From owner-freebsd-security@FreeBSD.ORG  Sat Apr 10 06:18:59 2004
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 2AFCC16A4CF
	for <freebsd-security@freebsd.org>;
	Sat, 10 Apr 2004 06:18:59 -0700 (PDT)
Received: from wildwind.hq.panda.bg (wildwind.hq.panda.bg [217.75.134.65])
	by mx1.FreeBSD.org (Postfix) with SMTP id 0E92E43D3F
	for <freebsd-security@freebsd.org>;
	Sat, 10 Apr 2004 06:18:58 -0700 (PDT)
	(envelope-from mailinglists@hq.panda.bg)
Received: (qmail 43563 invoked by uid 89); 10 Apr 2004 13:18:55 -0000
Received: from unknown (HELO NIK) (192.168.5.100)
  by wildwind.hq.panda.bg with SMTP; 10 Apr 2004 13:18:53 -0000
Date: Sat, 10 Apr 2004 16:20:06 +0300
From: Nikolay Petrov <mailinglists@hq.panda.bg>
Organization: Office 1 Superstore - Bulgaria
X-Priority: 3 (Normal)
Message-ID: <16305093.20040410162006@hq.panda.bg>
To: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>
In-Reply-To: <Pine.BSF.4.53.0404101229070.78075@e0-0.zab2.int.zabbadoz.net>
References: <1185611253.20040410151233@hq.panda.bg>
 <Pine.BSF.4.53.0404101229070.78075@e0-0.zab2.int.zabbadoz.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Virus-Scanned-wildwind: by Nik's Monitoring Daemon (parser4: AMaViS perl-11j
	- 23 Feb 2004 11:22:15 EET)
X-Virus-Scanner-Info-wildwind: Scan Engine v4.1.60, DAT files v4350 created
	Apr 08 2004
cc: freebsd-security@freebsd.org
Subject: Re[2]: IPSec debug
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: Nikolay Petrov <mailinglists@hq.panda.bg>
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 10 Apr 2004 13:18:59 -0000

Hello Bjoern,

Saturday, April 10, 2004, 3:32:36 PM, you wrote:

BAZ> On Sat, 10 Apr 2004, Nikolay Petrov wrote:

BAZ> Hi,

>> I have FreeBSD box with network interface having y.y.y.y ip address.
>> On same box i configure next ipsec ploicys to process trafic from
>> hardware ipsec enabled device.
>>
>> spdadd 0.0.0.0/0 x.x.x.x/24 any -P out ipsec
>> esp/tunnel/y.y.y.y-z.z.z.z/require;
>> spdadd x.x.x.x/24 0.0.0.0/0 any -P in ipsec
>> esp/tunnel/z.z.z.z-y.y.y.y/require;
>>
>> Is it possible to see decrypted incoming packets, and outgoing packets
>> before  are they encrypted

BAZ> IMHO no. I think OpenBSD has if_enc(4) for this.

Have this some relation to KAME project, because enc(4) interface is only
available in OpenBSD. NetBSD also have same limitation.



-- 
Best regards,
 Nikolay                            mailinglists@hq.panda.bg