[Openswan Users] How to test tunnel(host to host)

Paul Wouters paul at xelerance.com
Fri Aug 29 14:07:16 EDT 2008


On Fri, 29 Aug 2008, samuel Karuga wrote:

> im a newbie to vpns, I have been working on an ipsec project and finally I have a working config between two test
> hosts on an internal network (A and B).
> ipsec starts with no errors and once i initiate a tunnel from A to the other B it indicates that it has
> sucessfully started the tunnel

> 004 "vpn1" #2: STATE_QUICK_I2: sent QI2, IPsec SA established tunnel mode {ESP=>0xeb024081 <0x242bcf32
> xfrm=AES_128-HMAC_SHA1 NATOA=none NATD=none DPD=none}

> How can i test my tunnel to make sure that its working concidering that its a host to host connection on one LAN
> and ping will not be an indicative test to the tunnels state.

You can test in various ways. One is simply to run tcpdump and see encrypted and decrypted packets.
Another way is to drop all icmp packets (but then you need to use MARKing to mark ipsec packets
and allow all marked packets, so you don't drop the decrypted icmp packets)

Paul


More information about the Users mailing list