[Openswan Users] OpenSwan won't Encapsulate my Packets
cygon at nuclex.org
Thu Dec 9 04:25:19 EST 2010
On 12/9/2010 2:51 AM, Paul Wouters wrote:
> On Thu, 9 Dec 2010, Markus Ewald wrote:
>>> Usually a NAT or firewall issue
>> How can I debug this?
> By temporarilly disabling it?
Already attempted that, no change in behavior.
>>> If using NETKEY, your tcpdump will not be able to see outgoing
>> How can I find out? I grepped my kernel .config, but neither klips or
>> netkey appear in it.
> ipsec --version (when openswan is running)
Checked. Yes I'm using netkey. But see the next paragraph...
>> Still, if the second tcpdump command prints the packet, that means
>> they're not being picked up by OpenSwan or am I mistaken here?
> second tcpdump? With netkey you dont see the outgoing encrypted packets.
second tcpdump *command*. I posted two tcpdump command lines:
- The first captured all ah, esp and udp port 500/4500 packets. Nothing
popped up there.
- The second captured all icmp packets leaving ppp0. What that I watched
pings to 192.168.248.0 travel unencapsulated to my ISP.
My interpretation of that observation is that OpenSwan doesn't capture
and encapsulate the packets for some reason.
More information about the Users