[Openswan Users] bad tcpdump output of ipsec traffic
Vladimir Dvorak
dvorakv at vdsoft.org
Mon Oct 18 19:43:02 CEST 2004
Paul Wouters wrote:
> On Mon, 18 Oct 2004, Vladimir Dvorak wrote:
>
>> tcpdump -n -i ppp0:
>> 1) 00:08:15.311865 IP 160.218.214.89 > a.b.c.d:
>> ESP(spi=0xc7fb9fab,seq=0xb)
>> 2) 00:08:16.227426 IP a.b.c.d > 160.218.214.89:
>> ESP(spi=0x55b8f8aa,seq=0x6)
>> 3) 00:08:16.227426 IP 10.0.0.20 > 192.168.10.132: icmp 64: echo reply
>> seq 6
>> 4) 00:08:16.311724 IP 160.218.214.89 > a.b.c.d:
>> ESP(spi=0xc7fb9fab,seq=0xc)
>> 5) 00:08:17.275456 IP a.b.c.d > 160.218.214.89:
>> ESP(spi=0x55b8f8aa,seq=0x7)
>> 6) 00:08:17.275456 IP 10.0.0.20 > 192.168.10.132: icmp 64: echo reply
>> seq 7
>> 7) 00:08:17.311578 IP 160.218.214.89 > a.b.c.d:
>> ESP(spi=0xc7fb9fab,seq=0xd)
>>
>>
>> How can I see line 3) and 6) ? These lines should be on ppp0 in
>> encrypted
>
>
> Welkom to the 2.6 native ipsec stack. It's normal. Use a router in the
> middle to confirm that indeed those packets do not leave your box
> unencrypted.
>
> Paul
>
Thank you Paul.
Vladimir
More information about the Users
mailing list