Announcing the SAVIYNT KNOWLEDGE EXCHANGE unifying the Saviynt forums, documentation, training, and more in a single search tool across platforms. Click HERE to read the Announcement.

Check connection of redhat Saviynt Servers

LW-Analyst
New Contributor
New Contributor

Is there a way to check the connection of our 8 redhat SC2 saviynt servers via command line on our end? And what else should we be checking after servers are rebooted, and after they are patched? What should we be looking for in logs, and what processes should we check? We have learned that if we resubmit the configuration from the GUI console we can tail one log and look for the tunnel to be up - other than that - along those lines what should we be looking for?

Thanks!

3 REPLIES 3

Falcon
Saviynt Employee
Saviynt Employee

LW-Analyst
New Contributor
New Contributor

We are looking for a command that we can use to validate that the tunnel is up and running from the redhat command line.

bharath1
Saviynt Employee
Saviynt Employee

Hello,
To validate the connectivity from the command line pre or post restart/patching:

  • Check the network interface named tun0 using the below command.
    The tun0 interface will be created when the connectivity is established between the SC2 server and client
    ifconfig
  • Ping the tunnel interface/tunnel IP of the SC2 server. Pinging the tunnel IP ensures the connectivity is present.
    ping 192.168.255.1

    Post restart or Patching if the tunnel is not up:
  • Ensure the service openvpn and is running, if not restart the service
    systemctl status openvpn-client@client

    #To restart the service 
    systemctl restart openvpn-client@client

    Run the iptables dump to check for iptables rules:

    iptables-save > /tmp/iptables_post.dump

    cat /tmp/iptables_post.dump
    #Check if the below rules exists as per the inputs provided previously. Screenshot attached for reference.
    -A POSTROUTING -o ens32 -m policy --dir out --pol none -j MASQUERADE
    -A POSTROUTING -s -m policy --dir out --pol none -j SNAT --to-source

    bharath1_1-1687440997444.png

    #If any rules are missing, add them using below commands:

    iptables -A INPUT -j ACCEPT
    iptables -t nat -A POSTROUTING -o NetworkInterfaceName  -m policy --dir out --pol none -j MASQUERADE
    iptables -t nat -A POSTROUTING -s SaviyntCloudCIDR -m policy --dir out --pol none -j SNAT --to-source ServerPrivateIPv4Address
    iptables-save > /etc/sysconfig/iptables
     
    These commands should be able validate the connectivity between the sc2 server and client