Date: Wed, 6 Sep 2006 16:40:03 +0200 From: Phil Regnauld <regnauld@catpipe.net> To: "Eric W. Bates" <ericx_lists@vineyard.net> Cc: freebsd-net@freebsd.org Subject: Re: showing esp tunnels in routing table Message-ID: <20060906144002.GI30554@catpipe.net> In-Reply-To: <44FEDD18.8060506@vineyard.net> References: <44FEDD18.8060506@vineyard.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Eric W. Bates (ericx_lists) writes:
> When you establish an esp tunnel, the subnets on the remote end of the
> tunnel do not seem to appear in either "netstat -nr" or 'route get
> xxx.xxx.xxx.xxx'
>
> Is there a way to display those routes other than using setkey to dump
> the SPD's?
No, because there are no routes. The IPSec layer "hijacks" the packets
and they are encapsulated before the routing table gets a chance
to see them.
You would have to setup transport ESP + gif/gre tunnels to see routing
entries.
Phil
--
_ _ |_ | regnauld@catpipe.net catpipe ApS |
(_(_||_ | *BSD solutions, consulting, development |
| Tlf.: +45 7021 0050 http://www.catpipe.net/ |
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060906144002.GI30554>