IP Addresses over IPSec

Question

I've got four hosts setup as follows:

Network Diagram

I've got an IPSec tunnel via OpenSwan over the internet between Servers B and C. Servers A and D are configured to route traffic to the other via B and C respectively. Servers A and B are on one private network, Servers C and D on another.

I can ping and talk correctly, but when pinging Server D from Server A, I see something interesting in the output from tcpdump on each box.

On Server A:

04:52:12.790527 IP (tos 0x0, ttl 64, id 24219, offset 0, flags [DF], proto ICMP (1), length 84)
    [Server A] > [Server D]: ICMP echo request, id 29513, seq 1, length 64
04:52:12.793453 IP (tos 0x0, ttl 62, id 44476, offset 0, flags [none], proto ICMP (1), length 84)
    [Server D] > [Server A]: ICMP echo reply, id 29513, seq 1, length 64

On Server B:

04:52:08.393560 IP (tos 0x0, ttl 64, id 24219, offset 0, flags [DF], proto ICMP (1), length 84)
    [Server A] > [Server D]: ICMP echo request, id 29513, seq 1, length 64
04:52:08.395307 IP (tos 0x0, ttl 63, id 44476, offset 0, flags [none], proto ICMP (1), length 84)
    [Server D] > [Server B]: ICMP echo reply, id 29513, seq 1, length 64

Server C:

04:52:08.395849 IP (tos 0x0, ttl 62, id 24219, offset 0, flags [DF], proto ICMP (1), length 84)
    [Server B] > [Server D]: ICMP echo request, id 29513, seq 1, length 64
04:52:08.396382 IP (tos 0x0, ttl 64, id 44476, offset 0, flags [none], proto ICMP (1), length 84)
    [Server D] > [Server B]: ICMP echo reply, id 29513, seq 1, length 64

Server D:

04:52:12.428422 IP (tos 0x0, ttl 62, id 24219, offset 0, flags [DF], proto ICMP (1), length 84)
    [Server B] > [Server D]: ICMP echo request, id 29513, seq 1, length 64
04:52:12.428457 IP (tos 0x0, ttl 64, id 44476, offset 0, flags [none], proto ICMP (1), length 84)
    [Server D] > [Server B]: ICMP echo reply, id 29513, seq 1, length 64

However, the odd part comes:

Server A has the correct IPs
Server B seeds the correct echo request, but the echo reply seems to be going to Server B.
Servers C and D both see the request going between Servers B and D.

Why are the packets seemingly coming from Server B and not Server A? Thanks!

Indeed - Servers B and C are the only ones able to access the internet, I just added a -j ACCEPT rule before the MASQUERADE rule. — Alex, Oct 17 '14 at 03:31

score 1 · Answer 1 · answered Oct 16 '14 at 09:01

1

Looks like B is changing the IP SRC header field to it's own address. Could be a result of working NAT. Check your packet filter for any translation rules and modify them accordingly.

answered Oct 16 '14 at 09:01

drookie

8,051
1
17
27

IP Addresses over IPSec

1 Answers1