cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

Show VPN Routing on CLI

The following command shows detailed policy based routing on the CLI. You found the policy based VPN routes  to the corresponding external gateway. The basic Check Point table is "fw tab -f -t vpn_routing -u".


 

Command:

echo -e "\033[0m####################\n# VPN Routing      #\n####################";fw tab -f -t vpn_routing -u 2>&1 |grep -v "+"| awk '{split($0,a,";"); print a[8]}' |sort -ng |uniq | awk '{split($0,a," "); print a[2]}' | xargs -I % sh -c  'echo -n "External Gateway: ";echo -e "\033[0;31m % \\033[37m";echo -e "  Routing: \033[32m";fw tab -f -t vpn_routing -u 2>&1 |grep % |awk '\''{split($0,b,";"); print b[6] b[7]}'\''| sed 's/From\://'| sed 's/To\:/-/'|sort -u ;echo -e "\033[0m" '

 

Regards,

Heiko Ankenbrand

16 Replies

Re: Show VPN Routing on CLI

Great job!

Re: Show VPN Routing on CLI

Amazing!!!
Thanks for sharing.

ED
Silver

Re: Show VPN Routing on CLI

Thanks for sharing.

Kim_Moberg
Silver

Re: Show VPN Routing on CLI

Awsome. Thank you for sharing.

Do you have a way to reset vpn tunnel via command line?

I would like to automate vpn tu procedure.


Best Regards
Kim

Re: Show VPN Routing on CLI

Hi Kim,

I think you can use the following commands to delete vpn connections.

  vpn tu del ipsec all
  vpn tu del ipsec ip-addr
  vpn tu del ipsec ip-addr username
  vpn tu del all
  vpn tu del ip-addr
  vpn tu del ip-addr username

Regards,

Heiko

Highlighted

Re: Show VPN Routing on CLI

Nice command.

0 Kudos

Re: Show VPN Routing on CLI

Is it possible to add ProxyID‘s to the routes?

Re: Show VPN Routing on CLI

When I try the show vpn routing on cli on the FW, it does not work.

 

 

 

[Expert@fw1-sydney-a]# echo -e "\033[0m####################\n# VPN Routing #\n####################";fw tab -f -t vpn_routing -u 2>&1 |grep -v "+"| awk '{split($0,a,";"); print a[8]}' |sort -ng |uniq | awk '{split($0,a," "); print a[2]}' | xargs -I % sh -c 'echo -n "External Gateway: ";echo -e "\033[0;31m % \\033[37m";echo -e " Routing: \033[32m";fw tab -f -t vpn_routing -u 2>&1 |grep % |awk '\''{split($0,b,";"); print b[6] b[7]}'\''| sed 's/From\://'| sed 's/To\:/-/'|sort -u ;echo -e "\033[0m" '
####################
# VPN Routing #
####################
xargs: invalid option -- I
BusyBox v1.8.1 (2017-11-29 13:01:08 IST) multi-call binary

Usage: xargs [OPTIONS] [COMMAND] [ARGS...]

Execute COMMAND on every item given by standard input

Options:
-p Prompt the user about whether to run each command
-r Do not run command for empty read lines
-x Exit if the size is exceeded
-0 Input filenames are terminated by a null character
-t Print the command line on stderr before executing it

sort: unknown sort type

0 Kudos

Re: Show VPN Routing on CLI

For me doesn't give any output for some reason. R77.30 Take 338. fw tab -t vpn_routing -u -f works though.

0 Kudos
AlexeyB
Nickel

Re: Show VPN Routing on CLI

Because in actual script additional param seted: "grep -v '+' ". You may use simplified command like this:

fw tab -t vpn_routing -u | awk 'NR>3 {$0=substr($0,2,28); gsub(", ", ""); gsub("; ", ""); gsub("..", "0x& "); print}' | xargs printf "%d.%d.%d.%d\t-\t%d.%d.%d.%d\tPeer: %d.%d.%d.%d\r\n"

Checked on many takes of 77.30

Re: Show VPN Routing on CLI

Brilliant, thank you Alexey. For myself just added sorting by first column.

fw tab -t vpn_routing -u | awk 'NR>3 {$0=substr($0,2,28); gsub(", ", ""); gsub("; ", ""); gsub("..", "0x& "); print}' | xargs printf "%d.%d.%d.%d\t-\t%d.%d.%d.%d\tPeer: %d.%d.%d.%d\r\n" | sort -k1n,1

Re: Show VPN Routing on CLI

Is there any option to edit VPN routes in Kernel ? I have many routes from one peer (not in my control) and I need to remove one route. Please suggest.

0 Kudos

Re: Show VPN Routing on CLI

Hi,

I adapted the full command to work on a R77.30 Gaia, with the same display as the screenshot:

echo -e "\033[0m####################\n# VPN Routing      #\n####################";fw tab -f -t vpn_routing -u 2>&1 |grep "+"| awk '{split($4,a,";"); print a[6]}' |sort -ng |uniq | awk '{split($0,a,":"); print a[2]}' | xargs -I % sh -'echo -n "External Gateway: ";echo -e "\033[0;31m % \\033[37m";echo -e "  Routing: \033[32m";fw tab -f -t vpn_routing -u 2>&1 |grep % |awk '\''{split($4,b,";"); print "  "b[2] b[3]}'\''| sed 's/From\://'| sed 's/,To\:/---/'|sort -u ;echo -e "\033[0m"'
AlexeyB
Nickel

Re: Show VPN Routing on CLI

Now you may compare scripts execution times. My version is faster. Smiley Happy Because I don't use `-f` for formating output and I call `fw tab` only once. After all my colleague just added additional sorting for outpue like this: 

sort -t . -k  1,1n -k 2,2n -k 3,3n -k 4,4n

0 Kudos
Danny
Pearl

Re: Show VPN Routing on CLI

Hi @AlexeyB,

I like your solution and created a One-liner from it that also adds grouping and coloring, which is also included with our ccc script.

0 Kudos
AlexeyB
Nickel

Re: Show VPN Routing on CLI

Hi, @Danny  I didn't specifically group the output so that it would be convenient to filter the output line by line, using "grep" to filter by peer or the specific network you need. Everyone can adapt this command to their own needs. I'm glad that my code was useful to someone 🙂

0 Kudos