[Openswan Users] RHEL guides

Paul Wouters paul at xelerance.com
Mon Jun 6 18:57:18 CEST 2005


On Mon, 6 Jun 2005, Norman Rasmussen wrote:

>> Since with NETKEY, you can't reliably look at the data with tcpdump, since netkey hooks into
>> the networking stack past the point where tcpdump can look.
>>
> Maybe it should be added to the comment, that you should run the
> tcpdump process on a machine that is between the endpoints, and is not
> involved in the ipsec tunnel, but just has to route it.

Unfortunateloy, almost all IPsec machines are the public IP machine people
have, and the next hop is their ISP, so unless you're using a hub on your
uplink to your ISP (provided it is not like PPOE or PPTP) this becomes
impossible.

Paul


More information about the Users mailing list