"John Lynch" <john_p_lynch@yahoo.com> wrote in message
news:f5b507b6.0403110049.41dca4f7@posting.google.com...
> Since I control both ends of the VPN and have the shared secret, I
> should be able to decrypt the packets.

Nope, that's not how IPSEC works. The shared secret is used only to
authenticate the peers. After the peers are authenticated, a unique session
key is created to encrypt and decrypt the packets. This session key is also
periodically changed, to prevent brute force attacks on data streams. You
cannot decrypt IPSEC packets in flight unless you have the current session
key for the active security association. This key, as you might guess,
cannot be retreived from the router. Would sort of defeat the whole purpose
of security.

Your problems seems like more of a mapping or access-list problem. Packet
decoding, algorithmically, is pretty trivial. It is unlikely that your
problem lies there.

This key, as you might guess,
> cannot be retreived from the router. Would sort of defeat the whole purpose
> of security.


Reminds me of our security guy - a nice guy but he hadn't a clue. One
day, we replaced our hardware encryptors with IPSec routers. One of
his main jobs was to be the custodian of the keys, stored in these
little plug pack things that had a ROM chip in them. He had to make
sure they were locked away in his safe. After the change, he comes
around and asks for the keys. We explained how it worked now, the keys
are not actually available anymore to anyone, and summarised that
"there aren't any keys, Paul". He paused in thought, and asked
hopefully "can we get some?"

Hi,

man tcpdump
man ethereal

There is something about IPSEC encryption, it seems but I haven't
checked that you can specify a file where could be written the share
secret to debug a bit more.

K Casodic