Dear all,
I'd like to debug my gre tunnels, what are the commands to do?
Thank you in advance,
Bests Regards,
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi,
you can view the gre tunnel status using the following commands
diag netlink interface list name <gre-tunnel-name>
get sys interface
as long as the you assign the valid tunnel source, gre tunnel comes up. there is no gre keepalive packets fgt send like cisco routers.
HTH.
Hello,
Thank you very much for your help. If i understand, when i run this command, the tunnel should come up?
Btw, how can i debug if my tunnel won't come up?
Bests Regards,
You can using any of the diag sniffer commands
e.g
diag sniffer packet <interface name that virtual gre tunnel is bound to> " proto 47"
or
diag sniffer packet <interface name that virtual gre tunnel is bound to> " src host 1.1.1.1 dst host 2.2.2.2"
or
diag sniffer packet <interface name that virtual gre tunnel is bound to> "host 1.1.1.1 and 2.2.2.2"
If you you see no packet reaching you with the tunnel remote-addres or if you have no tunnel leaving your interface with the destination address, than recheck your config and routing.
PCNSE
NSE
StrongSwan
Hello emnoc,
Thank you for your support, i'll try this.
Bests Regards,
<< Thank you very much for your help. If i understand, when i run this command, the tunnel should come up? >>
the following commands are just to check if the gre tunnel is up or down
diag netlink interface list name <gre-tunnel-name>
get sys interface
You can also try ping to other side of gre tunnel ip once the tunnel comes up. Btw, how can i debug if my tunnel won't come up?
->make sure tunnel-source has valid IP sourced from another valid interface.
-> source IP interface in the gre tunnel is UP-up state.
you may follow the link for the gre config
[link]http://docs.fortinet.com/d/fortigate-ipsec-vpn-1[/link]
if the traffic cant pass after the tunnel comes up, you can use sniffer command suggested by emnoc.
Rewanta
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1710 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.