[ previous ] [ next ] [ threads ]
 From:  "Quark IT - Hilton Travis" <hilton at quarkit dot com dot au>
 To:  <m0n0wall dash dev at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall-dev] VPN Status Suggestion
 Date:  Thu, 16 Dec 2004 06:20:50 +1000
Hi Chris,

> -----Original Message-----
> From: Chris Buechler [mailto:cbuechler at gmail dot com] 
> Sent: Wednesday, 15 December 2004 08:07
> On Tue, 14 Dec 2004 10:39:56 -0700, Mat Murdock
> <mmurdock underscore lists at kimballequipment dot com> wrote:
> > Just an idea, but I think it would be nice to 
> > have one screen that shows the status of all 
> > your VPN connections similar to what can be 
> > found on smoothwall.
> Yeah that would be nice.  Not sure how smoothwall does it.  

Well, you could say it does it badly - it is far from accurate.

> You could use the SAD to put a green light beside the 
> connections on the IPsec page that have SAD entries 
> and a red light beside the ones that don't.  Or some 
> kludge to ping something on the remote end, but that 
> wouldn't be too pretty (and sometimes the LAN side of 
> the remote endpoint won't respond to pings itself 
> anyway, Cisco PIX being one of those).

As someone suggested a bit later on, a "time since last packet" would be
handy on this status page, maybe even more useful than a "green light"
mainly because testing VPN connectivity isn't really THAT reliable,
however the SAD option may be workable.

> Or just use the SAD tab on the Diagnostics -> IPsec page as an
> indicator of which connections are up.  SAD isn't a guarantee that
> things are working appropriately, but it's about as close as you can
> get without pinging or something like that, which is less reliable
> overall, IMO.

Yeah, pinging is one of the least reliable ways to do anything much, but
unfortunately its also one of the best ways to check for remote
connectivity.  :)