3.3. Verifying

Verifying that the VPN is up is fairly easy. The first test is to try and ping a system on the remote end using its real IP address. If that doesn't work, you'll need to run the netstat command and verify that the VPN has been activated and entered routes to the other end of the VPN. You should see something like the following:

[email protected]:~ # netstat -nr
Kernel IP routing table
Destination     Gateway     Genmask         Flags   MSS Window  irtt Iface   UG        0 0          0 ipsec01   U         0 0          0 eth0   U         0 0          0 eth1   U         0 0          0 ipsec02         UG        0 0          0 eth1
[email protected]:~ #
1 2

Routes on ipsec0.

Notice the two routes on interface ipsec0. Both of them will be there if the VPN is up and running. If they are not there, then something is wrong with the parameters entered into the VPN configuration or the network between the two firewalls.