[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
No Subject
Approved; Dob.ipsec
>From majordomo-owner Wed Mar 28 02:46:24 2001
Received: from wolfultra.a.profi.net (ns.hassler.net [194.8.77.20])
by lists.tislabs.com (8.9.1/8.9.1) with SMTP id CAA07963
Wed, 28 Mar 2001 02:46:23 -0500 (EST)
Received: (qmail 16876 invoked from network); 28 Mar 2001 07:50:35 -0000
Received: from ethergate4.a.profi.net (HELO mail.explido.de) (root@194.8.77.9)
by wolfultra.a.profi.net with SMTP; 28 Mar 2001 07:50:35 -0000
Received: from herbert ([194.8.79.51])
by mail.explido.de (8.9.3/8.9.3/Linux 8.9.3) with SMTP id JAA18456
for <ipsec@lists.tislabs.com>; Wed, 28 Mar 2001 09:33:39 +0200
From: Herbert Schmid <herbert.schmid@explido.de>
Reply-To: herbert.schmid@explido.de
Organization: explido
To: ipsec@lists.tislabs.com
Subject: don't get any encrypted packets!
Date: Wed, 28 Mar 2001 08:08:42 +0000
X-Mailer: KMail [version 1.1.99]
Content-Type: text/plain;
charset="iso-8859-1"
MIME-Version: 1.0
Message-Id: <01032808084201.00540@herbert>
Content-Transfer-Encoding: 8bit
Hi,
I just wanted to check the secure tunnel between two gateways - but I didn't
get any encrypted packets and I already have most of the RTFM-stuff behind
me. Maybe it's just a little thing I didn't get.
Here's the constellation:
gw1 gw2
------------ ------------ client
| | | | _______
| | | |
| | | |---| |
| | | |
| | | | |_______|
| | | |
| | | | 192.168.2.2
------|------ ------|------
eth0 eth1 eth1 eth0
192.168.1.1 192.168.3.1 192.168.3.2 192.168.2.1
leftsubnet: \ / rightsubnet:
192.168.1.0/24 \ / 192.168.2.0/24
monitoring
______________
|_____________ |
192.168.3.3
Up to here a quite normal installation, I think. When I start ipsec no error
occurs.
Target is to see whether packets in the tunnel are really encrypted.
On the client I start some icmp-packets (ping 192.168.1.1 -p aabbccddeeff).
On the monitoring-machine I start tcpdump (tcpdump -i eth0 -v -x icmp).
When the tunnel is established, the packets sniffed by monitoring-machine
arrive in plain text (aabbccddeeff ...) - this must not be I suppose! Packets
exchanged by the 2 gateways must be encrypted!
Is it possible that packets between 192.168.2.2 (client) and 192.168.1.1 are
bypassed by normal routing-machine since 192.168.3.0/24 appears in the first
rang of the routing-table (just another stupid question - I know!) even if
the device is eth1 not ipsec0?
Kernel IP routing table (gw2)
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.3.0 0.0.0.0 255.255.255.0 U 0 0 0
ipsec0 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0
0 eth0 192.168.1.0 192.168.3.1 255.255.255.0 UG 0 0
0 ipsec0 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0
0 lo
Could anybody help me please?
Maybe there are other ways of being sure that the packets are encrypted - I
think sniffing on the gateways (i.e. with ethereal) won't work - if the
connection between them is not explicitly configured. But there was quite an
interesting think I recognized: sniffing on ipsec0, I didn't see any
encryption at all, sniffing on eth1 I saw ESP-packets. Is there an
explanation for that?
Thanks a lot,
Herbert
Herbert Schmid
explido GmbH & Co. KG
Gneisenaustr. 15
86167 Augsburg
Tel.: (08 21) 21 77 95 20
Fax: (08 21) 2 17 79 59
www.explido.de
www.promotionwelt.de
www.beschaffungswelt.de