Print Download PDF Send Feedback

Previous

Next

vpn debug

Description

Instructs the VPN daemon vpnd to write debug messages to the $FWDIR/log/vpnd.elg* and $FWDIR/log/ike.elg* log files.

Debugging of the VPN daemon takes place according to Debug Topics and Debug Levels:

For more information, see sk89940: How to debug VPND daemon.

Syntax

vpn debug

on [<Debug_Topic>=<Debug_Level>]

off

ikeon [-s <Size_in_MB>]

ikeoff

trunc [<Debug_Topic>=<Debug_Level>]

truncon [<Debug_Topic>=<Debug_Level>]

truncoff

timeon [<Seconds>]

timeoff

ikefail [-s <Size_in_MB>]

mon

moff

say ["String"]

tunnel [<Level>]

Parameters

Parameter

Description

No Parameters

Shows the built-in usage.

on

Turns on high level VPN debug.

Information is written in the $FWDIR/log/vpnd.elg* files.

<Debug_Topic>=<Debug_Level>

Specifies the Debug Topic and the Debug Level.

Best Practice - Run this command to start the debug:

vpn debug trunc ALL=5

off

Turns off all VPN debug.

Best Practice - Run one of these commands to stop the VPND debug:

  • vpn debug off
  • vpn debug truncoff

ikeon [-s <Size_in_MB>]

Turns on the IKE debug.

Information is written in the $FWDIR/log/ike.elg* files.

You can specify the size of the $FWDIR/log/ike.elg file, when to perform the log rotation (close the current active file, rename it, open a new active file).

ikeoff

Turns off IKE debug.

Run this command to stop the IKE debug:

vpn debug ikeoff

trunc

or

truncon

This command:

  1. Rotates the $FWDIR/log/vpnd.elg file
  2. Truncates the $FWDIR/log/ike.elg file
  3. Starts the VPND daemon debug
  4. Starts the IKE debug

Run this command to start the debug:

vpn debug trunc ALL=5

truncoff

Stops the VPND daemon debug.

Run one of these commands to stop the VPND debug:

  • vpn debug truncoff
  • vpn debug off

timeon [<Seconds>]

Enables the timestamp in the log files.

Prints one timestamp after the specified number of seconds.

By default, prints the timestamp every 10 seconds.

timeoff

Disables the timestamp in the log files every number of seconds.

ikefail [-s <Size_in_MB>]

Logs failed IKE negotiations.

You can specify the size of the $FWDIR/log/ike.elg file, when to perform the log rotation (close the current active file, rename it, open a new active file).

mon

Enables the IKE Monitor.

Saves the IKE packets in the $FWDIR/log/ikemonitor.snoop file.

Warning - The output file may contain user X-Auth passwords. Make sure the file is protected.

moff

Disables the IKE Monitor.

say "String"

Saves the specified text string in the $FWDIR/log/vpnd.elg file.

For example, run: vpn debug say "BEGIN TEST"

Notes:

  • Run this command after you start the VPN debug (with the vpn debug on, vpn debug trunc, or vpn debug truncon command).
  • The length of the string is limited to 255 characters.

tunnel [<Debug_Level>]

This command:

  1. Rotates the $FWDIR/log/vpnd.elg file
  2. Truncates the $FWDIR/log/ike.elg file
  3. Starts the VPND daemon debug with these two Debug Topics:

    tunnel

    ikev2

    If the <Debug_Level> is 2,3,4 or 5, then also enables this Debug Topic:

    CRLCache

  4. Starts the IKE debug

Return Values