IPsec a route

Anton Caniga Caniga na bentel.sk
Neděle Únor 29 14:44:44 CET 2004 

Dobry den,

pravdepodobne som nasiel pricinu preco mi ipsec a winxp nefunguju.
Vypis z tcpdump -i ipsec0:

14:30:40.591209 195.46.168.201 > 192.168.1.1: icmp: echo request
14:30:40.591404 192.168.1.1 > 195.46.68.201: icmp: echo reply
14:30:40.623428 gw-test.domena.sk.500 > 195.46.168.201.500: isakmp: phase 
2/others ? oakley-quick[E]: [|hash] (DF)
14:30:40.623456 gw-test.domena.sk.500 > 195.46.168.201.500: isakmp: phase 
2/others ? oakley-quick[E]: [|hash] (DF)
14:30:41.524574 195.46.168.201 > 192.168.1.1: icmp: echo request
14:30:41.524734 192.168.1.1 > 195.46.168.201: icmp: echo reply
14:30:41.524822 gw-test.domen.sk > 195.46.168.201: ESP(spi=0xfd191608,seq=0x1)

No ak som to spravne pochopil to znamena ze paket z win masini pride aj 
sa nan odpovie ale uz sa nedoruci pretoze odpoved ide do interfaces ipsec0 a 
nie do eth0.

Rutovacia tabulka vyzera asi takto:

Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
195.46.168.201   195.46.69.1     255.255.255.255 UGH   0      0        0 
ipsec0
10.100.100.0    0.0.0.0         255.255.255.192 U     0      0        0 eth1
195.46.69.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
195.46.69.0     0.0.0.0         255.255.255.0   U     0      0        0 ipsec0
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
0.0.0.0         195.46.69.1     0.0.0.0         UG    0      0        0 eth0

Vypis prikazou:

#ip route
195.46.168.201 via 195.46.69.1 dev ipsec0
10.100.100.0/26 dev eth1  proto kernel  scope link  src 10.100.100.1
195.46.69.0/24 dev eth0  proto kernel  scope link  src 195.46.69.6
195.46.69.0/24 dev ipsec0  proto kernel  scope link  src 195.46.69.6
192.168.1.0/24 dev eth1  proto kernel  scope link  src 192.168.1.1
default via 195.46.69.1 dev eth0 

#ipsec look
gw-test Sun Feb 29 14:36:19 CET 2004
0195 46 6820132:0:192.168.1.0/24:0   -> 195.46.168.201/32:0 => %trap:0 (0)
ipsec0->eth0 mtu=16260(1443)->1500
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         195.46.69.1     0.0.0.0         UG        0 0          0 eth0
195.46.69.0     0.0.0.0         255.255.255.0   U         0 0          0 eth0
195.46.69.0     0.0.0.0         255.255.255.0   U         0 0          0 
ipsec0
195.46.168.201   195.46.69.1     255.255.255.255 UGH       0 0          0 
ipsec0

#ipsec eroute
192.168.1.0/24:0   -> 195.46.168.201/32:0 => %trap:0

Neviete mi poradit co by som mal urobit, aby mi ipsec pakety odchadzajuce z 
danej masiny odchadzali rozhranim eth0 a nie ipsec0.

Za nakopnutie velmi pekne dakujem.

Další informace o konferenci Linux