1)
sur PC1_fedora
[root@G131 racoon]# setkey -D
192.16.1.2 192.16.1.1
esp mode=tunnel spi=10001(0x00002711) reqid=0(0x00000000)
E: aes-cbc 31323334 35363738 39303132 31323334 35363738 39303132
seq=0x00000000 replay=0 flags=0x00000000 state=mature
created: Oct 22 15:55:13 2012 current: Oct 22 15:55:20 2012
diff: 7(s) hard: 0(s) soft: 0(s)
last: hard: 0(s) soft: 0(s)
current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 0 hard: 0 soft: 0
sadb_seq=1 pid=2482 refcnt=0
192.16.1.1 192.16.1.2
esp mode=tunnel spi=10000(0x00002710) reqid=0(0x00000000)
E: aes-cbc 31323334 35363738 39303132 33343536 37383930 31323334
seq=0x00000000 replay=0 flags=0x00000000 state=mature
created: Oct 22 15:55:13 2012 current: Oct 22 15:55:20 2012
diff: 7(s) hard: 0(s) soft: 0(s)
last: hard: 0(s) soft: 0(s)
current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 0 hard: 0 soft: 0
sadb_seq=0 pid=2482 refcnt=0
toujours sur la même machine
[root@G131 racoon]# setkey -DP
192.165.16.0/24[[any] 192.167.16.0/24[[any] any
fwd prio def ipsec
esp/tunnel/192.16.1.1-192.16.1.2/require
created: Oct 22 15:55:13 2012 lastused:
lifetime: 0(s) validtime: 0(s)
spid=18 seq=1 pid=2506
refcnt=1
192.165.16.0/24 [any] 192.167.16.0/24[any] any
in prio def ipsec
esp/tunnel/192.16.1.1-192.16.1.2/require
created: Oct 22 15:55:13 2012 lastused:
lifetime: 0(s) validtime: 0(s)
spid=8 seq=2 pid=2506
refcnt=1
192.167.16.0/24[any] 192.165.16.0/24[any] any
out prio def ipsec
esp/tunnel/192.16.1.2-192.16.1.1/require
created: Oct 22 15:55:13 2012 lastused:
lifetime: 0(s) validtime: 0(s)
spid=1 seq=0 pid=2506
refcnt=1
voila
2) Comment je verifie que le trafic n'est pas chiffré?
i) je fais un ping depuis PC1_windows vers PC2_windows.
ii) je fait l’écoute avec tcpdump sur eth1 de PC1_fedora ( passerelle 192.16.1.2), voila ce qu'affiche:
15:59:05.106707 IP 192.167.16.5 > 192.165.16.6: ICMP echo request, id 2823, seq 49, length 64
15:59:05.106797 IP 192.165.16.6 > 192.167.16.5: ICMP echo reply, id 2823, seq 49, length 64
15:59:06.106697 IP 192.167.16.5 > 192.165.16.6: ICMP echo request, id 2823, seq 50, length 64
15:59:06.106783 IP 192.165.16.6 > 192.167.16.5: ICMP echo reply, id 2823, seq 50, length 64
15:59:07.106696 IP 192.167.16.5 > 192.165.16.6: ICMP echo request, id 2823, seq 51, length 64