[Swan] Monitor Libreswan IPsec VPN tunnel using Nagios

Kaushal Shriyan kaushalshriyan at gmail.com
Mon Oct 22 11:49:33 UTC 2018


Hi,

I have the below Nagios plugin bash script

#!/bin/bash
> # Written By Nicole
> # Any Comments or Questions please e-mail to ml at nicole-haehnel.de
> #
> # Plugin Name: check_ipsec
> # Version: 2.0
> # Date: 26/08/2008
> #
> # Usage: check_ipsec --tunnels <n>
> #
> # gateways.txt file must be located in same directory
> # and has to look like:
> # nameofconn1 192.168.0.1
> # nameofconn2 192.168.1.1
> #
> # ------------Defining Variables------------
> PROGNAME=`basename $0`
> PROGPATH=`echo $0 | sed -e 's,[\\/][^\\/][^\\/]*$,,'`
> REVISION=`echo '$Revision: 2.0 $' | sed -e 's/[^0-9.]//g'`
> #STRONG=`$IPSECBIN --version |grep strongSwan | wc -l`
> DOWN=""
> # ---------- Change to your needs ----------
> PLUGINPATH="/usr/lib64/nagios/plugins"
> GATEWAYLIST="gateways.txt"
> IPSECBIN="/usr/sbin/ipsec"
> FPINGBIN="/usr/sbin/fping"
> # ping server in network on the other side of the tunnel
> PINGIP=1 # ping yes or no (1/0)
> # ------------------------------------------
> . $PROGPATH/utils.sh
>
> # Testing availability of $IPSECBIN, $FPINGBIN and $GATEWAYLIST
> if [ $# -eq 0 ];
> then
>    echo UNKNOWN - missing Arguments. Run check_ipsec --help
>    exit $STATE_UNKNOWN
> fi
> test -e $IPSECBIN
> if [ $? -ne 0 ];
> then
> echo CRITICAL - $IPSECBIN not exist
> exit $STATE_CRITICAL
> else
> STRONG=`$IPSECBIN --version |grep strongSwan | wc -l`
> fi
> if [ $PINGIP -eq 1 ]
> then
> test -e $FPINGBIN
> if [ $? -ne 0 ];
> then
> echo CRITICAL - $FPINGBIN not exist
> exit $STATE_CRITICAL
> fi
> fi
> test -e $PROGPATH/$GATEWAYLIST
> if [ $? -ne 0 ];
> then
>    echo CRITICAL - $GATEWAYLIST not exist
>    exit $STATE_CRITICAL
> fi
> print_usage() {
>         echo "Usage:"
>         echo " $PROGNAME --tunnels <number of configured tunnels>"
>         echo " $PROGNAME --help"
>         echo " $PROGNAME --version"
>         echo " Created by Nicole, questions or problems e-mail
> ml at nicole-haehnel.de"
> echo ""
> }
> print_help() {
>         print_revision $PROGNAME $REVISION
>         echo ""
>         print_usage
>         echo " Checks vpn connection status of an openswan or strongswan
> installation."
> echo ""
>         echo " --tunnels <number of configured tunnels>"
> echo " -T <number of configured tunnels>"
>         echo " provides the tunnel status of the openswan or strongswan
> installation"
> echo ""
>         echo " --help"
> echo " -h"
>         echo " prints this help screen"
> echo ""
>         echo " --version"
> echo " -V"
>         echo " Print version and license information"
>         echo ""
> }
> check_tunnel() {
> if [[ "$STRONG" -eq "1" ]]
> then
>     eroutes=`$IPSECBIN status | grep -e "IPsec SA established" | grep -e
> "newest IPSEC" | wc -l`
> else
>     eroutes=`$IPSECBIN whack --status | grep -e "IPsec SA established" |
> grep -e "newest IPSEC" | wc -l`
> fi
>
> if [[ "$eroutes" -eq "$2" ]]
> then
> echo "OK - All $2 tunnels are up an running"
> exit $STATE_OK
> elif [[ "$eroutes" -gt "$2" ]]
> then
> echo "WARNING - More than $2 ($eroutes) tunnels are up an running"
>                 exit $STATE_WARNING
> else
> echo "CRITICAL - Only $eroutes tunnels from $2 are up an running -
> $(location)"
> exit $STATE_CRITICAL
> fi
> }
>
> location() {
> count=0
> i=1
> while read line; do
> CONN=`echo $line| awk '{print $1}'`
> IP=`echo $line| awk '{print $2}'`
> if [[ "$STRONG" -eq "1" ]]
> then
>     tunneltest=`$IPSECBIN status | grep -e "IPsec SA established" | grep
> -e "newest IPSEC" |grep -e $CONN | wc -l`
> else
>     tunneltest=`$IPSECBIN whack --status | grep -e "IPsec SA established"
> | grep -e "newest IPSEC" |grep -e "$CONN" | wc -l`
> fi
> if [[ "$tunneltest" -eq "0" ]]
>     then
>         count=$[$count+1]
>         DOWN="$DOWN $CONN"
>     fi
>     if [[ "$PINGIP" -eq "1" && "$tunneltest" -eq "1" ]]
>     then
>         alive=`$FPINGBIN $IP -r 1 | grep alive | wc -l`
>         if [[ "$alive" -eq "0" ]]
>         then
>             count=$[$count+1]
>             DOWN="$DOWN $CONN (no ping)"
>         fi
>     fi
>
> i=$[$i+1]
> done < $PLUGINPATH/$GATEWAYLIST
> echo $DOWN
> }
>
> case "$1" in
> --help)
>         print_help
>         exit $STATE_OK
>         ;;
> -h)
>         print_help
>         exit $STATE_OK
>         ;;
> --version)
>         print_revision $PLUGIN $REVISION
>         exit $STATE_OK
>         ;;
> -V)
>         print_revision $PLUGIN $REVISION
>         exit $STATE_OK
>         ;;
> --tunnels)
>         check_tunnel $1 $2
>         ;;
> -T)
>         check_tunnel $1 $2
>         ;;
> *)
>         print_help
>         exit $STATE_OK
> esac


[root@ plugins]#./check_ipsec --tunnels 2
*OK - All 2 tunnels are up an running*
[root@ plugins]#

*ipsec whack --globalstatus*
> config.setup.ike.ddos_threshold=25000
> config.setup.ike.max_halfopen=50000
> current.states.all=5
> current.states.ipsec=2
> current.states.ike=2
> current.states.shunts=1
> current.states.iketype.anonymous=0
> current.states.iketype.authenticated=2
> current.states.iketype.halfopen=0
> current.states.iketype.open=0
> current.states.enumerate.STATE_MAIN_R0=0
> current.states.enumerate.STATE_MAIN_I1=0
> current.states.enumerate.STATE_MAIN_R1=0
> current.states.enumerate.STATE_MAIN_I2=0
> current.states.enumerate.STATE_MAIN_R2=0
> current.states.enumerate.STATE_MAIN_I3=0
> current.states.enumerate.STATE_MAIN_R3=0
> current.states.enumerate.STATE_MAIN_I4=2
> current.states.enumerate.STATE_AGGR_R0=0
> current.states.enumerate.STATE_AGGR_I1=0
> current.states.enumerate.STATE_AGGR_R1=0
> current.states.enumerate.STATE_AGGR_I2=0
> current.states.enumerate.STATE_AGGR_R2=0
> current.states.enumerate.STATE_QUICK_R0=0
> current.states.enumerate.STATE_QUICK_I1=0
> current.states.enumerate.STATE_QUICK_R1=0
> current.states.enumerate.STATE_QUICK_I2=2
> current.states.enumerate.STATE_QUICK_R2=0
> current.states.enumerate.STATE_INFO=0
> current.states.enumerate.STATE_INFO_PROTECTED=0
> current.states.enumerate.STATE_XAUTH_R0=0
> current.states.enumerate.STATE_XAUTH_R1=0
> current.states.enumerate.STATE_MODE_CFG_R0=0
> current.states.enumerate.STATE_MODE_CFG_R1=0
> current.states.enumerate.STATE_MODE_CFG_R2=0
> current.states.enumerate.STATE_MODE_CFG_I1=0
> current.states.enumerate.STATE_XAUTH_I0=0
> current.states.enumerate.STATE_XAUTH_I1=0
> current.states.enumerate.STATE_IKEv2_BASE=0
> current.states.enumerate.STATE_PARENT_I1=0
> current.states.enumerate.STATE_PARENT_I2=0
> current.states.enumerate.STATE_PARENT_I3=0
> current.states.enumerate.STATE_PARENT_R1=0
> current.states.enumerate.STATE_PARENT_R2=0
> current.states.enumerate.STATE_V2_CREATE_I0=0
> current.states.enumerate.STATE_V2_CREATE_I=0
> current.states.enumerate.STATE_V2_REKEY_IKE_I0=0
> current.states.enumerate.STATE_V2_REKEY_IKE_I=0
> current.states.enumerate.STATE_V2_REKEY_CHILD_I0=0
> current.states.enumerate.STATE_V2_REKEY_CHILD_I=0
> current.states.enumerate.STATE_V2_CREATE_R=0
> current.states.enumerate.STATE_V2_REKEY_IKE_R=0
> current.states.enumerate.STATE_V2_REKEY_CHILD_R=0
> current.states.enumerate.STATE_V2_IPSEC_I=0
> current.states.enumerate.STATE_V2_IPSEC_R=0
> current.states.enumerate.STATE_IKESA_DEL=0
> current.states.enumerate.STATE_CHILDSA_DEL=0
> total.ipsec.type.all=86
> total.ipsec.type.esp=1514
> total.ipsec.type.ah=0
> total.ipsec.type.ipcomp=0
> total.ipsec.type.esn=0
> total.ipsec.type.tfc=0
> total.ipsec.type.encap=0
> total.ipsec.type.non_encap=1514
> total.ipsec.traffic.in=7497596
> total.ipsec.traffic.out=20134927
> total.ike.ikev2.established=0
> total.ike.ikev2.failed=0
> total.ike.ikev1.established=2241
> total.ike.ikev1.failed=16
> total.ike.dpd.sent=0
> total.ike.dpd.recv=0
> total.ike.dpd.replied=420970
> total.ike.traffic.in=40535112
> total.ike.traffic.out=40601452
> total.xauth.started=0
> total.xauth.stopped=0
> total.xauth.aborted=0
> total.ikev1.encr.3DES_CBC=0
> total.ikev1.encr.CAST_CBC=0
> total.ikev1.encr.AES_CBC=2241
> total.ikev1.encr.CAMELLIA_CBC=0
> total.ikev1.encr.AES_CTR=0
> total.ikev1.encr.AES_CCM_A=0
> total.ikev1.encr.AES_CCM_B=0
> total.ikev1.encr.AES_CCM_16=0
> total.ikev1.encr.AES_GCM_A=0
> total.ikev1.encr.AES_GCM_B=0
> total.ikev1.encr.AES_GCM_C=0
> total.ikev1.encr.CAMELLIA_CTR=0
> total.ikev1.encr.CAMELLIA_CCM_A=0
> total.ikev1.encr.CAMELLIA_CCM_B=0
> total.ikev1.encr.CAMELLIA_CCM_C=0
> total.ikev1.integ.MD5=0
> total.ikev1.integ.SHA1=2241
> total.ikev1.integ.SHA2_256=0
> total.ikev1.integ.SHA2_384=0
> total.ikev1.integ.SHA2_512=0
> total.ikev1.group.MODP768=0
> total.ikev1.group.MODP1024=2241
> total.ikev1.group.MODP1536=0
> total.ikev1.group.MODP2048=0
> total.ikev1.group.MODP3072=0
> total.ikev1.group.MODP4096=0
> total.ikev1.group.MODP6144=0
> total.ikev1.group.MODP8192=0
> total.ikev1.group.ECP_256=0
> total.ikev1.group.ECP_384=0
> total.ikev1.group.ECP_521=0
> total.ikev1.group.DH22=0
> total.ikev1.group.DH23=0
> total.ikev1.group.DH24=0
> total.ikev1.group.ECP_192=0
> total.ikev1.group.ECP_224=0
> total.ikev1.group.BRAINPOOL_P224R1=0
> total.ikev1.group.BRAINPOOL_P256R1=0
> total.ikev1.group.BRAINPOOL_P384R1=0
> total.ikev1.group.BRAINPOOL_P512R1=0
> total.ikev1.group.CURVE25519=0
> total.ikev1.group.CURVE448=0
> total.ikev2.encr.3DES=0
> total.ikev2.encr.CAST=0
> total.ikev2.encr.NULL=0
> total.ikev2.encr.AES_CBC=0
> total.ikev2.encr.AES_CTR=0
> total.ikev2.encr.AES_CCM_A=0
> total.ikev2.encr.AES_CCM_B=0
> total.ikev2.encr.AES_CCM_C=0
> total.ikev2.encr.AES_GCM_A=0
> total.ikev2.encr.AES_GCM_B=0
> total.ikev2.encr.AES_GCM_C=0
> total.ikev2.encr.NULL_AUTH_AES_GMAC=0
> total.ikev2.encr.CAMELLIA_CBC=0
> total.ikev2.encr.CAMELLIA_CTR=0
> total.ikev2.encr.CAMELLIA_CCM_A=0
> total.ikev2.encr.CAMELLIA_CCM_B=0
> total.ikev2.encr.CAMELLIA_CCM_C=0
> total.ikev2.encr.CHACHA20_POLY1305=0
> total.ikev2.integ.HMAC_MD5_96=0
> total.ikev2.integ.HMAC_SHA1_96=0
> total.ikev2.integ.AES_XCBC_96=0
> total.ikev2.integ.HMAC_MD5_128=0
> total.ikev2.integ.HMAC_SHA1_160=0
> total.ikev2.integ.AES_CMAC_96=0
> total.ikev2.integ.AES_128_GMAC=0
> total.ikev2.integ.AES_192_GMAC=0
> total.ikev2.integ.AES_256_GMAC=0
> total.ikev2.integ.HMAC_SHA2_256_128=0
> total.ikev2.integ.HMAC_SHA2_384_192=0
> total.ikev2.integ.HMAC_SHA2_512_256=86
> total.ikev2.group.MODP768=0
> total.ikev2.group.MODP1024=0
> total.ikev2.group.MODP1536=0
> total.ikev2.group.MODP2048=0
> total.ikev2.group.MODP3072=0
> total.ikev2.group.MODP4096=0
> total.ikev2.group.MODP6144=0
> total.ikev2.group.MODP8192=0
> total.ikev2.group.ECP_256=0
> total.ikev2.group.ECP_384=0
> total.ikev2.group.ECP_521=0
> total.ikev2.group.DH22=0
> total.ikev2.group.DH23=0
> total.ikev2.group.DH24=0
> total.ikev2.group.ECP_192=0
> total.ikev2.group.ECP_224=0
> total.ikev2.group.BRAINPOOL_P224R1=0
> total.ikev2.group.BRAINPOOL_P256R1=0
> total.ikev2.group.BRAINPOOL_P384R1=0
> total.ikev2.group.BRAINPOOL_P512R1=0
> total.ikev2.group.CURVE25519=0
> total.ikev2.group.CURVE448=0
> total.ikev2.recv.invalidke.using.MODP768=0
> total.ikev2.recv.invalidke.using.MODP1024=0
> total.ikev2.recv.invalidke.using.MODP1536=0
> total.ikev2.recv.invalidke.using.MODP2048=0
> total.ikev2.recv.invalidke.using.MODP3072=0
> total.ikev2.recv.invalidke.using.MODP4096=0
> total.ikev2.recv.invalidke.using.MODP6144=0
> total.ikev2.recv.invalidke.using.MODP8192=0
> total.ikev2.recv.invalidke.using.ECP_256=0
> total.ikev2.recv.invalidke.using.ECP_384=0
> total.ikev2.recv.invalidke.using.ECP_521=0
> total.ikev2.recv.invalidke.using.DH22=0
> total.ikev2.recv.invalidke.using.DH23=0
> total.ikev2.recv.invalidke.using.DH24=0
> total.ikev2.recv.invalidke.using.ECP_192=0
> total.ikev2.recv.invalidke.using.ECP_224=0
> total.ikev2.recv.invalidke.using.BRAINPOOL_P224R1=0
> total.ikev2.recv.invalidke.using.BRAINPOOL_P256R1=0
> total.ikev2.recv.invalidke.using.BRAINPOOL_P384R1=0
> total.ikev2.recv.invalidke.using.BRAINPOOL_P512R1=0
> total.ikev2.recv.invalidke.using.CURVE25519=0
> total.ikev2.recv.invalidke.using.CURVE448=0
> total.ikev2.recv.invalidke.suggesting.MODP768=0
> total.ikev2.recv.invalidke.suggesting.MODP1024=0
> total.ikev2.recv.invalidke.suggesting.MODP1536=0
> total.ikev2.recv.invalidke.suggesting.MODP2048=0
> total.ikev2.recv.invalidke.suggesting.MODP3072=0
> total.ikev2.recv.invalidke.suggesting.MODP4096=0
> total.ikev2.recv.invalidke.suggesting.MODP6144=0
> total.ikev2.recv.invalidke.suggesting.MODP8192=0
> total.ikev2.recv.invalidke.suggesting.ECP_256=0
> total.ikev2.recv.invalidke.suggesting.ECP_384=0
> total.ikev2.recv.invalidke.suggesting.ECP_521=0
> total.ikev2.recv.invalidke.suggesting.DH22=0
> total.ikev2.recv.invalidke.suggesting.DH23=0
> total.ikev2.recv.invalidke.suggesting.DH24=0
> total.ikev2.recv.invalidke.suggesting.ECP_192=0
> total.ikev2.recv.invalidke.suggesting.ECP_224=0
> total.ikev2.recv.invalidke.suggesting.BRAINPOOL_P224R1=0
> total.ikev2.recv.invalidke.suggesting.BRAINPOOL_P256R1=0
> total.ikev2.recv.invalidke.suggesting.BRAINPOOL_P384R1=0
> total.ikev2.recv.invalidke.suggesting.BRAINPOOL_P512R1=0
> total.ikev2.recv.invalidke.suggesting.CURVE25519=0
> total.ikev2.recv.invalidke.suggesting.CURVE448=0
> total.ikev2.sent.invalidke.using.MODP768=0
> total.ikev2.sent.invalidke.using.MODP1024=0
> total.ikev2.sent.invalidke.using.MODP1536=0
> total.ikev2.sent.invalidke.using.MODP2048=0
> total.ikev2.sent.invalidke.using.MODP3072=0
> total.ikev2.sent.invalidke.using.MODP4096=0
> total.ikev2.sent.invalidke.using.MODP6144=0
> total.ikev2.sent.invalidke.using.MODP8192=0
> total.ikev2.sent.invalidke.using.ECP_256=0
> total.ikev2.sent.invalidke.using.ECP_384=0
> total.ikev2.sent.invalidke.using.ECP_521=0
> total.ikev2.sent.invalidke.using.DH22=0
> total.ikev2.sent.invalidke.using.DH23=0
> total.ikev2.sent.invalidke.using.DH24=0
> total.ikev2.sent.invalidke.using.ECP_192=0
> total.ikev2.sent.invalidke.using.ECP_224=0
> total.ikev2.sent.invalidke.using.BRAINPOOL_P224R1=0
> total.ikev2.sent.invalidke.using.BRAINPOOL_P256R1=0
> total.ikev2.sent.invalidke.using.BRAINPOOL_P384R1=0
> total.ikev2.sent.invalidke.using.BRAINPOOL_P512R1=0
> total.ikev2.sent.invalidke.using.CURVE25519=0
> total.ikev2.sent.invalidke.using.CURVE448=0
> total.ikev2.sent.invalidke.suggesting.MODP768=0
> total.ikev2.sent.invalidke.suggesting.MODP1024=0
> total.ikev2.sent.invalidke.suggesting.MODP1536=0
> total.ikev2.sent.invalidke.suggesting.MODP2048=0
> total.ikev2.sent.invalidke.suggesting.MODP3072=0
> total.ikev2.sent.invalidke.suggesting.MODP4096=0
> total.ikev2.sent.invalidke.suggesting.MODP6144=0
> total.ikev2.sent.invalidke.suggesting.MODP8192=0
> total.ikev2.sent.invalidke.suggesting.ECP_256=0
> total.ikev2.sent.invalidke.suggesting.ECP_384=0
> total.ikev2.sent.invalidke.suggesting.ECP_521=0
> total.ikev2.sent.invalidke.suggesting.DH22=0
> total.ikev2.sent.invalidke.suggesting.DH23=0
> total.ikev2.sent.invalidke.suggesting.DH24=0
> total.ikev2.sent.invalidke.suggesting.ECP_192=0
> total.ikev2.sent.invalidke.suggesting.ECP_224=0
> total.ikev2.sent.invalidke.suggesting.BRAINPOOL_P224R1=0
> total.ikev2.sent.invalidke.suggesting.BRAINPOOL_P256R1=0
> total.ikev2.sent.invalidke.suggesting.BRAINPOOL_P384R1=0
> total.ikev2.sent.invalidke.suggesting.BRAINPOOL_P512R1=0
> total.ikev2.sent.invalidke.suggesting.CURVE25519=0
> total.ikev2.sent.invalidke.suggesting.CURVE448=0
> total.ipsec.encr.3DES=0
> total.ipsec.encr.CAST=0
> total.ipsec.encr.NULL=0
> total.ipsec.encr.AES_CBC=1514
> total.ipsec.encr.AES_CTR=0
> total.ipsec.encr.AES_CCM_A=0
> total.ipsec.encr.AES_CCM_B=0
> total.ipsec.encr.AES_CCM_C=0
> total.ipsec.encr.AES_GCM_A=0
> total.ipsec.encr.AES_GCM_B=0
> total.ipsec.encr.AES_GCM_C=0
> total.ipsec.encr.NULL_AUTH_AES_GMAC=0
> total.ipsec.encr.CAMELLIA_CBC=0
> total.ipsec.encr.CAMELLIA_CTR=0
> total.ipsec.encr.CAMELLIA_CCM_A=0
> total.ipsec.encr.CAMELLIA_CCM_B=0
> total.ipsec.encr.CAMELLIA_CCM_C=0
> total.ipsec.encr.CHACHA20_POLY1305=0
> total.ipsec.integ.HMAC_MD5=0
> total.ipsec.integ.HMAC_SHA1=1514
> total.ipsec.integ.HMAC_SHA2_256=0
> total.ipsec.integ.HMAC_SHA2_384=0
> total.ipsec.integ.HMAC_SHA2_512=0
> total.ipsec.integ.HMAC_RIPEMD=0
> total.ipsec.integ.AES_XCBC=0
> total.ipsec.integ.AES_128_GMAC=0
> total.ipsec.integ.AES_192_GMAC=0
> total.ipsec.integ.AES_256_GMAC=0
> total.ikev1.sent.notifies.error.INVALID_PAYLOAD_TYPE=0
> total.ikev1.sent.notifies.error.DOI_NOT_SUPPORTED=0
> total.ikev1.sent.notifies.error.SITUATION_NOT_SUPPORTED=0
> total.ikev1.sent.notifies.error.INVALID_COOKIE=0
> total.ikev1.sent.notifies.error.INVALID_MAJOR_VERSION=0
> total.ikev1.sent.notifies.error.INVALID_MINOR_VERSION=0
> total.ikev1.sent.notifies.error.INVALID_EXCHANGE_TYPE=0
> total.ikev1.sent.notifies.error.INVALID_FLAGS=0
> total.ikev1.sent.notifies.error.INVALID_MESSAGE_ID=0
> total.ikev1.sent.notifies.error.INVALID_PROTOCOL_ID=0
> total.ikev1.sent.notifies.error.INVALID_SPI=0
> total.ikev1.sent.notifies.error.INVALID_TRANSFORM_ID=0
> total.ikev1.sent.notifies.error.ATTRIBUTES_NOT_SUPPORTED=0
> total.ikev1.sent.notifies.error.NO_PROPOSAL_CHOSEN=0
> total.ikev1.sent.notifies.error.BAD_PROPOSAL_SYNTAX=0
> total.ikev1.sent.notifies.error.PAYLOAD_MALFORMED=2
> total.ikev1.sent.notifies.error.INVALID_KEY_INFORMATION=0
> total.ikev1.sent.notifies.error.INVALID_ID_INFORMATION=0
> total.ikev1.sent.notifies.error.INVALID_CERT_ENCODING=0
> total.ikev1.sent.notifies.error.INVALID_CERTIFICATE=0
> total.ikev1.sent.notifies.error.CERT_TYPE_UNSUPPORTED=0
> total.ikev1.sent.notifies.error.INVALID_CERT_AUTHORITY=0
> total.ikev1.sent.notifies.error.INVALID_HASH_INFORMATION=0
> total.ikev1.sent.notifies.error.AUTHENTICATION_FAILED=0
> total.ikev1.sent.notifies.error.INVALID_SIGNATURE=0
> total.ikev1.sent.notifies.error.ADDRESS_NOTIFICATION=0
> total.ikev1.sent.notifies.error.NOTIFY_SA_LIFETIME=0
> total.ikev1.sent.notifies.error.CERTIFICATE_UNAVAILABLE=0
> total.ikev1.sent.notifies.error.UNSUPPORTED_EXCHANGE_TYPE=0
> total.ikev1.sent.notifies.error.UNEQUAL_PAYLOAD_LENGTHS=0
> total.ikev1.recv.notifies.error.INVALID_PAYLOAD_TYPE=0
> total.ikev1.recv.notifies.error.DOI_NOT_SUPPORTED=0
> total.ikev1.recv.notifies.error.SITUATION_NOT_SUPPORTED=0
> total.ikev1.recv.notifies.error.INVALID_COOKIE=0
> total.ikev1.recv.notifies.error.INVALID_MAJOR_VERSION=0
> total.ikev1.recv.notifies.error.INVALID_MINOR_VERSION=0
> total.ikev1.recv.notifies.error.INVALID_EXCHANGE_TYPE=0
> total.ikev1.recv.notifies.error.INVALID_FLAGS=0
> total.ikev1.recv.notifies.error.INVALID_MESSAGE_ID=0
> total.ikev1.recv.notifies.error.INVALID_PROTOCOL_ID=0
> total.ikev1.recv.notifies.error.INVALID_SPI=0
> total.ikev1.recv.notifies.error.INVALID_TRANSFORM_ID=0
> total.ikev1.recv.notifies.error.ATTRIBUTES_NOT_SUPPORTED=0
> total.ikev1.recv.notifies.error.NO_PROPOSAL_CHOSEN=0
> total.ikev1.recv.notifies.error.BAD_PROPOSAL_SYNTAX=0
> total.ikev1.recv.notifies.error.PAYLOAD_MALFORMED=0
> total.ikev1.recv.notifies.error.INVALID_KEY_INFORMATION=0
> total.ikev1.recv.notifies.error.INVALID_ID_INFORMATION=0
> total.ikev1.recv.notifies.error.INVALID_CERT_ENCODING=0
> total.ikev1.recv.notifies.error.INVALID_CERTIFICATE=0
> total.ikev1.recv.notifies.error.CERT_TYPE_UNSUPPORTED=0
> total.ikev1.recv.notifies.error.INVALID_CERT_AUTHORITY=0
> total.ikev1.recv.notifies.error.INVALID_HASH_INFORMATION=0
> total.ikev1.recv.notifies.error.AUTHENTICATION_FAILED=0
> total.ikev1.recv.notifies.error.INVALID_SIGNATURE=0
> total.ikev1.recv.notifies.error.ADDRESS_NOTIFICATION=0
> total.ikev1.recv.notifies.error.NOTIFY_SA_LIFETIME=0
> total.ikev1.recv.notifies.error.CERTIFICATE_UNAVAILABLE=0
> total.ikev1.recv.notifies.error.UNSUPPORTED_EXCHANGE_TYPE=0
> total.ikev1.recv.notifies.error.UNEQUAL_PAYLOAD_LENGTHS=0
> total.ikev2.sent.notifies.error.UNSUPPORTED_CRITICAL_PAYLOAD=0
> total.ikev2.sent.notifies.error.INVALID_IKE_SPI=0
> total.ikev2.sent.notifies.error.INVALID_MAJOR_VERSION=0
> total.ikev2.sent.notifies.error.INVALID_SYNTAX=0
> total.ikev2.sent.notifies.error.INVALID_MESSAGE_ID=0
> total.ikev2.sent.notifies.error.INVALID_SPI=0
> total.ikev2.sent.notifies.error.NO_PROPOSAL_CHOSEN=0
> total.ikev2.sent.notifies.error.INVALID_KE_PAYLOAD=0
> total.ikev2.sent.notifies.error.AUTHENTICATION_FAILED=0
> total.ikev2.sent.notifies.error.SINGLE_PAIR_REQUIRED=0
> total.ikev2.sent.notifies.error.NO_ADDITIONAL_SAS=0
> total.ikev2.sent.notifies.error.INTERNAL_ADDRESS_FAILURE=0
> total.ikev2.sent.notifies.error.FAILED_CP_REQUIRED=0
> total.ikev2.sent.notifies.error.TS_UNACCEPTABLE=0
> total.ikev2.sent.notifies.error.INVALID_SELECTORS=0
> total.ikev2.sent.notifies.error.UNACCEPTABLE_ADDRESSES=0
> total.ikev2.sent.notifies.error.UNEXPECTED_NAT_DETECTED=0
> total.ikev2.sent.notifies.error.USE_ASSIGNED_HoA=0
> total.ikev2.sent.notifies.error.TEMPORARY_FAILURE=0
> total.ikev2.sent.notifies.error.CHILD_SA_NOT_FOUND=0
> total.ikev2.sent.notifies.error.INVALID_GROUP_ID=0
> total.ikev2.sent.notifies.error.AUTHORIZATION_FAILED=0
> total.ikev2.recv.notifies.error.UNSUPPORTED_CRITICAL_PAYLOAD=0
> total.ikev2.recv.notifies.error.INVALID_IKE_SPI=0
> total.ikev2.recv.notifies.error.INVALID_MAJOR_VERSION=0
> total.ikev2.recv.notifies.error.INVALID_SYNTAX=0
> total.ikev2.recv.notifies.error.INVALID_MESSAGE_ID=0
> total.ikev2.recv.notifies.error.INVALID_SPI=0
> total.ikev2.recv.notifies.error.NO_PROPOSAL_CHOSEN=0
> total.ikev2.recv.notifies.error.INVALID_KE_PAYLOAD=0
> total.ikev2.recv.notifies.error.AUTHENTICATION_FAILED=0
> total.ikev2.recv.notifies.error.SINGLE_PAIR_REQUIRED=0
> total.ikev2.recv.notifies.error.NO_ADDITIONAL_SAS=0
> total.ikev2.recv.notifies.error.INTERNAL_ADDRESS_FAILURE=0
> total.ikev2.recv.notifies.error.FAILED_CP_REQUIRED=0
> total.ikev2.recv.notifies.error.TS_UNACCEPTABLE=0
> total.ikev2.recv.notifies.error.INVALID_SELECTORS=0
> total.ikev2.recv.notifies.error.UNACCEPTABLE_ADDRESSES=0
> total.ikev2.recv.notifies.error.UNEXPECTED_NAT_DETECTED=0
> total.ikev2.recv.notifies.error.USE_ASSIGNED_HoA=0
> total.ikev2.recv.notifies.error.TEMPORARY_FAILURE=0
> total.ikev2.recv.notifies.error.CHILD_SA_NOT_FOUND=0
> total.ikev2.recv.notifies.error.INVALID_GROUP_ID=0
> total.ikev2.recv.notifies.error.AUTHORIZATION_FAILED=0


*ipsec whack --trafficstatus*
> 006 #5023: "neustar-sterling-primary", type=ESP, add_time=1540207376,
> inBytes=9709, outBytes=3602, id='121.114.10.5'
> 006 #5019: "neustar-sterling-secondary", type=ESP, add_time=1540206027,
> inBytes=678, outBytes=246, id='121.114.11.5'



What attributes i should refer to from *ipsec whack --globalstatus *and *ipsec
whack --trafficstatus *as part of monitoring?
Thanks in Advance.

Best Regards,

Kaushal



On Mon, Oct 22, 2018 at 4:18 PM John Crisp <jcrisp at safeandsoundit.co.uk>
wrote:

> On 22/10/18 09:47, Paul Wouters wrote:
> >> Any recommendations. Thanks in Advance.
> >
> > ipsec whack --traffistatus
>
> I think that should be:
>
> ipsec whack --trafficstatus
>
> :-)
>
> _______________________________________________
> Swan mailing list
> Swan at lists.libreswan.org
> https://lists.libreswan.org/mailman/listinfo/swan
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20181022/cb7d99eb/attachment-0001.html>


More information about the Swan mailing list