Reset Virtual Private Network (VPN) information
Reset all tunnels for given peer
vpn ipsec site-to-site peer
Reset a specific tunnel for given peer
sudo ${vyos_op_scripts_dir}/ipsec.py reset_peer --peer="$4" --tunnel="$6"
Reset the VTI tunnel for given peer
sudo ${vyos_op_scripts_dir}/ipsec.py reset_peer --peer="$4" --tunnel="vti"
sudo ${vyos_op_scripts_dir}/ipsec.py reset_peer --peer="$4" --tunnel="all"
Reset all tunnels for given DMVPN profile
vpn ipsec profile
Reset a specific tunnel for given DMVPN profile
sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="reset-profile" --name="$4" --tunnel="$6"
sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="reset-profile" --name="$4" --tunnel="all"
Restart the IPsec VPN process
if pgrep charon >/dev/null ; then sudo ipsec restart ; sleep 3 ; sudo swanctl -q ; else echo "IPsec process not running" ; fi
Show Virtual Private Network (VPN) information
Show VPN debugging information
Show debugging information for a peer
vpn ipsec site-to-site peer
Show debug information for peer tunnel
sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="vpn-debug" --name="$5" --tunnel="$7"
sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="vpn-debug" --name="$5" --tunnel="all"
sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="vpn-debug" --name="all"
Show Internet Key Exchange (IKE) information
Show all currently active IKE Security Associations (SA)
Show all currently active IKE Security Associations (SA) that are using NAT Traversal
sudo ${vyos_op_scripts_dir}/vpn_ike_sa.py --nat="yes"
Show all currently active IKE Security Associations (SA) for a peer
sudo ${vyos_op_scripts_dir}/vpn_ike_sa.py --peer="$6"
sudo ${vyos_op_scripts_dir}/vpn_ike_sa.py
Show all the pre-shared key secrets
sudo cat /etc/ipsec.secrets | sed 's/#.*//'
Show summary of IKE process information
if pgrep charon >/dev/null ; then echo "Running: $(pgrep charon)" ; else echo "Process is not running" ; fi
Show Internet Protocol Security (IPsec) information
Show the in-kernel crypto policies
sudo ip xfrm policy list
Show active VPN server sessions
${vyos_op_scripts_dir}/show_vpn_ra.py
Show all active IPsec Security Associations (SA)
Show Verbose Detail on all active IPsec Security Associations (SA)
if pgrep charon >/dev/null ; then sudo /usr/sbin/ipsec statusall ; else echo "IPsec process not running" ; fi
if pgrep charon >/dev/null ; then sudo ${vyos_op_scripts_dir}/ipsec.py show_sa ; else echo "IPsec process not running" ; fi
Show the in-kernel crypto state
sudo ip xfrm state list
Show status of IPsec process
if pgrep charon >/dev/null ; then echo -e "IPsec Process Running: $(pgrep charon)\n$(sudo /usr/sbin/ipsec status)" ; else echo "IPsec process not running" ; fi