[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Is there some way to tell whether two gateways have negotiated an IPSec
When I fire off my ipsecadm commands, I see stuff show up in
/kern/ipsec, and I see flows showing up in `netstat -nr`, but so far
I've been unable to find out whether the two gateways are actually
succeeding in transacting any actual cryptographic traffic. Packets
from each of my subnets are making it to the opposite gateway and then
disappearing without a trace, so I'm suspecting that maybe they aren't
being decrypted at the other end.
But I'm getting no errors in my logs, neither when the gateways
initialize the SA's nor when I try to pass packets back and forth.
/var/log/ipflog shows nothing but passed packets (with all blocking
rules set to log). tcpdump sees ESP packets on the public NIC of each
gateway, but nothing coming in on enc0 and nothing on the private NIC.
This is sort of a repeat of a much longer post from yesterday; after
working most of the night on this and re-reading lots of docs, I'm still
bewildered about what could be going wrong.
Michael Jinks, IB // Technical Entity // Saecos Corporation
"No one speaks English and everything's broken." -- T. Waits
"Tom Waits would have made a decent sysadmin." -- M. Jinks