[strongSwan] SA establishment is trigerred by icmp traffic, when the rule is added for udp
divya mohan
divzsecondary at gmail.com
Tue Apr 24 14:25:56 CEST 2012
Hi,
Adding the logs for the case with rule for ICMP, and UDP traffic.
SPD entry created for ICMP, at initiator:
---------------------------------------------------------------------
# setkey -DP
10.104.33.0/24 10.102.232.0/24 icmp
in priority=1758 index=0x80000230 ipsec
esp/tunnel/10.104.33.96-10.102.232.116/unique:2
created: Apr 24 13:56:49 2012 lastused:
lifetime: 0(s) validtime: 0(s)
spid=0x80000230 seq=1 pid=11835
refcnt=2
vrfid=0 linkvrfid=0
10.102.232.0/24 10.104.33.0/24 icmp
out priority=1758 index=0x80000229 ipsec
esp/tunnel/10.102.232.116-10.104.33.96/unique:2
created: Apr 24 13:56:49 2012 lastused:
lifetime: 0(s) validtime: 0(s)
spid=0x80000229 seq=2 pid=11835
refcnt=2
vrfid=0 linkvrfid=0
---------------------------------------------------------------------
Through the tunnel, I am sending UDP traffic. After that, SA entries
are being created on both hosts.
>From initiator:
---------------------------------------------------------------------
# setkey -D
10.102.232.116 10.104.33.96
esp mode=tunnel spi=3341333464(0xc728b3d8) reqid=2(0x00000002)
E: 3des-cbc a0b1ea3b 0f081fae 843634a8 e76e8172 833a7823 1fce7b3f
A: hmac-md5 b6b1991f 5b472b6d 44f9fe3f b73db884
seq=0x00000000 replay=32 flags=0x11000000 state=mature
created: Apr 24 13:57:38 2012 current: Apr 24 13:57:38 2012
diff: 0(s) hard: 60(s) soft: 51(s)
last: hard: 0(s) soft: 0(s)
current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 0 hard: 0 soft: 0
sadb_seq=1 pid=11850 refcnt=0
vrfid=0 xvrfid=0
10.104.33.96 10.102.232.116
esp mode=tunnel spi=3301079166(0xc4c2787e) reqid=2(0x00000002)
E: 3des-cbc 5fea39a8 7258f81f f0229863 db6ad65e 1b51cd10 7e174de0
A: hmac-md5 aeec3381 b8e0ad83 29dcad7f 32714f59
seq=0x00000000 replay=32 flags=0x10000000 state=mature
created: Apr 24 13:57:38 2012 current: Apr 24 13:57:38 2012
diff: 0(s) hard: 60(s) soft: 50(s)
last: hard: 0(s) soft: 0(s)
current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 0 hard: 0 soft: 0
sadb_seq=0 pid=11850 refcnt=0
vrfid=0 xvrfid=0
---------------------------------------------------------------------
Traffic captured from initiator:
---------------------------------------------------------------------
# tcpdump -i eth4 host 10.104.33.96 -n
listening on eth4, link-type EN10MB (Ethernet), capture size 96 bytes
13:57:30.338564 IP 10.102.232.112.2500 > 10.104.33.96.4400: UDP, length: 6
13:57:38.143807 IP 10.104.33.96.500 > 10.102.232.116.500: isakmp:
phase 2/others ? #36
13:57:38.145601 IP 10.102.232.116.500 > 10.104.33.96.500: isakmp:
phase 2/others ? #36[]
13:57:38.146704 IP 10.104.33.96.500 > 10.102.232.116.500: isakmp:
phase 2/others ? #37
13:57:38.147436 IP 10.102.232.116.500 > 10.104.33.96.500: isakmp:
phase 2/others ? #37[]
---------------------------------------------------------------------
Has anyone observed this behaviour?
Could you please help me to find the reason for this.
Regards,
Divya
More information about the Users
mailing list