IPSec debug
Nikolay Petrov
mailinglists at hq.panda.bg
Sat Apr 10 06:18:59 PDT 2004
Hello Bjoern,
Saturday, April 10, 2004, 3:32:36 PM, you wrote:
BAZ> On Sat, 10 Apr 2004, Nikolay Petrov wrote:
BAZ> Hi,
>> I have FreeBSD box with network interface having y.y.y.y ip address.
>> On same box i configure next ipsec ploicys to process trafic from
>> hardware ipsec enabled device.
>>
>> spdadd 0.0.0.0/0 x.x.x.x/24 any -P out ipsec
>> esp/tunnel/y.y.y.y-z.z.z.z/require;
>> spdadd x.x.x.x/24 0.0.0.0/0 any -P in ipsec
>> esp/tunnel/z.z.z.z-y.y.y.y/require;
>>
>> Is it possible to see decrypted incoming packets, and outgoing packets
>> before are they encrypted
BAZ> IMHO no. I think OpenBSD has if_enc(4) for this.
Have this some relation to KAME project, because enc(4) interface is only
available in OpenBSD. NetBSD also have same limitation.
--
Best regards,
Nikolay mailinglists at hq.panda.bg
More information about the freebsd-security
mailing list