[Openswan Users] [Openswan dev] Obtaining unencrypted stream

Paul Wouters paul at xelerance.com
Thu Nov 22 22:29:27 EST 2007


On Fri, 23 Nov 2007, Wallakazoo wrote:

> Yup, that's what I want to do but I from what I understand, openswan
> doesn't have another "ipsecX" interface. How should I go about
> accessing/enabling the ipsecX interface?
>
> I've tried using my own tun/tap interfaces but things got really messy
> after awhile.

If you use the KLIPS ipsec stack, you do.

export KERNELSRC=/lib/modules/`uname -r`/build
(or wherever your kernel source is)
cd openswan-2.x.y
make module module_install
rmmod af_key
rmmod esp4
modprobe ipsec

Paul

> Thanks again.
>
> On Nov 23, 2007 4:08 AM, Paul Wouters <paul at xelerance.com> wrote:
> >
> > On Fri, 23 Nov 2007, Wallakazoo wrote:
> >
> > > I'm currently doing some experimentation and analysis on IPsec
> > > traffic. I was wondering whether it would be possible to obtain the
> > > unencrypted packets from the kernel before they are encrypted and sent
> > > out an interface.
> > >
> > > I hope to be able to do some comparisons between the encrypted and
> > > unencrypted streams.
> >
> > Using klips, you can sniff on ipsecX for plaintext, and ethX for
> > crypted text.
> >
> > Paul
> >
>

-- 
Building and integrating Virtual Private Networks with Openswan:
http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155


More information about the Users mailing list