2011/5/17 James Records <james.reco...@gmail.com>: > Not sure about this but try doing it this way: > > route -T 1 exec netstat -an -f inet
Peeking at the netstat code the -a uses kread(), which signs people are afraid of it and those parts are to be rewritten using some standardized sysctl() interface, and then rdomain compatible. And netstat -T1 and route -T1 exec netstat should be equivalent, IMO. This needs to be confirmed by some developer though. Otherwise it's just a piece of gossip. >> as long as em0 on system2 is in rdomain 0 (zero) >> everything seems fine and using tcpdump i can see bi-directional traffic on >> UDP/500 >> as soon as i put em0 on system2 >> into rdomain 1 using 'ifconfig em0 192.168.1.200 rdomain 1' my headache >> starts... >> i can check routing for domain 1 >> using 'netstat -rn -T1' >> i can ping 192.168.1.200 using 'ping -V1 192.168.1.200' >> *but* >> i do no longer see em0 in >> 'netstat -an -f inet' so i am not able to see if the listener for UDP/500 >> started on the em0 interface (only interfaces >> in rdomain 0 (zero) are displayed) >> bi-directional traffic for port UDP/500 stops Is the isakmpd process still running? Did you really run it like 'route -T1 exec isakmpd'? Because with httpd it seems to work fine for me (different setup, but works). netstat -a displays all of them all the time. >> maybe i should try GRE with IPSEC on top of >> that...(?) Not sure it'd help. -- Martin Pelikan