[Openswan dev] Help needed with Openswan
Sumit Kala
sumitk31 at gmail.com
Sat Jun 25 01:39:43 EDT 2011
Hello Fellow Members,
I have been trying to setup IPSEC encryption between two linux boxes.
I have a server application which runs on Linux Box A
and a client application which runs on Linux Box B.
The client sends the data to server.
I have captured wireshark logs at both server and client end.
In the wireshark logs I can see that the Box B send ESP packets to the Box
A.
But the server Application running at Box A is is not able to get any
packets.
If I turn the policy off at Box B, Box B sends normal UDP data packets to
Box A, but still the Server Application running at box A doesn't get any
packets.( Expected behavior since policy at Box A enforces that all packets
coming from Box B should be encrypted.)
If I turn the policy off at Box A and Box B both, the server application
receives the unencrypted data which is also expected behavior.
But when the policy is turned on at both the boxes the encrypted packets
reach the Box A but are not delivered to the server application.
If anyone has faced such issue please help me to debug this issue.
I have attached the ifconfig and policy settings at Box A and Box B for your
reference.
Thanks & Regards,
Sumit
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/dev/attachments/20110625/c7a1b2ce/attachment.html
-------------- next part --------------
root at 172.16.117.101[/nfs-server]# ifconfig
eth0 Link encap:Ethernet HWaddr 6C:F0:49:EF:EB:F8
inet addr:172.16.117.101 Bcast:172.16.117.255 Mask:255.255.255.0
inet6 addr: fe80::6ef0:49ff:feef:ebf8/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:96630 errors:0 dropped:0 overruns:0 frame:0
TX packets:16420 errors:0 dropped:0 overruns:0 carrier:1
collisions:0 txqueuelen:1000
RX bytes:8833640 (8.4 MiB) TX bytes:1176900 (1.1 MiB)
Interrupt:28
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:180 errors:0 dropped:0 overruns:0 frame:0
TX packets:180 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:21685 (21.1 KiB) TX bytes:21685 (21.1 KiB)
virbr0 Link encap:Ethernet HWaddr DA:FF:81:14:66:23
inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:14 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:3869 (3.7 KiB)
-------------- next part --------------
root at 172.16.117.201[/nfs-server]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:1E:C9:5C:8D:54
inet addr:172.16.117.201 Bcast:172.16.255.255 Mask:255.255.0.0
inet6 addr: fe80::21e:c9ff:fe5c:8d54/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:1681828 errors:0 dropped:0 overruns:0 frame:0
TX packets:640867 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1766878568 (1.6 GiB) TX bytes:48572009 (46.3 MiB)
Interrupt:16
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:195283423 errors:0 dropped:0 overruns:0 frame:0
TX packets:195283423 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:1168128985 (1.0 GiB) TX bytes:1168128985 (1.0 GiB)
virbr0 Link encap:Ethernet HWaddr 1E:04:6F:97:FE:0C
inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:163 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:29115 (28.4 KiB)
-------------- next part --------------
flush;
spdflush;
spdadd 172.16.117.101/24 172.16.117.201/24 any -P out ipsec
esp/transport//require;
spdadd 172.16.117.201/24 172.16.117.101/24 any -P in ipsec
esp/transport//require;
add 172.16.117.101 172.16.117.201 esp 0x201
-E 3des-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831;
add 172.16.117.201 172.16.117.101 esp 0x301
-E 3des-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df;
-------------- next part --------------
flush;
spdflush;
# I am gateway A (eth0:192.168.1.130, eth1:200.200.200.10)
#
# Security policies
spdadd 172.16.117.201/24 172.16.117.101/24 any -P out ipsec
esp/transport//require;
spdadd 172.16.117.101/24 172.16.117.201/24 any -P in ipsec
esp/transport//require;
add 172.16.117.201 172.16.117.101 esp 0x201
-E 3des-cbc 0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831;
add 172.16.117.101 172.16.117.201 esp 0x301
-E 3des-cbc 0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df;
More information about the Dev
mailing list