Akhil Jain wrote: > Hi , > > I read somewhere that : > IPsec will be loaded if /etc/inet/ipsecinit.conf exists. And in my system > this file doesn't exist. So Just wanted to confirm that IPsec is running or > not. Please help.
By saying 'IPsec will be loaded' I guess you mean the IPsec kernel modules to be linked and loaded into kernel space. If you touch PF_KEY or PF_POLICY socket this will make the modules to be loaded, yes. > Moreover when i did modinfo | grep ipsec then it shows: > 102 7bada000 68a0 141 1 ipsecesp (IPsec ESP STREAMS driver 1.14) > 102 7bada000 68a0 - 1 ipsecesp (IPsec ESP STREAMS module 1.14) > 103 1344660 e270 140 1 ipsecah (IPsec AH STREAMS driver 1.14) > 103 1344660 e270 - 1 ipsecah (IPsec AH STREAMS module 1.14) > > But when i captured IP packets with help of snoop they didn't have any AH or > ESP header in them. > > So is it a possibility that IPSec modules are loaded in kernel but still not > running ? IPsec processing is only done on packets matching the configured policy (global or per-port). v.