[Openswan Users] seeing a mix of TCP and ESP traffic. openswan to openswan
Paul Wouters
paul at xelerance.com
Wed Jul 14 14:44:24 EDT 2010
On Wed, 14 Jul 2010, Ryan McLeod wrote:
>
> I've got two ubuntu vms testing openswan to openswan in a site to site configuration, with a host on each side.
>
> Host 1 ------------------ Openswan1==tunnel==Openswan2-----------------Host2
> 192.168.1.5 x.x1.1 11.11.11.1 11.11.11.2 10.10.10.1 10.10.10.2
>
> When i send data via netcat from Host2 to Host1, im sniffing with wireshark on 11.11.11.1 on the openswan1 machine. And what i'll see is an ESP
> packet for 11.11.11.2 to 11.11.11.1 then two TCP packet that are 10.10.10.2 to 192.168.1.5. It's not in a 1 by one manner. There will often be
> two TCP then one ESP packets in the stream.
>
> Is this behavour normal? I would expect all the traffic to be seen as encrypted ESP data.
With NETKEY, you will see with tcpdump:
- outgoing unencrpyted packets
- incoming encrypted packets
- incoming decrypted packets
You will not see outgoing encrypted packets.
I dont understand your 2-1 mapping, unless you are counting the
incoming encrypted + decryped as 2 packets instead of 1.
Paul
More information about the Users
mailing list