I'm trying to pentest an IPSEC implementation with no Auth in Tunnel mode for a Uni Project.
After sniffing an ESP packet (which contains an ICMP) with Wireshark, the attacker sends the same packet with Scapy to Host A. The problem is that the Router A do not forward anything to his Host A.
I am also using Scapy with the ESP implementation from https://github.com/secdev/scapy
This is My Configuration:
HOST A: 10.0.1.10
ROUTER A NIC-1: 10.0.1.24
ROUTER A NIC-2: 192.168.100.1
HOST B: 10.0.2.10
ROUTER B NIC-1: 10.0.2.24
ROUTER B NIC-2: 192.168.100.2
ATTACKER: 192.168.100.3
after I use sendp from the ATTACKER machine, i see the ESP packet on Router A
06:03:03.088236 IP 192.168.100.2 > Tirith: ESP(spi=0xc18c8ed9,seq=0x1b), length 120
sadly, it doesn't happen anything on HOST A.
I can do the same thing without the ESP,with a simple ICMP packet, everything works: Router A gets the packet and forward to HOST A, so it seems that the interface is also set correctly.
Am I missing something here?