Re: traffic statistics by network connection

Sat, 24 Jul 2021 10:05:41 -0700 

Thomas Haller wrote:

On Fri, 2021-07-23 at 11:59 -0400, David H Durgee wrote:

  Looking at the documentation for ip xfrm it appears that I should be
able to issue commands:
 ip xfrm policy list 
  ip xfrm state list
 When I attempt to use them from my login I get an "operation not 
permitted" error, so I assume I must use sudo for them to work.
Before
I do so can someone confirm for me that these particular commands are
safe to use and will not impact system operation?

yes, these commands would only query the current configuration and not
change it. They are thus safe... at least, to the best of my knowledge.


best,
Thomas
I first ran the commands without the VPN up and they returned nothing.  Bringing up the VPN and running them again returned the attached outputs.
I am not trained in reading these reports, but what I see does appear to indicate that the VPN is indeed functioning and handling the traffic as requested.  If someone who is trained could confirm this for me I would appreciate it. 

Dave

dhdurgee@z560:~/Downloads$ sudo ip xfrm policy list
src 10.10.10.3/32 dst 0.0.0.0/0 
	dir out priority 383615 
	tmpl src 192.168.1.114 dst 108.31.28.59
		proto esp spi 0xcfc85b48 reqid 1 mode tunnel
src 0.0.0.0/0 dst 10.10.10.3/32 
	dir fwd priority 383615 
	tmpl src 108.31.28.59 dst 192.168.1.114
		proto esp reqid 1 mode tunnel
src 0.0.0.0/0 dst 10.10.10.3/32 
	dir in priority 383615 
	tmpl src 108.31.28.59 dst 192.168.1.114
		proto esp reqid 1 mode tunnel
src fe80::/64 dst fe80::/64 
	dir fwd priority 134463 
src fe80::/64 dst fe80::/64 
	dir in priority 134463 
src fe80::/64 dst fe80::/64 
	dir out priority 134463 
src ::1/128 dst ::1/128 
	dir fwd priority 68927 
src ::1/128 dst ::1/128 
	dir in priority 68927 
src ::1/128 dst ::1/128 
	dir out priority 68927 
src 192.168.1.0/24 dst 192.168.1.0/24 
	dir fwd priority 175423 
src 192.168.1.0/24 dst 192.168.1.0/24 
	dir in priority 175423 
src 192.168.1.0/24 dst 192.168.1.0/24 
	dir out priority 175423 
src 169.254.0.0/16 dst 169.254.0.0/16 
	dir fwd priority 183615 
src 169.254.0.0/16 dst 169.254.0.0/16 
	dir in priority 183615 
src 169.254.0.0/16 dst 169.254.0.0/16 
	dir out priority 183615 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket in priority 0 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket out priority 0 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket in priority 0 
src 0.0.0.0/0 dst 0.0.0.0/0 
	socket out priority 0 
src ::/0 dst ::/0 
	socket in priority 0 
src ::/0 dst ::/0 
	socket out priority 0 
src ::/0 dst ::/0 
	socket in priority 0 
src ::/0 dst ::/0 
	socket out priority 0 

dhdurgee@z560:~/Downloads$ sudo ip xfrm state list
src 192.168.1.114 dst 108.31.28.59
	proto esp spi 0xcfc85b48 reqid 1 mode tunnel
	replay-window 0 flag af-unspec
	auth-trunc hmac(sha1) 0x4b048d80625a30c47558fc231af84befcab9f4e1 96
	enc cbc(aes) 0x2a2e30f7ea35339b8eeffe64321f7f446f113b8bf2d8131cfa2e54db61ded8dd
	encap type espinudp sport 42582 dport 4500 addr 0.0.0.0
	anti-replay context: seq 0x0, oseq 0x28, bitmap 0x00000000
src 108.31.28.59 dst 192.168.1.114
	proto esp spi 0xc2bb60a3 reqid 1 mode tunnel
	replay-window 32 flag af-unspec
	auth-trunc hmac(sha1) 0xb570b6149d971134fac06a51cec8701b05a68f68 96
	enc cbc(aes) 0xfdab1561b5527f6ddfbaa21b8bd9c0812449b3fda751cc837b94d1642e4bba4c
	encap type espinudp sport 4500 dport 42582 addr 0.0.0.0
	anti-replay context: seq 0x1d, oseq 0x0, bitmap 0x1fffffff

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
networkmanager-list mailing list
networkmanager-list@gnome.org
https://mail.gnome.org/mailman/listinfo/networkmanager-list

Reply via email to