|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
linux-ipsec: Latest IPsec and connecting two IP networks.... :-(
From: David Sainty <DavidSainty(at)cit.com.au>
Date: Mon Aug 31 1998 - 11:58:46 EDT
Sep 1 01:44:08 sydney kernel: ipsec_findroute: 192.168.1.29->192.168.2.11
Sep 1 01:44:08 sydney kernel: rj_match: * See if we match exactly as a host destination
Sep 1 01:44:08 sydney kernel: rj_match: ** try to match a leaf, t=0x00353218
Sep 1 01:44:08 sydney kernel: ipsec_tunnel_do_xmit: packet contents after pull:IP:hlen:20 ver:4 proto:1 saddr:192.168.1.29 d addr:192.168.2.11 tlen:60
Sep 1 01:44:08 sydney kernel: ipsec_tunnel_do_xmit: found tdb -- spi=0xffff9bc4
Sep 1 01:44:08 sydney kernel: ipsec_tunnel_do_xmit: calling room for
<IPv4 Simple Encapsulation>
Sep 1 01:44:08 sydney kernel: ipsec_tunnel_do_xmit: calling room for
<3DES-MD5-96 Encryption>
Sep 1 01:44:08 sydney kernel: ipsec_tunnel_do_xmit: Room left at head: 96
Sep 1 01:44:08 sydney kernel: ipsec_tunnel_do_xmit: Room left at tail: 36
Sep 1 01:44:08 sydney kernel: ipsec_tunnel_do_xmit: Required room: 52,16, Tunnel hlen: 96
Sep 1 01:44:08 sydney kernel: ipsec_tunnel_do_xmit: data fits in existing skb
Sep 1 01:44:08 sydney kernel: ipsec_tunnel_do_xmit: calling output for
<IPv4 Simple Encapsulation>...
Sep 1 01:44:08 sydney kernel: ipsec_tunnel_do_xmit: returns 0 Sep 1 01:44:08 sydney kernel: ipsec_tunnel_do_xmit: calling output for
<3DES-MD5-96 Encryption>...
Sep 1 01:44:08 sydney kernel: esp3desmd596_output: old header (headroom = 76, tailroom = 36
Sep 1 01:44:08 sydney kernel: esp3desmd596_output: before skb_trim: 60,36 (need: 16,16) after skb_trim: 60,20 Sep 1 01:44:08 sydney kernel: esp3desmd596_output: encrypting 64 bytes Sep 1 01:44:08 sydney kernel: esp3desmd596_output: new header (headroom = 60, tailroom = 20
Sep 1 01:44:08 sydney kernel: esp3desmd596_output: IP:hlen:20 ver:4 proto:50 saddr:a.b.c.d daddr:e.f.g.h tlen:11 2
Sep 1 01:44:08 sydney kernel: ipsec_tunnel_do_xmit: ts=08.7792 calling ip_forward
Sep 1 01:44:09 sydney kernel: esp_rcv: physical device for device ipsec0 is eth0
Sep 1 01:44:09 sydney kernel: ipsec_esp_rcv: ts=09.1298 ESP packet received, dev = ipsec0
Sep 1 01:44:09 sydney kernel: ipsec_esp_rcv: old IP:hlen:20 ver:4 proto:50 saddr:e.f.g.h daddr:a.b.c.d tlen:112 Sep 1 01:44:09 sydney kernel: esp3desmd596_input: packet from 203.59.56.26 received with spi=0x2498 seq=4 (iv)=0xcefd0c4401a c3d2c iplen=112 esplen=80
Sep 1 01:44:09 sydney kernel: esp3desmd596_input: padlen=2, contents: 1:1 2:2
Sep 1 01:44:13 sydney kernel: ipsec_findroute: 192.168.1.29->192.168.2.10
Sep 1 01:44:13 sydney kernel: rj_match: * See if we match exactly as a host destination
Sep 1 01:44:13 sydney kernel: rj_match: ** try to match a leaf, t=0x00353218
Sep 1 01:44:13 sydney kernel: ipsec_tunnel_do_xmit: packet contents after pull:IP:hlen:20 ver:4 proto:1 saddr:192.168.1.29 d addr:192.168.2.10 tlen:60
Sep 1 01:44:13 sydney kernel: ipsec_tunnel_do_xmit: found tdb -- spi=0xffff9bc4
Sep 1 01:44:13 sydney kernel: ipsec_tunnel_do_xmit: calling room for
<IPv4 Simple Encapsulation>
Sep 1 01:44:13 sydney kernel: ipsec_tunnel_do_xmit: calling room for
<3DES-MD5-96 Encryption>
Sep 1 01:44:13 sydney kernel: ipsec_tunnel_do_xmit: Room left at head: 96
Sep 1 01:44:13 sydney kernel: ipsec_tunnel_do_xmit: Room left at tail: 36
Sep 1 01:44:13 sydney kernel: ipsec_tunnel_do_xmit: Required room: 52,16, Tunnel hlen: 96
Sep 1 01:44:13 sydney kernel: ipsec_tunnel_do_xmit: data fits in existing skb
Sep 1 01:44:13 sydney kernel: ipsec_tunnel_do_xmit: calling output for
<IPv4 Simple Encapsulation>...
Sep 1 01:44:13 sydney kernel: ipsec_tunnel_do_xmit: returns 0 Sep 1 01:44:13 sydney kernel: ipsec_tunnel_do_xmit: calling output for
<3DES-MD5-96 Encryption>...
Sep 1 01:44:13 sydney kernel: esp3desmd596_output: old header (headroom = 76, tailroom = 36
Sep 1 01:44:13 sydney kernel: esp3desmd596_output: before skb_trim: 60,36 (need: 16,16) after skb_trim: 60,20 Sep 1 01:44:13 sydney kernel: esp3desmd596_output: encrypting 64 bytes Sep 1 01:44:13 sydney kernel: esp3desmd596_output: new header (headroom = 60, tailroom = 20
Sep 1 01:44:13 sydney kernel: esp3desmd596_output: IP:hlen:20 ver:4 proto:50 saddr:a.b.c.d daddr:e.f.g.h tlen:11 2
Sep 1 01:44:13 sydney kernel: ipsec_tunnel_do_xmit: ts=13.8347 calling ip_forward
Date: Mon Aug 31 1998 - 11:58:46 EDT
Hi all,
I'm using the freeswan-snap1998Aug30 release of the code. It compiles and installs _remarkably_ well! :-)
Unfortunately I've got a problem. I followed (I believe) all the instructions to successfully setup IPsec on two machines but....:
- machine1: 192.168.1.1 internal, a.b.c.d external.
- machine2: 192.168.2.11 internal, e.f.g.h external.
- both machines run Linux 2.0.35 kernel (but machine1 has an "innocent" patch - ipportfw).
- I used the standard /etc/sysconfig/ipsec config files, and the isakmp-secrets files are identical.
1/ a.b.c.d and e.f.g.h ping each other without trouble. 2/ pluto runs on both and exchange seems to work properly. 3/ From a machine on the first 192.168.1.0/24 network, 192.168.1.29, Ican ping and ftp to 192.168.2.11 via the ipsec tunnel. 4/ From this same machine I _cannot_ ping (or contact) ****any other machine**** on the 192.168.2.0/24 network. 5/ Why can I contact 192.168.2.11 but not, say 192.168.2.10 or 192.168.2.90????
Please help! Here are the logs from 192.168.1.1/a.b.c.d for:
- pinging 192.168.2.11 from 192.168.1.29:
Sep 1 01:44:08 sydney kernel: ipsec_tunnel_start_xmit: ts=08.7763 Revectored start_xmit
Sep 1 01:44:08 sydney kernel: ipsec_tunnel_do_xmit: hard_header_len = 14 00:c0:7b:51:d7:5e:00:80:5f:cc:ca:8a:08:00 Sep 1 01:44:08 sydney kernel: ipsec_tunnel_do_xmit: packetcontents:IP:hlen:20 ver:4 proto:1 saddr:192.168.1.29 daddr:192.16 8.2.11 tlen:60
Sep 1 01:44:08 sydney kernel: ipsec_findroute: 192.168.1.29->192.168.2.11
Sep 1 01:44:08 sydney kernel: rj_match: * See if we match exactly as a host destination
Sep 1 01:44:08 sydney kernel: rj_match: ** try to match a leaf, t=0x00353218
Sep 1 01:44:08 sydney kernel: ipsec_tunnel_do_xmit: packet contents after pull:IP:hlen:20 ver:4 proto:1 saddr:192.168.1.29 d addr:192.168.2.11 tlen:60
Sep 1 01:44:08 sydney kernel: ipsec_tunnel_do_xmit: found tdb -- spi=0xffff9bc4
Sep 1 01:44:08 sydney kernel: ipsec_tunnel_do_xmit: calling room for
<IPv4 Simple Encapsulation>
Sep 1 01:44:08 sydney kernel: ipsec_tunnel_do_xmit: calling room for
<3DES-MD5-96 Encryption>
Sep 1 01:44:08 sydney kernel: ipsec_tunnel_do_xmit: Room left at head: 96
Sep 1 01:44:08 sydney kernel: ipsec_tunnel_do_xmit: Room left at tail: 36
Sep 1 01:44:08 sydney kernel: ipsec_tunnel_do_xmit: Required room: 52,16, Tunnel hlen: 96
Sep 1 01:44:08 sydney kernel: ipsec_tunnel_do_xmit: data fits in existing skb
Sep 1 01:44:08 sydney kernel: ipsec_tunnel_do_xmit: calling output for
<IPv4 Simple Encapsulation>...
Sep 1 01:44:08 sydney kernel: ipsec_tunnel_do_xmit: returns 0 Sep 1 01:44:08 sydney kernel: ipsec_tunnel_do_xmit: calling output for
<3DES-MD5-96 Encryption>...
Sep 1 01:44:08 sydney kernel: esp3desmd596_output: old header (headroom = 76, tailroom = 36
Sep 1 01:44:08 sydney kernel: esp3desmd596_output: before skb_trim: 60,36 (need: 16,16) after skb_trim: 60,20 Sep 1 01:44:08 sydney kernel: esp3desmd596_output: encrypting 64 bytes Sep 1 01:44:08 sydney kernel: esp3desmd596_output: new header (headroom = 60, tailroom = 20
Sep 1 01:44:08 sydney kernel: esp3desmd596_output: IP:hlen:20 ver:4 proto:50 saddr:a.b.c.d daddr:e.f.g.h tlen:11 2
Sep 1 01:44:08 sydney kernel: ipsec_tunnel_do_xmit: returns 0 Sep 1 01:44:08 sydney kernel: ipsec_tunnel_do_xmit: packet contents after xforms:IP:hlen:20 ver:4 proto:50 saddr:a.b.c.d daddr:e.f.g.h tlen:112
Sep 1 01:44:08 sydney kernel: ipsec_tunnel_do_xmit: skb->data= 0x005f6c3c, skb->h.iph= 0x005f6c3c, skb->ip_hdr= 0x005f6c3c Sep 1 01:44:08 sydney kernel: ipsec_tunnel_do_xmit: ip_forwarding ofskb->dev->name eth0 hopefully equal to eth0, 112 bytes, to 1a383bcb
Sep 1 01:44:08 sydney kernel: ipsec_tunnel_do_xmit: ts=08.7792 calling ip_forward
Sep 1 01:44:09 sydney kernel: esp_rcv: physical device for device ipsec0 is eth0
Sep 1 01:44:09 sydney kernel: ipsec_esp_rcv: ts=09.1298 ESP packet received, dev = ipsec0
Sep 1 01:44:09 sydney kernel: ipsec_esp_rcv: old IP:hlen:20 ver:4 proto:50 saddr:e.f.g.h daddr:a.b.c.d tlen:112 Sep 1 01:44:09 sydney kernel: esp3desmd596_input: packet from 203.59.56.26 received with spi=0x2498 seq=4 (iv)=0xcefd0c4401a c3d2c iplen=112 esplen=80
Sep 1 01:44:09 sydney kernel: esp3desmd596_input: padlen=2, contents: 1:1 2:2
Sep 1 01:44:09 sydney kernel: esp3desmd596_input: packet decrypted from 203.59.56.26: proto = 4, padding = 2 Sep 1 01:44:09 sydney kernel: ipsec_esp_rcv: new IP:hlen:20 ver:4proto:4 saddr:e.f.g.h daddr:a.b.c.d tlen:80
b) pinging 192.168.2.10 from 192.168.1.29:
Sep 1 01:44:13 sydney kernel: ipsec_tunnel_start_xmit: ts=13.8318 Revectored start_xmit
Sep 1 01:44:13 sydney kernel: ipsec_tunnel_do_xmit: hard_header_len = 14 00:c0:7b:51:d7:5e:00:80:5f:cc:ca:8a:08:00 Sep 1 01:44:13 sydney kernel: ipsec_tunnel_do_xmit: packetcontents:IP:hlen:20 ver:4 proto:1 saddr:192.168.1.29 daddr:192.16 8.2.10 tlen:60
Sep 1 01:44:13 sydney kernel: ipsec_findroute: 192.168.1.29->192.168.2.10
Sep 1 01:44:13 sydney kernel: rj_match: * See if we match exactly as a host destination
Sep 1 01:44:13 sydney kernel: rj_match: ** try to match a leaf, t=0x00353218
Sep 1 01:44:13 sydney kernel: ipsec_tunnel_do_xmit: packet contents after pull:IP:hlen:20 ver:4 proto:1 saddr:192.168.1.29 d addr:192.168.2.10 tlen:60
Sep 1 01:44:13 sydney kernel: ipsec_tunnel_do_xmit: found tdb -- spi=0xffff9bc4
Sep 1 01:44:13 sydney kernel: ipsec_tunnel_do_xmit: calling room for
<IPv4 Simple Encapsulation>
Sep 1 01:44:13 sydney kernel: ipsec_tunnel_do_xmit: calling room for
<3DES-MD5-96 Encryption>
Sep 1 01:44:13 sydney kernel: ipsec_tunnel_do_xmit: Room left at head: 96
Sep 1 01:44:13 sydney kernel: ipsec_tunnel_do_xmit: Room left at tail: 36
Sep 1 01:44:13 sydney kernel: ipsec_tunnel_do_xmit: Required room: 52,16, Tunnel hlen: 96
Sep 1 01:44:13 sydney kernel: ipsec_tunnel_do_xmit: data fits in existing skb
Sep 1 01:44:13 sydney kernel: ipsec_tunnel_do_xmit: calling output for
<IPv4 Simple Encapsulation>...
Sep 1 01:44:13 sydney kernel: ipsec_tunnel_do_xmit: returns 0 Sep 1 01:44:13 sydney kernel: ipsec_tunnel_do_xmit: calling output for
<3DES-MD5-96 Encryption>...
Sep 1 01:44:13 sydney kernel: esp3desmd596_output: old header (headroom = 76, tailroom = 36
Sep 1 01:44:13 sydney kernel: esp3desmd596_output: before skb_trim: 60,36 (need: 16,16) after skb_trim: 60,20 Sep 1 01:44:13 sydney kernel: esp3desmd596_output: encrypting 64 bytes Sep 1 01:44:13 sydney kernel: esp3desmd596_output: new header (headroom = 60, tailroom = 20
Sep 1 01:44:13 sydney kernel: esp3desmd596_output: IP:hlen:20 ver:4 proto:50 saddr:a.b.c.d daddr:e.f.g.h tlen:11 2
Sep 1 01:44:13 sydney kernel: ipsec_tunnel_do_xmit: returns 0 Sep 1 01:44:13 sydney kernel: ipsec_tunnel_do_xmit: packet contents after xforms:IP:hlen:20 ver:4 proto:50 saddr:a.b.c.d daddr:e.f.g.h tlen:112
Sep 1 01:44:13 sydney kernel: ipsec_tunnel_do_xmit: skb->data= 0x00d98054, skb->h.iph= 0x00d98054, skb->ip_hdr= 0x00d98054 Sep 1 01:44:13 sydney kernel: ipsec_tunnel_do_xmit: ip_forwarding ofskb->dev->name eth0 hopefully equal to eth0, 112 bytes, to 1a383bcb
Sep 1 01:44:13 sydney kernel: ipsec_tunnel_do_xmit: ts=13.8347 calling ip_forward
I can provide more info if so desired....
Thanks in advance!!
David Sainty.. Received on Mon Aug 31 13:01:46 1998
This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 12:59:26 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |