Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Anyway to verify outgoing packets are going across the IPSec tunnel

    IPsec
    2
    2
    1749
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      Dregnus last edited by

      Hey guys. Today I had to change IP addresses on the DMZ network at one of our branch offices. This particular network has several (around 7) IPSec connections. So I had to modify the source network on these tunnels and had to request the IT staff of our customer connection do the same on their end.

      Everything appears to be okay, and the IPSec tunnels are all up and green in terms of status. However, traffic isn't getting across. I can verify that the packets are entering my DMZ interface, but that is as far as I get.

      Is there anyway to verify that a particular packet is being encapsulated in an IPSec frame and sent out?

      Thanks. This one has me stumped and, at the very least, I'd like to determine if it's our end or their end.

      1 Reply Last reply Reply Quote 0
      • jimp
        jimp Rebel Alliance Developer Netgate last edited by

        You can run tcpdump on the enc0 interface to see what is coming and going in terms of IPsec traffic. No way to do that from the GUI in 1.2.3, if you're on a 2.0 snapshot you should be able to do that from Diagnostics > Packet Capture.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post