NetMAXFAQ : NetMAX VPN Server Suite (Virtual Private Networking) : Hints / Suggestions :
Are there new VPN-specific entries in /proc?
address-suppressed
You may have noticed that there are some entries under the /proc directory that are not present in other NetMAX products. Here are the VPN-specific entries and a brief explanation of each: /proc/net/ipsec_eroute Displays information about current VPN routes. Example: 99.1.1.1/32 -> 10.0.0.0/8 => tun0x3d10b014@99.1.2.1 99.1.1.1/32 -> 99.1.2.1/32 => tun0xb6449669@99.1.2.1 "99.1.1.1/32 -> 10.0.0.0/8" means there is a connection from a host 99.1.1.1 to a network 10.0.0.0. It is known that "99.1.1.1" is a host because it is immediately followed by a "/32" (The subnet mask which identifies a single host) It is known that 10.0.0.0 is a network because it is not immediately followed by a "/32" "tun0x3d10b014@99.1.2.1" signifies that we are creating a tunnel with 99.1.2.1 as the gateway. For additional details on interpreting the "0x3d10b014" part, type 'man ipsec_spi' from the UNIX command line. /proc/net/ipsec_klipsdebug Specifies current debugging features and level for IPSEC communications. Example: debug_tunnel=00000000. debug_netlink=00000000. debug_xform=00000000. debug_eroute=00000000. debug_spi=00000000. debug_radij=00000000. debug_esp=00000000. debug_ah=00000000. debug_rcv=00000000. debug_pfkey=00000000. For additional information on interpreting this output, type man ipsec_klipsdebug from the UNIX command line. /proc/net/ipsec_spi Contains detailed information about current security associations and their configuration. Tells which hosts are involved in the connection, how they are communicating, key lifetimes and more. Example: tun0x8a649b6f@99.1.2.1 IPIP: dir=out 99.1.1.1 -> 99.1.2.1 life(c,s,h)=add(206523,0,0) esp0x835890e@99.1.2.1 ESP_3DES_HMAC_SHA1: dir=out ooowin=16 seq=2 alen=160 aklen=20 eklen=24 life(c,s,h)=bytes(256,0,0)add(206452,0,0)use(206465,0,0)packets(2,0,0) idle=63 esp0x8a649b6f@99.1.2.1 ESP_3DES_HMAC_SHA1: dir=out ooowin=16 alen=160 aklen=20 eklen=24 life(c,s,h)=add(206523,0,0) tun0xdbf0ae23@99.1.1.1 IPIP: dir=in 99.1.2.1 -> 99.1.1.1 life(c,s,h)=add(206523,0,0) For additional details on interpreting this output, type 'man ipsec_spi' from the UNIX command line. /proc/net/ipsec_spigrp Displays information about groups of security associations. Similar to ipsec_spi. Example: tun0x59905deb@192.245.33.149 esp0x59905deb@192.245.33.149 tun0x5e400cfd@24.131.112.149 esp0x5e400cfd@24.131.112.149 For additional details on interpreting this output, type 'man ipsec_spigrp' from the UNIX command line. /proc/net/ipsec_spinew Contains the next Security Parameters Index that will be used to negotiate security associations. This value will change every time it is accessed, to ensure unique identification of new security associations. Example: 0x1014 /proc/net/ipsec_tncfg Displays information about which VPN "virtual" interfaces are associated with which "real" interface. Example: ipsec0 -> eth0 mtu=1480 -> 1500 In this example, the "virtual" interface ipsec0 is associated with the "real" interface eth0. The "virtual" interface has been configured to have an mtu value of 1480, while the "real" interface has an mtu of 1500. For additional details on interpreting this output, type 'man ipsec_tncfg' from the UNIX command line. /proc/net/ipsec_version Contains the current version of the IPSEC kernel patches running. Example: FreeS/WAN version: 1.3address-suppressed
How do I configure SSH for remote administration and shell logins?