[Openswan Users] Testing Host to Host

Greg Lamb greg at linuxbin.com
Sun May 29 16:11:53 CEST 2005 

I'm trying to get a host-to-host vpn up and running between two 
servers... and it *appears* to be working however I've been doing some 
testing with tcpdump to make sure it's actually encrypting the data...

from server-b running `ping -p feedfacedeadbeef server-a`
i see on server-a with `tcpdump -i eth0 host server-b -x`

21:03:31.582575 IP server-a > server-b: ESP(spi=0x651bd3dd,seq=0x24)
        0x0000:  4500 0098 7805 0000 4032 35da 4655 1fc2  E...x... at 25.FU 
<mailto:E...x... at 25.FU>..
        0x0010:  4655 1fe9 651b d3dd 0000 0024 c029 364e  FU..e......$.)6N
        0x0020:  cbaa 4234 8db2 0577 10a9 bb8b 905d 2de9  ..B4...w.....]-.
        0x0030:  57b4 242a 43af 1526 cab9 4e1b 8c2c e71b  W.$*C..&..N..,..
        0x0040:  a2a2 aa06 fcbc 23b6 0cf0 8667 6d52 a3f6  ......#....gmR..
        0x0050:  5247                                     RG
21:03:32.601102 IP server-b > server-a: ESP(spi=0x4172ce43,seq=0x25)
        0x0000:  4500 0098 706c 4000 3f32 fe72 4655 1fe9  E...pl at .?2.rFU..
        0x0010:  4655 1fc2 4172 ce43 0000 0025 7a98 2d71  FU..Ar.C...%z.-q
        0x0020:  d333 006c 3203 a471 043a 9320 4e63 0b2b  .3.l2..q.:..Nc.+
        0x0030:  578f b2f4 4c73 cdae 0a31 84ec 7c40 f300  W...Ls...1..|@..
        0x0040:  1a7d 037b 6880 00a0 21ed 7b3d 6a0a 6d73  .}.{h...!.{=j.ms
        0x0050:  e4ce                                     ..
21:03:32.601102 IP server-b > server-a: icmp 64: echo request seq 56
        0x0000:  4500 0054 0038 4000 4001 6e1c 4655 1fe9  E..T.8 at .@.n.FU..
        0x0010:  4655 1fc2 0800 8120 5006 0038 e414 9942  FU......P..8...B
        0x0020:  142a 0900 feed face dead beef feed face  .*..............
        0x0030:  dead beef feed face dead beef feed face  ................
        0x0040:  dead beef feed face dead beef feed face  ................
        0x0050:  dead                                     ..

Now I've read that if you see the ESP packets... your set... however I'm 
also seeing the clear text packets... Just want to make sure, is this 
only because this is a host-to-host tunnel and I'm seeing it also 
decrypting the packets since I'm on one of the endpoints? Unfortunately 
in this set up I do have have an ability to get onto these machine's 
gateways and monitor the packets from there...

What I'm concerned about is whether it could be circumventing the 
tunnel? Thank you!

 From ipsec.conf...

conn servera-to-serverb
    left=publicipofservera
    leftid=@servera
    leftrsasigkey=keyblahblah
    leftnexthop=serveradefaultgateway
    right=publicipofserverb
    rightid=@serverb
    rightrsasigkey=keyblahblah
    rightnexthop=serverbdefaultgateway
    auto=start
    rekey=no
    failureshunt=passthrough
    pfs=no
    compress=no
    authby=rsasig
    type=tunnel

More information about the Users mailing list