* IPSEC ping
@ 2006-08-24 11:18 Pawel Zawora
0 siblings, 0 replies; only message in thread
From: Pawel Zawora @ 2006-08-24 11:18 UTC (permalink / raw)
To: netfilter
Hello,
I ve a vpn tunnel (native 2.6, openswan)
I have the ipsec tunnel:
host_A [IP_A]<-->[router IP_router]-----------host_B [IP_B] host_C [ip_C]
left IP_A
right IP_B
rightsubnet IP_C
On host A:
ip xfrm policy show
src IP_A/32 dst IP_C/32
dir out priority 2080
tmpl src IP_A dst IP_C
proto esp reqid 16385 mode tunnel
openswans add routing
IP_C via IP_router dev eth1
tested with
iptables -A FORWARD/INPUT -s IP_C -j ACCEPT
iptables -A FORWAD/INPUT -d IP_C -j ACCEPT
and without any rules.
On host A:
ping -I IP_A IP_C give me no repspose...
When I try to use tcpdump I discover strange information
tcpdump -i eth1 -n src or dst IP_C
IP IP_C> IP_A: ICMP echo reply,
IP IP_C > IP_A: ICMP echo reply,
....
I cant see echo request!
but.......
tcpdump -i eth1 -n src or dst IP_B
IP IP_A > IP_B: ESP(spi....
IP IP_B > IP_A: ESP(spi....
IP IP_A > IP_B: ESP(spi....
IP IP_B > IP_A: ESP(spi....
.....
What is wrong?
What ping cannot see ICMP reply?
Why tcpdump do not show me ICMP request?
Thanks for any help
Pawel
----------------------------------------------------------------------
Zostan Chlopakiem Lata! >>> http://link.interia.pl/f1998
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2006-08-24 11:18 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-08-24 11:18 IPSEC ping Pawel Zawora
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox