[Openswan Users] What is wrong: I can see clear text traffic from left to right
michael_furman at hotmail.com
Thu Mar 10 13:15:24 EST 2016
Using tcpdump I can see each packet only once.
I discovered the following: the plain text appears only if I type on the other side than I capture the traffic (execute tcpdump).
So, I guess in this case it is still OK (per your statement): "If you capture at some point outside your ipsec servers you'll see only encrypted traffic."
BTW, if it is FAQ you can create FAQ section on your site https://github.com/xelerance/Openswan/wiki
Thank you for your help,
> Date: Thu, 10 Mar 2016 16:46:07 +0000
> From: andy at andynet.net
> To: michael_furman at hotmail.com
> CC: users at lists.openswan.org
> Subject: Re: [Openswan Users] What is wrong: I can see clear text traffic from left to right
> You're seeing the ESP traffic after it's been decrypted. It's to do with the way that the packet
> capture hooks into the kernel.
> When using the netkey ipsec stack tcpdump will capture an incoming ESP packet twice, both
> before and after it's decrypted. But outgoing is only seen after encryption.
> If you capture at some point outside your ipsec servers you'll see only encrypted traffic.
> This gets asked often - see https://lists.strongswan.org/pipermail/users/2012-June/003197.html for example.
> On Thu, Mar 10, 2016 at 11:13:08AM +0200, Michael Furman wrote:
> > Dear Openswan people,I need your help. I have started POC to enable Openswan in our product.Unfortunately I can see clear text traffic from left to right so it is kind of he critical problem that will prevent me from using of Openswan in the production. I have configured Openswan on CentOS 6 using the following instructions: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/Host-To-Host_VPN_Using_Openswan.html The final configuration is below: conn my-tunnel ike=3des-md5 esp=3des-md5 left=172.16.0.2 leftnexthop=%defaultroute leftrsasigkey=0...ww== right=172.16.0.1 rightnexthop=%defaultroute rightrsasigkey=0s...rQ== authby=rsasig keyingtries=10 # load and initiate automatically compress=no auto=start I have tested the connection on both sides:tcpdump -n -i eth0 esp or udp port 500 or udp port 4500tcpdump: verbose output suppressed, use -v or -vv for full protocol decodelistening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes10:02:00.444491 IP 172.16.0.2 > 172.16.0.1: ESP(spi=0x8204b310,seq=0x26425), length 12410:02:00.445414 IP 172.16.0.1 > 172.16.0.2: ESP(spi=0xa68b20ef,seq=0x34e1d), length 84 tcpdump -n -i eth0 esp or udp port 500 or udp port 4500tcpdump: verbose output suppressed, use -v or -vv for full protocol decodelistening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes10:02:33.123685 IP 172.16.0.1 > 172.16.0.2: ESP(spi=0xa68b20ef,seq=0x34e4c), length 15610:02:33.132466 IP 172.16.0.2 > 172.16.0.1: ESP(spi=0x8204b310,seq=0x26444), length 172 I suppose that any communication from left to right and vice versa will be encrypted by Openswan. I have started the chat server on the left: nc -vv -l 172.16.0.2 1234 And then connected on the write: nc 172.16.0.2 1234 Unfortunately, when I capture the traffic using the following command I can see clear text traffic from left to right:tcpdump -vv -n -s0 -w ipsecchat.cap tcp port 1234 Please note that traffic from write to left is encrypted. What is wrong? Please help.
> > --
> > This message has been scanned for viruses and
> > dangerous content by MailScanner, and is
> > believed to be clean.
> > _______________________________________________
> > Users at lists.openswan.org
> > https://lists.openswan.org/mailman/listinfo/users
> > Micropayments: https://flattr.com/thing/38387/IPsec-for-Linux-made-easy
> > Building and Integrating Virtual Private Networks with Openswan:
> > http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users