[Openswan Users] Openswan with L2TP/IPsec

Kevin Wilson wkevils at gmail.com
Sat Dec 18 06:02:50 EST 2010


Hi,
I sniff with wireshark in the interface on which 192.168.0.10
I sniff all the traffic without any filter such as destination or source.
I don't see any ESP packets. I expected some ESP traffic.

I suspected that something is wrong with the setup as described in
my post, but it seems to me that there is no error there.
So I am still confused and do not know what is wrong here
and why don't I see ESP packets at all.
Any idea?

Regards,
Kevin

On Fri, Dec 17, 2010 at 9:21 PM, Paul Wouters <paul at xelerance.com> wrote:
> On Fri, 17 Dec 2010, Kevin Wilson wrote:
>
>> I tried to test a simple scenario of Openswan with L2TP/IPsec (of the
>> openl2tp project) in a lab.
>
>>        protostack="netkey"
>
>> I expected the traffic from .192.168.0.10, to 192.168.0.20 to be ESP
>> encrypted, as a result
>> of using Openswan with the /etc/ipsec.conf above, but sniffing
>> with wireshark shows it is not. Any idea why ?
>
> You know netkey has limitations with tcpdump? You can not sniff outgoing
> encrypted packets. So verify on both ends that you see incoming crypted
> packets.
>
> Paul
>


More information about the Users mailing list