Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Added STATE in transport mode using xfrm, but SELECTOR displaying src and dst can be any address

    Scheduled Pinned Locked Moved IPsec
    2 Posts 1 Posters 333 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      madhu542
      last edited by

      Created the policy and state using xfrm framework.
      Listing of all states is displaying using the command"ip -6 xfrm state list".

      In transport mode, why the SELECTOR setting src and dst can be any address, is it the default setting?
      Can some one please explain.

      sel src ::/0 dst ::/0

      1 Reply Last reply Reply Quote 0
      • M
        madhu542
        last edited by

        Added more details in the commands:
        Didn't add any "sel" option in the state command but by default "sel src ::/0 dst ::/0".
        Can anyone please help me to understand.

        IPSEC : ip -6 xfrm command for STATE
        ip -6 xfrm state add src fe78::290:bff:fe59:ffa dst ff02::5 proto esp spi 256 mode transport auth sha256 Test enc cipher_null

        list of added states:

        ip -6 xfrm state list
        src fe78::290:bff:fe59:fffa dst ff02::5
        proto esp spi 0x00000100 reqid 0 mode transport
        replay-window 0
        auth-trunc hmac(sha256) 0x54657374 96
        enc ecb(cipher_null) 0x
        sel src ::/0 dst ::/0

        -thanks,

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.