3.3. Verifying

Verifying that the VPN is up is fairly easy. The first test is to try and ping a system on the remote end using its real IP address. If that doesn't work, you'll need to run the netstat command and verify that the VPN has been activated and entered routes to the other end of the VPN. You should see something like the following:

[email protected]:~ # netstat -nr
Kernel IP routing table
Destination     Gateway     Genmask         Flags   MSS Window  irtt Iface
192.168.2.0     68.5.12.1   255.255.255.0   UG        0 0          0 ipsec01
192.168.0.0     0.0.0.0     255.255.255.0   U         0 0          0 eth0
68.5.12.0       0.0.0.0     255.255.252.0   U         0 0          0 eth1
68.5.12.0       0.0.0.0     255.255.252.0   U         0 0          0 ipsec02
0.0.0.0         68.5.12.1   0.0.0.0         UG        0 0          0 eth1
[email protected]:~ #
                
1 2

Routes on ipsec0.

Notice the two routes on interface ipsec0. Both of them will be there if the VPN is up and running. If they are not there, then something is wrong with the parameters entered into the VPN configuration or the network between the two firewalls.