[Openswan Users] tcpdump no outgoing traffic over VPN

Madden, Joe Joe.Madden at mottmac.com
Wed Jan 4 08:31:46 EST 2017

Hi Alexk,

Its normal not to see any outgoing packets for IPsec.

The packets an encapsulated before they reach the interface as a result you can only see ESP/NAT-T packets exiting the interface.



From: Users [mailto:users-bounces at lists.openswan.org] On Behalf Of alexk
Sent: 04 January 2017 13:18
To: users at lists.openswan.org
Subject: [Openswan Users] tcpdump no outgoing traffic over VPN

Hello to all and happy new year.

I am trying to acquire a tcp dump in a pcap file using the following command:

sudo tcpdump -s 0 host HOST_IP -i eth0 -w tcpdump_test.pcap

The OS is Ubuntu 14.04 server edition with the 3.13.0-92-generic kernel running on an AWS instance.

I am able to capture incoming traffic from the host to my server but when I download the pcap file and open it in Wireshark I do not see the outgoing traffic (neither ESP packets nor clear text).

I have tried to use  nflog as described in (https://wiki.strongswan.org/projects/strongswan/wiki/CorrectTrafficDump) but it seems that nflog is not included with the Ubuntu kernel. I am unable to find a way to see outgoing traffic towards the host in question.

Can anyone please suggest a solution?

Thank you in advance


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20170104/4b38697f/attachment.html>

More information about the Users mailing list