Hi, I have FreeBSD box with network interface having y.y.y.y ip address. On same box i configure next ipsec ploicys to process trafic from hardware ipsec enabled device. spdadd 0.0.0.0/0 x.x.x.x/24 any -P out ipsec esp/tunnel/y.y.y.y-z.z.z.z/require; spdadd x.x.x.x/24 0.0.0.0/0 any -P in ipsec esp/tunnel/z.z.z.z-y.y.y.y/require; Is it possible to see decrypted incoming packets, and outgoing packets before are they encrypted -- Best regards, Nikolay mailinglists@hq.panda.bg
On Sat, 10 Apr 2004, Nikolay Petrov wrote: Hi,> I have FreeBSD box with network interface having y.y.y.y ip address. > On same box i configure next ipsec ploicys to process trafic from > hardware ipsec enabled device. > > spdadd 0.0.0.0/0 x.x.x.x/24 any -P out ipsec esp/tunnel/y.y.y.y-z.z.z.z/require; > spdadd x.x.x.x/24 0.0.0.0/0 any -P in ipsec esp/tunnel/z.z.z.z-y.y.y.y/require; > > Is it possible to see decrypted incoming packets, and outgoing packets > before are they encryptedIMHO no. I think OpenBSD has if_enc(4) for this. -- Bjoern A. Zeeb bzeeb at Zabbadoz dot NeT 56 69 73 69 74 http://www.zabbadoz.net/
Hello Bjoern, Saturday, April 10, 2004, 3:32:36 PM, you wrote: BAZ> On Sat, 10 Apr 2004, Nikolay Petrov wrote: BAZ> Hi,>> I have FreeBSD box with network interface having y.y.y.y ip address. >> On same box i configure next ipsec ploicys to process trafic from >> hardware ipsec enabled device. >> >> spdadd 0.0.0.0/0 x.x.x.x/24 any -P out ipsec >> esp/tunnel/y.y.y.y-z.z.z.z/require; >> spdadd x.x.x.x/24 0.0.0.0/0 any -P in ipsec >> esp/tunnel/z.z.z.z-y.y.y.y/require; >> >> Is it possible to see decrypted incoming packets, and outgoing packets >> before are they encryptedBAZ> IMHO no. I think OpenBSD has if_enc(4) for this. Have this some relation to KAME project, because enc(4) interface is only available in OpenBSD. NetBSD also have same limitation. -- Best regards, Nikolay mailinglists@hq.panda.bg