Debug Information

Previous  Next

---

The VPN client includes a log facility which can be used to help resolve connectivity issues. This facility has a few tunables that can be set via the registry. Output is stored in a subdirectory of the client install directory named debug. The log file output and debug options can now be accessed via the VPN Trace application which is distributed with the client package.

The root registry key for settings ...

HKEY_LOCAL_MACHINE\SOFTWARE\ShrewSoft\vpn

Possible value names and thier purpose ...

DWORD    dump-ike    Provide a pcap dump of decrypted IKE packets

DWORD    dump-pub    Provide a pcap dump of public interface packets

DWORD    dump-prv    Provide a pcap dump of private interface packets

    0 = disable

    1 = enable

SZ        logfile        Log file name including the path

DWORD    loglevel    Log level

    0 = None

    1 = Errors only

    2 = Informational

    3 = Debug

    4 = Text Decode

For any change in debug output to take effect, the Shrew Soft IPSEC Daemon must be restarted via the VPN Trace Application, the Computer Management Services applet or by typing the following commands at the console ...

net stop ipsecd

net start ipsecd

NOTE : Decrypted IKE packets may not accurately represent the correct time stamp or IP header info. For example, the IP identity values will be incorrect.