193.0.14.129/32
# 199.7.83.42/32
# 202.12.27.33/32
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/clear-or-private
+ base=clear-or-private
+ _________________________ ipsec/policies/clear-or-private
+ cat /etc/ipsec.d/policies/clear-or-private
# This file defines the set of CIDRs (network/mask-length) to which
# we will communicate in the clear, or, if the other side initiates IPSEC,
# using encryption. This behaviour is also called "Opportunistic Responder".
# One IPv4 or IPv6 CIDR per line.
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/private
+ base=private
+ _________________________ ipsec/policies/private
+ cat /etc/ipsec.d/policies/private
# This file defines the set of CIDRs (network/mask-length) to which
# communication should always be private (i.e. encrypted). One IPv4
# or IPv6 CIDR per line.
+ for policy in '$POLICIES/*'
++ basename /etc/ipsec.d/policies/private-or-clear
+ base=private-or-clear
+ _________________________ ipsec/policies/private-or-clear
+ cat /etc/ipsec.d/policies/private-or-clear
# This file defines the set of CIDRs (network/mask-length) to which
# communication should be private, if possible, but in the clear otherwise.
# One IPv4 or IPv6 CIDR per line.
#
# If the target has a TXT (later IPSECKEY) record that specifies
# authentication material, we will require private (i.e. encrypted)
# communications. If no such record is found, communications will be
# in the clear.
#
0.0.0.0/0
+ _________________________ ipsec/ls-execdir
+ ls -l /usr/libexec/ipsec
total 4028
-rwxr-xr-x 1 root root 196512 Nov 18 21:53 _import_crl
-rwxr-xr-x 1 root root 1410 Nov 18 21:53 _keycensor
-rwxr-xr-x 1 root root 3053 Nov 18 21:53 _plutorun
-rwxr-xr-x 1 root root 1904 Nov 18 21:53 _secretcensor
-rwxr-xr-x 1 root root 14167 Nov 18 21:53 _stackmanager
-rwxr-xr-x 1 root root 4329 Nov 23 03:56 _updown
-rwxr-xr-x 1 root root 18644 Nov 18 21:53 _updown.klips
-rwxr-xr-x 1 root root 20881 Nov 23 04:17 _updown.netkey
-rwxr-xr-x 1 root root 237400 Nov 18 21:53 addconn
-rwxr-xr-x 1 root root 4715 Nov 18 21:53 auto
-rwxr-xr-x 1 root root 12000 Nov 23 17:40 barf
-rwxr-xr-x 1 root root 1076440 Nov 18 21:53 cavp
-rwxr-xr-x 1 root root 89656 Nov 18 21:53 eroute
-rwxr-xr-x 1 root root 69568 Nov 18 21:53 klipsdebug
-rwxr-xr-x 1 root root 2990 Nov 18 21:53 look
-rwxr-xr-x 1 root root 3002 Nov 18 21:53 newhostkey
-rwxr-xr-x 1 root root 64728 Nov 18 21:53 pf_key
-rwxr-xr-x 1 root root 1154168 Nov 18 21:53 pluto
-rwxr-xr-x 1 root root 216928 Nov 18 21:53 readwriteconf
-rwxr-xr-x 1 root root 201312 Nov 18 21:53 rsasigkey
-rwxr-xr-x 1 root root 6307 Nov 18 21:53 setup
-rwxr-xr-x 1 root root 201536 Nov 18 21:53 showhostkey
-rwxr-xr-x 1 root root 184536 Nov 18 21:53 spi
-rwxr-xr-x 1 root root 81448 Nov 18 21:53 spigrp
-rwxr-xr-x 1 root root 130888 Nov 18 21:53 tncfg
-rwxr-xr-x 1 root root 12347 Nov 18 21:53 verify
-rwxr-xr-x 1 root root 67768 Nov 18 21:53 whack
+ _________________________ /proc/net/dev
+ cat /proc/net/dev
Inter-| Receive | Transmit
face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed
ip_vti0: 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
lo: 8543592 25791 0 0 0 0 0 0 8543592 25791 0 0 0 0 0 0
eth0: 70779023 620215 0 0 0 0 0 0 74050997 684618 0 0 0 0 0 0
+ _________________________ /proc/net/route
+ cat /proc/net/route
Iface Destination Gateway Flags RefCnt Use Metric Mask MTU Window IRTT
eth0 00000000 01FFFEA9 0003 0 0 0 00000000 0 0 0
eth0 340CFEA9 00000000 0001 0 0 0 FCFFFFFF 0 0 0
eth0 DC0CFEA9 00000000 0001 0 0 0 FCFFFFFF 0 0 0
eth0 002FFEA9 00000000 0001 0 0 0 FCFFFFFF 0 0 0
eth0 0C2FFEA9 00000000 0001 0 0 0 FCFFFFFF 0 0 0
eth0 00FFFEA9 00000000 0001 0 0 0 F0FFFFFF 0 0 0
eth0 000012AC 0D2FFEA9 0003 0 0 100 0000FFFF 0 0 0
eth0 000013AC DD0CFEA9 0003 0 0 100 0000FFFF 0 0 0
+ _________________________ /proc/sys/net/ipv4/ip_no_pmtu_disc
+ cat /proc/sys/net/ipv4/ip_no_pmtu_disc
0
+ _________________________ /proc/sys/net/ipv4/ip_forward
+ cat /proc/sys/net/ipv4/ip_forward
1
+ _________________________ /proc/sys/net/ipv4/tcp_ecn
+ cat /proc/sys/net/ipv4/tcp_ecn
2
+ _________________________ /proc/sys/net/ipv4/conf/star-rp_filter
+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/rp_filter default/rp_filter eth0/rp_filter ip_vti0/rp_filter lo/rp_filter
all/rp_filter:0
default/rp_filter:0
eth0/rp_filter:0
ip_vti0/rp_filter:0
lo/rp_filter:0
+ _________________________ /proc/sys/net/ipv4/conf/star-star-redirects
+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/accept_redirects all/secure_redirects all/send_redirects default/accept_redirects default/secure_redirects default/send_redirects eth0/accept_redirects eth0/secure_redirects eth0/send_redirects ip_vti0/accept_redirects ip_vti0/secure_redirects ip_vti0/send_redirects lo/accept_redirects lo/secure_redirects lo/send_redirects
all/accept_redirects:0
all/secure_redirects:1
all/send_redirects:0
default/accept_redirects:0
default/secure_redirects:1
default/send_redirects:0
eth0/accept_redirects:0
eth0/secure_redirects:1
eth0/send_redirects:0
ip_vti0/accept_redirects:0
ip_vti0/secure_redirects:1
ip_vti0/send_redirects:0
lo/accept_redirects:0
lo/secure_redirects:1
lo/send_redirects:0
+ _________________________ /proc/sys/net/ipv4/tcp_window_scaling
+ cat /proc/sys/net/ipv4/tcp_window_scaling
cat: /proc/sys/net/ipv4/tcp_window_scaling: No such file or directory
+ _________________________ /proc/sys/net/ipv4/tcp_adv_win_scale
+ cat /proc/sys/net/ipv4/tcp_adv_win_scale
cat: /proc/sys/net/ipv4/tcp_adv_win_scale: No such file or directory
+ _________________________ uname-a
+ uname -a
Linux ip-172-28-10-214 4.4.30-32.54.amzn1.x86_64 #1 SMP Thu Nov 10 15:52:05 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
+ _________________________ config-built-with
+ test -r /proc/config_built_with
+ _________________________ distro-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/redhat-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/debian-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/SuSE-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/mandrake-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/mandriva-release
+ for distro in /etc/redhat-release /etc/debian-release /etc/SuSE-release /etc/mandrake-release /etc/mandriva-release /etc/gentoo-release
+ test -f /etc/gentoo-release
+ _________________________ /proc/net/ipsec_version
+ test -r /proc/net/ipsec_version
+ test -r /proc/net/pfkey
++ uname -r
+ echo 'NETKEY (4.4.30-32.54.amzn1.x86_64) support detected '
NETKEY (4.4.30-32.54.amzn1.x86_64) support detected
+ _________________________ iptables
+ test -e /proc/net/ip_tables_names
+ test -r /sbin/iptables-save -o -r /usr/sbin/iptables-save
+ iptables-save --modprobe=/dev/null
# Generated by iptables-save v1.4.18 on Wed Nov 23 17:40:29 2016
*mangle
:PREROUTING ACCEPT [864230:86453089]
:INPUT ACCEPT [850001:85262194]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [926442:95967159]
:POSTROUTING ACCEPT [915129:95283836]
COMMIT
# Completed on Wed Nov 23 17:40:29 2016
# Generated by iptables-save v1.4.18 on Wed Nov 23 17:40:29 2016
*filter
:INPUT ACCEPT [850001:85262194]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [926442:95967159]
COMMIT
# Completed on Wed Nov 23 17:40:29 2016
# Generated by iptables-save v1.4.18 on Wed Nov 23 17:40:29 2016
*raw
:PREROUTING ACCEPT [864230:86453089]
:OUTPUT ACCEPT [926442:95967159]
COMMIT
# Completed on Wed Nov 23 17:40:29 2016
# Generated by iptables-save v1.4.18 on Wed Nov 23 17:40:29 2016
*nat
:PREROUTING ACCEPT [14400:1200240]
:INPUT ACCEPT [390:23400]
:OUTPUT ACCEPT [13318:1209187]
:POSTROUTING ACCEPT [2132:538027]
COMMIT
# Completed on Wed Nov 23 17:40:29 2016
+ _________________________ ip6tables
+ test -e ip6_tables_names
+ _________________________ /proc/modules
+ test -f /proc/modules
+ cat /proc/modules
udp_diag 2689 0 - Live 0xffffffffa091d000 (E)
inet_diag 10111 1 udp_diag, Live 0xffffffffa0916000 (E)
chacha20poly1305 7411 0 - Live 0xffffffffa074f000 (E)
xt_policy 2790 0 - Live 0xffffffffa072d000 (E)
ip_vti 6383 0 - Live 0xffffffffa0719000 (E)
ip_tunnel 16599 1 ip_vti, Live 0xffffffffa070f000 (E)
af_key 29865 0 - Live 0xffffffffa0702000 (E)
ah6 6393 0 - Live 0xffffffffa06fd000 (E)
ah4 6295 0 - Live 0xffffffffa06f8000 (E)
esp6 6502 0 - Live 0xffffffffa06f3000 (E)
esp4 6994 8 - Live 0xffffffffa06ee000 (E)
xfrm4_mode_beet 2387 0 - Live 0xffffffffa06ea000 (E)
xfrm4_tunnel 2361 0 - Live 0xffffffffa06e6000 (E)
xfrm4_mode_tunnel 2237 16 - Live 0xffffffffa06e2000 (E)
xfrm4_mode_transport 1751 0 - Live 0xffffffffa06de000 (E)
xfrm6_mode_transport 1815 0 - Live 0xffffffffa06da000 (E)
xfrm6_mode_ro 1556 0 - Live 0xffffffffa06d6000 (E)
xfrm6_mode_beet 2226 0 - Live 0xffffffffa06d2000 (E)
xfrm6_mode_tunnel 2109 8 - Live 0xffffffffa06ce000 (E)
ipcomp 2524 0 - Live 0xffffffffa06ca000 (E)
ipcomp6 2525 0 - Live 0xffffffffa06c6000 (E)
xfrm6_tunnel 4104 1 ipcomp6, Live 0xffffffffa06c1000 (E)
tunnel6 3179 1 xfrm6_tunnel, Live 0xffffffffa06bd000 (E)
xfrm_ipcomp 4917 2 ipcomp,ipcomp6, Live 0xffffffffa06b8000 (E)
mcryptd 8315 0 - Live 0xffffffffa06a7000 (E)
sha1_ssse3 20834 8 - Live 0xffffffffa069e000 (E)
salsa20_x86_64 4039 0 - Live 0xffffffffa069a000 (E)
poly1305_x86_64 5589 0 - Live 0xffffffffa0695000 (E)
poly1305_generic 4573 1 poly1305_x86_64, Live 0xffffffffa0690000 (E)
des3_ede_x86_64 31023 0 - Live 0xffffffffa0680000 (E)
crc32_pclmul 3238 0 - Live 0xffffffffa067c000 (E)
crc32c_intel 13415 0 - Live 0xffffffffa0674000 (E)
chacha20_x86_64 6950 0 - Live 0xffffffffa066f000 (E)
chacha20_generic 3629 1 chacha20_x86_64, Live 0xffffffffa066b000 (E)
xfrm_user 26530 2 - Live 0xffffffffa0660000 (E)
ip6table_mangle 2012 0 - Live 0xffffffffa065c000 (E)
ip6_tables 16562 1 ip6table_mangle, Live 0xffffffffa0653000 (E)
iptable_mangle 1943 0 - Live 0xffffffffa064f000 (E)
iptable_filter 1994 0 - Live 0xffffffffa064b000 (E)
xt_NFLOG 1465 0 - Live 0xffffffffa0647000 (E)
iptable_raw 1734 0 - Live 0xffffffffa0643000 (E)
nfnetlink_queue 11439 0 - Live 0xffffffffa063c000 (E)
nfnetlink_log 9279 2 xt_NFLOG, Live 0xffffffffa0635000 (E)
nfnetlink 7429 3 nfnetlink_queue,nfnetlink_log, Live 0xffffffffa062f000 (E)
authenc 4597 8 - Live 0xffffffffa0554000 (E)
echainiv 2142 8 - Live 0xffffffffa0550000 (E)
cmac 2932 0 - Live 0xffffffffa054c000 (E)
rmd160 8040 0 - Live 0xffffffffa0547000 (E)
camellia_generic 18700 0 - Live 0xffffffffa053f000 (E)
camellia_aesni_avx2 21820 0 - Live 0xffffffffa0535000 (E)
camellia_aesni_avx_x86_64 21238 1 camellia_aesni_avx2, Live 0xffffffffa052b000 (E)
camellia_x86_64 47490 2 camellia_aesni_avx2,camellia_aesni_avx_x86_64, Live 0xffffffffa051b000 (E)
cast6_avx_x86_64 61267 0 - Live 0xffffffffa0509000 (E)
cast6_generic 13523 1 cast6_avx_x86_64, Live 0xffffffffa0502000 (E)
cast5_avx_x86_64 40256 0 - Live 0xffffffffa04f5000 (E)
cast5_generic 11509 1 cast5_avx_x86_64, Live 0xffffffffa04ef000 (E)
cast_common 5815 4 cast6_avx_x86_64,cast6_generic,cast5_avx_x86_64,cast5_generic, Live 0xffffffffa04ea000 (E)
deflate 2249 0 - Live 0xffffffffa04e6000 (E)
cts 4406 0 - Live 0xffffffffa04e1000 (E)
ctr 4153 0 - Live 0xffffffffa04dc000 (E)
gcm 11963 0 - Live 0xffffffffa04d5000 (E)
ccm 8535 0 - Live 0xffffffffa04cf000 (E)
serpent_avx2 40324 0 - Live 0xffffffffa04c2000 (E)
serpent_avx_x86_64 42098 1 serpent_avx2, Live 0xffffffffa04b3000 (E)
serpent_sse2_x86_64 45144 0 - Live 0xffffffffa04a4000 (E)
serpent_generic 21631 3 serpent_avx2,serpent_avx_x86_64,serpent_sse2_x86_64, Live 0xffffffffa049b000 (E)
blowfish_generic 3506 0 - Live 0xffffffffa0497000 (E)
blowfish_x86_64 14088 0 - Live 0xffffffffa0490000 (E)
blowfish_common 6819 2 blowfish_generic,blowfish_x86_64, Live 0xffffffffa048b000 (E)
twofish_generic 5947 0 - Live 0xffffffffa0486000 (E)
twofish_avx_x86_64 42181 0 - Live 0xffffffffa0478000 (E)
twofish_x86_64_3way 21074 1 twofish_avx_x86_64, Live 0xffffffffa046e000 (E)
xts 3442 3 camellia_x86_64,serpent_sse2_x86_64,twofish_x86_64_3way, Live 0xffffffffa046a000 (E)
twofish_x86_64 5931 2 twofish_avx_x86_64,twofish_x86_64_3way, Live 0xffffffffa0465000 (E)
twofish_common 13625 4 twofish_generic,twofish_avx_x86_64,twofish_x86_64_3way,twofish_x86_64, Live 0xffffffffa045e000 (E)
ecb 2383 0 - Live 0xffffffffa045a000 (E)
xcbc 2895 0 - Live 0xffffffffa0456000 (E)
cbc 2982 0 - Live 0xffffffffa0452000 (E)
sha256_ssse3 21480 0 - Live 0xffffffffa0448000 (E)
sha512_ssse3 39141 0 - Live 0xffffffffa043a000 (E)
sha512_generic 6283 1 sha512_ssse3, Live 0xffffffffa0435000 (E)
des_generic 17132 1 des3_ede_x86_64, Live 0xffffffffa042d000 (E)
drbg 22511 1 - Live 0xffffffffa0423000 (E)
ansi_cprng 4997 0 - Live 0xffffffffa041e000 (E)
aesni_intel 160022 16 - Live 0xffffffffa03ed000 (E)
aes_x86_64 8043 1 aesni_intel, Live 0xffffffffa03e8000 (E)
lrw 4326 10 camellia_aesni_avx2,camellia_aesni_avx_x86_64,camellia_x86_64,cast6_avx_x86_64,serpent_avx2,serpent_avx_x86_64,serpent_sse2_x86_64,twofish_avx_x86_64,twofish_x86_64_3way,aesni_intel, Live 0xffffffffa03e3000 (E)
gf128mul 7975 2 xts,lrw, Live 0xffffffffa03dd000 (E)
glue_helper 5091 10 camellia_aesni_avx2,camellia_aesni_avx_x86_64,camellia_x86_64,cast6_avx_x86_64,serpent_avx2,serpent_avx_x86_64,serpent_sse2_x86_64,twofish_avx_x86_64,twofish_x86_64_3way,aesni_intel, Live 0xffffffffa03d8000 (E)
ablk_helper 3229 9 camellia_aesni_avx2,camellia_aesni_avx_x86_64,cast6_avx_x86_64,cast5_avx_x86_64,serpent_avx2,serpent_avx_x86_64,serpent_sse2_x86_64,twofish_avx_x86_64,aesni_intel, Live 0xffffffffa03d4000 (E)
cryptd 10461 10 aesni_intel,ablk_helper, Live 0xffffffffa03cd000 (E)
tunnel4 3076 1 xfrm4_tunnel, Live 0xffffffffa03a2000 (E)
rng_core 8122 0 - Live 0xffffffffa0365000 (E)
xfrm_algo 7970 7 af_key,ah6,ah4,esp6,esp4,xfrm_ipcomp,xfrm_user, Live 0xffffffffa0352000 (E)
xt_nat 2249 8 - Live 0xffffffffa034e000 (E)
iptable_nat 2251 1 - Live 0xffffffffa034a000 (E)
nf_conntrack_ipv4 14334 1 - Live 0xffffffffa0342000 (E)
nf_defrag_ipv4 1913 1 nf_conntrack_ipv4, Live 0xffffffffa033e000 (E)
nf_nat_ipv4 6171 1 iptable_nat, Live 0xffffffffa0339000 (E)
nf_nat 15913 2 xt_nat,nf_nat_ipv4, Live 0xffffffffa0330000 (E)
nf_conntrack 98638 3 nf_conntrack_ipv4,nf_nat_ipv4,nf_nat, Live 0xffffffffa030a000 (E)
ip_tables 15973 4 iptable_mangle,iptable_filter,iptable_raw,iptable_nat, Live 0xffffffffa0302000 (E)
x_tables 24596 9 xt_policy,ip6table_mangle,ip6_tables,iptable_mangle,iptable_filter,xt_NFLOG,iptable_raw,xt_nat,ip_tables, Live 0xffffffffa02f5000 (E)
veth 5650 0 - Live 0xffffffffa02f0000 (E)
ipv6 368318 148 udp_diag,ah6,esp6,xfrm6_mode_beet,xfrm6_mode_tunnel,ipcomp6,xfrm6_tunnel,ip6table_mangle,[permanent], Live 0xffffffffa027e000 (E)
binfmt_misc 7144 1 - Live 0xffffffffa0279000 (E)
mousedev 11430 0 - Live 0xffffffffa0272000 (E)
evdev 12270 0 - Live 0xffffffffa026b000 (E)
acpi_cpufreq 7838 0 - Live 0xffffffffa01db000 (E)
psmouse 17744 0 - Live 0xffffffffa01d2000 (E)
button 5894 0 - Live 0xffffffffa01c6000 (E)
ext4 572921 1 - Live 0xffffffffa0113000 (E)
crc16 1923 1 ext4, Live 0xffffffffa010f000 (E)
mbcache 9620 1 ext4, Live 0xffffffffa0108000 (E)
jbd2 105184 1 ext4, Live 0xffffffffa00e2000 (E)
ata_piix 26804 0 - Live 0xffffffffa00d6000 (E)
libata 225805 1 ata_piix, Live 0xffffffffa0086000 (E)
scsi_mod 221423 1 libata, Live 0xffffffffa003b000 (E)
dm_mirror 14022 0 - Live 0xffffffffa0033000 (E)
dm_region_hash 11021 1 dm_mirror, Live 0xffffffffa002c000 (E)
dm_log 9651 2 dm_mirror,dm_region_hash, Live 0xffffffffa0025000 (E)
dm_mod 101624 2 dm_mirror,dm_log, Live 0xffffffffa0000000 (E)
+ _________________________ /proc/meminfo
+ cat /proc/meminfo
MemTotal: 1019320 kB
MemFree: 70232 kB
MemAvailable: 800156 kB
Buffers: 167000 kB
Cached: 515052 kB
SwapCached: 0 kB
Active: 604596 kB
Inactive: 99180 kB
Active(anon): 21748 kB
Inactive(anon): 52 kB
Active(file): 582848 kB
Inactive(file): 99128 kB
Unevictable: 0 kB
Mlocked: 0 kB
SwapTotal: 0 kB
SwapFree: 0 kB
Dirty: 164 kB
Writeback: 0 kB
AnonPages: 21740 kB
Mapped: 17628 kB
Shmem: 60 kB
Slab: 229396 kB
SReclaimable: 216884 kB
SUnreclaim: 12512 kB
KernelStack: 1712 kB
PageTables: 3364 kB
NFS_Unstable: 0 kB
Bounce: 0 kB
WritebackTmp: 0 kB
CommitLimit: 509660 kB
Committed_AS: 80724 kB
VmallocTotal: 34359738367 kB
VmallocUsed: 0 kB
VmallocChunk: 0 kB
AnonHugePages: 0 kB
HugePages_Total: 0
HugePages_Free: 0
HugePages_Rsvd: 0
HugePages_Surp: 0
Hugepagesize: 2048 kB
DirectMap4k: 12288 kB
DirectMap2M: 1036288 kB
+ _________________________ /proc/net/ipsec-ls
+ test -f /proc/net/ipsec_version
+ _________________________ usr/src/linux/.config
+ test -f /proc/config.gz
++ uname -r
+ test -f /lib/modules/4.4.30-32.54.amzn1.x86_64/build/.config
+ egrep 'CONFIG_IPSEC|CONFIG_KLIPS|CONFIG_NET_KEY|CONFIG_INET|CONFIG_IP|CONFIG_HW_RANDOM|CONFIG_CRYPTO_DEV|_XFRM'
++ uname -r
+ cat /lib/modules/4.4.30-32.54.amzn1.x86_64/build/.config
CONFIG_IPC_NS=y
CONFIG_XFRM=y
CONFIG_XFRM_ALGO=m
CONFIG_XFRM_USER=m
CONFIG_XFRM_SUB_POLICY=y
CONFIG_XFRM_MIGRATE=y
CONFIG_XFRM_STATISTICS=y
CONFIG_XFRM_IPCOMP=m
CONFIG_NET_KEY=m
CONFIG_NET_KEY_MIGRATE=y
CONFIG_INET=y
CONFIG_IP_MULTICAST=y
CONFIG_IP_ADVANCED_ROUTER=y
# CONFIG_IP_FIB_TRIE_STATS is not set
CONFIG_IP_MULTIPLE_TABLES=y
CONFIG_IP_ROUTE_MULTIPATH=y
CONFIG_IP_ROUTE_VERBOSE=y
CONFIG_IP_ROUTE_CLASSID=y
# CONFIG_IP_PNP is not set
CONFIG_IP_MROUTE=y
CONFIG_IP_MROUTE_MULTIPLE_TABLES=y
CONFIG_IP_PIMSM_V1=y
CONFIG_IP_PIMSM_V2=y
CONFIG_INET_AH=m
CONFIG_INET_ESP=m
CONFIG_INET_IPCOMP=m
CONFIG_INET_XFRM_TUNNEL=m
CONFIG_INET_TUNNEL=m
CONFIG_INET_XFRM_MODE_TRANSPORT=m
CONFIG_INET_XFRM_MODE_TUNNEL=m
CONFIG_INET_XFRM_MODE_BEET=m
CONFIG_INET_LRO=y
CONFIG_INET_DIAG=m
CONFIG_INET_TCP_DIAG=m
CONFIG_INET_UDP_DIAG=m
CONFIG_IPV6=m
CONFIG_IPV6_ROUTER_PREF=y
CONFIG_IPV6_ROUTE_INFO=y
CONFIG_IPV6_OPTIMISTIC_DAD=y
CONFIG_INET6_AH=m
CONFIG_INET6_ESP=m
CONFIG_INET6_IPCOMP=m
CONFIG_IPV6_MIP6=m
CONFIG_IPV6_ILA=m
CONFIG_INET6_XFRM_TUNNEL=m
CONFIG_INET6_TUNNEL=m
CONFIG_INET6_XFRM_MODE_TRANSPORT=m
CONFIG_INET6_XFRM_MODE_TUNNEL=m
CONFIG_INET6_XFRM_MODE_BEET=m
CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION=m
CONFIG_IPV6_VTI=m
CONFIG_IPV6_SIT=m
CONFIG_IPV6_SIT_6RD=y
CONFIG_IPV6_NDISC_NODETYPE=y
CONFIG_IPV6_TUNNEL=m
# CONFIG_IPV6_GRE is not set
CONFIG_IPV6_MULTIPLE_TABLES=y
CONFIG_IPV6_SUBTREES=y
CONFIG_IPV6_MROUTE=y
CONFIG_IPV6_MROUTE_MULTIPLE_TABLES=y
CONFIG_IPV6_PIMSM_V2=y
CONFIG_IP_SET=m
CONFIG_IP_SET_MAX=256
CONFIG_IP_SET_BITMAP_IP=m
CONFIG_IP_SET_BITMAP_IPMAC=m
CONFIG_IP_SET_BITMAP_PORT=m
CONFIG_IP_SET_HASH_IP=m
CONFIG_IP_SET_HASH_IPMARK=m
CONFIG_IP_SET_HASH_IPPORT=m
CONFIG_IP_SET_HASH_IPPORTIP=m
CONFIG_IP_SET_HASH_IPPORTNET=m
CONFIG_IP_SET_HASH_MAC=m
CONFIG_IP_SET_HASH_NETPORTNET=m
CONFIG_IP_SET_HASH_NET=m
CONFIG_IP_SET_HASH_NETNET=m
CONFIG_IP_SET_HASH_NETPORT=m
CONFIG_IP_SET_HASH_NETIFACE=m
CONFIG_IP_SET_LIST_SET=m
CONFIG_IP_VS=m
CONFIG_IP_VS_IPV6=y
# CONFIG_IP_VS_DEBUG is not set
CONFIG_IP_VS_TAB_BITS=12
CONFIG_IP_VS_PROTO_TCP=y
CONFIG_IP_VS_PROTO_UDP=y
CONFIG_IP_VS_PROTO_AH_ESP=y
CONFIG_IP_VS_PROTO_ESP=y
CONFIG_IP_VS_PROTO_AH=y
CONFIG_IP_VS_PROTO_SCTP=y
CONFIG_IP_VS_RR=m
CONFIG_IP_VS_WRR=m
CONFIG_IP_VS_LC=m
CONFIG_IP_VS_WLC=m
CONFIG_IP_VS_FO=m
CONFIG_IP_VS_OVF=m
CONFIG_IP_VS_LBLC=m
CONFIG_IP_VS_LBLCR=m
CONFIG_IP_VS_DH=m
CONFIG_IP_VS_SH=m
CONFIG_IP_VS_SED=m
CONFIG_IP_VS_NQ=m
CONFIG_IP_VS_SH_TAB_BITS=8
CONFIG_IP_VS_FTP=m
CONFIG_IP_VS_NFCT=y
CONFIG_IP_VS_PE_SIP=m
CONFIG_IP_NF_IPTABLES=m
CONFIG_IP_NF_MATCH_AH=m
CONFIG_IP_NF_MATCH_ECN=m
CONFIG_IP_NF_MATCH_RPFILTER=m
CONFIG_IP_NF_MATCH_TTL=m
CONFIG_IP_NF_FILTER=m
CONFIG_IP_NF_TARGET_REJECT=m
CONFIG_IP_NF_TARGET_SYNPROXY=m
CONFIG_IP_NF_NAT=m
CONFIG_IP_NF_TARGET_MASQUERADE=m
CONFIG_IP_NF_TARGET_NETMAP=m
CONFIG_IP_NF_TARGET_REDIRECT=m
CONFIG_IP_NF_MANGLE=m
CONFIG_IP_NF_TARGET_CLUSTERIP=m
CONFIG_IP_NF_TARGET_ECN=m
CONFIG_IP_NF_TARGET_TTL=m
CONFIG_IP_NF_RAW=m
CONFIG_IP_NF_SECURITY=m
CONFIG_IP_NF_ARPTABLES=m
CONFIG_IP_NF_ARPFILTER=m
CONFIG_IP_NF_ARP_MANGLE=m
CONFIG_IP6_NF_IPTABLES=m
CONFIG_IP6_NF_MATCH_AH=m
CONFIG_IP6_NF_MATCH_EUI64=m
CONFIG_IP6_NF_MATCH_FRAG=m
CONFIG_IP6_NF_MATCH_OPTS=m
CONFIG_IP6_NF_MATCH_HL=m
CONFIG_IP6_NF_MATCH_IPV6HEADER=m
CONFIG_IP6_NF_MATCH_MH=m
CONFIG_IP6_NF_MATCH_RPFILTER=m
CONFIG_IP6_NF_MATCH_RT=m
CONFIG_IP6_NF_TARGET_HL=m
CONFIG_IP6_NF_FILTER=m
CONFIG_IP6_NF_TARGET_REJECT=m
CONFIG_IP6_NF_TARGET_SYNPROXY=m
CONFIG_IP6_NF_MANGLE=m
CONFIG_IP6_NF_RAW=m
CONFIG_IP6_NF_SECURITY=m
CONFIG_IP6_NF_NAT=m
CONFIG_IP6_NF_TARGET_MASQUERADE=m
# CONFIG_IP6_NF_TARGET_NPT is not set
CONFIG_IP_DCCP=m
CONFIG_INET_DCCP_DIAG=m
# CONFIG_IP_DCCP_CCID2_DEBUG is not set
CONFIG_IP_DCCP_CCID3=y
# CONFIG_IP_DCCP_CCID3_DEBUG is not set
CONFIG_IP_DCCP_TFRC_LIB=y
# CONFIG_IP_DCCP_DEBUG is not set
CONFIG_IP_SCTP=m
# CONFIG_IPX is not set
CONFIG_IPVLAN=m
# CONFIG_IPMI_HANDLER is not set
CONFIG_HW_RANDOM=m
CONFIG_HW_RANDOM_TIMERIOMEM=m
CONFIG_HW_RANDOM_INTEL=m
CONFIG_HW_RANDOM_AMD=m
CONFIG_HW_RANDOM_VIA=m
CONFIG_HW_RANDOM_VIRTIO=m
CONFIG_HW_RANDOM_TPM=m
# CONFIG_IPACK_BUS is not set
CONFIG_SECURITY_NETWORK_XFRM=y
+ _________________________ etc/syslog.conf
+ _________________________ etc/syslog-ng/syslog-ng.conf
+ cat /etc/syslog-ng/syslog-ng.conf
cat: /etc/syslog-ng/syslog-ng.conf: No such file or directory
+ cat /etc/syslog.conf
cat: /etc/syslog.conf: No such file or directory
+ _________________________ etc/resolv.conf
+ cat /etc/resolv.conf
options timeout:2 attempts:5
; generated by /sbin/dhclient-script
search ec2.internal
nameserver 172.28.10.2
+ _________________________ lib/modules-ls
+ ls -ltr /lib/modules
total 8
drwxr-xr-x 7 root root 4096 Sep 23 10:01 4.4.19-29.55.amzn1.x86_64
drwxr-xr-x 7 root root 4096 Nov 14 19:01 4.4.30-32.54.amzn1.x86_64
+ _________________________ fipscheck
+ cat /proc/sys/crypto/fips_enabled
0
+ _________________________ /proc/ksyms-netif_rx
+ test -r /proc/ksyms
+ test -r /proc/kallsyms
+ egrep netif_rx /proc/kallsyms
ffffffff8141ce70 t netif_rx_internal
ffffffff8141cf90 T netif_rx
ffffffff8141d000 T netif_rx_ni
ffffffff81815f58 r __tracepoint_ptr_netif_rx_ni_entry
ffffffff81815f60 r __tracepoint_ptr_netif_rx_entry
ffffffff81815f80 r __tracepoint_ptr_netif_rx
ffffffff81817c60 r __tpstrtab_netif_rx_ni_entry
ffffffff81817c72 r __tpstrtab_netif_rx_entry
ffffffff81817ce5 r __tpstrtab_netif_rx
ffffffff81828590 R __ksymtab_netif_rx
ffffffff818285a0 R __ksymtab_netif_rx_ni
ffffffff8183c1d0 r __kcrctab_netif_rx
ffffffff8183c1d8 r __kcrctab_netif_rx_ni
ffffffff8185c070 r __kstrtab_netif_rx_ni
ffffffff8185c07c r __kstrtab_netif_rx
ffffffff81acb360 d event_netif_rx_ni_entry
ffffffff81acb400 d event_netif_rx_entry
ffffffff81acb680 d event_netif_rx
ffffffff81ae1520 D __tracepoint_netif_rx_ni_entry
ffffffff81ae1560 D __tracepoint_netif_rx_entry
ffffffff81ae1660 D __tracepoint_netif_rx
ffffffff81bff340 t __event_netif_rx_ni_entry
ffffffff81bff348 t __event_netif_rx_entry
ffffffff81bff368 t __event_netif_rx
+ _________________________ lib/modules-netif_rx
+ modulegoo kernel/net/ipv4/ipip.o netif_rx
+ set +x
4.4.19-29.55.amzn1.x86_64:
4.4.30-32.54.amzn1.x86_64:
+ _________________________ kern.debug
+ test -f /var/log/kern.debug
+ _________________________ klog
+ egrep -i 'klips|ipsec'
+ dmesg
[16266.988751] IPv4 over IPsec tunneling driver
+ _________________________ plog
+ test -x /usr/bin/journalctl
+ case "$1" in
+ cat
+ egrep -i pluto
+ sed -n '46535,$p' /var/log/secure
Nov 23 17:34:25 ip-172-28-10-214 pluto[28407]: Starting Pluto (Libreswan Version 3.master-201646.git XFRM(netkey) KLIPS USE_FORK USE_PTHREAD_SETSCHEDPRIO NSS DNSSEC FIPS_CHECK LABELED_IPSEC LIBCAP_NG XAUTH_PAM NETWORKMANAGER CURL(non-NSS) LDAP(non-NSS)) pid:28407
Nov 23 17:34:25 ip-172-28-10-214 pluto[28407]: core dump dir: /var/run/pluto
Nov 23 17:34:25 ip-172-28-10-214 pluto[28407]: secrets file: /etc/ipsec.secrets
Nov 23 17:34:25 ip-172-28-10-214 pluto[28407]: leak-detective disabled
Nov 23 17:34:25 ip-172-28-10-214 pluto[28407]: NSS crypto [enabled]
Nov 23 17:34:25 ip-172-28-10-214 pluto[28407]: XAUTH PAM support [enabled]
Nov 23 17:34:25 ip-172-28-10-214 pluto[28407]: NAT-Traversal support [enabled]
Nov 23 17:34:25 ip-172-28-10-214 pluto[28407]: virtual-private entry not proper subnet: no / in subnet specification
Nov 23 17:34:25 ip-172-28-10-214 pluto[28407]: 1 bad entries in virtual-private - none loaded
Nov 23 17:34:25 ip-172-28-10-214 pluto[28407]: Encryption algorithm aes_ccm_16: IKE: DISABLED (not supported); ESP/AH: ENABLED; FIPS compliant
Nov 23 17:34:25 ip-172-28-10-214 pluto[28407]: Encryption algorithm aes_ccm_12: IKE: DISABLED (not supported); ESP/AH: ENABLED; FIPS compliant
Nov 23 17:34:25 ip-172-28-10-214 pluto[28407]: Encryption algorithm aes_ccm_8: IKE: DISABLED (not supported); ESP/AH: ENABLED; FIPS compliant
Nov 23 17:34:25 ip-172-28-10-214 pluto[28407]: Encryption algorithm 3des_cbc: IKE: ENABLED; ESP/AH: ENABLED; FIPS compliant
Nov 23 17:34:25 ip-172-28-10-214 pluto[28407]: Encryption algorithm camellia_ctr: IKE: DISABLED (not supported); ESP/AH: ENABLED
Nov 23 17:34:25 ip-172-28-10-214 pluto[28407]: Encryption algorithm camellia: IKE: ENABLED; ESP/AH: ENABLED
Nov 23 17:34:25 ip-172-28-10-214 pluto[28407]: Encryption algorithm aes_gcm_16: IKE: ENABLED; ESP/AH: ENABLED; FIPS compliant
Nov 23 17:34:25 ip-172-28-10-214 pluto[28407]: Encryption algorithm aes_gcm_12: IKE: ENABLED; ESP/AH: ENABLED; FIPS compliant
Nov 23 17:34:25 ip-172-28-10-214 pluto[28407]: Encryption algorithm aes_gcm: IKE: ENABLED; ESP/AH: ENABLED; FIPS compliant
Nov 23 17:34:25 ip-172-28-10-214 pluto[28407]: Encryption algorithm aes_ctr: IKE: ENABLED; ESP/AH: ENABLED; FIPS compliant
Nov 23 17:34:25 ip-172-28-10-214 pluto[28407]: Encryption algorithm aes: IKE: ENABLED; ESP/AH: ENABLED; FIPS compliant
Nov 23 17:34:25 ip-172-28-10-214 pluto[28407]: Encryption algorithm serpent: IKE: ENABLED; ESP/AH: ENABLED
Nov 23 17:34:25 ip-172-28-10-214 pluto[28407]: Encryption algorithm twofish: IKE: ENABLED; ESP/AH: ENABLED
Nov 23 17:34:25 ip-172-28-10-214 pluto[28407]: Encryption algorithm twofish_ssh: IKE: ENABLED; ESP/AH: ENABLED
Nov 23 17:34:25 ip-172-28-10-214 pluto[28407]: PRF algorithm md5: IKE: ENABLED; ESP/AH: ENABLED
Nov 23 17:34:25 ip-172-28-10-214 pluto[28407]: PRF algorithm sha: IKE: ENABLED; ESP/AH: ENABLED; FIPS compliant
Nov 23 17:34:25 ip-172-28-10-214 pluto[28407]: PRF algorithm sha2_256: IKE: ENABLED; ESP/AH: ENABLED; FIPS compliant
Nov 23 17:34:25 ip-172-28-10-214 pluto[28407]: PRF algorithm sha2_384: IKE: ENABLED; ESP/AH: ENABLED; FIPS compliant
Nov 23 17:34:25 ip-172-28-10-214 pluto[28407]: PRF algorithm sha2_512: IKE: ENABLED; ESP/AH: ENABLED; FIPS compliant
Nov 23 17:34:25 ip-172-28-10-214 pluto[28407]: Integrity algorithm md5: IKE: ENABLED; ESP/AH: ENABLED
Nov 23 17:34:25 ip-172-28-10-214 pluto[28407]: Integrity algorithm sha: IKE: ENABLED; ESP/AH: ENABLED; FIPS compliant
Nov 23 17:34:25 ip-172-28-10-214 pluto[28407]: Integrity algorithm sha2_512: IKE: ENABLED; ESP/AH: ENABLED; FIPS compliant
Nov 23 17:34:25 ip-172-28-10-214 pluto[28407]: Integrity algorithm sha2_384: IKE: ENABLED; ESP/AH: ENABLED; FIPS compliant
Nov 23 17:34:25 ip-172-28-10-214 pluto[28407]: Integrity algorithm sha2_256: IKE: ENABLED; ESP/AH: ENABLED; FIPS compliant
Nov 23 17:34:25 ip-172-28-10-214 pluto[28407]: Integrity algorithm aes_xcbc: IKE: DISABLED (not supported); ESP/AH: ENABLED; FIPS compliant
Nov 23 17:34:25 ip-172-28-10-214 pluto[28407]: Integrity algorithm aes_cmac: IKE: DISABLED (not supported); ESP/AH: ENABLED; FIPS compliant
Nov 23 17:34:25 ip-172-28-10-214 pluto[28407]: starting up 1 crypto helpers
Nov 23 17:34:25 ip-172-28-10-214 pluto[28407]: started thread for crypto helper 0 (master fd 11)
Nov 23 17:34:25 ip-172-28-10-214 pluto[28407]: Using Linux XFRM/NETKEY IPsec interface code on 4.4.30-32.54.amzn1.x86_64
Nov 23 17:34:25 ip-172-28-10-214 pluto[28407]: seccomp security for crypto helper not supported
Nov 23 17:34:25 ip-172-28-10-214 pluto[28407]: | selinux support is NOT enabled.
Nov 23 17:34:25 ip-172-28-10-214 pluto[28407]: seccomp security not supported
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: added connection description "awstunnel1"
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: added connection description "awstunnel2"
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: added connection description "awstunnel3"
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: added connection description "awstunnel4"
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: added connection description "v6neighbor-hole-in"
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: added connection description "v6neighbor-hole-out"
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: listening for IKE messages
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: adding interface eth0/eth0 169.254.255.5:500
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: adding interface eth0/eth0 169.254.255.5:4500
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: adding interface eth0/eth0 169.254.255.4:500
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: adding interface eth0/eth0 169.254.255.4:4500
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: adding interface eth0/eth0 169.254.255.3:500
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: adding interface eth0/eth0 169.254.255.3:4500
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: adding interface eth0/eth0 169.254.47.2:500
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: adding interface eth0/eth0 169.254.47.2:4500
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: adding interface eth0/eth0 169.254.47.14:500
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: adding interface eth0/eth0 169.254.47.14:4500
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: adding interface eth0/eth0 169.254.12.222:500
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: adding interface eth0/eth0 169.254.12.222:4500
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: adding interface eth0/eth0 169.254.12.54:500
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: adding interface eth0/eth0 169.254.12.54:4500
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: adding interface eth0/eth0 169.254.255.2:500
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: adding interface eth0/eth0 169.254.255.2:4500
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: adding interface lo/lo 127.0.0.1:500
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: adding interface lo/lo 127.0.0.1:4500
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: adding interface lo/lo ::1:500
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: | setup callback for interface lo:500 fd 34
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: | setup callback for interface lo:4500 fd 33
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: | setup callback for interface lo:500 fd 32
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: | setup callback for interface eth0:4500 fd 31
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: | setup callback for interface eth0:500 fd 30
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: | setup callback for interface eth0:4500 fd 29
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: | setup callback for interface eth0:500 fd 28
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: | setup callback for interface eth0:4500 fd 27
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: | setup callback for interface eth0:500 fd 26
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: | setup callback for interface eth0:4500 fd 25
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: | setup callback for interface eth0:500 fd 24
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: | setup callback for interface eth0:4500 fd 23
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: | setup callback for interface eth0:500 fd 22
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: | setup callback for interface eth0:4500 fd 21
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: | setup callback for interface eth0:500 fd 20
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: | setup callback for interface eth0:4500 fd 19
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: | setup callback for interface eth0:500 fd 18
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: | setup callback for interface eth0:4500 fd 17
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: | setup callback for interface eth0:500 fd 16
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: loading secrets from "/etc/ipsec.secrets"
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: loading secrets from "/etc/ipsec.d/awstunnel1.secrets"
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: loading secrets from "/etc/ipsec.d/awstunnel2.secrets"
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: loading secrets from "/etc/ipsec.d/awstunnel3.secrets"
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: loading secrets from "/etc/ipsec.d/awstunnel4.secrets"
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: "awstunnel1" #1: initiating Main Mode
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: "awstunnel2" #2: initiating Main Mode
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: "awstunnel3" #3: initiating Main Mode
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: "awstunnel4" #4: initiating Main Mode
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: reapchild failed with errno=10 No child processes
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: "awstunnel3" #3: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: "awstunnel3" #3: STATE_MAIN_I2: sent MI2, expecting MR2
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: "awstunnel4" #4: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: "awstunnel4" #4: STATE_MAIN_I2: sent MI2, expecting MR2
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: "awstunnel4" #4: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: "awstunnel4" #4: STATE_MAIN_I3: sent MI3, expecting MR3
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: "awstunnel3" #3: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: "awstunnel3" #3: STATE_MAIN_I3: sent MI3, expecting MR3
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: "awstunnel4" #4: Main mode peer ID is ID_IPV4_ADDR: '52.45.232.151'
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: "awstunnel4" #4: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: "awstunnel4" #4: STATE_MAIN_I4: ISAKMP SA established {auth=PRESHARED_KEY cipher=aes_128 integ=sha group=MODP2048}
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: "awstunnel4" #5: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO {using isakmp#4 msgid:48e3a281 proposal=AES(12)_128-SHA1(2) pfsgroup=OAKLEY_GROUP_MODP1024}
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: "awstunnel3" #3: Main mode peer ID is ID_IPV4_ADDR: '52.45.134.147'
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: "awstunnel3" #3: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: "awstunnel3" #3: STATE_MAIN_I4: ISAKMP SA established {auth=PRESHARED_KEY cipher=aes_128 integ=sha group=MODP2048}
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: "awstunnel3" #6: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO {using isakmp#3 msgid:8a53745e proposal=AES(12)_128-SHA1(2) pfsgroup=OAKLEY_GROUP_MODP1024}
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: "awstunnel4" #5: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: "awstunnel4" #5: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP/NAT=>0xb34007bf <0xd41ae7da xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=52.45.232.151:4500 DPD=active}
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: "awstunnel3" #6: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: "awstunnel3" #6: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP/NAT=>0x0fde270c <0x3cb3023f xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=52.45.134.147:4500 DPD=active}
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: "awstunnel1" #1: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: "awstunnel1" #1: STATE_MAIN_I2: sent MI2, expecting MR2
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: "awstunnel2" #2: transition from state STATE_MAIN_I1 to state STATE_MAIN_I2
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: "awstunnel2" #2: STATE_MAIN_I2: sent MI2, expecting MR2
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: "awstunnel1" #1: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: "awstunnel1" #1: STATE_MAIN_I3: sent MI3, expecting MR3
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: "awstunnel2" #2: transition from state STATE_MAIN_I2 to state STATE_MAIN_I3
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: "awstunnel2" #2: STATE_MAIN_I3: sent MI3, expecting MR3
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: "awstunnel1" #1: Main mode peer ID is ID_IPV4_ADDR: '35.163.197.247'
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: "awstunnel1" #1: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: "awstunnel1" #1: STATE_MAIN_I4: ISAKMP SA established {auth=PRESHARED_KEY cipher=aes_128 integ=sha group=MODP2048}
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: "awstunnel1" #7: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO {using isakmp#1 msgid:78736139 proposal=AES(12)_128-SHA1(2) pfsgroup=OAKLEY_GROUP_MODP1024}
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: "awstunnel2" #2: Main mode peer ID is ID_IPV4_ADDR: '35.163.220.45'
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: "awstunnel2" #2: transition from state STATE_MAIN_I3 to state STATE_MAIN_I4
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: "awstunnel2" #2: STATE_MAIN_I4: ISAKMP SA established {auth=PRESHARED_KEY cipher=aes_128 integ=sha group=MODP2048}
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: "awstunnel2" #8: initiating Quick Mode PSK+ENCRYPT+TUNNEL+PFS+UP+IKEV1_ALLOW+SAREF_TRACK+IKE_FRAG_ALLOW+ESN_NO {using isakmp#2 msgid:04dd1708 proposal=AES(12)_128-SHA1(2) pfsgroup=OAKLEY_GROUP_MODP1024}
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: "awstunnel1" #7: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: "awstunnel1" #7: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP/NAT=>0x004e43ab <0x986f67b3 xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=35.163.197.247:4500 DPD=active}
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: "awstunnel2" #8: transition from state STATE_QUICK_I1 to state STATE_QUICK_I2
Nov 23 17:34:26 ip-172-28-10-214 pluto[28407]: "awstunnel2" #8: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP/NAT=>0x4b5ff21b <0xacfaf6f7 xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=35.163.220.45:4500 DPD=active}
Nov 23 17:34:27 ip-172-28-10-214 pluto[28407]: forgetting secrets
Nov 23 17:34:27 ip-172-28-10-214 pluto[28407]: loading secrets from "/etc/ipsec.secrets"
Nov 23 17:34:27 ip-172-28-10-214 pluto[28407]: loading secrets from "/etc/ipsec.d/awstunnel1.secrets"
Nov 23 17:34:27 ip-172-28-10-214 pluto[28407]: loading secrets from "/etc/ipsec.d/awstunnel2.secrets"
Nov 23 17:34:27 ip-172-28-10-214 pluto[28407]: loading secrets from "/etc/ipsec.d/awstunnel3.secrets"
Nov 23 17:34:27 ip-172-28-10-214 pluto[28407]: loading secrets from "/etc/ipsec.d/awstunnel4.secrets"
Nov 23 17:35:11 ip-172-28-10-214 pluto[28407]: forgetting secrets
Nov 23 17:35:11 ip-172-28-10-214 pluto[28407]: loading secrets from "/etc/ipsec.secrets"
Nov 23 17:35:11 ip-172-28-10-214 pluto[28407]: loading secrets from "/etc/ipsec.d/awstunnel1.secrets"
Nov 23 17:35:11 ip-172-28-10-214 pluto[28407]: loading secrets from "/etc/ipsec.d/awstunnel2.secrets"
Nov 23 17:35:11 ip-172-28-10-214 pluto[28407]: loading secrets from "/etc/ipsec.d/awstunnel3.secrets"
Nov 23 17:35:11 ip-172-28-10-214 pluto[28407]: loading secrets from "/etc/ipsec.d/awstunnel4.secrets"
Nov 23 17:36:13 ip-172-28-10-214 pluto[28407]: forgetting secrets
Nov 23 17:36:13 ip-172-28-10-214 pluto[28407]: loading secrets from "/etc/ipsec.secrets"
Nov 23 17:36:13 ip-172-28-10-214 pluto[28407]: loading secrets from "/etc/ipsec.d/awstunnel1.secrets"
Nov 23 17:36:13 ip-172-28-10-214 pluto[28407]: loading secrets from "/etc/ipsec.d/awstunnel2.secrets"
Nov 23 17:36:13 ip-172-28-10-214 pluto[28407]: loading secrets from "/etc/ipsec.d/awstunnel3.secrets"
Nov 23 17:36:13 ip-172-28-10-214 pluto[28407]: loading secrets from "/etc/ipsec.d/awstunnel4.secrets"
Nov 23 17:36:49 ip-172-28-10-214 pluto[28407]: forgetting secrets
Nov 23 17:36:49 ip-172-28-10-214 pluto[28407]: loading secrets from "/etc/ipsec.secrets"
Nov 23 17:36:49 ip-172-28-10-214 pluto[28407]: loading secrets from "/etc/ipsec.d/awstunnel1.secrets"
Nov 23 17:36:49 ip-172-28-10-214 pluto[28407]: loading secrets from "/etc/ipsec.d/awstunnel2.secrets"
Nov 23 17:36:49 ip-172-28-10-214 pluto[28407]: loading secrets from "/etc/ipsec.d/awstunnel3.secrets"
Nov 23 17:36:49 ip-172-28-10-214 pluto[28407]: loading secrets from "/etc/ipsec.d/awstunnel4.secrets"
Nov 23 17:37:00 ip-172-28-10-214 pluto[28407]: forgetting secrets
Nov 23 17:37:00 ip-172-28-10-214 pluto[28407]: loading secrets from "/etc/ipsec.secrets"
Nov 23 17:37:00 ip-172-28-10-214 pluto[28407]: loading secrets from "/etc/ipsec.d/awstunnel1.secrets"
Nov 23 17:37:00 ip-172-28-10-214 pluto[28407]: loading secrets from "/etc/ipsec.d/awstunnel2.secrets"
Nov 23 17:37:00 ip-172-28-10-214 pluto[28407]: loading secrets from "/etc/ipsec.d/awstunnel3.secrets"
Nov 23 17:37:00 ip-172-28-10-214 pluto[28407]: loading secrets from "/etc/ipsec.d/awstunnel4.secrets"
Nov 23 17:37:35 ip-172-28-10-214 pluto[28407]: forgetting secrets
Nov 23 17:37:35 ip-172-28-10-214 pluto[28407]: loading secrets from "/etc/ipsec.secrets"
Nov 23 17:37:35 ip-172-28-10-214 pluto[28407]: loading secrets from "/etc/ipsec.d/awstunnel1.secrets"
Nov 23 17:37:35 ip-172-28-10-214 pluto[28407]: loading secrets from "/etc/ipsec.d/awstunnel2.secrets"
Nov 23 17:37:35 ip-172-28-10-214 pluto[28407]: loading secrets from "/etc/ipsec.d/awstunnel3.secrets"
Nov 23 17:37:35 ip-172-28-10-214 pluto[28407]: loading secrets from "/etc/ipsec.d/awstunnel4.secrets"
Nov 23 17:37:51 ip-172-28-10-214 pluto[28407]: forgetting secrets
Nov 23 17:37:51 ip-172-28-10-214 pluto[28407]: loading secrets from "/etc/ipsec.secrets"
Nov 23 17:37:51 ip-172-28-10-214 pluto[28407]: loading secrets from "/etc/ipsec.d/awstunnel1.secrets"
Nov 23 17:37:51 ip-172-28-10-214 pluto[28407]: loading secrets from "/etc/ipsec.d/awstunnel2.secrets"
Nov 23 17:37:51 ip-172-28-10-214 pluto[28407]: loading secrets from "/etc/ipsec.d/awstunnel3.secrets"
Nov 23 17:37:51 ip-172-28-10-214 pluto[28407]: loading secrets from "/etc/ipsec.d/awstunnel4.secrets"
Nov 23 17:39:04 ip-172-28-10-214 pluto[28407]: forgetting secrets
Nov 23 17:39:04 ip-172-28-10-214 pluto[28407]: loading secrets from "/etc/ipsec.secrets"
Nov 23 17:39:04 ip-172-28-10-214 pluto[28407]: loading secrets from "/etc/ipsec.d/awstunnel1.secrets"
Nov 23 17:39:04 ip-172-28-10-214 pluto[28407]: loading secrets from "/etc/ipsec.d/awstunnel2.secrets"
Nov 23 17:39:04 ip-172-28-10-214 pluto[28407]: loading secrets from "/etc/ipsec.d/awstunnel3.secrets"
Nov 23 17:39:04 ip-172-28-10-214 pluto[28407]: loading secrets from "/etc/ipsec.d/awstunnel4.secrets"
Nov 23 17:40:13 ip-172-28-10-214 pluto[28407]: forgetting secrets
Nov 23 17:40:13 ip-172-28-10-214 pluto[28407]: loading secrets from "/etc/ipsec.secrets"
Nov 23 17:40:13 ip-172-28-10-214 pluto[28407]: loading secrets from "/etc/ipsec.d/awstunnel1.secrets"
Nov 23 17:40:13 ip-172-28-10-214 pluto[28407]: loading secrets from "/etc/ipsec.d/awstunnel2.secrets"
Nov 23 17:40:13 ip-172-28-10-214 pluto[28407]: loading secrets from "/etc/ipsec.d/awstunnel3.secrets"
Nov 23 17:40:13 ip-172-28-10-214 pluto[28407]: loading secrets from "/etc/ipsec.d/awstunnel4.secrets"
Nov 23 17:40:29 ip-172-28-10-214 pluto[28407]: forgetting secrets
Nov 23 17:40:29 ip-172-28-10-214 pluto[28407]: loading secrets from "/etc/ipsec.secrets"
Nov 23 17:40:29 ip-172-28-10-214 pluto[28407]: loading secrets from "/etc/ipsec.d/awstunnel1.secrets"
Nov 23 17:40:29 ip-172-28-10-214 pluto[28407]: loading secrets from "/etc/ipsec.d/awstunnel2.secrets"
Nov 23 17:40:29 ip-172-28-10-214 pluto[28407]: loading secrets from "/etc/ipsec.d/awstunnel3.secrets"
Nov 23 17:40:29 ip-172-28-10-214 pluto[28407]: loading secrets from "/etc/ipsec.d/awstunnel4.secrets"
+ _________________________ date
+ date
Wed Nov 23 17:40:29 UTC 2016

BGP configuration:
# cat /etc/quagga/bgpd.conf
hostname ip-172-28-10-214
password xx
enable password xx
!
log file /var/log/quagga/bgpd.log
debug bgp events
debug bgp zebra
debug bgp updates
debug bgp filters
debug bgp fsm
!
router bgp 65001
bgp router-id 52.55.78.109
network 169.254.12.54/30
neighbor 169.254.12.53 remote-as 7224
neighbor 169.254.12.53 soft-reconfiguration inbound
neighbor 169.254.12.53 route-map rm_peer_1_out out
network 169.254.12.222/30
neighbor 169.254.12.221 remote-as 7224
neighbor 169.254.12.221 soft-reconfiguration inbound
neighbor 169.254.12.221 route-map rm_peer_1_out out
network 169.254.47.14/30
neighbor 169.254.47.13 remote-as 7224
neighbor 169.254.47.13 soft-reconfiguration inbound
neighbor 169.254.47.13 route-map rm_peer_1_out out
network 169.254.47.2/30
neighbor 169.254.47.1 remote-as 7224
neighbor 169.254.47.1 soft-reconfiguration inbound
neighbor 169.254.47.1 route-map rm_peer_1_out out
line vty
!
ip prefix-list localprefix seq 5 permit 172.18.0.0/16
ip prefix-list remoteprefix seq 5 permit any
! Suppress the AWS AS
route-map rm_peer_1_out permit 5
match ip address prefix-list localprefix
set as-path exclude 7224
! Suppress the AWS AS, synthetically extend the AS PATH
! For any vpc that isn't in the same region
route-map rm_peer_1_out permit 6
match ip address prefix-list remoteprefix
set as-path prepend 65001
set as-path exclude 7224
! Suppress advertisement for non-VPC addresses
access-list vpcprefixes permit 172.0.0.0/8
!

BGP state:
# vtysh -c 'show ip bgp summary'
BGP router identifier 52.55.78.109, local AS number 65001
RIB entries 11, using 1056 bytes of memory
Peers 4, using 18 KiB of memory

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
169.254.12.53 4 7224 185 188 0 0 0 00:30:21 1
169.254.12.221 4 7224 185 187 0 0 0 00:30:23 1
169.254.47.1 4 7224 185 188 0 0 0 00:30:22 1
169.254.47.13 4 7224 185 187 0 0 0 00:30:22 1

# vtysh -c 'show ip bgp'
BGP table version is 0, local router ID is 52.55.78.109
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, R Removed
Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path
*> 169.254.12.52/30 0.0.0.0 0 32768 i
*> 169.254.12.220/30
0.0.0.0 0 32768 i
*> 169.254.47.0/30 0.0.0.0 0 32768 i
*> 169.254.47.12/30 0.0.0.0 0 32768 i
*> 172.18.0.0 169.254.47.13 100 0 7224 i
* 169.254.47.1 200 0 7224 i
* 172.19.0.0 169.254.12.53 200 0 7224 i
*> 169.254.12.221 100 0 7224 i

Thank you,
-Jason Martin