[strongSwan] Where's the ipsecX eth devices?

Ricky Huang rhhuang at soe.ucsd.edu
Fri Jun 22 19:31:08 CEST 2012


On Jun 22, 2012, at 1:13 AM, Martin Willi wrote:

> Hi Ricky,
> 
>> [...] saying that ipsec devices are no more in > 2.6.16. Is that true?
> 
> Yes. The native Linux IPsec stack (Netkey) doesn't use dedicated
> interfaces, but handles packet en-/decapsulation transparently in the IP
> stack.
> […]

Thanks Martin.

In the setup below: 
[ subnet 1 ] --- [ gateway1 ] === [ gateway 2] --- [ subnet 2 ]
[ 192.168.254.0/24] --- [br0 192.168.254.99 | eth2 99.33.170.155 ] ===== [ eth3 75.11.172.226 |  br0 192.168.250.99] --- [ 192.168.250.0/24 ]

When I ping from subnet 1 to subnet2, and tcpdump on GW1's eth2 device, I should see ESP packets leaving GW1, correct?

But I am running into the problem of packets leaving GW1 with ping packet showing subnet2 as the destination, e.g.,
	23:10:23.806822 IP 99.33.170.155 > 192.168.250.99: ICMP echo request, id 63768, seq 1, length 64

https://lists.strongswan.org/pipermail/users/2012-June/007728.html




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120622/ebd5205e/attachment.html>


More information about the Users mailing list