The VPN client includes a log facility which can be used to help resolve
connectivity issues. This facility has a few tunables that can be set via the
registry. Output is stored in a subdirectory of the client install directory named
debug. The log file output and debug options can now be accessed via the VPN
Trace application which is distributed with the client package.
The root registry key for settings ...
HKEY_LOCAL_MACHINE\SOFTWARE\ShrewSoft\vpn
Possible value names and thier purpose ...
DWORD dump-ike Provide a pcap dump of decrypted IKE packets
DWORD dump-pub Provide a pcap dump of public interface packets
DWORD dump-prv Provide a pcap dump of private interface packets
0 = disable
1 = enable
SZ logfile Log file name including the path
DWORD loglevel Log level
0 = None
1 = Errors only
2 = Informational
3 = Debug
4 = Text Decode
For any change in debug output to take effect, the Shrew Soft IPSEC Daemon
must be restarted via the VPN Trace Application, the Computer Management
Services applet or by typing the following commands at the console ...
net stop ipsecd
net start ipsecd
NOTE : Decrypted IKE packets may not accurately represent the correct time
stamp or IP header info. For example, the IP identity values will be incorrect.