Vyatta NOS documentation

Learn how to install, configure, and operate Vyatta Network Operating System (Vyatta NOS), which helps to drive our virtual networking and physical platforms portfolio.

Check the IPsec RA VPN tunnel state at the client (Fedora/RHEL/Centos client)

An example of how to check that the IPsec RA VPN tunnel works, from the perspective of the client.

  1. Check that the server has given the client an IP address.
    $ ip -o address show | grep 10.200
    3: ens4 inet 10.200.0.1/32 scope global ens4\ valid_lft forever preferred_lft forever
    Here we see that the client has the virtual IP address 10.200.0.1.
  2. Check that an IPsec policy is present on the client.
    $ ip xfrm policy
    src 10.200.0.1/32 dst 10.90.9.0/24
            dir out priority 371327 ptype main
            tmpl src 172.16.0.1 dst 10.10.2.3
                    proto esp spi 0xc540ea9b reqid 1 mode tunnel
    src 10.90.9.0/24 dst 10.200.0.1/32
            dir fwd priority 371327 ptype main
            tmpl src 10.10.2.3 dst 172.16.0.1
                    proto esp reqid 1 mode tunnel
    src 10.90.9.0/24 dst 10.200.0.1/32
            dir in priority 371327 ptype main
            tmpl src 10.10.2.3 dst 172.16.0.1
                    proto esp reqid 1 mode tunnel
    Here we see that the client has IPsec policies as we expect for our workstation subnet.
  3. Check the connectivity across the tunnel to the server.
    $ ping 10.90.9.2 -I 10.200.0.1 -c 1
    PING 10.90.9.2 (10.90.9.2) from 10.200.0.1 : 56(84) bytes of data.
    64 bytes from 10.90.9.2: icmp_seq=1 ttl=63 time=6.75 ms
    
    --- 10.90.9.2 ping statistics ---
    1 packets transmitted, 1 received, 0% packet loss, time 0ms
    rtt min/avg/max/mdev = 6.754/6.754/6.754/0.000 ms