vpn shell

Description

VPN Command Line Interface.

Syntax for IPv4

vpn shell

Syntax for IPv6

vpn6 shell

Menu Options

[Expert@MyGW:0]# vpn shell
 ?             - This help
 ..            - Go up one level
 quit          - Quit
[interface   ] - Manipulate tunnel interfaces
[show        ] - Show internal data
[tunnels     ] - Manipulate tunnel data
[license     ] - Display SCM licenses
VPN shell:[/] >

Menu Sub-Options

interface
      add
      modify
      delete
      show
show
      interface
      tunnels
            IKE
                  all
                  peer <Internal Peer IP>
            IPsec
                  all
                  peer <Internal Peer IP>
tunnels
      show
            IKE
                  all
                  peer <Internal Peer IP>
            IPsec
                  all
                  peer <Internal Peer IP>
      delete
            IKE
                  peer <Security Gateway>
                  user <Username>
                  all
            IPsec
                  peer <Security Gateway>
                  user <Username>
                  all
            all
                  IKE
                  IPsec
license
      scm
            status
            list

Description of Options and Sub-Options

Option

Description

?

Shows the available advanced commands in the current menu level.

..

Goes up one level in the menu.

quit

Quits the VPN shell (available only in the main level).

interface

These commands are deprecated on Gaia OS.

Use the applicable options in Gaia Portal or the applicable commands in Gaia Clish.

See the R81 Gaia Administration Guide.

show

Shows internal data.

The available options are:

  • Show and configure tunnel interfaces:

    show > interface

    These commands are deprecated on Gaia OS.

    Use the applicable options in Gaia Portal or the applicable commands in Gaia Clish.

    See the R81 Gaia Administration Guide.

 

  • Show Security Associations (SAs):

    show > tunnels

    The available sub-options are:

    • Show all IKE SAs

      show > tunnels > IKE > all

      Note - This sub-option is the same as:

      • In the main vpn tu menu, the option (3) List all IKE SAs for a given peer (GW).

      • The "vpn tu [-w] list ike" command (see vpn tu list).

    • Show all IKE SAs for a specified VPN peer:

      show > tunnels > IKE > peer <Internal Peer IP>

      Note - This sub-option is the same as:

      • In the main vpn tu menu, the option (1) List all IKE SAs.

      • The "vpn tu [-w] list peer_ike <IP Address>" command (see vpn tu list).

    • Show all IPsec SAs

      show > tunnels > IPsec > all

      Note - This sub-option is the same as:

      • In the main vpn tu menu, the option (2) List all IPsec SAs.

      • The "vpn tu [-w] list ipsec" command (see vpn tu list).

    • Show all IPsec SAs for a specified VPN peer:

      show > tunnels > IPsec > peer <Internal Peer IP>

      Note - This sub-option is the same as:

      • In the main vpn tu menu, the option (4) List all IPsec SAs for a given peer (GW).

      • The "vpn tu [-w] list peer_ipsec <IP Address>" command (see vpn tu list).

tunnels

Shows and deletes Security Associations (SAs).

The available options are:

  • Show Security Associations (SAs):

    tunnels > show

    The available sub-options are:

    • Show all IKE SAs:

      tunnels > show > IKE > all

      Note - This sub-option is the same as:

      • In the main vpn tu menu, the option (1) List all IKE SAs.

      • The "vpn tu [-w] list ike" command (see vpn tu list).

    • Show all IKE SAs for a specified VPN peer:

      tunnels > show > IKE > peer <Internal Peer IP>

      Note - This sub-option is the same as:

      • In the main vpn tu menu, the option (3) List all IKE SAs for a given peer (GW).

      • The "vpn tu [-w] list peer_ike <IP Address>" command (see vpn tu list).

    • Show all IPsec SAs:

      tunnels > show > IPsec > all

      Note - This sub-option is the same as:

      • In the main vpn tu menu, the option (2) List all IPsec SAs.

      • The "vpn tu [-w] list ipsec" command (see vpn tu list).

    • Show all IPsec SAs for a specified VPN peer:

      tunnels > show > IPsec > peer <Internal Peer IP>

      Note - This sub-option is the same as:

      • In the main vpn tu menu, the option (4) List all IPsec SAs for a given peer (GW).

      • The "vpn tu [-w] list peer_ipsec <IP Address>" command (see vpn tu list).

 

  • Delete Security Associations (SAs):

    tunnels > delete

    The available sub-options are:

    • Delete all IKE for a specified VPN peer:

      tunnels > delete > IKE > peer <Internal Peer IP>

    • Delete all IKE for a specified user:

      tunnels > delete > IKE > user <Username>

    • Delete all IKE SAs for all VPN peers and users:

      tunnels > delete > IKE > all
      		 
      tunnels > delete > all > IKE

    • Delete all IPsec SAs for a specified VPN peer:

      tunnels > delete > IPsec > peer <Internal Peer IP>

      Note - This sub-option is the same as:

      • In the main vpn tu menu, the option (5) Delete all IPsec SAs for a given peer (GW).

      • The "vpn tu [-w] del ipsec <IP Address>" command (see vpn tu del).

    • Delete all IPsec SAs for a specified user:

      tunnels > delete > IPsec > user <Username>

      Note - This sub-option is the same as:

      • In the main vpn tu menu, the option (6) Delete all IPsec SAs for a given User (Client).

      • The "vpn tu [-w] del ipsec <IP Address> <Username>" command (see vpn tu del).

    • Delete all IPsec SAs for all VPN peers and users:

      tunnels > delete > IPsec > all
      		 
      tunnels > delete > all > IPsec

      Note - This sub-option is the same as:

      • In the main vpn tu menu, the option (9) Delete all IPsec SAs for ALL peers and users.

      • The "vpn tu [-w] del ipsec all" command (see vpn tu del).

license

Shows the SecureClient Mobile (SCM) licenses.

The available sub-options are:

  • Show the current status of SCM licenses:

    license > scm > status

  • Show the list of SCM licensed devices:

    license > scm > list