Hub & Spoke Troubleshooting
This document gives you steps to fix VPN connection problems that act like hubs and spokes on a wheel. When things aren't working right, you might have trouble connecting or the VPN isn't working at all. The steps here will help you check the settings to make sure everything is set up correctly and that the various parts of the VPN, such as OpenVPN and IPsec, are working properly.
Issue: Configuration Mismatch
Symptom
- The spoke LAN is unable to communicate with the hub.
- Latency issues or intermittent connectivity between hub and spoke.
- Hub and spoke sites cannot communicate properly.
Troubleshooting Steps
1. Access the CE Terminal
- Log in to the CE terminal with superuser privileges to perform diagnostic checks.
sudo su -
2. Checking OpenVPN Configuration
- Run the following command to check the OpenVPN configuration in the last applied settings:
cat /tmp/last_config_response.json | jq .interfacesConfig.openVpn
3. Checking Network Configuration
- Verify the network configuration file to ensure proper interface settings:
sudo cat /etc/config/network
4. Checking Apinger (Network Monitoring)
- Apinger monitors network status and latency. Check its configuration:
cat /etc/config/apinger
- Check the current Apinger status:
cat /tmp/apinger.status
5. Checking IPsec Configuration
- Verify the IPsec configuration in the last applied settings:
cat /tmp/last_config_response.json | jq .ipsecConfig
6. Checking Libreswan (IPsec Service)
- Validate the Libreswan configuration file:
cat /etc/config/libreswan
7. Checking OpenVPN Logs
- Review OpenVPN logs for errors:
logread -e openvpn
8. Checking IPsec Status
- To check if the IPsec service is running, execute:
/etc/init.d/ipsec status
- If the IPsec service is not running, start it by executing:
/etc/init.d/ipsec start
- If you need to stop the IPsec service, use the following command:
/etc/init.d/ipsec stop