OPNsense Forum
Archive => 20.7 Legacy Series => Topic started by: danielm on August 28, 2020, 06:11:57 pm
-
Hello, I'm trying for the first time to set up an IPSec VPN for road warriors on Win 10 w/ IKEv2 EAP-TLS.
As expected, it doesn't just work outright, so I tried to get the debug log, but it's always empty!
I also tried setting all log settings to the highest possible, but it didn't help (level "highest")
Even though the IPSec server seems to respond to the connection attempts, because I don't just get connection errors, but authentication failure errors.
BTW, I'm having one system error popping up on opnsense, but IDK if it could be related to IPSec:
[28-Aug-2020 02:04:20 Europe/Berlin] ArgumentCountError: Too few arguments to function OPNsense\OpenVPN\Api\ExportController::accountsAction(), 0 passed and exactly 1 expected in /usr/local/opnsense/mvc/app/controllers/OPNsense/OpenVPN/Api/ExportController.php:204
Stack trace:
#0 [internal function]: OPNsense\OpenVPN\Api\ExportController->accountsAction()
#1 [internal function]: Phalcon\Dispatcher->callActionMethod(Object(OPNsense\OpenVPN\Api\ExportController), 'accountsAction', Array)
#2 [internal function]: Phalcon\Dispatcher->dispatch()
#3 /usr/local/opnsense/www/api.php(26): Phalcon\Mvc\Application->handle()
#4 {main}
From the error message it seems to come from openvpn, but I don't even use it - it's unconfigured and disabled.
Only thing I ever did was click through its menus to see whats going on there, but didn't change anything.
I think that's when the error might have started coming up on my install.
Can someone point me in the right direction what might be going wrong with the debug log?
-
Are you sure the strongswan daemon is up and running?
Even with basic debug some records should be (starting daemon, loading certs and secrets etc)
-
It says in the overview that the strongswan daemon is running (see image in attachments, idk how to make it visible in the post), but still no log entries (second picture).
Theres also the entries in the phases table that show its running (phases.png) and in the status table.
The interface is set to german language, but I think you can still see the interesting points in the picture.
Also, as I said I really think it is running because under Win 10, I get an error that the authentication wasn't successful, I researched and it said protocol parameter mismatch or invalid certificate, which should mean that the server IS responding (I also tried invalid names, which resulted in connection error)
-
sorry. yes, i saw that error is about auth but empty log made me think that some daemon crashed or not started.
and yes - syslog-ng is down (see pic.1)
and strongswan logs via syslog
restart syslog-ng (that thing loves to crash on 20.7 - 20.7.1)
-
Thank you, yes, syslog-ng is down, and in fact it can't start up.
I don't know when it was last up, but upon starting it just "crashes":
2020-08-29T07:19:35 kernel pid 11723 (syslog-ng), jid 0, uid 0: exited on signal 11 (core dumped)However, as you can also see, syslog-ng may be down, but syslogd is still running.
I thought syslog-ng was there for remote logging only, in which case I'd not be surprised it's not running since remote logging not being configured and not used on this system.
Are you sure syslog-ng is needed?
-
yep. needed indeed.
try to clear General and Backend logs. after that syslog-ng starts usually
-
Thank you!
I cleared the logs and syslog-ng started right up by itself, and now I can see entries in the IPSec log :)
BIG thumbs up from me, IDK how long it would've taken me to figure this out on my own! Probably forever!
So as I take it from you this bug is already known in the community, so it doesn't need to be reported anymore?
-
guys have already fixed it :
https://forum.opnsense.org/index.php?topic=18655.0
for now, just pay attention for syslog-ng status after logs clearing (sometimes crashes)
-
Okay then, so thanks again and let's hope for 20.7.2 soon, for me syslog-ng crashes very often