[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Is problem to run ipsec over adsl connexion (pppoe) ?

To: <tech@openbsd.org>
Subject: Is problem to run ipsec over adsl connexion (pppoe) ?
From: "Nicolas Prochazka" <nicolas@sansistor.com>
Date: Tue, 30 Jan 2001 13:48:23 +0100
Importance: Normal

Hello,
I try to make a ipsec tunnel between two adsl openbsd 2.8 box without
succes.
I create SA, the flow (manual keying) and all seems to be ok but
when I use tcpdump, there's a little esp packet and nothing run (try with
ssh connect)
My ipf rules does nothing and pass quick for all interface (testing)
Can somebody help me ?

### Box A
Encap:
Source             Port  Destination        Port  Proto
SA(Address/Proto/Type/Direction)
192.168.3/24       0     192.168.1/24       0     0
212.39.132.253/50/require/in
192.168.3/24       0     212.39.132.253/32  0     0
212.39.132.253/50/require/in
193.253.204.61/32  0     192.168.1/24       0     0
212.39.132.253/50/require/in
193.253.204.61/32  0     212.39.132.253/32  0     0
212.39.132.253/50/require/in
192.168.1/24       0     192.168.3/24       0     0
193.253.204.61/50/require/out
192.168.1/24       0     193.253.204.61/32  0     0
193.253.204.61/50/require/out
212.39.132.253/32  0     192.168.3/24       0     0
193.253.204.61/50/require/out
212.39.132.253/32  0     193.253.204.61/32  0     0
193.253.204.61/50/require/out

### Box B
Encap:
Source             Port  Destination        Port  Proto
SA(Address/Proto/Type/Direction)
192.168.1/24       0     192.168.3/24       0     0
193.253.204.61/50/require/in
192.168.1/24       0     193.253.204.61/32  0     0
193.253.204.61/50/require/in
212.39.132.253/32  0     192.168.3/24       0     0
193.253.204.61/50/require/in
212.39.132.253/32  0     193.253.204.61/32  0     0
193.253.204.61/50/require/in
192.168.3/24       0     192.168.1/24       0     0
212.39.132.253/50/require/out
192.168.3/24       0     212.39.132.253/32  0     0
212.39.132.253/50/require/out
193.253.204.61/32  0     192.168.1/24       0     0
212.39.132.253/50/require/out
193.253.204.61/32  0     212.39.132.253/32  0     0
212.39.132.253/50/require/out


And A tcpdump log on box A (ssh from box B to 192.168.1.10)
bash# tcpdump -i fxp1 esp
tcpdump: listening on fxp1
14:48:23.557576 esp APastourelles-101-1-4-61.abo.wanadoo.fr > 212.39.132.253
spi 0x00001000 seq 5 len 100
14:48:29.389034 esp APastourelles-101-1-4-61.abo.wanadoo.fr > 212.39.132.253
spi 0x00001000 seq 6 len 100
14:48:41.310446 esp APastourelles-101-1-4-61.abo.wanadoo.fr > 212.39.132.253
spi 0x00001000 seq 7 len 100

Prev by Date: Re: Is the 2.8 release of Bind8 vulnerable?
Next by Date: ipfilter, state cache, and so on
Prev by thread: RE: Is the 2.8 release of Bind8 vulnerable?
Next by thread: ipfilter, state cache, and so on
Index(es):
- Date
- Thread