[Openswan Users] Decrypt ESP packets with wireshark for tunnel mode (Openswan)
Kevin Wilson
wkevils at gmail.com
Sat Nov 13 04:32:31 EST 2010
Hi,
This is my last question for the next month , promise :-)
In fact, I would appreciate if someone can answer this simple question
which can save me wasted efforts: what is the default algorithm used
with ESP with Openswan (tunnel mode)?
is it one of the following:
des-cbc, 3des-cbc, blowfish-cbc, rc3-cbc, cast128-cbc, or none?
For example, I am using a very simple /etc/ipsec.conf file , like this:
#/etc/ipsec.conf
version 2.0
config setup
protostack="netkey"
conn host-to-host
type=tunnel
authby=secret
left=192.168.1.196
right=192.168.1.12
auto=start
Rgs,
Kevin
On Sat, Nov 13, 2010 at 12:02 AM, Paul Wouters <paul at xelerance.com> wrote:
> On Fri, 12 Nov 2010, Michael Richardson wrote:
>
>> The reasons, btw, for Perfect Forward Secrecy, is so that when such a
>> thing as the keys are disclosed as above, that the disclosure only
>> reveals one period of traffic, not all traffic that follows.
>
> And all captured traffic of the past....
>
> Paul
>
More information about the Users
mailing list