Thread: openbsd 6.0 ipsec issues
View Single Post
  #8   (View Single Post)  
Old 1st October 2016
da1 da1 is offline
Fdisk Soldier
  
Join Date: Feb 2009
Location: Berlin, DE
Posts: 49
Default
Quote:
Originally Posted by jggimi View Post
Are these connections tunnelled via esp, or are they in plaintext? You may find tcpdump(8) helpful to determine whether the connections are using the established SAs or not.
tcpdump -vvv -ttt -n -i enc0:
Code:
Oct 01 18:24:02.042642 (authentic,confidential): SPI 0xb034227e: ext_fw3 > ext_fw1: esp ext_fw3 > ext_fw1 spi 0x0eb58b4f seq 1697 len 88 (ttl 64, id 54376, len 108) (ttl 63, id 5953, len 128)
Oct 01 18:24:02.042680 (authentic,confidential): SPI 0x0eb58b4f: ext_fw3 > ext_fw1: 192.168.3.100.51693 > 192.168.1.50.3389: . [tcp sum ok] 1:1(0) ack 561 win 16323 (ttl 127, id 23252, len 40) (ttl 64, id 54376, len 60)
Oct 01 18:24:02.736887 (authentic,confidential): SPI 0xc8e2dfe6: ext_fw1 > ext_fw3: 192.168.1.50.63209 > 192.168.3.100.80: S [tcp sum ok] 622316736:622316736(0) win 8192 <mss 1460,nop,wscale 2,nop,nop,sackOK> (DF) (ttl 127, id 29963, len
 52) (DF) (ttl 64, id 5377, len 72, bad ip cksum 0! -> 33a9)
Oct 01 18:24:02.736932 (authentic,confidential): SPI 0x3a8eda6f: ext_fw1 > ext_fw3: esp ext_fw1 > ext_fw3 spi 0xc8e2dfe6 seq 1835 len 104 (DF) (ttl 64, id 5377, len 124) (DF) (ttl 64, id 50213, len 144, bad ip cksum 0! -> 843c)
Oct 01 18:24:02.883681 (authentic,confidential): SPI 0xc8e2dfe6: ext_fw1 > ext_fw3: 192.168.1.50.3389 > 192.168.3.100.51693: P 561:612(51) ack 1 win 63498 (DF) (ttl 127, id 29964, len 91) (DF) (ttl 64, id 38096, len 111, bad ip cksum 0!
-> b3b2)
Oct 01 18:24:02.883711 (authentic,confidential): SPI 0x3a8eda6f: ext_fw1 > ext_fw3: esp ext_fw1 > ext_fw3 spi 0xc8e2dfe6 seq 1836 len 136 (DF) (ttl 64, id 38096, len 156) (DF) (ttl 64, id 33650, len 176, bad ip cksum 0! -> c4cf)
Oct 01 18:24:03.042897 (authentic,confidential): SPI 0xb034227e: ext_fw3 > ext_fw1: esp ext_fw3 > ext_fw1 spi 0x0eb58b4f seq 1698 len 88 (ttl 64, id 17238, len 108) (ttl 63, id 25882, len 128)
Oct 01 18:24:03.042934 (authentic,confidential): SPI 0x0eb58b4f: ext_fw3 > ext_fw1: 192.168.3.100.51693 > 192.168.1.50.3389: . [tcp sum ok] 1:1(0) ack 612 win 16310 (ttl 127, id 23253, len 40) (ttl 64, id 17238, len 60)
Oct 01 18:24:03.885677 (authentic,confidential): SPI 0xc8e2dfe6: ext_fw1 > ext_fw3: 192.168.1.50.3389 > 192.168.3.100.51693: P 612:663(51) ack 1 win 63498 (DF) (ttl 127, id 29965, len 91) (DF) (ttl 64, id 11910, len 111, bad ip cksum 0!
-> 19fd)
Reply With Quote