[Openswan Users] Newbie and wireless home network experiments

Paul Wouters paul at xelerance.com
Thu Oct 28 11:54:45 CEST 2004

On Thu, 28 Oct 2004, Johannes Graumann wrote:

> I have succeded in setting openswan up such that communications between
> the server and the laptop are being IPSECed. If I do "ping server" on my
> laptop after starting the wireless connection below, tcpdump on the
> laptop gives me
> 23:55:11.706233 IP server > ESP(spi=0xd4e3b915,seq=0x1b)
> 23:55:11.706233 IP server > icmp 64: echo reply seq 27
> which confuses me a little: is this indicative of the packet traveling
> encrypted as well as in the clear or do I see the same packet before and
> after decryption?

No, you are using the 2.6 native ipsec stack. It does crypto properly, but
running tcpdump will show the packet before and after encrypting. The
'plaintext' packet is not getting out of your machine.

> The second question I have is: how do I set up a connection that will
> not only IPSEC the specific laptop/server traffic, but also establish an
> IPSEC pipe for the NATed traffic that reaches the laptop from the
> outside through the server?

I am not sure I understand the question. You can specify leftsubnet and
rightsubnet to create 'pipes' to tunnel subnet traffic through.


More information about the Users mailing list