Openswan: Works, but...
Roger Grosswiler
roger at gwch.net
Fri Feb 6 07:47:52 UTC 2009
> Roger Grosswiler wrote:
>> Hi,
>>
>> According to the homepage of openswan, i configured a server and a
>> roadwarrior (think this is host-to-host).
>>
>> Using tcpdump, i see, that traffic between those 2 hosts is encrypted,
>> if the server is the endpoint.
>>
>> this server is a transparent proxy. so, if i surf eg. to google via
>> this server, the traffic seems no longer encrypted to me. (no
>> esp-packets mentionned in tcpdump).
>>
>> Even my mailserver is not on the same machine, so this traffic isn't
>> encrypted either.
>>
>> all i want is to make sure, that ALL traffic that comes from any client
>> and passes through my server is encrypted, as connections are wireless.
>>
>> btw. if i tell firefox to use the proxy-server instead of using
>> transparent proxying, internet traffic gets encrypted too. but i would
>> like to use transparent proxying.
>>
>> how can i do this? or is it encrypted, and by any reason i don't see it
>> like this?
>>
>> Thx,
>> Roger
>>
> Dumb question - are you monitoring just the traffic across the
> "host-to-host" link, or are you also getting the local network traffic?
>
> Mikkel
> --
>
Hi Mikkel,
i do on the client-machine a "tcpdump -i eth1" - which is the only connected card
(wireless). This shows, that connecting to my ipsec-enabled server only, traffic is in
ESP, but surfing around doesn't. Default Gateway is the ipsed-enabled server.
Roger
More information about the fedora-list
mailing list