Date: Sun, 9 Sep 2001 19:30:03 -0700 From: Nicholas Esborn <nick@netdot.net> To: freebsd-security@freebsd.org Subject: IPsec w/ gif tunnels question Message-ID: <20010909193003.A20775@flatlan.net>
next in thread | raw e-mail | index | archive | help
Hola, all. Is there any particular way to test whether a packet is successfully processed by the ipsec subsystem? I am writing a script to bring up gif tunnels between hosts communicating through transport-mode ipsec. I want to be able to see that traffic is being encrypted before setting up the tunnel. So far, I've come up with: 1) parsing SPD/SAD entries to see if any match 2) using tcpdump to watch for a packet my script sends, to verify that it is AH/ESP (ick) 3) using 'require' instead of 'use' in my SPD entries. This doesn't seem to allow racoon to communicate between machines, which doesn't surprise me. Is there some way racoon can get around this to establish keys? Thanks for any insight you may have. -nick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010909193003.A20775>