This article is part of a series of 4 where I am talking about how to setup site-2-site VPN between on-premises and Azure using Tomato Shibby Mod, Entware-ng and Strongswan. For a better understanding please make sure you read also the other parts:<\/em><\/p>\n <\/p>\n <\/p>\n In case the site-2-site connection fails there are two log files that can be checked to identify the cause (Azure VPN gateway logs and stronSwan logs).<\/p>\n <\/p>\n The strongSwan log file location is defined in the strongswan.conf file. Below is an example of strongswan.conf who will make strongSwan to log into \/opt\/tmp\/charon.log<\/em> enough details about what’s going wrong with the VPN connection. After modifying strongswan.conf make sure you stop and start stongSwan.<\/p>\n <\/p>\n <\/p>\n With a bit of Powershell is possible to look also into the Azure VPN gateway logs.<\/p>\n <\/p>\n","protected":false},"excerpt":{"rendered":" This article is part of a series of 4 where I am talking about how to setup site-2-site VPN between on-premises and Azure using Tomato Shibby Mod, Entware-ng and Strongswan. For a better understanding please make sure you read also the other parts: Install and configure Entware-ng + strongSwan on your router. Configure and perform … Continue reading On-Premises Site 2 Site VPN with Azure using Tomato Shibby Mod (Entware-ng and Strongswan setup) – part 4<\/span> \n
Troubleshooting Azure site-2-site VPN and strongSwan<\/h1>\n
strongSwan logging<\/h2>\n
\nnano \/opt\/etc\/strongswan.conf<\/span><\/p>\n\r\n# strongswan.conf - strongSwan configuration file\r\n#\r\n# Refer to the strongswan.conf(5) manpage for details\r\n#\r\n# Configuration changes should be made in the included files\r\n# Verbosity levels\r\n# -1: Absolutely silent\r\n# 0: Very basic auditing logs, (e.g. SA up\/SA down)\r\n# 1: Generic control flow with errors, a good default to see whats going on\r\n# 2: More detailed debugging control flow\r\n# 3: Including RAW data dumps in Hex\r\n# 4: Also include sensitive material in dumps, e.g. keys\r\n\r\ncharon {\r\n load_modular = yes\r\n plugins {\r\n include strongswan.d\/charon\/*.conf\r\n }\r\n filelog {\r\n charon {\r\n path = \/opt\/tmp\/charon.log\r\n time_format = %b %e %T\r\n append = no\r\n default = 2 # in case troubleshoot is required switch this to 2\r\n }\r\n stderr {\r\n ike = 2 # in case troubleshoot is required switch this to 2\r\n knl = 3 # in case troubleshoot is required switch this to 3\r\n ike_name = yes\r\n }\r\n }\r\n syslog {\r\n # enable logging to LOG_DAEMON, use defaults\r\n daemon {\r\n }\r\n # minimalistic IKE auditing logging to LOG_AUTHPRIV\r\n auth {\r\n default = 2 # in case troubleshoot is required switch this to 2\r\n ike = 2 # in case troubleshoot is required switch this to 2\r\n }\r\n }\r\n}\r\n\r\ninclude strongswan.d\/*.conf\r\n<\/pre>\nAzure VPN gateway logging<\/h2>\n
\r\nAdd-AzureAccount\r\nGet-AzureSubscription\r\n$subscriptionName = '<YOUR SUBSCRIPTION NAME>'\r\n$storageAccountName='<YOUR STORAGE ACCOUNT NAME>'\r\n$azureVNet='<YOUR AZURE NETWORK NAME>'\r\n$captureDuration=300\r\nSet-AzureSubscription -SubscriptionName $subscriptionName -CurrentStorageAccountName $storageAccountName\r\n$storageAccountKey=(Get-AzureStorageKey -StorageAccountName $storageAccountName).Primary\r\n$storageContext=New-AzureStorageContext -StorageAccountName $storageAccountName -StorageAccountKey $storageAccountKey\r\nStart-AzureVNetGatewayDiagnostics -VNetName $azureVNet -StorageContext $storageContext -CaptureDurationInSeconds $captureDuration\r\nStart-Sleep -s $captureDuration\r\n$logURL=(Get-AzureVNetGatewayDiagnostics -VNetName $azureVNet).DiagnosticsUrl\r\n$logContent=(Invoke-WebRequest -Uri $logURL).RawContent\r\n$logContent | Out-File -FilePath C:\\vpn.log\r\n<\/pre>\n