[Openswan Users] tcpdump + mtu
Paul Wouters
paul at xelerance.com
Fri Oct 15 12:03:28 CEST 2004
On Wed, 13 Oct 2004, Bernd Weber wrote:
> This setup worked well with Kernel 2.4 and Freeswan 1.98b.
>
> I can connect - no problem with that. I can ping, however if I start tcpdump
> on the ppp0 interface I will see for
> each ICMP Echo/Reply pair
>
> 1. an encrypted outgoing packet
> 2. an decrypted incoming packet
> 3. the same decrypted incoming packet again.
Welcome to the 2.6 ipsec stack. It works, it just looks weird in tcpdump.
If you want to see no plaintext packets actually leave your machine,
sniff at the router in the middle. You will only see encrypted packets.
Paul
More information about the Users
mailing list