If you want to be able to sniff your IPsec traffic with OpenSwan, you'll need to get KLIPS instead of the default NETKEY IPsec protocol stack.

Installing that on Ubuntu/Karmic should be a matter of:

~# apt-get install openswan-modules-source
~# cd /usr/src
/usr/src# tar jxvf openswan-modules.tar.bz2
/usr/src# cd modules/openswan
/usr/src/modules/openswan# make KERNELSRC=/lib/modules/`uname -r`/build module module_install

But it's not.

Right now, we're running the default Linux kernel 2.6.31-23-server on this Karmic machine. And as it happens, in 2.6.31 they removed networking compatibility code.

Source: http://patchwork.ozlabs.org/patch/27566/

All drivers are already converted to new net_device_ops API and nobody uses old API anymore.

...

-#ifdef CONFIG_COMPAT_NET_DEV_OPS
- struct {
- int (*init)(struct net_device *dev);
- void (*uninit)(struct net_device *dev);
- int (*open)(struct net_device *dev);
- int (*stop)(struct net_device *dev);
- int (*hard_start_xmit) (struct sk_buff *skb,
- struct net_device *dev);
- u16 (*select_queue)(struct net_device *dev,
...

So after a couple of succesful object compilations you get this:

  CC [M]  /usr/src/modules/openswan/modobj26/ipsec_tunnel.o
modobj26/ipsec_tunnel.c: In function ‘ipsec_tunnel_attach’:
modobj26/ipsec_tunnel.c:1117: error: ‘struct net_device’ has no member named ‘set_mac_address’
modobj26/ipsec_tunnel.c:1119: error: ‘struct net_device’ has no member named ‘hard_start_xmit’

The fix: don't use the old Ubuntu supplied version.

/usr/src# git clone git://git.openswan.org/public/scm/openswan.git openswan-2
/usr/src# cd openswan-2
/usr/src/openswan-2# make KERNELSRC=/lib/modules/`uname -r`/build module module_install
/usr/src/openswan-2# modprobe ipsec

/usr/src/openswan-2# ip addr | grep ipsec
4: ipsec0: <NOARP,PROMISC> mtu 16260 qdisc pfifo_fast state DOWN qlen 10
5: ipsec1: <NOARP> mtu 0 qdisc noop state DOWN qlen 10

Good! Now we have a nice interface to sniff.

compilation shell error