> Can you share the "ipsec traffic" output after doing a few pings over > the tunnel? I have a feeling you might not actually have a plaintext > leak, you just think you do because of the way tcpdump hooks into > the kernel network/ipsec stack.
Actually, I did check this one. To be on the safe side, I did even both $ ping srv.pp.uu.bb (getting responses in plaintext, most likely not from the server itself, but rather from the NATting router as ICMP is not forwarded) and $ ping srv.ii.nn.tt (getting no response, I assume that packets get out in clear and get dropped aftterwards as they are intended for an RFC1918 host) After giving each of the two a minute or so, the output of the following # ipsec traffic on the roadwarrior is as expected: 006 #2: "main"[1] srv.pp.uu.bb, type=ESP, add_time=1715065841, inBytes=0, outBytes=0, maxBytes=2^63B, id='C=ZZ, O=Privlan, CN=server.privlan' Phil _______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
