OK, I'm getting the hang of this -- happy new year!
Anyway, I have a tunnel between two (2) Dachstein-CD firewall/gateways,
seperated by the big, bad internet ;>
I remain confused, however, *how* to test the encryption. Yes, I
understand how, if both boxes were local and I could place a 3rd in
between; but, I cannot do that here.
While I'm on 192.168.123.110 (not a DCD firewall/gateway) I do this:
ping -p feedfacedeadbeef 192.168.1.20
Then, I goto the other side (192.168.1.254, the remote DCD
firewall/gateway) and do this:
tcpdump -tx icmp
However, I get this:
tcpdump: listening on ipsec0
192.168.1.20 > 192.168.123.110: icmp: echo reply
4500 0054 664b 0000 7f01 d78a c0a8 0114
c0a8 7b6e 0000 ff15 6d42 0000 3c31 6ffe
0000 5b58 feed face dead beef feed face
dead beef feed face dead beef feed face
dead beef
But, I never get any echo requests!
If I do this:
ping -p feedfacedeadbeef 192.168.123.130
from 192.168.123.110 and do this:
tcpdump -tx icmp
from 192.168.123.130, then I see this:
tcpdump: listening on eth0
192.168.123.110 > 192.168.123.130: icmp: echo request
4500 0054 3ea7 0000 4001 c3c0 c0a8 7b6e
c0a8 7b82 0800 42fd 7142 0000 3c31 701a
0008 0b4d feed face dead beef feed face
dead beef feed
192.168.123.130 > 192.168.123.110: icmp: echo reply
4500 0054 f096 0000 ff01 52d0 c0a8 7b82
c0a8 7b6e 0000 4afd 7142 0000 3c31 701a
0008 0b4d feed face dead beef feed face
dead beef feed
Yes, I know that the FreeS/WAN FAQ emphatically states that this
scenario, testing with tcpdump on either gateway, will be confusing;
but, however else can I test this setup?
What do you think?
--
Best Regards,
mds
mds resource
888.250.3987
Dare to fix things before they break . . .
Our capacity for understanding is inversely proportional to how much we
think we know. The more I know, the more I know I don't know . . .
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
