[Openswan Users] tcpdump no outgoing traffic over VPN

alexk alexk at coolsigns.mobi
Wed Jan 4 08:40:10 EST 2017

Hello Joe,

Thank you for your reply. In my case (given the kernel) I understand 
that the suggested solution would be:

 1. To send the data from one interface to another interface on the same
 2. To setup forwarding of data from that second interface to your
 3. configure the ip address of the second interface in the security
    policy to create the tunnel on the second interface.

a) How exactly can I do the above using IP tables?

b) If I configure the IP address of the second interface to create the 
tunnel would I have to let the other party of the VPN end of the new IP? 
If yes then this is not a feasible option for my case.



On 01/04/2017 03:31 PM, Madden, Joe wrote:
> Hi Alexk,
> Its normal not to see any outgoing packets for IPsec.
> The packets an encapsulated before they reach the interface as a 
> result you can only see ESP/NAT-T packets exiting the interface.
> http://stackoverflow.com/questions/21931614/how-to-see-outgoing-esp-packets-in-tcpdump-before-they-get-encrypted
> Joe
> *From:*Users [mailto:users-bounces at lists.openswan.org] *On Behalf Of 
> *alexk
> *Sent:* 04 January 2017 13:18
> *To:* users at lists.openswan.org
> *Subject:* [Openswan Users] tcpdump no outgoing traffic over VPN
> Hello to all and happy new year.
> I am trying to acquire a tcp dump in a pcap file using the following 
> command:
> /sudo tcpdump -s 0 host HOST_IP -i eth0 -w tcpdump_test.pcap/
> The OS is /_Ubuntu 14.04_/ server edition with the 
> */3.13.0-92-generic/* kernel running on an AWS instance.
> I am able to capture incoming traffic from the host to my server but 
> when I download the pcap file and open it in Wireshark I do not see 
> the outgoing traffic (neither ESP packets nor clear text).
> I have tried to use  nflog as described in 
> (https://wiki.strongswan.org/projects/strongswan/wiki/CorrectTrafficDump) 
> but it seems that nflog is not included with the Ubuntu kernel. I am 
> unable to find a way to see outgoing traffic towards the host in question.
> Can anyone please suggest a solution?
> Thank you in advance
> Alex

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openswan.org/pipermail/users/attachments/20170104/c47e0437/attachment-0001.html>

More information about the Users mailing list