[Openswan Users] IPSEC tunnels
Jason Sigurdur
jason.sigurdur at ASPENVIEW.ORG
Tue Jan 4 14:42:01 CET 2005
Hi, how does one verify if ipsec tunnels are up on 26sec setup? Is there any
thing similar to klips style 'ipsec eroute'?
Secondly, while dumping traffic stats on my externel interface 'tcpdump -I
eth0 ip proto 50' for ESP packets, I noticed that for every encrypted packet
is a unencrypted packet? For example:
10.0.0.1/24----[192.168.0.1]===============[192.168.0.2]----10.1.0.1/24
Ping from 10.0.0.1 --> 10.1.0.1.
Take a traffic dump at 192.168.0.2 on external interface; I would see:
1.117253 192.168.0.1 -> 192.168.0.2 ESP ESP (SPI=0xff358ff1)
1.117253 10.0.0.1 -> 10.1.0.1 ICMP Echo (ping) request
1.117494 192.168.0.2 -> 192.168.0.1 ESP ESP (SPI=0xa505d09e)
What is happening here?
Thx jason
More information about the Users
mailing list