[Openswan Users] 2.6.24rc3 (klips) tcpdump on ipsec interface

Ruben Laban r.laban at ism.nl
Sat Nov 21 04:21:06 EST 2009

On Saturday 21 November 2009 at 08:53 (CET), Sven Schiwek wrote:
> I'm testing Openswan 2.6.24rc3 (klips). tcpdump shows my only this  
> garbage "(oui Unknown)" on the ipsec interface I believe this is not  
> right.
> Do I have to note special things to use tcpdump on an ipsec interface?

It's a known bug. The first 2 octects of the source address get cut off, 
making the (rest of the) data look like garbage. There's no workaround as of 
yet, and the fix is hiding somewhere in the git commits at the time of the 
migration to 2.6.x. It's pretty much searching for a needle in a haystack to 
pinpoint its location though.


Ruben Laban
Systems and Network Administrator
ISM eCompany

More information about the Users mailing list