How to check your outgoing traffic is encrypted
-
Hi,
does any one knows how to check (ensure) your outgoing traffic is encrypted with Pfsense FW?
-
Do a packet capture on WAN (Diagnostics - Packet Capture), download the .cap file and then use Wireshark to check the traffic.
-
why would your traffic be encrypted? Are you going to https site, are you using a vpn? But yes you can easy look to what pfsense puts on the wire out its wan with simple packet capture
-
and if it's encrypted how will I see it's encrypted in the packet capture?
-
Well, that part is up to you to recognize your traffic. Is it a web page? An image like a jpg? What is your specific concern?
-
ok let's do if from the beginning
I setup an IPsec tunnel with my company and a partner and create both bidirectionnel (in/out) IPSec rules in the IPSec tab
-tunnel is up
-I can see outgoing IPSec traffic in the logs on the enc0 interface
but
butI dont see outgoing IPSec traffic in the logs on the enc0 interface but see it in the LAN interface
any idea why I dont see my outgoing IPSec traffic in the logs on the enc0 as for incoming IPSec traffic?
-
Because traffic is allowed out of an interface by default, without a firewall rule. Thus there is no rule capturing the traffic to log it.
It requires a rule on LAN because it's going in on that interface and hence is logged (assuming you've enabled logging on whatever rule you have there).You should see that traffic arriving over the IPSec tunnel is logged on the IPSec interface and not the LAN.
The only exception to this are the floating rules which can operate both in and out.
Steve
