First of all, I have no real clue. It sound weird. But maybe I can help
you at least with that one:
Am Donnerstag, den 11.12.2014, 16:13 +0000 schrieb Zé Loff:
> However, if I try to do something like "ping -c 1 www_lan.foo.bar" (or
> e.g. ssh) I can see the packets with the DNS request pass through enc0
> on the tunnel (and on the physical interface too) but nothing traffic
> shows up on enc0 on the other endpoint (I do believe they show up on
> the
> physical interface on that end, but my tcpdump foo isn't good enough
> to
> be sure).
You can get the IPsec SA SPIs and keys with the "ipsecctl -k -sa"
command.
Feed them into tcpdump with "-E espalg:espkey" (please read the man
page, before you do so). Wireshark may also decrypt your stream via the
ESP protocol settings.
-dd
--
David Dahlberg
Fraunhofer FKIE, Dept. Communication Systems (KOM) | Tel: +49-228-9435-845
Fraunhoferstr. 20, 53343 Wachtberg, Germany | Fax: +49-228-856277
