Date: Wed, 06 Sep 2006 11:02:25 -0400 From: "Eric W. Bates" <ericx_lists@vineyard.net> To: Phil Regnauld <regnauld@catpipe.net> Cc: freebsd-net@freebsd.org Subject: Re: showing esp tunnels in routing table Message-ID: <44FEE301.2090008@vineyard.net> In-Reply-To: <20060906144002.GI30554@catpipe.net> References: <44FEDD18.8060506@vineyard.net> <20060906144002.GI30554@catpipe.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Phil Regnauld wrote: > Eric W. Bates (ericx_lists) writes: >> When you establish an esp tunnel, the subnets on the remote end of the >> tunnel do not seem to appear in either "netstat -nr" or 'route get >> xxx.xxx.xxx.xxx' >> >> Is there a way to display those routes other than using setkey to dump >> the SPD's? > > No, because there are no routes. The IPSec layer "hijacks" the packets > and they are encapsulated before the routing table gets a chance > to see them. > > You would have to setup transport ESP + gif/gre tunnels to see routing > entries. Apparently, openbsd's implementation of netstat allows one to view ESP 'flows' (I believe that is how they refer to them) by examining the family 'encap' netstat -rnf encap We have no such equivalent? > Phil
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44FEE301.2090008>