hello everybody
GRE over IPsec
i follow this ducument to implement GRE over IPsec
http://www.lipasys.de/download/ospfipsec
pc
pc
eth1 eth0
eth0 eth1
subnet A------------------ |route A|-----------------| internet
|-------------|goute b|------------------subnet B
172.1.1.0/24 172.1.1.2 10.120.10.10 10.120.11.11
192.168.200.3 192.168.200.0/24
-------------------------------------------------------------------
route A
eth0 public ip 10.120.10.10
eth1 private ip 172.1.1.2
subnet 172.1.1.0/24
route b
eth0 public ip 10.120.11.11
eth1 private ip 192.168.200.254
subnet 192.168.200.0/24
ftp b in subnet b ip address is 192.168.200.3
------------------------------------------------------------
gre1
route a
ip tunnel add gre1 mode gre local 172.1.1.2 remote 192.168.200.254
route b
ip tunnel add gre1 mode gre local 192.168.200.254 remote 172.1.1.2
-----------------------------------------------------------------
when host a download data from ftp b
when i tcpdump -i th0
13:03:34.883617 IP 10.120.11.11 > 10.120.10.10: ah
13:03:34.883617 IP 10.120.11.11 > 10.120.10.10: ESP(spi=0x031fd4bb,seq=0xace7),
length 1532
13:03:34.883617 IP 192.168.200.3.20582 > 172.1.1.2.49475: P
62886173:62887633(1460) ack 1 win 32768
13:03:34.884161 IP 10.120.10.10 > 10.120.11.11: AH(spi=0x0f06b57c,seq=0x587c):
IP 10.120.10.10 > 10.120.11.11: ESP(spi=0x075f9137,seq=0x587c), length 76
(ipip-proto-4)
13:03:34.884341 IP 10.120.11.11 > 10.120.10.10: AH(spi=0x0c6212d3,seq=0xace8):
IP truncated-ip - 96 bytes missing! 10.120.11.11 > 10.120.10.10:
ESP(spi=0x031fd4bb,seq=0xace8), length 1532 (ipip-proto-4)
13:03:34.884355 IP 10.120.11.11 > 10.120.10.10: ah
13:03:35.132418 IP 10.120.11.11 > 10.120.10.10: AH(spi=0x0c6212d3,seq=0xae5c):
IP truncated-ip - 96 bytes missing! 10.120.11.11 > 10.120.10.10:
ESP(spi=0x031fd4bb,seq=0xae5c), length 1532 (ipip-proto-4)
13:03:35.132441 IP 10.120.11.11 > 10.120.10.10: ah
13:03:35.132958 IP 10.120.11.11 > 10.120.10.10: ah
13:03:35.134900 IP 10.120.11.11 > 10.120.10.10: AH(spi=0x0c6212d3,seq=0xae61):
IP truncated-ip - 96 bytes missing! 10.120.11.11 > 10.120.10.10:
ESP(spi=0x031fd4bb,seq=0xae61), length 1532 (ipip-proto-4)
13:03:35.134915 IP 10.120.11.11 > 10.120.10.10: ah
13:03:35.134915 IP 10.120.11.11 > 10.120.10.10: ESP(spi=0x031fd4bb,seq=0xae61),
length 1532
13:03:35.137374 IP 10.120.11.11 > 10.120.10.10: AH(spi=0x0c6212d3,seq=0xae66):
IP truncated-ip - 96 bytes missing! 10.120.11.11 > 10.120.10.10:
ESP(spi=0x031fd4bb,seq=0xae66), length 1532 (ipip-proto-4)
13:03:35.137386 IP 10.120.11.11 > 10.120.10.10: ah
13:03:35.137386 IP 10.120.11.11 > 10.120.10.10: ESP(spi=0x031fd4bb,seq=0xae66),
length 1532
13:03:35.145620 IP 10.120.10.10 > 10.120.11.11: AH(spi=0x0f06b57c,seq=0x5934):
IP 10.120.10.10 > 10.120.11.11: ESP(spi=0x075f9137,seq=0x5934), length 76
(ipip-proto-4)
13:03:35.145689 IP 10.120.10.10 > 10.120.11.11: AH(spi=0x0f06b57c,seq=0x5935):
IP 10.120.10.10 > 10.120.11.11: ESP(spi=0x075f9137,seq=0x5935), length 76
(ipip-proto-4)
13:03:35.145736 IP 10.120.10.10 > 10.120.11.11: AH(spi=0x0f06b57c,seq=0x5936):
IP 10.120.10.10 > 10.120.11.11: ESP(spi=0x075f9137,seq=0x5936), length 76
(ipip-proto-4)
13:03:35.145782 IP 10.120.10.10 > 10.120.11.11: AH(spi=0x0f06b57c,seq=0x5937):
IP 10.120.10.10 > 10.120.11.11: ESP(spi=0x075f9137,seq=0x5937), length 76
(ipip-proto-4)
13:03:35.145828 IP 10.120.10.10 > 10.120.11.11: AH(spi=0x0f06b57c,seq=0x5938):
IP 10.120.10.10 > 10.120.11.11: ESP(spi=0x075f9137,seq=0x5938), length 76
(ipip-proto-4)
13:03:35.145872 IP 10.120.10.10 > 10.120.11.11: AH(spi=0x0f06b57c,seq=0x5939):
IP 10.120.10.10 > 10.120.11.11: ESP
i dont see the gre packet at eth0
tcpdump -i gre1
there is no packets or messages
is it right????
Any help would be appreciated
thank you
_________________________________________________________________
用部落格分享照片、影音、趣味小工具和最愛清單,盡情秀出你自己 — Windows Live Spaces
http://home.spaces.live.com/?showUnauth=1&lc=1028
_______________________________________________
IPsec mailing list
IPsec@ietf.org
https://www.ietf.org/mailman/listinfo/ipsec
