[Openswan Users] Testing Host to Host
Norman Rasmussen
normanr at gmail.com
Mon May 30 01:36:17 CEST 2005
rather run the tcpdump on a machine between the two hosts. I suspect
you're seeing data that is being re-fed into the networking stack
after being decrypted.
On 30/05/05, Greg Lamb <greg at linuxbin.com> wrote:
> I'm trying to get a host-to-host vpn up and running between two
> servers... and it *appears* to be working however I've been doing some
> testing with tcpdump to make sure it's actually encrypting the data...
>
> from server-b running `ping -p feedfacedeadbeef server-a`
> i see on server-a with `tcpdump -i eth0 host server-b -x`
>
> 21:03:31.582575 IP server-a > server-b: ESP(spi=0x651bd3dd,seq=0x24)
> 0x0000: 4500 0098 7805 0000 4032 35da 4655 1fc2 E...x... at 25.FU
> <mailto:E...x... at 25.FU>..
> 0x0010: 4655 1fe9 651b d3dd 0000 0024 c029 364e FU..e......$.)6N
> 0x0020: cbaa 4234 8db2 0577 10a9 bb8b 905d 2de9 ..B4...w.....]-.
> 0x0030: 57b4 242a 43af 1526 cab9 4e1b 8c2c e71b W.$*C..&..N..,..
> 0x0040: a2a2 aa06 fcbc 23b6 0cf0 8667 6d52 a3f6 ......#....gmR..
> 0x0050: 5247 RG
> 21:03:32.601102 IP server-b > server-a: ESP(spi=0x4172ce43,seq=0x25)
> 0x0000: 4500 0098 706c 4000 3f32 fe72 4655 1fe9 E...pl at .?2.rFU..
> 0x0010: 4655 1fc2 4172 ce43 0000 0025 7a98 2d71 FU..Ar.C...%z.-q
> 0x0020: d333 006c 3203 a471 043a 9320 4e63 0b2b .3.l2..q.:..Nc.+
> 0x0030: 578f b2f4 4c73 cdae 0a31 84ec 7c40 f300 W...Ls...1..|@..
> 0x0040: 1a7d 037b 6880 00a0 21ed 7b3d 6a0a 6d73 .}.{h...!.{=j.ms
> 0x0050: e4ce ..
> 21:03:32.601102 IP server-b > server-a: icmp 64: echo request seq 56
> 0x0000: 4500 0054 0038 4000 4001 6e1c 4655 1fe9 E..T.8 at .@.n.FU..
> 0x0010: 4655 1fc2 0800 8120 5006 0038 e414 9942 FU......P..8...B
> 0x0020: 142a 0900 feed face dead beef feed face .*..............
> 0x0030: dead beef feed face dead beef feed face ................
> 0x0040: dead beef feed face dead beef feed face ................
> 0x0050: dead ..
>
> Now I've read that if you see the ESP packets... your set... however I'm
> also seeing the clear text packets... Just want to make sure, is this
> only because this is a host-to-host tunnel and I'm seeing it also
> decrypting the packets since I'm on one of the endpoints? Unfortunately
> in this set up I do have have an ability to get onto these machine's
> gateways and monitor the packets from there...
>
> What I'm concerned about is whether it could be circumventing the
> tunnel? Thank you!
>
> From ipsec.conf...
>
> conn servera-to-serverb
> left=publicipofservera
> leftid=@servera
> leftrsasigkey=keyblahblah
> leftnexthop=serveradefaultgateway
> right=publicipofserverb
> rightid=@serverb
> rightrsasigkey=keyblahblah
> rightnexthop=serverbdefaultgateway
> auto=start
> rekey=no
> failureshunt=passthrough
> pfs=no
> compress=no
> authby=rsasig
> type=tunnel
>
> _______________________________________________
> Users mailing list
> Users at openswan.org
> http://lists.openswan.org/mailman/listinfo/users
>
--
- Norman Rasmussen
- Email: norman at rasmussen.org
- Home page: http://norman.rasmussen.org/
More information about the Users
mailing list