Reset Virtual Private Network (VPN) information Reset IPSec VPN sessions Reset a specific tunnel for given DMVPN profile vpn ipsec profile Reset a specific tunnel for given DMVPN profile Reset a specific tunnel for given DMVPN NBMA <x.x.x.x> <h:h:h:h:h:h:h:h> sudo ${vyos_op_scripts_dir}/ipsec.py reset_profile_dst --profile="$5" --tunnel="$7" --nbma-dst="$9" sudo ${vyos_op_scripts_dir}/ipsec.py reset_profile_all --profile="$5" --tunnel="$7" Reset remote access IPSec VPN connections Reset all users current remote access IPSec VPN sessions sudo ${vyos_op_scripts_dir}/ipsec.py reset_ra Reset specified user current remote access IPsec VPN session(s) sudo ${vyos_op_scripts_dir}/ipsec.py reset_ra --user="$6" Reset site-to-site IPSec VPN connections Reset all site-to-site IPSec VPN sessions sudo ${vyos_op_scripts_dir}/ipsec.py reset_all_peers Reset all tunnels for given peer vpn ipsec site-to-site peer Reset a specific tunnel for given peer vpn ipsec site-to-site peer ${COMP_WORDS[5]} tunnel sudo ${vyos_op_scripts_dir}/ipsec.py reset_peer --peer="$6" --tunnel="$8" Reset the VTI tunnel for given peer sudo ${vyos_op_scripts_dir}/ipsec.py reset_peer --peer="$6" --tunnel="vti" sudo ${vyos_op_scripts_dir}/ipsec.py reset_peer --peer="$6" Restart the IPsec VPN process if systemctl is-active --quiet strongswan; then sudo systemctl restart strongswan ; echo "IPsec process restarted"; else echo "IPsec process not running" ; fi Show Virtual Private Network (VPN) information Show VPN debugging information Show debugging information for a peer vpn ipsec site-to-site peer Show debug information for peer tunnel sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="vpn-debug" --name="$5" --tunnel="$7" sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="vpn-debug" --name="$5" --tunnel="all" sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="vpn-debug" --name="all" Show Internet Key Exchange (IKE) information Show all currently active IKE Security Associations (SA) Show all currently active IKE Security Associations (SA) that are using NAT Traversal sudo ${vyos_op_scripts_dir}/vpn_ike_sa.py --nat="yes" Show all currently active IKE Security Associations (SA) for a peer sudo ${vyos_op_scripts_dir}/vpn_ike_sa.py --peer="$6" sudo ${vyos_op_scripts_dir}/vpn_ike_sa.py Show all the pre-shared key secrets ${vyos_op_scripts_dir}/ipsec.py show_psk Show summary of IKE process information if systemctl is-active --quiet strongswan ; then systemctl status strongswan ; else echo "Process is not running" ; fi Show Internet Protocol Security (IPsec) information Show VPN connections sudo ${vyos_op_scripts_dir}/ipsec.py show_connections Show the in-kernel crypto policies sudo ip xfrm policy list Show active VPN server sessions Show detail active IKEv2 RA sessions if systemctl is-active --quiet strongswan ; then sudo ${vyos_op_scripts_dir}/ipsec.py show_ra_detail; else echo "IPsec process not running" ; fi Show detail active IKEv2 RA sessions by connection-id if systemctl is-active --quiet strongswan ; then sudo ${vyos_op_scripts_dir}/ipsec.py show_ra_detail --conn-id="$6"; else echo "IPsec process not running" ; fi Show active IKEv2 RA sessions summary if systemctl is-active --quiet strongswan ; then sudo ${vyos_op_scripts_dir}/ipsec.py show_ra_summary; else echo "IPsec process not running" ; fi Show detail active IKEv2 RA sessions by username if systemctl is-active --quiet strongswan ; then sudo ${vyos_op_scripts_dir}/ipsec.py show_ra_detail --username="$6"; else echo "IPsec process not running" ; fi Show all active IPsec Security Associations (SA) Show Verbose Detail on all active IPsec Security Associations (SA) if systemctl is-active --quiet strongswan ; then sudo ${vyos_op_scripts_dir}/ipsec.py show_sa_detail ; else echo "IPsec process not running" ; fi if systemctl is-active --quiet strongswan ; then sudo ${vyos_op_scripts_dir}/ipsec.py show_sa ; else echo "IPsec process not running" ; fi Show the in-kernel crypto state sudo ip xfrm state list Show status of IPsec process if systemctl is-active --quiet strongswan >/dev/null ; then echo -e "IPsec Process Running: $(pgrep charon)\n$(sudo /usr/sbin/ipsec status)" ; else echo "IPsec process not running" ; fi