Date: Sat, 10 Apr 2004 16:20:06 +0300 From: Nikolay Petrov <mailinglists@hq.panda.bg> To: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> Cc: freebsd-security@freebsd.org Subject: Re[2]: IPSec debug Message-ID: <16305093.20040410162006@hq.panda.bg> In-Reply-To: <Pine.BSF.4.53.0404101229070.78075@e0-0.zab2.int.zabbadoz.net> References: <1185611253.20040410151233@hq.panda.bg> <Pine.BSF.4.53.0404101229070.78075@e0-0.zab2.int.zabbadoz.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello Bjoern, Saturday, April 10, 2004, 3:32:36 PM, you wrote: BAZ> On Sat, 10 Apr 2004, Nikolay Petrov wrote: BAZ> Hi, >> I have FreeBSD box with network interface having y.y.y.y ip address. >> On same box i configure next ipsec ploicys to process trafic from >> hardware ipsec enabled device. >> >> spdadd 0.0.0.0/0 x.x.x.x/24 any -P out ipsec >> esp/tunnel/y.y.y.y-z.z.z.z/require; >> spdadd x.x.x.x/24 0.0.0.0/0 any -P in ipsec >> esp/tunnel/z.z.z.z-y.y.y.y/require; >> >> Is it possible to see decrypted incoming packets, and outgoing packets >> before are they encrypted BAZ> IMHO no. I think OpenBSD has if_enc(4) for this. Have this some relation to KAME project, because enc(4) interface is only available in OpenBSD. NetBSD also have same limitation. -- Best regards, Nikolay mailinglists@hq.panda.bg
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?16305093.20040410162006>