• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Added STATE in transport mode using xfrm, but SELECTOR displaying src and dst can be any address

Scheduled Pinned Locked Moved IPsec
2 Posts 1 Posters 306 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    madhu542
    last edited by Jul 6, 2020, 2:33 PM

    Created the policy and state using xfrm framework.
    Listing of all states is displaying using the command"ip -6 xfrm state list".

    In transport mode, why the SELECTOR setting src and dst can be any address, is it the default setting?
    Can some one please explain.

    sel src ::/0 dst ::/0

    1 Reply Last reply Reply Quote 0
    • M
      madhu542
      last edited by Jul 7, 2020, 8:26 AM

      Added more details in the commands:
      Didn't add any "sel" option in the state command but by default "sel src ::/0 dst ::/0".
      Can anyone please help me to understand.

      IPSEC : ip -6 xfrm command for STATE
      ip -6 xfrm state add src fe78::290:bff:fe59:ffa dst ff02::5 proto esp spi 256 mode transport auth sha256 Test enc cipher_null

      list of added states:

      ip -6 xfrm state list
      src fe78::290:bff:fe59:fffa dst ff02::5
      proto esp spi 0x00000100 reqid 0 mode transport
      replay-window 0
      auth-trunc hmac(sha256) 0x54657374 96
      enc ecb(cipher_null) 0x
      sel src ::/0 dst ::/0

      -thanks,

      1 Reply Last reply Reply Quote 0
      2 out of 2
      • First post
        2/2
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received