IPSec server debug logs

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

IPSec server debug logs

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
IPSec server debug logs
IPSec server debug logs
2023-08-03 02:26:58
Tags: #VPN
Model: ER707-M2  
Hardware Version: V1
Firmware Version: 1.1.0

I have trouble establishing IKEv2 VPN with with another client. I suspect it could be proposal miss match in Phase 1 or Phase 2. How can I get debug logs? Device is managed by oc200 controller.

  0      
  0      
#1
Options
5 Reply
Re:IPSec server debug logs
2023-08-04 00:55:33

  @nsnidanko 

i don't think there is one. have you compared the phase 1 & 2? 

ScReW yOu gUyS. I aM GOinG hoMe. —————————————————————— For heaven's sake, can you write and describe your issue based on plain fact, common logic and a methodologic approach? Appreciate it.
  0  
  0  
#2
Options
Re:IPSec server debug logs
2023-08-04 01:04:00 - last edited 2023-08-04 01:04:35

  @Tedd404 comparing both sides is not an option when two devices belong to a different organizations and managed by a different administrators. Debug log is essential so one can pinpoint the problem.

  0  
  0  
#3
Options
Re:IPSec server debug logs
2023-08-04 01:45:41

  @nsnidanko 

well, if you don't know what's the phase 1 and 2 parameters on another site, then how do you set it? isn't this counter intuitive? what you saying is that I need a debug log so I can try the parameters of phase 1 and 2?

if you are not certain if the parameters are right, then you should not even use ipsec. what should the debug log tell you? encryption isn't right? but it does not tell you what encryption you should use. there isn't anything useful from the debug log.

you wireshark and debug it on the basis of your config is right. even you have this wireshark captured, what does it help? nothing. 

 

and phase 1 2 are not plaintext.

ScReW yOu gUyS. I aM GOinG hoMe. —————————————————————— For heaven's sake, can you write and describe your issue based on plain fact, common logic and a methodologic approach? Appreciate it.
  0  
  0  
#4
Options
Re:IPSec server debug logs
2023-08-04 14:27:48

  @Tedd404 As I've mentioned, the other side is managed by another team and ofcourse parameters are known and negotiated, however you still don't have a way to validate it. Debug log should tell exactly which Phase is failing and why (PSK or encryption or hash is mismatch)- i.e if Phase 1 is sucessful, than one can start troubleshooting Phase 2. Right now IPSec operations is a complete darkness

  0  
  0  
#5
Options
Re:IPSec server debug logs
2023-08-07 00:49:31

  @nsnidanko 

then there isn't. the only way to learn about this is to use wireshark and capture this. 

ScReW yOu gUyS. I aM GOinG hoMe. —————————————————————— For heaven's sake, can you write and describe your issue based on plain fact, common logic and a methodologic approach? Appreciate it.
  0  
  0  
#6
Options