- CheckMates
- :
- Products
- :
- Quantum
- :
- Security Gateways
- :
- IKE Debug on R81 and above
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Are you a member of CheckMates?
×- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
IKE Debug on R81 and above
Hello CheckMates,
I came across this today and decided to share as I did not find any information anywhere else.
Even though skI4326 includes R81 and R81.10, ike.elg and ikev2.xml are not created by the debug commands as in the previous versions.
From version R81, the files that are created/populated are:
- $FWDIR/log/legacy_ike.elg
- $FWDIR/log/legacy_ikev2.xml
The debug methods remain the same.
Best regards,
André Tinoco
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have given your findings as a feedback to sk34467, sk63560 and skI4326 !
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
skI4326 has been changed to include:
...
Starting from R81.10 version, the 'vpn debug
' commands also trigger the debug output for the new daemons iked and cccd, if they are enabled (with the "vpn iked enable
" and "vpn cccd enable
" commands):
File Description | VPND Log File | IKED Log File | CCCD Log File |
Main debug output file | $FWDIR/log/vpnd.elg | $FWDIR/log/iked.elg | $FWDIR/log/cccd.elg |
IKEv1 output | $FWDIR/log/legacy_ike.elg | $FWDIR/log/ike.elg | N / A |
IKEv2 output | $FWDIR/log/legacy_ikev2.xmll | $FWDIR/log/ikev2.xmll | N / A |
Still no changes in sk34467 and sk63560
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hmm. R81.10 introduces the new cccd daemon that also comes with a ccc alias to it.
I wonder if my awarded ccc script might cause an issue or if I can safely advice to install it as usual in /usr/bin/ccc, because after installation and re-login to expert mode ccc execution runs my script instead of cccd.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello, I am trying to debug my VPN connection, but files are not being created. How can I fix this?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Exonix
Have you tried this tool? You can't spoil anything here.
https://community.checkpoint.com/t5/Scripts/Easy-VPN-Debug-Tool/m-p/89755
Akos
\m/_(>_<)_\m/
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello AkosBakos,
this script executes the built-in commands, but exactly with them i have a problem: the log files are not being created.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Yes, it executes the same commands. Whit this, you can avoid of the copy paste errors 🙂
Have you tried the same commands on a different gateway?
Akos
\m/_(>_<)_\m/
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What is exact debug you ran? I always follow below steps and worked fine even in R82 lab.
Andy
vpn debug trunc
vpn debug ikeon
-generate some traffic
vpn debug ikeoff
Look for vpnd* and ike* files in $FWDIR/log dir