VPN Bug Report Windows
Contents
Introduction
This guide describes what information should be included when submitting a VPN Client for Windows bug report to the vpn-help mailing list. Please read this information carefully as the likelihood of getting a problem corrected is usually directly related to the quality of the bug report being submitted.
Describe Your Problem Clearly
Please describe the problem symptoms and the circumstance under which the problem occurs. It is also very important to note how the problem can be re-produced.
Include Your Client and Gateway Information
Please include your client and gateway information with each new problem report. The following information should be stated.
- VPN Client Version
- Windows OS Version
- Gateway Make/Model
- Gateway OS Version ( if known )
How to Include Debug Output if Requested
After posting your initial problem report to the vpn-help mailing list, we may request that you provide additional information. The Shrew Soft VPN Client has several options that can be enabled which produce valuable debug output. This information is often essential to help isolate and resolve a reported problem. To gather this information, perform the following steps.
Enable IKE Service Debug Output
To enable the IKE Service debug output, start the VPN Trace application using Administrative privileges and perform the following steps.
- Click the IKE Service Tab and Stop the Service
- Open the File Menu and Select Options
- Set the Log output level to debug
- Check the Enable packet dump of decrypted IKE traffic option ( if requested )
- Click the OK Button
- Click the IKE Service Tab and Start the Service
Reproduce Your Problem
While reproducing your problem, the VPN Client will capture the debug output for submission.
Copy IKE Service Debug Output Files
To make a copy of the IKE Service debug output, start the VPN Trace application using Administrative privileges and perform the following steps.
- Click the IKE Service Tab and Stop the Service
- Copy the following files from <VPN Client>\debug to a temporary directory
- iked.log
- dump-ike-decrypt.cap
Disable IKE Service Debug Output
To disable the IKE Service debug output, start the VPN Trace application using Administrative privileges and perform the following steps.
- Click the IKE Service Tab and Stop the Service
- Open the File Menu and Select Options
- Set the Log output level to none
- Uncheck the Enable packet dump of decrypted IKE traffic option
- Click the OK Button
- Click the IKE Service Tab and Start the Service
Archive the Debug Output
Use 7zip, Winzip or a similar utility to store the debug output files in a compressed archive. If you plan to post debug output to the vpn-help mailing list, please be sure to remove sensitive information from log files such as your gateway IP address. Alternately, you can send your archive attachment directly to your Shrew Soft contact in a separate email.
NOTE: Never post decrypted binary packet dump information to the mailing list. Also, never post log output using a level higher than debug. This output may include information that could be used to compromise the security of your gateway.
Example Bug Report
Problem: The VPN client fails to connect to my gateway when I have firmware version 3.7 installed. After clicking connect, the client reports it has received an invalid message from the gateway. Downgrading my gateway firmware to version 3.6 allows me to connect again. To Reproduce: Connect to any SuperEX 1510 VPN Gateway using firmware revision 3.7. VPN Client Version = 2.1.0 RC1 Windows OS Version = Windows XP SP2 Gateway Make/Model = SuperEX 1510 Gateway OS Version = 3.7 debug.zip [attachment] \iked.log dump-ike-decrypt.cap ( if requested )