From owner-freebsd-security@FreeBSD.ORG Sat Apr 10 05:11:25 2004 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id F2AEF16A4CE for ; Sat, 10 Apr 2004 05:11:24 -0700 (PDT) Received: from wildwind.hq.panda.bg (wildwind.hq.panda.bg [217.75.134.65]) by mx1.FreeBSD.org (Postfix) with SMTP id D829643D39 for ; Sat, 10 Apr 2004 05:11:23 -0700 (PDT) (envelope-from mailinglists@hq.panda.bg) Received: (qmail 42100 invoked by uid 89); 10 Apr 2004 12:11:23 -0000 Received: from unknown (HELO NIK) (192.168.5.100) by wildwind.hq.panda.bg with SMTP; 10 Apr 2004 12:11:21 -0000 Date: Sat, 10 Apr 2004 15:12:33 +0300 From: Nikolay Petrov Organization: Office 1 Superstore - Bulgaria X-Priority: 3 (Normal) Message-ID: <1185611253.20040410151233@hq.panda.bg> To: freebsd-security@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Virus-Scanned-wildwind: by Nik's Monitoring Daemon (parser4: AMaViS perl-11j - 23 Feb 2004 11:22:15 EET) X-Virus-Scanner-Info-wildwind: Scan Engine v4.1.60, DAT files v4350 created Apr 08 2004 Subject: IPSec debug X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Nikolay Petrov List-Id: Security issues [members-only posting] List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 10 Apr 2004 12:11:25 -0000 Hi, I have FreeBSD box with network interface having y.y.y.y ip address. On same box i configure next ipsec ploicys to process trafic from hardware ipsec enabled device. spdadd 0.0.0.0/0 x.x.x.x/24 any -P out ipsec esp/tunnel/y.y.y.y-z.z.z.z/require; spdadd x.x.x.x/24 0.0.0.0/0 any -P in ipsec esp/tunnel/z.z.z.z-y.y.y.y/require; Is it possible to see decrypted incoming packets, and outgoing packets before are they encrypted -- Best regards, Nikolay mailinglists@hq.panda.bg