[Openswan Users] VPN established, trafic is not encrypted

Paul Wouters paul at xelerance.com
Mon Sep 3 23:54:40 EDT 2007

On Mon, 3 Sep 2007, Ludovic MARCILLY wrote:

> I don't give my ipsec gateway 2 configuration file since it is almost the same.
> On each endpoint, i can read "IPsec SA established" so the vpn is established but i can't ping through the vpn.

what does 'ipsec verify' say?

> By using tcpdump, i have seen icmp packets going through my router. For example:
> I try to ping from a box in LAN 1 and i see icmp packets from to on router 1. I think i should not see these packets since they should be encrypted. Am i right ?

Not if you are using NETKEY and not KLIPS. Check with ipsec --version.

> How can i find why packets are not encrypted ?

Because NETKEY encrypts them after tcpdump can see the packets.


More information about the Users mailing list