April 10, 2018 17:52 · April 11, 2018 20:07 · April 11, 2018 20:09 · April 11, 2018 20:12 · June 4, 2018 19:42 · June 4, 2018 20:09
 diff --git a/src/Setup.pl b/src/Setup.pl
 index a924d07..851b373 100644
 --- a/src/Setup.pl
 +++ b/src/Setup.pl
 @@ -109,13 +109,13 @@ sub setup {
     $param{'maxKeySize'}  ||= 30; # maximum LHS length
         $param{'maxDataSize'} ||= 200; # maximum total length
 
 -        if (!defined(@verb)) {
 +        if (!@verb) {
 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
 2: int: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 52:54:00:42:9e:e1 brd ff:ff:ff:ff:ff:ff
 3: loc: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 52:54:00:e6:24:58 brd ff:ff:ff:ff:ff:ff
 4: mbc: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 52:54:00:ab:1a:1b brd ff:ff:ff:ff:ff:ff
 5: six: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 52:54:00:b8:48:b9 brd ff:ff:ff:ff:ff:ff
 ==> /etc/systemd/network/10-int.link <==
 [Match]
 MACAddress=52:54:00:42:9e:e1

 [Link]
 Name=int

 ==> /etc/systemd/network/10-loc.link <==
 [Match]
 MACAddress=52:54:00:e6:24:58
 cjac@wanjet1:~$ grep -e six /etc/udev/rules.d/70-persistent-net.rules
 SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="52:54:00:b8:48:b9", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="six"
 # USB device 0x:0x (asix)
 SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?*", ATTR{address}=="52:54:00:b8:48:b9", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth*", NAME="six"
 ipcp-accept-local
 ipcp-accept-remote
 refuse-eap
 require-chap
 noccp
 noauth
 debug
 dump
 mtu 1280
 mru 1280
 root@build0:~# iptables-save | grep nflog
 -A PREROUTING -m policy --dir in --pol ipsec -j NFLOG --nflog-group 5
 -A POSTROUTING -m policy --dir out --pol ipsec -j NFLOG --nflog-group 5
 -A INPUT -m addrtype ! --dst-type LOCAL -m policy --dir in --pol ipsec -j NFLOG --nflog-group 5
 -A INPUT -m addrtype --dst-type LOCAL -m policy --dir in --pol ipsec -j NFLOG --nflog-group 5
 -A INPUT -p udp -m multiport --dports 500,4500 -j NFLOG --nflog-group 5
 -A INPUT -p ah -j NFLOG --nflog-group 5
 -A INPUT -p esp -j NFLOG --nflog-group 5
 -A OUTPUT -m policy --dir out --pol ipsec -j NFLOG --nflog-group 5
 -A OUTPUT -p udp -m multiport --dports 500,4500 -j NFLOG --nflog-group 5
 root@build0:~# iptables-save                                                                                                                          |
 # Generated by iptables-save v1.6.0 on Mon Jun  4 13:09:46 2018
 *mangle
 :PREROUTING ACCEPT [3377:505018]
 :INPUT ACCEPT [2933:319164]
 :FORWARD ACCEPT [0:0]
 :OUTPUT ACCEPT [2784:2661858]
 :POSTROUTING ACCEPT [2779:2661713]
 -A PREROUTING -m policy --dir in --pol ipsec -j NFLOG --nflog-group 5
 -A POSTROUTING -m policy --dir out --pol ipsec -j NFLOG --nflog-group 5
 cat > /etc/ipsec.conf <<EOF
 # ipsec.conf - strongSwan IPsec configuration file

 # basic configuration

 config setup
  # strictcrlpolicy=yes
  # uniqueids = no

 # Add connections here.
 root@build0:~# xl2tpd -D
 xl2tpd[27623]: setsockopt recvref[30]: Protocol not available
 xl2tpd[27623]: Using l2tp kernel support.
 xl2tpd[27623]: xl2tpd version xl2tpd-1.3.8 started on build0 PID:27623
 xl2tpd[27623]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
 xl2tpd[27623]: Forked by Scott Balmos and David Stipp, (C) 2001
 xl2tpd[27623]: Inherited by Jeff McAdams, (C) 2002
 xl2tpd[27623]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
 xl2tpd[27623]: Listening on IP address 0.0.0.0, port 1701
 ^Cxl2tpd[27623]: network_thread: select returned error 4 (Interrupted system call)
 Jun 04 16:38:30 wanjet1 charon[15207]: 11[CFG] received stroke: initiate 'shiftboard'
 Jun 04 16:38:30 wanjet1 charon[15207]: 10[IKE] initiating Main Mode IKE_SA shiftboard[5] to 207.224.225.34
 Jun 04 16:38:30 wanjet1 charon[15207]: 10[IKE] initiating Main Mode IKE_SA shiftboard[5] to 207.224.225.34
 Jun 04 16:38:30 wanjet1 charon[15207]: 10[ENC] generating ID_PROT request 0 [ SA V V V V V ]
 Jun 04 16:38:30 wanjet1 charon[15207]: 10[NET] sending packet: from 67.58.172.42[500] to 207.224.225.34[500] (212 bytes)
 Jun 04 16:38:30 wanjet1 charon[15207]: 15[NET] received packet: from 207.224.225.34[500] to 67.58.172.42[500] (160 bytes)
 Jun 04 16:38:30 wanjet1 charon[15207]: 15[ENC] parsed ID_PROT response 0 [ SA V V V V ]
 Jun 04 16:38:30 wanjet1 charon[15207]: 15[IKE] received XAuth vendor ID
 Jun 04 16:38:30 wanjet1 charon[15207]: 15[IKE] received NAT-T (RFC 3947) vendor ID
 Jun 04 16:38:30 wanjet1 charon[15207]: 15[IKE] received DPD vendor ID
	diff --git a/src/Setup.pl b/src/Setup.pl
	index a924d07..851b373 100644
	--- a/src/Setup.pl
	+++ b/src/Setup.pl
	@@ -109,13 +109,13 @@ sub setup {
	$param{'maxKeySize'} \|\|= 30; # maximum LHS length
	$param{'maxDataSize'} \|\|= 200; # maximum total length

	- if (!defined(@verb)) {
	+ if (!@verb) {
	1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1
	link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
	2: int: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
	link/ether 52:54:00:42:9e:e1 brd ff:ff:ff:ff:ff:ff
	3: loc: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
	link/ether 52:54:00:e6:24:58 brd ff:ff:ff:ff:ff:ff
	4: mbc: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
	link/ether 52:54:00:ab:1a:1b brd ff:ff:ff:ff:ff:ff
	5: six: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
	link/ether 52:54:00:b8:48:b9 brd ff:ff:ff:ff:ff:ff
	==> /etc/systemd/network/10-int.link <==
	[Match]
	MACAddress=52:54:00:42:9e:e1

	[Link]
	Name=int

	==> /etc/systemd/network/10-loc.link <==
	[Match]
	MACAddress=52:54:00:e6:24:58
	cjac@wanjet1:~$ grep -e six /etc/udev/rules.d/70-persistent-net.rules
	SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?", ATTR{address}=="52:54:00:b8:48:b9", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth", NAME="six"
	# USB device 0x:0x (asix)
	SUBSYSTEM=="net", ACTION=="add", DRIVERS=="?", ATTR{address}=="52:54:00:b8:48:b9", ATTR{dev_id}=="0x0", ATTR{type}=="1", KERNEL=="eth", NAME="six"
	ipcp-accept-local
	ipcp-accept-remote
	refuse-eap
	require-chap
	noccp
	noauth
	debug
	dump
	mtu 1280
	mru 1280
	root@build0:~# iptables-save \| grep nflog
	-A PREROUTING -m policy --dir in --pol ipsec -j NFLOG --nflog-group 5
	-A POSTROUTING -m policy --dir out --pol ipsec -j NFLOG --nflog-group 5
	-A INPUT -m addrtype ! --dst-type LOCAL -m policy --dir in --pol ipsec -j NFLOG --nflog-group 5
	-A INPUT -m addrtype --dst-type LOCAL -m policy --dir in --pol ipsec -j NFLOG --nflog-group 5
	-A INPUT -p udp -m multiport --dports 500,4500 -j NFLOG --nflog-group 5
	-A INPUT -p ah -j NFLOG --nflog-group 5
	-A INPUT -p esp -j NFLOG --nflog-group 5
	-A OUTPUT -m policy --dir out --pol ipsec -j NFLOG --nflog-group 5
	-A OUTPUT -p udp -m multiport --dports 500,4500 -j NFLOG --nflog-group 5
	root@build0:~# iptables-save \|
	# Generated by iptables-save v1.6.0 on Mon Jun 4 13:09:46 2018
	*mangle
	:PREROUTING ACCEPT [3377:505018]
	:INPUT ACCEPT [2933:319164]
	:FORWARD ACCEPT [0:0]
	:OUTPUT ACCEPT [2784:2661858]
	:POSTROUTING ACCEPT [2779:2661713]
	-A PREROUTING -m policy --dir in --pol ipsec -j NFLOG --nflog-group 5
	-A POSTROUTING -m policy --dir out --pol ipsec -j NFLOG --nflog-group 5
	cat > /etc/ipsec.conf <<EOF
	# ipsec.conf - strongSwan IPsec configuration file

	# basic configuration

	config setup
	# strictcrlpolicy=yes
	# uniqueids = no

	# Add connections here.
	root@build0:~# xl2tpd -D
	xl2tpd[27623]: setsockopt recvref[30]: Protocol not available
	xl2tpd[27623]: Using l2tp kernel support.
	xl2tpd[27623]: xl2tpd version xl2tpd-1.3.8 started on build0 PID:27623
	xl2tpd[27623]: Written by Mark Spencer, Copyright (C) 1998, Adtran, Inc.
	xl2tpd[27623]: Forked by Scott Balmos and David Stipp, (C) 2001
	xl2tpd[27623]: Inherited by Jeff McAdams, (C) 2002
	xl2tpd[27623]: Forked again by Xelerance (www.xelerance.com) (C) 2006-2016
	xl2tpd[27623]: Listening on IP address 0.0.0.0, port 1701
	^Cxl2tpd[27623]: network_thread: select returned error 4 (Interrupted system call)
	Jun 04 16:38:30 wanjet1 charon[15207]: 11[CFG] received stroke: initiate 'shiftboard'
	Jun 04 16:38:30 wanjet1 charon[15207]: 10[IKE] initiating Main Mode IKE_SA shiftboard[5] to 207.224.225.34
	Jun 04 16:38:30 wanjet1 charon[15207]: 10[IKE] initiating Main Mode IKE_SA shiftboard[5] to 207.224.225.34
	Jun 04 16:38:30 wanjet1 charon[15207]: 10[ENC] generating ID_PROT request 0 [ SA V V V V V ]
	Jun 04 16:38:30 wanjet1 charon[15207]: 10[NET] sending packet: from 67.58.172.42[500] to 207.224.225.34[500] (212 bytes)
	Jun 04 16:38:30 wanjet1 charon[15207]: 15[NET] received packet: from 207.224.225.34[500] to 67.58.172.42[500] (160 bytes)
	Jun 04 16:38:30 wanjet1 charon[15207]: 15[ENC] parsed ID_PROT response 0 [ SA V V V V ]
	Jun 04 16:38:30 wanjet1 charon[15207]: 15[IKE] received XAuth vendor ID
	Jun 04 16:38:30 wanjet1 charon[15207]: 15[IKE] received NAT-T (RFC 3947) vendor ID
	Jun 04 16:38:30 wanjet1 charon[15207]: 15[IKE] received DPD vendor ID