I am trying to debug a new IPSEC VPN on vyos 1.2. I can’t seem to get any logging why my phase 2 isn’t coming up. Log is basically empty.
I see a reference to another post from last December.
$ show log vpn all
Oct 12 23:20:36 localhost systemd[1]: Starting LSB: Cleans up pppoe peers files...
Oct 12 23:20:36 localhost systemd[1]: Started LSB: Cleans up pppoe peers files.
IPSEC:
vpn {
ipsec {
esp-group ESP-AES128-SHA1-LT3600 { ... }
ike-group IKE-AES128-SHA1-LT28800 { ... }
ipsec-interfaces {
interface eth0
}
logging {
log-level 2
}
nat-traversal enable
Firewall:
name OUTSIDE-LOCAL {
default-action drop
rule 10 {
action accept
state {
established enable
related enable
}
}
rule 20 {
action accept
icmp {
type-name echo-request
}
protocol icmp
state {
new enable
}
}
rule 30 {
action accept
destination {
port 22
}
protocol tcp
source {
group {
network-group LOGIN-IPS
}
}
state {
new enable
}
}
rule 40 {
action accept
ipsec {
match-ipsec
}
log enable
}
rule 50 {
action accept
destination {
port 500
}
log enable
protocol udp
state {
established enable
new enable
related enable
}
}
rule 60 {
action accept
destination {
port 4500
}
log enable
protocol udp
state {
established enable
new enable
related enable
}
}
rule 70 {
action accept
log enable
protocol esp
state {
established enable
new enable
related enable
}
}
}
I can see my IKE is up, but IPSEC never comes up. How can I get better logs?