web_gui:vpn_status_page [2010/11/22 10:34] mats |
web_gui:vpn_status_page [2010/11/26 14:11] (current) mats |
||
---|---|---|---|
Line 54: | Line 54: | ||
* As for the actual data traffic: on the inside LAN interface the packets are shown before being encrypted into the tunnel (resp. after they have been decrypted from the tunnel), with their TCP/UDP headers visible (port numbers, IP destination etc). | * As for the actual data traffic: on the inside LAN interface the packets are shown before being encrypted into the tunnel (resp. after they have been decrypted from the tunnel), with their TCP/UDP headers visible (port numbers, IP destination etc). | ||
* On the WAN port, however, these packets are forwarded as ESP or AH packets - the TCP or UDP (or whatever) header/payload is disguised (encrypted) on that interface. The original destination IP address is also invisible, since all AH/ESP packets are simply sent to the remote IPSec gateway. | * On the WAN port, however, these packets are forwarded as ESP or AH packets - the TCP or UDP (or whatever) header/payload is disguised (encrypted) on that interface. The original destination IP address is also invisible, since all AH/ESP packets are simply sent to the remote IPSec gateway. | ||
+ | |||
+ | ---- | ||
+ | :?: The [[vpn_log_page|VPN log]] page is also useful for monitoring the progress of the IPsec tunnels. | ||
\\ | \\ | ||
===== Security associations ===== | ===== Security associations ===== | ||
Line 61: | Line 64: | ||
**Destination** Global IP address of the connected peer for the tunnel. (For outgoing tunnels the IP address of the remote peer, for incoming tunnels the own global IP address of this unit.)\\ | **Destination** Global IP address of the connected peer for the tunnel. (For outgoing tunnels the IP address of the remote peer, for incoming tunnels the own global IP address of this unit.)\\ | ||
**Direction** "Incoming" or "Outgoing" depending on whether the tunnel is used to receive or transmit data.\\ | **Direction** "Incoming" or "Outgoing" depending on whether the tunnel is used to receive or transmit data.\\ | ||
- | **SPI** (Security Parameter Index) Tunnel ID number used by the firewall log. [[wp>Security_Parameter_Index|SPI]]\\ | + | **SPI** (Security Parameter Index) Tunnel ID number to uniquely identify the SA, showed by the firewall log. [[wp>Security_Parameter_Index|SPI]]\\ |
**Protocol** IPSec encapsulation protocol. Can be AH ([[wp>IPsec#Authentication_Header|Authentication Header]]) and/or ESP ([[wp>IPsec#Encapsulating_Security_Payload|Encapsulating Security Payload]]) protocol.\\ | **Protocol** IPSec encapsulation protocol. Can be AH ([[wp>IPsec#Authentication_Header|Authentication Header]]) and/or ESP ([[wp>IPsec#Encapsulating_Security_Payload|Encapsulating Security Payload]]) protocol.\\ | ||
**Algorithm** Encryption/authentication algorithms used.\\ | **Algorithm** Encryption/authentication algorithms used.\\ | ||
**Elapsed time** Tunnel uptime (number of seconds since it was established).\\ | **Elapsed time** Tunnel uptime (number of seconds since it was established).\\ | ||
- | **Life time** Maximum allowed uptime for the tunnel. If elapsed time reaches this value a new traffic tunnel will be negotiated.\\ | + | **Life time** Maximum allowed uptime for the tunnel. If elapsed time approaches this value a new traffic tunnel will be negotiated.\\ |
**Bytes processed** Number of data bytes transferred in the tunnel since its establishment.\\ | **Bytes processed** Number of data bytes transferred in the tunnel since its establishment.\\ | ||
**Errored packets** Number of packets not conforming or dropped due to errors, since tunnel was established.\\ | **Errored packets** Number of packets not conforming or dropped due to errors, since tunnel was established.\\ |