[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: IPSEC isakmpd proposal ?



Chris,

Dirk is absolutely correct!  You have confused your main mode schemes.  You
have 3DES-SHA setup and it should be either 3DES-MD5 or CAST-SHA as your
main mode on both sides.

Cheers,

Dean

-----Original Message-----
From: Chris Clifton
To: misc_(_at_)_openbsd_(_dot_)_org
Sent: 4/27/01 3:22 PM
Subject: IPSEC isakmpd proposal ?

Hello,

I have 2 OpenBSD 2.9 snapshot boxes, updated with cvs to the current
source.

I'm trying to establish an IPSEC vpn between the two boxes, in a lab
environment.


I've enabled the esp protocol, and followed the relevant faqs, but
something
is wrong with my isakmp proposal.


The two boxes are vpn-west (149.2.2.2) and vpn-east (149.3.3.3). An
openbsd
router sits between the two (149.2.2.1 and 149.3.3.1) , with static
routes
pointing to the relevant networks.

When I start isakmpd from the command line on both boxes, the following
messages result  -

vpn west :

>Apr 27 14:33:54 isakmpd[966]: message_negotiate_sa: no compatible
proposal
found
Apr 27 14:33:54 isakmpd[966]: dropped message from 149.3.3.3 port 500
due to
notification type NO_PROPOSAL_CHOSEN
Apr 27 14:34:14 isakmpd[966]: transport_send_messages: giving up on
message
0x10db00
>
>

vpn east :

>Apr 27 12:33:17 vpn-east isakmpd[27241]: message_negotiate_sa: no
compatible proposal found
Apr 27 12:33:17 vpn-east  isakmpd[27241]: dropped message from 149.2.2.2
port 500 due to notification type NO_PROPOSAL_CHOSEN
Apr 27 12:33:35 vpn-east isakmpd[27241]: transport_send_messages: giving
up
on message 0x10db00
>
>

Here are the relevant config files :


vpn-EAST -

------  isakmpd.conf ----------

[Phase 1]
149.2.2.2=  HostA

[Phase 2]
Connections=  HostB-HostA

[HostA]
Phase=   1
Transport=  udp
Local-Address=  149.3.3.3
Address=  149.2.2.2
Configuration=  Default-main-mode
Authentication=  bloak606

[HostB-HostA]
Phase=   2
ISAKMP-peer=  HostA
Configuration=  Default-quick-mode
Local-ID=  Net-B
Remote-ID=  Net-A



[Net-A]
ID-Type=  IPV4_ADDR_SUBNET
Network=  192.168.1.0
Netmask=  255.255.255.0

[Net-B]
ID-Type=  IPV4_ADDR_SUBNET
Network=  192.168.20.0
Netmask=  255.255.255.0


[Default-main-mode]
DOI=   IPSEC
EXCHANGE_TYPE=  ID_PROT
Transforms=  3DES-MD5

[Default-quick-mode]
DOI=   IPSEC
EXCHANGE_TYPE=  QUICK_MODE
Suites=   QM-ESP-3DES-SHA-PFS-SUITE,QM-ESP-DES-MD5-PFS-SUITE

[3DES-MD5]
ENCRYPTION_ALGORITHM= 3DES_CBC
HASH_ALGORITHM=  MD5
AUTHENTICATION_METHOD= PRE_SHARED
GROUP_DESCRIPTION= MODP_1024
Life=   LIFE_1_DAY

[CAST-SHA]
ENCRYPTION_ALGORITHM= CAST_CBC
HASH_ALGORITHM=  SHA
AUTHENTICATION_METHOD= PRE_SHARED
GROUP_DESCRIPTION= MODP_1536
Life=   LIFE_1_DAY

[LIFE_1_DAY]
LIFE_TYPE=  SECONDS
LIFE_DURATION=  86400,79200:93600

-------- isakmpd.policy ----------------

Comment: This policy accepts ESP SA's from a remote that uses the right
pass
Authorizer: "POLICY"
Licensees: "passphrase:bloak606"
Conditions: app_domain == "IPSec policy" && esp_present == "yes" &&
esp_enc_alg != "null" -> "true";

-------- sysctl.conf ---------------------

# $OpenBSD: sysctl.conf,v 1.21 2000/10/23 17:15:47 deraadt Exp $
#
# This file contains a list of sysctl options the user wants set at
# boot time.  See sysctl(3) and sysctl(8) for more information on
# the many available variables.
#
net.inet.ip.forwarding=1 # 1=Permit forwarding (routing) of packets
#net.inet6.ip6.forwarding=1 # 1=Permit forwarding (routing) of packets
#net.inet6.ip6.accept_rtadv=1 # 1=Permit IPv6 autoconf (forwarding must
be
0)
#net.inet.tcp.rfc1323=0  # 0=disable TCP RFC1323 extensions (for if tcp
is
slow)
net.inet.esp.enable=1  # 1=Enable the ESP IPSec protocol
net.inet.ah.enable=1  # 1=Enable the AH IPSec protocol
#ddb.panic=0   # 0=Do not drop into ddb on a kernel panic
#ddb.console=1   # 1=Permit entry of ddb from the console
#fs.posix.setuid=0  # 0=Traditional BSD chown() semantics
#vm.swapencrypt.enable=1 # 1=Encrypt pages that go to swap
#vfs.nfs.iothreads=4  # number of nfsio kernel threads
#net.inet.ip.mtudisc=1  # 1=enable tcp mtu discovery
#machdep.allowaperture=2 # See xf86(4)
#machdep.apmwarn=10  # battery % when apm status messages enabled
#machdep.apmhalt=0  # 1=powerdown hack, try if halt -p doesn't work
#machdep.kbdreset=1  # permit console CTRL-ALT-DEL to do a nice halt

-------- current dmesg ---------------------


OpenBSD 2.9-beta (COMPAQ) #1: Fri Apr 20 08:23:45 PDT 2001
    root_(_at_)_vpn-east:/usr/src/sys/arch/i386/compile/COMPAQ
cpu0: Intel Pentium II ("GenuineIntel" 686-class, 512KB L2 cache) 398
MHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SYS,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,F
XSR
real mem  = 133804032 (130668K)
avail mem = 119230464 (116436K)
using 1658 buffers containing 6791168 bytes (6632K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(c7) BIOS, date 04/14/98, BIOS32 rev. 0 @
0xec700
pcibios0 at bios0: rev. 2.1 @ 0xec700/0x3900
pcibios0: PCI IRQ Routing Table rev. 1.0 @ 0xf69e0/176 (9 entries)
pcibios0: PCI Interrupt Router at 000:20:0
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc0000/0x8000 0xc8000/0x800 0xe0000/0x8000!
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82443BX PCI-AGP" rev 0x03
ppb0 at pci0 dev 1 function 0 "Intel 82443BX AGP" rev 0x03
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 "ATI Rage Pro" rev 0x5c
wsdisplay0 at vga1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
fxp0 at pci0 dev 13 function 0 "Intel 82557" rev 0x05: irq 11, address
00:08:c7:2b:8d:dc
inphy0 at fxp0 phy 1: i82555 10/100 media interface, rev. 0
fxp1 at pci0 dev 14 function 0 "Intel 82557" rev 0x02: irq 11, address
00:60:94:23:ee:a5
inphy1 at fxp1 phy 1: i82555 10/100 media interface, rev. 0
an0 at pci0 dev 15 function 0 "Aironet PC4800 Wireless" rev 0x01: irq
11:
address 00:40:96:37:03:af
pcib0 at pci0 dev 20 function 0 "Intel 82371AB PIIX4 ISA" rev 0x02
pciide0 at pci0 dev 20 function 1 "Intel 82371AB IDE" rev 0x01: DMA,
channel
0 wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: <WDC AC21200H>
wd0: 16-sector PIO, LBA, 1222MB, 2484 cyl, 16 head, 63 sec, 2503872
sectors
pciide0: channel 0 interrupting at irq 14
wd0(pciide0:0:0): using PIO mode 4, DMA mode 2
atapiscsi0 at pciide0 channel 1
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: <COMPAQ, CRD-8322B, 1.03> SCSI0 5/cdrom
removable
pciide0: channel 1 interrupting at irq 15
cd0(pciide0:1:0): using PIO mode 4, DMA mode 2
uhci0 at pci0 dev 20 function 2 "Intel 82371AB USB" rev 0x01: irq 11
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: vendor 0x0000 UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
"Intel 82371AB Power Management" rev 0x02 at pci0 dev 20 function 3 not
configured
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
sb0 at isa0 port 0x220/24 irq 5 drq 1: dsp v3.01
midi0 at sb0: <SB MIDI UART>
audio0 at sb0
opl0 at sb0: model OPL3
midi1 at opl0: <SB Yamaha OPL3>
pcppi0 at isa0 port 0x61
midi2 at pcppi0: <PC speaker>
sysbeep0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
pccom1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
biomask c840 netmask c840 ttymask c8c2
pctr: 686-class user-level performance counters enabled
mtrr: Pentium Pro MTRR support
IP Filter: v3.4.17 initialized.  Default = pass all, Logging = enabled
dkcsum: wd0 matched BIOS disk 80
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302

-----------  current routes -----------------------

Routing tables

Internet:
Destination      Gateway            Flags
default          149.3.3.1          UG
127.0.0.0        127.0.0.1          UG
127.0.0.1        127.0.0.1          UH
149.3.0.0        link#1             U
149.3.3.1        0:60:97:df:9f:2b   UH
149.3.3.3        127.0.0.1          UGH
149.3.70.1       0:a0:c9:87:b8:a5   UH
192.168.20.0     link#2             U
192.168.20.20    0:a0:c9:87:b8:a5   UH
224.0.0.0        127.0.0.1          U

Internet6:
Destination      Gateway            Flags
default          ::1                UG
default          ::1                UG
::1              ::1                UH
::127.0.0.0      ::1                UG
::224.0.0.0      ::1                UG
::255.0.0.0      ::1                UG
::ffff:0.0.0.0   ::1                UG
2002::           ::1                UG
2002:7f00::      ::1                UG
2002:e000::      ::1                UG
2002:ff00::      ::1                UG
fe80::           ::1                UG
fe80::%fxp0      link#1             U
fe80::%fxp1      link#2             U
fe80::%lo0       fe80::1%lo0        U
fec0::           ::1                UG
ff01::           ::1                U
ff02::%fxp0      link#1             U
ff02::%fxp1      link#2             U
ff02::%lo0       fe80::1%lo0        U

---------  current ifconfig -a output ---------------

lo0: flags=8009<UP,LOOPBACK,MULTICAST> mtu 32972
 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
 inet6 ::1 prefixlen 128
 inet 127.0.0.1 netmask 0xff000000
lo1: flags=8008<LOOPBACK,MULTICAST> mtu 32972
fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
 media: Ethernet autoselect (100baseTX full-duplex)
 status: active
 inet6 fe80::208:c7ff:fe2b:8ddc%fxp0 prefixlen 64 scopeid 0x1
 inet 149.3.3.3 netmask 0xffff0000 broadcast 255.255.255.0
fxp1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
 media: Ethernet autoselect (100baseTX)
 status: active
 inet6 fe80::260:94ff:fe23:eea5%fxp1 prefixlen 64 scopeid 0x2
 inet 192.168.20.1 netmask 0xffffff00 broadcast 255.255.255.0
an0: flags=8842<BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 296
sl1: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 296
ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
ppp1: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
tun0: flags=10<POINTOPOINT> mtu 3000
tun1: flags=10<POINTOPOINT> mtu 3000
enc0: flags=0<> mtu 1536
bridge0: flags=0<> mtu 1500
bridge1: flags=0<> mtu 1500
gre0: flags=8010<POINTOPOINT,MULTICAST> mtu 1450
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
gif1: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
gif2: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
gif3: flags=8010<POINTOPOINT,MULTICAST> mtu 1280



============================================
============================================


vpn-WEST

--------- isakmpd.conf -------------------

[Phase 1]
149.3.3.3=  HostB

[Phase 2]
Connections=  HostA-HostB

[HostB]
Phase=   1
Transport=  udp
Local-Address=  149.2.2.2
Address=  149.3.3.3
Configuration=  Default-main-mode
Authentication=  bloak606

[HostA-HostB]
Phase=   2
ISAKMP-peer=  HostB
Configuration=  Default-quick-mode
Local-ID=  Net-A
Remote-ID=  Net-B



[Net-A]
ID-Type=  IPV4_ADDR_SUBNET
Network=  192.168.1.0
Netmask=  255.255.255.0

[Net-B]
ID-Type=  IPV4_ADDR_SUBNET
Network=  192.168.20.0
Netmask=  255.255.255.0


[Default-main-mode]
DOI=   IPSEC
EXCHANGE_TYPE=  ID_PROT
Transforms=  3DES-SHA

[Default-quick-mode]
DOI=   IPSEC
EXCHANGE_TYPE=  QUICK_MODE
Suites=   QM-ESP-3DES-SHA-PFS-SUITE,QM-ESP-DES-MD5-PFS-SUITE


[3DES-MD5]
ENCRYPTION_ALGORITHM= 3DES_CBC
HASH_ALGORITHM=  MD5
AUTHENTICATION_METHOD= PRE_SHARED
GROUP_DESCRIPTION= MODP_1024
Life=   LIFE_1_DAY


[CAST-SHA]
ENCRYPTION_ALGORITHM= CAST_CBC
HASH_ALGORITHM=  SHA
AUTHENTICATION_METHOD= PRE_SHARED
GROUP_DESCRIPTION= MODP_1536
Life=   LIFE_1_DAY

[LIFE_1_DAY]
LIFE_TYPE=  SECONDS
LIFE_DURATION=  86400,79200:93600


---------- isakmpd.policy -------------------

Comment: This policy accepts ESP SA's from a remote that uses the right
pass
Authorizer: "POLICY"
Licensees: "passphrase:bloak606"
Conditions: app_domain == "IPSec policy" && esp_present == "yes" &&
esp_enc_alg != "null" -> "true";

------------  sysctl.conf -----------------

# $OpenBSD: sysctl.conf,v 1.21 2000/10/23 17:15:47 deraadt Exp $
#
# This file contains a list of sysctl options the user wants set at
# boot time.  See sysctl(3) and sysctl(8) for more information on
# the many available variables.
#
net.inet.ip.forwarding=1 # 1=Permit forwarding (routing) of packets
#net.inet6.ip6.forwarding=1 # 1=Permit forwarding (routing) of packets
#net.inet6.ip6.accept_rtadv=1 # 1=Permit IPv6 autoconf (forwarding must
be
0)
#net.inet.tcp.rfc1323=0  # 0=disable TCP RFC1323 extensions (for if tcp
is
slow)
net.inet.esp.enable=1  # 1=Enable the ESP IPSec protocol
net.inet.ah.enable=1  # 1=Enable the AH IPSec protocol
#ddb.panic=0   # 0=Do not drop into ddb on a kernel panic
#ddb.console=1   # 1=Permit entry of ddb from the console
#fs.posix.setuid=0  # 0=Traditional BSD chown() semantics
#vm.swapencrypt.enable=1 # 1=Encrypt pages that go to swap
#vfs.nfs.iothreads=4  # number of nfsio kernel threads
#net.inet.ip.mtudisc=1  # 1=enable tcp mtu discovery
#machdep.allowaperture=2 # See xf86(4)
#machdep.apmwarn=10  # battery % when apm status messages enabled
#machdep.apmhalt=0  # 1=powerdown hack, try if halt -p doesn't work
#machdep.kbdreset=1  # permit console CTRL-ALT-DEL to do a nice halt

---------- current dmesg output ----------------------

rebooting...
OpenBSD 2.9 (COMPAQ) #0: Sat Apr 21 11:14:17 PDT 2001
    root_(_at_)_vpn-west:/usr/src/sys/arch/i386/compile/COMPAQ
cpu0: Intel Pentium II ("GenuineIntel" 686-class, 512KB L2 cache) 398
MHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SYS,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,F
XSR
real mem  = 133804032 (130668K)
avail mem = 119894016 (117084K)
using 1658 buffers containing 6791168 bytes (6632K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(c7) BIOS, date 04/14/98, BIOS32 rev. 0 @
0xec700
pcibios0 at bios0: rev. 2.1 @ 0xec700/0x3900
pcibios0: PCI IRQ Routing Table rev. 1.0 @ 0xf69e0/176 (9 entries)
pcibios0: PCI Interrupt Router at 000:20:0
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc0000/0x8000 0xc8000/0x800 0xe0000/0x8000!
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82443BX PCI-AGP" rev 0x03
ppb0 at pci0 dev 1 function 0 "Intel 82443BX AGP" rev 0x03
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 "ATI Rage Pro" rev 0x5c
wsdisplay0 at vga1: console (80x25, vt100 emulation)
wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
fxp0 at pci0 dev 13 function 0 "Intel 82557" rev 0x05: irq 11, address
00:08:c7:1b:ea:dc
inphy0 at fxp0 phy 1: i82555 10/100 media interface, rev. 0
fxp1 at pci0 dev 15 function 0 "Intel 82557" rev 0x01: irq 11, address
00:a0:c9:20:78:c2
nsphy0 at fxp1 phy 1: DP83840 10/100 media interface, rev. 0
pcib0 at pci0 dev 20 function 0 "Intel 82371AB PIIX4 ISA" rev 0x02
pciide0 at pci0 dev 20 function 1 "Intel 82371AB IDE" rev 0x01: DMA,
channel
0 wired to compatibility, channel 1 wired to compatibility
wd0 at pciide0 channel 0 drive 0: <Maxtor 30845H1>
wd0: 16-sector PIO, LBA, 8047MB, 16351 cyl, 16 head, 63 sec, 16481808
sectors
pciide0: channel 0 interrupting at irq 14
wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 2
atapiscsi0 at pciide0 channel 1
scsibus0 at atapiscsi0: 2 targets
cd0 at scsibus0 targ 0 lun 0: <COMPAQ, CRD-8322B, 1.03> SCSI0 5/cdrom
removable
pciide0: channel 1 interrupting at irq 15
cd0(pciide0:1:0): using PIO mode 4, DMA mode 2
uhci0 at pci0 dev 20 function 2 "Intel 82371AB USB" rev 0x01: irq 11
usb0 at uhci0: USB revision 1.0
uhub0 at usb0
uhub0: vendor 0x0000 UHCI root hub, class 9/0, rev 1.00/1.00, addr 1
uhub0: 2 ports with 2 removable, self powered
"Intel 82371AB Power Management" rev 0x02 at pci0 dev 20 function 3 not
configured
isa0 at pcib0
isadma0 at isa0
pckbc0 at isa0 port 0x60/5
pckbd0 at pckbc0 (kbd slot)
pckbc0: using irq 1 for kbd slot
wskbd0 at pckbd0: console keyboard, using wsdisplay0
pcppi0 at isa0 port 0x61
sysbeep0 at pcppi0
lpt0 at isa0 port 0x378/4 irq 7
npx0 at isa0 port 0xf0/16: using exception 16
pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec
biomask c840 netmask c840 ttymask c8c2
pctr: 686-class user-level performance counters enabled
mtrr: Pentium Pro MTRR support
IP Filter: v3.4.17 initialized.  Default = pass all, Logging = enabled
dkcsum: wd0 matched BIOS disk 80
root on wd0a
rootdev=0x0 rrootdev=0x300 rawdev=0x302

-------------- current routes ---------------------



Routing tables

Internet:
Destination      Gateway            Flags
default          149.2.2.1          UG
127.0.0.0        127.0.0.1          UG
127.0.0.1        127.0.0.1          UH
149.2.0.0        link#1             U
149.2.2.1        0:e0:18:80:42:91   UH
149.2.2.2        127.0.0.1          UGH
192.168.1.0      link#2             U
224.0.0.0        127.0.0.1          U

Internet6:
Destination      Gateway            Flags
default          ::1                UG
default          ::1                UG
::1              ::1                UH
::127.0.0.0      ::1                UG
::224.0.0.0      ::1                UG
::255.0.0.0      ::1                UG
::ffff:0.0.0.0   ::1                UG
2002::           ::1                UG
2002:7f00::      ::1                UG
2002:e000::      ::1                UG
2002:ff00::      ::1                UG
fe80::           ::1                UG
fe80::%fxp0      link#1             U
fe80::%fxp1      link#2             U
fe80::%lo0       fe80::1%lo0        U
fec0::           ::1                UG
ff01::           ::1                U
ff02::%fxp0      link#1             U
ff02::%fxp1      link#2             U
ff02::%lo0       fe80::1%lo0        U

-------------- current ifconfig -a output --------------


lo0: flags=8009<UP,LOOPBACK,MULTICAST> mtu 32972
 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
 inet6 ::1 prefixlen 128
 inet 127.0.0.1 netmask 0xff000000
lo1: flags=8008<LOOPBACK,MULTICAST> mtu 32972
fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
 media: Ethernet autoselect (100baseTX full-duplex)
 status: active
 inet6 fe80::208:c7ff:fe1b:eadc%fxp0 prefixlen 64 scopeid 0x1
 inet 149.2.2.2 netmask 0xffff0000 broadcast 255.255.255.0
fxp1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
 media: Ethernet autoselect (none)
 status: no carrier
 inet6 fe80::2a0:c9ff:fe20:78c2%fxp1 prefixlen 64 scopeid 0x2
 inet 192.168.1.1 netmask 0xffffff00 broadcast 255.255.255.0
sl0: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 296
sl1: flags=c010<POINTOPOINT,LINK2,MULTICAST> mtu 296
ppp0: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
ppp1: flags=8010<POINTOPOINT,MULTICAST> mtu 1500
tun0: flags=10<POINTOPOINT> mtu 3000
tun1: flags=10<POINTOPOINT> mtu 3000
enc0: flags=0<> mtu 1536
bridge0: flags=0<> mtu 1500
bridge1: flags=0<> mtu 1500
gre0: flags=8010<POINTOPOINT,MULTICAST> mtu 1450
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
gif1: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
gif2: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
gif3: flags=8010<POINTOPOINT,MULTICAST> mtu 1280



Visit your host, monkey.org