Issue #470: tcpdump cannot capture outbound packets on virtual-ip - strongSwan

Issue #470

tcpdump cannot capture outbound packets on virtual-ip

Added by zhonghai li over 11 years ago. Updated over 11 years ago.

Status:

Closed

Priority:

Normal

Assignee:

Tobias Brunner

Category:

Affected version:

5.0.2

Resolution:

No change required

Description

Hi,

I use strongswan to establish the IPsec tunnel.
And then I try to use tcpdump to capture packets on virtual-IP.
However, I find no outbound packets captured on virtual-IP.

Does it mean outbound packets cannot be captured directly on virtual IP?
If so, any other command/tool can make it?

Here is the command I used.
"tcpdump host 192.168.3.2 and icmp"

192.168.3.2 is the virtual IP.

Thanks in advance.
Zhonghai Li

History

#1 Updated by Tobias Brunner over 11 years ago

Status changed from New to Closed
Assignee set to Tobias Brunner
Resolution set to No change required

Does it mean outbound packets cannot be captured directly on virtual IP?

Yes, as written in the FAQs. A workaround is described there too.

Another option is to use the kernel-libipsec plugin, but then, of course, you wouldn't use the Linux kernel's IPsec implementation.

Project

General

Profile

strongSwan

Issues

Issue #470

tcpdump cannot capture outbound packets on virtual-ip

History

#1 Updated by Tobias Brunner over 11 years ago