[Openswan Users] RES: Decrypt ESP packets with wireshark for tunnel mode (Openswan)
Artur Ferreira da Silva
aferreira.mjv at gmail.com
Fri Nov 12 13:37:09 EST 2010
Hi,
My name is Artur.
can someone help me with this error?
cannot respond to IPsec SA request because no connection is known for
0.0.0.0/0===10.205.22.212<10.205.22.212>[50.16.5.234,+S=C]...201.7.186.162<2
01.7.186.162>[+S=C]===0.0.0.0/0
Nov 12 13:31:37 ip-10-205-22-212 pluto[27445]: | complete state transition
with (null)
Nov 12 13:31:37 ip-10-205-22-212 pluto[27445]: "globo" #2: sending encrypted
notification INVALID_ID_INFORMATION to 201.7.186.162:500
Nov 12 13:31:37 ip-10-205-22-212 pluto[27445]: | sending 68 bytes for
notification packet through eth0:500 to 201.7.186.162:500 (using #2)
Nov 12 13:31:37 ip-10-205-22-212 pluto[27445]: | state transition function
for STATE_QUICK_R0 failed: INVALID_ID_INFORMATION
Nov 12 13:31:37 ip-10-205-22-212 pluto[27445]: | * processed 0 messages from
cryptographic helpers
Nov 12 13:31:37 ip-10-205-22-212 pluto[27445]: | next event
EVENT_PENDING_DDNS in 20 seconds
-----Mensagem original-----
De: users-bounces at openswan.org [mailto:users-bounces at openswan.org] Em nome
de Kevin Wilson
Enviada em: sexta-feira, 12 de novembro de 2010 15:51
Para: Willie Gillespie
Cc: Users at openswan.org
Assunto: Re: [Openswan Users] Decrypt ESP packets with wireshark for tunnel
mode (Openswan)
Hi,
Thanks a lot for your answer. I will try it.
I have a question and I hope it will not sound too silly as
I do not have a lot of experience with openswan and ipsec.
I see in that wiki page of wireshark that rules were added with
spadadd. AFAIK, to add such rules, you need to create a file (myRules)
and run setkey -f myRules.
My question is: does openswan work in conjunction
with setkey ? is adding rules with setkey in such a way
when working with Openswan is the only way ? or is there an alternative?
Rgs,
Kevin
On Fri, Nov 12, 2010 at 3:12 PM, Willie Gillespie
<wgillespie+openswan at es2eng.com> wrote:
> Have you looked over this page?
> <http://wiki.wireshark.org/ESP_Preferences>
>
> They give a few examples. You might as well leave the tunnel encrypted
and
> just give Wireshark whatever it needs to properly decrypt things.
>
> Kevin Wilson wrote:
>>
>> Hello,
>> I want to be able to decrypt ESP packets which are sent with openswan
>> IPsec
>> client in tunnel mode with wireshark.
>> In wireshark, we have under Edit->Preferences->Protocols
>> the following fields:
>>
>> Attempt to detect/decode encrypted ESP payloads
>> Encryption Algorithm #1
>>
>> where you can choose from the following list:
>> "NULL",
>> "TripleDES-CBC [RFC2451]",
>> "AES-CBC [RFC3602]",
>> "AES-CTR [RFC3686]",
>> "DES-CBC [RFC2405]",
>> "CAST5-CBC [RFC2144]",
>> "BLOWFISH-CBC [RFC2451]",
>> "TWOFISH-CBC",
>>
>> Encryption Algorithm #2. (with same options)
>>
>> SA#1
>> SA#2
>> Encryption key #1
>> Encryption key #2
>> (and some more fields)
>>
>> What should I add in /etc/ipsec.conf so that I can use wireshark to sniff
>> traffic ? I tried some entries (like ike=null, phase2alg=null), but the
>> ESP packet is still showed as decrypted in the sniffer. I do know of
>> course
>> the keys on both sides (these are preshared keys).
>> It would be helpful if anybody which tried sniffing and decrypting ESP
>> packets
>> could comment or give some info about it.
>>
>>
>> Rgs,
>> Kevin
>> _______________________________________________
>> Users at openswan.org
>> http://lists.openswan.org/mailman/listinfo/users
>> Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
>> Building and Integrating Virtual Private Networks with Openswan:
>> http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
>
_______________________________________________
Users at openswan.org
http://lists.openswan.org/mailman/listinfo/users
Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
Building and Integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
More information about the Users
mailing list