57. Chapter - Error Diagnosis

57.1. Reading Logs

Unfortunately, we are not aware of an IPSec system that issues easy-to-understand error messages to the user. Therefore, as soon as an error occurs within a VPN connection, you have to analyze the log files and deduce the error from them. In many cases, the actual error is only logged on one side of the connection, the other side only receives a general error message such as "INVALID_ID". For this reason, it is often necessary to analyze the log files of both sides.

On the Intra2net system, the log data of the IPSec connections can be found in the messages log file (Information > System > Logfiles) and are marked by date and time with "pluto". Where to find the log files on other devices should be documented in their manual. Often, logging of IPSec events must also be activated before data is actually collected.

The first step in analyzing an error is to determine which phase of the connection the error occurs in.