[Openswan Users] Decrypt ESP packets with wireshark for tunnel mode (Openswan)

Willie Gillespie wgillespie+openswan at es2eng.com
Tue Nov 16 21:51:39 EST 2010

Paul Wouters wrote:
> The other way around :) Outoging you cannot see the encrypted packets. 
> Incoming
> you see both encrypted and decrypted, and they both appear to come from 
> the same "source" mightilly confusing rp_filter so you're forced to do 
> nasty
> MARKing.

Paul is right about the incoming/outgoing.  I would disagree that you 
are forced to do any MARKing though -- I don't have to use any MARKs. 
Policy matching in iptables is your friend here.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6456 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.openswan.org/pipermail/users/attachments/20101116/f08ab012/attachment.bin 

More information about the Users mailing list