This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Highlighted
Nick_Doropoulos
Advisor
‎2019-03-26 03:19 AM

vpn debug off TDERROR_ALL_ALL=0

I recently noticed that when trying to turn off vpn debug off TDERROR_ALL_ALL=0 it doesn't really work (see screenshot attached).

 

The gateway is R80.10 and sks such as sk84561 definitely recommend the tried syntax. 

 

Has anybody seen this before?

 

Thanks.

 

 

Preview file
14 KB
0 Kudos
6 Replies
Highlighted
G_W_Albrecht
Champion
Champion
‎2019-03-26 03:33 AM

sk63560 - How to run complete VPN debug on Security Gateway to troubleshoot VPN issues? gives:

Enable VPND and IKE debug:

[Expert@HostName]# vpn debug trunc
[Expert@HostName]# vpn debug on TDERROR_ALL_ALL=5

---

Stop VPND and IKE debug:

[Expert@HostName]# vpn debug off
[Expert@HostName]# vpn debug ikeoff

0 Kudos
Highlighted
Nick_Doropoulos
Advisor
‎2019-03-26 03:41 AM

So would I be right to assume that vpn debug off TDERROR_ALL_ALL=0 is "discontinued" and that vpn debug off is to be used? sk89940 also refers to vpn debug off TDERROR_ALL_ALL=0 so unless my syntax is wrong or I'm missing a hotfix the documentation should be updated?

0 Kudos
Highlighted
Timothy_Hall
Champion
Champion
‎2019-03-26 04:31 AM

Anytime you invoke a debug command like this with TDERROR_ALL_ALL=5, you should always include TDERROR_ALL_ALL=0 when you turn it back off.  Failure to do so seems to still leave some extra debugging enabled, have noticed this effect with fwm in particular.

 

R80.40 addendum for book "Max Power 2020" now available
for free download at http://www.maxpowerfirewalls.com
0 Kudos
Highlighted
Nick_Doropoulos
Advisor
‎2019-03-26 04:34 AM

That's what I thought but it obviously didn't work for me so I was wondering whether I was doing something wrong or whether the said way of turning vpn debugging off is discontinued.

0 Kudos
Highlighted
Timothy_Hall
Champion
Champion
‎2019-03-26 04:40 AM

In your original post you said you were using "vpn debug off TDERROR_ALL_ALL=5" which is incorrect.  The SK you reference uses "vpn debug off TDERROR_ALL_ALL=0" which is correct.  Even after running this latter command, there will still be some slight debugging dumped into $FWDIR/log/vpnd.elg by default, even if debug has been properly disabled.

 

R80.40 addendum for book "Max Power 2020" now available
for free download at http://www.maxpowerfirewalls.com
0 Kudos
Highlighted
Nick_Doropoulos
Advisor
‎2019-03-26 04:43 AM

I think I mistyped the original question which I will rectify now but if you look at the screenshot attached you can see what I mean.

0 Kudos