[Swan] Answer packets not encrypted
Paul Wouters
paul at nohats.ca
Tue Dec 9 18:40:43 EET 2014
On Mon, 8 Dec 2014, Michael Schwartzkopff wrote:
> When I set up a ipsec transport connection from a client behind a NAT to the
> VPN server, everything is OK if I use netkey.
>
> If I use klips or mast the answer pakets from the server to the client (should
> be udp/4500 to the NAT IP adress) are not encrypted. They are send our in
> plain. Any idea? Thanks.
Double check that you are looking at the right interfaces and are
generating traffic with the right IP addresses.
The kernel stacks should prevent plaintext packets when an IPsec policy
is in place. The only way with KLIPS to circumvent that is to have some
specific route that bypasses the ipsecX interface that is more specific
than the existing routes into the ipsecX interface. So double check your
routing table?
Paul
More information about the Swan
mailing list