Welcome to the Linux Foundation Forum!

Problems routing sniffed packets over VPN


Hi Guys,

After having a good go at this, I now have a much better understanding about Routing than before :). But i've been trying to figure this out for a long time now and i am way over my deadline for my project. Im at the point where i will try to *hire* help if that is what it takes to get it finished!!! Any offers..... ?

In short i am trying to sniff packets across the VPN, but please read on to get the whole picture.

Router Hardware: WRT54GL V1.1


There are 2 sites that are separated by WAN, our site and the Customer site. Each site will have a WRT54GL router that has 3rd party firmware on it (Open-WRT or DD-WRT), because it was planned to be used to provide a VPN layer to extend the sniffer for our in-house Product named here as "LS". The sniffer is integrated with "LS" to capture and decode packets to insert them into a SQL DB for "LS". At the Customer Site we can already use a HUB as a network Tap to provide a data stream for ourselves without interfering with their traffic. In-fact our current design is with the Sniffer + LS + DB (all on one machine) being connected to the HUB at the Customer site, but now we need to extend this design by using the Router(s) to connect both remote sites so we can bring the packets to "LS" which will now be running at "our" site (not the Customers Site). Please see diagram below:

New Design


Specialized Hardware



HUB ------> (Customer Site) WRT54GL Router (as VPN Client) ------> VPN over WAN ------> (Our Site) WRT54GL (as VPN Server) ------> LS with DB + Sniffer




The packets that the Router will be receiving via the HUB will not be addressed to it (via MAC or IP). However, the Router's NIC that Serves the LAN ports appears to be in a promiscuous mode, because it receives packets that are not addressed to it or its network.

I have tried so far with both Open-WRT and DD-WRT firmwares and had little success. I can only get the packets that were received in promiscuous mode into the LAN area of the Router, but they do not pass through the WAN. The only packets that i have managed to successfully route through the WAN were ones that were properly addressed. And that was to use the Router's MAC as the Destination MAC in the packet and also use a Destination IP in the packet that is not local to the Router (so it takes the WAN as its default Route).

To me, this seems that it is more of a configuration problem that is at a linux/kernel level, because the packets get into the router's LAN. But this is only my opinion because i am no expert as this.... which is why i am stuck :laugh:

I figure that once i know how get the packets out of the WAN, i can then go about trying to route them over the VPN.

Thanks for listening and thanks in advance for any support!!



  • woboyle
    woboyle Posts: 501
    Hi Rich,

    Guess you aren't getting much response from here either? Sigh.

  • aka_rich
    aka_rich Posts: 5
    Correct :(

    Maybe its a bit much to read... but if i shorten it then a few gaps are created and it will then take subsequent questions and posts to fill in the gaps :S


Upcoming Training