[Openswan Users]
How to see the outgoing decrypted packets with kernel 2.6 ?
Jacques Valot
jacquesvalot at hotmail.com
Mon Jun 27 10:44:08 CEST 2005
I use Openswan 2.3.0 on Linux kernel 2.6.10.
The tunnel is operationnal and I can see ESP packets in both directions with
a tcpdump command. With this same tcpdump command I can see the incoming
decrypted IP packet BUT THE PROBLEM is that I don't see the outgoing
decrypted packets.
Example with a "ping 129.181.113.152" command :
# tcpdump -n |grep 129.181.113.152
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
09:40:01.402918 IP 129.181.114.197 > 129.181.113.152:
ESP(spi=0xe674bad4,seq=0x14)
09:40:01.403927 IP 129.181.113.152 > 129.181.114.197:
ESP(spi=0xddf52ec5,seq=0x14)
09:40:01.403927 IP 129.181.113.152 > 129.181.114.197: icmp 64: echo reply
seq 14
09:40:02.403744 IP 129.181.114.197 > 129.181.113.152:
ESP(spi=0xe674bad4,seq=0x15)
09:40:02.404737 IP 129.181.113.152 > 129.181.114.197:
ESP(spi=0xddf52ec5,seq=0x15)
09:40:02.404737 IP 129.181.113.152 > 129.181.114.197: icmp 64: echo reply
seq 15
....
I have the same problem with ethereal tool.
After many searchs, I think this problem is due to the kernel 2.6 (26sec),
but I have no solution.
I try to load the klips module compiled with the Openswan 2.3.1 sources
before to run the ipsec service but in this case I can't ping the remote
host and no decryted packets appears in the result of tcpdump. But I can see
the 2 ESP packets :
# tcpdump -n |grep 129.181.113.152
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
09:52:29.515250 IP 129.181.114.197 > 129.181.113.152:
ESP(spi=0x787b19da,seq=0xd)
09:52:29.516263 IP 129.181.113.152 > 129.181.114.197:
ESP(spi=0xa685745d,seq=0xd)
09:52:30.515064 IP 129.181.114.197 > 129.181.113.152:
ESP(spi=0x787b19da,seq=0xe)
09:52:30.516052 IP 129.181.113.152 > 129.181.114.197:
ESP(spi=0xa685745d,seq=0xe)
...
Does anybody has a explanation and a solution for this problem ?
Thank you for your help,
Jacques.
_________________________________________________________________
MSN Hotmail : choisissez votre adresse @hotmail.fr
http://www.imagine-msn.com/hotmail/default.aspx?locale=fr-FR
More information about the Users
mailing list