IPsec protocol -------------- Checks whether the IPsec protocol information is correct. * :osdx:op:`vpn ipsec show policy`: checks the information available on kernel crypto policies. *Example:* .. code-block:: none admin@osdx$ vpn ipsec show policy src 10.0.0.1/32 dst 10.0.0.2/32 dir out priority 367231 tmpl src 10.0.0.1 dst 10.0.0.2 proto esp spi 0xcde9784b reqid 1 mode tunnel src 10.0.0.2/32 dst 10.0.0.1/32 dir fwd priority 367231 tmpl src 10.0.0.2 dst 10.0.0.1 proto esp reqid 1 mode tunnel src 10.0.0.2/32 dst 10.0.0.1/32 dir in priority 367231 tmpl src 10.0.0.2 dst 10.0.0.1 proto esp reqid 1 mode tunnel src 0.0.0.0/0 dst 0.0.0.0/0 socket in priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 socket out priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 socket in priority 0 src 0.0.0.0/0 dst 0.0.0.0/0 socket out priority 0 src ::/0 dst ::/0 socket in priority 0 src ::/0 dst ::/0 socket out priority 0 src ::/0 dst ::/0 socket in priority 0 src ::/0 dst ::/0 socket out priority 0 * :osdx:op:`vpn ipsec show sa`: checks information related to IPsec SA. *Example:* .. code-block:: none admin@osdx$ vpn ipsec show sa vpn-peer-SITE1: #1, ESTABLISHED, IKEv2, 0fd20672a782d852_i* 0aab0776adbd3fc1_r local '10.0.0.1' @ 10.0.0.1[500] remote '10.0.0.2' @ 10.0.0.2[500] NULL/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_3072 established 1479s ago, rekeying in 25550s peer-SITE1-tunnel-1: #1, reqid 1, INSTALLED, TUNNEL, ESP:NULL/HMAC_SHA1_96 installed 1479s ago, rekeying in 1942s, expires in 2481s in c7130959, 168 bytes, 2 packets, 1479s ago out cde9784b, 168 bytes, 2 packets, 1479s ago local 10.0.0.1/32 remote 10.0.0.2/32 * :osdx:op:`vpn ipsec show sa local *`: checks information related to IPsec SA in a selected local peer. *Example:* .. code-block:: none admin@osdx$ vpn ipsec show sa local 10.0.0.1 vpn-peer-SITE1: #1, ESTABLISHED, IKEv2, 0fd20672a782d852_i* 0aab0776adbd3fc1_r local '10.0.0.1' @ 10.0.0.1[500] remote '10.0.0.2' @ 10.0.0.2[500] NULL/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_3072 established 1544s ago, rekeying in 25485s peer-SITE1-tunnel-1: #1, reqid 1, INSTALLED, TUNNEL, ESP:NULL/HMAC_SHA1_96 installed 1544s ago, rekeying in 1877s, expires in 2416s in c7130959, 168 bytes, 2 packets, 1544s ago out cde9784b, 168 bytes, 2 packets, 1544s ago local 10.0.0.1/32 remote 10.0.0.2/32 * :osdx:op:`vpn ipsec show sa remote *`: checks information related to IPsec SA in a selected peer. *Example:* .. code-block:: none admin@osdx$ vpn ipsec show sa remote 10.0.0.2 vpn-peer-SITE1: #1, ESTABLISHED, IKEv2, 0fd20672a782d852_i* 0aab0776adbd3fc1_r local '10.0.0.1' @ 10.0.0.1[500] remote '10.0.0.2' @ 10.0.0.2[500] NULL/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_3072 established 1581s ago, rekeying in 25448s peer-SITE1-tunnel-1: #1, reqid 1, INSTALLED, TUNNEL, ESP:NULL/HMAC_SHA1_96 installed 1581s ago, rekeying in 1840s, expires in 2379s in c7130959, 168 bytes, 2 packets, 1581s ago out cde9784b, 168 bytes, 2 packets, 1581s ago local 10.0.0.1/32 remote 10.0.0.2/32 * :osdx:op:`vpn ipsec show state`: checks the kernel cryptostate. *Example:* .. code-block:: none admin@osdx$ vpn ipsec show state src 10.0.0.1 dst 10.0.0.2 proto esp spi 0xcde9784b reqid 1 mode tunnel replay-window 0 flag af-unspec auth-trunc hmac(sha1) 0x6e924c645c189d0176cb1dba5a445d5078749249 96 enc ecb(cipher_null) anti-replay context: seq 0x0, oseq 0x2, bitmap 0x00000000 src 10.0.0.2 dst 10.0.0.1 proto esp spi 0xc7130959 reqid 1 mode tunnel replay-window 32 flag af-unspec auth-trunc hmac(sha1) 0x4721395ffe9e83a8f77de8eed16bdea194b4b8a0 96 enc ecb(cipher_null) anti-replay context: seq 0x2, oseq 0x0, bitmap 0x00000003 * :osdx:op:`vpn ipsec show ike status`: checks the IKE process status. *Example:* .. code-block:: none admin@osdx$ vpn ipsec show ike status IKE Process Running PID: 4140