Hello Bjoern, Saturday, April 10, 2004, 3:32:36 PM, you wrote: BAZ> On Sat, 10 Apr 2004, Nikolay Petrov wrote: BAZ> Hi, >> I have FreeBSD box with network interface having y.y.y.y ip address. >> On same box i configure next ipsec ploicys to process trafic from >> hardware ipsec enabled device. >> >> spdadd 0.0.0.0/0 x.x.x.x/24 any -P out ipsec >> esp/tunnel/y.y.y.y-z.z.z.z/require; >> spdadd x.x.x.x/24 0.0.0.0/0 any -P in ipsec >> esp/tunnel/z.z.z.z-y.y.y.y/require; >> >> Is it possible to see decrypted incoming packets, and outgoing packets >> before are they encrypted BAZ> IMHO no. I think OpenBSD has if_enc(4) for this. Have this some relation to KAME project, because enc(4) interface is only available in OpenBSD. NetBSD also have same limitation. -- Best regards, Nikolay [email protected] _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"