Astaro V8 is using Kernel 2.6 with OpenSWAN 2.2 which does not provide any ipsec0, ipsec1 and so on interfaces anymore. So you can't use tcpdump to take a look on decrypted packet in the tunnel as it was possible in Astaro V7 with "tcpdump -i ipsec0" for instance. With V8 you can only see the encrypted packets on the corresponding normal interface with "tcpdump -i eth0" or whatever interface is used for you IPsec tunnel as shown by the routing tables with "netstat -r".
One important use case why you want to take a look into the decrypted packets of an IPsec tunnel is to check for correct SNAT or DNAT rules being applied. Maybe there is another method to get this information?
This thread was automatically locked due to age.