[Swan] Monitor Libreswan IPsec VPN tunnel using Nagios

Kaushal Shriyan kaushalshriyan at gmail.com
Tue Oct 23 18:58:24 UTC 2018


On Mon, Oct 22, 2018 at 5:19 PM Kaushal Shriyan <kaushalshriyan at gmail.com>
wrote:

> Hi,
>
> I have the below Nagios plugin bash script
>
> #!/bin/bash
>> # Written By Nicole
>> # Any Comments or Questions please e-mail to ml at nicole-haehnel.de
>> #
>> # Plugin Name: check_ipsec
>> # Version: 2.0
>> # Date: 26/08/2008
>> #
>> # Usage: check_ipsec --tunnels <n>
>> #
>> # gateways.txt file must be located in same directory
>> # and has to look like:
>> # nameofconn1 192.168.0.1
>> # nameofconn2 192.168.1.1
>> #
>> # ------------Defining Variables------------
>> PROGNAME=`basename $0`
>> PROGPATH=`echo $0 | sed -e 's,[\\/][^\\/][^\\/]*$,,'`
>> REVISION=`echo '$Revision: 2.0 $' | sed -e 's/[^0-9.]//g'`
>> #STRONG=`$IPSECBIN --version |grep strongSwan | wc -l`
>> DOWN=""
>> # ---------- Change to your needs ----------
>> PLUGINPATH="/usr/lib64/nagios/plugins"
>> GATEWAYLIST="gateways.txt"
>> IPSECBIN="/usr/sbin/ipsec"
>> FPINGBIN="/usr/sbin/fping"
>> # ping server in network on the other side of the tunnel
>> PINGIP=1 # ping yes or no (1/0)
>> # ------------------------------------------
>> . $PROGPATH/utils.sh
>>
>> # Testing availability of $IPSECBIN, $FPINGBIN and $GATEWAYLIST
>> if [ $# -eq 0 ];
>> then
>>    echo UNKNOWN - missing Arguments. Run check_ipsec --help
>>    exit $STATE_UNKNOWN
>> fi
>> test -e $IPSECBIN
>> if [ $? -ne 0 ];
>> then
>> echo CRITICAL - $IPSECBIN not exist
>> exit $STATE_CRITICAL
>> else
>> STRONG=`$IPSECBIN --version |grep strongSwan | wc -l`
>> fi
>> if [ $PINGIP -eq 1 ]
>> then
>> test -e $FPINGBIN
>> if [ $? -ne 0 ];
>> then
>> echo CRITICAL - $FPINGBIN not exist
>> exit $STATE_CRITICAL
>> fi
>> fi
>> test -e $PROGPATH/$GATEWAYLIST
>> if [ $? -ne 0 ];
>> then
>>    echo CRITICAL - $GATEWAYLIST not exist
>>    exit $STATE_CRITICAL
>> fi
>> print_usage() {
>>         echo "Usage:"
>>         echo " $PROGNAME --tunnels <number of configured tunnels>"
>>         echo " $PROGNAME --help"
>>         echo " $PROGNAME --version"
>>         echo " Created by Nicole, questions or problems e-mail
>> ml at nicole-haehnel.de"
>> echo ""
>> }
>> print_help() {
>>         print_revision $PROGNAME $REVISION
>>         echo ""
>>         print_usage
>>         echo " Checks vpn connection status of an openswan or strongswan
>> installation."
>> echo ""
>>         echo " --tunnels <number of configured tunnels>"
>> echo " -T <number of configured tunnels>"
>>         echo " provides the tunnel status of the openswan or strongswan
>> installation"
>> echo ""
>>         echo " --help"
>> echo " -h"
>>         echo " prints this help screen"
>> echo ""
>>         echo " --version"
>> echo " -V"
>>         echo " Print version and license information"
>>         echo ""
>> }
>> check_tunnel() {
>> if [[ "$STRONG" -eq "1" ]]
>> then
>>     eroutes=`$IPSECBIN status | grep -e "IPsec SA established" | grep -e
>> "newest IPSEC" | wc -l`
>> else
>>     eroutes=`$IPSECBIN whack --status | grep -e "IPsec SA established" |
>> grep -e "newest IPSEC" | wc -l`
>> fi
>>
>> if [[ "$eroutes" -eq "$2" ]]
>> then
>> echo "OK - All $2 tunnels are up an running"
>> exit $STATE_OK
>> elif [[ "$eroutes" -gt "$2" ]]
>> then
>> echo "WARNING - More than $2 ($eroutes) tunnels are up an running"
>>                 exit $STATE_WARNING
>> else
>> echo "CRITICAL - Only $eroutes tunnels from $2 are up an running -
>> $(location)"
>> exit $STATE_CRITICAL
>> fi
>> }
>>
>> location() {
>> count=0
>> i=1
>> while read line; do
>> CONN=`echo $line| awk '{print $1}'`
>> IP=`echo $line| awk '{print $2}'`
>> if [[ "$STRONG" -eq "1" ]]
>> then
>>     tunneltest=`$IPSECBIN status | grep -e "IPsec SA established" | grep
>> -e "newest IPSEC" |grep -e $CONN | wc -l`
>> else
>>     tunneltest=`$IPSECBIN whack --status | grep -e "IPsec SA established"
>> | grep -e "newest IPSEC" |grep -e "$CONN" | wc -l`
>> fi
>> if [[ "$tunneltest" -eq "0" ]]
>>     then
>>         count=$[$count+1]
>>         DOWN="$DOWN $CONN"
>>     fi
>>     if [[ "$PINGIP" -eq "1" && "$tunneltest" -eq "1" ]]
>>     then
>>         alive=`$FPINGBIN $IP -r 1 | grep alive | wc -l`
>>         if [[ "$alive" -eq "0" ]]
>>         then
>>             count=$[$count+1]
>>             DOWN="$DOWN $CONN (no ping)"
>>         fi
>>     fi
>>
>> i=$[$i+1]
>> done < $PLUGINPATH/$GATEWAYLIST
>> echo $DOWN
>> }
>>
>> case "$1" in
>> --help)
>>         print_help
>>         exit $STATE_OK
>>         ;;
>> -h)
>>         print_help
>>         exit $STATE_OK
>>         ;;
>> --version)
>>         print_revision $PLUGIN $REVISION
>>         exit $STATE_OK
>>         ;;
>> -V)
>>         print_revision $PLUGIN $REVISION
>>         exit $STATE_OK
>>         ;;
>> --tunnels)
>>         check_tunnel $1 $2
>>         ;;
>> -T)
>>         check_tunnel $1 $2
>>         ;;
>> *)
>>         print_help
>>         exit $STATE_OK
>> esac
>
>
> [root@ plugins]#./check_ipsec --tunnels 2
> *OK - All 2 tunnels are up an running*
> [root@ plugins]#
>
> *ipsec whack --globalstatus*
>> config.setup.ike.ddos_threshold=25000
>> config.setup.ike.max_halfopen=50000
>> current.states.all=5
>> current.states.ipsec=2
>> current.states.ike=2
>> current.states.shunts=1
>> current.states.iketype.anonymous=0
>> current.states.iketype.authenticated=2
>> current.states.iketype.halfopen=0
>> current.states.iketype.open=0
>> current.states.enumerate.STATE_MAIN_R0=0
>> current.states.enumerate.STATE_MAIN_I1=0
>> current.states.enumerate.STATE_MAIN_R1=0
>> current.states.enumerate.STATE_MAIN_I2=0
>> current.states.enumerate.STATE_MAIN_R2=0
>> current.states.enumerate.STATE_MAIN_I3=0
>> current.states.enumerate.STATE_MAIN_R3=0
>> current.states.enumerate.STATE_MAIN_I4=2
>> current.states.enumerate.STATE_AGGR_R0=0
>> current.states.enumerate.STATE_AGGR_I1=0
>> current.states.enumerate.STATE_AGGR_R1=0
>> current.states.enumerate.STATE_AGGR_I2=0
>> current.states.enumerate.STATE_AGGR_R2=0
>> current.states.enumerate.STATE_QUICK_R0=0
>> current.states.enumerate.STATE_QUICK_I1=0
>> current.states.enumerate.STATE_QUICK_R1=0
>> current.states.enumerate.STATE_QUICK_I2=2
>> current.states.enumerate.STATE_QUICK_R2=0
>> current.states.enumerate.STATE_INFO=0
>> current.states.enumerate.STATE_INFO_PROTECTED=0
>> current.states.enumerate.STATE_XAUTH_R0=0
>> current.states.enumerate.STATE_XAUTH_R1=0
>> current.states.enumerate.STATE_MODE_CFG_R0=0
>> current.states.enumerate.STATE_MODE_CFG_R1=0
>> current.states.enumerate.STATE_MODE_CFG_R2=0
>> current.states.enumerate.STATE_MODE_CFG_I1=0
>> current.states.enumerate.STATE_XAUTH_I0=0
>> current.states.enumerate.STATE_XAUTH_I1=0
>> current.states.enumerate.STATE_IKEv2_BASE=0
>> current.states.enumerate.STATE_PARENT_I1=0
>> current.states.enumerate.STATE_PARENT_I2=0
>> current.states.enumerate.STATE_PARENT_I3=0
>> current.states.enumerate.STATE_PARENT_R1=0
>> current.states.enumerate.STATE_PARENT_R2=0
>> current.states.enumerate.STATE_V2_CREATE_I0=0
>> current.states.enumerate.STATE_V2_CREATE_I=0
>> current.states.enumerate.STATE_V2_REKEY_IKE_I0=0
>> current.states.enumerate.STATE_V2_REKEY_IKE_I=0
>> current.states.enumerate.STATE_V2_REKEY_CHILD_I0=0
>> current.states.enumerate.STATE_V2_REKEY_CHILD_I=0
>> current.states.enumerate.STATE_V2_CREATE_R=0
>> current.states.enumerate.STATE_V2_REKEY_IKE_R=0
>> current.states.enumerate.STATE_V2_REKEY_CHILD_R=0
>> current.states.enumerate.STATE_V2_IPSEC_I=0
>> current.states.enumerate.STATE_V2_IPSEC_R=0
>> current.states.enumerate.STATE_IKESA_DEL=0
>> current.states.enumerate.STATE_CHILDSA_DEL=0
>> total.ipsec.type.all=86
>> total.ipsec.type.esp=1514
>> total.ipsec.type.ah=0
>> total.ipsec.type.ipcomp=0
>> total.ipsec.type.esn=0
>> total.ipsec.type.tfc=0
>> total.ipsec.type.encap=0
>> total.ipsec.type.non_encap=1514
>> total.ipsec.traffic.in=7497596
>> total.ipsec.traffic.out=20134927
>> total.ike.ikev2.established=0
>> total.ike.ikev2.failed=0
>> total.ike.ikev1.established=2241
>> total.ike.ikev1.failed=16
>> total.ike.dpd.sent=0
>> total.ike.dpd.recv=0
>> total.ike.dpd.replied=420970
>> total.ike.traffic.in=40535112
>> total.ike.traffic.out=40601452
>> total.xauth.started=0
>> total.xauth.stopped=0
>> total.xauth.aborted=0
>> total.ikev1.encr.3DES_CBC=0
>> total.ikev1.encr.CAST_CBC=0
>> total.ikev1.encr.AES_CBC=2241
>> total.ikev1.encr.CAMELLIA_CBC=0
>> total.ikev1.encr.AES_CTR=0
>> total.ikev1.encr.AES_CCM_A=0
>> total.ikev1.encr.AES_CCM_B=0
>> total.ikev1.encr.AES_CCM_16=0
>> total.ikev1.encr.AES_GCM_A=0
>> total.ikev1.encr.AES_GCM_B=0
>> total.ikev1.encr.AES_GCM_C=0
>> total.ikev1.encr.CAMELLIA_CTR=0
>> total.ikev1.encr.CAMELLIA_CCM_A=0
>> total.ikev1.encr.CAMELLIA_CCM_B=0
>> total.ikev1.encr.CAMELLIA_CCM_C=0
>> total.ikev1.integ.MD5=0
>> total.ikev1.integ.SHA1=2241
>> total.ikev1.integ.SHA2_256=0
>> total.ikev1.integ.SHA2_384=0
>> total.ikev1.integ.SHA2_512=0
>> total.ikev1.group.MODP768=0
>> total.ikev1.group.MODP1024=2241
>> total.ikev1.group.MODP1536=0
>> total.ikev1.group.MODP2048=0
>> total.ikev1.group.MODP3072=0
>> total.ikev1.group.MODP4096=0
>> total.ikev1.group.MODP6144=0
>> total.ikev1.group.MODP8192=0
>> total.ikev1.group.ECP_256=0
>> total.ikev1.group.ECP_384=0
>> total.ikev1.group.ECP_521=0
>> total.ikev1.group.DH22=0
>> total.ikev1.group.DH23=0
>> total.ikev1.group.DH24=0
>> total.ikev1.group.ECP_192=0
>> total.ikev1.group.ECP_224=0
>> total.ikev1.group.BRAINPOOL_P224R1=0
>> total.ikev1.group.BRAINPOOL_P256R1=0
>> total.ikev1.group.BRAINPOOL_P384R1=0
>> total.ikev1.group.BRAINPOOL_P512R1=0
>> total.ikev1.group.CURVE25519=0
>> total.ikev1.group.CURVE448=0
>> total.ikev2.encr.3DES=0
>> total.ikev2.encr.CAST=0
>> total.ikev2.encr.NULL=0
>> total.ikev2.encr.AES_CBC=0
>> total.ikev2.encr.AES_CTR=0
>> total.ikev2.encr.AES_CCM_A=0
>> total.ikev2.encr.AES_CCM_B=0
>> total.ikev2.encr.AES_CCM_C=0
>> total.ikev2.encr.AES_GCM_A=0
>> total.ikev2.encr.AES_GCM_B=0
>> total.ikev2.encr.AES_GCM_C=0
>> total.ikev2.encr.NULL_AUTH_AES_GMAC=0
>> total.ikev2.encr.CAMELLIA_CBC=0
>> total.ikev2.encr.CAMELLIA_CTR=0
>> total.ikev2.encr.CAMELLIA_CCM_A=0
>> total.ikev2.encr.CAMELLIA_CCM_B=0
>> total.ikev2.encr.CAMELLIA_CCM_C=0
>> total.ikev2.encr.CHACHA20_POLY1305=0
>> total.ikev2.integ.HMAC_MD5_96=0
>> total.ikev2.integ.HMAC_SHA1_96=0
>> total.ikev2.integ.AES_XCBC_96=0
>> total.ikev2.integ.HMAC_MD5_128=0
>> total.ikev2.integ.HMAC_SHA1_160=0
>> total.ikev2.integ.AES_CMAC_96=0
>> total.ikev2.integ.AES_128_GMAC=0
>> total.ikev2.integ.AES_192_GMAC=0
>> total.ikev2.integ.AES_256_GMAC=0
>> total.ikev2.integ.HMAC_SHA2_256_128=0
>> total.ikev2.integ.HMAC_SHA2_384_192=0
>> total.ikev2.integ.HMAC_SHA2_512_256=86
>> total.ikev2.group.MODP768=0
>> total.ikev2.group.MODP1024=0
>> total.ikev2.group.MODP1536=0
>> total.ikev2.group.MODP2048=0
>> total.ikev2.group.MODP3072=0
>> total.ikev2.group.MODP4096=0
>> total.ikev2.group.MODP6144=0
>> total.ikev2.group.MODP8192=0
>> total.ikev2.group.ECP_256=0
>> total.ikev2.group.ECP_384=0
>> total.ikev2.group.ECP_521=0
>> total.ikev2.group.DH22=0
>> total.ikev2.group.DH23=0
>> total.ikev2.group.DH24=0
>> total.ikev2.group.ECP_192=0
>> total.ikev2.group.ECP_224=0
>> total.ikev2.group.BRAINPOOL_P224R1=0
>> total.ikev2.group.BRAINPOOL_P256R1=0
>> total.ikev2.group.BRAINPOOL_P384R1=0
>> total.ikev2.group.BRAINPOOL_P512R1=0
>> total.ikev2.group.CURVE25519=0
>> total.ikev2.group.CURVE448=0
>> total.ikev2.recv.invalidke.using.MODP768=0
>> total.ikev2.recv.invalidke.using.MODP1024=0
>> total.ikev2.recv.invalidke.using.MODP1536=0
>> total.ikev2.recv.invalidke.using.MODP2048=0
>> total.ikev2.recv.invalidke.using.MODP3072=0
>> total.ikev2.recv.invalidke.using.MODP4096=0
>> total.ikev2.recv.invalidke.using.MODP6144=0
>> total.ikev2.recv.invalidke.using.MODP8192=0
>> total.ikev2.recv.invalidke.using.ECP_256=0
>> total.ikev2.recv.invalidke.using.ECP_384=0
>> total.ikev2.recv.invalidke.using.ECP_521=0
>> total.ikev2.recv.invalidke.using.DH22=0
>> total.ikev2.recv.invalidke.using.DH23=0
>> total.ikev2.recv.invalidke.using.DH24=0
>> total.ikev2.recv.invalidke.using.ECP_192=0
>> total.ikev2.recv.invalidke.using.ECP_224=0
>> total.ikev2.recv.invalidke.using.BRAINPOOL_P224R1=0
>> total.ikev2.recv.invalidke.using.BRAINPOOL_P256R1=0
>> total.ikev2.recv.invalidke.using.BRAINPOOL_P384R1=0
>> total.ikev2.recv.invalidke.using.BRAINPOOL_P512R1=0
>> total.ikev2.recv.invalidke.using.CURVE25519=0
>> total.ikev2.recv.invalidke.using.CURVE448=0
>> total.ikev2.recv.invalidke.suggesting.MODP768=0
>> total.ikev2.recv.invalidke.suggesting.MODP1024=0
>> total.ikev2.recv.invalidke.suggesting.MODP1536=0
>> total.ikev2.recv.invalidke.suggesting.MODP2048=0
>> total.ikev2.recv.invalidke.suggesting.MODP3072=0
>> total.ikev2.recv.invalidke.suggesting.MODP4096=0
>> total.ikev2.recv.invalidke.suggesting.MODP6144=0
>> total.ikev2.recv.invalidke.suggesting.MODP8192=0
>> total.ikev2.recv.invalidke.suggesting.ECP_256=0
>> total.ikev2.recv.invalidke.suggesting.ECP_384=0
>> total.ikev2.recv.invalidke.suggesting.ECP_521=0
>> total.ikev2.recv.invalidke.suggesting.DH22=0
>> total.ikev2.recv.invalidke.suggesting.DH23=0
>> total.ikev2.recv.invalidke.suggesting.DH24=0
>> total.ikev2.recv.invalidke.suggesting.ECP_192=0
>> total.ikev2.recv.invalidke.suggesting.ECP_224=0
>> total.ikev2.recv.invalidke.suggesting.BRAINPOOL_P224R1=0
>> total.ikev2.recv.invalidke.suggesting.BRAINPOOL_P256R1=0
>> total.ikev2.recv.invalidke.suggesting.BRAINPOOL_P384R1=0
>> total.ikev2.recv.invalidke.suggesting.BRAINPOOL_P512R1=0
>> total.ikev2.recv.invalidke.suggesting.CURVE25519=0
>> total.ikev2.recv.invalidke.suggesting.CURVE448=0
>> total.ikev2.sent.invalidke.using.MODP768=0
>> total.ikev2.sent.invalidke.using.MODP1024=0
>> total.ikev2.sent.invalidke.using.MODP1536=0
>> total.ikev2.sent.invalidke.using.MODP2048=0
>> total.ikev2.sent.invalidke.using.MODP3072=0
>> total.ikev2.sent.invalidke.using.MODP4096=0
>> total.ikev2.sent.invalidke.using.MODP6144=0
>> total.ikev2.sent.invalidke.using.MODP8192=0
>> total.ikev2.sent.invalidke.using.ECP_256=0
>> total.ikev2.sent.invalidke.using.ECP_384=0
>> total.ikev2.sent.invalidke.using.ECP_521=0
>> total.ikev2.sent.invalidke.using.DH22=0
>> total.ikev2.sent.invalidke.using.DH23=0
>> total.ikev2.sent.invalidke.using.DH24=0
>> total.ikev2.sent.invalidke.using.ECP_192=0
>> total.ikev2.sent.invalidke.using.ECP_224=0
>> total.ikev2.sent.invalidke.using.BRAINPOOL_P224R1=0
>> total.ikev2.sent.invalidke.using.BRAINPOOL_P256R1=0
>> total.ikev2.sent.invalidke.using.BRAINPOOL_P384R1=0
>> total.ikev2.sent.invalidke.using.BRAINPOOL_P512R1=0
>> total.ikev2.sent.invalidke.using.CURVE25519=0
>> total.ikev2.sent.invalidke.using.CURVE448=0
>> total.ikev2.sent.invalidke.suggesting.MODP768=0
>> total.ikev2.sent.invalidke.suggesting.MODP1024=0
>> total.ikev2.sent.invalidke.suggesting.MODP1536=0
>> total.ikev2.sent.invalidke.suggesting.MODP2048=0
>> total.ikev2.sent.invalidke.suggesting.MODP3072=0
>> total.ikev2.sent.invalidke.suggesting.MODP4096=0
>> total.ikev2.sent.invalidke.suggesting.MODP6144=0
>> total.ikev2.sent.invalidke.suggesting.MODP8192=0
>> total.ikev2.sent.invalidke.suggesting.ECP_256=0
>> total.ikev2.sent.invalidke.suggesting.ECP_384=0
>> total.ikev2.sent.invalidke.suggesting.ECP_521=0
>> total.ikev2.sent.invalidke.suggesting.DH22=0
>> total.ikev2.sent.invalidke.suggesting.DH23=0
>> total.ikev2.sent.invalidke.suggesting.DH24=0
>> total.ikev2.sent.invalidke.suggesting.ECP_192=0
>> total.ikev2.sent.invalidke.suggesting.ECP_224=0
>> total.ikev2.sent.invalidke.suggesting.BRAINPOOL_P224R1=0
>> total.ikev2.sent.invalidke.suggesting.BRAINPOOL_P256R1=0
>> total.ikev2.sent.invalidke.suggesting.BRAINPOOL_P384R1=0
>> total.ikev2.sent.invalidke.suggesting.BRAINPOOL_P512R1=0
>> total.ikev2.sent.invalidke.suggesting.CURVE25519=0
>> total.ikev2.sent.invalidke.suggesting.CURVE448=0
>> total.ipsec.encr.3DES=0
>> total.ipsec.encr.CAST=0
>> total.ipsec.encr.NULL=0
>> total.ipsec.encr.AES_CBC=1514
>> total.ipsec.encr.AES_CTR=0
>> total.ipsec.encr.AES_CCM_A=0
>> total.ipsec.encr.AES_CCM_B=0
>> total.ipsec.encr.AES_CCM_C=0
>> total.ipsec.encr.AES_GCM_A=0
>> total.ipsec.encr.AES_GCM_B=0
>> total.ipsec.encr.AES_GCM_C=0
>> total.ipsec.encr.NULL_AUTH_AES_GMAC=0
>> total.ipsec.encr.CAMELLIA_CBC=0
>> total.ipsec.encr.CAMELLIA_CTR=0
>> total.ipsec.encr.CAMELLIA_CCM_A=0
>> total.ipsec.encr.CAMELLIA_CCM_B=0
>> total.ipsec.encr.CAMELLIA_CCM_C=0
>> total.ipsec.encr.CHACHA20_POLY1305=0
>> total.ipsec.integ.HMAC_MD5=0
>> total.ipsec.integ.HMAC_SHA1=1514
>> total.ipsec.integ.HMAC_SHA2_256=0
>> total.ipsec.integ.HMAC_SHA2_384=0
>> total.ipsec.integ.HMAC_SHA2_512=0
>> total.ipsec.integ.HMAC_RIPEMD=0
>> total.ipsec.integ.AES_XCBC=0
>> total.ipsec.integ.AES_128_GMAC=0
>> total.ipsec.integ.AES_192_GMAC=0
>> total.ipsec.integ.AES_256_GMAC=0
>> total.ikev1.sent.notifies.error.INVALID_PAYLOAD_TYPE=0
>> total.ikev1.sent.notifies.error.DOI_NOT_SUPPORTED=0
>> total.ikev1.sent.notifies.error.SITUATION_NOT_SUPPORTED=0
>> total.ikev1.sent.notifies.error.INVALID_COOKIE=0
>> total.ikev1.sent.notifies.error.INVALID_MAJOR_VERSION=0
>> total.ikev1.sent.notifies.error.INVALID_MINOR_VERSION=0
>> total.ikev1.sent.notifies.error.INVALID_EXCHANGE_TYPE=0
>> total.ikev1.sent.notifies.error.INVALID_FLAGS=0
>> total.ikev1.sent.notifies.error.INVALID_MESSAGE_ID=0
>> total.ikev1.sent.notifies.error.INVALID_PROTOCOL_ID=0
>> total.ikev1.sent.notifies.error.INVALID_SPI=0
>> total.ikev1.sent.notifies.error.INVALID_TRANSFORM_ID=0
>> total.ikev1.sent.notifies.error.ATTRIBUTES_NOT_SUPPORTED=0
>> total.ikev1.sent.notifies.error.NO_PROPOSAL_CHOSEN=0
>> total.ikev1.sent.notifies.error.BAD_PROPOSAL_SYNTAX=0
>> total.ikev1.sent.notifies.error.PAYLOAD_MALFORMED=2
>> total.ikev1.sent.notifies.error.INVALID_KEY_INFORMATION=0
>> total.ikev1.sent.notifies.error.INVALID_ID_INFORMATION=0
>> total.ikev1.sent.notifies.error.INVALID_CERT_ENCODING=0
>> total.ikev1.sent.notifies.error.INVALID_CERTIFICATE=0
>> total.ikev1.sent.notifies.error.CERT_TYPE_UNSUPPORTED=0
>> total.ikev1.sent.notifies.error.INVALID_CERT_AUTHORITY=0
>> total.ikev1.sent.notifies.error.INVALID_HASH_INFORMATION=0
>> total.ikev1.sent.notifies.error.AUTHENTICATION_FAILED=0
>> total.ikev1.sent.notifies.error.INVALID_SIGNATURE=0
>> total.ikev1.sent.notifies.error.ADDRESS_NOTIFICATION=0
>> total.ikev1.sent.notifies.error.NOTIFY_SA_LIFETIME=0
>> total.ikev1.sent.notifies.error.CERTIFICATE_UNAVAILABLE=0
>> total.ikev1.sent.notifies.error.UNSUPPORTED_EXCHANGE_TYPE=0
>> total.ikev1.sent.notifies.error.UNEQUAL_PAYLOAD_LENGTHS=0
>> total.ikev1.recv.notifies.error.INVALID_PAYLOAD_TYPE=0
>> total.ikev1.recv.notifies.error.DOI_NOT_SUPPORTED=0
>> total.ikev1.recv.notifies.error.SITUATION_NOT_SUPPORTED=0
>> total.ikev1.recv.notifies.error.INVALID_COOKIE=0
>> total.ikev1.recv.notifies.error.INVALID_MAJOR_VERSION=0
>> total.ikev1.recv.notifies.error.INVALID_MINOR_VERSION=0
>> total.ikev1.recv.notifies.error.INVALID_EXCHANGE_TYPE=0
>> total.ikev1.recv.notifies.error.INVALID_FLAGS=0
>> total.ikev1.recv.notifies.error.INVALID_MESSAGE_ID=0
>> total.ikev1.recv.notifies.error.INVALID_PROTOCOL_ID=0
>> total.ikev1.recv.notifies.error.INVALID_SPI=0
>> total.ikev1.recv.notifies.error.INVALID_TRANSFORM_ID=0
>> total.ikev1.recv.notifies.error.ATTRIBUTES_NOT_SUPPORTED=0
>> total.ikev1.recv.notifies.error.NO_PROPOSAL_CHOSEN=0
>> total.ikev1.recv.notifies.error.BAD_PROPOSAL_SYNTAX=0
>> total.ikev1.recv.notifies.error.PAYLOAD_MALFORMED=0
>> total.ikev1.recv.notifies.error.INVALID_KEY_INFORMATION=0
>> total.ikev1.recv.notifies.error.INVALID_ID_INFORMATION=0
>> total.ikev1.recv.notifies.error.INVALID_CERT_ENCODING=0
>> total.ikev1.recv.notifies.error.INVALID_CERTIFICATE=0
>> total.ikev1.recv.notifies.error.CERT_TYPE_UNSUPPORTED=0
>> total.ikev1.recv.notifies.error.INVALID_CERT_AUTHORITY=0
>> total.ikev1.recv.notifies.error.INVALID_HASH_INFORMATION=0
>> total.ikev1.recv.notifies.error.AUTHENTICATION_FAILED=0
>> total.ikev1.recv.notifies.error.INVALID_SIGNATURE=0
>> total.ikev1.recv.notifies.error.ADDRESS_NOTIFICATION=0
>> total.ikev1.recv.notifies.error.NOTIFY_SA_LIFETIME=0
>> total.ikev1.recv.notifies.error.CERTIFICATE_UNAVAILABLE=0
>> total.ikev1.recv.notifies.error.UNSUPPORTED_EXCHANGE_TYPE=0
>> total.ikev1.recv.notifies.error.UNEQUAL_PAYLOAD_LENGTHS=0
>> total.ikev2.sent.notifies.error.UNSUPPORTED_CRITICAL_PAYLOAD=0
>> total.ikev2.sent.notifies.error.INVALID_IKE_SPI=0
>> total.ikev2.sent.notifies.error.INVALID_MAJOR_VERSION=0
>> total.ikev2.sent.notifies.error.INVALID_SYNTAX=0
>> total.ikev2.sent.notifies.error.INVALID_MESSAGE_ID=0
>> total.ikev2.sent.notifies.error.INVALID_SPI=0
>> total.ikev2.sent.notifies.error.NO_PROPOSAL_CHOSEN=0
>> total.ikev2.sent.notifies.error.INVALID_KE_PAYLOAD=0
>> total.ikev2.sent.notifies.error.AUTHENTICATION_FAILED=0
>> total.ikev2.sent.notifies.error.SINGLE_PAIR_REQUIRED=0
>> total.ikev2.sent.notifies.error.NO_ADDITIONAL_SAS=0
>> total.ikev2.sent.notifies.error.INTERNAL_ADDRESS_FAILURE=0
>> total.ikev2.sent.notifies.error.FAILED_CP_REQUIRED=0
>> total.ikev2.sent.notifies.error.TS_UNACCEPTABLE=0
>> total.ikev2.sent.notifies.error.INVALID_SELECTORS=0
>> total.ikev2.sent.notifies.error.UNACCEPTABLE_ADDRESSES=0
>> total.ikev2.sent.notifies.error.UNEXPECTED_NAT_DETECTED=0
>> total.ikev2.sent.notifies.error.USE_ASSIGNED_HoA=0
>> total.ikev2.sent.notifies.error.TEMPORARY_FAILURE=0
>> total.ikev2.sent.notifies.error.CHILD_SA_NOT_FOUND=0
>> total.ikev2.sent.notifies.error.INVALID_GROUP_ID=0
>> total.ikev2.sent.notifies.error.AUTHORIZATION_FAILED=0
>> total.ikev2.recv.notifies.error.UNSUPPORTED_CRITICAL_PAYLOAD=0
>> total.ikev2.recv.notifies.error.INVALID_IKE_SPI=0
>> total.ikev2.recv.notifies.error.INVALID_MAJOR_VERSION=0
>> total.ikev2.recv.notifies.error.INVALID_SYNTAX=0
>> total.ikev2.recv.notifies.error.INVALID_MESSAGE_ID=0
>> total.ikev2.recv.notifies.error.INVALID_SPI=0
>> total.ikev2.recv.notifies.error.NO_PROPOSAL_CHOSEN=0
>> total.ikev2.recv.notifies.error.INVALID_KE_PAYLOAD=0
>> total.ikev2.recv.notifies.error.AUTHENTICATION_FAILED=0
>> total.ikev2.recv.notifies.error.SINGLE_PAIR_REQUIRED=0
>> total.ikev2.recv.notifies.error.NO_ADDITIONAL_SAS=0
>> total.ikev2.recv.notifies.error.INTERNAL_ADDRESS_FAILURE=0
>> total.ikev2.recv.notifies.error.FAILED_CP_REQUIRED=0
>> total.ikev2.recv.notifies.error.TS_UNACCEPTABLE=0
>> total.ikev2.recv.notifies.error.INVALID_SELECTORS=0
>> total.ikev2.recv.notifies.error.UNACCEPTABLE_ADDRESSES=0
>> total.ikev2.recv.notifies.error.UNEXPECTED_NAT_DETECTED=0
>> total.ikev2.recv.notifies.error.USE_ASSIGNED_HoA=0
>> total.ikev2.recv.notifies.error.TEMPORARY_FAILURE=0
>> total.ikev2.recv.notifies.error.CHILD_SA_NOT_FOUND=0
>> total.ikev2.recv.notifies.error.INVALID_GROUP_ID=0
>> total.ikev2.recv.notifies.error.AUTHORIZATION_FAILED=0
>
>
> *ipsec whack --trafficstatus*
>> 006 #5023: "neustar-sterling-primary", type=ESP, add_time=1540207376,
>> inBytes=9709, outBytes=3602, id='121.114.10.5'
>> 006 #5019: "neustar-sterling-secondary", type=ESP, add_time=1540206027,
>> inBytes=678, outBytes=246, id='121.114.11.5'
>
>
>
> What attributes i should refer to from *ipsec whack --globalstatus *and *ipsec
> whack --trafficstatus *as part of monitoring?
> Thanks in Advance.
>
> Best Regards,
>
> Kaushal
>
>>
>>
Hi,

Checking in again if someone can pitch in for my earlier post to this
mailing list. Thanks in Advance

What attributes i should refer to from *ipsec whack --globalstatus *and *ipsec
whack --trafficstatus *as part of monitoring?

Best Regards,

Kaushal
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.libreswan.org/pipermail/swan/attachments/20181024/b748fabd/attachment-0001.html>


More information about the Swan mailing list