Re: ip tunnel ... mode gre -- encrypted? or not?

To: debian-user@lists.debian.org
Subject: Re: ip tunnel ... mode gre -- encrypted? or not?
From: will trillich <will@serensoft.com>
Date: Tue, 10 Oct 2000 17:31:29 -0500
Message-id: <20001010173129.B26028@mail.serensoft.com>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <20001010233249.C9494@empire.net.au>; from dm-debian-user@empire.net.au on Tue, Oct 10, 2000 at 11:32:49PM +1100
References: <39E1F49F.369EA623@serensoft.com> <20001010233249.C9494@empire.net.au>

On Tue, Oct 10, 2000 at 11:32:49PM +1100, Damon Muller wrote:
> Hi will,
> 
> Quoth will trillich, 
> > when a linux wonk says <with real IP's, of course>
> > 	DEV=mytunnel
> > 	OUTSIDE_HERE=321.1.2.3
> > 	OUTSIDE_THERE=789.9.8.7
> > 	ip tunnel add $DEV \
> > 		local $OUTSIDE_HERE \
> > 		remote $OUTSIDE_THERE \
> > 		mode gre
> > is the tunnel encrypted? if so, how can i confirm
> > that? if not, is there a way to do so? (maybe some
> > argument needs to be supplied to insmod?)
> 
> While I know very little about this VPN stuff (except port-forwarding
> using ssh, but I've posted everything I know about that here anyway), I
> would imagine that the easiest way to see if the traffic is encrypted or
> not is to sniff it and see if it's sending cleartext.
> 
> Just use `sniffit -F mytunnel -i'. Telnet across your VPN, and select
> that socket in the sniffit interactive window. Type something (like
> uname -a) in the telnet session and see if you can see anything
> recognisable.
> 
> This isn't very scientific, and I'd personally have a hard time telling
> the difference between ROT-13'd and IDEA-encrypted traffic, but if you
> can't see any cleartext, then it's probably working.

i can't see nothin'.

# sniffit -F dave -i
Forcing device to dave (user requested)...
Make sure you have read the docs carefully.
unknown physical layer type 0x30a
# ifconfig dave
dave      Link encap:UNSPEC  HWaddr D0-21-5A-55-00-00-00-00-00-00-00-00-00-00-00-00
          inet addr:192.168.1.1  P-t-P:192.168.0.1  Mask:255.255.255.0
          UP POINTOPOINT RUNNING NOARP  MTU:1476  Metric:1
          RX packets:4300 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4308 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0


when i just
# sniffit -i
all i see are my existing login/ssh sessions, altho i
can still ping 192.168.0.2 (which is past the remote end
of the tunnel, which is 192.168.0.1; my end is 192.168.1.1).

unfortunately, when running 'sniffit -i' the only options are
to check certain ports and certain ip numbers, not specific
devices.

aaugh!

-- 

things are more like they used to be than they are now.

will@serensoft.com *** http://www.dontUthink.com/

Reply to:

References:
- ip tunnel ... mode gre -- encrypted? or not?
  - From: will trillich <will@serensoft.com>
- Re: ip tunnel ... mode gre -- encrypted? or not?
  - From: Damon Muller <dm-debian-user@empire.net.au>

Prev by Date: libdb2 does not contain Java class files?
Next by Date: apt cheating?
Previous by thread: Re: ip tunnel ... mode gre -- encrypted? or not?
Next by thread: Re: debian-user-digest Digest V100 #195
Index(es):
- Date
- Thread