[Openswan Users] IPSEC tunnels

Jason Sigurdur jason.sigurdur at ASPENVIEW.ORG
Tue Jan 4 14:42:01 CET 2005

Hi, how does one verify if ipsec tunnels are up on 26sec setup? Is there any
thing similar to klips style 'ipsec eroute'?

Secondly, while dumping traffic stats on my externel interface 'tcpdump -I
eth0 ip proto 50' for ESP packets, I noticed that for every encrypted packet
is a unencrypted packet? For example:[]===============[]----

Ping from -->
Take a traffic dump at on external interface; I would see:

 1.117253 ->   ESP ESP (SPI=0xff358ff1)
  1.117253 ->     ICMP Echo (ping) request
  1.117494 ->  ESP ESP (SPI=0xa505d09e)

What is happening here?

Thx jason

More information about the Users mailing list