[Cialug] IPSec VPN not passing traffic

Zachary Kotlarek zach at kotlarek.com
Tue Sep 7 21:08:28 CDT 2010


On Sep 7, 2010, at 8:22 PM, Jonathan C. Bailey wrote:

> Ok, I guess I'm not getting how XFRM passes packets out of the IPSec world to the real world. The documentation for it (at least what I can find) isn't too helpful..


It doesn't. It's an in-line transform. Outbound packets that match the XFRM rules get transformed in-line according to those rules before they're transmitted. In this case the transformation is IPSec. It's sort of like mangling for NAT with iptables.


> Anyway, here is my setup:
> 
> VPN server: 10.81.10.60
> Win7 client: 10.64.4.110 (so at least different subnets from the server)
> VPN routes: 10.81.28.2 10.81.28.3 10.81.28.4 10.81.10.17
> 
> I can also see traffic from 10.64.4.110 to anywhere when running tcpdump on eth0 of srvpn (10.81.10.60), but that traffic never seems to *leave* eth0 of srvpn...


I'm not sure what you're mean by "never leaves". What are you measuring to determine that? Are you capturing locally and in-line and seeing the traffic locally but not at the remote capture point? Are you not seeing it even in local captures?

	Zach

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2746 bytes
Desc: not available
Url : http://cialug.org/pipermail/cialug/attachments/20100907/ba98199f/attachment.bin 


More information about the Cialug mailing list