[strongSwan] FW: Is that a security Issue?

Tobias Brunner tobias at strongswan.org
Mon Sep 20 10:33:50 CEST 2010

Hi Michalle,

> there will be a plain text of ICMP echo request (which decrypyt the
> orignial ESP packet from my implementation) in the network.

You didn't write on which host you captured the packets with Wireshark.  If it
was on the same host on which strongSwan was running then this behavior is
normal.  It is a quirk of the Linux kernel that for incoming traffic both the
ESP packet and the decrypted payload are captured and that for outgoing traffic
only encrypted ESP packets are visible.


More information about the Users mailing list