[Openswan Users] Success with broadcast through GRE
Michael Jurney
mikej at datasynapse.com
Tue Oct 11 09:58:25 CEST 2005
Norman Rasmussen wrote:
>your net-to-net packets inside the gre tunnel are being encrypted, but
>you broadcast packets inside the gre tunnel are not being encrypted.
>(does this sound right to all you ipsec guru's?)
>
>
This is incorrect. The ipsec configuration encapsulates *all* traffic
between the two gateways. This includes direct communication such as
ssh or ICMP from one to the other, as well as tunneled communication
carrying traffic between the private networks. Once encapsulated in GRE
(which happens before encapsulation with ipsec), broadcast and unicast
packets moving between the private networks are exactly the same -
They're just the GRE packets' payload.
>can you confirm this with a tcpdump of the line between the two gateways?
>
>
I have - When ipsec is up, all traffic between the two gateways,
including GRE-encapsulated traffic between the two private networks,
appears as ESP. If you're curious about how the traffic looks, I can
run tests and make a packet trace available.
--
Michael D. Jurney
Sysadmin, DataSynapse
mikej at datasynapse.com
p: 212.842.8860
View the DataSynapse email disclaimer here:
<http://www.datasynapse.com/legal/emailprivacy.jsp>
More information about the Users
mailing list