[Openswan Users] What is wrong: I can see clear text traffic from left to right
Michael Furman
michael_furman at hotmail.com
Thu Mar 10 11:45:52 EST 2016
Dear Openswan people,
I discovered the following: the plain text appears only if I type on the other side than I capture the traffic (execute tcpdump).For example, if I capture on the left side and typing on the right side the capture contains the plain text.But if I capture on the left side and typing on the left side produce the capture contains the encrypted text.Please help me to understand if it is expected behavior or it is the critical security problem of Openswan. From: michael_furman at hotmail.com
To: users at lists.openswan.org
Date: Thu, 10 Mar 2016 11:13:08 +0200
Subject: [Openswan Users] What is wrong: I can see clear text traffic from left to right
Dear Openswan people,I need your help. I have started POC to enable Openswan in our product.Unfortunately I can see clear text traffic from left to right so it is kind of he critical problem that will prevent me from using of Openswan in the production. I have configured Openswan on CentOS 6 using the following instructions: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/Host-To-Host_VPN_Using_Openswan.html The final configuration is below: conn my-tunnel ike=3des-md5 esp=3des-md5 left=172.16.0.2 leftnexthop=%defaultroute leftrsasigkey=0...ww== right=172.16.0.1 rightnexthop=%defaultroute rightrsasigkey=0s...rQ== authby=rsasig keyingtries=10 # load and initiate automatically compress=no auto=start I have tested the connection on both sides:tcpdump -n -i eth0 esp or udp port 500 or udp port 4500tcpdump: verbose output suppressed, use -v or -vv for full protocol decodelistening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes10:02:00.444491 IP 172.16.0.2 > 172.16.0.1: ESP(spi=0x8204b310,seq=0x26425), length 12410:02:00.445414 IP 172.16.0.1 > 172.16.0.2: ESP(spi=0xa68b20ef,seq=0x34e1d), length 84 tcpdump -n -i eth0 esp or udp port 500 or udp port 4500tcpdump: verbose output suppressed, use -v or -vv for full protocol decodelistening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes10:02:33.123685 IP 172.16.0.1 > 172.16.0.2: ESP(spi=0xa68b20ef,seq=0x34e4c), length 15610:02:33.132466 IP 172.16.0.2 > 172.16.0.1: ESP(spi=0x8204b310,seq=0x26444), length 172 I suppose that any communication from left to right and vice versa will be encrypted by Openswan. I have started the chat server on the left: nc -vv -l 172.16.0.2 1234 And then connected on the write: nc 172.16.0.2 1234 Unfortunately, when I capture the traffic using the following command I can see clear text traffic from left to right:tcpdump -vv -n -s0 -w ipsecchat.cap tcp port 1234 Please note that traffic from write to left is encrypted. What is wrong? Please help.
_______________________________________________
Users at lists.openswan.org
https://lists.openswan.org/mailman/listinfo/users
Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
Building and Integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20160310/a8808613/attachment-0001.html>
More information about the Users
mailing list