From owner-freebsd-net@FreeBSD.ORG  Wed Sep  6 14:41:04 2006
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
X-Original-To: freebsd-net@freebsd.org
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id F19AB16A4E1
	for <freebsd-net@freebsd.org>; Wed,  6 Sep 2006 14:41:04 +0000 (UTC)
	(envelope-from regnauld@catpipe.net)
Received: from moof.catpipe.net (moof.catpipe.net [195.249.214.130])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 74EF443D7E
	for <freebsd-net@freebsd.org>; Wed,  6 Sep 2006 14:40:58 +0000 (GMT)
	(envelope-from regnauld@catpipe.net)
Received: from localhost (moof.catpipe.net [195.249.214.130])
	by localhost.catpipe.net (Postfix) with ESMTP id 82D4B6340A9;
	Wed,  6 Sep 2006 16:40:56 +0200 (CEST)
Received: from moof.catpipe.net ([195.249.214.130])
	by localhost (moof.catpipe.net [195.249.214.130]) (amavisd-new,
	port 10024)
	with ESMTP id 06438-03; Wed,  6 Sep 2006 16:40:55 +0200 (CEST)
Received: from vinyl.catpipe.net (vinyl.catpipe.net [195.249.214.189])
	by moof.catpipe.net (Postfix) with ESMTP id 6F00A6340B5;
	Wed,  6 Sep 2006 16:40:55 +0200 (CEST)
Received: by vinyl.catpipe.net (Postfix, from userid 1006)
	id 1B65278C31; Wed,  6 Sep 2006 16:40:03 +0200 (CEST)
Date: Wed, 6 Sep 2006 16:40:03 +0200
From: Phil Regnauld <regnauld@catpipe.net>
To: "Eric W. Bates" <ericx_lists@vineyard.net>
Message-ID: <20060906144002.GI30554@catpipe.net>
References: <44FEDD18.8060506@vineyard.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <44FEDD18.8060506@vineyard.net>
X-Operating-System: FreeBSD 6.1-PRERELEASE i386
Organization: catpipe Systems ApS
User-Agent: Mutt/1.5.11
X-Virus-Scanned: amavisd-new at catpipe.net
Cc: freebsd-net@freebsd.org
Subject: Re: showing esp tunnels in routing table
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Sep 2006 14:41:05 -0000

Eric W. Bates (ericx_lists) writes:
> When you establish an esp tunnel, the subnets on the remote end of the
> tunnel do not seem to appear in either "netstat -nr" or 'route get
> xxx.xxx.xxx.xxx'
> 
> Is there a way to display those routes other than using setkey to dump
> the SPD's?

	No, because there are no routes.  The IPSec layer "hijacks" the packets
	and they are encapsulated before the routing table gets a chance
	to see them.

	You would have to setup transport ESP + gif/gre tunnels to see routing
	entries.

	Phil
-- 
  _ _ |_ | regnauld@catpipe.net                               catpipe ApS  |
 (_(_||_ |                *BSD solutions, consulting, development          |
         | Tlf.: +45 7021 0050                    http://www.catpipe.net/  |