lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Pine.LNX.4.61.0610310927270.23540@yvahk01.tjqt.qr>
Date:	Tue, 31 Oct 2006 09:30:06 +0100 (MET)
From:	Jan Engelhardt <jengelh@...ux01.gwdg.de>
To:	jplatte@...sa.net
cc:	linux-kernel@...r.kernel.org
Subject: Re: IPSEC and bridged interfaces

>
>Unfortunately, the kernel does not encrypt incoming packages any more. tcpdump 
>reveals, that all received replies (I tested it with ping) are forwarded 
>unencrypted, because they are visible on my firewall instead of being 
>encrypted. Is this a known problem? Is bridging and IPSEC (maybe with 
>masquerading) currently not supported? Or should I forward this issue to 
>another mailing list? 

Sounds like those packets are bridged rather than routed (or so it 
sounds). See if that's the case. Check
http://www.imagestream.com/~josh/PacketFlow-new.png for details.

You could try `ebtables -t broute -j DROP` to force all packets to be 
routed.


	-`J'
-- 
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ