[Openswan Users] Questions from a beginner ;)
Toby Corkindale
openswan at wintrmute.net
Fri Aug 20 16:03:38 CEST 2004
On Fri, Aug 20, 2004 at 03:52:01PM +0200, Paul Wouters wrote:
> On Fri, 20 Aug 2004, Toby Corkindale wrote:
>
> > Note that you can still categorise the traffic from a firewall point of view
> > on 2.6, but that you can't use tcpdump to view both.
> > ie. on 2.4 you can do
> > tcpdump -i ppp0 # views encrypted traffic
> > and
> > tcpdump -i ipsec0 # views unencrypted traffic
>
> right.
>
> > but on 2.6, you can only do
> > tcpdump -i ppp0 # views encrypted traffic
>
> And incoming decrypted traffic, but not outgoing before-crypting traffic.
> So this makes firewalling very difficult.
Debugging harder, yes, but the actual firewalling is OK, I believe?
tjc
--
Turning and turning in the widening gyre/The falcon cannot hear the falconer;
Things fall apart, the centre cannot hold/Mere anarchy is loosed upon the world
(gpg --keyserver www.co.uk.pgp.net --recv-key 897E5FF3)
More information about the Users
mailing list