[Openswan Users] OpenSWAN and unencrypted packets

Paul Wouters paul at xelerance.com
Wed Jul 27 16:37:19 CEST 2005


On Wed, 27 Jul 2005, Gunter Ohrner wrote:

> I just transitioned from SuperFreeSWAN 1.99 to OpenSWAN 2.2 and from KLIPS
> to Linux's native IPSEC Stack.
> The problem I face now is that although an IPSEC SA with a given peer is
> established, unencrypted packets from the peer's IP address can still pass
> my box.

Perhaos you only think this, because you are running tcpdump on the host
that is running openswan with netkey?
Sniff on a machine in the middle instead.

Paul
-- 

"With Data mining, we can search specifically for clues"

--- The AIVD (The Dutch NSA) on the necessity of ISP's data retension


More information about the Users mailing list