C.J. Collier cjac

As-Yet-Undisputed Benevolent Dictator For Life of Cascadia, North America

cjac / gist:63e624cb98763bfd6a5f0d6c76634f3c

Created October 19, 2016 19:05

	PS /usr/src/git/github/powershell> Find-Module PackageManagement

	Version Name Repository Description
	------- ---- ---------- -----------
	1.1.0.0 PackageManagement PSGallery PackageManagement (a.k.a. OneGet) is a new way to discover and install software packages from around the web. ...

cjac / gist:2ebd8d4e4e29af3b9ca4be7c0f931c5d

Created October 28, 2016 00:23

	Oct 27 17:23:20 edge charon: 16[NET] received packet: from 98.125.70.182[500] to 208.115.126.77[500] (164 bytes)
	Oct 27 17:23:20 edge charon: 16[ENC] parsed ID_PROT request 0 [ SA V V ]
	Oct 27 17:23:20 edge charon: 16[IKE] received Cisco Unity vendor ID
	Oct 27 17:23:20 edge charon: 16[IKE] received DPD vendor ID
	Oct 27 17:23:20 edge charon: 16[IKE] 98.125.70.182 is initiating a Main Mode IKE_SA
	Oct 27 17:23:20 edge charon: 16[ENC] generating ID_PROT response 0 [ SA V V ]
	Oct 27 17:23:20 edge charon: 16[NET] sending packet: from 208.115.126.77[500] to 98.125.70.182[500] (120 bytes)
	Oct 27 17:23:24 edge charon: 06[NET] received packet: from 98.125.70.182[500] to 208.115.126.77[500] (444 bytes)
	Oct 27 17:23:24 edge charon: 06[ENC] parsed ID_PROT request 0 [ KE No ]
	Oct 27 17:23:24 edge charon: 06[ENC] generating ID_PROT response 0 [ KE No ]

cjac / gist:4052f5c2b45e27c3ed92da8e126e81ef

Created October 28, 2016 00:25

	conn cabin
	keyexchange=ikev1
	leftcert=edge.colliertech.org-cert.pem
	[email protected]
	left=208.115.126.77
	leftsubnet=100.65.12.1/32
	rightcert=cabin.colliertech.org-cert.pem
	rightid="C=US, ST=Washington, L=Olga, O=Collier Technologies LLC, OU=Network Operations, CN=cabin.colliertech.org/[email protected]"
	rightsubnet=172.16.67.1/24
	rightsourceip=172.16.67.1/24

cjac / gist:f91479f01a53d63dd5ca4b0679025b14

Created October 28, 2016 00:43

	conn cabin
	keyexchange=ikev1
	leftcert=edge.colliertech.org-cert.pem
	[email protected]
	left=208.115.126.77
	leftsubnet=100.65.12.1/32
	leftauth=pubkey
	rightcert=cabin.colliertech.org-cert.pem
	rightid="C=US, ST=Washington, L=Olga, O=Collier Technologies LLC, OU=Network Operations, CN=cabin.colliertech.org/[email protected]"
	rightsubnet=172.16.67.1/24

cjac / gist:8de17197aaa9f92e1f68935339f1e97e

Created October 28, 2016 00:49

	Oct 27 17:46:00 edge charon: 00[DMN] signal of type SIGINT received. Shutting down
	Oct 27 17:46:00 edge charon: 00[IKE] deleting IKE_SA wanjet1[1] between 208.115.126.77[edge.colliertech.org]...104.36.247.62[wanjet1.colliertech.org]
	Oct 27 17:46:00 edge charon: 00[IKE] sending DELETE for IKE_SA wanjet1[1]
	Oct 27 17:46:00 edge charon: 00[ENC] generating INFORMATIONAL request 0 [ D ]
	Oct 27 17:46:00 edge charon: 00[NET] sending packet: from 208.115.126.77[500] to 104.36.247.62[500] (80 bytes)
	Oct 27 17:46:00 edge charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.5.0, Linux 4.4.0-1-amd64, x86_64)
	Oct 27 17:46:00 edge charon: 00[CFG] loading ca certificates from '/etc/ipsec.d/cacerts'
	Oct 27 17:46:00 edge charon: 00[CFG] loading aa certificates from '/etc/ipsec.d/aacerts'
	Oct 27 17:46:00 edge charon: 00[CFG] loading ocsp signer certificates from '/etc/ipsec.d/ocspcerts'
	Oct 27 17:46:00 edge charon: 00[CFG] loading attribute certificates from '/etc/ipsec.d/acerts'

cjac / gist:1bcca584c386e7c90fde168a5f833999

Created October 28, 2016 01:01

	Oct 27 18:00:59 edge charon: 15[CFG] looking for RSA signature peer configs matching 208.115.126.77...98.125.70.182[C=US, ST=Washington, L=Olga, O=Collier Technologies LLC, OU=Network Operations, CN=cabin.colliertech.org, [email protected]]
	Oct 27 18:00:59 edge charon: 15[CFG] peer config match local: 1 (ID_ANY)
	Oct 27 18:00:59 edge charon: 15[CFG] peer config match remote: 0 (ID_FQDN -> 43:3d:55:53:2c:20:53:54:3d:57:61:73:68:69:6e:67:74:6f:6e:2c:20:4c:3d:4f:6c:67:61:2c:20:4f:3d:43:6f:6c:6c:69:65:72:20:54:65:63:68:6e:6f:6c:6f:67:69:65:73:20:4c:4c:43:2c:20:4f:55:3d:4e:65:74:77:6f:72:6b:20:4f:70:65:72:61:74:69:6f:6e:73:2c:20:43:4e:3d:63:61:62:69:6e:2e:63:6f:6c:6c:69:65:72:74:65:63:68:2e:6f:72:67:2c:20:45:3d:6e:6f:63:40:63:6f:6c:6c:69:65:72:74:65:63:68:2e:6f:72:67)
	Oct 27 18:00:59 edge charon: 15[CFG] ike config match: 0 (208.115.126.77 98.125.70.182 IKEv1)
	Oct 27 18:00:59 edge charon: 15[CFG] peer config match local: 1 (ID_ANY)
	Oct 27 18:00:59 edge charon: 15[CFG] peer config match remote: 0 (ID_FQDN -> 43:

cjac / gist:0aaf881e27f845b608b139657b2b4636

Created October 28, 2016 01:51

	cjac@edge:~$ sudo ipsec statusall cabin
	Status of IKE charon daemon (strongSwan 5.5.0, Linux 4.4.0-1-amd64, x86_64):
	uptime: 4 minutes, since Oct 27 18:46:05 2016
	malloc: sbrk 1458176, mmap 0, used 394032, free 1064144
	worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 10
	loaded plugins: charon aes rc2 sha2 sha1 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark stroke updown
	Listening IP addresses:
	208.115.126.77
	2607:ff08:f5:0:ffff:ffff:ffff:ffff
	2607:ff08:f5:7::5

cjac / gist:122d18d964914c5f848bf65b36defd1e

Created October 28, 2016 02:25

	[[email protected]] > /ip ipsec installed-sa print
	Flags: A - AH, E - ESP
	0 E spi=0 src-address=192.168.1.39:8 dst-address=208.115.126.77 state=larval
	add-lifetime=0s/30s replay=0

	1 E spi=0x44B297E src-address=208.115.126.77 dst-address=192.168.1.39
	state=larval add-lifetime=0s/30s replay=0
	[[email protected]] > /ip ipsec remote-peers print
	0 local-address=192.168.1.39 remote-address=208.115.126.77 state=established
	side=initiator established=38m19s

cjac / gist:0832cc9d9f689341bbd9da048814f780

Created October 28, 2016 02:26

	[[email protected]] > /ip ipsec policy print
	Flags: T - template, X - disabled, D - dynamic, I - inactive, * - default
	0 T * group=default src-address=::/0 dst-address=::/0 protocol=all
	proposal=default template=yes

	1 ;;; cabin to seattle
	src-address=172.16.67.0/24 src-port=any dst-address=100.65.12.0/24
	dst-port=any protocol=all action=encrypt level=require
	ipsec-protocols=esp tunnel=yes sa-src-address=0.0.0.0
	sa-dst-address=208.115.126.77 proposal=default priority=0

cjac / gist:c047bcd84c21146f04e7a8faa231029f

Created October 28, 2016 02:26

	[[email protected]] > /ip ipsec proposal print
	Flags: X - disabled, * - default
	0 * name="default" auth-algorithms=sha512,sha256
	enc-algorithms=aes-256-cbc,aes-192-cbc,aes-128-cbc,aes-128-ctr
	lifetime=30m pfs-group=none