Vyatta documentation

Learn how to install, configure, and operate the Vyatta Network Operating System (Vyatta NOS) and Orchestrator, which help drive our virtual networking and physical platforms portfolio.

Check the IPsec RA VPN tunnel state at the server (Debian/Ubuntu client)

An example of how to check that the tunnel works, from the perspective of the server.

  1. Use the tshark command to capture some packets that arrive at the server.
    user@system:~$ tshark -ni dp0bond1 -c 4 esp or port 500 or 4500
    Capturing on 'dp0bond1'
        1 0.000000 10.20.2.2 → 10.10.2.3 ESP 162 ESP (SPI=0xc2839dbb)
        2 0.002561 10.10.2.3 → 10.20.2.2 ESP 162 ESP (SPI=0xc9495bd2)
        3 1.001285 10.20.2.2 → 10.10.2.3 ESP 162 ESP (SPI=0xc2839dbb)
        4 1.003961 10.10.2.3 → 10.20.2.2 ESP 162 ESP (SPI=0xc9495bd2)
    4 packets captured
  2. Use the show command to check the IPsec tunnel status.
    user@system:~$ show vpn ipsec sa
    Peer ID / IP                            Local ID / IP
    ------------                            -------------
    10.20.2.2                           10.10.2.3                              
     
        Tunnel  Id          State  Bytes Out/In   Encrypt       Hash      DH A-Time  L-Time
        ------  ----------  -----  -------------  ------------  --------  -- ------  ------
        1       40          up     588.0/588.0    aes128gcm128  null      19 306     3600