[Openswan Users] Testing ipsec connection and confirming encryption

Kevin Keane subscription at kkeane.com
Tue Aug 23 15:13:14 EDT 2011


I just finished setting up ipsec between two of my servers - I think. Ipsec auto --status shows that the tunnels are up.

The problem I'm having is that I don't know how to test and confirm that the traffic really is encrypted, and that there is no "leak" of unencrypted traffic. The traffic simply travels between two public interfaces on these servers, so whether the data is encrypted or unencrypted, it would take the same route. There are no private networks behind these servers that I could use to confirm that a tunnel is working.

Both machines are running CentOS 5.6. Running pluto and the netkey stack.

Three questions:

- Is there a tool that shows me that traffic is encrypted? Something like an ipsec-aware traceroute maybe?
- Is there a way to set up iptables rules to reject all unencrypted traffic (except to ports 500 and 4500 of course)?
- Is there a nagios plugin that would let me monitor tunnel traffic, and alert me about any unexpected cleartext traffic?

Thanks!



More information about the Users mailing list