Netstat, charon, ipsec, SSH, VPN, Tunneling Packages

dizzy51413

n00b
Joined
Jun 8, 2021
Messages
6
On a Debian workstation that was recently installed I tried to remove VPN and tunneling packages because I don't use them. Specifically pptp-linux, xl2tpd, strongswan-charon, and strongswan, but apt will not allow them to be removed without alternate packages for VPN being installed. That doesn't seem normal to me.

Additionally, if I boot this system with networking disabled I noticed in netstat that the system starts with active connections:
UDP 0 0 0.0.0.0:isakmp(local) 0.0.0.0:*(foreign)
UDP 0 0 0.0.0.0:ipsec-nat-t(local) 0.0.0.0:*(foreign)

Is that normal for a machine with no VPN setup?

Netstat also shows a process listening for Charon even though it is not installed, only libs are:
/var/run/charon.ctl

Questions About Netstat Output
1. What is the difference between Unix 1, Unix 2, Unix 3?
2. In the output what does ACC mean under the flags column? I can't find anything online that defines netstat flags.
3. What does the number listed in the inode column refer to?

Also, each time I boot this system it generates a socket file @/tmp/ssh-random_letters/agent.random_numbers and the random letters and numbers in the file names change on every boot. Is that normal?

This is accompanied by multiple other connections that reference the same random number in the agent.XXX file. There are also multiple @/tmp/dbus_random-letters stream connections.

How can I convert socket files to human readable so I can review the content?
 
Back
Top