Sam Leffler wrote:
Eric W. Bates wrote:
Phil Regnauld wrote:
Eric W. Bates (ericx_lists) writes:
When you establish an esp tunnel, the subnets on the remote end of the
tunnel do not seem to appear in either "netstat -nr" or 'route get
xxx.xxx.xxx.xxx'
Is there a way to display those routes other than using setkey to dump
the SPD's?
No, because there are no routes. The IPSec layer "hijacks" the packets
and they are encapsulated before the routing table gets a chance
to see them.
You would have to setup transport ESP + gif/gre tunnels to see routing
entries.
Apparently, openbsd's implementation of netstat allows one to view ESP
'flows' (I believe that is how they refer to them) by examining the
family 'encap'
netstat -rnf encap
We have no such equivalent?
openbsd integrated the SAD w/ the routing table; something I've wanted
to do forever.
Having it in a separate radix tree (aka routing table) is just fine.
Integrating it with the IPv4/6 routing table is evil and would cause
me some heartburn.
--
Andre
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
