[strongSwan] FW: Is that a security Issue?

michalle OY michalle_oy at hotmail.com
Tue Sep 21 08:40:11 CEST 2010


Thanks for you clarification. 

Yes, I use the Wireshark located at the same machine with StrongSwan.

I have other question about this. Why it only happens when the ESP protects a Tunnel mode IP traffic. 

I have never seen that plain text under the transport model. And also does that means the

the Linux Kernal knows the SA Key which established between Strongswan and my implementation, otherwise

how it could decrypt the ESP packet.



> Date: Mon, 20 Sep 2010 10:33:50 +0200
> From: tobias at strongswan.org
> To: michalle_oy at hotmail.com
> CC: users at lists.strongswan.org
> Subject: Re: [strongSwan] FW: Is that a security Issue?
> Hi Michalle,
> > there will be a plain text of ICMP echo request (which decrypyt the
> > orignial ESP packet from my implementation) in the network.
> You didn't write on which host you captured the packets with Wireshark. If it
> was on the same host on which strongSwan was running then this behavior is
> normal. It is a quirk of the Linux kernel that for incoming traffic both the
> ESP packet and the decrypted payload are captured and that for outgoing traffic
> only encrypted ESP packets are visible.
> Regards,
> Tobias
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20100921/f8040b7f/attachment.html>

More information about the Users mailing list