LinuxQuestions.org - ipsec (racoon, setkey) and traffic

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - ipsec (racoon, setkey) and traffic (https://www.linuxquestions.org/questions/linux-security-4/ipsec-racoon-setkey-and-traffic-706115/)

ipsec (racoon, setkey) and traffic

Hello all!

I have a problem, something strange that i can't explain.

params:
my box: x.x.x.x
remote crypt-server: y.y.y.133
remote destination-server: y.y.y.136

ipsec tunnel init perfectly, i have this lines in my log:

Code:

INFO: IPsec-SA established: ESP/Tunnel x.x.x.133[0]->y.y.y.y[0] spi=9929892(0x9784a4)

INFO: IPsec-SA established: ESP/Tunnel y.y.y.y[0]->x.x.x.133[0] spi=1039267100(0x3df1f51c)

The problem is: when i try ping remote:

Code:

[root@gateway:~]# ping x.x.x.136

PING x.x.x.136 (x.x.x.136) 56(84) bytes of data.



--- x.x.x.136 ping statistics ---

1 packets transmitted, 0 received, 100% packet loss, time 0ms

i got this in tcpdump

Code:

[root@gateway:~]# tcpdump host x.x.x.133

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode

listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes

10:32:15.489284 IP y.y.y.y > x.x.x.133: ESP(spi=0x3df1f51c,seq=0xe), length 116

10:32:15.521198 IP x.x.x.133 > y.y.y.y: ESP(spi=0x009784a4,seq=0xe), length 116

setkey rules are:

Code:

spdadd x.x.x.x y.y.y.136 any -P out ipsec esp/tunnel/x.x.x.x-y.y.y.133/require;

spdadd y.y.y.136 x.x.x.x any -P in ipsec esp/tunnel/y.y.y.133-x.x.x.x/require;

Help, please.

post output for
traceroute y.y.y.133

Code:

[root@gateway:~]# traceroute y.y.y.133

traceroute to y.y.y.133 (y.y.y.133), 30 hops max, 40 byte packets

 1  my uplink (x.x.x.1)  0.436 ms  0.461 ms  0.506 ms

 2  v701.m9-3.caravan.ru (212.158.172.145)  0.974 ms  1.013 ms v810.m9-3.caravan.ru (212.24.42.9)  0.893 ms

 3  ge1119.RT.M9.MSK.RU.retn.net (87.245.255.145)  0.887 ms  0.793 ms  0.790 ms

 4  GW-RosTeleCom.retn.net (87.245.255.38)  3.694 ms  3.610 ms  3.627 ms

 5  so-0-0-0.ebrg-rgr1.ur.ip.rostelecom.ru (87.226.138.182)  45.482 ms  45.719 ms so-3-0-0.ebrg-rgr1.ur.ip.rostelecom.ru (87.226.138.250)  45.568 ms

 6  92.50.192.50 (92.50.192.50)  47.284 ms  48.348 ms  47.012 ms

 7  * * *

 8  * * *

 9  * * *

10  * * *

11  * * *

12  * * *

13  * * *

14  * * *

15  * * *

16  * * *

17  * * *

18  * * *

19  * * *

20  * * *

21  * * *

22  * * *

23  * * *

24  * * *

25  * * *

26  * * *

27  * * *

28  * * *

29  * * *

30  * * *

Problem is solved, after update to kernel:

Code:

[root@gateway:~]# uname -a

Linux bambuk 2.6.18-92.1.22.el5 #1 SMP Tue Dec 16 11:57:43 EST 2008 x86_64 x86_4 x86_64 GNU/Linux

prev kernel was:

Code:

[root@gateway:~]# uname -a

Linux bambuk 2.6.18-53.1.21.el5 #1 SMP Tue May 20 09:35:07 EDT 2008 x86_64 x86_64 x86_64 GNU/Linux