From 73ac84619e6a71933d0f4cd3432f066a2a731128 Mon Sep 17 00:00:00 2001
From: Viacheslav Hletenko <v.gletenko@vyos.io>
Date: Mon, 25 Apr 2022 09:25:11 +0000
Subject: op-mode: T4395: Extend show vpn debug

Get more VPN IPSec information with swanctl and iproute2 commands
---
 src/op_mode/vpn_ipsec.py | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

(limited to 'src')

diff --git a/src/op_mode/vpn_ipsec.py b/src/op_mode/vpn_ipsec.py
index 40854fa8f..8955e5a59 100755
--- a/src/op_mode/vpn_ipsec.py
+++ b/src/op_mode/vpn_ipsec.py
@@ -88,7 +88,22 @@ def reset_profile(profile, tunnel):
 
 def debug_peer(peer, tunnel):
     if not peer or peer == "all":
-        call('sudo /usr/sbin/ipsec statusall')
+        debug_commands = [
+            "sudo ipsec statusall",
+            "sudo swanctl -L",
+            "sudo swanctl -l",
+            "sudo swanctl -P",
+            "sudo ip x sa show",
+            "sudo ip x policy show",
+            "sudo ip tunnel show",
+            "sudo ip address",
+            "sudo ip rule show",
+            "sudo ip route | head -100",
+            "sudo ip route show table 220"
+        ]
+        for debug_cmd in debug_commands:
+            print(f'\n### {debug_cmd} ###')
+            call(debug_cmd)
         return
 
     if not tunnel or tunnel == 'all':
-- 
cgit v1.2.3