[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Openswan: Works, but... (fwd)



Am Sun, 8 Feb 2009 13:31:24 -0500 (EST)
schrieb Paul Wouters <paul xelerance com>:

> On Sun, 8 Feb 2009, D. Hugh Redelmeier wrote:
> 
> > According to the homepage of openswan, i configured a server and a
> > roadwarrior (think this is host-to-host).
> >
> > Using tcpdump, i see, that traffic between those 2 hosts is
> > encrypted, if the server is the endpoint.
> >
> > this server is a transparent proxy. so, if i surf eg. to google via
> > this server, the traffic seems no longer encrypted to me. (no
> > esp-packets mentionned in tcpdump).
> >
> > Even my mailserver is not on the same machine, so this traffic isn't
> > encrypted either.
> 
> Either use a leftsubnet=lan/mask to make the IPsec tunnel cover your
> LAN ip range, or send everything using leftsubnet=0.0.0.0/0.
> 
> Paul

Hi,

I changed this on the server-side, but not on the client side. 

Result from tcpdump from the client (wenn opening google in the
browser):

20:07:48.742497 IP client > server:
ESP(spi=0x3052e16e,seq=0x27), length 100 20:07:48.744033 IP
server > client: ESP(spi=0x3729843c,seq=0x25), length
100 20:07:48.744033 IP fx-in-f99.google.com.http >
client.49006: . ack 794 win 231 <nop,nop,timestamp 690888417
125678582>


Roger


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]