[Openswan Users] RHEL guides

Norman Rasmussen normanr at gmail.com
Mon Jun 6 19:21:02 CEST 2005


Yea, pity

On 06/06/05, Paul Wouters <paul at xelerance.com> wrote:
> On Mon, 6 Jun 2005, Norman Rasmussen wrote:
> 
> >> Since with NETKEY, you can't reliably look at the data with tcpdump, since netkey hooks into
> >> the networking stack past the point where tcpdump can look.
> >>
> > Maybe it should be added to the comment, that you should run the
> > tcpdump process on a machine that is between the endpoints, and is not
> > involved in the ipsec tunnel, but just has to route it.
> 
> Unfortunateloy, almost all IPsec machines are the public IP machine people
> have, and the next hop is their ISP, so unless you're using a hub on your
> uplink to your ISP (provided it is not like PPOE or PPTP) this becomes
> impossible.
> 
> Paul
> 


-- 
- Norman Rasmussen
 - Email: norman at rasmussen.co.za
 - Home page: http://norman.rasmussen.co.za/


More information about the Users mailing list