[strongSwan-dev] Strongswan can't work for some msgs in my case, such as SCTP INIT msg.

LIU Jingen Jingen.Liu at alcatel-sbell.com.cn
Mon Jun 3 05:04:24 CEST 2013 

Hello, all

This is my case: I had set up the IPsec tunnel between a femto(192.168.222.8) and a VPN server(192.168.222.95),
If I ping from the femto to the core network 192.168.111.9, the pacakge goes through the IPsec tunnel, but we have
some SCTP msgs, such as INIT msg from the femto to the core network 192.168.111.9, they doesn't go through
the IPsec tunnel.



 ========================================================================================================================
Femto                                       VPN server                                 Core network
IP: 192.168.222.8                       IP: 192.168.222.95                      192.168.111.9
Tunnel IP: 10.23.25.1                  IP: 192.168.111.11
 ========================================================================================================================

(1) We run ping 192.168.111.9 from the femto, and catpured the msgs from the femto, and you can know the ping package goes through the IPsec tunnel.



(2) The femto sends out the INIT msgs to the core network, but it doesn't go througth the IPsec tunnel, we expected it to be an ESP msg, and goes to the VPN server
     firstly, and then decoded by the VPN server, and forwarded to the core network.



I guess the root cause is that: Though the IPsec tunnel function had been activated by strongswan, but the SCTP msgs call the origin APIs of the network layer,
so it can't be processed by strongswan related component, but I don't know the mechanism of strongswan, what had been done on the network layer by strongswan?

Could you please give me any clue how to debug the issue? How to let the INIT msgs go through the IPsec tunnel?


Best regards
Jingen, Liu
------------
Alcatel-Lucent Shanghai Bell Co.,Ltd. WSPD NanJing R&D Center.
Floor 10, Changjiang Technological Park, No.40, Nanchang Road, GuLou District.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20130603/ee230bae/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PBrush 1.jpg
Type: image/jpeg
Size: 96935 bytes
Desc: PBrush 1.jpg
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20130603/ee230bae/attachment.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PBrush 2.jpg
Type: image/jpeg
Size: 91217 bytes
Desc: PBrush 2.jpg
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20130603/ee230bae/attachment-0001.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Femto.log
Type: application/octet-stream
Size: 5920 bytes
Desc: Femto.log
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20130603/ee230bae/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: VPNserver.log
Type: application/octet-stream
Size: 6685 bytes
Desc: VPNserver.log
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20130603/ee230bae/attachment-0001.obj>

More information about the Dev mailing list