[Openswan Users] Openswan with NETKEY and monitoring data

Mark Dalton mdalton at princeton.edu
Fri Apr 8 13:22:17 EDT 2011

Thanks!   That was my impression.   So I need to work on getting
klips working.   Back in the FreeSwan days that is how we did it
since we had ipsec0.

We were not seeing the client in the destination via tcpdump with



On 04/08/2011 01:17 PM, Paul Wouters wrote:
> On Fri, 8 Apr 2011, Mark Dalton wrote:
>> I understand that they are telling me to do this.   However again.. Back
>> to the question..
>> Is there a way I can access the traffic on my side to see the src/dst for
>> each packet going to these devices.. or redirect all traffic from them
>> over a secondary ethernet and out to the internet?
> tcpdump ?
> If using netkey you will not see the encrypted outgoing packets. But you see
> everything else. With klips, you can tcpdump the ipsec0 interface to see
> all plaintext to be crypted and tcpdump eth0 to see the crypted traffic.
> Paul

More information about the Users mailing list