home

White papers

Getting startedOverviewArchitectureSupported platformsRelease notesWhite papers
Getting startedOverviewArchitectureSupported platformsRelease notesWhite papers

Vyatta documentation

Learn how to install, configure, and operate the Vyatta Network Operating System (Vyatta NOS) and Orchestrator, which help drive our virtual networking and physical platforms portfolio.

Show On this page:

thumbnailWhite papers

Configure the IPsec site-to-site VPN (Fedora/RHEL/Centos)

Check the IPsec site-to-site VPN tunnel status (Fedora/RHEL/Centos)

An example of how to check the IPsec RA VPN tunnel works, from the perspective of a peer device.

  1. List the currently active IKE_SAs and confirm that they are as you expect.
    $ swanctl -l
    devcloud1: #1, ESTABLISHED, IKEv2, 802f9c888e23e342_i* e2c75818cd0ffd4e_r
  local  'devcloud1.vpn.am' @ 172.16.0.4[4500]
  remote 'server.vpn.am' @ 169.61.111.164[4500]
  AES_GCM_16-128/PRF_HMAC_SHA2_256/ECP_256
  established 564s ago, rekeying in 12749s, reauth in 11577s
  tunnel-1: #1, reqid 1, INSTALLED, TUNNEL-in-UDP, ESP:AES_GCM_16-128
    installed 564s ago, rekeying in 2920s, expires in 3396s
    in  c75e729c (0x0000002a),      0 bytes,     0 packets
    out c2f7bd8a (0x0000002a),      0 bytes,     0 packets
    local  10.200.0.0/24
    remote 0.0.0.0/0
  2. Check the connectivity across the tunnel to the another peer.
    $ ping 10.90.9.2 -I 10.200.1.1 -c3
    PING 10.90.9.2 (10.191.29.202) from 10.200.1.1 : 56(84) bytes of data.
64 bytes from 10.90.9.2: icmp_seq=1 ttl=63 time=2.07 ms
64 bytes from 10.90.9.2: icmp_seq=2 ttl=63 time=1.23 ms
64 bytes from 10.90.9.2: icmp_seq=3 ttl=63 time=1.17 ms
 
--- 10.90.9.2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 5ms
rtt min/avg/max/mdev = 1.168/1.492/2.074/0.412 mss

Last updated: June 28, 2022

Related Articles: