IPsec related diagnose commands

This section provides IPsec related diagnose commands.

  • Daemon IKE summary information list: diagnose vpn ike status
    connection: 2/50
    IKE SA: created 2/51  established 2/9  times 0/13/40 ms
    IPsec SA: created 1/13  established 1/7  times 0/8/30 ms
  • IPsec phase1 interface status: diagnose vpn ike gateway list
    vd: root/0
    name: tofgtc
    version: 1
    interface: port13 42
    addr: 173.1.1.1:500 -> 172.16.200.3:500
    created: 4313s ago
    IKE SA: created 1/1  established 1/1  time 10/10/10 ms
    IPsec SA: created 0/0
    
      id/spi: 92 5639f7f8a5dc54c0/809a6c9bbd266a4b
      direction: initiator
      status: established 4313-4313s ago = 10ms
      proposal: aes128-sha256
      key: 74aa3d63d88e10ea-8a1c73b296b06578
      lifetime/rekey: 86400/81786
      DPD sent/recv: 00000000/00000000
    
    vd: root/0
    name: to_HQ
    version: 1
    interface: port13 42
    addr: 173.1.1.1:500 -> 11.101.1.1:500
    created: 1013s ago
    assigned IPv4 address: 11.11.11.1/255.255.255.252
    IKE SA: created 1/1  established 1/1  time 0/0/0 ms
    IPsec SA: created 1/1  established 1/1  time 0/0/0 ms
    
      id/spi: 95 255791bd30c749f4/c2505db65210258b
      direction: initiator
      status: established 1013-1013s ago = 0ms
      proposal: aes128-sha256
      key: bb101b9127ed5844-1582fd614d5a8a33
      lifetime/rekey: 86400/85086
      DPD sent/recv: 00000000/00000010
  • IPsec phase2 tunnel status: diagnose vpn tunnel list
    list all ipsec tunnel in vd 0
    ----
    nname=L2tpoIPsec ver=1 serial=6 172.16.200.4:0->0.0.0.0:0
    bound_if=4 lgwy=static/1 tun=intf/0 mode=dialup/2 encap=none/24 options[0018]=npu create_dev 
    proxyid_num=0 child_num=0 refcnt=10 ilast=13544 olast=13544 ad=/0
    stat: rxp=0 txp=0 rxb=0 txb=0
    dpd: mode=on-idle on=0 idle=60000ms retry=3 count=0 seqno=0
    natt: mode=none draft=0 interval=0 remote_port=0
    run_tally=0
    ----
    name=to_HQ ver=1 serial=7 173.1.1.1:0->11.101.1.1:0
    bound_if=42 lgwy=static/1 tun=intf/0 mode=auto/1 encap=none/8 options[0008]=npu 
    proxyid_num=1 child_num=0 refcnt=13 ilast=10 olast=1112 ad=/0
    stat: rxp=1 txp=4 rxb=152 txb=336
    dpd: mode=on-demand on=1 idle=20000ms retry=3 count=0 seqno=5
    natt: mode=none draft=0 interval=0 remote_port=0
    proxyid=to_HQ proto=0 sa=1 ref=2 serial=1
      src: 0:0.0.0.0/0.0.0.0:0
      dst: 0:0.0.0.0/0.0.0.0:0
      SA:  ref=6 options=10226 type=00 soft=0 mtu=1438 expire=41773/0B replaywin=2048
           seqno=5 esn=0 replaywin_lastseq=00000002 itn=0
      life: type=01 bytes=0/0 timeout=42900/43200
      dec: spi=ca64644a esp=aes key=16 6cc873fdef91337a6cf9b6948972c90f
           ah=sha1 key=20 e576dbe3ff92605931e5670ad57763c50c7dc73a
      enc: spi=747c10c8 esp=aes key=16 5060ad8d0da6824204e3596c0bd762f4
           ah=sha1 key=20 52965cbd5b6ad95212fc825929d26c0401948abe
      dec:pkts/bytes=1/84, enc:pkts/bytes=4/608
      npu_flag=03 npu_rgwy=11.101.1.1 npu_lgwy=173.1.1.1 npu_selid=5 dec_npuid=2 enc_npuid=2
  • Packets encrypted/decrypted counter: diagnose vpn ipsec status
    All ipsec crypto devices in use:
    NP6_0:
        Encryption (encrypted/decrypted)
            null             : 0                 1.               
            des              : 0                 1.               
            3des             : 0                 1.               
            aes              : 0                 1.               
            aes-gcm          : 0                 1.               
            aria             : 0                 1.               
            seed             : 0                 1.               
            chacha20poly1305 : 0                 1.               
        Integrity (generated/validated)
            null             : 0                 1.               
            md5              : 0                 1.               
            sha1             : 0                 1.               
            sha256           : 0                 1.               
            sha384           : 0                 1.               
            sha512           : 0                 1.               
    
    NP6_1:
        Encryption (encrypted/decrypted)
            null             : 0                 1.               
            des              : 0                 1.               
            3des             : 0                 1.               
            aes              : 337152           46069           
            aes-gcm          : 0                 1.               
            aria             : 0                 1.               
            seed             : 0                 1.               
            chacha20poly1305 : 0                 1.               
        Integrity (generated/validated)
            null             : 0                 1.               
            md5              : 0                 1.               
            sha1             : 337152           46069           
            sha256           : 0                 1.               
            sha384           : 0                 1.               
            sha512           : 0                 1.               
    
    NPU Ho