Mailinglist Archive: opensuse-security (375 mails)

< Previous Next >
ipsec traffic
  • From: Christoph Egger <egger@xxxxxxxxxxxxxx>
  • Date: Wed, 11 Sep 2002 11:44:44 +0200
  • Message-id: <20020911094606.870BA1446C@xxxxxxxxxxxxxx>

Hi!

I am wondering how causes lots of traffic through an ipsec tunnel.

Only our mail server fetches mails every 10 minutes and that's it. So only
every 10 minutes is expected to be traffic there.

Nonetheless, tcpdump registered lots of traffic during the whole night.

First, I thought, there was an attack going through, but I couldn't find
anything...

Another possibility is that the two ipsec gateways do lots of keyexchanging.

On the one gateway, the key related options are these:

keyingtries=1
disablearrivalcheck=no
pfs=yes
keyexchange=ike
keylife=1h

The other gateway is configured as roadwarrior because of dynamic ip
addresses (dialup connection). Keying related options are these:

keyingtries=0
disablearrivalcheck=no
pfs=yes
keyexchange=ike
keylife=1h


I can't figure out what the disablearrivealcheck=no option really means as
all the documentation links of the freeswan homage (http://www.freeswan.org/)
are broken.
This option was already in the config file as a sort of "pre-defined default
option".

Can one of these options cause lots of traffic?
Are there other possibilities?


--
CU,
Christoph

< Previous Next >
This Thread
  • No further messages