Vyatta Network OS Documentation

Learn how to install, configure and operate the Vyatta NOS, which helps drive our virtual networking & physical platforms portfolio.

show vpn debug

Provides trace-level information about IPsec VPN.

show vpn debug [ detail | peer peer [ tunnel tunnel ] ]
detail
Provides extra verbose output at the trace level.
peer
Shows trace-level information for the specified VPN peer. The format is the IPv4 or IPv6 address of the peer.
tunnel
Shows trace-level information for the specified tunnel to the specified peer. The tunnel argument is an integer that uniquely identifies the tunnel to the specified peer. The numbers range from 0 through 4294967295.

Operational mode

Use this command to view trace-level messages for IPsec VPN.

This command is useful for troubleshooting and diagnostic situations.

The following example shows the output of the show vpn debug command.

vyatta@vyatta:~$ show vpn debug
Status of IKE charon daemon (strongSwan 5.3.5, Linux 4.4.4-1-amd64-vyatta, x86_64):
  uptime: 2 minutes, since Apr 06 10:24:47 2016
  malloc: sbrk 1204224, mmap 0, used 304432, free 899792
  worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 0
  loaded plugins: charon aes rc2 sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark stroke vici updown
Listening IP addresses:
  10.18.170.212
Connections:
Security Associations (0 up, 0 connecting):
  none
vyatta@vyatta:~$

The following example shows the output of the show vpn debug detail command.

vyatta@vyatta:~$ show vpn debug detail
IPsec version
Linux strongSwan U5.3.5/K4.4.4-1-amd64-vyatta
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil, Switzerland
See 'ipsec --copyright' for copyright information.
IPsec working directory
/usr/lib/ipsec
IPsec status
Status of IKE charon daemon (strongSwan 5.3.5, Linux 4.4.4-1-amd64-vyatta, x86_64):
  uptime: 5 minutes, since Apr 06 10:24:47 2016
  malloc: sbrk 1744896, mmap 0, used 313328, free 1431568
  worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 0
  loaded plugins: charon aes rc2 sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark stroke vici updown
Listening IP addresses:
  10.18.170.212
Connections:
Security Associations (0 up, 0 connecting):
  none
:...skipping...
IPsec version
Linux strongSwan U5.3.5/K4.4.4-1-amd64-vyatta
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil, Switzerland
See 'ipsec --copyright' for copyright information.
IPsec working directory
/usr/lib/ipsec
IPsec status
Status of IKE charon daemon (strongSwan 5.3.5, Linux 4.4.4-1-amd64-vyatta, x86_64):
  uptime: 5 minutes, since Apr 06 10:24:47 2016
  malloc: sbrk 1744896, mmap 0, used 313328, free 1431568
  worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 0
  loaded plugins: charon aes rc2 sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark stroke vici updown
--More--