As an example, let us assume that we have an Openswan-Openswan connection, where we have got IKE working fine, so we see an IPsec SA established, but when we try to use this IPsec connection, all packets seem to get lost.
We will use tcpdump
to look at the network, but one could also use ethereal
or tethereal
in more or less the same way, since they also use libpcap
, and therefore use the same expressions.
In general, tcpdump
needs to run as root. Some distributions have customized versions of tcpdump
, including options that mean the opposite from those in the official tcpdump
package from tcpdump.org
. If an option does not work for you, and the man page is no help, try to install tcpdump
and libpcap
from the original source yourself.
In our examples, we will assume that eth0
is the internal interface, and eth1
is the external interface. If PPPoE or PPTP is involved, then one should dump on the ppp0
interface rather than the eth1
interface: this will permit the...