[Openswan Users] Can IPsec protect Raw socket packet?

Chen, Kai (Kai) kaichen at lucent.com
Fri Jan 20 12:45:58 CET 2006


Ok, thanks,
-Kai

-----Original Message-----
From: Paul Wouters [mailto:paul at xelerance.com]=20
Sent: 2006=C4=EA1=D4=C220=C8=D5 12:40
To: Chen, Kai (Kai)
Cc: users at openswan.org
Subject: RE: [Openswan Users] Can IPsec protect Raw socket packet?

On Fri, 20 Jan 2006, Chen, Kai (Kai) wrote:

> I have setup an IPsec tunnel between ends A and B. I used ping to =
test
> whether the tunnel had been setup properly. I found that the ICMP =
packets
> were protected by ESP.
>
> Now, I have an application which transmit data via raw socket(which =
is one
> type of transport layer protocols(STREAM--TCP, DATAGRAM--UDP, RAW
SOCKET)).
> For it is transparent to IP, it should be protected by IPsec from A =
to B.
> But it does not.

And these are not subnet-subnet tunnels, while you are testing from the
ipsec servers themselves? Because in that case, it will pick the =
nearest
IP, which will be the public IP of the server, which is not part of the
subnet ipsec tunnel.
If this is a host-host tunnel and you see this problem, perhaps you =
should
post to the dev at openswan.org mailing list.

Paul


More information about the Users mailing list