[Openswan Users] OpenSwan won't Encapsulate my Packets
Markus Ewald
cygon at nuclex.org
Thu Dec 9 04:25:19 EST 2010
On 12/9/2010 2:51 AM, Paul Wouters wrote:
> On Thu, 9 Dec 2010, Markus Ewald wrote:
>
>>> Usually a NAT or firewall issue
>> How can I debug this?
> By temporarilly disabling it?
Already attempted that, no change in behavior.
>>> If using NETKEY, your tcpdump will not be able to see outgoing
>>> encrypted
>>> packets.
>> How can I find out? I grepped my kernel .config, but neither klips or
>> netkey appear in it.
> ipsec --version (when openswan is running)
Checked. Yes I'm using netkey. But see the next paragraph...
>> Still, if the second tcpdump command prints the packet, that means
>> they're not being picked up by OpenSwan or am I mistaken here?
> second tcpdump? With netkey you dont see the outgoing encrypted packets.
second tcpdump *command*. I posted two tcpdump command lines:
- The first captured all ah, esp and udp port 500/4500 packets. Nothing
popped up there.
- The second captured all icmp packets leaving ppp0. What that I watched
pings to 192.168.248.0 travel unencapsulated to my ISP.
My interpretation of that observation is that OpenSwan doesn't capture
and encapsulate the packets for some reason.
>
> Paul
-Markus-
More information about the Users
mailing list