Hi, I have the below Nagios plugin bash script
#!/bin/bash > # Written By Nicole > # Any Comments or Questions please e-mail to [email protected] > # > # Plugin Name: check_ipsec > # Version: 2.0 > # Date: 26/08/2008 > # > # Usage: check_ipsec --tunnels <n> > # > # gateways.txt file must be located in same directory > # and has to look like: > # nameofconn1 192.168.0.1 > # nameofconn2 192.168.1.1 > # > # ------------Defining Variables------------ > PROGNAME=`basename $0` > PROGPATH=`echo $0 | sed -e 's,[\\/][^\\/][^\\/]*$,,'` > REVISION=`echo '$Revision: 2.0 $' | sed -e 's/[^0-9.]//g'` > #STRONG=`$IPSECBIN --version |grep strongSwan | wc -l` > DOWN="" > # ---------- Change to your needs ---------- > PLUGINPATH="/usr/lib64/nagios/plugins" > GATEWAYLIST="gateways.txt" > IPSECBIN="/usr/sbin/ipsec" > FPINGBIN="/usr/sbin/fping" > # ping server in network on the other side of the tunnel > PINGIP=1 # ping yes or no (1/0) > # ------------------------------------------ > . $PROGPATH/utils.sh > > # Testing availability of $IPSECBIN, $FPINGBIN and $GATEWAYLIST > if [ $# -eq 0 ]; > then > echo UNKNOWN - missing Arguments. Run check_ipsec --help > exit $STATE_UNKNOWN > fi > test -e $IPSECBIN > if [ $? -ne 0 ]; > then > echo CRITICAL - $IPSECBIN not exist > exit $STATE_CRITICAL > else > STRONG=`$IPSECBIN --version |grep strongSwan | wc -l` > fi > if [ $PINGIP -eq 1 ] > then > test -e $FPINGBIN > if [ $? -ne 0 ]; > then > echo CRITICAL - $FPINGBIN not exist > exit $STATE_CRITICAL > fi > fi > test -e $PROGPATH/$GATEWAYLIST > if [ $? -ne 0 ]; > then > echo CRITICAL - $GATEWAYLIST not exist > exit $STATE_CRITICAL > fi > print_usage() { > echo "Usage:" > echo " $PROGNAME --tunnels <number of configured tunnels>" > echo " $PROGNAME --help" > echo " $PROGNAME --version" > echo " Created by Nicole, questions or problems e-mail > [email protected]" > echo "" > } > print_help() { > print_revision $PROGNAME $REVISION > echo "" > print_usage > echo " Checks vpn connection status of an openswan or strongswan > installation." > echo "" > echo " --tunnels <number of configured tunnels>" > echo " -T <number of configured tunnels>" > echo " provides the tunnel status of the openswan or strongswan > installation" > echo "" > echo " --help" > echo " -h" > echo " prints this help screen" > echo "" > echo " --version" > echo " -V" > echo " Print version and license information" > echo "" > } > check_tunnel() { > if [[ "$STRONG" -eq "1" ]] > then > eroutes=`$IPSECBIN status | grep -e "IPsec SA established" | grep -e > "newest IPSEC" | wc -l` > else > eroutes=`$IPSECBIN whack --status | grep -e "IPsec SA established" | > grep -e "newest IPSEC" | wc -l` > fi > > if [[ "$eroutes" -eq "$2" ]] > then > echo "OK - All $2 tunnels are up an running" > exit $STATE_OK > elif [[ "$eroutes" -gt "$2" ]] > then > echo "WARNING - More than $2 ($eroutes) tunnels are up an running" > exit $STATE_WARNING > else > echo "CRITICAL - Only $eroutes tunnels from $2 are up an running - > $(location)" > exit $STATE_CRITICAL > fi > } > > location() { > count=0 > i=1 > while read line; do > CONN=`echo $line| awk '{print $1}'` > IP=`echo $line| awk '{print $2}'` > if [[ "$STRONG" -eq "1" ]] > then > tunneltest=`$IPSECBIN status | grep -e "IPsec SA established" | grep > -e "newest IPSEC" |grep -e $CONN | wc -l` > else > tunneltest=`$IPSECBIN whack --status | grep -e "IPsec SA established" > | grep -e "newest IPSEC" |grep -e "$CONN" | wc -l` > fi > if [[ "$tunneltest" -eq "0" ]] > then > count=$[$count+1] > DOWN="$DOWN $CONN" > fi > if [[ "$PINGIP" -eq "1" && "$tunneltest" -eq "1" ]] > then > alive=`$FPINGBIN $IP -r 1 | grep alive | wc -l` > if [[ "$alive" -eq "0" ]] > then > count=$[$count+1] > DOWN="$DOWN $CONN (no ping)" > fi > fi > > i=$[$i+1] > done < $PLUGINPATH/$GATEWAYLIST > echo $DOWN > } > > case "$1" in > --help) > print_help > exit $STATE_OK > ;; > -h) > print_help > exit $STATE_OK > ;; > --version) > print_revision $PLUGIN $REVISION > exit $STATE_OK > ;; > -V) > print_revision $PLUGIN $REVISION > exit $STATE_OK > ;; > --tunnels) > check_tunnel $1 $2 > ;; > -T) > check_tunnel $1 $2 > ;; > *) > print_help > exit $STATE_OK > esac [root@ plugins]#./check_ipsec --tunnels 2 *OK - All 2 tunnels are up an running* [root@ plugins]# *ipsec whack --globalstatus* > config.setup.ike.ddos_threshold=25000 > config.setup.ike.max_halfopen=50000 > current.states.all=5 > current.states.ipsec=2 > current.states.ike=2 > current.states.shunts=1 > current.states.iketype.anonymous=0 > current.states.iketype.authenticated=2 > current.states.iketype.halfopen=0 > current.states.iketype.open=0 > current.states.enumerate.STATE_MAIN_R0=0 > current.states.enumerate.STATE_MAIN_I1=0 > current.states.enumerate.STATE_MAIN_R1=0 > current.states.enumerate.STATE_MAIN_I2=0 > current.states.enumerate.STATE_MAIN_R2=0 > current.states.enumerate.STATE_MAIN_I3=0 > current.states.enumerate.STATE_MAIN_R3=0 > current.states.enumerate.STATE_MAIN_I4=2 > current.states.enumerate.STATE_AGGR_R0=0 > current.states.enumerate.STATE_AGGR_I1=0 > current.states.enumerate.STATE_AGGR_R1=0 > current.states.enumerate.STATE_AGGR_I2=0 > current.states.enumerate.STATE_AGGR_R2=0 > current.states.enumerate.STATE_QUICK_R0=0 > current.states.enumerate.STATE_QUICK_I1=0 > current.states.enumerate.STATE_QUICK_R1=0 > current.states.enumerate.STATE_QUICK_I2=2 > current.states.enumerate.STATE_QUICK_R2=0 > current.states.enumerate.STATE_INFO=0 > current.states.enumerate.STATE_INFO_PROTECTED=0 > current.states.enumerate.STATE_XAUTH_R0=0 > current.states.enumerate.STATE_XAUTH_R1=0 > current.states.enumerate.STATE_MODE_CFG_R0=0 > current.states.enumerate.STATE_MODE_CFG_R1=0 > current.states.enumerate.STATE_MODE_CFG_R2=0 > current.states.enumerate.STATE_MODE_CFG_I1=0 > current.states.enumerate.STATE_XAUTH_I0=0 > current.states.enumerate.STATE_XAUTH_I1=0 > current.states.enumerate.STATE_IKEv2_BASE=0 > current.states.enumerate.STATE_PARENT_I1=0 > current.states.enumerate.STATE_PARENT_I2=0 > current.states.enumerate.STATE_PARENT_I3=0 > current.states.enumerate.STATE_PARENT_R1=0 > current.states.enumerate.STATE_PARENT_R2=0 > current.states.enumerate.STATE_V2_CREATE_I0=0 > current.states.enumerate.STATE_V2_CREATE_I=0 > current.states.enumerate.STATE_V2_REKEY_IKE_I0=0 > current.states.enumerate.STATE_V2_REKEY_IKE_I=0 > current.states.enumerate.STATE_V2_REKEY_CHILD_I0=0 > current.states.enumerate.STATE_V2_REKEY_CHILD_I=0 > current.states.enumerate.STATE_V2_CREATE_R=0 > current.states.enumerate.STATE_V2_REKEY_IKE_R=0 > current.states.enumerate.STATE_V2_REKEY_CHILD_R=0 > current.states.enumerate.STATE_V2_IPSEC_I=0 > current.states.enumerate.STATE_V2_IPSEC_R=0 > current.states.enumerate.STATE_IKESA_DEL=0 > current.states.enumerate.STATE_CHILDSA_DEL=0 > total.ipsec.type.all=86 > total.ipsec.type.esp=1514 > total.ipsec.type.ah=0 > total.ipsec.type.ipcomp=0 > total.ipsec.type.esn=0 > total.ipsec.type.tfc=0 > total.ipsec.type.encap=0 > total.ipsec.type.non_encap=1514 > total.ipsec.traffic.in=7497596 > total.ipsec.traffic.out=20134927 > total.ike.ikev2.established=0 > total.ike.ikev2.failed=0 > total.ike.ikev1.established=2241 > total.ike.ikev1.failed=16 > total.ike.dpd.sent=0 > total.ike.dpd.recv=0 > total.ike.dpd.replied=420970 > total.ike.traffic.in=40535112 > total.ike.traffic.out=40601452 > total.xauth.started=0 > total.xauth.stopped=0 > total.xauth.aborted=0 > total.ikev1.encr.3DES_CBC=0 > total.ikev1.encr.CAST_CBC=0 > total.ikev1.encr.AES_CBC=2241 > total.ikev1.encr.CAMELLIA_CBC=0 > total.ikev1.encr.AES_CTR=0 > total.ikev1.encr.AES_CCM_A=0 > total.ikev1.encr.AES_CCM_B=0 > total.ikev1.encr.AES_CCM_16=0 > total.ikev1.encr.AES_GCM_A=0 > total.ikev1.encr.AES_GCM_B=0 > total.ikev1.encr.AES_GCM_C=0 > total.ikev1.encr.CAMELLIA_CTR=0 > total.ikev1.encr.CAMELLIA_CCM_A=0 > total.ikev1.encr.CAMELLIA_CCM_B=0 > total.ikev1.encr.CAMELLIA_CCM_C=0 > total.ikev1.integ.MD5=0 > total.ikev1.integ.SHA1=2241 > total.ikev1.integ.SHA2_256=0 > total.ikev1.integ.SHA2_384=0 > total.ikev1.integ.SHA2_512=0 > total.ikev1.group.MODP768=0 > total.ikev1.group.MODP1024=2241 > total.ikev1.group.MODP1536=0 > total.ikev1.group.MODP2048=0 > total.ikev1.group.MODP3072=0 > total.ikev1.group.MODP4096=0 > total.ikev1.group.MODP6144=0 > total.ikev1.group.MODP8192=0 > total.ikev1.group.ECP_256=0 > total.ikev1.group.ECP_384=0 > total.ikev1.group.ECP_521=0 > total.ikev1.group.DH22=0 > total.ikev1.group.DH23=0 > total.ikev1.group.DH24=0 > total.ikev1.group.ECP_192=0 > total.ikev1.group.ECP_224=0 > total.ikev1.group.BRAINPOOL_P224R1=0 > total.ikev1.group.BRAINPOOL_P256R1=0 > total.ikev1.group.BRAINPOOL_P384R1=0 > total.ikev1.group.BRAINPOOL_P512R1=0 > total.ikev1.group.CURVE25519=0 > total.ikev1.group.CURVE448=0 > total.ikev2.encr.3DES=0 > total.ikev2.encr.CAST=0 > total.ikev2.encr.NULL=0 > total.ikev2.encr.AES_CBC=0 > total.ikev2.encr.AES_CTR=0 > total.ikev2.encr.AES_CCM_A=0 > total.ikev2.encr.AES_CCM_B=0 > total.ikev2.encr.AES_CCM_C=0 > total.ikev2.encr.AES_GCM_A=0 > total.ikev2.encr.AES_GCM_B=0 > total.ikev2.encr.AES_GCM_C=0 > total.ikev2.encr.NULL_AUTH_AES_GMAC=0 > total.ikev2.encr.CAMELLIA_CBC=0 > total.ikev2.encr.CAMELLIA_CTR=0 > total.ikev2.encr.CAMELLIA_CCM_A=0 > total.ikev2.encr.CAMELLIA_CCM_B=0 > total.ikev2.encr.CAMELLIA_CCM_C=0 > total.ikev2.encr.CHACHA20_POLY1305=0 > total.ikev2.integ.HMAC_MD5_96=0 > total.ikev2.integ.HMAC_SHA1_96=0 > total.ikev2.integ.AES_XCBC_96=0 > total.ikev2.integ.HMAC_MD5_128=0 > total.ikev2.integ.HMAC_SHA1_160=0 > total.ikev2.integ.AES_CMAC_96=0 > total.ikev2.integ.AES_128_GMAC=0 > total.ikev2.integ.AES_192_GMAC=0 > total.ikev2.integ.AES_256_GMAC=0 > total.ikev2.integ.HMAC_SHA2_256_128=0 > total.ikev2.integ.HMAC_SHA2_384_192=0 > total.ikev2.integ.HMAC_SHA2_512_256=86 > total.ikev2.group.MODP768=0 > total.ikev2.group.MODP1024=0 > total.ikev2.group.MODP1536=0 > total.ikev2.group.MODP2048=0 > total.ikev2.group.MODP3072=0 > total.ikev2.group.MODP4096=0 > total.ikev2.group.MODP6144=0 > total.ikev2.group.MODP8192=0 > total.ikev2.group.ECP_256=0 > total.ikev2.group.ECP_384=0 > total.ikev2.group.ECP_521=0 > total.ikev2.group.DH22=0 > total.ikev2.group.DH23=0 > total.ikev2.group.DH24=0 > total.ikev2.group.ECP_192=0 > total.ikev2.group.ECP_224=0 > total.ikev2.group.BRAINPOOL_P224R1=0 > total.ikev2.group.BRAINPOOL_P256R1=0 > total.ikev2.group.BRAINPOOL_P384R1=0 > total.ikev2.group.BRAINPOOL_P512R1=0 > total.ikev2.group.CURVE25519=0 > total.ikev2.group.CURVE448=0 > total.ikev2.recv.invalidke.using.MODP768=0 > total.ikev2.recv.invalidke.using.MODP1024=0 > total.ikev2.recv.invalidke.using.MODP1536=0 > total.ikev2.recv.invalidke.using.MODP2048=0 > total.ikev2.recv.invalidke.using.MODP3072=0 > total.ikev2.recv.invalidke.using.MODP4096=0 > total.ikev2.recv.invalidke.using.MODP6144=0 > total.ikev2.recv.invalidke.using.MODP8192=0 > total.ikev2.recv.invalidke.using.ECP_256=0 > total.ikev2.recv.invalidke.using.ECP_384=0 > total.ikev2.recv.invalidke.using.ECP_521=0 > total.ikev2.recv.invalidke.using.DH22=0 > total.ikev2.recv.invalidke.using.DH23=0 > total.ikev2.recv.invalidke.using.DH24=0 > total.ikev2.recv.invalidke.using.ECP_192=0 > total.ikev2.recv.invalidke.using.ECP_224=0 > total.ikev2.recv.invalidke.using.BRAINPOOL_P224R1=0 > total.ikev2.recv.invalidke.using.BRAINPOOL_P256R1=0 > total.ikev2.recv.invalidke.using.BRAINPOOL_P384R1=0 > total.ikev2.recv.invalidke.using.BRAINPOOL_P512R1=0 > total.ikev2.recv.invalidke.using.CURVE25519=0 > total.ikev2.recv.invalidke.using.CURVE448=0 > total.ikev2.recv.invalidke.suggesting.MODP768=0 > total.ikev2.recv.invalidke.suggesting.MODP1024=0 > total.ikev2.recv.invalidke.suggesting.MODP1536=0 > total.ikev2.recv.invalidke.suggesting.MODP2048=0 > total.ikev2.recv.invalidke.suggesting.MODP3072=0 > total.ikev2.recv.invalidke.suggesting.MODP4096=0 > total.ikev2.recv.invalidke.suggesting.MODP6144=0 > total.ikev2.recv.invalidke.suggesting.MODP8192=0 > total.ikev2.recv.invalidke.suggesting.ECP_256=0 > total.ikev2.recv.invalidke.suggesting.ECP_384=0 > total.ikev2.recv.invalidke.suggesting.ECP_521=0 > total.ikev2.recv.invalidke.suggesting.DH22=0 > total.ikev2.recv.invalidke.suggesting.DH23=0 > total.ikev2.recv.invalidke.suggesting.DH24=0 > total.ikev2.recv.invalidke.suggesting.ECP_192=0 > total.ikev2.recv.invalidke.suggesting.ECP_224=0 > total.ikev2.recv.invalidke.suggesting.BRAINPOOL_P224R1=0 > total.ikev2.recv.invalidke.suggesting.BRAINPOOL_P256R1=0 > total.ikev2.recv.invalidke.suggesting.BRAINPOOL_P384R1=0 > total.ikev2.recv.invalidke.suggesting.BRAINPOOL_P512R1=0 > total.ikev2.recv.invalidke.suggesting.CURVE25519=0 > total.ikev2.recv.invalidke.suggesting.CURVE448=0 > total.ikev2.sent.invalidke.using.MODP768=0 > total.ikev2.sent.invalidke.using.MODP1024=0 > total.ikev2.sent.invalidke.using.MODP1536=0 > total.ikev2.sent.invalidke.using.MODP2048=0 > total.ikev2.sent.invalidke.using.MODP3072=0 > total.ikev2.sent.invalidke.using.MODP4096=0 > total.ikev2.sent.invalidke.using.MODP6144=0 > total.ikev2.sent.invalidke.using.MODP8192=0 > total.ikev2.sent.invalidke.using.ECP_256=0 > total.ikev2.sent.invalidke.using.ECP_384=0 > total.ikev2.sent.invalidke.using.ECP_521=0 > total.ikev2.sent.invalidke.using.DH22=0 > total.ikev2.sent.invalidke.using.DH23=0 > total.ikev2.sent.invalidke.using.DH24=0 > total.ikev2.sent.invalidke.using.ECP_192=0 > total.ikev2.sent.invalidke.using.ECP_224=0 > total.ikev2.sent.invalidke.using.BRAINPOOL_P224R1=0 > total.ikev2.sent.invalidke.using.BRAINPOOL_P256R1=0 > total.ikev2.sent.invalidke.using.BRAINPOOL_P384R1=0 > total.ikev2.sent.invalidke.using.BRAINPOOL_P512R1=0 > total.ikev2.sent.invalidke.using.CURVE25519=0 > total.ikev2.sent.invalidke.using.CURVE448=0 > total.ikev2.sent.invalidke.suggesting.MODP768=0 > total.ikev2.sent.invalidke.suggesting.MODP1024=0 > total.ikev2.sent.invalidke.suggesting.MODP1536=0 > total.ikev2.sent.invalidke.suggesting.MODP2048=0 > total.ikev2.sent.invalidke.suggesting.MODP3072=0 > total.ikev2.sent.invalidke.suggesting.MODP4096=0 > total.ikev2.sent.invalidke.suggesting.MODP6144=0 > total.ikev2.sent.invalidke.suggesting.MODP8192=0 > total.ikev2.sent.invalidke.suggesting.ECP_256=0 > total.ikev2.sent.invalidke.suggesting.ECP_384=0 > total.ikev2.sent.invalidke.suggesting.ECP_521=0 > total.ikev2.sent.invalidke.suggesting.DH22=0 > total.ikev2.sent.invalidke.suggesting.DH23=0 > total.ikev2.sent.invalidke.suggesting.DH24=0 > total.ikev2.sent.invalidke.suggesting.ECP_192=0 > total.ikev2.sent.invalidke.suggesting.ECP_224=0 > total.ikev2.sent.invalidke.suggesting.BRAINPOOL_P224R1=0 > total.ikev2.sent.invalidke.suggesting.BRAINPOOL_P256R1=0 > total.ikev2.sent.invalidke.suggesting.BRAINPOOL_P384R1=0 > total.ikev2.sent.invalidke.suggesting.BRAINPOOL_P512R1=0 > total.ikev2.sent.invalidke.suggesting.CURVE25519=0 > total.ikev2.sent.invalidke.suggesting.CURVE448=0 > total.ipsec.encr.3DES=0 > total.ipsec.encr.CAST=0 > total.ipsec.encr.NULL=0 > total.ipsec.encr.AES_CBC=1514 > total.ipsec.encr.AES_CTR=0 > total.ipsec.encr.AES_CCM_A=0 > total.ipsec.encr.AES_CCM_B=0 > total.ipsec.encr.AES_CCM_C=0 > total.ipsec.encr.AES_GCM_A=0 > total.ipsec.encr.AES_GCM_B=0 > total.ipsec.encr.AES_GCM_C=0 > total.ipsec.encr.NULL_AUTH_AES_GMAC=0 > total.ipsec.encr.CAMELLIA_CBC=0 > total.ipsec.encr.CAMELLIA_CTR=0 > total.ipsec.encr.CAMELLIA_CCM_A=0 > total.ipsec.encr.CAMELLIA_CCM_B=0 > total.ipsec.encr.CAMELLIA_CCM_C=0 > total.ipsec.encr.CHACHA20_POLY1305=0 > total.ipsec.integ.HMAC_MD5=0 > total.ipsec.integ.HMAC_SHA1=1514 > total.ipsec.integ.HMAC_SHA2_256=0 > total.ipsec.integ.HMAC_SHA2_384=0 > total.ipsec.integ.HMAC_SHA2_512=0 > total.ipsec.integ.HMAC_RIPEMD=0 > total.ipsec.integ.AES_XCBC=0 > total.ipsec.integ.AES_128_GMAC=0 > total.ipsec.integ.AES_192_GMAC=0 > total.ipsec.integ.AES_256_GMAC=0 > total.ikev1.sent.notifies.error.INVALID_PAYLOAD_TYPE=0 > total.ikev1.sent.notifies.error.DOI_NOT_SUPPORTED=0 > total.ikev1.sent.notifies.error.SITUATION_NOT_SUPPORTED=0 > total.ikev1.sent.notifies.error.INVALID_COOKIE=0 > total.ikev1.sent.notifies.error.INVALID_MAJOR_VERSION=0 > total.ikev1.sent.notifies.error.INVALID_MINOR_VERSION=0 > total.ikev1.sent.notifies.error.INVALID_EXCHANGE_TYPE=0 > total.ikev1.sent.notifies.error.INVALID_FLAGS=0 > total.ikev1.sent.notifies.error.INVALID_MESSAGE_ID=0 > total.ikev1.sent.notifies.error.INVALID_PROTOCOL_ID=0 > total.ikev1.sent.notifies.error.INVALID_SPI=0 > total.ikev1.sent.notifies.error.INVALID_TRANSFORM_ID=0 > total.ikev1.sent.notifies.error.ATTRIBUTES_NOT_SUPPORTED=0 > total.ikev1.sent.notifies.error.NO_PROPOSAL_CHOSEN=0 > total.ikev1.sent.notifies.error.BAD_PROPOSAL_SYNTAX=0 > total.ikev1.sent.notifies.error.PAYLOAD_MALFORMED=2 > total.ikev1.sent.notifies.error.INVALID_KEY_INFORMATION=0 > total.ikev1.sent.notifies.error.INVALID_ID_INFORMATION=0 > total.ikev1.sent.notifies.error.INVALID_CERT_ENCODING=0 > total.ikev1.sent.notifies.error.INVALID_CERTIFICATE=0 > total.ikev1.sent.notifies.error.CERT_TYPE_UNSUPPORTED=0 > total.ikev1.sent.notifies.error.INVALID_CERT_AUTHORITY=0 > total.ikev1.sent.notifies.error.INVALID_HASH_INFORMATION=0 > total.ikev1.sent.notifies.error.AUTHENTICATION_FAILED=0 > total.ikev1.sent.notifies.error.INVALID_SIGNATURE=0 > total.ikev1.sent.notifies.error.ADDRESS_NOTIFICATION=0 > total.ikev1.sent.notifies.error.NOTIFY_SA_LIFETIME=0 > total.ikev1.sent.notifies.error.CERTIFICATE_UNAVAILABLE=0 > total.ikev1.sent.notifies.error.UNSUPPORTED_EXCHANGE_TYPE=0 > total.ikev1.sent.notifies.error.UNEQUAL_PAYLOAD_LENGTHS=0 > total.ikev1.recv.notifies.error.INVALID_PAYLOAD_TYPE=0 > total.ikev1.recv.notifies.error.DOI_NOT_SUPPORTED=0 > total.ikev1.recv.notifies.error.SITUATION_NOT_SUPPORTED=0 > total.ikev1.recv.notifies.error.INVALID_COOKIE=0 > total.ikev1.recv.notifies.error.INVALID_MAJOR_VERSION=0 > total.ikev1.recv.notifies.error.INVALID_MINOR_VERSION=0 > total.ikev1.recv.notifies.error.INVALID_EXCHANGE_TYPE=0 > total.ikev1.recv.notifies.error.INVALID_FLAGS=0 > total.ikev1.recv.notifies.error.INVALID_MESSAGE_ID=0 > total.ikev1.recv.notifies.error.INVALID_PROTOCOL_ID=0 > total.ikev1.recv.notifies.error.INVALID_SPI=0 > total.ikev1.recv.notifies.error.INVALID_TRANSFORM_ID=0 > total.ikev1.recv.notifies.error.ATTRIBUTES_NOT_SUPPORTED=0 > total.ikev1.recv.notifies.error.NO_PROPOSAL_CHOSEN=0 > total.ikev1.recv.notifies.error.BAD_PROPOSAL_SYNTAX=0 > total.ikev1.recv.notifies.error.PAYLOAD_MALFORMED=0 > total.ikev1.recv.notifies.error.INVALID_KEY_INFORMATION=0 > total.ikev1.recv.notifies.error.INVALID_ID_INFORMATION=0 > total.ikev1.recv.notifies.error.INVALID_CERT_ENCODING=0 > total.ikev1.recv.notifies.error.INVALID_CERTIFICATE=0 > total.ikev1.recv.notifies.error.CERT_TYPE_UNSUPPORTED=0 > total.ikev1.recv.notifies.error.INVALID_CERT_AUTHORITY=0 > total.ikev1.recv.notifies.error.INVALID_HASH_INFORMATION=0 > total.ikev1.recv.notifies.error.AUTHENTICATION_FAILED=0 > total.ikev1.recv.notifies.error.INVALID_SIGNATURE=0 > total.ikev1.recv.notifies.error.ADDRESS_NOTIFICATION=0 > total.ikev1.recv.notifies.error.NOTIFY_SA_LIFETIME=0 > total.ikev1.recv.notifies.error.CERTIFICATE_UNAVAILABLE=0 > total.ikev1.recv.notifies.error.UNSUPPORTED_EXCHANGE_TYPE=0 > total.ikev1.recv.notifies.error.UNEQUAL_PAYLOAD_LENGTHS=0 > total.ikev2.sent.notifies.error.UNSUPPORTED_CRITICAL_PAYLOAD=0 > total.ikev2.sent.notifies.error.INVALID_IKE_SPI=0 > total.ikev2.sent.notifies.error.INVALID_MAJOR_VERSION=0 > total.ikev2.sent.notifies.error.INVALID_SYNTAX=0 > total.ikev2.sent.notifies.error.INVALID_MESSAGE_ID=0 > total.ikev2.sent.notifies.error.INVALID_SPI=0 > total.ikev2.sent.notifies.error.NO_PROPOSAL_CHOSEN=0 > total.ikev2.sent.notifies.error.INVALID_KE_PAYLOAD=0 > total.ikev2.sent.notifies.error.AUTHENTICATION_FAILED=0 > total.ikev2.sent.notifies.error.SINGLE_PAIR_REQUIRED=0 > total.ikev2.sent.notifies.error.NO_ADDITIONAL_SAS=0 > total.ikev2.sent.notifies.error.INTERNAL_ADDRESS_FAILURE=0 > total.ikev2.sent.notifies.error.FAILED_CP_REQUIRED=0 > total.ikev2.sent.notifies.error.TS_UNACCEPTABLE=0 > total.ikev2.sent.notifies.error.INVALID_SELECTORS=0 > total.ikev2.sent.notifies.error.UNACCEPTABLE_ADDRESSES=0 > total.ikev2.sent.notifies.error.UNEXPECTED_NAT_DETECTED=0 > total.ikev2.sent.notifies.error.USE_ASSIGNED_HoA=0 > total.ikev2.sent.notifies.error.TEMPORARY_FAILURE=0 > total.ikev2.sent.notifies.error.CHILD_SA_NOT_FOUND=0 > total.ikev2.sent.notifies.error.INVALID_GROUP_ID=0 > total.ikev2.sent.notifies.error.AUTHORIZATION_FAILED=0 > total.ikev2.recv.notifies.error.UNSUPPORTED_CRITICAL_PAYLOAD=0 > total.ikev2.recv.notifies.error.INVALID_IKE_SPI=0 > total.ikev2.recv.notifies.error.INVALID_MAJOR_VERSION=0 > total.ikev2.recv.notifies.error.INVALID_SYNTAX=0 > total.ikev2.recv.notifies.error.INVALID_MESSAGE_ID=0 > total.ikev2.recv.notifies.error.INVALID_SPI=0 > total.ikev2.recv.notifies.error.NO_PROPOSAL_CHOSEN=0 > total.ikev2.recv.notifies.error.INVALID_KE_PAYLOAD=0 > total.ikev2.recv.notifies.error.AUTHENTICATION_FAILED=0 > total.ikev2.recv.notifies.error.SINGLE_PAIR_REQUIRED=0 > total.ikev2.recv.notifies.error.NO_ADDITIONAL_SAS=0 > total.ikev2.recv.notifies.error.INTERNAL_ADDRESS_FAILURE=0 > total.ikev2.recv.notifies.error.FAILED_CP_REQUIRED=0 > total.ikev2.recv.notifies.error.TS_UNACCEPTABLE=0 > total.ikev2.recv.notifies.error.INVALID_SELECTORS=0 > total.ikev2.recv.notifies.error.UNACCEPTABLE_ADDRESSES=0 > total.ikev2.recv.notifies.error.UNEXPECTED_NAT_DETECTED=0 > total.ikev2.recv.notifies.error.USE_ASSIGNED_HoA=0 > total.ikev2.recv.notifies.error.TEMPORARY_FAILURE=0 > total.ikev2.recv.notifies.error.CHILD_SA_NOT_FOUND=0 > total.ikev2.recv.notifies.error.INVALID_GROUP_ID=0 > total.ikev2.recv.notifies.error.AUTHORIZATION_FAILED=0 *ipsec whack --trafficstatus* > 006 #5023: "neustar-sterling-primary", type=ESP, add_time=1540207376, > inBytes=9709, outBytes=3602, id='121.114.10.5' > 006 #5019: "neustar-sterling-secondary", type=ESP, add_time=1540206027, > inBytes=678, outBytes=246, id='121.114.11.5' What attributes i should refer to from *ipsec whack --globalstatus *and *ipsec whack --trafficstatus *as part of monitoring? Thanks in Advance. Best Regards, Kaushal On Mon, Oct 22, 2018 at 4:18 PM John Crisp <[email protected]> wrote: > On 22/10/18 09:47, Paul Wouters wrote: > >> Any recommendations. Thanks in Advance. > > > > ipsec whack --traffistatus > > I think that should be: > > ipsec whack --trafficstatus > > :-) > > _______________________________________________ > Swan mailing list > [email protected] > https://lists.libreswan.org/mailman/listinfo/swan >
_______________________________________________ Swan mailing list [email protected] https://lists.libreswan.org/mailman/listinfo/swan
