Project

General

Profile

Requesting Help and Reporting Bugs

Before you request help or report bugs, please give the following items some consideration to avoid wasting your and our time and for optimizing the time it takes to find a solution.

If you are new to strongSwan please read the introduction.

If you look for help regarding configuration, base your configuration on the usable examples first to avoid generic problems.

If you have problems with traffic not reaching hosts via VPN, read the documentation regarding forwarding traffic, split-tunneling and MTU/MSS issues.

If you are reporting a security issue, refer to the dedicated security flaw reporting instructions.

If you require help with configuring special features of strongSwan, look at the how-tos for those features first.

For other problems please follow these steps:

  1. Read the Frequently Asked Questions (FAQ)
  2. Read the manuals (i.e. the man pages that come with your version of strongSwan)
    And make sure your version of the man page corresponds to strongSwan and not FreeS/WAN, Openswan or Libreswan.
    The software that a man page belongs to is usually printed in the center top of the man page when it's initially opened.
  3. Make sure you put the files into the right directories. On distributions that stem from RHEL, strongSwan configuration files are under /etc/strongswan.
  4. If charon crashes, try these things first.
  5. Make sure your version is up to date. A lot of actual bugs (not user error) are fixed in newer versions of strongSwan.
  6. Search the bug tracker using the search function for keywords from the logs or
    keywords that describe your issue. Make sure to include issues.
  7. Search the mailing list archives. You may also use your favorite search engine by restricting the results to lists.strongswan.org (usually the syntax is site:lists.strongswan.org).
  8. Now, you may ask for help. Please write issues and emails to the mailing lists in English only. Do not write your messages in any other language.
    Please attach your complete config files (ipsec.conf, strongswan.conf, swanctl.conf etc.) and a complete log file showing the problem.
    Please supply text files. Pictures are not useful.
    We generally require the following from you:
    • The complete log from daemon start to the point where the problem occurs
    • The complete configuration (ipsec.conf or swanctl.conf, depending on what is used)
    • The complete current status of the daemon (ipsec statusall or swanctl -L and swanctl -l)
    • The complete firewall rules (output of iptables-save and ip6tables-save on Linux, analogously on other operating systems using the corresponding command(s))
    • The complete routing table (output of ip route show table all on Linux, analogously on other operating systems)
    • The complete overview over all IP addresses (output of ip address on Linux, analogously on other operating systems)

    When you create the log file, use the following log settings, unless we tell you otherwise.
    If you (or your distribution) use a Linux Security Module (LSM), like AppArmor, Selinux, YAMA or TOMOYO, you need to allow
    charon to create and write to that file first, or disable the LSM for the time of the debugging. Obviously, allowing
    charon to create and write the file is preferred.

        filelog {
                /var/log/charon_debug.log {
                        time_format = %a, %Y-%m-%d %R
                        default = 2
                        mgr = 0
                        net = 1
                        enc = 1
                        asn = 1
                        job = 1
                        knl = 1
                        ike_name = yes
                        append = no
                        flush_line = yes
                }
        }