[Openswan Users] Openswan with NETKEY and monitoring data
Mark Dalton
mdalton at princeton.edu
Wed Apr 6 11:34:02 EDT 2011
We have a point to point connection between two sites.
I am not seeing the data to the destination host.
192.168.1.0/25 -- Cisco VPN ---- (eth0)OpenSwan -- (eth2) virtual
IPs 192.168.0.0/25
(internal) (public IP) (public)
I am probably just missing something obvious. I would prefer
just seeing the traffic on the openswan box and direct the data
to the internet and back though and to the device. But I would
be willing to redirect the traffic through another box to the internet
and track the data there.
I just want to see traffic from the remote VPN clients that are
passed through the tunnel to the OpenSwan box.
tcpdump of ALL packets to each of the 192.168.1.* clients
so I can see patterns in the data (which ports were used,
how much data, and when).
We just see 'src 192.168.', the other data we see is mostly
ESP --> OpenSwan (public IP)
config setup
interfaces=%defaultroute
klipsdebug="none"
plutodebug="none"
# NAT the IP addresses (also tried no)
nat_traversal=yes
uniqueids = yes
virtual_private=%v4:10.0.0.0/8,%v4:192.168.1.0/24,%v4:172.16.0.0/12,%v4:!192.168.0.0/24
oe=off
# We don't have klips, and the klips build is failing
protostack=netkey
conn tunnel
type= tunnel
authby= secret
left= <openswan public IP>
leftsubnet= 0.0.0.0/0
leftnexthop= 192.168.0.0
right= <ext cisco public IP>
rightsubnet= 192.168.1.0/25
rightnexthop= %defaultroute
phase2alg= 3des-sha1
ike= 3des-sha1
keyexchange= ike
pfs= no
rekey= yes
auto= start
keylife= 86400s
Mark
More information about the Users
mailing list