Requesting Help and Reporting Bugs » History » Version 17

Tobias Brunner, 13.09.2018 10:15

1 11 Tobias Brunner
{{title(Requesting Help and Reporting Bugs)}}
2 1 Noel Kuntze
3 11 Tobias Brunner
h1. Requesting Help and Reporting Bugs
4 1 Noel Kuntze
5 11 Tobias Brunner
Before you request help or report bugs, please give the following items some consideration to avoid wasting your and our time and for optimizing the time it takes to find a solution.
6 1 Noel Kuntze
7 11 Tobias Brunner
If you are **new to strongSwan** please read [[IntroductionTostrongSwan|the introduction]].
8 11 Tobias Brunner
9 11 Tobias Brunner
If you look for **help regarding configuration**, base your configuration on [[UsableExamples|the usable examples]] first to avoid generic problems.
10 11 Tobias Brunner
11 14 Tobias Brunner
If you have problems with **traffic not reaching hosts via VPN**, read the documentation regarding [[ForwardingAndSplitTunneling|forwarding traffic, split-tunneling and MTU/MSS issues]].
12 14 Tobias Brunner
13 11 Tobias Brunner
If you are **reporting a security issue**, refer to [[FlawReporting|the dedicated security flaw reporting instructions]].
14 11 Tobias Brunner
15 11 Tobias Brunner
If you require help with **configuring special features of strongSwan**, look at [[UserDocumentation#HOWTOs|the how-tos for those features first]].
16 11 Tobias Brunner
17 11 Tobias Brunner
For other problems please follow these steps:
18 11 Tobias Brunner
19 11 Tobias Brunner
# Read the [[FAQ|Frequently Asked Questions (FAQ)]]
20 11 Tobias Brunner
# Read the manuals (i.e. the man pages that come with *your* version of strongSwan)
21 11 Tobias Brunner
  And make sure your version of the man page corresponds to strongSwan and not FreeS/WAN, Openswan or Libreswan.
22 1 Noel Kuntze
  The software that a man page belongs to is usually printed in the center top of the man page when it's initially opened.
23 1 Noel Kuntze
# Make sure you put the files into the right directories. On distributions that stem from RHEL, strongSwan configuration files are under @/etc/strongswan@.
24 11 Tobias Brunner
# If charon crashes, [[FAQ#strongSwan-crashes|try these things first]].
25 1 Noel Kuntze
# Make sure your version is up to date. A lot of actual bugs (not user error) are fixed in newer versions of strongSwan.
26 11 Tobias Brunner
# Search the bug tracker using the "search function": for keywords from the logs or
27 11 Tobias Brunner
  keywords that describe your issue. Make sure to include issues.
28 11 Tobias Brunner
# Search the "mailing list archives": You may also use your favorite search engine by restricting the results to (usually the syntax is
29 11 Tobias Brunner
# Now, you may ask for help. Please write issues and emails to the mailing lists in English only. Do not write your messages in any other language.
30 11 Tobias Brunner
  Please attach your complete config files (ipsec.conf, strongswan.conf, swanctl.conf etc.) and a complete log file showing the problem.
31 15 Noel Kuntze
  Please supply text files. Pictures are not useful. If the files are large (over 1 MB), please use a pastebin of your choice or host it somewhere
32 15 Noel Kuntze
 yourself. If you are told to provide the data in the IRC channel of strongSwan, then please use a pastebin and provide links to your pastes. Use different pastes for different data.
33 15 Noel Kuntze
34 11 Tobias Brunner
  We generally require the following from you:
35 11 Tobias Brunner
36 11 Tobias Brunner
  * The complete log from daemon start to the point where the problem occurs
37 12 Noel Kuntze
  * The complete configuration  (ipsec.conf or swanctl.conf, depending on what is used)
38 12 Noel Kuntze
  * The complete current status of the daemon (@ipsec statusall@ or @swanctl -L@ and @swanctl -l@)
39 12 Noel Kuntze
  * The complete firewall rules (output of @iptables-save@ and @ip6tables-save@ on Linux, analogously on other operating systems using the corresponding command(s))
40 11 Tobias Brunner
  * The complete routing table (output of @ip route show table all@ on Linux, analogously on other operating systems)
41 11 Tobias Brunner
  * The complete overview over all IP addresses (output of @ip address@ on Linux, analogously on other operating systems)
42 11 Tobias Brunner
43 17 Tobias Brunner
When you create a log file, use the following [[LoggerConfiguration|log settings]], unless we tell you otherwise.
44 17 Tobias Brunner
If you (or your distribution) use a Linux Security Module (LSM), like AppArmor, Selinux, YAMA or TOMOYO, you need to allow the IKE daemon (charon, charon-systemd etc.) to create and write to that file first, or disable the LSM for the time of the debugging. Obviously, allowing the daemon to create and write the file is preferred.
45 13 Noel Kuntze
46 1 Noel Kuntze
    filelog {
47 17 Tobias Brunner
            # since 5.7.0 the path to the log file has to be specified in a separate setting if it contains dots,
48 17 Tobias Brunner
            # use an arbitrary name without dots for the section instead of the one given here
49 13 Noel Kuntze
            /var/log/charon_debug.log {
50 17 Tobias Brunner
                    # this setting is required with 5.7.0 and newer if the path contains dots
51 17 Tobias Brunner
                    path = /var/log/charon_debug.log
52 17 Tobias Brunner
53 11 Tobias Brunner
                    time_format = %a, %Y-%m-%d %R
54 11 Tobias Brunner
                    default = 2
55 11 Tobias Brunner
                    mgr = 0
56 11 Tobias Brunner
                    net = 1
57 11 Tobias Brunner
                    enc = 1
58 11 Tobias Brunner
                    asn = 1
59 11 Tobias Brunner
                    job = 1
60 11 Tobias Brunner
                    ike_name = yes
61 11 Tobias Brunner
                    append = no
62 11 Tobias Brunner
                    flush_line = yes
63 11 Tobias Brunner
64 11 Tobias Brunner
65 1 Noel Kuntze