LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 02-20-2009, 01:52 AM   #1
supaflyzzz
LQ Newbie
 
Registered: Feb 2009
Posts: 3

Rep: Reputation: 0
ipsec (racoon, setkey) and traffic


Hello all!

I have a problem, something strange that i can't explain.

params:
my box: x.x.x.x
remote crypt-server: y.y.y.133
remote destination-server: y.y.y.136

ipsec tunnel init perfectly, i have this lines in my log:
Code:
INFO: IPsec-SA established: ESP/Tunnel x.x.x.133[0]->y.y.y.y[0] spi=9929892(0x9784a4)
INFO: IPsec-SA established: ESP/Tunnel y.y.y.y[0]->x.x.x.133[0] spi=1039267100(0x3df1f51c)
The problem is: when i try ping remote:

Code:
[root@gateway:~]# ping x.x.x.136
PING x.x.x.136 (x.x.x.136) 56(84) bytes of data.

--- x.x.x.136 ping statistics ---
1 packets transmitted, 0 received, 100% packet loss, time 0ms
i got this in tcpdump

Code:
[root@gateway:~]# tcpdump host x.x.x.133
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
10:32:15.489284 IP y.y.y.y > x.x.x.133: ESP(spi=0x3df1f51c,seq=0xe), length 116
10:32:15.521198 IP x.x.x.133 > y.y.y.y: ESP(spi=0x009784a4,seq=0xe), length 116
setkey rules are:

Code:
spdadd x.x.x.x y.y.y.136 any -P out ipsec esp/tunnel/x.x.x.x-y.y.y.133/require;
spdadd y.y.y.136 x.x.x.x any -P in ipsec esp/tunnel/y.y.y.133-x.x.x.x/require;
Help, please.
 
Old 02-20-2009, 02:19 AM   #2
vkmgeek
Member
 
Registered: Feb 2006
Location: Ahmedabad
Distribution: rhel5
Posts: 185
Blog Entries: 2

Rep: Reputation: 31
post output for
traceroute y.y.y.133
 
Old 02-22-2009, 05:42 AM   #3
supaflyzzz
LQ Newbie
 
Registered: Feb 2009
Posts: 3

Original Poster
Rep: Reputation: 0
Code:
[root@gateway:~]# traceroute y.y.y.133
traceroute to y.y.y.133 (y.y.y.133), 30 hops max, 40 byte packets
 1  my uplink (x.x.x.1)  0.436 ms  0.461 ms  0.506 ms
 2  v701.m9-3.caravan.ru (212.158.172.145)  0.974 ms  1.013 ms v810.m9-3.caravan.ru (212.24.42.9)  0.893 ms
 3  ge1119.RT.M9.MSK.RU.retn.net (87.245.255.145)  0.887 ms  0.793 ms  0.790 ms
 4  GW-RosTeleCom.retn.net (87.245.255.38)  3.694 ms  3.610 ms  3.627 ms
 5  so-0-0-0.ebrg-rgr1.ur.ip.rostelecom.ru (87.226.138.182)  45.482 ms  45.719 ms so-3-0-0.ebrg-rgr1.ur.ip.rostelecom.ru (87.226.138.250)  45.568 ms
 6  92.50.192.50 (92.50.192.50)  47.284 ms  48.348 ms  47.012 ms
 7  * * *
 8  * * *
 9  * * *
10  * * *
11  * * *
12  * * *
13  * * *
14  * * *
15  * * *
16  * * *
17  * * *
18  * * *
19  * * *
20  * * *
21  * * *
22  * * *
23  * * *
24  * * *
25  * * *
26  * * *
27  * * *
28  * * *
29  * * *
30  * * *
 
Old 02-24-2009, 06:58 AM   #4
supaflyzzz
LQ Newbie
 
Registered: Feb 2009
Posts: 3

Original Poster
Rep: Reputation: 0
Problem is solved, after update to kernel:
Code:
[root@gateway:~]# uname -a
Linux bambuk 2.6.18-92.1.22.el5 #1 SMP Tue Dec 16 11:57:43 EST 2008 x86_64 x86_4 x86_64 GNU/Linux
prev kernel was:
Code:
[root@gateway:~]# uname -a
Linux bambuk 2.6.18-53.1.21.el5 #1 SMP Tue May 20 09:35:07 EDT 2008 x86_64 x86_64 x86_64 GNU/Linux
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
VPN (IPSec)--setkey tool for ARM cross compiler tushar_barahate Linux - Networking 0 05-25-2007 02:15 AM
Need help creating an IPSec/Racoon script s0n|k Linux - Networking 0 01-19-2007 09:09 AM
Ipsec setkey pfkey aletorta Linux - Security 0 11-04-2006 09:49 AM
IPsec:Problem with setkey squirtle Linux - Security 28 10-30-2006 07:03 PM
IPsec : Problem with racoon HaPagan Linux - Security 1 11-30-2005 12:23 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 08:43 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration