IPsec a route
Anton Caniga
Caniga na bentel.sk
Neděle Únor 29 14:44:44 CET 2004
Dobry den,
pravdepodobne som nasiel pricinu preco mi ipsec a winxp nefunguju.
Vypis z tcpdump -i ipsec0:
14:30:40.591209 195.46.168.201 > 192.168.1.1: icmp: echo request
14:30:40.591404 192.168.1.1 > 195.46.68.201: icmp: echo reply
14:30:40.623428 gw-test.domena.sk.500 > 195.46.168.201.500: isakmp: phase
2/others ? oakley-quick[E]: [|hash] (DF)
14:30:40.623456 gw-test.domena.sk.500 > 195.46.168.201.500: isakmp: phase
2/others ? oakley-quick[E]: [|hash] (DF)
14:30:41.524574 195.46.168.201 > 192.168.1.1: icmp: echo request
14:30:41.524734 192.168.1.1 > 195.46.168.201: icmp: echo reply
14:30:41.524822 gw-test.domen.sk > 195.46.168.201: ESP(spi=0xfd191608,seq=0x1)
No ak som to spravne pochopil to znamena ze paket z win masini pride aj
sa nan odpovie ale uz sa nedoruci pretoze odpoved ide do interfaces ipsec0 a
nie do eth0.
Rutovacia tabulka vyzera asi takto:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
195.46.168.201 195.46.69.1 255.255.255.255 UGH 0 0 0
ipsec0
10.100.100.0 0.0.0.0 255.255.255.192 U 0 0 0 eth1
195.46.69.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
195.46.69.0 0.0.0.0 255.255.255.0 U 0 0 0 ipsec0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
0.0.0.0 195.46.69.1 0.0.0.0 UG 0 0 0 eth0
Vypis prikazou:
#ip route
195.46.168.201 via 195.46.69.1 dev ipsec0
10.100.100.0/26 dev eth1 proto kernel scope link src 10.100.100.1
195.46.69.0/24 dev eth0 proto kernel scope link src 195.46.69.6
195.46.69.0/24 dev ipsec0 proto kernel scope link src 195.46.69.6
192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.1
default via 195.46.69.1 dev eth0
#ipsec look
gw-test Sun Feb 29 14:36:19 CET 2004
0195 46 6820132:0:192.168.1.0/24:0 -> 195.46.168.201/32:0 => %trap:0 (0)
ipsec0->eth0 mtu=16260(1443)->1500
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 195.46.69.1 0.0.0.0 UG 0 0 0 eth0
195.46.69.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
195.46.69.0 0.0.0.0 255.255.255.0 U 0 0 0
ipsec0
195.46.168.201 195.46.69.1 255.255.255.255 UGH 0 0 0
ipsec0
#ipsec eroute
192.168.1.0/24:0 -> 195.46.168.201/32:0 => %trap:0
Neviete mi poradit co by som mal urobit, aby mi ipsec pakety odchadzajuce z
danej masiny odchadzali rozhranim eth0 a nie ipsec0.
Za nakopnutie velmi pekne dakujem.
Další informace o konferenci Linux