[ previous ] [ next ] [ threads ]
 From:  Bjoern Euler <lists at edain dot de>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Montor IPSEC tunnel via SNMP?
 Date:  Tue, 15 Aug 2006 17:03:16 +0200
Paul Dugas wrote:
> If not, is there a command in the stock image that would dump the state
> of the tunnels that I could call from exec.php and possibly via an added
> CGI?

You could use "/usr/sbin/setkey -D" through exec.phpwhich shows the 
current security associations (SA) for IPSec. These effectively are the 
IPSec tunnels that are up at the moment (or should be).
Since m0n0wall currently lacks some enhanced IPSec features like 
Dead-Peer-Detections it's hard to say 100% from SA that a tunnel is up 
and working.
I would suggest a combination of ping through the tunnel + a check with 
the above command. This should give you a good indication of tunnel uptime.