Vyatta NOS documentation

Learn how to install, configure, and operate Vyatta Network Operating System (Vyatta NOS), which helps to drive our virtual networking and physical platforms portfolio.

Check the IPsec site-to-site VPN tunnel status (Fedora/RHEL/Centos)

An example of how to check the IPsec RA VPN tunnel works, from the perspective of a peer device.

  1. List the currently active IKE_SAs and confirm that they are as you expect.
    $ swanctl -l
    devcloud1: #1, ESTABLISHED, IKEv2, 802f9c888e23e342_i* e2c75818cd0ffd4e_r
      local  'devcloud1.vpn.am' @ 172.16.0.4[4500]
      remote 'server.vpn.am' @ 169.61.111.164[4500]
      AES_GCM_16-128/PRF_HMAC_SHA2_256/ECP_256
      established 564s ago, rekeying in 12749s, reauth in 11577s
      tunnel-1: #1, reqid 1, INSTALLED, TUNNEL-in-UDP, ESP:AES_GCM_16-128
        installed 564s ago, rekeying in 2920s, expires in 3396s
        in  c75e729c (0x0000002a),      0 bytes,     0 packets
        out c2f7bd8a (0x0000002a),      0 bytes,     0 packets
        local  10.200.0.0/24
        remote 0.0.0.0/0
  2. Check the connectivity across the tunnel to the another peer.
    $ ping 10.90.9.2 -I 10.200.1.1 -c3
    PING 10.90.9.2 (10.191.29.202) from 10.200.1.1 : 56(84) bytes of data.
    64 bytes from 10.90.9.2: icmp_seq=1 ttl=63 time=2.07 ms
    64 bytes from 10.90.9.2: icmp_seq=2 ttl=63 time=1.23 ms
    64 bytes from 10.90.9.2: icmp_seq=3 ttl=63 time=1.17 ms
     
    --- 10.90.9.2 ping statistics ---
    3 packets transmitted, 3 received, 0% packet loss, time 5ms
    rtt min/avg/max/mdev = 1.168/1.492/2.074/0.412 mss