Vyatta NOS documentation

Learn how to install, configure, and operate Vyatta Network Operating System (Vyatta NOS), which helps to drive our virtual networking and physical platforms portfolio.

show vpn debug

Provides trace-level information about IPsec VPN.

show vpn debug [ detail | peer peer [ tunnel tunnel ] ]
detail
Provides extra verbose output at the trace level.
peer
Shows trace-level information for the specified VPN peer. The format is the IPv4 or IPv6 address of the peer.
tunnel
Shows trace-level information for the specified tunnel to the specified peer. The tunnel argument is an integer that uniquely identifies the tunnel to the specified peer. The numbers range from 0 through 4294967295.

Operational mode

Use this command to view trace-level messages for IPsec VPN.

This command is useful for troubleshooting and diagnostic situations.

The following example shows the output of the show vpn debug command.

vyatta@vyatta:~$ show vpn debug
Status of IKE charon daemon (strongSwan 5.3.5, Linux 4.4.4-1-amd64-vyatta, x86_64):
  uptime: 2 minutes, since Apr 06 10:24:47 2016
  malloc: sbrk 1204224, mmap 0, used 304432, free 899792
  worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 0
  loaded plugins: charon aes rc2 sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark stroke vici updown
Listening IP addresses:
  10.18.170.212
Connections:
Security Associations (0 up, 0 connecting):
  none
vyatta@vyatta:~$

The following example shows the output of the show vpn debug detail command.

vyatta@vyatta:~$ show vpn debug detail
IPsec version
Linux strongSwan U5.3.5/K4.4.4-1-amd64-vyatta
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil, Switzerland
See 'ipsec --copyright' for copyright information.
IPsec working directory
/usr/lib/ipsec
IPsec status
Status of IKE charon daemon (strongSwan 5.3.5, Linux 4.4.4-1-amd64-vyatta, x86_64):
  uptime: 5 minutes, since Apr 06 10:24:47 2016
  malloc: sbrk 1744896, mmap 0, used 313328, free 1431568
  worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 0
  loaded plugins: charon aes rc2 sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark stroke vici updown
Listening IP addresses:
  10.18.170.212
Connections:
Security Associations (0 up, 0 connecting):
  none
:...skipping...
IPsec version
Linux strongSwan U5.3.5/K4.4.4-1-amd64-vyatta
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil, Switzerland
See 'ipsec --copyright' for copyright information.
IPsec working directory
/usr/lib/ipsec
IPsec status
Status of IKE charon daemon (strongSwan 5.3.5, Linux 4.4.4-1-amd64-vyatta, x86_64):
  uptime: 5 minutes, since Apr 06 10:24:47 2016
  malloc: sbrk 1744896, mmap 0, used 313328, free 1431568
  worker threads: 11 of 16 idle, 5/0/0/0 working, job queue: 0/0/0/0, scheduled: 0
  loaded plugins: charon aes rc2 sha1 sha2 md5 random nonce x509 revocation constraints pubkey pkcs1 pkcs7 pkcs8 pkcs12 pgp dnskey sshkey pem openssl fips-prf gmp agent xcbc hmac gcm attr kernel-netlink resolve socket-default connmark stroke vici updown
--More--