[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openswan-dev
Subject:    [Openswan dev] Help needed with Openswan
From:       Sumit Kala <sumitk31 () gmail ! com>
Date:       2011-06-25 5:51:43
Message-ID: BANLkTi=a3i=X+dG60bTfOYo560Rpg=rGiw () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


Hello Fellow Members,

I have been trying to setup IPSEC encryption between two linux boxes.
I have a server application which runs on Linux Box A
and a client application which runs on Linux Box B.

The client sends the data to server.
I have captured wireshark logs at both server and client end.
In the wireshark logs I can see that the Box B send ESP packets to the Box
A.

But the server Application running at Box A is is not able to get any
packets.

If I turn the policy off at Box B, Box B sends normal UDP data packets to
Box A, but still the Server Application running at box A doesn't get any
packets.( Expected behavior since policy at Box A enforces that all packets
coming from Box B should be encrypted.)

If I turn the policy off at Box A and Box B both, the server application
receives the unencrypted data which is also expected behavior.

But when the policy is turned on at both the boxes the encrypted packets
reach the Box A but are not delivered to the server application.

If anyone has faced such issue please help me to debug this issue.

I have attached the ifconfig and policy settings at Box A and Box B for your
reference.


Thanks & Regards,
Sumit

[Attachment #5 (text/html)]

<br><br><div class="gmail_quote">Hello Fellow Members,<br><br>I have been trying to \
setup IPSEC encryption between two linux boxes.<br>I have a server application which \
runs on Linux Box A<br>and a client application which runs on Linux Box B.<br>

<br>The client sends the data to server.<br>
I have captured wireshark logs at both server and client end.<br>In the wireshark \
logs I can see that the Box B send ESP packets to the Box A.<br><br>But the server \
Application running at Box A is is not able to get any packets.<br>


<br>If I turn the policy off at Box B, Box B sends normal UDP data packets to Box A, \
but still the Server Application running at box A doesn&#39;t get any packets.( \
Expected behavior since policy at Box A enforces that all packets coming from Box B \
should be encrypted.)<br>


<br>If I turn the policy off at Box A and Box B both, the server application receives \
the unencrypted data which is also expected behavior.<br><br>But when the policy is \
turned on at both the boxes the encrypted packets reach the Box A but are not \
delivered to the server application.<br>


<br>If anyone has faced such issue please help me to debug this issue.<br><br>I have \
attached the ifconfig and policy settings at Box A and Box B for your \
reference.<br><br><br>Thanks &amp; Regards,<br><font color="#888888">Sumit<br>


</font></div><br>

--20cf300fb20d25e98904a682c199--


["ifconfig_client.txt" (text/plain)]

root@172.16.117.101[/nfs-server]# ifconfig
eth0      Link encap:Ethernet  HWaddr 6C:F0:49:EF:EB:F8
          inet addr:172.16.117.101  Bcast:172.16.117.255  Mask:255.255.255.0
          inet6 addr: fe80::6ef0:49ff:feef:ebf8/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:96630 errors:0 dropped:0 overruns:0 frame:0
          TX packets:16420 errors:0 dropped:0 overruns:0 carrier:1
          collisions:0 txqueuelen:1000
          RX bytes:8833640 (8.4 MiB)  TX bytes:1176900 (1.1 MiB)
          Interrupt:28

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:180 errors:0 dropped:0 overruns:0 frame:0
          TX packets:180 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:21685 (21.1 KiB)  TX bytes:21685 (21.1 KiB)

virbr0    Link encap:Ethernet  HWaddr DA:FF:81:14:66:23
          inet addr:192.168.122.1  Bcast:192.168.122.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:14 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:3869 (3.7 KiB)

["ifconfig_server.txt" (text/plain)]

root@172.16.117.201[/nfs-server]# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:1E:C9:5C:8D:54
          inet addr:172.16.117.201  Bcast:172.16.255.255  Mask:255.255.0.0
          inet6 addr: fe80::21e:c9ff:fe5c:8d54/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:1681828 errors:0 dropped:0 overruns:0 frame:0
          TX packets:640867 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1766878568 (1.6 GiB)  TX bytes:48572009 (46.3 MiB)
          Interrupt:16

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:195283423 errors:0 dropped:0 overruns:0 frame:0
          TX packets:195283423 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1168128985 (1.0 GiB)  TX bytes:1168128985 (1.0 GiB)

virbr0    Link encap:Ethernet  HWaddr 1E:04:6F:97:FE:0C
          inet addr:192.168.122.1  Bcast:192.168.122.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:163 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:29115 (28.4 KiB)


["setkey_client.txt" (text/plain)]

flush;
spdflush;



spdadd 172.16.117.101/24 172.16.117.201/24 any -P out ipsec
      esp/transport//require;

spdadd 172.16.117.201/24 172.16.117.101/24 any -P in ipsec
       esp/transport//require;


add 172.16.117.101 172.16.117.201 esp 0x201
    -E 3des-cbc  0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831;

add 172.16.117.201 172.16.117.101 esp 0x301
    -E 3des-cbc  0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df;


["setkey_server.txt" (text/plain)]

flush;
spdflush;

# I am gateway A (eth0:192.168.1.130, eth1:200.200.200.10)
#
# Security policies
spdadd 172.16.117.201/24 172.16.117.101/24 any -P out ipsec
       esp/transport//require;

spdadd 172.16.117.101/24 172.16.117.201/24 any -P in ipsec
       esp/transport//require;



add 172.16.117.201 172.16.117.101 esp 0x201
    -E 3des-cbc  0x7aeaca3f87d060a12f4a4487d5a5c3355920fae69a96c831;

add 172.16.117.101 172.16.117.201 esp 0x301
    -E 3des-cbc  0xf6ddb555acfd9d77b03ea3843f2653255afe8eb5573965df;



_______________________________________________
Dev mailing list
Dev@openswan.org
http://lists.openswan.org/mailman/listinfo/dev


[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic