Am Sun, 8 Feb 2009 13:31:24 -0500 (EST) schrieb Paul Wouters <paul@xxxxxxxxxxxxx>: > On Sun, 8 Feb 2009, D. Hugh Redelmeier wrote: > > > According to the homepage of openswan, i configured a server and a > > roadwarrior (think this is host-to-host). > > > > Using tcpdump, i see, that traffic between those 2 hosts is > > encrypted, if the server is the endpoint. > > > > this server is a transparent proxy. so, if i surf eg. to google via > > this server, the traffic seems no longer encrypted to me. (no > > esp-packets mentionned in tcpdump). > > > > Even my mailserver is not on the same machine, so this traffic isn't > > encrypted either. > > Either use a leftsubnet=lan/mask to make the IPsec tunnel cover your > LAN ip range, or send everything using leftsubnet=0.0.0.0/0. > > Paul Hi, I changed this on the server-side, but not on the client side. Result from tcpdump from the client (wenn opening google in the browser): 20:07:48.742497 IP client > server: ESP(spi=0x3052e16e,seq=0x27), length 100 20:07:48.744033 IP server > client: ESP(spi=0x3729843c,seq=0x25), length 100 20:07:48.744033 IP fx-in-f99.google.com.http > client.49006: . ack 794 win 231 <nop,nop,timestamp 690888417 125678582> Roger -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
