showing esp tunnels in routing table
Phil Regnauld
regnauld at catpipe.net
Wed Sep 6 07:41:05 PDT 2006
Eric W. Bates (ericx_lists) writes:
> When you establish an esp tunnel, the subnets on the remote end of the
> tunnel do not seem to appear in either "netstat -nr" or 'route get
> xxx.xxx.xxx.xxx'
>
> Is there a way to display those routes other than using setkey to dump
> the SPD's?
No, because there are no routes. The IPSec layer "hijacks" the packets
and they are encapsulated before the routing table gets a chance
to see them.
You would have to setup transport ESP + gif/gre tunnels to see routing
entries.
Phil
--
_ _ |_ | regnauld at catpipe.net catpipe ApS |
(_(_||_ | *BSD solutions, consulting, development |
| Tlf.: +45 7021 0050 http://www.catpipe.net/ |
More information about the freebsd-net
mailing list