Site-to-Site VPN monitoring

The Site-to-Site Virtual Private Network (VPN) service in Oracle Cloud Infrastructure (OCI) lets you establish a secure internet protocol security (IPSec) virtual private network connection between your on-premises network and your OCI virtual cloud network (VCN). This ensures private, encrypted communication between your OCI resources and on-premises infrastructure.

Overview

Site24x7’s integration with OCI's Site-to-Site VPN enables continuous monitoring of VPN connection health, tunnel status, and traffic metrics. It helps you detect outages, configuration issues, or degraded performance before they impact business operations.

When you add the Site-to-Site VPN monitor in Site24x7, each VPN tunnel associated with it is automatically added as a child monitor. The VPN Tunnel monitor in Site24x7 provides detailed visibility into the health and performance of individual tunnels within your OCI Site-to-Site VPN connection. By monitoring each tunnel separately, you can identify issues at a granular level, such as a single tunnel going down or experiencing high latency, without affecting the overall VPN status.

Use case

A financial services company uses OCI Site-to-Site VPN to securely connect its on-premises data center with multiple VCNs in the Oracle Cloud. The connection is configured with two VPN tunnels for redundancy so that if one tunnel goes down, traffic automatically routes through the other. During peak business hours, one of the tunnels silently fails due to a configuration issue at the customer’s firewall. Since traffic continues to flow through the second tunnel, the overall VPN connection still appears healthy, and without tunnel-level monitoring, this partial outage might go unnoticed.

With the Site24x7 integration, the Site-to-Site VPN monitor confirms that the connection is active, while the VPN Tunnel monitor immediately flags the tunnel failure. An alert is triggered, notifying the IT team before users experience degraded performance or risk a complete outage if the second tunnel also fails. By monitoring at both the VPN and tunnel levels, the company avoids prolonged undetected issues, ensures redundancy is maintained, and prevents downtime for critical financial applications.

Benefits of Site24x7's Site-to-Site VPN integration

Integrate your Site-to-Site VPN with Site24x7 to gain these benefits:

Ensure VPN availability: Track the operational status of each VPN and its tunnels, with alerts for downtime or connection failures.
Monitor traffic flow: Analyze inbound and outbound traffic patterns per VPN and per tunnel to spot unusual spikes or drops.
Detect performance degradation: Monitor latency and packet loss trends to identify network quality issues affecting your connectivity.
Spot configuration issues early: Identify misconfigured tunnels, incorrect routing, or unused VPN connections that can affect performance and security.
Proactive alerts: Set up thresholds and receive instant alerts on threshold breaches, enabling quick response to potential problems.

Setup and configuration

Follow this guidance to prepare Site24x7:

Site24x7 uses cross-tenancy access to monitor your resources using Site24x7's tenancy user. Log in to your Site24x7 account and create a specific policy to allow Site24x7 to view your resources without affecting your security.
On the Integrate OCI Monitor page, select Site-to-Site VPN from the Services to be discovered list.

Permissions

Ensure that the associated OCI policy has the following statement:

The following permission grants access to the entire VCN for integration.

"read virtual-network-family"

The following two permissions restrict access only to the VPN resources needed for integration with Site24x7.

"inspect ipsec-connections"
"inspect cpes"

Polling frequency

Site24x7 queries OCI service-level APIs according to the set polling frequency (from once a minute to once a day) to collect metrics from the Site-to-Site VPN monitor.

Supported metrics

These are the supported metrics for the Site-to-Site VPN and VPN Tunnel monitor:

Metric name	Description	Statistics	Unit
IPSec Tunnel State	Whether the tunnel is up (1) or down (0).	Maximum	Binary (1 or 0)
Packets Received	Number of packets received at the Oracle end of the connection.	Sum	Packets
Bytes Received	Number of bytes received at the Oracle end of the connection.	Sum	Bytes
Packets Sent	Number of packets sent from the Oracle end of the connection.	Sum	Packets
Bytes Sent	Number of bytes sent from the Oracle end of the connection.	Sum	Bytes
Packets with Errors	Number of packets dropped at the Oracle end of the connection. Dropped packets indicate a misconfiguration in some part of the overall system. Check if there was a change to the configuration of the VCN, Site-to-Site VPN, or the CPE.	Sum	Packets

Threshold configuration

To configure thresholds for the Site-to-Site VPN monitor:

Log in to your Site24x7 account and navigate to Admin > Configuration Profiles > Threshold and Availability.
Click Add Threshold Profile.
Select Site-to-Site VPN from the Monitor Type drop-down menu and provide an appropriate name in the Display Name field.
The supported metrics are displayed in the Threshold Configuration section. You can set threshold values for all the metrics mentioned above.
Click Save.

Licensing

The licensing details are as follows:

Each Site-to-Site VPN monitor utilizes one basic monitor license.
Each VPN Tunnel monitor is a free monitor.

Viewing Site-to-Site VPN data

To monitor your Site-to-Site VPN environment, log in to your Site24x7 account and navigate to Cloud > OCI > Site-to-Site VPN.

Monitor data

The monitoring data for Site-to-Site VPN and the VPN Tunnel monitors are given below:

Site-to-Site VPN

The monitor data for the Site-to-Site VPN monitor is given below.

Summary

The Summary tab provides a comprehensive overview of the events timeline and metrics, presenting insightful charts that shed light on the performance of the Site-to-Site VPN monitor.

Tunnels

This view provides a consolidated list of all VPN tunnels under the selected Site-to-Site VPN connection. It enables you to monitor their operational status, traffic health, and error rates in one place, and quickly drill down into individual tunnel monitors for detailed troubleshooting. Click the desired monitor name to view the VPN Tunnel monitor data.

Configuration

The Configuration tab summarizes essential details of the Site-to-Site VPN monitor, including its Compartment ID, Created Time, and other configuration details.

Zia Forecast

The Zia Forecast tab displays the forecast chart with future points of a performance metric (measurement of resource usage) based on historical time series data. Historical data, of up to 30 days, is used to predict what your metric usage will be in the next seven days.

Outages

The Outages tab provides details on an outage's Start Time, End Time, Duration, and Comments, if any.

Inventory

Obtain details like Type, Region, Monitor Licensing Category, and much more from the Inventory tab. The Threshold and Availability Profile and the Notification Profile can be set according to the user and viewed in this tab.

Log Report

The Log Report tab provides a consolidated report of the Site-to-Site VPN monitor's log status, which can be downloaded as a CSV file.

Alert Logs

The Alert Logs tab displays a chronological list of all triggered alerts related to the Site-to-Site VPN monitor. This tab helps you trace alert history and severity to assess issues and validate threshold settings.

VPN Tunnel

The monitor data for the VPN Tunnel monitor is given below.