Project

General

Profile

Requesting Help and Reporting Bugs » History » Version 18

Noel Kuntze, 06.10.2018 13:56
Explicit seperate logger configuration snippets per strongSwan version, put emphasis on certain parts and make the list of items stand out (easier to read over)

1 11 Tobias Brunner
{{title(Requesting Help and Reporting Bugs)}}
2 1 Noel Kuntze
3 11 Tobias Brunner
h1. Requesting Help and Reporting Bugs
4 1 Noel Kuntze
5 11 Tobias Brunner
Before you request help or report bugs, please give the following items some consideration to avoid wasting your and our time and for optimizing the time it takes to find a solution.
6 1 Noel Kuntze
7 11 Tobias Brunner
If you are **new to strongSwan** please read [[IntroductionTostrongSwan|the introduction]].
8 11 Tobias Brunner
9 11 Tobias Brunner
If you look for **help regarding configuration**, base your configuration on [[UsableExamples|the usable examples]] first to avoid generic problems.
10 11 Tobias Brunner
11 14 Tobias Brunner
If you have problems with **traffic not reaching hosts via VPN**, read the documentation regarding [[ForwardingAndSplitTunneling|forwarding traffic, split-tunneling and MTU/MSS issues]].
12 14 Tobias Brunner
13 11 Tobias Brunner
If you are **reporting a security issue**, refer to [[FlawReporting|the dedicated security flaw reporting instructions]].
14 11 Tobias Brunner
15 11 Tobias Brunner
If you require help with **configuring special features of strongSwan**, look at [[UserDocumentation#HOWTOs|the how-tos for those features first]].
16 11 Tobias Brunner
17 11 Tobias Brunner
For other problems please follow these steps:
18 11 Tobias Brunner
19 11 Tobias Brunner
# Read the [[FAQ|Frequently Asked Questions (FAQ)]]
20 11 Tobias Brunner
# Read the manuals (i.e. the man pages that come with *your* version of strongSwan)
21 11 Tobias Brunner
  And make sure your version of the man page corresponds to strongSwan and not FreeS/WAN, Openswan or Libreswan.
22 1 Noel Kuntze
  The software that a man page belongs to is usually printed in the center top of the man page when it's initially opened.
23 1 Noel Kuntze
# Make sure you put the files into the right directories. On distributions that stem from RHEL, strongSwan configuration files are under @/etc/strongswan@.
24 11 Tobias Brunner
# If charon crashes, [[FAQ#strongSwan-crashes|try these things first]].
25 1 Noel Kuntze
# Make sure your version is up to date. A lot of actual bugs (not user error) are fixed in newer versions of strongSwan.
26 11 Tobias Brunner
# Search the bug tracker using the "search function":https://wiki.strongswan.org/projects/strongswan/search for keywords from the logs or
27 11 Tobias Brunner
  keywords that describe your issue. Make sure to include issues.
28 11 Tobias Brunner
# Search the "mailing list archives":https://www.strongswan.org/support.html. You may also use your favorite search engine by restricting the results to lists.strongswan.org (usually the syntax is @site:lists.strongswan.org@).
29 11 Tobias Brunner
# Now, you may ask for help. Please write issues and emails to the mailing lists in English only. Do not write your messages in any other language.
30 11 Tobias Brunner
  Please attach your complete config files (ipsec.conf, strongswan.conf, swanctl.conf etc.) and a complete log file showing the problem.
31 15 Noel Kuntze
  Please supply text files. Pictures are not useful. If the files are large (over 1 MB), please use a pastebin of your choice or host it somewhere
32 15 Noel Kuntze
 yourself. If you are told to provide the data in the IRC channel of strongSwan, then please use a pastebin and provide links to your pastes. Use different pastes for different data.
33 15 Noel Kuntze
34 18 Noel Kuntze
  We generally require *all* of the following from you:
35 11 Tobias Brunner
36 18 Noel Kuntze
  * The *complete log* from daemon start to the point where the problem occurs
37 18 Noel Kuntze
  * The *complete configuration*  (ipsec.conf or swanctl.conf, depending on which configuration backend you are using)
38 18 Noel Kuntze
  * The *complete current status* of the daemon (@ipsec statusall@ or @swanctl -L@ and @swanctl -l@)
39 18 Noel Kuntze
  * The *complete firewall rules* (output of *@iptables-save@ and @ip6tables-save@* on Linux, analogously on other operating systems using the corresponding command(s))
40 18 Noel Kuntze
  * The *complete contents of all routing tables* (output of @ip route show table all@ on Linux, analogously on other operating systems)
41 18 Noel Kuntze
  * The *complete overview over all IP addresses* (output of @ip address@ on Linux, analogously on other operating systems)
42 1 Noel Kuntze
43 18 Noel Kuntze
When you create a log file, *use the following [[LoggerConfiguration|log settings]], unless we tell you otherwise.*
44 1 Noel Kuntze
If you (or your distribution) use a Linux Security Module (LSM), like AppArmor, Selinux, YAMA or TOMOYO, you need to allow the IKE daemon (charon, charon-systemd etc.) to create and write to that file first, or disable the LSM for the time of the debugging. Obviously, allowing the daemon to create and write the file is preferred.
45 18 Noel Kuntze
46 18 Noel Kuntze
Use the following snippet for *strongswan < 5.7.0*
47 1 Noel Kuntze
  <pre>
48 1 Noel Kuntze
    filelog {
49 18 Noel Kuntze
            /var/log/charon_debug.log {
50 18 Noel Kuntze
                    time_format = %a, %Y-%m-%d %R
51 18 Noel Kuntze
                    default = 2
52 18 Noel Kuntze
                    mgr = 0
53 18 Noel Kuntze
                    net = 1
54 18 Noel Kuntze
                    enc = 1
55 18 Noel Kuntze
                    asn = 1
56 18 Noel Kuntze
                    job = 1
57 18 Noel Kuntze
                    ike_name = yes
58 18 Noel Kuntze
                    append = no
59 18 Noel Kuntze
                    flush_line = yes
60 18 Noel Kuntze
            }
61 18 Noel Kuntze
    }
62 18 Noel Kuntze
</pre>
63 18 Noel Kuntze
64 18 Noel Kuntze
Use the following snippet for *strongswan >= 5.7.0*
65 18 Noel Kuntze
  <pre>
66 18 Noel Kuntze
    filelog {
67 17 Tobias Brunner
            # since 5.7.0 the path to the log file has to be specified in a separate setting if it contains dots,
68 17 Tobias Brunner
            # use an arbitrary name without dots for the section instead of the one given here
69 18 Noel Kuntze
            charon-debug-log {
70 17 Tobias Brunner
                    # this setting is required with 5.7.0 and newer if the path contains dots
71 17 Tobias Brunner
                    path = /var/log/charon_debug.log
72 17 Tobias Brunner
73 11 Tobias Brunner
                    time_format = %a, %Y-%m-%d %R
74 11 Tobias Brunner
                    default = 2
75 11 Tobias Brunner
                    mgr = 0
76 11 Tobias Brunner
                    net = 1
77 11 Tobias Brunner
                    enc = 1
78 11 Tobias Brunner
                    asn = 1
79 11 Tobias Brunner
                    job = 1
80 11 Tobias Brunner
                    ike_name = yes
81 11 Tobias Brunner
                    append = no
82 11 Tobias Brunner
                    flush_line = yes
83 11 Tobias Brunner
            }
84 11 Tobias Brunner
    }
85 1 Noel Kuntze
</pre>