- /
- /
- /
Routes and VPNs
Depending on the VPN being used, a route may not display in the table for the far side. IPsec does not use the routing table, it is instead handled internally in the kernel using IPsec security policy database (SPD) entries. Static routes will never cause traffic to be directed across an IPsec connection. OpenVPN uses the system routing table and as such entries are present for networks reachable via an OpenVPN tunnel, as in the following example:
| #netstat -rWn Routing tables Internet: Destination | Gateway | Flags | Use | Mtu | Netif | Expire |
| default | 198.51.100.1 | UGS | 92421 | 1500 | em0 | |
| 10.6.0.0/16 | 10.6.203.1 | UGS | 0 | 1500 | ovpnc2 | |
| 10.6.203.0/24 | 10.6.203.2 | UGS | 0 | 1500 | ovpnc2 | |
| 10.6.203.1 | link#9 | UH | 0 | 1500 | ovpnc2 | |
| 10.6.203.2 | link#9 | UHS | 0 | 16384 | lo0 | |
| 10.7.0.0/24 | link#2 | U | 1260771 | 1500 | em1 | |
| 10.7.0.1 | link#2 | UHS | 0 | 16384 | lo0 | |
| 127.0.0.1 | link#7 | UH | 866 | 16384 | lo0 | |
| 198.51.100.0/24 | link#1 | U | 1251477 | 1500 | em0 | |
| 198.51.100.7 | link#1 | UHS | 0 | 16384 | lo0 |
The OpenVPN interface is 10.6.203.2, with a gateway of 10.6.203.1 and the interface is ovpnc2. The network reachable using OpenVPN in this example is 10.6.0.0/16.
With IPsec, traceroute is not as useful as with routed setups like OpenVPN, because the IPsec tunnel itself does not have IP addresses. When running traceroute to a destination across IPsec, a timeout will be shown for the hop that is the IPsec tunnel.