Hi All,
I am very new to Linux and open source forums, I hope my question is appropriate to this forum, if not please forgive my ignorance and if possible point me in the right direction.
Once again, I have just started to explore and please do forgive my ignorance.
Earlier today,on my debain-linux machine I was exploring ipsec using "ip xfrm".
I found one small mismatch in the behavior of linux ipsec and ipsec RFC. It most likely looks like I am missing something.
According to ipsec RFC, During SA lookup Destination address is not required to match whereas in linux only if I configure an SA with proper destination address it is working else packet is getting dropped.
The configuration in which packets dropped:
ip xfrm state add proto ah auth md5 "1234567890123456" mode transport
The configuration in which lookup was successful:
ip xfrm state add dst <destination ip> proto ah auth md5 "1234567890123456" mode transport
I was really not able to find a linux network administrator forum, that why using this.
I further looked into linux xfrm code and it looks like their lookup depends on the destination address, but i strongly belive that i am missing something.
Once again my sincere apology for my ignorance.
Regards,
Manimuthu