> (OpenBSD added the pflog interface for tcpdump purpose though)
My bad, it is the enc(4) interface:
https://man.openbsd.org/enc.4
# ifconfig enc0
enc0: flags=0<>
index 2 priority 0 llprio 3
groups: enc
status: active
# tcpdump -i enc0
tcpdump:
*** Josuah Demangeon [2023-10-15 16:43]:
>Not possible to do "tcpdump -i ipsec0" to see the packets going
>*over* the VPN as there is no network interface for it
That depends on OS/configuration. There could be literally "ipsec"
interface in FreeBSD to see exactly the packets flowing over that VPN
Sergey Matveev wrote:
> *** Sagar Acharya [2023-10-15 18:00]:
> >How many devices can connect to IPSec VPN?
>
> Thousands easily. Depends on bandwidth and CPU speed mainly.
You can also find that protocol in almost any 'hardware' router
that claims to support a VPN: Mikrotik, StormShield, Forti
*** Sagar Acharya [2023-10-15 18:00]:
>How many devices can connect to IPSec VPN?
Thousands easily. Depends on bandwidth and CPU speed mainly.
>What is the private key or secret key for these networks?
Various. Mostly either PSK (symmetric pre-shared key) or
X.509-certificate-based keypair are u
*** Sagar Acharya [2023-10-15 17:22]:
>I don't need signing, just encryption.
Are you aware that "just encryption" is practically useless, if it does
not authenticate transmitted data somehow? By MAC, by AEAD, by signature,
but with "just encryption" malefactor in many cases can alter your data
wi
*** Sagar Acharya [2023-10-15 16:33]:
>How is libcrypto of libressl?
Just a library with numerous algorithms. There are plenty of others.
>It has no encryption. What about ed448 and aes?
Generally no asymmetric encryption is used in modern protocols.
Only signing and key exchange operations as a
