[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
IPSEC testing between implementation over Internet?
I *did* saw someone mention about a IPSEC testing possibility, but I
failed to find the mail from archives (I guess I am blind or the
topic is not such that I recognized it).
At some point fairly soon I would like to check if my version of IPSEC
would actually work with anyone else. My "picture" is as follows
"my client machine H1"
----> PPP dialup (dynamic address from [130.188.150.*])
---> some test destination?
I don't have IKE, only manual keys. What I would really love, is
following configurations
H1* -> (internet) --> H2* (with a local Web server)
e.g. I would use Web browser over IPSEC link to
server on H2.
or even more ambitious combination (tunnel variations)
H1* -> (internet) --> SG2* <---> some web servers
But, any simple way to find out if my packet munging code is
working correctly, will do equally well (except I hate to read
hexdumps)
-------
ps.
In this latter configuration, it seems that it will work with
standard internet service hosts only if for some reason the packets
destined to H1 are routed by default to SG2? (e.g. SG2 is also a
normal router for the subnet).
This is somewhat worrying as the normal situation would be at this
stage (it is unlikely for R1 to have IPSEC)
H1* <--> (internet) <--> R1/Firewall <--> SG2* <--> H2
If H2 is standard PC or host inside company network, it will
by default route packets destined to H1 to R1, and not to SG2?
Does this mean that any IPSEC testing with this type of
configs need a change in H2's routing info (or do we have
SG2's that automaticly request routing by IGMP or what?)
--
Markku Savela (msa@hemuli.tte.vtt.fi), Technical Research Centre of Finland
Multimedia Systems, P.O.Box 1203,FIN-02044 VTT,http://www.vtt.fi/tte/staff/msa/