Shrew Soft Inc : Support – Trac

Context Navigation

Introduction

This guide describes what information should be included when submitting a VPN Client for Unix bug report. Please read this information carefully as the likelihood of getting a problem corrected is usually directly related to the quality of the bug report being submitted.

Describe Your Problem Clearly

Please describe the problem symptoms and the circumstance under which the problem occurs. It is also very important to note how the problem can be re-produced.

Include Your Client and Gateway Information

Please include your client and gateway information with each new problem report. The following information should be stated.

VPN Client Version
Unix OS Version
Gateway Make/Model
Gateway OS Version ( if known )

Include Debug Output

The Shrew Soft VPN Client has several options that can be enabled which produce valuable debug output. This information is absolutely essential to help isolate and resolve a reported problem. At a minimum, you should include the IKE Service Debug Output with any new problem report. To gather this information, perform the following steps.

Enable IKE Daemon Debug Output

To enable the IKE daemon debug output, open your iked.conf file with a text editor. Modify the daemon section of the file by seting the log_level option to debug and specifying a custom log output file path. Also specify a path for the pcap_decrypt option.

daemon
{
    socket ike 500;
    socket natt 4500;

    log_level debug;
    log_file "/var/log/iked.log";

    pcap_decrypt "/var/log/dump-ike-decrypt.cap";
}

Restart the IKE daemon. If you are using a Linux system with an SYSV init script, use it to restart the daemon.

# /etc/init.d/iked restart

To manually restart the service, first locate the iked process id and use the kill utility to stop the daemon. Afterwards you can restart the daemon. You will need root equivalent privileges to perform these steps.

# ps aux | grep iked
root    54252  0.0  1.1  4536  2896  ??  Ss    7:53PM   0:00.01 iked
# kill 54252
# iked

Reproduce Your Problem

While reproducing your problem, the VPN Client will capture debug output to be submitted with your bug report.

Copy IKE Daemon Debug Output Files

To make a copy of the IKE daemon debug output, perform the following steps.

Make sure the IKE daemon is not running
Copy the following files to a temporary directory
- /var/log/iked.log
- /var/log/dump-ike-decrypt.cap

For example:

mkdir ~/ikedebug
cp /var/log/iked.log ~/ikedebug/
cp /var/log/dump-ike-decrypt.cap ~/ikedebug/

Disabe IKE Daemon Debug Output

To disable the IKE daemon debug output, open your iked.conf file with a text editor. Modify the daemon section of the file by seting the log_level option to none. Also remove or comment out the pcap_decrypt option. Afterwards you can restart the daemon.

Archive the Debug Output

Use the tar utility to store the debug output files in a compressed archive.

For example:

cd ~
tar zcvf ikedebug.tgz ikedebug

If you will be submitting your report directly to Shrew Soft support, attach the archive file to your bug report email. If you plan to post your problem description to the vpn-help mailing list, please send your debug output directly to Shrew Soft support in a separate email if it contains sensitive information.

Example Bug Report

Problem:

The VPN client fails to connect to my gateway. When I click on connect,
the client application reports that a negotiation timed out occurred.

To Reproduce:

Connect to any SuperEX 1510 VPN Gateway.

VPN Client Version = 2.1.0 RC1
Unix OS Version = FreeBSD 6.3-RELEASE
Gateway Make/Model = SuperEX 1510
Gateway OS Version = 3.7

ikedebug.tgz [attachment]
\ikedebug\iked.log
 ikedebug\dump-ike-decrypt.cap

Download in other formats:

Plain Text


	HOME SOFTWARE DOWNLOAD SUPPORT CONTACT ABOUT Support Search: Login Preferences Help/Guide About Trac Wiki Timeline Roadmap View Tickets Search Context Navigation Start Page Index History Last Change Introduction This guide describes what information should be included when submitting a VPN Client for Unix bug report. Please read this information carefully as the likelihood of getting a problem corrected is usually directly related to the quality of the bug report being submitted. Describe Your Problem Clearly Please describe the problem symptoms and the circumstance under which the problem occurs. It is also very important to note how the problem can be re-produced. Include Your Client and Gateway Information Please include your client and gateway information with each new problem report. The following information should be stated. VPN Client Version Unix OS Version Gateway Make/Model Gateway OS Version ( if known ) Include Debug Output The Shrew Soft VPN Client has several options that can be enabled which produce valuable debug output. This information is absolutely essential to help isolate and resolve a reported problem. At a minimum, you should include the IKE Service Debug Output with any new problem report. To gather this information, perform the following steps. Enable IKE Daemon Debug Output To enable the IKE daemon debug output, open your iked.conf file with a text editor. Modify the daemon section of the file by seting the log_level option to debug and specifying a custom log output file path. Also specify a path for the pcap_decrypt option. daemon { socket ike 500; socket natt 4500; log_level debug; log_file "/var/log/iked.log"; pcap_decrypt "/var/log/dump-ike-decrypt.cap"; } Restart the IKE daemon. If you are using a Linux system with an SYSV init script, use it to restart the daemon. # /etc/init.d/iked restart To manually restart the service, first locate the iked process id and use the kill utility to stop the daemon. Afterwards you can restart the daemon. You will need root equivalent privileges to perform these steps. # ps aux \| grep iked root 54252 0.0 1.1 4536 2896 ?? Ss 7:53PM 0:00.01 iked # kill 54252 # iked Reproduce Your Problem While reproducing your problem, the VPN Client will capture debug output to be submitted with your bug report. Copy IKE Daemon Debug Output Files To make a copy of the IKE daemon debug output, perform the following steps. Make sure the IKE daemon is not running Copy the following files to a temporary directory /var/log/iked.log /var/log/dump-ike-decrypt.cap For example: mkdir ~/ikedebug cp /var/log/iked.log ~/ikedebug/ cp /var/log/dump-ike-decrypt.cap ~/ikedebug/ Disabe IKE Daemon Debug Output To disable the IKE daemon debug output, open your iked.conf file with a text editor. Modify the daemon section of the file by seting the log_level option to none. Also remove or comment out the pcap_decrypt option. Afterwards you can restart the daemon. Archive the Debug Output Use the tar utility to store the debug output files in a compressed archive. For example: cd ~ tar zcvf ikedebug.tgz ikedebug If you will be submitting your report directly to Shrew Soft support, attach the archive file to your bug report email. If you plan to post your problem description to the vpn-help mailing list, please send your debug output directly to Shrew Soft support in a separate email if it contains sensitive information. Example Bug Report Problem: The VPN client fails to connect to my gateway. When I click on connect, the client application reports that a negotiation timed out occurred. To Reproduce: Connect to any SuperEX 1510 VPN Gateway. VPN Client Version = 2.1.0 RC1 Unix OS Version = FreeBSD 6.3-RELEASE Gateway Make/Model = SuperEX 1510 Gateway OS Version = 3.7 ikedebug.tgz [attachment] \ikedebug\iked.log ikedebug\dump-ike-decrypt.cap Download in other formats: Plain Text Powered by Trac 0.11.4 By Edgewall Software. Visit the Trac open source project at http://trac.edgewall.org/ © 2009 Shrew Soft Inc. Home \| Software \| Download \| Support \| Contact \| About