Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 

Show VPN Routing on CLI

HeikoAnkenbrand
Champion
Champion

sipr123.JPG
The following command shows detailed policy based routing on the CLI. You found the policy based VPN routes  to the corresponding external gateway. The basic Check Point table is "fw tab -f -t vpn_routing -u".

_Val__0-1605787183339.png

Command:

echo -e "\033[0m####################\n# VPN Routing      #\n####################";fw tab -f -t vpn_routing -u 2>&1 |grep -v "+"| awk '{split($0,a,";"); print a[8]}' |sort -ng |uniq | awk '{split($0,a," "); print a[2]}' | xargs -I % sh -c  'echo -n "Externa

...;
TO ACCESS CHECKMATES TOOLBOX it's simple and free

Disclaimer: Check Point does not provide maintenance services or technical or customer support for third party content provided on this Site, including in CheckMates Toolbox. See also our Third Party Software Disclaimer.




18 Replies

Armin_Weiler
Participant

Great job!

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Claudio_Bolcato
Contributor

Amazing!!!
Thanks for sharing.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


ED
Advisor

Thanks for sharing.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Kim_Moberg
Advisor

Awsome. Thank you for sharing.

Do you have a way to reset vpn tunnel via command line?

I would like to automate vpn tu procedure.


;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


HeikoAnkenbrand
Champion
Champion

Hi Kim,

I think you can use the following commands to delete vpn connections.

  vpn tu del ipsec all
  vpn tu del ipsec ip-addr
  vpn tu del ipsec ip-addr username
  vpn tu del all
  vpn tu del ip-addr
  vpn tu del ip-addr username

Regards,

Heiko

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Rolf_Kaschek
Contributor

Nice command.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Ukko_Metsola
Participant

Is it possible to add ProxyID‘s to the routes?

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


jessica_smith
Contributor

When I try the show vpn routing on cli on the FW, it does not work.

 

 

 

[Expert@fw1-sydney-a]# echo -e "\033[0m####################\n# VPN Routing #\n####################";fw tab -f -t vpn_routing -u 2>&1 |grep -v "+"| awk '{split($0,a,";"); print a[8]}' |sort -ng |uniq | awk '{split($0,a," "); print a[2]}' | xargs -I % sh -c 'echo -n "External Gateway: ";echo -e "\033[0;31m % \\033[37m";echo -e " Routing: \033[32m";fw tab -f -t vpn_routing -u 2>&1 |grep % |awk '\''{split($0,b,"

...;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Maria_Pologova
Collaborator

For me doesn't give any output for some reason. R77.30 Take 338. fw tab -t vpn_routing -u -f works though.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

AlexeyB
Contributor

Because in actual script additional param seted: "grep -v '+' ". You may use simplified command like this:

fw tab -t vpn_routing -u | awk 'NR>3 {$0=substr($0,2,28); gsub(", ", ""); gsub("; ", ""); gsub("..", "0x& "); print}' | xargs printf "%d.%d.%d.%d\t-\t%d.%d.%d.%d\tPeer: %d.%d.%d.%d\r\n"

Checked on many takes of 77.30

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


(1)

Maria_Pologova
Collaborator

Brilliant, thank you Alexey. For myself just added sorting by first column.

fw tab -t vpn_routing -u | awk 'NR>3 {$0=substr($0,2,28); gsub(", ", ""); gsub("; ", ""); gsub("..", "0x& "); print}' | xargs printf "%d.%d.%d.%d\t-\t%d.%d.%d.%d\tPeer: %d.%d.%d.%d\r\n" | sort -k1n,1
;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


Pankaj_Mishra
Explorer

Is there any option to edit VPN routes in Kernel ? I have many routes from one peer (not in my control) and I need to remove one route. Please suggest.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Benjamin_Lacaze
Explorer

Hi,

I adapted the full command to work on a R77.30 Gaia, with the same display as the screenshot:

echo -e "\033[0m####################\n# VPN Routing      #\n####################";fw tab -f -t vpn_routing -u 2>&1 |grep "+"| awk '{split($4,a,";"); print a[6]}' |sort -ng |uniq | awk '{split($0,a,":"); print a[2]}' | xargs -I % sh -'echo -n "External Gateway: ";echo -e "\033[0;31m % \\033[37m";echo -e "  Routing: \033[32m";fw tab -f -t vpn_routing -u 2>&1 |grep % |awk '\''{split($4
...;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


AlexeyB
Contributor

Now you may compare scripts execution times. My version is faster. Smiley Happy Because I don't use `-f` for formating output and I call `fw tab` only once. After all my colleague just added additional sorting for outpue like this: 

sort -t . -k  1,1n -k 2,2n -k 3,3n -k 4,4n

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Danny
Champion
Champion

Hi @AlexeyB,

I like your solution and created a One-liner from it that also adds grouping and coloring, which is also included with our ccc script.

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

AlexeyB
Contributor

Hi,  @Danny  I didn't specifically group the output so that it would be convenient to filter the output line by line, using "grep" to filter by peer or the specific network you need. Everyone can adapt this command to their own needs. I'm glad that my code was useful to someone 🙂

;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

Solo
Explorer
it works,thanks! ;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos

David_Brodin
Contributor

Cleaned it up for at least r80.30:


   echo -e "\033[0m####################\n# VPN Routing #\n####################"; fw tab -f -t vpn_routing -u 2>&1 | grep -v "+\|\-2" | awk '{split($0,a,";"); print a[6]}' | sort -ng | uniq | awk '{split($0,a," "); print a[2]}' | xargs -I % sh -c 'echo -n "External Gateway: "; echo -e "\033[0;31m % \\033[37m"; echo -e " Routing: \033[32m"; fw tab -f -t vpn_routing -u 2>&1 | grep -v "+\|\-2" | awk '\''{split($0,b,";"); print b[4] b[5]}'\'' | sed 's/From
...;
TO ACCESS CHECKMATES TOOLBOX it's simple and free


0 Kudos