Check the IPsec RA VPN tunnel state at the client (Fedora/RHEL/Centos client)

An example of how to check that the IPsec RA VPN tunnel works, from the perspective of the client.

Check that the server has given the client an IP address.
```
$ ip -o address show | grep 10.200
```
```
3: ens4 inet 10.200.0.1/32 scope global ens4\ valid_lft forever preferred_lft forever
```
Here we see that the client has the virtual IP address 10.200.0.1.

Check that an IPsec policy is present on the client.

$ ip xfrm policy

src 10.200.0.1/32 dst 10.90.9.0/24
        dir out priority 371327 ptype main
        tmpl src 172.16.0.1 dst 10.10.2.3
                proto esp spi 0xc540ea9b reqid 1 mode tunnel
src 10.90.9.0/24 dst 10.200.0.1/32
        dir fwd priority 371327 ptype main
        tmpl src 10.10.2.3 dst 172.16.0.1
                proto esp reqid 1 mode tunnel
src 10.90.9.0/24 dst 10.200.0.1/32
        dir in priority 371327 ptype main
        tmpl src 10.10.2.3 dst 172.16.0.1
                proto esp reqid 1 mode tunnel

Here we see that the client has IPsec policies as we expect for our workstation subnet.

Check the connectivity across the tunnel to the server.

$ ping 10.90.9.2 -I 10.200.0.1 -c 1

PING 10.90.9.2 (10.90.9.2) from 10.200.0.1 : 56(84) bytes of data.
64 bytes from 10.90.9.2: icmp_seq=1 ttl=63 time=6.75 ms

--- 10.90.9.2 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 6.754/6.754/6.754/0.000 ms

Vyatta documentation

Learn how to install, configure, and operate the Vyatta Network Operating System (Vyatta NOS) and Orchestrator, which help drive our virtual networking and physical platforms portfolio.

Check the IPsec RA VPN tunnel state at the client (Fedora/RHEL/Centos client)

Helpful Links

Key Resources