[Openswan Users] OpenSWAN and unencrypted packets
paul at xelerance.com
Wed Jul 27 16:37:19 CEST 2005
On Wed, 27 Jul 2005, Gunter Ohrner wrote:
> I just transitioned from SuperFreeSWAN 1.99 to OpenSWAN 2.2 and from KLIPS
> to Linux's native IPSEC Stack.
> The problem I face now is that although an IPSEC SA with a given peer is
> established, unencrypted packets from the peer's IP address can still pass
> my box.
Perhaos you only think this, because you are running tcpdump on the host
that is running openswan with netkey?
Sniff on a machine in the middle instead.
"With Data mining, we can search specifically for clues"
--- The AIVD (The Dutch NSA) on the necessity of ISP's data retension
More information about the Users