[strongSwan] local traffic inspection on strongswan endpoint, how?

[Andreas Schuldei]

hi!

i seem to remember that the ipsec implementation on openbsd provided a
virtual interface where i could connect with tcpdump and see all the
decrypted traffic to/from the host.

how can i do something similar with strongswan? any cool iptables
tricks to get to the decrypted traffic? permissions are not a problem,
i am root! :-)

/andreas