VPN tunnels

The VPN Tunnels module presents IPSec VPN and SSL VPN tunnels under two separate tabs.

IPSec VPN Tunnels tab

The following window appears when you click on the VPN Tunnels menu:

$Description: C:\Documentations\Modifications\Guide\RealTimeMonitor\Images-FR\Figure52.png$

Figure 51: IPSec VPN tunnels

This section sets out the statistics of the tunnel's operation.

The following information is displayed in this window:

Source	IP address or name of the tunnel initiator
Source address	IP address of the tunnel initiator
Bytes	Incoming and outgoing throughput
Destination	Destination IP address
Status	Indicates the status of the tunnel. (Example: Mature).
Lifetime	The SA’s (Security Association) lifetime in a graphical representation of the position in this lifetime as well as the value (expressed in hours, minutes and seconds).
Authentication	Name of the authentication algorithm
Encryption	Name of the encryption algorithm

The tunnel is made up of two sub-tunnels, one for each direction of the datagram transmission.

REMARK

The algorithms and limits have been configured in the firewall's web administration interface (refer to the Stormshield Network Security user and configuration guide for further details).

TIP

You will find other information regarding the parameters in this window in the RFCs.

Further information may be found in RFC 2401 IPSEC:

http://www.ietf.org/rfc/rfc2401.txt or on sites such as: http://www.guill.net/reseaux/Ipsec.html

This status is color-coded. The line containing VPN information will use the color corresponding to the tunnel’s status.

	Undetermined
	Larval: the SA is in the process of being negotiated or has not been completely negotiated.
	Mature: the SA has been established and is available; the VPN tunnel has been correctly set up.
	Dying: the SA will soon expire; a new SA is in the progress of being negotiated.
	Dead: the SA has expired and cannot be used; the tunnel has not been set up and is therefore no longer active.
	Orphan: a problem has occurred, in general this status means that the tunnel has been set up in only one direction.

The Actions button makes it possible to perform certain actions on the selected event (for further information, please refer to the section Pop-up menu on rows):

View logs of outgoing SPIs,
View logs of incoming SPIs,
View the outgoing policy,
View the incoming policy,
Reset this tunnel,
Reset all tunnels.

SSL VPN Tunnels tab

The following window appears when you click on the VPN Tunnels menu:

$Description: C:\Documentations\Modifications\Guide\RealTimeMonitor\Images-FR\figure53.png$

Figure 52: SSL VPN tunnels

It displays statistics on the operation of SSL VPN tunnels that have been set up.

The following information is displayed in this window:

User	Name of the user that initiated the tunnel.
VPN IP address	IP address assigned by the OpenVPN server to the client, for communications through the SSL VPN tunnel.
Source IP address	IP address of the client workstation outside the SSL VPN tunnel (local network address).
Received	Amount of data the client has received through the SSL VPN tunnel (unit: bits).
Sent	Amount of data the client has sent through the SSL VPN tunnel (unit: bits).
Duration	Time elapsed since the setup of the SSL VPN tunnel (expressed in days, hours, minutes and seconds).
Port	Source port used by the client to set up the SSL VPN tunnel.

The Actions button makes it possible to perform certain actions on the selected event (for further information, please refer to the section Pop-up menu on rows):

View host,
Remove this tunnel.