VPN key generation utility
Generate local RSA key (default: bits=2192)
Generate local RSA key with specified number of bits
<16-4096>
sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="rsa-key" --bits="$5"
sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="rsa-key" --bits="2192"
x509 key-pair generation tool
Generate x509 key-pair
<common-name>
sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="x509" --name="$5"
Reset Virtual Private Network (VPN) information
Reset all tunnels for given peer
vpn ipsec site-to-site peer
Reset a specific tunnel for given peer
sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="reset-peer" --name="$4" --tunnel="$6"
Reset the VTI tunnel for given peer
sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="reset-peer" --name="$4" --tunnel="vti"
sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="reset-peer" --name="$4" --tunnel="all"
Reset all tunnels for given DMVPN profile
vpn ipsec profile
Reset a specific tunnel for given DMVPN profile
sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="reset-profile" --name="$4" --tunnel="$6"
sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="reset-profile" --name="$4" --tunnel="all"
Restart IPSec VPN
if pgrep charon >/dev/null ; then sudo /usr/sbin/ipsec restart ; else echo "IPSec process not running" ; fi
Show Virtual Private Network (VPN) information
Show VPN debugging information
Show debugging information for a peer
Show debugging information for a peer's tunnel
sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="vpn-debug" --name="$5" --tunnel="$7"
sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="vpn-debug" --name="$5" --tunnel="all"
sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="vpn-debug" --name="all"
Show Internet Key Exchange (IKE) information
Show VPN RSA keys
sudo ${vyos_op_scripts_dir}/vpn_ipsec.py --action="rsa-key-show"
Show all currently active IKE Security Associations (SA)
Show all currently active IKE Security Associations (SA) that are using NAT Traversal
sudo ${vyos_op_scripts_dir}/vpn_ike_sa.py --nat="yes"
Show all currently active IKE Security Associations (SA) for a peer
sudo ${vyos_op_scripts_dir}/vpn_ike_sa.py --peer="$6"
sudo ${vyos_op_scripts_dir}/vpn_ike_sa.py
Show all the pre-shared key secrets
sudo cat /etc/ipsec.secrets | sed 's/#.*//'
Show summary of IKE process information
if pgrep charon >/dev/null ; then echo "Running: $(pgrep charon)" ; else echo "Process is not running" ; fi
Show Internet Protocol Security (IPSec) information
Show the in-kernel crypto policies
sudo ip xfrm policy list
Show all active IPSec Security Associations (SA)
Show Verbose Detail on all active IPSec Security Associations (SA)
if pgrep charon >/dev/null ; then sudo /usr/sbin/ipsec statusall ; else echo "IPSec process not running" ; fi
if pgrep charon >/dev/null ; then sudo /usr/libexec/vyos/op_mode/show_ipsec_sa.py ; else echo "IPSec process not running" ; fi
Show the in-kernel crypto state
sudo ip xfrm state list
Show status of IPSec process
if pgrep charon >/dev/null ; then echo -e "IPSec Process Running: $(pgrep charon)\n$(sudo /usr/sbin/ipsec status)" ; else echo "IPSec process not running" ; fi