Please Read Before Posting! #196
Locked
tobiasbrunner
started this conversation in
General
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Before requesting help or asking questions, please give the following items some consideration to avoid wasting your and our time and for optimizing the time it takes to find a solution.
If you are new to strongSwan please read the introduction.
If you look for help regarding configuration, base your configuration on the quickstart examples first to avoid generic problems.
If you have problems with traffic not reaching hosts via VPN, read the documentation regarding forwarding traffic, split-tunneling and MTU/MSS issues.
If you require help with configuring special features of strongSwan, browse the Configuration, Features and Howtos sections in the documentation first.
Finding solutions for your problems effectively and efficiently
For other problems please follow these steps:
Make sure your version of the man pages correspond to strongSwan and not FreeS/WAN, Openswan or Libreswan.
The software that a man page belongs to is usually printed in the center top of the man page when it's initially opened.
/etc/strongswan
.Please attach your complete config files (ipsec.conf, strongswan.conf, swanctl.conf etc.) and a complete log file showing the problem.
Please supply text files. Pictures are not useful.
We generally require all of the following from you:
ipsec statusall
orswanctl -L
andswanctl -l
)iptables-save
andip6tables-save
on Linux, analogously on other operating systems using the corresponding command(s))ip route show table all
on Linux, analogously on other operating systems)ip address
on Linux, analogously on other operating systems)When you create a log file, use the log settings below, unless we tell you otherwise. If you (or your distribution) use a Linux Security Module (LSM), like AppArmor, Selinux, YAMA or TOMOYO, you need to allow the IKE daemon (charon, charon-systemd etc.) to create and write to that file first, or disable the LSM for the time of the debugging. Obviously, allowing the daemon to create and write the file is preferred.
Log Config Snippet
This snippet can be used as a template to configure more detailed logging.
strongswan >= 5.7.0
strongswan < 5.7.0
IMPORTANT: On Windows, use a different path from `/var/log/...` or `/tmp/`. Use, for example, just `charon.log`, which creates the file in the working directory of the process (if it is allowed to do so).
Beta Was this translation helpful? Give feedback.
All reactions