Hello, In the past I've used FreeS/WAN for making ipsec tunnels. Currently, I'm using the 2.6 kernel ipsec with racoon etc. However, with FreeS/WAN it was possible to tcpdump on interface ipsec0 to see all the unencrypted traffic, and tcpdump on (for example) eth0 to see all the encrypted traffic. Is there a way to accomplish the same with the 2.6-kernel? There is no ipsec0-device anymore, and tcpdumping on the interface itself yields an interesting mix of encrypted and unencrypted packets. Outgoing packets seem to be encrypted only, and incoming packets seem to be duplicated: both encrypted and unencrypted packets appear in the dumps. For me this was quite confusing: at first I thought that the system on the other side was not encrypting the packets. However, when tcpdumping on the other side the situation was reversed. So I assumed it was 'normal' behaviour for 2.6, but I find it kind of weird. Also, when debugging network problems it is annoying that I cannot see the unencrypted traffic anymore... Why exactly does the kernel exhibit this weird behaviour, and is there a way to watch the unencrypted traffic, without turning off ipsec? Regards, Michel. -- Michel Wilson michel@crondor.net PGP key ID 0xD2CB4B7E
Attachment:
pgpra4TlqGUEj.pgp
Description: PGP signature
