Phil Regnauld wrote: > Eric W. Bates (ericx_lists) writes: >> When you establish an esp tunnel, the subnets on the remote end of the >> tunnel do not seem to appear in either "netstat -nr" or 'route get >> xxx.xxx.xxx.xxx' >> >> Is there a way to display those routes other than using setkey to dump >> the SPD's? > > No, because there are no routes. The IPSec layer "hijacks" the packets > and they are encapsulated before the routing table gets a chance > to see them. > > You would have to setup transport ESP + gif/gre tunnels to see routing > entries.
Apparently, openbsd's implementation of netstat allows one to view ESP 'flows' (I believe that is how they refer to them) by examining the family 'encap' netstat -rnf encap We have no such equivalent? > Phil _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
