Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
AndréTinoco
Contributor
Contributor

IKE Debug on R81 and above

Hello CheckMates,

 

I came across this today and decided to share as I did not find any information anywhere else.

Even though skI4326 includes R81 and R81.10, ike.elg and ikev2.xml are not created by the debug commands as in the previous versions.

ike_debug.png

 

From version R81, the files that are created/populated are:

  • $FWDIR/log/legacy_ike.elg
  • $FWDIR/log/legacy_ikev2.xml

 

The debug methods remain the same.

 

Best regards,

André Tinoco

 

 

 

8 Replies
G_W_Albrecht
Legend Legend
Legend

I have given your findings as a feedback to sk34467, sk63560 and skI4326 !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
(1)
G_W_Albrecht
Legend Legend
Legend

skI4326 has been changed to include:

...

Starting from R81.10 version, the 'vpn debug' commands also trigger the debug output for the new daemons iked and cccd, if they are enabled (with the "vpn iked enable" and "vpn cccd enable" commands):

File Description VPND Log File IKED Log File CCCD Log File
Main debug output file $FWDIR/log/vpnd.elg $FWDIR/log/iked.elg $FWDIR/log/cccd.elg
IKEv1 output $FWDIR/log/legacy_ike.elg $FWDIR/log/ike.elg N / A
IKEv2 output $FWDIR/log/legacy_ikev2.xmll $FWDIR/log/ikev2.xmll N / A

 

Still no changes in sk34467 and sk63560

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
Danny
Champion Champion
Champion

Hmm. R81.10 introduces the new cccd daemon that also comes with a ccc alias to it.
I wonder if my awarded ccc script might cause an issue or if I can safely advice to install it as usual in /usr/bin/ccc, because after installation and re-login to expert mode ccc execution runs my script instead of cccd.

0 Kudos
Exonix
Advisor

Hello, I am trying to debug my VPN connection, but files are not being created. How can I fix this?

0 Kudos
AkosBakos
Leader Leader
Leader

Hi @Exonix 

Have you tried this tool? You can't spoil anything here.

https://community.checkpoint.com/t5/Scripts/Easy-VPN-Debug-Tool/m-p/89755

Akos

----------------
\m/_(>_<)_\m/
0 Kudos
Exonix
Advisor

Hello AkosBakos,

this script executes the built-in commands, but exactly with them i have a problem: the log files are not being created.

0 Kudos
AkosBakos
Leader Leader
Leader

Hi, 

Yes, it executes the same commands.  Whit this, you can avoid of the copy paste errors  🙂

Have you tried the same commands on a different gateway?

Akos

----------------
\m/_(>_<)_\m/
0 Kudos
the_rock
Legend
Legend

What is exact debug you ran? I always follow below steps and worked fine even in R82 lab.

Andy

vpn debug trunc

vpn debug ikeon

-generate some traffic

vpn debug ikeoff

Look for vpnd* and ike* files in $FWDIR/log dir

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events