Debugging IPsec


enable logging of IKE packets in isakmpd(8)

isakmpd -L -K

or at runtime

echo "p on" > /var/run/isakmpd.fifo

the collected plaintext IKE exchange can be viewed with tcpdump(8)

tcpdump -vvr /var/run/isakmpd.pcap
caveat: "host" modifier to tcpdump applies to the outside IP address!

See the syslog entries from isakmpd in verbose mode (-v)