Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Best tool to monitor VPN IPSEC Tunneling
Special Forums IP Networking Best tool to monitor VPN IPSEC Tunneling Post 302930476 by val riverwalk on Sunday 4th of January 2015 06:25:09 PM
Old 01-04-2015
Anything in the logs? Run a continuous ping from site A to site B. Does it drop periodically and then restart? Usually when an IPSEC tunnel drops, you'll see the handshake details if you have logging or debugging enabled. If the problem goes AWAY while running a continuous ping, then it may just be timing out for inactivity. As far as monitoring goes, consider Nagios to monitor the connection for drops. As an aside - I like a windows app called "ServersAlive" for simple monitoring of services/links/uptime... not terribly expensive, and great red light/green light online status that the helpdesk staff appreciates.
 

9 More Discussions You Might Find Interesting

1. Cybersecurity

IPSec - VPN using shared key

Hello! I have some trouble trying to configure a VPN with two gateways. One of them uses IPSec with a single key, 256bits length, specified in /etc/ipsec.secrets. As FreeSwan manual page says, if i put esp=3des-md5-96, will be used a "64bit IV key (internally generated), a 192bit 3des ekey and a... (3 Replies)
Discussion started by: eNTer
3 Replies

2. UNIX for Dummies Questions & Answers

Tool to monitor user activity

Hello, Does any one knows any tools or method to monitor users all activities on Solaris 8, including command and its result. Similar to 'script' ??? Thanks nana (3 Replies)
Discussion started by: nana
3 Replies

3. UNIX for Advanced & Expert Users

Tunneling

Hello, I am within a LAN system and I need to be able to tunnel out (and recv UDP) packets. Currently the router automatically drops UDP packets. My PC cant see the outside world, nor ping, but it can connect via SSH to a server on the "edge" of the network which can see everything. I... (2 Replies)
Discussion started by: ErNci
2 Replies

4. Solaris

ssh tunneling

Hi, I have tried the following: on PC1 (win xp) I have created ssh connection with port forwarding (local 8888 to remote 8888) to server1. >From server1 I have created another ssh connection with port forwarding to server2(local 8888 to remote 1521). When I try to connect to oracle... (3 Replies)
Discussion started by: goran00
3 Replies

5. UNIX for Advanced & Expert Users

tool to monitor throughput

Was wonder if there was a tool or program I could run to measure throughput on our CentoS 4.x server. Our current dedicated host provider is charging us by how much throughput we are using and I just want to see if their numbers add up to whatever I get using a throughput tool of some kind. ... (6 Replies)
Discussion started by: mcraul
6 Replies

6. AIX

Tool to monitor the performance of the system ..

Dear experts , Pls advice for any good Tool to monitor the CPU and performance of AIX the system .. to keep monitoring to show me the utilization of that system .. (12 Replies)
Discussion started by: Mr.AIX
12 Replies

7. IP Networking

IPSec VPN Routing

Hello, I'm trying to setup a gateway VPN between two routers across an unsecured network between two local networks. The routers are both linux and I'm using the ipsec tools, racoon and setkey. So far hosts from either local net can successfully ping hosts on the other local net without issue. ... (0 Replies)
Discussion started by: salukibob
0 Replies

8. IP Networking

VPN IPSec Openswan

Hi all, I have installed Openswan and configured IPSec and works perfect, but for some unknown reasons it stop working. I see that the tunnels are up and established. The route to the destination are added. Everything by the book seems to be ok. But somehow when i start to ping the other side (... (4 Replies)
Discussion started by: ivancd
4 Replies

9. IP Networking

IPSec Openswan Site to Site VPN - Big Pain

Hi @all, I try to connect 2 LANs with IPSec/Openswan LAN 1: 192.168.0.0/24 LAN 2: 192.168.1.0/24 This is my Config: conn HomeVPN # # Left security gateway, subnet behind it, nexthop toward right. left=192.168.1.29 ... (1 Reply)
Discussion started by: bahnhasser83
1 Replies

LEARN ABOUT CENTOS

racoonctl

RACOONCTL(8)						    BSD System Manager's Manual 					      RACOONCTL(8)

NAME

     racoonctl -- racoon administrative control tool

SYNOPSIS

     racoonctl [opts] reload-config
     racoonctl [opts] show-schedule
     racoonctl [opts] show-sa [isakmp|esp|ah|ipsec]
     racoonctl [opts] get-sa-cert [inet|inet6] src dst
     racoonctl [opts] flush-sa [isakmp|esp|ah|ipsec]
     racoonctl [opts] delete-sa saopts
     racoonctl [opts] establish-sa [-w] [-n remoteconf] [-u identity] saopts
     racoonctl [opts] vpn-connect [-u identity] vpn_gateway
     racoonctl [opts] vpn-disconnect vpn_gateway
     racoonctl [opts] show-event
     racoonctl [opts] logout-user login

DESCRIPTION

     racoonctl is used to control racoon(8) operation, if ipsec-tools was configured with adminport support.  Communication between racoonctl and
     racoon(8) is done through a UNIX socket.  By changing the default mode and ownership of the socket, you can allow non-root users to alter
     racoon(8) behavior, so do that with caution.

     The following general options are available:

     -d      Debug mode.  Hexdump sent admin port commands.

     -l      Increase verbosity.  Mainly for show-sa command.

     -s socket
	     Specify unix socket name used to connecting racoon.

     The following commands are available:

     reload-config
	     This should cause racoon(8) to reload its configuration file.

     show-schedule
	     Unknown command.

     show-sa [isakmp|esp|ah|ipsec]
	     Dump the SA: All the SAs if no SA class is provided, or either ISAKMP SAs, IPsec ESP SAs, IPsec AH SAs, or all IPsec SAs.	Use -l to
	     increase verbosity.

     get-sa-cert [inet|inet6] src dst
	     Output the raw certificate that was used to authenticate the phase 1 matching src and dst.

     flush-sa [isakmp|esp|ah|ipsec]
	     is used to flush all SAs if no SA class is provided, or a class of SAs, either ISAKMP SAs, IPsec ESP SAs, IPsec AH SAs, or all IPsec
	     SAs.

     establish-sa [-w] [-n remoteconf] [-u username] saopts
	     Establish an SA, either an ISAKMP SA, IPsec ESP SA, or IPsec AH SA.  The optional -u username can be used when establishing an ISAKMP
	     SA while hybrid auth is in use.  The exact remote block to use can be specified with -n remoteconf.  racoonctl will prompt you for
	     the password associated with username and these credentials will be used in the Xauth exchange.

	     Specifying -w will make racoonctl wait until the SA is actually established or an error occurs.

	     saopts has the following format:

	     isakmp {inet|inet6} src dst

	     {esp|ah} {inet|inet6} src/prefixlen/port dst/prefixlen/port
	       {icmp|tcp|udp|gre|any}

     vpn-connect [-u username] vpn_gateway
	     This is a particular case of the previous command.  It will establish an ISAKMP SA with vpn_gateway.

     delete-sa saopts
	     Delete an SA, either an ISAKMP SA, IPsec ESP SA, or IPsec AH SA.

     vpn-disconnect vpn_gateway
	     This is a particular case of the previous command.  It will kill all SAs associated with vpn_gateway.

     show-event
	     Listen for all events reported by racoon(8).

     logout-user login
	     Delete all SA established on behalf of the Xauth user login.

     Command shortcuts are available:
	   rc	reload-config
	   ss	show-sa
	   sc	show-schedule
	   fs	flush-sa
	   ds	delete-sa
	   es	establish-sa
	   vc	vpn-connect
	   vd	vpn-disconnect
	   se	show-event
	   lu	logout-user

RETURN VALUES

     The command should exit with 0 on success, and non-zero on errors.

FILES

     /var/racoon/racoon.sock or
     /var/run/racoon.sock	     racoon(8) control socket.

SEE ALSO

     ipsec(4), racoon(8)

HISTORY

     Once was kmpstat in the KAME project.  It turned into racoonctl but remained undocumented for a while.  Emmanuel Dreyfus <manu@NetBSD.org>
     wrote this man page.

BSD
								  March 12, 2009							       BSD
All times are GMT -4. The time now is 10:55 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy