[Openswan Users] What is wrong: I can see clear text traffic from left to right

Michael Furman michael_furman at hotmail.com
Thu Mar 10 04:13:08 EST 2016


Dear Openswan people,I need your help. I have started POC to enable Openswan in our product.Unfortunately I can see clear text traffic from left to right so it is kind of he critical problem that will prevent me from using of Openswan in the production. I have configured Openswan on CentOS 6 using the following instructions: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/Host-To-Host_VPN_Using_Openswan.html  The final configuration is below: conn my-tunnel    ike=3des-md5    esp=3des-md5    left=172.16.0.2    leftnexthop=%defaultroute    leftrsasigkey=0...ww==    right=172.16.0.1    rightnexthop=%defaultroute    rightrsasigkey=0s...rQ==    authby=rsasig    keyingtries=10    # load and initiate automatically    compress=no    auto=start  I have tested the connection on both sides:tcpdump -n -i eth0 esp or udp port 500 or udp port 4500tcpdump: verbose output suppressed, use -v or -vv for full protocol decodelistening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes10:02:00.444491 IP 172.16.0.2 > 172.16.0.1: ESP(spi=0x8204b310,seq=0x26425), length 12410:02:00.445414 IP 172.16.0.1 > 172.16.0.2: ESP(spi=0xa68b20ef,seq=0x34e1d), length 84  tcpdump -n -i eth0 esp or udp port 500 or udp port 4500tcpdump: verbose output suppressed, use -v or -vv for full protocol decodelistening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes10:02:33.123685 IP 172.16.0.1 > 172.16.0.2: ESP(spi=0xa68b20ef,seq=0x34e4c), length 15610:02:33.132466 IP 172.16.0.2 > 172.16.0.1: ESP(spi=0x8204b310,seq=0x26444), length 172   I suppose that any communication from left to right and vice versa will be encrypted by Openswan. I have started the chat server on the left: nc  -vv -l 172.16.0.2 1234 And then connected on the write: nc 172.16.0.2 1234  Unfortunately, when I capture the traffic using the following command I can see clear text traffic from left to right:tcpdump -vv -n -s0 -w ipsecchat.cap tcp port 1234  Please note that traffic from write to left is encrypted. What is wrong? Please help. 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20160310/eaae7fea/attachment-0001.html>


More information about the Users mailing list