From alexk at coolsigns.mobi Wed Jan 4 08:17:49 2017 From: alexk at coolsigns.mobi (alexk) Date: Wed, 4 Jan 2017 15:17:49 +0200 Subject: [Openswan Users] tcpdump no outgoing traffic over VPN Message-ID: Hello to all and happy new year. I am trying to acquire a tcp dump in a pcap file using the following command: /sudo tcpdump -s 0 host HOST_IP -i eth0 -w tcpdump_test.pcap/ The OS is _/Ubuntu 14.04/_ server edition with the */3.13.0-92-generic/* kernel running on an AWS instance. I am able to capture incoming traffic from the host to my server but when I download the pcap file and open it in Wireshark I do not see the outgoing traffic (neither ESP packets nor clear text). I have tried to use nflog as described in (https://wiki.strongswan.org/projects/strongswan/wiki/CorrectTrafficDump) but it seems that nflog is not included with the Ubuntu kernel. I am unable to find a way to see outgoing traffic towards the host in question. Can anyone please suggest a solution? Thank you in advance Alex -------------- next part -------------- An HTML attachment was scrubbed... URL: From Joe.Madden at mottmac.com Wed Jan 4 08:31:46 2017 From: Joe.Madden at mottmac.com (Madden, Joe) Date: Wed, 4 Jan 2017 13:31:46 +0000 Subject: [Openswan Users] tcpdump no outgoing traffic over VPN In-Reply-To: References: Message-ID: Hi Alexk, Its normal not to see any outgoing packets for IPsec. The packets an encapsulated before they reach the interface as a result you can only see ESP/NAT-T packets exiting the interface. http://stackoverflow.com/questions/21931614/how-to-see-outgoing-esp-packets-in-tcpdump-before-they-get-encrypted Joe From: Users [mailto:users-bounces at lists.openswan.org] On Behalf Of alexk Sent: 04 January 2017 13:18 To: users at lists.openswan.org Subject: [Openswan Users] tcpdump no outgoing traffic over VPN Hello to all and happy new year. I am trying to acquire a tcp dump in a pcap file using the following command: sudo tcpdump -s 0 host HOST_IP -i eth0 -w tcpdump_test.pcap The OS is Ubuntu 14.04 server edition with the 3.13.0-92-generic kernel running on an AWS instance. I am able to capture incoming traffic from the host to my server but when I download the pcap file and open it in Wireshark I do not see the outgoing traffic (neither ESP packets nor clear text). I have tried to use nflog as described in (https://wiki.strongswan.org/projects/strongswan/wiki/CorrectTrafficDump) but it seems that nflog is not included with the Ubuntu kernel. I am unable to find a way to see outgoing traffic towards the host in question. Can anyone please suggest a solution? Thank you in advance Alex -------------- next part -------------- An HTML attachment was scrubbed... URL: From alexk at coolsigns.mobi Wed Jan 4 08:40:10 2017 From: alexk at coolsigns.mobi (alexk) Date: Wed, 4 Jan 2017 15:40:10 +0200 Subject: [Openswan Users] tcpdump no outgoing traffic over VPN In-Reply-To: References: Message-ID: Hello Joe, Thank you for your reply. In my case (given the kernel) I understand that the suggested solution would be: 1. To send the data from one interface to another interface on the same host. 2. To setup forwarding of data from that second interface to your destination 3. configure the ip address of the second interface in the security policy to create the tunnel on the second interface. a) How exactly can I do the above using IP tables? b) If I configure the IP address of the second interface to create the tunnel would I have to let the other party of the VPN end of the new IP? If yes then this is not a feasible option for my case. Regards, Alex On 01/04/2017 03:31 PM, Madden, Joe wrote: > > Hi Alexk, > > Its normal not to see any outgoing packets for IPsec. > > The packets an encapsulated before they reach the interface as a > result you can only see ESP/NAT-T packets exiting the interface. > > http://stackoverflow.com/questions/21931614/how-to-see-outgoing-esp-packets-in-tcpdump-before-they-get-encrypted > > Joe > > *From:*Users [mailto:users-bounces at lists.openswan.org] *On Behalf Of > *alexk > *Sent:* 04 January 2017 13:18 > *To:* users at lists.openswan.org > *Subject:* [Openswan Users] tcpdump no outgoing traffic over VPN > > Hello to all and happy new year. > > I am trying to acquire a tcp dump in a pcap file using the following > command: > > /sudo tcpdump -s 0 host HOST_IP -i eth0 -w tcpdump_test.pcap/ > > The OS is /_Ubuntu 14.04_/ server edition with the > */3.13.0-92-generic/* kernel running on an AWS instance. > > I am able to capture incoming traffic from the host to my server but > when I download the pcap file and open it in Wireshark I do not see > the outgoing traffic (neither ESP packets nor clear text). > > I have tried to use nflog as described in > (https://wiki.strongswan.org/projects/strongswan/wiki/CorrectTrafficDump) > but it seems that nflog is not included with the Ubuntu kernel. I am > unable to find a way to see outgoing traffic towards the host in question. > > Can anyone please suggest a solution? > > Thank you in advance > > Alex > -------------- next part -------------- An HTML attachment was scrubbed... URL: From amechax at gmail.com Mon Jan 30 12:01:15 2017 From: amechax at gmail.com (Amelye Chatila) Date: Mon, 30 Jan 2017 20:01:15 +0300 Subject: [Openswan Users] How do I create Private IP on my VPS CentOS 7 Message-ID: Hi, Need to get something like 10.50.100.0/24 and 10.50.100.5 for the vps itself, How do I achieve this? Thank you in advance! Amelye -------------- next part -------------- An HTML attachment was scrubbed... URL: