[Openswan Users] VPN established, trafic is not encrypted
paul at xelerance.com
Mon Sep 3 23:54:40 EDT 2007
On Mon, 3 Sep 2007, Ludovic MARCILLY wrote:
> I don't give my ipsec gateway 2 configuration file since it is almost the same.
> On each endpoint, i can read "IPsec SA established" so the vpn is established but i can't ping through the vpn.
what does 'ipsec verify' say?
> By using tcpdump, i have seen icmp packets going through my router. For example:
> I try to ping 192.168.4.194 from a box in LAN 1 and i see icmp packets from 192.168.8.193 to 192.168.4.194 on router 1. I think i should not see these packets since they should be encrypted. Am i right ?
Not if you are using NETKEY and not KLIPS. Check with ipsec --version.
> How can i find why packets are not encrypted ?
Because NETKEY encrypts them after tcpdump can see the packets.
More information about the Users