현재 위치

›› Forums ›› 공부 ›› 설치 및 활용 QnA

freeswan(ipsec) 세팅에 관해서..

익명 사용자의 이미지
글쓴이: 익명 사용자 / 작성시간: 금, 2002/05/24 - 11:10오전

안녕하세요

현재 ipsec을 공부하고 있는데요..

리눅스----윈도

로 연결해서 ipsec 프로토콜을 구현하고, 덤프를 떠서 보려고 합니다.

근데.. 잘 안되네요.. ㅡㅡ; 또 무지 어렵고, 가장 문제 되는게..

위와 같은 설정이 동작 할 수 있느냐도 좀 확실치 않아서요..

이래저래 해 봤는데, 일단 설정은..

인터넷 -------- 리눅 --------------- 윈도

로 설정되어 있구요,

리눅에서 NAT를 써서 윈도의 인터넷을 지원하고 있는 상황입니다.

리눅에서 eth1을 ipse0에 물려서 윈두우와의 통신에 대해서만 ipsec 프로토콜을 사용하려고 하거든요..

하우투나 문서들을 봐도 gw to gw 로만 설명되어 잇어서 좀 난감힙니다.

조언좀 부탁 합니다. 자료도 주실 수 있다면 부탁 드리겠습니다.

아래는 ipsec barf 한 내용을 올려 드릴께요

그럼 좋은 하루 보내세요.

------------------------------ ipsec barf output -----------------------------------------------------------------------

etri
Thu May 23 161115 KST 2002
+ _________________________ version
+ ipsec --version
Linux FreeS/WAN 1.97
See `ipsec --copyright' for copyright information.
+ _________________________ proc/version
+ cat /proc/version
Linux version 2.4.5 (root@etri) (gcc version 2.96 20000731 (Red Hat Linux 7.0)) #6 SMP 수 5월 22 110148 KST 2002
+ _________________________ proc/net/ipsec_eroute
+ sort +3 /proc/net/ipsec_eroute
+ _________________________ proc/net/ipsec_spi
+ cat /proc/net/ipsec_spi
+ _________________________ proc/net/ipsec_spigrp
+ cat /proc/net/ipsec_spigrp
+ _________________________ netstart-rn
+ netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
255.255.255.255 0.0.0.0 255.255.255.255 UH 40 0 0 eth0
203.252.165.0 0.0.0.0 255.255.255.0 U 40 0 0 eth0
192.168.0.0 0.0.0.0 255.255.255.0 U 40 0 0 eth1
192.168.0.0 0.0.0.0 255.255.255.0 U 40 0 0 ipsec0
127.0.0.0 0.0.0.0 255.0.0.0 U 40 0 0 lo
0.0.0.0 203.252.165.254 0.0.0.0 UG 40 0 0 eth0
0.0.0.0 203.252.165.254 0.0.0.0 UG 40 0 0 eth0
+ _________________________ proc/net/ipsec_tncfg
+ cat /proc/net/ipsec_tncfg
ipsec0 -> eth1 mtu=16260(1500) -> 1500
ipsec1 -> NULL mtu=0(0) -> 0
ipsec2 -> NULL mtu=0(0) -> 0
ipsec3 -> NULL mtu=0(0) -> 0
+ _________________________ proc/net/pf_key
+ cat /proc/net/pf_key
sock pid socket next prev e n p sndbf Flags Type St
c1c5d8a0 1525 c1a1facc 0 0 0 0 2 65535 00000000 3 1
+ _________________________ proc/net/pf_key-star
+ cd /proc/net
+ egrep '^' pf_key_registered pf_key_supported
pf_key_registeredsatype socket pid sk
pf_key_registered 2 c1a1facc 1525 c1c5d8a0
pf_key_registered 3 c1a1facc 1525 c1c5d8a0
pf_key_registered 9 c1a1facc 1525 c1c5d8a0
pf_key_registered 10 c1a1facc 1525 c1c5d8a0
pf_key_supportedsatype exttype alg_id ivlen minbits maxbits
pf_key_supported 2 14 3 0 160 160
pf_key_supported 2 14 2 0 128 128
pf_key_supported 3 15 3 128 168 168
pf_key_supported 3 14 3 0 160 160
pf_key_supported 3 14 2 0 128 128
pf_key_supported 9 15 1 0 32 32
pf_key_supported 10 15 2 0 1 1
+ _________________________ proc/sys/net/ipsec-star
+ cd /proc/sys/net/ipsec
+ egrep '^' debug_ah debug_eroute debug_esp debug_ipcomp debug_netlink debug_pfkey debug_radij debug_rcv debug_spi debug_tunnel
debug_verbose debug_xform icmp inbound_policy_check tos
debug_ah0
debug_eroute0
debug_esp0
debug_ipcomp0
debug_netlink0
debug_pfkey0
debug_radij0
debug_rcv0
debug_spi0
debug_tunnel0
debug_verbose0
debug_xform0
icmp1
inbound_policy_check1
tos1
+ _________________________ ipsec/status
+ ipsec auto --status
000 interface ipsec0/eth1 192.168.0.1
000
000 "mta" 192.168.0.1...192.168.0.5
000 "mta" ike_life 3600s; ipsec_life 28800s; rekey_margin 540s; rekey_fuzz 100%; keyingtries 3
000 "mta" policy PSK+ENCRYPT+TUNNEL+PFS+DISABLEARRIVALCHECK+DONTREKEY; interface eth1; unrouted
000 "mta" newest ISAKMP SA #0; newest IPsec SA #0; eroute owner #0
000
+ _________________________ ifconfig-a
+ ifconfig -a
eth0 Link encapEthernet HWaddr 00010244C836
inet addr203.252.165.156 Bcast203.252.165.255 Mask255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU1500 Metric1
RX packets2662 errors0 dropped0 overruns0 frame0
TX packets92 errors0 dropped0 overruns0 carrier0
collisions0 txqueuelen100
Interrupt9 Base address0x3c00

eth1 Link encapEthernet HWaddr 00E04CCF0769
inet addr192.168.0.1 Bcast192.168.0.255 Mask255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU1500 Metric1
RX packets109 errors0 dropped0 overruns0 frame0
TX packets75 errors0 dropped0 overruns0 carrier0
collisions0 txqueuelen100
Interrupt11 Base address0xe400

ipsec0 Link encapEthernet HWaddr 00E04CCF0769
inet addr192.168.0.1 Mask255.255.255.0
UP RUNNING NOARP MTU16260 Metric1
RX packets0 errors0 dropped0 overruns0 frame0
TX packets0 errors0 dropped0 overruns0 carrier0
collisions0 txqueuelen10

ipsec1 Link encapIPIP Tunnel HWaddr
NOARP MTU0 Metric1
RX packets0 errors0 dropped0 overruns0 frame0
TX packets0 errors0 dropped0 overruns0 carrier0
collisions0 txqueuelen10

ipsec2 Link encapIPIP Tunnel HWaddr
NOARP MTU0 Metric1
RX packets0 errors0 dropped0 overruns0 frame0
TX packets0 errors0 dropped0 overruns0 carrier0
collisions0 txqueuelen10

ipsec3 Link encapIPIP Tunnel HWaddr
NOARP MTU0 Metric1
RX packets0 errors0 dropped0 overruns0 frame0
TX packets0 errors0 dropped0 overruns0 carrier0
collisions0 txqueuelen10

lo Link encapLocal Loopback
inet addr127.0.0.1 Mask255.0.0.0
UP LOOPBACK RUNNING MTU16436 Metric1
RX packets6 errors0 dropped0 overruns0 frame0
TX packets6 errors0 dropped0 overruns0 carrier0
collisions0 txqueuelen0

tunl0 Link encapIPIP Tunnel HWaddr
NOARP MTU1480 Metric1
RX packets0 errors0 dropped0 overruns0 frame0
TX packets0 errors0 dropped0 overruns0 carrier0
collisions0 txqueuelen0

+ _________________________ ipsec/directory
+ ipsec --directory
/usr/local/lib/ipsec
+ _________________________ hostname/fqdn
+ hostname --fqdn
etri
+ _________________________ hostname/ipaddress
+ hostname --ip-address
203.252.165.156
+ _________________________ uptime
+ uptime
411pm up 12 min, 2 users, load average 0.10, 0.09, 0.08
+ _________________________ ps
+ ps alxwf
+ egrep -i 'ppid|pluto|ipsec|klips'
F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME COMMAND
000 0 1884 1098 9 0 1900 916 wait4 S pts/0 000 \_ /bin/sh /usr/local/sbin/ipsec barf
000 0 1885 1884 12 0 1920 956 wait4 S pts/0 000 \_ /bin/sh /usr/local/lib/ipsec/barf
000 0 1925 1885 13 0 1396 480 pipe_w S pts/0 000 \_ egrep -i ppid|pluto|ipsec|klips
040 0 1522 1 9 0 1904 928 wait4 S pts/0 000 /bin/sh /usr/local/lib/ipsec/_plutorun --debug --uniqueids --
040 0 1523 1522 9 0 1904 928 wait4 S pts/0 000 \_ /bin/sh /usr/local/lib/ipsec/_plutorun --debug --uniqueids
100 0 1525 1523 9 0 1900 780 do_sel S pts/0 000 | \_ /usr/local/lib/ipsec/pluto --nofork
000 0 1527 1525 9 0 1372 348 do_sel S pts/0 000 | \_ _pluto_adns 7 10
000 0 1524 1522 8 0 1888 920 pipe_w S pts/0 000 \_ /bin/sh /usr/local/lib/ipsec/_plutoload --load %search --st
000 0 1526 1 9 0 1312 512 pipe_w S pts/0 000 logger -p daemon.error -t ipsec__plutorun
+ _________________________ ipsec/showdefaults
+ ipsec showdefaults
#dr no default route
# no default route
# no default route
+ _________________________ ipsec/conf
+ ipsec _include /etc/ipsec.conf
+ ipsec _keycensor

#< /etc/ipsec.conf 1
# /etc/ipsec.conf - FreeS/WAN IPsec configuration file

# More elaborate and more varied sample configurations can be found
# in FreeS/WAN's doc/examples file, and in the HTML documentation.

# basic configuration
config setup
# THIS SETTING MUST BE CORRECT or almost nothing will work;
# %defaultroute is okay for most simple cases.
interfaces="ipsec0=eth1"
# Use auto= parameters in conn descriptions to control startup actions.
plutoload=%search
plutostart=%search
# Close down old connection when new one using same ID shows up.
# uniqueids=yes

# defaults for subsequent connection descriptions
# (these defaults will soon go away)
conn %default
authby=secret
auto=add

# connection description for opportunistic encryption
# (requires KEY record in your DNS reverse map; see doc/opportunism.howto)
conn mta
left=192.168.0.1
right=192.168.0.5
#rightsasigkey=[sums to 3a95...]
#rightsasigkey=[sums to 3a95...]
auto=add
rekey=no
keyexchange=ike
# for initiator only OE, uncomment and uncomment this
# after putting your key in your forward map
#leftid=@myhostname.example.com
# uncomment this next line to enable it
#auto=route
authby=secret
keylife=8h
pfs=yes

# sample VPN connection
conn sample
# Left security gateway, subnet behind it, next hop toward right.
# left=10.0.0.1
# leftsubnet=172.16.0.0/24
# leftnexthop=10.22.33.44
# Right security gateway, subnet behind it, next hop toward left.
# right=10.12.12.1
# rightsubnet=192.168.0.0/24
# rightnexthop=10.101.102.103
# To authorize this connection, but not actually start it, at startup,
# uncomment this.
#auto=add
+ _________________________ ipsec/secrets
+ ipsec _include /etc/ipsec.secrets
+ ipsec _secretcensor

#< /etc/ipsec.secrets 1
# This file holds shared secrets or RSA private keys for inter-Pluto
# authentication. See ipsec_pluto(8) manpage, and HTML documentation.

# RSA private key for this host, authenticating it to any other host
# which knows the public part. Suitable public keys, for ipsec.conf, DNS,
# or configuration of other implementations, can be extracted conveniently
# with "[sums to ef67...]".
+ _________________________ ipsec/ls-dir
+ ls -l /usr/local/lib/ipsec
total 3844
-rwxr-xr-x 1 root root 11085 May 22 1038 _confread
-rwxr-xr-x 1 root root 11085 May 21 1648 _confread~
-rwxr-xr-x 1 root root 43178 May 22 1038 _copyright
-rwxr-xr-x 1 root root 43178 May 21 1648 _copyright~
-rwxr-xr-x 1 root root 2163 May 22 1038 _include
-rwxr-xr-x 1 root root 2163 May 21 1648 _include~
-rwxr-xr-x 1 root root 1472 May 22 1038 _keycensor
-rwxr-xr-x 1 root root 1472 May 21 1648 _keycensor~
-rwxr-xr-x 1 root root 66406 May 22 1038 _pluto_adns
-rwxr-xr-x 1 root root 66406 May 21 1648 _pluto_adns~
-rwxr-xr-x 1 root root 3495 May 22 1038 _plutoload
-rwxr-xr-x 1 root root 3495 May 21 1648 _plutoload~
-rwxr-xr-x 1 root root 4265 May 22 1038 _plutorun
-rwxr-xr-x 1 root root 4265 May 21 1648 _plutorun~
-rwxr-xr-x 1 root root 7294 May 22 1038 _realsetup
-rwxr-xr-x 1 root root 7294 May 21 1648 _realsetup~
-rwxr-xr-x 1 root root 1971 May 22 1038 _secretcensor
-rwxr-xr-x 1 root root 1971 May 21 1648 _secretcensor~
-rwxr-xr-x 1 root root 6839 May 22 1038 _startklips
-rwxr-xr-x 1 root root 6839 May 21 1648 _startklips~
-rwxr-xr-x 1 root root 5014 May 22 1038 _updown
-rwxr-xr-x 1 root root 5014 May 21 1648 _updown~
-rwxr-xr-x 1 root root 10912 May 22 1038 auto
-rwxr-xr-x 1 root root 10912 May 21 1648 auto~
-rwxr-xr-x 1 root root 7132 May 22 1038 barf
-rwxr-xr-x 1 root root 7132 May 21 1648 barf~
-rwxr-xr-x 1 root root 211431 May 22 1038 eroute
-rwxr-xr-x 1 root root 95381 May 22 1038 ikeping
-rwxr-xr-x 1 root root 95381 May 21 1648 ikeping~
-rwxr-xr-x 1 root root 2915 May 22 1038 ipsec
-rw-r--r-- 1 root root 1950 May 22 1038 ipsec_pr.template
-rwxr-xr-x 1 root root 2915 May 21 1648 ipsec~
-rwxr-xr-x 1 root root 157556 May 22 1038 klipsdebug
-rwxr-xr-x 1 root root 2437 May 22 1038 look
-rwxr-xr-x 1 root root 2437 May 21 1648 look~
-rwxr-xr-x 1 root root 16157 May 22 1038 manual
-rwxr-xr-x 1 root root 16157 May 21 1648 manual~
-rwxr-xr-x 1 root root 1847 May 22 1038 newhostkey
-rwxr-xr-x 1 root root 1847 May 21 1648 newhostkey~
-rwxr-xr-x 1 root root 139302 May 22 1038 pf_key
-rwxr-xr-x 1 root root 753881 May 22 1038 pluto
-rwxr-xr-x 1 root root 753881 May 21 1648 pluto~
-rwxr-xr-x 1 root root 49399 May 22 1038 ranbits
-rwxr-xr-x 1 root root 49399 May 21 1648 ranbits~
-rwxr-xr-x 1 root root 76336 May 22 1038 rsasigkey
-rwxr-xr-x 1 root root 76336 May 21 1648 rsasigkey~
-rwxr-xr-x 1 root root 16671 May 22 1038 send-pr
-rwxr-xr-x 1 root root 16671 May 21 1648 send-pr~
lrwxrwxrwx 1 root root 22 May 22 1038 setup -> /etc/rc.d/init.d/ipsec
-rwxr-xr-x 1 root root 1041 May 22 1038 showdefaults
-rwxr-xr-x 1 root root 1041 May 21 1648 showdefaults~
-rwxr-xr-x 1 root root 3484 May 22 1038 showhostkey
-rwxr-xr-x 1 root root 3484 May 21 1648 showhostkey~
-rwxr-xr-x 1 root root 232504 May 22 1038 spi
-rwxr-xr-x 1 root root 190599 May 22 1038 spigrp
-rwxr-xr-x 1 root root 71331 May 22 1038 tncfg
-rwxr-xr-x 1 root root 93148 May 22 1038 uml_netjig
-rwxr-xr-x 1 root root 129799 May 22 1038 whack
-rwxr-xr-x 1 root root 129799 May 21 1648 whack~
+ _________________________ ipsec/updowns
++ ls /usr/local/lib/ipsec
++ egrep updown
+ cat /usr/local/lib/ipsec/_updown
#! /bin/sh
# default updown script
# Copyright (C) 2000, 2001 D. Hugh Redelmeier, Henry Spencer
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 2 of the License, or (at your
# option) any later version. See .
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
# for more details.
#
# RCSID $Id _updown,v 1.19 2002/03/25 180442 henry Exp $

# CAUTION Installing a new version of FreeS/WAN will install a new
# copy of this script, wiping out any custom changes you make. If
# you need changes, make a copy of this under another name, and customize
# that, and use the (left/right)updown parameters in ipsec.conf to make
# FreeS/WAN use yours instead of this default one.

# check interface version
case "$PLUTO_VERSION" in
1.[0]) # Older Pluto?!? Play it safe, script may be using new features.
echo "$0 obsolete interface version \`$PLUTO_VERSION'," >&2
echo "$0 called by obsolete Pluto?" >&2
exit 2
;;
1.*) ;;
*) echo "$0 unknown interface version \`$PLUTO_VERSION'" >&2
exit 2
;;
esac

# check parameter(s)
case "$1$*" in
'') # no parameters
;;
ipfwadmipfwadm) # due to (left/right)firewall; for default script only
;;
custom*) # custom parameters (see above CAUTION comment)
;;
*) echo "$0 unknown parameters \`$*'" >&2
exit 2
;;
esac

# utility functions for route manipulation
# Meddling with this stuff should not be necessary and requires great care.
uproute() {
doroute add
}
downroute() {
doroute del
}
doroute() {
parms="-net $PLUTO_PEER_CLIENT_NET netmask $PLUTO_PEER_CLIENT_MASK"
parms2="dev $PLUTO_INTERFACE gw $PLUTO_NEXT_HOP"
case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in
"0.0.0.0/0.0.0.0")
# horrible kludge for obscure routing bug with opportunistic
it="route $1 -net 0.0.0.0 netmask 128.0.0.0 $parms2 &&
route $1 -net 128.0.0.0 netmask 128.0.0.0 $parms2"
;;
*) it="route $1 $parms $parms2"
;;
esac
eval $it
st=$?
if test $st -ne 0
then
# route has already given its own cryptic message
echo "$0 \`$it' failed" >&2
if test " $1 $st" = " add 7"
then
# another totally undocumented interface -- 7 and
# "SIOCADDRT Network is unreachable" means that
# the gateway isn't reachable.
echo "$0 (incorrect or missing nexthop setting??)" >&2
fi
fi
return $st
}

# the big choice
case "$PLUTO_VERB$1" in
prepare-host*|prepare-client*)
# delete possibly-existing route (preliminary to adding a route)
case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in
"0.0.0.0/0.0.0.0")
# horrible kludge for obscure routing bug with opportunistic
it="route del -net 0.0.0.0 netmask 128.0.0.0 2>&1 ;
route del -net 128.0.0.0 netmask 128.0.0.0 2>&1"
;;
*)
it="route del -net $PLUTO_PEER_CLIENT_NET \
netmask $PLUTO_PEER_CLIENT_MASK 2>&1"
;;
esac
oops="`eval $it`"
status="$?"
if test " $oops" = " " -a " $status" != " 0"
then
oops="silent error, exit status $status"
fi
case "$oops" in
'SIOCDELRT No such process'*)
# This is what route (currently -- not documented!) gives
# for "could not find such a route".
oops=
status=0
;;
esac
if test " $oops" != " " -o " $status" != " 0"
then
echo "$0 \`$it' failed ($oops)" >&2
fi
exit $status
;;
route-host*|route-client*)
# connection to me or my client subnet being routed
uproute
;;
unroute-host*|unroute-client*)
# connection to me or my client subnet being unrouted
downroute
;;
up-host*)
# connection to me coming up
# If you are doing a custom version, firewall commands go here.
;;
down-host*)
# connection to me going down
# If you are doing a custom version, firewall commands go here.
;;
up-client)
# connection to my client subnet coming up
# If you are doing a custom version, firewall commands go here.
;;
down-client)
# connection to my client subnet going down
# If you are doing a custom version, firewall commands go here.
;;
up-clientipfwadm)
# connection to client subnet, with (left/right)firewall=yes, coming up
# This is used only by the default updown script, not by your custom
# ones, so do not mess with it; see CAUTION comment up at top.
ipfwadm -F -i accept -b -S $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \
-D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK
;;
down-clientipfwadm)
# connection to client subnet, with (left/right)firewall=yes, going down
# This is used only by the default updown script, not by your custom
# ones, so do not mess with it; see CAUTION comment up at top.
ipfwadm -F -d accept -b -S $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \
-D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK
;;
*) echo "$0 unknown verb \`$PLUTO_VERB' or parameter \`$1'" >&2
exit 1
;;
esac
+ cat /usr/local/lib/ipsec/_updown~
#! /bin/sh
# default updown script
# Copyright (C) 2000, 2001 D. Hugh Redelmeier, Henry Spencer
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 2 of the License, or (at your
# option) any later version. See .
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
# for more details.
#
# RCSID $Id _updown,v 1.19 2002/03/25 180442 henry Exp $

# CAUTION Installing a new version of FreeS/WAN will install a new
# copy of this script, wiping out any custom changes you make. If
# you need changes, make a copy of this under another name, and customize
# that, and use the (left/right)updown parameters in ipsec.conf to make
# FreeS/WAN use yours instead of this default one.

# check interface version
case "$PLUTO_VERSION" in
1.[0]) # Older Pluto?!? Play it safe, script may be using new features.
echo "$0 obsolete interface version \`$PLUTO_VERSION'," >&2
echo "$0 called by obsolete Pluto?" >&2
exit 2
;;
1.*) ;;
*) echo "$0 unknown interface version \`$PLUTO_VERSION'" >&2
exit 2
;;
esac

# check parameter(s)
case "$1$*" in
'') # no parameters
;;
ipfwadmipfwadm) # due to (left/right)firewall; for default script only
;;
custom*) # custom parameters (see above CAUTION comment)
;;
*) echo "$0 unknown parameters \`$*'" >&2
exit 2
;;
esac

# utility functions for route manipulation
# Meddling with this stuff should not be necessary and requires great care.
uproute() {
doroute add
}
downroute() {
doroute del
}
doroute() {
parms="-net $PLUTO_PEER_CLIENT_NET netmask $PLUTO_PEER_CLIENT_MASK"
parms2="dev $PLUTO_INTERFACE gw $PLUTO_NEXT_HOP"
case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in
"0.0.0.0/0.0.0.0")
# horrible kludge for obscure routing bug with opportunistic
it="route $1 -net 0.0.0.0 netmask 128.0.0.0 $parms2 &&
route $1 -net 128.0.0.0 netmask 128.0.0.0 $parms2"
;;
*) it="route $1 $parms $parms2"
;;
esac
eval $it
st=$?
if test $st -ne 0
then
# route has already given its own cryptic message
echo "$0 \`$it' failed" >&2
if test " $1 $st" = " add 7"
then
# another totally undocumented interface -- 7 and
# "SIOCADDRT Network is unreachable" means that
# the gateway isn't reachable.
echo "$0 (incorrect or missing nexthop setting??)" >&2
fi
fi
return $st
}

# the big choice
case "$PLUTO_VERB$1" in
prepare-host*|prepare-client*)
# delete possibly-existing route (preliminary to adding a route)
case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in
"0.0.0.0/0.0.0.0")
# horrible kludge for obscure routing bug with opportunistic
it="route del -net 0.0.0.0 netmask 128.0.0.0 2>&1 ;
route del -net 128.0.0.0 netmask 128.0.0.0 2>&1"
;;
*)
it="route del -net $PLUTO_PEER_CLIENT_NET \
netmask $PLUTO_PEER_CLIENT_MASK 2>&1"
;;
esac
oops="`eval $it`"
status="$?"
if test " $oops" = " " -a " $status" != " 0"
then
oops="silent error, exit status $status"
fi
case "$oops" in
'SIOCDELRT No such process'*)
# This is what route (currently -- not documented!) gives
# for "could not find such a route".
oops=
status=0
;;
esac
if test " $oops" != " " -o " $status" != " 0"
then
echo "$0 \`$it' failed ($oops)" >&2
fi
exit $status
;;
route-host*|route-client*)
# connection to me or my client subnet being routed
uproute
;;
unroute-host*|unroute-client*)
# connection to me or my client subnet being unrouted
downroute
;;
up-host*)
# connection to me coming up
# If you are doing a custom version, firewall commands go here.
;;
down-host*)
# connection to me going down
# If you are doing a custom version, firewall commands go here.
;;
up-client)
# connection to my client subnet coming up
# If you are doing a custom version, firewall commands go here.
;;
down-client)
# connection to my client subnet going down
# If you are doing a custom version, firewall commands go here.
;;
up-clientipfwadm)
# connection to client subnet, with (left/right)firewall=yes, coming up
# This is used only by the default updown script, not by your custom
# ones, so do not mess with it; see CAUTION comment up at top.
ipfwadm -F -i accept -b -S $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \
-D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK
;;
down-clientipfwadm)
# connection to client subnet, with (left/right)firewall=yes, going down
# This is used only by the default updown script, not by your custom
# ones, so do not mess with it; see CAUTION comment up at top.
ipfwadm -F -d accept -b -S $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \
-D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK
;;
*) echo "$0 unknown verb \`$PLUTO_VERB' or parameter \`$1'" >&2
exit 1
;;
esac
+ _________________________ proc/net/dev
+ cat /proc/net/dev
Inter-| Receive | Transmit
face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed
lo 420 6 0 0 0 0 0 0 420 6 0 0 0 0 0 0
eth0 539240 2662 0 0 0 0 0 0 9500 93 0 0 0 0 0 0
tunl0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
eth1 11410 110 0 0 0 0 0 0 15927 75 0 0 0 0 0 0
ipsec0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
ipsec1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
ipsec2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
ipsec3 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
+ _________________________ proc/net/route
+ cat /proc/net/route
Iface Destination Gateway Flags RefCnt Use Metric Mask MTU Window
IRTT
eth0 FFFFFFFF 00000000 0005 0 0 0 FFFFFFFF 40 0
0
eth0 00A5FCCB 00000000 0001 0 0 0 00FFFFFF 40 0
0
eth1 0000A8C0 00000000 0001 0 0 0 00FFFFFF 40 0
0
ipsec0 0000A8C0 00000000 0001 0 0 0 00FFFFFF 40 0
0
lo 0000007F 00000000 0001 0 0 0 000000FF 40 0
0
eth0 00000000 FEA5FCCB 0003 0 0 0 00000000 40 0
0
eth0 00000000 FEA5FCCB 0003 0 0 1 00000000 40 0
0
+ _________________________ proc/sys/net/ipv4/ip_forward
+ cat /proc/sys/net/ipv4/ip_forward
1
+ _________________________ proc/sys/net/ipv4/conf/star-rp_filter
+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/rp_filter default/rp_filter eth0/rp_filter eth1/rp_filter ipsec0/rp_filter lo/rp_filter
all/rp_filter1
default/rp_filter0
eth0/rp_filter0
eth1/rp_filter0
ipsec0/rp_filter0
lo/rp_filter0
+ _________________________ uname-a
+ uname -a
Linux etri 2.4.5 #6 SMP 수 5월 22 110148 KST 2002 i686 unknown
+ _________________________ redhat-release
+ test -r /etc/redhat-release
+ cat /etc/redhat-release
Red Hat Linux release 7.0 (Guinness)
+ _________________________ proc/net/ipsec_version
+ cat /proc/net/ipsec_version
FreeS/WAN version 1.97
+ _________________________ iptables/list
+ iptables -L -v -n
Chain INPUT (policy ACCEPT 660 packets, 78945 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- eth0 * 0.0.0.0/0 0.0.0.0/0 udp spt500 dpt500
0 0 ACCEPT esp -- eth0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT ah -- eth0 * 0.0.0.0/0 0.0.0.0/0
8 1987 all -- eth0 * 0.0.0.0/0 0.0.0.0/0

Chain FORWARD (policy ACCEPT 161 packets, 22323 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- ipsec+ * 0.0.0.0/0 203.252.165.0/24

Chain OUTPUT (policy ACCEPT 8 packets, 568 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- * eth0 0.0.0.0/0 0.0.0.0/0 udp spt500 dpt500
0 0 ACCEPT esp -- * eth0 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT ah -- * eth0 0.0.0.0/0 0.0.0.0/0
0 0 all -- * eth1 0.0.0.0/0 0.0.0.0/0
+ _________________________ ipchains/list
+ ipchains -L -v -n
ipchains Incompatible with this kernel
+ _________________________ ipfwadm/forward
+ ipfwadm -F -l -n -e
Generic IP Firewall Chains not in this kernel
+ _________________________ ipfwadm/input
+ ipfwadm -I -l -n -e
Generic IP Firewall Chains not in this kernel
+ _________________________ ipfwadm/output
+ ipfwadm -O -l -n -e
Generic IP Firewall Chains not in this kernel
+ _________________________ iptables/nat
+ iptables -t nat -L -v -n
Chain PREROUTING (policy ACCEPT 185 packets, 28065 bytes)
pkts bytes target prot opt in out source destination

Chain POSTROUTING (policy ACCEPT 5 packets, 386 bytes)
pkts bytes target prot opt in out source destination
19 999 SNAT all -- * eth0 0.0.0.0/0 0.0.0.0/0 to203.252.165.156
0 0 ACCEPT all -- * ipsec0 0.0.0.0/0 0.0.0.0/0
0 0 MASQUERADE all -- * eth0 0.0.0.0/0 0.0.0.0/0

Chain OUTPUT (policy ACCEPT 3 packets, 242 bytes)
pkts bytes target prot opt in out source destination
+ _________________________ ipchains/masq
+ ipchains -M -L -v -n
ipchains cannot open file `/proc/net/ip_masquerade'
+ _________________________ ipfwadm/masq
+ ipfwadm -M -l -n -e
Generic IP Firewall Chains not in this kernel
+ _________________________ iptables/mangle
+ iptables -t mangle -L -v -n
modprobe Can't locate module ip_tables
iptables v1.2.6a can't initialize iptables table `mangle' Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
+ _________________________ proc/modules
+ cat /proc/modules
ipsec 244924 2
8139too 12096 1
+ _________________________ proc/meminfo
+ cat /proc/meminfo
total used free shared buffers cached
Mem 128393216 108654592 19738624 0 4780032 43859968
Swap 271392768 0 271392768
MemTotal 125384 kB
MemFree 19276 kB
MemShared 0 kB
Buffers 4668 kB
Cached 42832 kB
Active 43156 kB
Inact_dirty 4344 kB
Inact_clean 0 kB
Inact_target 8 kB
HighTotal 0 kB
HighFree 0 kB
LowTotal 125384 kB
LowFree 19276 kB
SwapTotal 265032 kB
SwapFree 265032 kB
+ _________________________ dev/ipsec-ls
+ ls -l '/dev/ipsec*'
ls /dev/ipsec* No such file or directory
+ _________________________ proc/net/ipsec-ls
+ ls -
l /proc/net/ipsec_eroute /proc/net/ipsec_klipsdebug /proc/net/ipsec_spi /proc/net/ipsec_spigrp /proc/net/ipsec_tncfg /proc/net/ipsec_v
ersion
-r--r--r-- 1 root root 0 May 23 1611 /proc/net/ipsec_eroute
-r--r--r-- 1 root root 0 May 23 1611 /proc/net/ipsec_klipsdebug
-r--r--r-- 1 root root 0 May 23 1611 /proc/net/ipsec_spi
-r--r--r-- 1 root root 0 May 23 1611 /proc/net/ipsec_spigrp
-r--r--r-- 1 root root 0 May 23 1611 /proc/net/ipsec_tncfg
-r--r--r-- 1 root root 0 May 23 1611 /proc/net/ipsec_version
+ _________________________ usr/src/linux/.config
+ test -f /usr/src/linux/.config
+ egrep 'IP|NETLINK' /usr/src/linux/.config
# CONFIG_MWINCHIPC6 is not set
# CONFIG_MWINCHIP2 is not set
# CONFIG_MWINCHIP3D is not set
CONFIG_SYSVIPC=y
# CONFIG_NETLINK is not set
CONFIG_IP_MULTICAST=y
# CONFIG_IP_ADVANCED_ROUTER is not set
# CONFIG_IP_PNP is not set
CONFIG_NET_IPIP=y
# CONFIG_NET_IPGRE is not set
# CONFIG_IP_MROUTE is not set
# IP Netfilter Configuration
CONFIG_IP_NF_CONNTRACK=y
CONFIG_IP_NF_FTP=y
CONFIG_IP_NF_IPTABLES=y
# CONFIG_IP_NF_MATCH_LIMIT is not set
# CONFIG_IP_NF_MATCH_MAC is not set
# CONFIG_IP_NF_MATCH_MARK is not set
# CONFIG_IP_NF_MATCH_MULTIPORT is not set
# CONFIG_IP_NF_MATCH_TOS is not set
# CONFIG_IP_NF_MATCH_TCPMSS is not set
# CONFIG_IP_NF_MATCH_STATE is not set
CONFIG_IP_NF_FILTER=y
CONFIG_IP_NF_TARGET_REJECT=y
CONFIG_IP_NF_NAT=y
CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=y
# CONFIG_IP_NF_TARGET_REDIRECT is not set
CONFIG_IP_NF_NAT_FTP=y
# CONFIG_IP_NF_MANGLE is not set
# CONFIG_IP_NF_TARGET_LOG is not set
# CONFIG_IP_NF_TARGET_TCPMSS is not set
# CONFIG_IPX is not set
CONFIG_IPSEC=m
# IPSec options (FreeS/WAN)
CONFIG_IPSEC_IPIP=y
CONFIG_IPSEC_AH=y
CONFIG_IPSEC_AUTH_HMAC_MD5=y
CONFIG_IPSEC_AUTH_HMAC_SHA1=y
CONFIG_IPSEC_ESP=y
CONFIG_IPSEC_ENC_3DES=y
CONFIG_IPSEC_IPCOMP=y
CONFIG_IPSEC_DEBUG=y
# CONFIG_IDE_CHIPSETS is not set
# CONFIG_SCSI_IPS is not set
# CONFIG_TULIP is not set
# CONFIG_SLIP is not set
# CONFIG_PCMCIA_XIRTULIP is not set
+ _________________________ etc/syslog.conf
+ cat /etc/syslog.conf
# Log all kernel messages to the console.
# Logging much else clutters up the screen.
#kern.* /dev/console

# Log anything (except mail) of level info or higher.
# Don't log private authentication messages!
*.info;mail.none;news.none;authpriv.none /var/log/messages

# The authpriv file has restricted access.
authpriv.* /var/log/secure

# Log all the mail messages in one place.
mail.* /var/log/maillog

# Log cron stuff
cron.* /var/log/cron

# Everybody gets emergency messages, plus log them on another
# machine.
*.emerg *

# Save mail and news errors of level err and higher in a
# special file.
uucp,news.crit /var/log/spooler

# Save boot messages also to boot.log
local7.* /var/log/boot.log

#
# INN
#
news.=crit /var/log/news/news.crit
news.=err /var/log/news/news.err
news.notice /var/log/news/news.notice
+ _________________________ lib/modules-ls
+ ls -ltr /lib/modules
total 20
drwxr-xr-x 11 root root 4096 Aug 11 2001 2.2.16-22enterprise
drwxr-xr-x 12 root root 4096 Jan 29 1444 2.2.16-22
drwxr-xr-x 4 root root 4096 May 17 1111 2.4.4
drwxr-xr-x 3 root root 4096 May 17 1203 2.2.4
drwxr-xr-x 4 root root 4096 May 22 1102 2.4.5
+ _________________________ proc/ksyms-netif_rx
+ egrep netif_rx /proc/ksyms
c01f2850 netif_rx_Rsmp_923d50b6
+ _________________________ lib/modules-netif_rx
+ modulegoo kernel/net/ipv4/ipip.o netif_rx
+ set +x
2.2.16-22
2.2.16-22enterprise
2.2.4
2.4.4
2.4.5
+ _________________________ kern.debug
+ test -f /var/log/kern.debug
+ _________________________ klog
+ sed -n '299,$p' /var/log/messages
+ egrep -i 'ipsec|klips|pluto'
+ cat
May 23 160340 etri 5월 23 160340 ipsec_setup Starting FreeS/WAN IPsec 1.97...
May 23 160340 etri kernel klips_infoipsec_init KLIPS startup, FreeS/WAN IPSec version 1.97
May 23 160340 etri ipsec_setup KLIPS debug `none'
May 23 160340 etri ipsec_setup KLIPS ipsec0 on eth1 192.168.0.1/255.255.255.0 broadcast 192.168.0.255
May 23 160340 etri ipsec_setup ...FreeS/WAN IPsec started
May 23 160341 etri ipsec__plutorun ipsec_auto fatal error in "sample" connection has no "left" parameter specified
+ _________________________ plog
+ sed -n '4662,$p' /var/log/secure
+ egrep -i pluto
+ cat
May 23 160340 etri ipsec__plutorun Starting Pluto subsystem...
May 23 160340 etri Pluto[1525] Starting Pluto (FreeS/WAN Version 1.97)
May 23 160340 etri Pluto[1525] added connection description "mta"
May 23 160341 etri Pluto[1525] listening for IKE messages
May 23 160341 etri Pluto[1525] adding interface ipsec0/eth1 192.168.0.1
May 23 160341 etri Pluto[1525] loading secrets from "/etc/ipsec.secrets"
+ _________________________ date
+ date
Thu May 23 161116 KST 2002
etri
Thu May 23 161431 KST 2002
+ _________________________ version
+ ipsec --version
Linux FreeS/WAN 1.97
See `ipsec --copyright' for copyright information.
+ _________________________ proc/version
+ cat /proc/version
Linux version 2.4.5 (root@etri) (gcc version 2.96 20000731 (Red Hat Linux 7.0)) #6 SMP 수 5월 22 110148 KST 2002
+ _________________________ proc/net/ipsec_eroute
+ sort +3 /proc/net/ipsec_eroute
+ _________________________ proc/net/ipsec_spi
+ cat /proc/net/ipsec_spi
+ _________________________ proc/net/ipsec_spigrp
+ cat /proc/net/ipsec_spigrp
+ _________________________ netstart-rn
+ netstat -nr
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
255.255.255.255 0.0.0.0 255.255.255.255 UH 40 0 0 eth0
203.252.165.0 0.0.0.0 255.255.255.0 U 40 0 0 eth0
192.168.0.0 0.0.0.0 255.255.255.0 U 40 0 0 eth1
192.168.0.0 0.0.0.0 255.255.255.0 U 40 0 0 ipsec0
127.0.0.0 0.0.0.0 255.0.0.0 U 40 0 0 lo
0.0.0.0 203.252.165.254 0.0.0.0 UG 40 0 0 eth0
0.0.0.0 203.252.165.254 0.0.0.0 UG 40 0 0 eth0
+ _________________________ proc/net/ipsec_tncfg
+ cat /proc/net/ipsec_tncfg
ipsec0 -> eth1 mtu=16260(1500) -> 1500
ipsec1 -> NULL mtu=0(0) -> 0
ipsec2 -> NULL mtu=0(0) -> 0
ipsec3 -> NULL mtu=0(0) -> 0
+ _________________________ proc/net/pf_key
+ cat /proc/net/pf_key
sock pid socket next prev e n p sndbf Flags Type St
c1c5d8a0 1525 c1a1facc 0 0 0 0 2 65535 00000000 3 1
+ _________________________ proc/net/pf_key-star
+ cd /proc/net
+ egrep '^' pf_key_registered pf_key_supported
pf_key_registeredsatype socket pid sk
pf_key_registered 2 c1a1facc 1525 c1c5d8a0
pf_key_registered 3 c1a1facc 1525 c1c5d8a0
pf_key_registered 9 c1a1facc 1525 c1c5d8a0
pf_key_registered 10 c1a1facc 1525 c1c5d8a0
pf_key_supportedsatype exttype alg_id ivlen minbits maxbits
pf_key_supported 2 14 3 0 160 160
pf_key_supported 2 14 2 0 128 128
pf_key_supported 3 15 3 128 168 168
pf_key_supported 3 14 3 0 160 160
pf_key_supported 3 14 2 0 128 128
pf_key_supported 9 15 1 0 32 32
pf_key_supported 10 15 2 0 1 1
+ _________________________ proc/sys/net/ipsec-star
+ cd /proc/sys/net/ipsec
+ egrep '^' debug_ah debug_eroute debug_esp debug_ipcomp debug_netlink debug_pfkey debug_radij debug_rcv debug_spi debug_tunnel
debug_verbose debug_xform icmp inbound_policy_check tos
debug_ah0
debug_eroute0
debug_esp0
debug_ipcomp0
debug_netlink0
debug_pfkey0
debug_radij0
debug_rcv0
debug_spi0
debug_tunnel0
debug_verbose0
debug_xform0
icmp1
inbound_policy_check1
tos1
+ _________________________ ipsec/status
+ ipsec auto --status
000 interface ipsec0/eth1 192.168.0.1
000
000 "mta" 192.168.0.1...192.168.0.5
000 "mta" ike_life 3600s; ipsec_life 28800s; rekey_margin 540s; rekey_fuzz 100%; keyingtries 3
000 "mta" policy PSK+ENCRYPT+TUNNEL+PFS+DISABLEARRIVALCHECK+DONTREKEY; interface eth1; unrouted
000 "mta" newest ISAKMP SA #0; newest IPsec SA #0; eroute owner #0
000
000 #1 "mta" STATE_MAIN_I1 (sent MI1, expecting MR1); EVENT_RETRANSMIT in 20s
+ _________________________ ifconfig-a
+ ifconfig -a
eth0 Link encapEthernet HWaddr 00010244C836
inet addr203.252.165.156 Bcast203.252.165.255 Mask255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU1500 Metric1
RX packets3349 errors0 dropped0 overruns0 frame0
TX packets123 errors0 dropped0 overruns0 carrier0
collisions0 txqueuelen100
Interrupt9 Base address0x3c00

eth1 Link encapEthernet HWaddr 00E04CCF0769
inet addr192.168.0.1 Bcast192.168.0.255 Mask255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU1500 Metric1
RX packets142 errors0 dropped0 overruns0 frame0
TX packets113 errors0 dropped0 overruns0 carrier0
collisions0 txqueuelen100
Interrupt11 Base address0xe400

ipsec0 Link encapEthernet HWaddr 00E04CCF0769
inet addr192.168.0.1 Mask255.255.255.0
UP RUNNING NOARP MTU16260 Metric1
RX packets0 errors0 dropped0 overruns0 frame0
TX packets0 errors0 dropped0 overruns0 carrier0
collisions0 txqueuelen10

ipsec1 Link encapIPIP Tunnel HWaddr
NOARP MTU0 Metric1
RX packets0 errors0 dropped0 overruns0 frame0
TX packets0 errors0 dropped0 overruns0 carrier0
collisions0 txqueuelen10

ipsec2 Link encapIPIP Tunnel HWaddr
NOARP MTU0 Metric1
RX packets0 errors0 dropped0 overruns0 frame0
TX packets0 errors0 dropped0 overruns0 carrier0
collisions0 txqueuelen10

ipsec3 Link encapIPIP Tunnel HWaddr
NOARP MTU0 Metric1
RX packets0 errors0 dropped0 overruns0 frame0
TX packets0 errors0 dropped0 overruns0 carrier0
collisions0 txqueuelen10

lo Link encapLocal Loopback
inet addr127.0.0.1 Mask255.0.0.0
UP LOOPBACK RUNNING MTU16436 Metric1
RX packets6 errors0 dropped0 overruns0 frame0
TX packets6 errors0 dropped0 overruns0 carrier0
collisions0 txqueuelen0

tunl0 Link encapIPIP Tunnel HWaddr
NOARP MTU1480 Metric1
RX packets0 errors0 dropped0 overruns0 frame0
TX packets0 errors0 dropped0 overruns0 carrier0
collisions0 txqueuelen0

+ _________________________ ipsec/directory
+ ipsec --directory
/usr/local/lib/ipsec
+ _________________________ hostname/fqdn
+ hostname --fqdn
etri
+ _________________________ hostname/ipaddress
+ hostname --ip-address
203.252.165.156
+ _________________________ uptime
+ uptime
414pm up 15 min, 2 users, load average 0.01, 0.06, 0.07
+ _________________________ ps
+ ps alxwf
+ egrep -i 'ppid|pluto|ipsec|klips'
F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME COMMAND
000 0 2019 1098 9 0 1900 916 wait4 S pts/0 000 \_ /bin/sh /usr/local/sbin/ipsec barf
000 0 2020 2019 12 0 1920 956 wait4 S pts/0 000 \_ /bin/sh /usr/local/lib/ipsec/barf
000 0 2060 2020 12 0 1396 480 pipe_w S pts/0 000 \_ egrep -i ppid|pluto|ipsec|klips
040 0 1522 1 9 0 1904 928 wait4 S pts/0 000 /bin/sh /usr/local/lib/ipsec/_plutorun --debug --uniqueids --
040 0 1523 1522 9 0 1904 928 wait4 S pts/0 000 \_ /bin/sh /usr/local/lib/ipsec/_plutorun --debug --uniqueids
100 0 1525 1523 9 0 1900 812 do_sel S pts/0 000 | \_ /usr/local/lib/ipsec/pluto --nofork
000 0 1527 1525 9 0 1372 348 do_sel S pts/0 000 | \_ _pluto_adns 7 10
000 0 1524 1522 8 0 1888 920 pipe_w S pts/0 000 \_ /bin/sh /usr/local/lib/ipsec/_plutoload --load %search --st
000 0 1526 1 9 0 1312 512 pipe_w S pts/0 000 logger -p daemon.error -t ipsec__plutorun
+ _________________________ ipsec/showdefaults
+ ipsec showdefaults
#dr no default route
# no default route
# no default route
+ _________________________ ipsec/conf
+ ipsec _include /etc/ipsec.conf
+ ipsec _keycensor

#< /etc/ipsec.conf 1
# /etc/ipsec.conf - FreeS/WAN IPsec configuration file

# More elaborate and more varied sample configurations can be found
# in FreeS/WAN's doc/examples file, and in the HTML documentation.

# basic configuration
config setup
# THIS SETTING MUST BE CORRECT or almost nothing will work;
# %defaultroute is okay for most simple cases.
interfaces="ipsec0=eth1"
# Use auto= parameters in conn descriptions to control startup actions.
plutoload=%search
plutostart=%search
# Close down old connection when new one using same ID shows up.
# uniqueids=yes

# defaults for subsequent connection descriptions
# (these defaults will soon go away)
conn %default
authby=secret
auto=add

# connection description for opportunistic encryption
# (requires KEY record in your DNS reverse map; see doc/opportunism.howto)
conn mta
left=192.168.0.1
right=192.168.0.5
#rightsasigkey=[sums to 3a95...]
#rightsasigkey=[sums to 3a95...]
auto=add
rekey=no
keyexchange=ike
# for initiator only OE, uncomment and uncomment this
# after putting your key in your forward map
#leftid=@myhostname.example.com
# uncomment this next line to enable it
#auto=route
authby=secret
keylife=8h
pfs=yes

# sample VPN connection
conn sample
# Left security gateway, subnet behind it, next hop toward right.
# left=10.0.0.1
# leftsubnet=172.16.0.0/24
# leftnexthop=10.22.33.44
# Right security gateway, subnet behind it, next hop toward left.
# right=10.12.12.1
# rightsubnet=192.168.0.0/24
# rightnexthop=10.101.102.103
# To authorize this connection, but not actually start it, at startup,
# uncomment this.
#auto=add
+ _________________________ ipsec/secrets
+ ipsec _include /etc/ipsec.secrets
+ ipsec _secretcensor

#< /etc/ipsec.secrets 1
# This file holds shared secrets or RSA private keys for inter-Pluto
# authentication. See ipsec_pluto(8) manpage, and HTML documentation.

# RSA private key for this host, authenticating it to any other host
# which knows the public part. Suitable public keys, for ipsec.conf, DNS,
# or configuration of other implementations, can be extracted conveniently
# with "[sums to ef67...]".
+ _________________________ ipsec/ls-dir
+ ls -l /usr/local/lib/ipsec
total 3844
-rwxr-xr-x 1 root root 11085 May 22 1038 _confread
-rwxr-xr-x 1 root root 11085 May 21 1648 _confread~
-rwxr-xr-x 1 root root 43178 May 22 1038 _copyright
-rwxr-xr-x 1 root root 43178 May 21 1648 _copyright~
-rwxr-xr-x 1 root root 2163 May 22 1038 _include
-rwxr-xr-x 1 root root 2163 May 21 1648 _include~
-rwxr-xr-x 1 root root 1472 May 22 1038 _keycensor
-rwxr-xr-x 1 root root 1472 May 21 1648 _keycensor~
-rwxr-xr-x 1 root root 66406 May 22 1038 _pluto_adns
-rwxr-xr-x 1 root root 66406 May 21 1648 _pluto_adns~
-rwxr-xr-x 1 root root 3495 May 22 1038 _plutoload
-rwxr-xr-x 1 root root 3495 May 21 1648 _plutoload~
-rwxr-xr-x 1 root root 4265 May 22 1038 _plutorun
-rwxr-xr-x 1 root root 4265 May 21 1648 _plutorun~
-rwxr-xr-x 1 root root 7294 May 22 1038 _realsetup
-rwxr-xr-x 1 root root 7294 May 21 1648 _realsetup~
-rwxr-xr-x 1 root root 1971 May 22 1038 _secretcensor
-rwxr-xr-x 1 root root 1971 May 21 1648 _secretcensor~
-rwxr-xr-x 1 root root 6839 May 22 1038 _startklips
-rwxr-xr-x 1 root root 6839 May 21 1648 _startklips~
-rwxr-xr-x 1 root root 5014 May 22 1038 _updown
-rwxr-xr-x 1 root root 5014 May 21 1648 _updown~
-rwxr-xr-x 1 root root 10912 May 22 1038 auto
-rwxr-xr-x 1 root root 10912 May 21 1648 auto~
-rwxr-xr-x 1 root root 7132 May 22 1038 barf
-rwxr-xr-x 1 root root 7132 May 21 1648 barf~
-rwxr-xr-x 1 root root 211431 May 22 1038 eroute
-rwxr-xr-x 1 root root 95381 May 22 1038 ikeping
-rwxr-xr-x 1 root root 95381 May 21 1648 ikeping~
-rwxr-xr-x 1 root root 2915 May 22 1038 ipsec
-rw-r--r-- 1 root root 1950 May 22 1038 ipsec_pr.template
-rwxr-xr-x 1 root root 2915 May 21 1648 ipsec~
-rwxr-xr-x 1 root root 157556 May 22 1038 klipsdebug
-rwxr-xr-x 1 root root 2437 May 22 1038 look
-rwxr-xr-x 1 root root 2437 May 21 1648 look~
-rwxr-xr-x 1 root root 16157 May 22 1038 manual
-rwxr-xr-x 1 root root 16157 May 21 1648 manual~
-rwxr-xr-x 1 root root 1847 May 22 1038 newhostkey
-rwxr-xr-x 1 root root 1847 May 21 1648 newhostkey~
-rwxr-xr-x 1 root root 139302 May 22 1038 pf_key
-rwxr-xr-x 1 root root 753881 May 22 1038 pluto
-rwxr-xr-x 1 root root 753881 May 21 1648 pluto~
-rwxr-xr-x 1 root root 49399 May 22 1038 ranbits
-rwxr-xr-x 1 root root 49399 May 21 1648 ranbits~
-rwxr-xr-x 1 root root 76336 May 22 1038 rsasigkey
-rwxr-xr-x 1 root root 76336 May 21 1648 rsasigkey~
-rwxr-xr-x 1 root root 16671 May 22 1038 send-pr
-rwxr-xr-x 1 root root 16671 May 21 1648 send-pr~
lrwxrwxrwx 1 root root 22 May 22 1038 setup -> /etc/rc.d/init.d/ipsec
-rwxr-xr-x 1 root root 1041 May 22 1038 showdefaults
-rwxr-xr-x 1 root root 1041 May 21 1648 showdefaults~
-rwxr-xr-x 1 root root 3484 May 22 1038 showhostkey
-rwxr-xr-x 1 root root 3484 May 21 1648 showhostkey~
-rwxr-xr-x 1 root root 232504 May 22 1038 spi
-rwxr-xr-x 1 root root 190599 May 22 1038 spigrp
-rwxr-xr-x 1 root root 71331 May 22 1038 tncfg
-rwxr-xr-x 1 root root 93148 May 22 1038 uml_netjig
-rwxr-xr-x 1 root root 129799 May 22 1038 whack
-rwxr-xr-x 1 root root 129799 May 21 1648 whack~
+ _________________________ ipsec/updowns
++ ls /usr/local/lib/ipsec
++ egrep updown
+ cat /usr/local/lib/ipsec/_updown
#! /bin/sh
# default updown script
# Copyright (C) 2000, 2001 D. Hugh Redelmeier, Henry Spencer
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 2 of the License, or (at your
# option) any later version. See .
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
# for more details.
#
# RCSID $Id _updown,v 1.19 2002/03/25 180442 henry Exp $

# CAUTION Installing a new version of FreeS/WAN will install a new
# copy of this script, wiping out any custom changes you make. If
# you need changes, make a copy of this under another name, and customize
# that, and use the (left/right)updown parameters in ipsec.conf to make
# FreeS/WAN use yours instead of this default one.

# check interface version
case "$PLUTO_VERSION" in
1.[0]) # Older Pluto?!? Play it safe, script may be using new features.
echo "$0 obsolete interface version \`$PLUTO_VERSION'," >&2
echo "$0 called by obsolete Pluto?" >&2
exit 2
;;
1.*) ;;
*) echo "$0 unknown interface version \`$PLUTO_VERSION'" >&2
exit 2
;;
esac

# check parameter(s)
case "$1$*" in
'') # no parameters
;;
ipfwadmipfwadm) # due to (left/right)firewall; for default script only
;;
custom*) # custom parameters (see above CAUTION comment)
;;
*) echo "$0 unknown parameters \`$*'" >&2
exit 2
;;
esac

# utility functions for route manipulation
# Meddling with this stuff should not be necessary and requires great care.
uproute() {
doroute add
}
downroute() {
doroute del
}
doroute() {
parms="-net $PLUTO_PEER_CLIENT_NET netmask $PLUTO_PEER_CLIENT_MASK"
parms2="dev $PLUTO_INTERFACE gw $PLUTO_NEXT_HOP"
case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in
"0.0.0.0/0.0.0.0")
# horrible kludge for obscure routing bug with opportunistic
it="route $1 -net 0.0.0.0 netmask 128.0.0.0 $parms2 &&
route $1 -net 128.0.0.0 netmask 128.0.0.0 $parms2"
;;
*) it="route $1 $parms $parms2"
;;
esac
eval $it
st=$?
if test $st -ne 0
then
# route has already given its own cryptic message
echo "$0 \`$it' failed" >&2
if test " $1 $st" = " add 7"
then
# another totally undocumented interface -- 7 and
# "SIOCADDRT Network is unreachable" means that
# the gateway isn't reachable.
echo "$0 (incorrect or missing nexthop setting??)" >&2
fi
fi
return $st
}

# the big choice
case "$PLUTO_VERB$1" in
prepare-host*|prepare-client*)
# delete possibly-existing route (preliminary to adding a route)
case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in
"0.0.0.0/0.0.0.0")
# horrible kludge for obscure routing bug with opportunistic
it="route del -net 0.0.0.0 netmask 128.0.0.0 2>&1 ;
route del -net 128.0.0.0 netmask 128.0.0.0 2>&1"
;;
*)
it="route del -net $PLUTO_PEER_CLIENT_NET \
netmask $PLUTO_PEER_CLIENT_MASK 2>&1"
;;
esac
oops="`eval $it`"
status="$?"
if test " $oops" = " " -a " $status" != " 0"
then
oops="silent error, exit status $status"
fi
case "$oops" in
'SIOCDELRT No such process'*)
# This is what route (currently -- not documented!) gives
# for "could not find such a route".
oops=
status=0
;;
esac
if test " $oops" != " " -o " $status" != " 0"
then
echo "$0 \`$it' failed ($oops)" >&2
fi
exit $status
;;
route-host*|route-client*)
# connection to me or my client subnet being routed
uproute
;;
unroute-host*|unroute-client*)
# connection to me or my client subnet being unrouted
downroute
;;
up-host*)
# connection to me coming up
# If you are doing a custom version, firewall commands go here.
;;
down-host*)
# connection to me going down
# If you are doing a custom version, firewall commands go here.
;;
up-client)
# connection to my client subnet coming up
# If you are doing a custom version, firewall commands go here.
;;
down-client)
# connection to my client subnet going down
# If you are doing a custom version, firewall commands go here.
;;
up-clientipfwadm)
# connection to client subnet, with (left/right)firewall=yes, coming up
# This is used only by the default updown script, not by your custom
# ones, so do not mess with it; see CAUTION comment up at top.
ipfwadm -F -i accept -b -S $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \
-D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK
;;
down-clientipfwadm)
# connection to client subnet, with (left/right)firewall=yes, going down
# This is used only by the default updown script, not by your custom
# ones, so do not mess with it; see CAUTION comment up at top.
ipfwadm -F -d accept -b -S $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \
-D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK
;;
*) echo "$0 unknown verb \`$PLUTO_VERB' or parameter \`$1'" >&2
exit 1
;;
esac
+ cat /usr/local/lib/ipsec/_updown~
#! /bin/sh
# default updown script
# Copyright (C) 2000, 2001 D. Hugh Redelmeier, Henry Spencer
#
# This program is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by the
# Free Software Foundation; either version 2 of the License, or (at your
# option) any later version. See .
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
# for more details.
#
# RCSID $Id _updown,v 1.19 2002/03/25 180442 henry Exp $

# CAUTION Installing a new version of FreeS/WAN will install a new
# copy of this script, wiping out any custom changes you make. If
# you need changes, make a copy of this under another name, and customize
# that, and use the (left/right)updown parameters in ipsec.conf to make
# FreeS/WAN use yours instead of this default one.

# check interface version
case "$PLUTO_VERSION" in
1.[0]) # Older Pluto?!? Play it safe, script may be using new features.
echo "$0 obsolete interface version \`$PLUTO_VERSION'," >&2
echo "$0 called by obsolete Pluto?" >&2
exit 2
;;
1.*) ;;
*) echo "$0 unknown interface version \`$PLUTO_VERSION'" >&2
exit 2
;;
esac

# check parameter(s)
case "$1$*" in
'') # no parameters
;;
ipfwadmipfwadm) # due to (left/right)firewall; for default script only
;;
custom*) # custom parameters (see above CAUTION comment)
;;
*) echo "$0 unknown parameters \`$*'" >&2
exit 2
;;
esac

# utility functions for route manipulation
# Meddling with this stuff should not be necessary and requires great care.
uproute() {
doroute add
}
downroute() {
doroute del
}
doroute() {
parms="-net $PLUTO_PEER_CLIENT_NET netmask $PLUTO_PEER_CLIENT_MASK"
parms2="dev $PLUTO_INTERFACE gw $PLUTO_NEXT_HOP"
case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in
"0.0.0.0/0.0.0.0")
# horrible kludge for obscure routing bug with opportunistic
it="route $1 -net 0.0.0.0 netmask 128.0.0.0 $parms2 &&
route $1 -net 128.0.0.0 netmask 128.0.0.0 $parms2"
;;
*) it="route $1 $parms $parms2"
;;
esac
eval $it
st=$?
if test $st -ne 0
then
# route has already given its own cryptic message
echo "$0 \`$it' failed" >&2
if test " $1 $st" = " add 7"
then
# another totally undocumented interface -- 7 and
# "SIOCADDRT Network is unreachable" means that
# the gateway isn't reachable.
echo "$0 (incorrect or missing nexthop setting??)" >&2
fi
fi
return $st
}

# the big choice
case "$PLUTO_VERB$1" in
prepare-host*|prepare-client*)
# delete possibly-existing route (preliminary to adding a route)
case "$PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK" in
"0.0.0.0/0.0.0.0")
# horrible kludge for obscure routing bug with opportunistic
it="route del -net 0.0.0.0 netmask 128.0.0.0 2>&1 ;
route del -net 128.0.0.0 netmask 128.0.0.0 2>&1"
;;
*)
it="route del -net $PLUTO_PEER_CLIENT_NET \
netmask $PLUTO_PEER_CLIENT_MASK 2>&1"
;;
esac
oops="`eval $it`"
status="$?"
if test " $oops" = " " -a " $status" != " 0"
then
oops="silent error, exit status $status"
fi
case "$oops" in
'SIOCDELRT No such process'*)
# This is what route (currently -- not documented!) gives
# for "could not find such a route".
oops=
status=0
;;
esac
if test " $oops" != " " -o " $status" != " 0"
then
echo "$0 \`$it' failed ($oops)" >&2
fi
exit $status
;;
route-host*|route-client*)
# connection to me or my client subnet being routed
uproute
;;
unroute-host*|unroute-client*)
# connection to me or my client subnet being unrouted
downroute
;;
up-host*)
# connection to me coming up
# If you are doing a custom version, firewall commands go here.
;;
down-host*)
# connection to me going down
# If you are doing a custom version, firewall commands go here.
;;
up-client)
# connection to my client subnet coming up
# If you are doing a custom version, firewall commands go here.
;;
down-client)
# connection to my client subnet going down
# If you are doing a custom version, firewall commands go here.
;;
up-clientipfwadm)
# connection to client subnet, with (left/right)firewall=yes, coming up
# This is used only by the default updown script, not by your custom
# ones, so do not mess with it; see CAUTION comment up at top.
ipfwadm -F -i accept -b -S $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \
-D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK
;;
down-clientipfwadm)
# connection to client subnet, with (left/right)firewall=yes, going down
# This is used only by the default updown script, not by your custom
# ones, so do not mess with it; see CAUTION comment up at top.
ipfwadm -F -d accept -b -S $PLUTO_MY_CLIENT_NET/$PLUTO_MY_CLIENT_MASK \
-D $PLUTO_PEER_CLIENT_NET/$PLUTO_PEER_CLIENT_MASK
;;
*) echo "$0 unknown verb \`$PLUTO_VERB' or parameter \`$1'" >&2
exit 1
;;
esac
+ _________________________ proc/net/dev
+ cat /proc/net/dev
Inter-| Receive | Transmit
face |bytes packets errs drop fifo frame compressed multicast|bytes packets errs drop fifo colls carrier compressed
lo 420 6 0 0 0 0 0 0 420 6 0 0 0 0 0 0
eth0 734362 3349 0 0 0 0 0 0 12328 123 0 0 0 0 0 0
tunl0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
eth1 14541 142 0 0 0 0 0 0 50756 113 0 0 0 0 0 0
ipsec0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
ipsec1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
ipsec2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
ipsec3 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
+ _________________________ proc/net/route
+ cat /proc/net/route
Iface Destination Gateway Flags RefCnt Use Metric Mask MTU Window
IRTT
eth0 FFFFFFFF 00000000 0005 0 0 0 FFFFFFFF 40 0
0
eth0 00A5FCCB 00000000 0001 0 0 0 00FFFFFF 40 0
0
eth1 0000A8C0 00000000 0001 0 0 0 00FFFFFF 40 0
0
ipsec0 0000A8C0 00000000 0001 0 0 0 00FFFFFF 40 0
0
lo 0000007F 00000000 0001 0 0 0 000000FF 40 0
0
eth0 00000000 FEA5FCCB 0003 0 0 0 00000000 40 0
0
eth0 00000000 FEA5FCCB 0003 0 0 1 00000000 40 0
0
+ _________________________ proc/sys/net/ipv4/ip_forward
+ cat /proc/sys/net/ipv4/ip_forward
1
+ _________________________ proc/sys/net/ipv4/conf/star-rp_filter
+ cd /proc/sys/net/ipv4/conf
+ egrep '^' all/rp_filter default/rp_filter eth0/rp_filter eth1/rp_filter ipsec0/rp_filter lo/rp_filter
all/rp_filter1
default/rp_filter0
eth0/rp_filter0
eth1/rp_filter0
ipsec0/rp_filter0
lo/rp_filter0
+ _________________________ uname-a
+ uname -a
Linux etri 2.4.5 #6 SMP 수 5월 22 110148 KST 2002 i686 unknown
+ _________________________ redhat-release
+

Forums: 
설치 및 활용 QnA

댓글 달기

텍스트 포맷에 대한 자세한 정보

Filtered HTML

  • 텍스트에 BBCode 태그를 사용할 수 있습니다. URL은 자동으로 링크 됩니다.
  • 사용할 수 있는 HTML 태그: <p><div><span><br><a><em><strong><del><ins><b><i><u><s><pre><code><cite><blockquote><ul><ol><li><dl><dt><dd><table><tr><td><th><thead><tbody><h1><h2><h3><h4><h5><h6><img><embed><object><param><hr>
  • 다음 태그를 이용하여 소스 코드 구문 강조를 할 수 있습니다: <code>, <blockcode>, <apache>, <applescript>, <autoconf>, <awk>, <bash>, <c>, <cpp>, <css>, <diff>, <drupal5>, <drupal6>, <gdb>, <html>, <html5>, <java>, <javascript>, <ldif>, <lua>, <make>, <mysql>, <perl>, <perl6>, <php>, <pgsql>, <proftpd>, <python>, <reg>, <spec>, <ruby>. 지원하는 태그 형식: <foo>, [foo].
  • web 주소와/이메일 주소를 클릭할 수 있는 링크로 자동으로 바꿉니다.

BBCode

  • 텍스트에 BBCode 태그를 사용할 수 있습니다. URL은 자동으로 링크 됩니다.
  • 다음 태그를 이용하여 소스 코드 구문 강조를 할 수 있습니다: <code>, <blockcode>, <apache>, <applescript>, <autoconf>, <awk>, <bash>, <c>, <cpp>, <css>, <diff>, <drupal5>, <drupal6>, <gdb>, <html>, <html5>, <java>, <javascript>, <ldif>, <lua>, <make>, <mysql>, <perl>, <perl6>, <php>, <pgsql>, <proftpd>, <python>, <reg>, <spec>, <ruby>. 지원하는 태그 형식: <foo>, [foo].
  • 사용할 수 있는 HTML 태그: <p><div><span><br><a><em><strong><del><ins><b><i><u><s><pre><code><cite><blockquote><ul><ol><li><dl><dt><dd><table><tr><td><th><thead><tbody><h1><h2><h3><h4><h5><h6><img><embed><object><param>
  • web 주소와/이메일 주소를 클릭할 수 있는 링크로 자동으로 바꿉니다.

Textile

  • 다음 태그를 이용하여 소스 코드 구문 강조를 할 수 있습니다: <code>, <blockcode>, <apache>, <applescript>, <autoconf>, <awk>, <bash>, <c>, <cpp>, <css>, <diff>, <drupal5>, <drupal6>, <gdb>, <html>, <html5>, <java>, <javascript>, <ldif>, <lua>, <make>, <mysql>, <perl>, <perl6>, <php>, <pgsql>, <proftpd>, <python>, <reg>, <spec>, <ruby>. 지원하는 태그 형식: <foo>, [foo].
  • You can use Textile markup to format text.
  • 사용할 수 있는 HTML 태그: <p><div><span><br><a><em><strong><del><ins><b><i><u><s><pre><code><cite><blockquote><ul><ol><li><dl><dt><dd><table><tr><td><th><thead><tbody><h1><h2><h3><h4><h5><h6><img><embed><object><param><hr>

Markdown

  • 다음 태그를 이용하여 소스 코드 구문 강조를 할 수 있습니다: <code>, <blockcode>, <apache>, <applescript>, <autoconf>, <awk>, <bash>, <c>, <cpp>, <css>, <diff>, <drupal5>, <drupal6>, <gdb>, <html>, <html5>, <java>, <javascript>, <ldif>, <lua>, <make>, <mysql>, <perl>, <perl6>, <php>, <pgsql>, <proftpd>, <python>, <reg>, <spec>, <ruby>. 지원하는 태그 형식: <foo>, [foo].
  • Quick Tips:
    • Two or more spaces at a line's end = Line break
    • Double returns = Paragraph
    • *Single asterisks* or _single underscores_ = Emphasis
    • **Double** or __double__ = Strong
    • This is [a link](http://the.link.example.com "The optional title text")
    For complete details on the Markdown syntax, see the Markdown documentation and Markdown Extra documentation for tables, footnotes, and more.
  • web 주소와/이메일 주소를 클릭할 수 있는 링크로 자동으로 바꿉니다.
  • 사용할 수 있는 HTML 태그: <p><div><span><br><a><em><strong><del><ins><b><i><u><s><pre><code><cite><blockquote><ul><ol><li><dl><dt><dd><table><tr><td><th><thead><tbody><h1><h2><h3><h4><h5><h6><img><embed><object><param><hr>

Plain text

  • HTML 태그를 사용할 수 없습니다.
  • web 주소와/이메일 주소를 클릭할 수 있는 링크로 자동으로 바꿉니다.
  • 줄과 단락은 자동으로 분리됩니다.
댓글 첨부 파일
이 댓글에 이미지나 파일을 업로드 합니다.
파일 크기는 8 MB보다 작아야 합니다.
허용할 파일 형식: txt pdf doc xls gif jpg jpeg mp3 png rar zip.
CAPTCHA
이것은 자동으로 스팸을 올리는 것을 막기 위해서 제공됩니다.