Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Command to print all routing entries

Hi all,

I would like to know if there is a command that can print the all entries from the routing table on XG.

route -r or route or netstat -rn do not show IPSec remote network.

This can be very helpful in a complex configuration and when you have an HUB&SPOKE IPSEC.

Thanks



This thread was automatically locked due to age.
Parents
  • If you are just looking for ipsec routing entries, you can run command:

    ip route show table 220

    All IPsec routes get added to that table unless you have forced the ipsec route into a tunnel using the command: system ipsec route add ......

    Thanks.

    KingChris
    Community Support | Sophos Support

    Sophos Support VideosKnowledge Base  |  @SophosSupport | Sign up for SMS Alerts |
    If a post solves your question use the 'This helped me' link

  • Thanks to both of you but I have to deny your answer guys.

    SFVH_SO01_SFOS 18.0.0 EAP3-Refresh1# ip route show table all
    default via 192.168.1.1 dev Port2 table wanlink1 proto static src 192.168.1.101
    prohibit default table wanlink1 proto static metric 1
    default via 192.168.1.1 dev Port2 table gw1 proto static
    prohibit default table gw1 proto static metric 1
    default dev ipsec0 table routeipsec0 scope link
    default via 192.168.1.1 dev Port2 table multilink proto static
    10.81.234.0/24 dev tun0 proto kernel scope link src 10.81.234.5
    192.168.0.0/24 dev Port1 proto kernel scope link src 192.168.0.1
    192.168.1.0/24 dev Port2 proto kernel scope link src 192.168.1.101
    broadcast 10.81.234.0 dev tun0 table local proto kernel scope link src 10.81.234.5
    local 10.81.234.5 dev tun0 table local proto kernel scope host src 10.81.234.5
    broadcast 10.81.234.255 dev tun0 table local proto kernel scope link src 10.81.234.5

    and the table continues.

    I had few customers that need to print to routing table for keeping the documentation up-to-date and this command for them is just complicated.

    Make sure you improve and add all the routing tables in the route command.

    I will work for them for extracting the routing information for free.

    Certain things are still very bad on XG, even a simple routing table extract.

    [:@]

Reply
  • Thanks to both of you but I have to deny your answer guys.

    SFVH_SO01_SFOS 18.0.0 EAP3-Refresh1# ip route show table all
    default via 192.168.1.1 dev Port2 table wanlink1 proto static src 192.168.1.101
    prohibit default table wanlink1 proto static metric 1
    default via 192.168.1.1 dev Port2 table gw1 proto static
    prohibit default table gw1 proto static metric 1
    default dev ipsec0 table routeipsec0 scope link
    default via 192.168.1.1 dev Port2 table multilink proto static
    10.81.234.0/24 dev tun0 proto kernel scope link src 10.81.234.5
    192.168.0.0/24 dev Port1 proto kernel scope link src 192.168.0.1
    192.168.1.0/24 dev Port2 proto kernel scope link src 192.168.1.101
    broadcast 10.81.234.0 dev tun0 table local proto kernel scope link src 10.81.234.5
    local 10.81.234.5 dev tun0 table local proto kernel scope host src 10.81.234.5
    broadcast 10.81.234.255 dev tun0 table local proto kernel scope link src 10.81.234.5

    and the table continues.

    I had few customers that need to print to routing table for keeping the documentation up-to-date and this command for them is just complicated.

    Make sure you improve and add all the routing tables in the route command.

    I will work for them for extracting the routing information for free.

    Certain things are still very bad on XG, even a simple routing table extract.

    [:@]

Children
  • FormerMember
    0 FormerMember in reply to lferrara

    Hi lferrara,

    If you are only concern about IPsec routes than use command provided by KingChris, it shows only IPsec related routes. I also like you to try "ipsec statusall" and check if you find useful output. 

    I checked if there is any table that we can query from the DB but there isn't as these route are in kernel. 

    Thanks,

     

     

  • A simple and new command from console can be added to print routing table like route command does.

    Please add it to the feature list. Should not require so much effort!