[Openswan Users] Decrypt ESP packets with wireshark for tunnel mode (Openswan)

Paul Wouters paul at xelerance.com
Fri Nov 12 12:15:57 EST 2010

On Fri, 12 Nov 2010, Kevin Wilson wrote:

> I want to be able to decrypt ESP packets which are sent with openswan IPsec
> client in tunnel mode with wireshark.

I know you can with tcpdump -E. See the man page for -E

> What should I add in /etc/ipsec.conf so that I can use wireshark to sniff
> traffic ?

You should not need anything. Though make sure pfs=no

Note with KLIPS, there is debugging within the stack, so instead of sniffing
you can just run ipsec klipsdebug --all and then send a packet and check dmesg.


More information about the Users mailing list