home

White papers

Getting startedOverviewArchitectureSupported platformsRelease notesWhite papers
Getting startedOverviewArchitectureSupported platformsRelease notesWhite papers

Vyatta documentation

Learn how to install, configure, and operate the Vyatta Network Operating System (Vyatta NOS) and Orchestrator, which help drive our virtual networking and physical platforms portfolio.

Show On this page:

thumbnailWhite papers

IPsec RA VPN client (Gnome Desktop)

Check the IPsec RA VPN tunnel state (Gnome Desktop client)

Once you have established the VPN connection you can use IProute2 commands to check the tunnel state.

Note: We've added explanatory inline comments to the system responses throughout this example.
  1. At the Gnome Desktop, open a terminal window.
  2. Check for a valid IP address.
    user@system:~$ ip add show dev ens4
    3: ens4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 52:54:00:da:9f:b4 brd ff:ff:ff:ff:ff:ff
     inet 172.16.0.5/24 brd 172.16.0.255 scope global noprefixroute ens4
        valid_lft forever preferred_lft forever
     inet 10.200.0.1/32 scope global ens4                  # Note the newly assigned VIP
        valid_lft forever preferred_lft forever
     inet6 fe80::9e05:6457:14f5:4aa6/64 scope link noprefixroute
        valid_lft forever preferred_lft forever
  3. Check connectivity to the IPsec RA VPN server.
    user@system:~$ ping 10.90.9.2
    PING 10.90.9.2 (10.90.9.2) 56(84) bytes of data.
64 bytes from 10.90.9.2: icmp_seq=1 ttl=63 time=5.03 ms
64 bytes from 10.90.9.2: icmp_seq=2 ttl=63 time=5.66 ms
64 bytes from 10.90.9.2: icmp_seq=3 ttl=63 time=5.51 ms    # We can reach the dev workstations 
^C                                                                                                                             # via the tunnel
--- 10.90.9.2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 5.028/5.397/5.659/0.268 ms
  4. Verify that IPsec policies are installed at the tunnel source.
    user@system:~$ sudo ip xfrm policy list src 10.90.9.0/24
    [sudo] password for vyatta:
src 10.90.9.0/24 dst 10.200.0.1/32                         # IPsec policies installed
       dir fwd priority 371327 ptype main
       tmpl src 10.10.2.3 dst 172.16.0.5
               proto esp reqid 1 mode tunnel
src 10.90.9.0/24 dst 10.200.0.1/32
       dir in priority 371327 ptype main
       tmpl src 10.10.2.3 dst 172.16.0.5
               proto esp reqid 1 mode tunnel
  5. Verify that IPsec policies are installed at the tunnel destination.
    user@system:~$ sudo ip xfrm policy list dst 10.90.9.0/24
    src 10.200.0.1/32 dst 10.90.9.0/24                                                      # IPsec policies installed
       dir out priority 371327 ptype main
       tmpl src 172.16.0.5 dst 10.10.2.3
               proto esp spi 0xc21bd061 reqid 1 mode tunnel

Last updated: June 28, 2022

Related Articles: