[Openswan Users] IPSec with simple setting on Linux kernel 2.6.21
JALINDAR
jalindergat at gmail.com
Mon Jul 15 04:07:04 UTC 2013
Hi All,
I am trying to set up simplest IPSec on my linux box, which has kernel
2.6.21.
I have configured kernel for IPSec.
I use iproute2 for setting SA and SP for the IPSec using:
*#HOST A:192.168.77.24*
ip xfrm state add src 192.168.77.23 dst 192.168.77.24 proto esp spi
0x53fa0fdd mode transport reqid 16386 replay-window 32 auth “hmac(sha1)”
0x55f01ac07e15e437115dde0aedd18a822ba9f81e enc “cbc(aes)”
0x6aed4975adf006d65c76f63923a6265b sel src 0.0.0.0/0 dst 0.0.0.0/0
ip xfrm state add src 192.168.77.24 dst 192.168.77.23 proto esp spi
0x53fa0fdd mode transport reqid 16386 replay-window 32 auth “hmac(sha1)”
0x55f01ac07e15e437115dde0aedd18a822ba9f81e enc “cbc(aes)”
0x6aed4975adf006d65c76f63923a6265b sel src 0.0.0.0/0 dst 0.0.0.0/0
ip xfrm policy add dir out src 192.168.77.23 dst 192.168.77.24 ptype main
action allow priority 2080 tmpl src 192.168.77.23 dst 192.168.77.24 proto
esp reqid 16385 mode transport
ip xfrm policy add dir in src 192.168.77.24 dst 192.168.77.23 ptype main
action allow priority 2080 tmpl src 192.168.77.24 dst 192.168.77.23 proto
esp reqid 16385 mode transport
*#HOST B:192.168.77.23*
ip xfrm state add src 192.168.77.24 dst 192.168.77.23 proto esp spi
0x53fa0fdd mode transport reqid 16386 replay-window 32 auth “hmac(sha1)”
0x55f01ac07e15e437115dde0aedd18a822ba9f81e enc “cbc(aes)”
0x6aed4975adf006d65c76f63923a6265b sel src 0.0.0.0/0 dst 0.0.0.0/0
ip xfrm state add src 192.168.77.23 dst 192.168.77.24 proto esp spi
0x53fa0fdd mode transport reqid 16386 replay-window 32 auth “hmac(sha1)”
0x55f01ac07e15e437115dde0aedd18a822ba9f81e enc “cbc(aes)”
0x6aed4975adf006d65c76f63923a6265b sel src 0.0.0.0/0 dst 0.0.0.0/0
ip xfrm policy add dir out src 192.168.77.24 dst 192.168.77.23 ptype main
action allow priority 2080 tmpl src 192.168.77.24 dst 192.168.77.23 proto
esp reqid 16385 mode transport
ip xfrm policy add dir in src 192.168.77.23 dst 192.168.77.24 ptype main
action allow priority 2080 tmpl src 192.168.77.23 dst 192.168.77.24 proto
esp reqid 16385 mode transport
here HOST A is my linux box.
I can check set values of SA and SP using
*#ip x s*
*#ip xfrm policy show*
and it shows correct values which i have set.
With this setting i expect IPSec should work and i should see ESP protocol
packet on wireshark at host A when i ping host B.
But it shows simple icmp packet, instead of ESP. Ping work as usual without
ESP.
*I have checked same setting on my laptop with ubantu 12.04LTS with kernel
3.2 but shows the same result. On laptop i have checked configuration of
kernel using #ipsec verify and it say all OK.
*
i do not know what else setting is missing. Any clue will be helpful.
Thanks in Advance.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20130715/8cd6669e/attachment.html>
More information about the Users
mailing list