[Openswan Users] RHEL guides
Norman Rasmussen
normanr at gmail.com
Mon Jun 6 19:21:02 CEST 2005
Yea, pity
On 06/06/05, Paul Wouters <paul at xelerance.com> wrote:
> On Mon, 6 Jun 2005, Norman Rasmussen wrote:
>
> >> Since with NETKEY, you can't reliably look at the data with tcpdump, since netkey hooks into
> >> the networking stack past the point where tcpdump can look.
> >>
> > Maybe it should be added to the comment, that you should run the
> > tcpdump process on a machine that is between the endpoints, and is not
> > involved in the ipsec tunnel, but just has to route it.
>
> Unfortunateloy, almost all IPsec machines are the public IP machine people
> have, and the next hop is their ISP, so unless you're using a hub on your
> uplink to your ISP (provided it is not like PPOE or PPTP) this becomes
> impossible.
>
> Paul
>
--
- Norman Rasmussen
- Email: norman at rasmussen.co.za
- Home page: http://norman.rasmussen.co.za/
More information about the Users
mailing list