[Openswan Users] Can IPsec protect Raw socket packet?

Paul Wouters paul at xelerance.com
Fri Jan 20 05:40:08 CET 2006


On Fri, 20 Jan 2006, Chen, Kai (Kai) wrote:

> I have setup an IPsec tunnel between ends A and B. I used ping to test
> whether the tunnel had been setup properly. I found that the ICMP packets
> were protected by ESP.
>
> Now, I have an application which transmit data via raw socket(which is one
> type of transport layer protocols(STREAM--TCP, DATAGRAM--UDP, RAW SOCKET)).
> For it is transparent to IP, it should be protected by IPsec from A to B.
> But it does not.

And these are not subnet-subnet tunnels, while you are testing from the
ipsec servers themselves? Because in that case, it will pick the nearest
IP, which will be the public IP of the server, which is not part of the
subnet ipsec tunnel.
If this is a host-host tunnel and you see this problem, perhaps you should
post to the dev at openswan.org mailing list.

Paul


More information about the Users mailing list