VPN Bug Report Windows

From Shrew Soft Inc
Jump to: navigation, search

Introduction

This guide describes what information should be included when submitting a VPN Client for Windows bug report to the vpn-help mailing list. Please read this information carefully as the likelihood of getting a problem corrected is usually directly related to the quality of the bug report being submitted.

Describe Your Problem Clearly

Please describe the problem symptoms and the circumstance under which the problem occurs. It is also very important to note how the problem can be re-produced.

Include Your Client and Gateway Information

Please include your client and gateway information with each new problem report. The following information should be stated.

  • VPN Client Version
  • Windows OS Version
  • Gateway Make/Model
  • Gateway OS Version ( if known )

How to Include Debug Output if Requested

After posting your initial problem report to the vpn-help mailing list, we may request that you provide additional information. The Shrew Soft VPN Client has several options that can be enabled which produce valuable debug output. This information is often essential to help isolate and resolve a reported problem. To gather this information, perform the following steps.

Enable IKE Service Debug Output

To enable the IKE Service debug output, start the VPN Trace application using Administrative privileges and perform the following steps.

  • Click the IKE Service Tab and Stop the Service
  • Open the File Menu and Select Options
    • Set the Log output level to debug
    • Check the Enable packet dump of decrypted IKE traffic option ( if requested )
    • Click the OK Button
  • Click the IKE Service Tab and Start the Service

Reproduce Your Problem

While reproducing your problem, the VPN Client will capture the debug output for submission.

Copy IKE Service Debug Output Files

To make a copy of the IKE Service debug output, start the VPN Trace application using Administrative privileges and perform the following steps.

  • Click the IKE Service Tab and Stop the Service
  • Copy the following files from <VPN Client>\debug to a temporary directory
    • iked.log
    • dump-ike-decrypt.cap

Disable IKE Service Debug Output

To disable the IKE Service debug output, start the VPN Trace application using Administrative privileges and perform the following steps.

  • Click the IKE Service Tab and Stop the Service
  • Open the File Menu and Select Options
    • Set the Log output level to none
    • Uncheck the Enable packet dump of decrypted IKE traffic option
    • Click the OK Button
  • Click the IKE Service Tab and Start the Service

Archive the Debug Output

Use 7zip, Winzip or a similar utility to store the debug output files in a compressed archive. If you plan to post debug output to the vpn-help mailing list, please be sure to remove sensitive information from log files such as your gateway IP address. Alternately, you can send your archive attachment directly to your Shrew Soft contact in a separate email.

NOTE: Never post decrypted binary packet dump information to the mailing list. Also, never post log output using a level higher than debug. This output may include information that could be used to compromise the security of your gateway.

Example Bug Report

Problem:

The VPN client fails to connect to my gateway when I have firmware
version 3.7 installed. After clicking connect, the client reports
it has received an invalid message from the gateway. Downgrading
my gateway firmware to version 3.6 allows me to connect again.

To Reproduce:

Connect to any SuperEX 1510 VPN Gateway using firmware revision 3.7.

VPN Client Version = 2.1.0 RC1
Windows OS Version = Windows XP SP2
Gateway Make/Model = SuperEX 1510
Gateway OS Version = 3.7

debug.zip [attachment]
\iked.log
 dump-ike-decrypt.cap ( if requested )
Namespaces

Variants
Actions