Reset Virtual Private Network (VPN) information Reset all tunnels for given peer vpn ipsec site-to-site peer Reset a specific tunnel for given peer sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="reset-peer" --name="$4" --tunnel="$6" Reset the VTI tunnel for given peer sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="reset-peer" --name="$4" --tunnel="vti" sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="reset-peer" --name="$4" --tunnel="all" Reset all tunnels for given DMVPN profile vpn ipsec profile Reset a specific tunnel for given DMVPN profile sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="reset-profile" --name="$4" --tunnel="$6" sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="reset-profile" --name="$4" --tunnel="all" Restart IPSec VPN if pgrep charon >/dev/null ; then sudo ipsec restart ; sleep 3 ; sudo swanctl -q ; else echo "IPSec process not running" ; fi Show Virtual Private Network (VPN) information Show VPN debugging information Show debugging information for a peer Show debug information for peer tunnel sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="vpn-debug" --name="$5" --tunnel="$7" sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="vpn-debug" --name="$5" --tunnel="all" sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="vpn-debug" --name="all" Show Internet Key Exchange (IKE) information Show all currently active IKE Security Associations (SA) Show all currently active IKE Security Associations (SA) that are using NAT Traversal sudo ${vyos_op_scripts_dir}/vpn_ike_sa.py --nat="yes" Show all currently active IKE Security Associations (SA) for a peer sudo ${vyos_op_scripts_dir}/vpn_ike_sa.py --peer="$6" sudo ${vyos_op_scripts_dir}/vpn_ike_sa.py Show all the pre-shared key secrets sudo cat /etc/ipsec.secrets | sed 's/#.*//' Show summary of IKE process information if pgrep charon >/dev/null ; then echo "Running: $(pgrep charon)" ; else echo "Process is not running" ; fi Show Internet Protocol Security (IPSec) information Show the in-kernel crypto policies sudo ip xfrm policy list Show all active IPSec Security Associations (SA) Show Verbose Detail on all active IPSec Security Associations (SA) if pgrep charon >/dev/null ; then sudo /usr/sbin/ipsec statusall ; else echo "IPSec process not running" ; fi if pgrep charon >/dev/null ; then sudo /usr/libexec/vyos/op_mode/show_ipsec_sa.py ; else echo "IPSec process not running" ; fi Show the in-kernel crypto state sudo ip xfrm state list Show status of IPSec process if pgrep charon >/dev/null ; then echo -e "IPSec Process Running: $(pgrep charon)\n$(sudo /usr/sbin/ipsec status)" ; else echo "IPSec process not running" ; fi