Check a VPN status for a subscription

Last updated: Nov 15, 2023
IMPLEMENTATION
SUPPORT
HEALTH TECH VENDOR

If you or your connection uses a VPN to secure your data exchange, you can check the VPN status on the Subscriptions tab of the Connections page in the Redox dashboard.

A VPN status represents the state of the VPN tunnel configured between Redox and your organization, or your connection and Redox. You may want to check the VPN status if you see one or more failed requests to or from a VPN-secured configuration. Alternatively, you can monitor alerts or create a traffic alert rule to proactively receive notifications related to VPN issues.

For details about each VPN test and status type, check out the definitions at the end of this article.

  1. From the navigation menu, click the Connections page.
  2. All of your connections display on the page. Select the connection that you want to check.
  3. The Subscriptions page opens with more detailed information.
    • Subscriptions: Shows the directionality of the information. Read more about subscriptions.
    • VPN status: Displays the latest VPN status. Review the status definition table to find out what each color means.
  4. Locate the subscription that you want to check and hover over the status icon. The Network Status List modal appears with the details for the given subscription, along with the IP and port values.
    Check the status of a VPN connection
    Check the status of a VPN connection
  5. If you want more details about the VPN test or status, click the endpoint name.
    1. If your connection owns the endpoint, the endpoint settings page opens with Base Info, Status Info, and VPN Info sections.
      Check the endpoint details
      Check the endpoint details
      • Base Info: Describes the subscription.
      • Status Info: Displays the results from the VPN test(s). Review the status definition table at the end of this article to find out what each VPN test type means. A status check can include either a Security Association (SA), TCP heartbeat or ping, or both.
      • VPN Info: Shows the sending and receiving IP addresses for VPN. It also shows the receiving port value.
    2. If you own the endpoint, the Developer settings page opens with the communication method, data format, and Status Info section (which is the same as the Status Info described above).
      VPN status in Developer settings
      VPN status in Developer settings

VPN test types

A status check can include either a Security Association, TCP heartbeat or ping, or both.

  • Security association (SA): Tests that both servers have the necessary information to exchange data securely. This tells you whether the VPN tunnel is active.
  • TCP heartbeat: Tests whether the VPN endpoint is receiving data. This is our default check for VPN configurations receiving data from Redox and is recommended over a ping since it's more reliable. Sometimes an interface setup doesn't support TCP heartbeat, in which case, we may fall back to testing with a ping. Read more about TCP heartbeat or ping.
  • Ping: Tests whether the VPN endpoint is receiving data. Read more about ping.

Status definitions

Review the table below for a breakdown of the possible statuses.

Overall status

The overall status displays on the Subscriptions tab.

Overall status
Overall status
Status color
Notes
Green
Success.
For a node that sends data over VPN, this means that Redox has an established SA over VPN.
For a node that receives data over VPN, this is a combined status of the SA and TCP heartbeat or ping tests. Since the combined status reflects the worst case status between the two, a green status means that Redox has an established SA over VPN and can communicate with the configured VPN IP (with a TCP heartbeat, test, Redox can also communicate with the configured port).
Red
Failure.
For a node that sends data over VPN, this means that Redox couldn't establish an SA over VPN.
For a node that receives data over VPN, this is a combined status of the SA and TCP heartbeat or ping tests. Since the combined status reflects the worst case status between the two, a red status means that Redox either can't establish SA over VPN or can't communicate with the configured VPN IP (with a TCP heartbeat test, this would include not being able to communicate with the configured port).
Yellow
Warning.
For a node that receives data over VPN, the VPN is healthy, but the connection's firewall or interface is responding with an error. The VPN node may not be listening on the port that Redox is sending to or you need to complete routing rules.
Gray
Unknown.
For a node that sends data over VPN, this indicates that there's insufficient data to determine the VPN status.

Detailed status

The detailed status either displays when you hover over the status icon on the Subscriptions tab. Alternatively, you can view the detailed status on the Endpoint settings page (if your connection owns the VPN node) or Developer settings (if your organization owns the VPN node).

VPN test type
Status color
Notes
SA
Green
Success.
Redox has an established SA over VPN.
SA
Red
Failure.
Redox couldn't establish an SA over VPN.
TCP heartbeat
Green
Success.
Redox can communicate with the configured VPN IP and port.
TCP heartbeat
Yellow
Warning.
The VPN is healthy, but the connection's firewall or interface is responding with an error. The VPN node may not be listening on the port to which Redox is sending or you need to complete routing rules.
TCP heartbeat
Red
Failure.
Redox can't communicate with the configured VPN IP and port, probably due to firewall, configuration, or networking issues.
TCP heartbeat or ping
Gray
Unknown.
Indicates that there's insufficient data to determine the receiving node's status.
Ping
Green
Success.
Redox can ping the configured VPN IP.
Ping
Red
Failure.
Redox can't communicate with the configured VPN IP.