Check the IPsec RA VPN tunnel state (Gnome Desktop client)
Once you have established the VPN connection you can use IProute2 commands to check the tunnel state.
Note: We've added explanatory inline comments to the system responses throughout this example.
- At the Gnome Desktop, open a terminal window.
- Check for a valid IP address.
user@system:~$ ip add show dev ens4
3: ens4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 52:54:00:da:9f:b4 brd ff:ff:ff:ff:ff:ff inet 172.16.0.5/24 brd 172.16.0.255 scope global noprefixroute ens4 valid_lft forever preferred_lft forever inet 10.200.0.1/32 scope global ens4 # Note the newly assigned VIP valid_lft forever preferred_lft forever inet6 fe80::9e05:6457:14f5:4aa6/64 scope link noprefixroute valid_lft forever preferred_lft forever
- Check connectivity to the IPsec RA VPN server.
user@system:~$ ping 10.90.9.2
PING 10.90.9.2 (10.90.9.2) 56(84) bytes of data. 64 bytes from 10.90.9.2: icmp_seq=1 ttl=63 time=5.03 ms 64 bytes from 10.90.9.2: icmp_seq=2 ttl=63 time=5.66 ms 64 bytes from 10.90.9.2: icmp_seq=3 ttl=63 time=5.51 ms # We can reach the dev workstations ^C # via the tunnel --- 10.90.9.2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2003ms rtt min/avg/max/mdev = 5.028/5.397/5.659/0.268 ms
- Verify that IPsec policies are installed at the tunnel source.
user@system:~$ sudo ip xfrm policy list src 10.90.9.0/24
[sudo] password for vyatta: src 10.90.9.0/24 dst 10.200.0.1/32 # IPsec policies installed dir fwd priority 371327 ptype main tmpl src 10.10.2.3 dst 172.16.0.5 proto esp reqid 1 mode tunnel src 10.90.9.0/24 dst 10.200.0.1/32 dir in priority 371327 ptype main tmpl src 10.10.2.3 dst 172.16.0.5 proto esp reqid 1 mode tunnel
- Verify that IPsec policies are installed at the tunnel destination.
user@system:~$ sudo ip xfrm policy list dst 10.90.9.0/24
src 10.200.0.1/32 dst 10.90.9.0/24 # IPsec policies installed dir out priority 371327 ptype main tmpl src 172.16.0.5 dst 10.10.2.3 proto esp spi 0xc21bd061 reqid 1 mode tunnel