Checking IPSec connection
rams...@gmail.com
Wants to check IPSec connection data is encrypted or not b/w two
machines. Here is the setup details.
=-=-=-=-=-=-=-==-=-=-=-=-=-=-==-=-=-=-=-=-=-==-=-=-=-=-=-=-==-=-=-=-=-
=-=-==-=-=-=-=-=-=-==-=-=-=-=-=-=-=
SETUP
-----------
Red Hat based Linux systems with racoon
BOX-1
----------
Process - 1
Process - 2
Box-2
-----------
Process-3
=-=-=-=-=-=-=-==-=-=-=-=-=-=-==-=-=-=-=-=-=-==-=-=-=-=-=-=-==-=-=-=-=-
=-=-==-=-=-=-=-=-=-==-=-=-=-=-=-=-==-
From BOX-1's Process-1 is establishing tcp socket connection with
BOX-2 of Process-3. The link b/w BOX1 and BOX2 is IPSec secured.
Process-2 on BOX1 responsibility is to monitor the data between BOX1
and BOX2 data is going in encrypted format or not. I can't use tcpdump
from Process-2 for capturing packets and verifying the same. I have to
check this only once.
Iam planning to use "setkey -D" from a shell script, which will be
invoked by Process-2 on BOX1. Which returns output as below. If i grep
"10.10.10.2 239.0.0.3" on output data of "setkey -D" we will come to
know whether IPSec is established or not.
Is this a reliable approach to determine data going in encrypted
format between BOX1 and BOX2. Please correct me...Or Please share is
there any other approach to determine the same. Thanks in advance.
# setkey -D
10.10.10.2 239.0.0.3
esp mode=transport spi=713(0x000002c9) reqid=0(0x00000000)
E: aes-cbc 61657343 42432065 6e637270 744b6579
A: hmac-sha1 bd19fa78 6056b0c2 7a8431cd 26b5970a 300cbb71
seq=0x00000000 replay=0 flags=0x00000000 state=mature
created: Jan 1 06:12:31 1970 current: Jan 1 06:12:35 1970
diff: 4(s) hard: 35(s) soft: 30(s)
last: hard: 0(s) soft: 0(s)
current: 0(bytes) hard: 0(bytes) soft: 0(bytes)
allocated: 0 hard: 0 soft: 0
sadb_seq=0 pid=556 refcnt=0