Date: Thu, 03 May 2001 09:11:09 -0400 From: "Louis A. Mamakos" <louie@TransSys.COM> To: Erik Salander <erik@whistle.com> Cc: freebsd-net@FreeBSD.ORG Subject: Re: gifs and tcpdump Message-ID: <200105031311.f43DB9711069@whizzo.transsys.com> In-Reply-To: Your message of "Wed, 02 May 2001 18:33:47 PDT." <3AF0B57B.4D789393@whistle.com> References: <3AF0B57B.4D789393@whistle.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> > Should I be able to "tcpdump -i gif0"? tcpdump indicates it's listening > on gif0 but I never capture anything. > > My gif's look like this: > gif0: flags=8091<UP,POINTOPOINT,NOARP,MULTICAST> mtu 1440 > inet 10.3.1.1 --> 10.3.2.1 netmask 0xffffffff > physical address inet 207.76.205.83 --> 207.76.205.115 > > My route to 10.3.2/24 is via gif0 (from netstat -nr): > 10.3.2/24 10.3.2.1 UGSc 0 0 gif0 > 10.3.2.1 10.3.1.1 UH 3 132 gif0 > > Using the gifs for a LAN-LAN VPN. Thanks. Traffic going over an ESP tunnel never actual transits the tunnel interface. In fact, if you arrange to have the right routes installed, you don't even need the gif interface at all. From some recent experiments I've done, the gif interface seems to be used only for: - side effect of installed host routes which are needed when matching the IPSEC policy specification - carrying traffic that isn't matching the IPSEC policy specification (if there is any at all) I found this very counter intuitive; however, if you do a tcpdump on the physical interface carrying the tunnel traffic, you'll see that the IPSEC traffic isn't in an ipip encapsulation at all. Yes, I found this very counter-intuititve. From what I can tell, there's no easy way to do a tcpdump and see the unencrypted traffic as it exits the IPSEC tunnel. What I may try next is to specify a transport-mode IPSEC policy that covers the gif interface tunnel endpoints, but I don't know if that wll work or not. louie To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200105031311.f43DB9711069>