[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
don't get any encrypted packets! - at least I think so!
Hi,
I'm using the Linux-implementation of ipsec (FreeSwan), but this is a very
general problem.
I just wanted to check the secure tunnel between two gateways - but I didn't
get any encrypted packets and I already have most of the RTFM-stuff behind
me. Maybe it's just a little thing I didn't get.
Here's the constellation:
gw1 gw2
------------ ------------ client
| | | | _______
| | | |
| | | |---| |
| | | |
| | | | |_______|
| | | |
| | | | 192.168.2.2
------|------ ------|------
eth0 eth1 eth1 eth0
192.168.1.1 192.168.3.1 192.168.3.2 192.168.2.1
leftsubnet: \ / rightsubnet:
192.168.1.0/24 \ / 192.168.2.0/24
monitoring
______________
|_____________ |
192.168.3.3
Up to here a quite normal installation, I think. When I start ipsec no error
occurs.
Target is to see whether packets in the tunnel are really encrypted.
On the client I start some icmp-packets (ping 192.168.1.1 -p aabbccddeeff).
On the monitoring-machine I start tcpdump (tcpdump -i eth0 -v -x icmp).
When the tunnel is established, the packets sniffed by monitoring-machine
arrive in plain text (aabbccddeeff ...) - this must not be I suppose! Packets
exchanged by the 2 gateways must be encrypted!
Is it possible that packets between 192.168.2.2 (client) and 192.168.1.1 are
bypassed by normal routing-machine since 192.168.3.0/24 appears in the first
rang of the routing-table (just another stupid question - I know!) even if
the device is eth1 not ipsec0?
Kernel IP routing table (gw2)
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0
ipsec0 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0
0 eth0 192.168.1.0 192.168.3.1 255.255.255.0 UG 0 0
0 ipsec0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0
0 lo
Could anybody help me please?
Maybe there are other ways of being sure that the packets are encrypted - I
think sniffing on the gateways (i.e. with ethereal) won't work - if the
connection between them is not explicitly configured. But there was quite an
interesting think I recognized: sniffing on ipsec0, I didn't see any
encryption at all, sniffing on eth1 I saw ESP-packets. Is there an
explanation for that?
Thanks a lot,
Herbert
Herbert Schmid
explido GmbH & Co. KG
Gneisenaustr. 15
86167 Augsburg
Tel.: (08 21) 21 77 95 20
Fax: (08 21) 2 17 79 59
www.explido.de
www.promotionwelt.de
www.beschaffungswelt.de
-------------------------------------------------------
--
Herbert Schmid
explido GmbH & Co. KG
Gneisenaustr. 15
86167 Augsburg
Tel.: (08 21) 21 77 95 20
Fax: (08 21) 2 17 79 59
www.explido.de
www.promotionwelt.de
www.beschaffungswelt.de