[Openswan Users] Success with broadcast through GRE

Michael Jurney mikej at datasynapse.com
Tue Oct 11 09:58:25 CEST 2005


Norman Rasmussen wrote:

>your net-to-net packets inside the gre tunnel are being encrypted, but
>you broadcast packets inside the gre tunnel are not being encrypted.
>(does this sound right to all you ipsec guru's?)
>  
>
This is incorrect.  The ipsec configuration encapsulates *all* traffic 
between the two gateways.  This includes direct communication such as 
ssh or ICMP from one to the other, as well as tunneled communication 
carrying traffic between the private networks.  Once encapsulated in GRE 
(which happens before encapsulation with ipsec), broadcast and unicast 
packets moving between the private networks are exactly the same - 
They're just the GRE packets' payload.

>can you confirm this with a tcpdump of the line between the two gateways?
>  
>
I have - When ipsec is up, all traffic between the two gateways, 
including GRE-encapsulated traffic between the two private networks, 
appears as ESP.  If you're curious about how the traffic looks, I can 
run tests and make a packet trace available.

-- 
Michael D. Jurney
Sysadmin, DataSynapse
mikej at datasynapse.com
p: 212.842.8860

View the DataSynapse email disclaimer here:
<http://www.datasynapse.com/legal/emailprivacy.jsp>



More information about the Users mailing list