Hi Michalle, > I have other question about this. Why it only happens when the ESP > protects a Tunnel mode IP traffic. > I have never seen that plain text under the transport model.
Yes, this only happens with tunnel mode. I don't know the exact reason for it, it's probably just a side effect of how tunnel mode is implemented in the kernel. > And also does that means the the Linux Kernal knows the SA Key which > established between Strongswan and my implementation, otherwise > how it could decrypt the ESP packet. That's exactly how it works. All the IPsec traffic (ESP/AH) is directly handled by the Linux kernel. strongSwan just acts as a keying daemon that operates in userland and writes the keys it establishes via IKE to the Linux kernel using Netlink/XFRM or PF_KEY. To see the SAs and keys that are currently configured in the kernel you can also use the 'ip xfrm state' command. Regards, Tobias _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users