1. Home
  2. pfSense® Software
  3. IPsec
  4. Added STATE in transport mode using xfrm, but SELECTOR displaying src and dst can be any address

Added STATE in transport mode using xfrm, but SELECTOR displaying src and dst can be any address

  • M

    Created the policy and state using xfrm framework.
    Listing of all states is displaying using the command"ip -6 xfrm state list".

    In transport mode, why the SELECTOR setting src and dst can be any address, is it the default setting?
    Can some one please explain.

    sel src ::/0 dst ::/0

    0
  • M

    Added more details in the commands:
    Didn't add any "sel" option in the state command but by default "sel src ::/0 dst ::/0".
    Can anyone please help me to understand.

    IPSEC : ip -6 xfrm command for STATE
    ip -6 xfrm state add src fe78::290:bff:fe59:ffa dst ff02::5 proto esp spi 256 mode transport auth sha256 Test enc cipher_null

    list of added states:

    ip -6 xfrm state list
    src fe78::290:bff:fe59:fffa dst ff02::5
    proto esp spi 0x00000100 reqid 0 mode transport
    replay-window 0
    auth-trunc hmac(sha256) 0x54657374 96
    enc ecb(cipher_null) 0x
    sel src ::/0 dst ::/0

    -thanks,

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy