VPN Connect Metrics

You can monitor the health, capacity, and performance of your VPN Connect by using metrics, alarms, and notifications. For more information, see Monitoring Overview and Notifications Overview.

This topic describes the metrics emitted by the metric namespace oci_vpn.

Resources: IPSec connections.

Overview of Metrics: oci_vpn

The available metrics help you determine quickly if your VPN Connect is up, how much data is flowing over the connection, and if packets are being dropped for unexpected errors.

A VPN Connect includes these resources:

  • An IPSec connection, which you can think of as the parent resource (identified by parentResourceId in the following discussion).
  • One or more individual tunnels associated with that IPSec connection (each identified by the tunnel's publicIp in the following discussion).

Required IAM Policy

To monitor resources, you must be given the required type of access in a policy  written by an administrator, whether you're using the Console or the REST API with an SDK, CLI, or other tool. The policy must give you access to the monitoring services as well as the resources being monitored. If you try to perform an action and get a message that you don’t have permission or are unauthorized, confirm with your administrator the type of access you've been granted and which compartment  you should work in. For more information on user authorizations for monitoring, see the Authentication and Authorization section for the related service: Monitoring or Notifications.

Available Metrics: oci_vpn

The metrics listed in the following table are automatically available for any VPN Connect that you create. You do not need to enable monitoring on the resource to get these metrics.

You also can use the Monitoring service to create custom queries.

Each metric includes the following dimensions: 

The OCID  of the IPSec connection (the parent resource). The connection has multiple individual tunnels.
Although each tunnel has its own OCID , it can be easier to use the publicIp dimension to identify a specific IPSec tunnel in the connection. The value is the public IP address of the Oracle end of the tunnel (also known as the Oracle VPN headend).
Metric Metric Display Name Unit Description Dimensions


IPSec Tunnel State

Binary (1 or 0)

Whether the tunnel is up (1) or down (0).




Packets Received


Number of packets received at the Oracle end of the connection.


Bytes Received


Number of bytes received at the Oracle end of the connection.


Packets Sent


Number of packets sent from the Oracle end of the connection.


Bytes Sent


Number of bytes sent from the Oracle end of the connection.


Packets with Errors


Number of packets dropped at the Oracle end of the connection. Dropped packets indicate a misconfiguration in some part of the overall system. Check if there's been a change to the configuration of your VCN, the IPSec VPN, or your CPE.

Using the Console

To view default metrics charts for an individual tunnel in an IPSec connection
To view default metric charts for all IPSec connections in a compartment

Using the API

For information about using the API and signing requests, see REST APIs and Security Credentials. For information about SDKs, see Software Development Kits and Command Line Interface.

Use the following APIs for monitoring: