[Openswan Users] Strange ping response

George Hadjichristofi ghadjich at vt.edu
Tue Sep 6 17:20:04 CEST 2005


Paul,

You are right.
If I "sniff" in the middle I get no cleartext packets.

However, I did notice that if I use "whack" to manually start the
connection instead of "ipsec auto --up", I don't see the second
cleartext packet on either G1 or G2.
In addition, if I automatically start the connection the policy database
on G2 has 2 entries going from G1 to G2 and 1 entry going from G2 to G1
and vice versa. 
If I manually start the connection with "whack" then G2 has 1 policy
entry going from G1 to G2 and 1 policy entry going from G2 to G1. I
therefore thought that the automatic mechanism does not properly setup
the policies on the Gateways and induces the extra packet.

Is there any correlation?
Maybe I am not understanding the underlying mechanism correctly.



Thanks
George



-----Original Message-----
From: users-bounces at openswan.org [mailto:users-bounces at openswan.org] On
Behalf Of Paul Wouters
Sent: Tuesday, September 06, 2005 2:50 PM
To: George Hadjichristofi
Cc: users at openswan.org
Subject: Re: [Openswan Users] Strange ping response


On Tue, 6 Sep 2005, George Hadjichristofi wrote:

> After I successfully initiate a connection I ping from G1 to G2. G2 
> will return 2 packets, one cleartext and one encrypted. If I ping from

> G2 to G1 then G1 will return two packets.
>
> Why does the responding gateway send 2 packets back?

It works properly. Running tcpdump on the gateway using NETKEY does not.
Packets are modified by NETKEY after tcpdump seems them.

Put a hub in the middle and verify on a third machines you only see
encrypted packets.

Paul
_______________________________________________
Users mailing list
Users at openswan.org http://lists.openswan.org/mailman/listinfo/users



More information about the Users mailing list