From: Andreas Jellinghaus <aj@dungeon.inka.de>
To: "netdev@oss.sgi.com" <netdev@oss.sgi.com>
Subject: ipsec 2.5.70 trouble
Date: 29 May 2003 21:05:55 +0200 [thread overview]
Message-ID: <1054235155.596.9.camel@simulacron> (raw)
I create a single ping, I can see the packet plain in OUTPUT iptable,
I can see the packet encrypted with tcpdump on the source machine.
but on the target machine (same lan), I see the
packets encrypted, but where is that second packet in tcpdump
comming from?
ping 192.168.1.1
source machine has real ip eth0 192.168.0.10 and for ipsec an additional
192.168.3.2, and a default route with src 192.168.3.2 and an ipsec
policy put everything from/to 192.168.3.2 in a tunnel
192.168.0.10-192.168.0.1.
source machine iptables
May 29 20:36:26 simulacron kernel: iptlog.output IN= OUT=eth0
SRC=192.168.3.2 DST=192.168.1.1 LEN=84 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF
PROTO=ICMP TYPE=8 CODE=0 ID=32002 SEQ=1
source machine tcpdump
20:36:26.296466 192.168.0.10 > 192.168.0.1: ESP(spi=0x0dfc33a3,seq=0x7)
(DF)
destination machine tcpdump
tcpdump: listening on eth0
20:35:23.773924 192.168.0.10 > 192.168.0.1: ESP(spi=0x0dfc33a3,seq=0x7)
(DF)
20:35:23.773924 truncated-ip - 24 bytes missing!192.168.0.10 >
192.168.0.1: truncated-ip - 13087 bytes missing!64.4.224.214 >
192.168.0.10: (frag 17664:13167@672) [tos 0xfc] (ipip)
destination machine iptables
May 29 20:35:23 localhost kernel: iptlog.input IN=eth0 OUT=
MAC=00:e0:7d:01:bb:0d:00:04:76:45:01:6e:08:00 SRC=192.168.0.10
DST=192.168.0.1 LEN=152 TOS=0x00 PREC=0x00 TTL=64 ID=55297 DF PROTO=ESP
SPI=0xdfc33a3
Regards, Andreas
next reply other threads:[~2003-05-29 19:05 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-05-29 19:05 Andreas Jellinghaus [this message]
2003-05-29 21:14 ` ipsec 2.5.70 trouble David S. Miller
2003-05-29 23:39 ` Andreas Jellinghaus
2003-05-29 23:47 ` David S. Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1054235155.596.9.camel@simulacron \
--to=aj@dungeon.inka.de \
--cc=netdev@oss.sgi.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).