[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

don't get any encrypted packets! - at least I think so!

To: ipsec@lists.tislabs.com
Subject: don't get any encrypted packets! - at least I think so!
From: Herbert Schmid <herbert.schmid@explido.de>
Date: Wed, 28 Mar 2001 09:44:12 +0000
Organization: explido
Reply-To: herbert.schmid@explido.de
Sender: owner-ipsec@lists.tislabs.com

Hi,

I'm using the Linux-implementation of ipsec (FreeSwan), but this is a very 
general problem.
I just wanted to check the secure tunnel between two gateways - but I didn't
get any encrypted packets and I already have most of the RTFM-stuff behind
 me. Maybe it's just a little thing I didn't get.
Here's the constellation:


		gw1				gw2

	------------	    ------------	client
	|     			|	|			|	_______
	|			|	|			|
	|			|	|			|---|		|
	|			|	|			|
	|			|	|			|	|_______|
	|			|	|			|
	|			|	|			|	192.168.2.2
	------|------	    ------|------
	eth0		eth1		eth1		eth0
    192.168.1.1  192.168.3.1   192.168.3.2  192.168.2.1

leftsubnet:		\	    /			rightsubnet:
192.168.1.0/24		 \	  /			192.168.2.0/24

			    monitoring
			______________

			|_____________	|

			    192.168.3.3


Up to here a quite normal installation, I think. When I start ipsec no error
occurs.

Target is to see whether packets in the tunnel are really encrypted.
On the client I start some icmp-packets (ping 192.168.1.1 -p aabbccddeeff).
On the monitoring-machine I start tcpdump (tcpdump -i eth0 -v -x icmp).
When the tunnel is established, the packets sniffed by monitoring-machine
arrive in plain text (aabbccddeeff ...) - this must not be I suppose! Packets
exchanged by the 2 gateways must be encrypted!

Is it possible that packets between 192.168.2.2 (client) and 192.168.1.1 are
bypassed by normal routing-machine since 192.168.3.0/24 appears in the first
rang of the routing-table (just another stupid question - I know!) even if
the device is eth1 not ipsec0?

Kernel IP routing table (gw2)
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.3.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
192.168.3.0     0.0.0.0         255.255.255.0   U     0      0        0
 ipsec0 192.168.2.0     0.0.0.0         255.255.255.0   U     0      0
 0 eth0 192.168.1.0     192.168.3.1     255.255.255.0   UG    0      0
 0 ipsec0 127.0.0.0       0.0.0.0         255.0.0.0       U     0      0
   0 lo

Could anybody help me please?
Maybe there are other ways of being sure that the packets are encrypted - I
think sniffing on the gateways (i.e. with ethereal) won't work - if the
connection between them is not explicitly configured. But there was quite an
interesting think I recognized: sniffing on ipsec0, I didn't see any
encryption at all, sniffing on eth1 I saw ESP-packets. Is there an
explanation for that?

Thanks a lot,

Herbert

Herbert Schmid
explido GmbH & Co. KG
Gneisenaustr. 15
86167 Augsburg

Tel.: (08 21) 21 77 95 20
Fax:  (08 21) 2 17 79 59
www.explido.de
www.promotionwelt.de
www.beschaffungswelt.de

-------------------------------------------------------

-- 
Herbert Schmid
explido GmbH & Co. KG
Gneisenaustr. 15
86167 Augsburg

Tel.: (08 21) 21 77 95 20
Fax:  (08 21) 2 17 79 59
www.explido.de
www.promotionwelt.de
www.beschaffungswelt.de

Prev by Date: don't get any encrypted packets!
Next by Date: Re: SCTP and IPsec issues
Prev by thread: Re: don't get any encrypted packets!
Next by thread: No Subject
Index(es):
- Main
- Thread