[Openswan Users] IPsec-Setup
Thomas Schweikle
tps at vr-web.de
Thu Apr 14 08:56:56 EDT 2011
Am 13.04.2011 16:42, schrieb Willie Gillespie:
> On 04/13/2011 07:02 AM, Thomas Schweikle wrote:
>> Both gateways just do not forward any packets!
>
> Care to do a little troubleshooting with me?
>
> Load up tcpdump on 192.168.1.4 and 222.66.76.27. Do you have two
> network cards in either of these machines? I guess I'm really just
> interested in ICMP, ESP, and ISAKMP packets.
>
> I haven't tested it, but I imagine a line like this should cover it:
> tcpdump -i eth0 icmp or esp or tcp port 500 or tcp port 4500
>
> Once you have tcpdump up and running, ping from 192.168.1.98 to
> 192.168.180.30. Save the tcpdump results from both servers.
>
> Then load up tcpdump again and ping the opposite direction from
> 192.168.180.30 to 192.168.1.98. Save those results too. I'd be
> interested in seeing what the results are and where it is failing.
started tcpdump on both gateways, then started ping from 192.168.1.98:
local gateway (192.168.1.4):
# tcpdump -i eth0 icmp or esp or tcp port 500 or tcp port 4500
tcpdump: verbose output suppressed, use -v or -vv for full protocol
decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
14:50:38.190171 IP 192.168.1.98 > 192.168.180.30: ICMP echo request,
id 27142, seq 1, length 64
14:50:39.198767 IP 192.168.1.98 > 192.168.180.30: ICMP echo request,
id 27142, seq 2, length 64
14:50:40.198548 IP 192.168.1.98 > 192.168.180.30: ICMP echo request,
id 27142, seq 3, length 64
14:50:41.198528 IP 192.168.1.98 > 192.168.180.30: ICMP echo request,
id 27142, seq 4, length 64
14:50:42.208529 IP 192.168.1.98 > 192.168.180.30: ICMP echo request,
id 27142, seq 5, length 64
14:50:43.218520 IP 192.168.1.98 > 192.168.180.30: ICMP echo request,
id 27142, seq 6, length 64
14:50:44.219513 IP 192.168.1.98 > 192.168.180.30: ICMP echo request,
id 27142, seq 7, length 64
14:50:45.228477 IP 192.168.1.98 > 192.168.180.30: ICMP echo request,
id 27142, seq 8, length 64
14:50:46.228519 IP 192.168.1.98 > 192.168.180.30: ICMP echo request,
id 27142, seq 9, length 64
14:50:46.726561 IP 192.168.1.4 > 192.168.1.3: ICMP 192.168.1.4 udp
port echo unreachable, length 37
remote gateway (192.168.180.27):
# tcpdump -i eth0 icmp or esp or tcp port 500 or tcp port 4500
tcpdump: verbose output suppressed, use -v or -vv for full protocol
decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
Gateway/Gateway:
local (192.168.1.4):
# tcpdump -i eth0 icmp or esp or tcp port 500 or tcp port 4500 > dump2
tcpdump: verbose output suppressed, use -v or -vv for full protocol
decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
^C8 packets captured
10 packets received by filter
0 packets dropped by kernel
# cat dump2
14:55:07.086106 IP 192.168.1.4 > 192.168.1.208: ICMP echo request,
id 56337, seq 0, length 28
14:55:08.526408 IP 192.168.180.27 > 192.168.1.4: ICMP echo reply, id
2308, seq 1, length 64
14:55:09.527758 IP 192.168.180.27 > 192.168.1.4: ICMP echo reply, id
2308, seq 2, length 64
14:55:10.532153 IP 192.168.180.27 > 192.168.1.4: ICMP echo reply, id
2308, seq 3, length 64
14:55:11.532148 IP 192.168.180.27 > 192.168.1.4: ICMP echo reply, id
2308, seq 4, length 64
14:55:12.532158 IP 192.168.180.27 > 192.168.1.4: ICMP echo reply, id
2308, seq 5, length 64
14:55:13.532164 IP 192.168.180.27 > 192.168.1.4: ICMP echo reply, id
2308, seq 6, length 64
14:55:14.533895 IP 192.168.180.27 > 192.168.1.4: ICMP echo reply, id
2308, seq 7, length 64
remote (192.168.180.27):
# tcpdump -i eth0 icmp or esp or tcp port 500 or tcp port 4500 > dump2
tcpdump: verbose output suppressed, use -v or -vv for full protocol
decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
^C8 packets captured
8 packets received by filter
0 packets dropped by kernel
# cat dump2
14:55:02.799942 IP 79.229.126.102 > 213.95.82.27: ICMP host
79.229.126.102 unreachable, length 252
14:55:08.504997 IP 192.168.1.4 > vpn-gw.xompu.de: ICMP echo request,
id 2308, seq 1, length 64
14:55:09.506554 IP 192.168.1.4 > vpn-gw.xompu.de: ICMP echo request,
id 2308, seq 2, length 64
14:55:10.510107 IP 192.168.1.4 > vpn-gw.xompu.de: ICMP echo request,
id 2308, seq 3, length 64
14:55:11.509762 IP 192.168.1.4 > vpn-gw.xompu.de: ICMP echo request,
id 2308, seq 4, length 64
14:55:12.510303 IP 192.168.1.4 > vpn-gw.xompu.de: ICMP echo request,
id 2308, seq 5, length 64
14:55:13.510585 IP 192.168.1.4 > vpn-gw.xompu.de: ICMP echo request,
id 2308, seq 6, length 64
14:55:14.512651 IP 192.168.1.4 > vpn-gw.xompu.de: ICMP echo request,
id 2308, seq 7, length 64
--
Thomas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 219 bytes
Desc: OpenPGP digital signature
Url : http://lists.openswan.org/pipermail/users/attachments/20110414/9e1e5ed3/attachment.bin
More information about the Users
mailing list