Vyatta NOS documentation

Learn how to install, configure, and operate Vyatta Network Operating System (Vyatta NOS), which helps to drive our virtual networking and physical platforms portfolio.

Check the IPsec RA VPN tunnel state (Gnome Desktop client)

Once you have established the VPN connection you can use IProute2 commands to check the tunnel state.

Note: We've added explanatory inline comments to the system responses throughout this example.
  1. At the Gnome Desktop, open a terminal window.
  2. Check for a valid IP address.
    user@system:~$ ip add show dev ens4
    3: ens4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 52:54:00:da:9f:b4 brd ff:ff:ff:ff:ff:ff
         inet 172.16.0.5/24 brd 172.16.0.255 scope global noprefixroute ens4
            valid_lft forever preferred_lft forever
         inet 10.200.0.1/32 scope global ens4                  # Note the newly assigned VIP
            valid_lft forever preferred_lft forever
         inet6 fe80::9e05:6457:14f5:4aa6/64 scope link noprefixroute
            valid_lft forever preferred_lft forever
  3. Check connectivity to the IPsec RA VPN server.
    user@system:~$ ping 10.90.9.2
    PING 10.90.9.2 (10.90.9.2) 56(84) bytes of data.
    64 bytes from 10.90.9.2: icmp_seq=1 ttl=63 time=5.03 ms
    64 bytes from 10.90.9.2: icmp_seq=2 ttl=63 time=5.66 ms
    64 bytes from 10.90.9.2: icmp_seq=3 ttl=63 time=5.51 ms    # We can reach the dev workstations 
    ^C                                                                                                                             # via the tunnel
    --- 10.90.9.2 ping statistics ---
    3 packets transmitted, 3 received, 0% packet loss, time 2003ms
    rtt min/avg/max/mdev = 5.028/5.397/5.659/0.268 ms
  4. Verify that IPsec policies are installed at the tunnel source.
    user@system:~$ sudo ip xfrm policy list src 10.90.9.0/24
    [sudo] password for vyatta:
    src 10.90.9.0/24 dst 10.200.0.1/32                         # IPsec policies installed
           dir fwd priority 371327 ptype main
           tmpl src 10.10.2.3 dst 172.16.0.5
                   proto esp reqid 1 mode tunnel
    src 10.90.9.0/24 dst 10.200.0.1/32
           dir in priority 371327 ptype main
           tmpl src 10.10.2.3 dst 172.16.0.5
                   proto esp reqid 1 mode tunnel
  5. Verify that IPsec policies are installed at the tunnel destination.
    user@system:~$ sudo ip xfrm policy list dst 10.90.9.0/24
    src 10.200.0.1/32 dst 10.90.9.0/24                                                      # IPsec policies installed
           dir out priority 371327 ptype main
           tmpl src 172.16.0.5 dst 10.10.2.3
                   proto esp spi 0xc21bd061 reqid 1 mode tunnel