[Openswan Users] is this tunnel really up ?

fatcharly at gmx.de fatcharly at gmx.de
Thu Sep 20 06:09:11 EDT 2012


Hi,

I´m using a openswan-2.6.32-16.el6.i386 on a CentOS 6.3. I try to connect to a vpn-gateway with psk. This is a part of the ipsec auto staus:
000 #6: "lotto_RLP_test":500 STATE_QUICK_I2 (sent QI2, IPsec SA established); EVENT_SA_REPLACE in 21903s; newest IPSEC; eroute owner; isakmp#5; idle; import:admin initiate
000 #6: "lotto_RLP_test" esp.8fe70e16 at XX.XXX.XXX.34 esp.e19ff238 at XX.XXX.XX.2 tun.0 at XX.XXX.XXX.34 tun.0 at XX.XXX.XX.2 ref=0 refhim=4294901761
000 #5: "lotto_RLP_test":500 STATE_MAIN_I4 (ISAKMP SA established); EVENT_SA_REPLACE in 21611s; newest ISAKMP; lastdpd=-1s(seq in:0 out:0); idle; import:admin initiate
000
 
Is this tunnel between XX.XXX.XX.2 and XX.XXX.XXX.34 up ?
And if this tunnel is up and this is the routing (from ip xfrm policy show):

src 192.168.170.0/24 dst 192.168.180.0/24
        dir out priority 2344 ptype main
        tmpl src XX.XXX.XX.2 dst XX.XXX.XXX.34
                proto esp reqid 16385 mode tunnel
src 192.168.180.0/24 dst 192.168.170.0/24
        dir fwd priority 2344 ptype main
        tmpl src XX.XXX.XXX.34 dst XX.XXX.XX.2
                proto esp reqid 16385 mode tunnel
src 192.168.180.0/24 dst 192.168.170.0/24
        dir in priority 2344 ptype main
        tmpl src XX.XXX.XXX.34 dst XX.XXX.XX.2

then the traffic from 192.168.170.151 to 192.168.180.222 should be routed through the tunnel right ?

I can see syc packets from 192.168.170.151 arriving at the internal interface of our gateway addressed to 192.168.180.222 but I can´t see any encrypted packets leaving the gateway not on the internal nor on the external.
Is there any other tool or way to test the problem ?

Any suggestions are welcome 


Kind regards

fatcharly



More information about the Users mailing list