Quick links:
Product Overview
Installation
Settings and Administration
ADSL
SIP Support
Telephone ports
Network
Firewall
Wireless
VPN
Misc
Licenses
Troubleshooting
This shows you the differences between two versions of the page.
web_gui:vpn_log_page [2010/11/19 10:32] mats |
web_gui:vpn_log_page [2010/11/22 10:09] (current) mats |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== VPN log ====== | ====== VPN log ====== | ||
- | The VPN log is a history of all IPSec events (messages) and is used for support issues. | + | The VPN log is a history of all [[:vpn:start|Virtual Private Network]] events (messages), in practise IPSec events, and is used for support issues. |
+ | It is visible only if VPN [[:license]] is installed into the unit. | ||
Each message has a timestamp, a source and a severity level. | Each message has a timestamp, a source and a severity level. | ||
- | Severity levels are: | + | Severity levels are (listed in decreasing severity): |
* Emergency | * Emergency | ||
* Alert | * Alert | ||
Line 13: | Line 14: | ||
* Info | * Info | ||
* Debug | * Debug | ||
- | :!: Debug messages are not logged by default. If support requests you, you have to enable logging of debug messages on the [[log configuration page]]. | + | :!: Debug messages are not logged by default. If support requests you, you have to enable logging of //debug// messages on the [[log configuration page#VPN Log|log configuration page]] (don't turn //debug// level on otherwise as it may lower the throughput speed). |
+ | |||
+ | It takes expert knowledge to fully interpret the log. Most of the messages (in green //info// mode) concerns the [[web_gui:vpn_status_page#Phase 1 (main or aggressive mode)|phase 1]] and [[web_gui:vpn_status_page#Phase 2|phase 2]] negotiations to establish the IPSec/IKE tunnels (security associations, see also [[web_gui:vpn_status_page|here]]). | ||
+ | The advanced user may get some clues from the log in case of a failed negotiation, also the [[web_gui:vpn_status_page|VPN status]] page should be examined. | ||
+ | For example, a [[web_gui:vpn_status_page#Phase 1 (main or aggressive mode)|phase 1]] negotiation must have been successfully finished before a [[web_gui:vpn_status_page#Phase 2|phase 2]] negotiation can take place, which may explain a message like "phase2 negotiation failed due to time up waiting for phase1". |