Not sure about this but try doing it this way: route -T 1 exec netstat -an -f inet
from man route... J On Tue, May 17, 2011 at 2:39 PM, [email protected] < [email protected]> wrote: > ...gives me some headache... > > system1: (openbsd 4.9) > em0 192.168.1.54 (same /24 subnet as system2) > /etc/isakmpd/isakmpd. > conf: > Listen-on= 192.168.1.54 > isakmpd -K > > system2: (openbsd 4.9) > em0 192.168.1.200 (same /24 subnet as system1) > > /etc/isakmpd/isakmpd.conf > Listen-on= 192.168.1.200 > isakmpd -K > > as long as em0 on system2 is in rdomain 0 (zero) > everything seems fine and using tcpdump i can see bi-directional traffic on > UDP/500 > as soon as i put em0 on system2 > into rdomain 1 using 'ifconfig em0 192.168.1.200 rdomain 1' my headache > starts... > i can check routing for domain 1 > using 'netstat -rn -T1' > i can ping 192.168.1.200 using 'ping -V1 192.168.1.200' > *but* > i do no longer see em0 in > 'netstat -an -f inet' so i am not able to see if the listener for UDP/500 > started on the em0 interface (only interfaces > in rdomain 0 (zero) are displayed) > bi-directional traffic for port UDP/500 stops > > anybody having experience in > terminating a IPSEC tunnel in a routing domain? (virtual firewall setup) > maybe i should try GRE with IPSEC on top of > that...(?) > thank you > /pat
