I've got two ubuntu vms testing openswan to openswan in a site to site configuration, with a host on each side. <br><br>Host 1 ------------------ Openswan1==tunnel==Openswan2-----------------Host2<br>192.168.1.5 x.x1.1 11.11.11.1 11.11.11.2 10.10.10.1 10.10.10.2<br>
<br>When i send data via netcat from Host2 to Host1, im sniffing with wireshark on 11.11.11.1 on the openswan1 machine. And what i'll see is an ESP packet for 11.11.11.2 to 11.11.11.1 then two TCP packet that are 10.10.10.2 to 192.168.1.5. It's not in a 1 by one manner. There will often be two TCP then one ESP packets in the stream.<br>
<br>Is this behavour normal? I would expect all the traffic to be seen as encrypted ESP data.<br><br>config for connection is as follows:<br><br>conn long<br> left=11.11.11.1<br> leftnexthop=11.11.11.2<br> leftsubnet=<a href="http://192.168.1.0/24">192.168.1.0/24</a><br>
leftrsasigkey=sddsgdg...<br> right=11.11.11.2<br> rightnexthop=11.11.11.1<br> rightsubnet=<a href="http://10.10.10.0/24">10.10.10.0/24</a><br> rightrsasigkey=sdfdsfsdfs...<br> auto=start<br><br>Thanks,<br>
<br>Ryan<br>