[vpn-help] Connected to L2TP/IPsec - Traffic On eth0 Not tap0?

[Das]

I'm running Slackware 13.1 x86 and I compiled the latest svn of Shrew Soft
and I'm using an IPsec service
and when I connect to the VPN I see in ifconfig the tap0 adapter comes up
but then when I run tcpdump
it shows the traffic on eth0.

In ifconfig it shows the RX and TX as 0 for tap0

RX packets:0
TX packets:0

Here's some tcpdump out  put and I changed out the IP to x-x-x-x.com and it
does show the real ip ok...

root at slackware:~# tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
01:11:24.217504 IP 192.168.1.5.sae-urn > rrcs-x-x-x-x.com.sae-urn:
NONESP-encap: isakmp: phase 2/others ? inf[E]
01:11:24.218770 IP 192.168.1.5.sae-urn > rrcs-x-x-x-x.com.sae-urn:
UDP-encap: ESP(spi=0x4a477840,seq=0x424), length 116
01:11:24.325470 IP rrcs-x-x-x-x.com.sae-urn > 192.168.1.5.sae-urn:
NONESP-encap: isakmp: phase 2/others ? inf[E]
01:11:24.367660 IP rrcs-x-x-x-x.com.sae-urn > 192.168.1.5.sae-urn:
UDP-encap: ESP(spi=0x01288376,seq=0x49a), length 164
01:11:24.367660 IP google-public-dns-a.google.com.domain >
10.99.99.10.53267: 30644 1/0/0 (92)
01:11:24.368408 IP 192.168.1.5.sae-urn > rrcs-x-x-x-x.com.sae-urn:
UDP-encap: ESP(spi=0x4a477840,seq=0x425), length 116
01:11:24.511263 IP rrcs-x-x-x-x.com.sae-urn > 192.168.1.5.sae-urn:
UDP-encap: ESP(spi=0x01288376,seq=0x49b), length 116
01:11:24.511263 IP google-public-dns-a.google.com.domain >
10.99.99.10.53415: 48630 NXDomain 0/0/0 (42)
01:11:24.514384 IP 192.168.1.5.sae-urn > rrcs-x-x-x-x.com.sae-urn:
UDP-encap: ESP(spi=0x4a477840,seq=0x426), length 116
01:11:24.659367 IP rrcs-x-x-x-xcom.sae-urn > 192.168.1.5.sae-urn: UDP-encap:
ESP(spi=0x01288376,seq=0x49c), length 116
01:11:24.659367 IP google-public-dns-a.google.com.domain >
10.99.99.10.60948: 6907 NXDomain 0/0/0 (42)
01:11:24.659993 IP 192.168.1.5.sae-urn > x-x-x-x.com.sae-urn: UDP-encap:
ESP(spi=0x4a477840,seq=0x427), length 116
01:11:24.807675 IP rrcs-x-x-x-x.com.sae-urn > 192.168.1.5.sae-urn:
UDP-encap: ESP(spi=0x01288376,seq=0x49d), length 148
01:11:24.807675 IP google-public-dns-a.google.com.domain >
10.99.99.10.59340: 25544 1/0/0 (82)

This is all I get for tap0

root at slackware:~# tcpdump -i tap0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on tap0, link-type EN10MB (Ethernet), capture size 96 bytes

So does anything go over tap0, if not why does tap0 come up when making a
connection and all the traffic is being routed over the eth0?

I thought the IPsec VPN was suppose to use the tap0 for the traffic?


THANKS
Das
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.shrew.net/pipermail/vpn-help/attachments/20110614/f78a9dfd/attachment-0001.html>