[Openswan Users] IPSEC Pluto + Allow Unencrypted packets
shobhit shingla
coolshobhit7 at gmail.com
Thu Jul 30 08:17:13 EDT 2009
Hi,
I am using openswan in my network processor.
Problem is Network processor performs the decryption in fast path
So If the packet is for local IP, decrypted packet is injected into
Linux Stack.
But I think ipsec is rejecting the decrypted packet in my kernel.
this is my scenario
Linux
Machine
Network Processor
193.168.10.1
192.168.1.1
193.168.10.0/24 ------61.246.5.100
-------------------------------------------------------------------61.246.2.100--------192.168.1.0/24
ipsec.conf on Network processor
leftIP = 61.246.2.100
leftSubnet = 192.168.1.0/24
rightIP = 61.246.5.100
rightSubnet = 193.168.10.0/24
ike= 3des-sha1
auto = add
authby = secret
Tunnel is created successfuly
If i ping from say 193.168.10.2 to 192.168.1.2 ,all works fine
But when i ping to 192.168.1.1 from any right subnet IP, ESP packet is
decrypted in fast path,so Linux stack will receive decrypted packet. But
somehow that packet is lost.
Is IPSEC rejecting unencrypted packet?
Regards,
Shobhit
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20090730/f4fe28a5/attachment.html
More information about the Users
mailing list