using ip xfrm to encrypt packets to "any" destination
Hi,
I'm trying to come up with ip xfrm rules to encrypt packets from a source address to any destination. The command I came up with is:
ip xfrm policy add src 10.10.10.1/24 dst 0.0.0.0/0 dev eth0 proto tcp dir out tmpl proto esp spi 10 mode transport
ip xfrm state add src 10.10.10.1 dst 0.0.0.0 proto esp spi 10 enc cast5 0xaaaaaaaaaa
However, I noticed that with these commands, not only is the packet not being encrypted, but no packets are being sent on the wire.
Can anyone help me with this?
|