show vpn debug
Provides trace-level information about IPsec VPN.
- detail
- Provides extra verbose output at the trace level.
- peer
- Shows trace-level information for the specified VPN peer. The format is the IPv4 or IPv6 address of the peer.
- tunnel
- Shows trace-level information for the specified tunnel to the specified peer. The tunnel argument is an integer that uniquely identifies the tunnel to the specified peer. The numbers range from 0 through 4294967295.
Operational mode
Use this command to view trace-level messages for IPsec VPN.
This command is useful for troubleshooting and diagnostic situations.
The following example shows the output of the show vpn debug command.
vyatta@vyatta:~$ show vpn debug
Status of IKE charon daemon (strongSwan 5.3.5, Linux 4.4.4-1-amd64-vyatta, x86_64):
uptime: 2 minutes, since Apr 06 10:24:47 2016
malloc: sbrk 1204224, mmap 0, used 304432, free 899792
worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 0
loaded plugins: charon aes rc2 sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark stroke vici updown
Listening IP addresses:
10.18.170.212
Connections:
Security Associations (0 up, 0 connecting):
none
vyatta@vyatta:~$
The following example shows the output of the show vpn debug detail command.
vyatta@vyatta:~$ show vpn debug detail
IPsec version
Linux strongSwan U5.3.5/K4.4.4-1-amd64-vyatta
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil, Switzerland
See 'ipsec --copyright' for copyright information.
IPsec working directory
/usr/lib/ipsec
IPsec status
Status of IKE charon daemon (strongSwan 5.3.5, Linux 4.4.4-1-amd64-vyatta, x86_64):
uptime: 5 minutes, since Apr 06 10:24:47 2016
malloc: sbrk 1744896, mmap 0, used 313328, free 1431568
worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 0
loaded plugins: charon aes rc2 sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark stroke vici updown
Listening IP addresses:
10.18.170.212
Connections:
Security Associations (0 up, 0 connecting):
none
:...skipping...
IPsec version
Linux strongSwan U5.3.5/K4.4.4-1-amd64-vyatta
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil, Switzerland
See 'ipsec --copyright' for copyright information.
IPsec working directory
/usr/lib/ipsec
IPsec status
Status of IKE charon daemon (strongSwan 5.3.5, Linux 4.4.4-1-amd64-vyatta, x86_64):
uptime: 5 minutes, since Apr 06 10:24:47 2016
malloc: sbrk 1744896, mmap 0, used 313328, free 1431568
worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 0
loaded plugins: charon aes rc2 sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark stroke vici updown
--More--