[Openswan Users] seeing a mix of TCP and ESP traffic. openswan to openswan

Ryan McLeod r.mcleod20 at gmail.com
Wed Jul 14 14:34:55 EDT 2010


I've got two ubuntu vms testing openswan to openswan in a site to site
configuration, with a host on each side.

Host 1 ------------------ Openswan1==tunnel==Openswan2-----------------Host2
192.168.1.5      x.x1.1    11.11.11.1         11.11.11.2   10.10.10.1
10.10.10.2

When i send data via netcat from Host2 to Host1, im sniffing with wireshark
on 11.11.11.1 on the openswan1 machine. And what i'll see is an ESP packet
for 11.11.11.2 to 11.11.11.1 then two TCP packet that are 10.10.10.2 to
192.168.1.5. It's not in a 1 by one manner. There will often be two TCP then
one ESP packets in the stream.

Is this behavour normal? I would expect all the traffic to be seen as
encrypted ESP data.

config for connection is as follows:

conn long
    left=11.11.11.1
    leftnexthop=11.11.11.2
    leftsubnet=192.168.1.0/24
    leftrsasigkey=sddsgdg...
    right=11.11.11.2
    rightnexthop=11.11.11.1
    rightsubnet=10.10.10.0/24
    rightrsasigkey=sdfdsfsdfs...
    auto=start

Thanks,

Ryan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.openswan.org/pipermail/users/attachments/20100714/85eaf1f0/attachment.html 


More information about the Users mailing list