[ previous ] [ next ] [ threads ]
 
 From:  Sifter <sifter at ownzu dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  IPsec Logging
 Date:  Wed, 12 Jan 2005 00:02:29 -0800
I have a site to site IPsec tunnel right now going to another location.  
Can I add any kind of logging that will allow me to see what IP 
addresses or hostnames are connecting to my resources on this end?  Im 
running the latest beta build on both boxes.  Since I have allowed 
access to pretty much my whole lan, it would be nice to be able to see 
not just the public IP addresses and the established tunnel, but also 
the internal machines that are using the tunnel.

racoon.conf

path pre_shared_key "/var/etc/psk.txt";

remote 67.X.X.X {
	exchange_mode aggressive;
	my_identifier fqdn "domain.com";
	peers_identifier address 67.X.X.X;
	initial_contact on;
	support_proxy on;
	proposal_check obey;

	proposal {
		encryption_algorithm blowfish;
		hash_algorithm sha1;
		authentication_method pre_shared_key;
		dh_group 2;
		lifetime time 2880 secs;
	}
	lifetime time 2880 secs;
}

sainfo address 10.0.0.0/24 any address 10.5.0.0/16 any {
	encryption_algorithm blowfish;
	authentication_algorithm hmac_sha1;
	compression_algorithm deflate;
	pfs_group 2;
	lifetime time 86400 secs;
}
      

SPD

10.0.0.0/24[any] 10.0.0.1[any] any
	in none
	spid=17 seq=3 pid=9484
	refcnt=1
10.5.0.0/16[any] 10.0.0.0/24[any] any
	in ipsec
	esp/tunnel/67.X.X.X-24.X.X.X/unique#16394
	spid=20 seq=2 pid=9484
	refcnt=1
10.0.0.1[any] 10.0.0.0/24[any] any
	out none
	spid=18 seq=1 pid=9484
	refcnt=1
10.0.0.0/24[any] 10.5.0.0/16[any] any
	out ipsec
	esp/tunnel/24.X.X.X-67.X.X.X/unique#16393
	spid=19 seq=0 pid=9484
	refcnt=1

SAD

24.X.X.X 67.X.X.X
	esp mode=tunnel spi=241127912(0x0e5f51e8) reqid=16391(0x00004007)
	E: blowfish-cbc  9c5a25e0 34f20c83 55fb3e78 981ee1a0
	A: hmac-sha1  79631e55 44ed74c7 7e56878f 0ff752a3 5d2b0a1c
	seq=0x00000000 replay=4 flags=0x00000000 state=mature
	created: Jan 11 21:01:15 2005	current: Jan 11 23:55:46 2005
	diff: 10471(s)	hard: 86400(s)	soft: 69120(s)
	last:                     	hard: 0(s)	soft: 0(s)
	current: 0(bytes)	hard: 0(bytes)	soft: 0(bytes)
	allocated: 0	hard: 0	soft: 0
	sadb_seq=3 pid=9486 refcnt=1
24.X.X.X 67.X.X.X
	esp mode=tunnel spi=224344122(0x0d5f383a) reqid=16393(0x00004009)
	E: blowfish-cbc  86de33ef 8856e8c1 cd380e05 1e3d2cd2
	A: hmac-sha1  e5198a4f 6f7c4d5e e7528ab4 3cd64a4f a51aaff5
	seq=0x0000c76c replay=4 flags=0x00000000 state=mature
	created: Jan 11 21:01:14 2005	current: Jan 11 23:55:46 2005
	diff: 10472(s)	hard: 86400(s)	soft: 69120(s)
	last: Jan 11 23:46:04 2005	hard: 0(s)	soft: 0(s)
	current: 32894672(bytes)	hard: 0(bytes)	soft: 0(bytes)
	allocated: 51052	hard: 0	soft: 0
	sadb_seq=2 pid=9486 refcnt=2
67.X.X.X 24.X.X.X
	esp mode=tunnel spi=91754349(0x05780f6d) reqid=16392(0x00004008)
	E: blowfish-cbc  8c5c4f9c d6f47dd1 5d3f527a a5a5e0d1
	A: hmac-sha1  c3c5c483 9f1a3641 5aea3043 59cf34b6 d0d91c3a
	seq=0x00000000 replay=4 flags=0x00000000 state=mature
	created: Jan 11 21:01:15 2005	current: Jan 11 23:55:46 2005
	diff: 10471(s)	hard: 86400(s)	soft: 69120(s)
	last:                     	hard: 0(s)	soft: 0(s)
	current: 0(bytes)	hard: 0(bytes)	soft: 0(bytes)
	allocated: 0	hard: 0	soft: 0
	sadb_seq=1 pid=9486 refcnt=1
67.X.X.X 24.X.X.X
	esp mode=tunnel spi=3651265(0x0037b6c1) reqid=16394(0x0000400a)
	E: blowfish-cbc  e6654bae 9d016581 a6811463 e2ef51e1
	A: hmac-sha1  5d7ceb6d e1ab52c3 d8435ccf ad99d782 975333c2
	seq=0x00000000 replay=4 flags=0x00000000 state=mature
	created: Jan 11 21:01:14 2005	current: Jan 11 23:55:46 2005
	diff: 10472(s)	hard: 86400(s)	soft: 69120(s)
	last: Jan 11 23:46:04 2005	hard: 0(s)	soft: 0(s)
	current: 30241170(bytes)	hard: 0(bytes)	soft: 0(bytes)
	allocated: 49155	hard: 0	soft: 0
	sadb_seq=0 pid=9486 refcnt=1

.  


-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.300 / Virus Database: 265.6.10 - Release Date: 1/10/2005