Re: linux-ipsec: More questions

> One comment about 'ipsec look'. I tried to use it to figure out what I did

I want to keep look output terse -- it's meant for checking on normal cases, not for troubleshooting difficult ones, and fitting normal situations into minimum vertical space was its major design objective. As mentioned in earlier mail, barf is really what's wanted for troubleshooting.

What might be worth doing is having look check for the expected contents of /proc/net/ipsec_tncfg, and say something *only* if it doesn't look right.

> If you are using tcpdump on the same machine as one of the SGs, then
> you will not see what is actually on the wire...
> > (Hopefully, it's not because I don't RTFM ;-) )

The new doc/vpn.how does mention the desirability of running tcpdump from a separate machine, but it doesn't say it strongly enough. Will fix.

> > Btw: The terms "left" and "right" are really not very well chosen...

I'd welcome suggestions on better ways of describing the network. The one thing I won't do is adopt a description that's relative to a particular host, so that the file has to be custom-edited for each machine. Avoiding that was a major design objective.

It may be that this is best solved by documentation.

                                                          Henry Spencer
                                                       henry@spsystems.net
                                                     (henry@zoo.toronto.edu)

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related lists.freeswan.org Links 1998-fall 1998-spring 1998-summer 1998-winter 1999-winter announce briefs bugs design freeswan-list hipsec ietf-sectest users users-admin Request more information about Pantek