[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

No Subject

To: ipsec@lists.tislabs.com
From: owner-ipsec@lists.tislabs.com (by way of Listmaster)
Date: Wed, 28 Mar 2001 14:13:00 -0500
Sender: owner-ipsec@lists.tislabs.com

Approved; Dob.ipsec
 >From majordomo-owner  Wed Mar 28 02:46:24 2001
Received: from wolfultra.a.profi.net (ns.hassler.net [194.8.77.20])
	by lists.tislabs.com (8.9.1/8.9.1) with SMTP id CAA07963
	Wed, 28 Mar 2001 02:46:23 -0500 (EST)
Received: (qmail 16876 invoked from network); 28 Mar 2001 07:50:35 -0000
Received: from ethergate4.a.profi.net (HELO mail.explido.de) (root@194.8.77.9)
   by wolfultra.a.profi.net with SMTP; 28 Mar 2001 07:50:35 -0000
Received: from herbert ([194.8.79.51])
	by mail.explido.de (8.9.3/8.9.3/Linux 8.9.3) with SMTP id JAA18456
	for <ipsec@lists.tislabs.com>; Wed, 28 Mar 2001 09:33:39 +0200
From: Herbert Schmid <herbert.schmid@explido.de>
Reply-To: herbert.schmid@explido.de
Organization: explido
To: ipsec@lists.tislabs.com
Subject: don't get any encrypted packets!
Date: Wed, 28 Mar 2001 08:08:42 +0000
X-Mailer: KMail [version 1.1.99]
Content-Type: text/plain;
   charset="iso-8859-1"
MIME-Version: 1.0
Message-Id: <01032808084201.00540@herbert>
Content-Transfer-Encoding: 8bit

Hi,

I just wanted to check the secure tunnel between two gateways - but I didn't
get any encrypted packets and I already have most of the RTFM-stuff behind
  me. Maybe it's just a little thing I didn't get.
Here's the constellation:


		gw1				gw2

	------------	    ------------	client

	|     			|	|			|	_______
	|			|	|			|
	|			|	|			|---|		|
	|			|	|			|
	|			|	|			|	|_______|
	|			|	|			|
	|			|	|			|	192.168.2.2

	------|------	    ------|------
	eth0		eth1		eth1		eth0
     192.168.1.1  192.168.3.1   192.168.3.2  192.168.2.1

leftsubnet:		\	    /			rightsubnet:
192.168.1.0/24		\	  /			192.168.2.0/24

			    monitoring
			______________

			|_____________	|

			    192.168.3.3


Up to here a quite normal installation, I think. When I start ipsec no error
occurs.

Target is to see whether packets in the tunnel are really encrypted.
On the client I start some icmp-packets (ping 192.168.1.1 -p aabbccddeeff).
On the monitoring-machine I start tcpdump (tcpdump -i eth0 -v -x icmp).
When the tunnel is established, the packets sniffed by monitoring-machine
arrive in plain text (aabbccddeeff ...) - this must not be I suppose! Packets
exchanged by the 2 gateways must be encrypted!

Is it possible that packets between 192.168.2.2 (client) and 192.168.1.1 are
bypassed by normal routing-machine since 192.168.3.0/24 appears in the first
rang of the routing-table (just another stupid question - I know!) even if
the device is eth1 not ipsec0?

Kernel IP routing table (gw2)
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.3.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
192.168.3.0     0.0.0.0         255.255.255.0   U     0      0        0
  ipsec0 192.168.2.0     0.0.0.0         255.255.255.0   U     0      0
  0 eth0 192.168.1.0     192.168.3.1     255.255.255.0   UG    0      0
  0 ipsec0 127.0.0.0       0.0.0.0         255.0.0.0       U     0      0
    0 lo

Could anybody help me please?
Maybe there are other ways of being sure that the packets are encrypted - I
think sniffing on the gateways (i.e. with ethereal) won't work - if the
connection between them is not explicitly configured. But there was quite an
interesting think I recognized: sniffing on ipsec0, I didn't see any
encryption at all, sniffing on eth1 I saw ESP-packets. Is there an
explanation for that?

Thanks a lot,

Herbert

Herbert Schmid
explido GmbH & Co. KG
Gneisenaustr. 15
86167 Augsburg

Tel.: (08 21) 21 77 95 20
Fax:  (08 21) 2 17 79 59
www.explido.de
www.promotionwelt.de
www.beschaffungswelt.de

Prev by Date: Re: SCTP and IPsec issues
Next by Date: Re: SCTP and IPsec issues
Prev by thread: don't get any encrypted packets! - at least I think so!
Next by thread: help
Index(es):
- Main
- Thread