[strongSwan] local traffic inspection on strongswan endpoint, how?

Andreas Schuldei schuldei+strongswan at spotify.com
Sun Mar 25 16:35:44 CEST 2012

i just learned that the tcpdump -E option can do something like what i want.

we use our own local certs and let strongswan figure out its keys with
ikev2 from there:

we use this:


but in my tcpdump man page aes is omitted from the list of supported cyphers:

Algorithms may be des-cbc, 3des-cbc, blowfish-cbc, rc3-cbc,
cast128-cbc, or none.  The default is des-cbc.

i assume aes will work anyway, as it just uses openssl, though. is that true?

Could someone who uses certs help me with an example command line for
tcpdumping traffic, please?

furthermore i find this:

commit d7b604bee5901a23ea36c17fdab69366b1f383a2
Author: itojun <itojun>
Date:   Sat Jan 15 07:54:15 2000 +0000

    document -E.  this option has very nasty effects and I'm still wondering
    if it is correct to include it in tcpdump.org distribution.

what are those nasty effects?

On Sat, Mar 24, 2012 at 10:39 PM, Andreas Schuldei
<schuldei+strongswan at spotify.com> wrote:
> hi!
> i seem to remember that the ipsec implementation on openbsd provided a
> virtual interface where i could connect with tcpdump and see all the
> decrypted traffic to/from the host.
> how can i do something similar with strongswan? any cool iptables
> tricks to get to the decrypted traffic? permissions are not a problem,
> i am root! :-)
> /andreas

More information about the Users mailing list