Vyatta documentation

Learn how to install, configure, and operate the Vyatta Network Operating System (Vyatta NOS) and Orchestrator, which help drive our virtual networking and physical platforms portfolio.

Check the IPsec site-to-site VPN tunnel status (Fedora/RHEL/Centos)

An example of how to check the IPsec RA VPN tunnel works, from the perspective of a peer device.

  1. List the currently active IKE_SAs and confirm that they are as you expect.
    $ swanctl -l
    devcloud1: #1, ESTABLISHED, IKEv2, 802f9c888e23e342_i* e2c75818cd0ffd4e_r
      local  'devcloud1.vpn.am' @[4500]
      remote 'server.vpn.am' @[4500]
      established 564s ago, rekeying in 12749s, reauth in 11577s
      tunnel-1: #1, reqid 1, INSTALLED, TUNNEL-in-UDP, ESP:AES_GCM_16-128
        installed 564s ago, rekeying in 2920s, expires in 3396s
        in  c75e729c (0x0000002a),      0 bytes,     0 packets
        out c2f7bd8a (0x0000002a),      0 bytes,     0 packets
  2. Check the connectivity across the tunnel to the another peer.
    $ ping -I -c3
    PING ( from : 56(84) bytes of data.
    64 bytes from icmp_seq=1 ttl=63 time=2.07 ms
    64 bytes from icmp_seq=2 ttl=63 time=1.23 ms
    64 bytes from icmp_seq=3 ttl=63 time=1.17 ms
    --- ping statistics ---
    3 packets transmitted, 3 received, 0% packet loss, time 5ms
    rtt min/avg/max/mdev = 1.168/1.492/2.074/0.412 mss