The VPN client includes a log facility which can be used to help resolve
connectivity issues. This facility has a few tunables that can be set via the
registry. Output is stored in a subdirectory directly below the client install
directory named debug. The log file output and debug options can now be
accessed via the VPN Trace application which is distributed with the client
package.
Registry Settings
The root registry key for settings ...
HKEY_LOCAL_MACHINE\SOFTWARE\ShrewSoft\vpn
Possible value names and thier purpose ...
DWORD dump-ike Provide a pcap dump of decrypted IKE packets
DWORD dump-pub Provide a pcap dump of public interface packets
DWORD dump-prv Provide a pcap dump of private interface packets
0 = disable
1 = enable
SZ logfile Log file name including the path
DWORD loglevel Log level
0 = None
1 = Errors only
2 = Informational
3 = Debug
4 = Text Decode
Applying Changes to Debug Options
For any change in debug output to take effect, the Shrew Soft IPSEC Daemon
must be restarted via either the VPN Trace application, the Computer
Management Services applet or by using the net command line utility.
To restart the IPSEC Daemon from the command line, type the following
commands ...
net stop ipsecd
net start ipsecd
NOTE : Decrypted IKE packets may not accurately represent the correct time
stamp or IP header info. For example, the IP identity values will be incorrect.