[Openswan Users] tcpdump + mtu

Paul Wouters paul at xelerance.com
Fri Oct 15 12:03:28 CEST 2004

On Wed, 13 Oct 2004, Bernd Weber wrote:

> This setup worked well with Kernel 2.4 and Freeswan 1.98b.
> I can connect - no problem with that. I can ping, however if I start tcpdump 
> on the ppp0 interface I will  see for
> each ICMP Echo/Reply pair
> 1. an encrypted outgoing packet
> 2. an decrypted incoming packet
> 3. the same decrypted incoming packet again.

Welcome to the 2.6 ipsec stack. It works, it just looks weird in tcpdump.
If you want to see no plaintext packets actually leave your machine,
sniff at the router in the middle. You will only see encrypted packets.


More information about the Users mailing list