[Openswan Users] IPSEC tunnels

Paul Wouters paul at xelerance.com
Wed Jan 5 00:54:02 CET 2005

On Tue, 4 Jan 2005, Jason Sigurdur wrote:

> Hi, how does one verify if ipsec tunnels are up on 26sec setup? Is there any
> thing similar to klips style 'ipsec eroute'?

setkey -D and setkey -P -D

> Secondly, while dumping traffic stats on my externel interface 'tcpdump -I
> eth0 ip proto 50' for ESP packets, I noticed that for every encrypted packet
> is a unencrypted packet? For example:

That's a side effect of how NETKEY hooks into the networking stack. The
unencrypted packets do not leave your machine however. So it is normal.


More information about the Users mailing list