[strongSwan] FW: Is that a security Issue?
tobias at strongswan.org
Tue Sep 21 09:25:48 CEST 2010
> I have other question about this. Why it only happens when the ESP
> protects a Tunnel mode IP traffic.
> I have never seen that plain text under the transport model.
Yes, this only happens with tunnel mode. I don't know the exact reason for it,
it's probably just a side effect of how tunnel mode is implemented in the kernel.
> And also does that means the the Linux Kernal knows the SA Key which
> established between Strongswan and my implementation, otherwise
> how it could decrypt the ESP packet.
That's exactly how it works. All the IPsec traffic (ESP/AH) is directly handled
by the Linux kernel. strongSwan just acts as a keying daemon that operates in
userland and writes the keys it establishes via IKE to the Linux kernel using
Netlink/XFRM or PF_KEY. To see the SAs and keys that are currently configured
in the kernel you can also use the 'ip xfrm state' command.
More information about the Users