Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 26 subscribers
  • Views 1573 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

VPN - IPSec Tunnel goes down and up frequently

Veera P

We have one XG 125 firewall in the US and one in India, the VPN Connection between both goes down and up every now and then 



This thread was automatically locked due to age.
Parents
  • FormerMember
    0 FormerMember

    Hi ,

    Thanks for reaching out, and welcome to the Sophos Community!

    Could you please provide the output of the following command from the Advanced Shell? 

    • grep -i "dead" /log/dgd.log

    SSH into the XG firewall by following this KBA: Sophos XG Firewall: How to SSH to the firewall using PuTTY utility

    • To connect using SSH, you may use any SSH client to connect to port 22 of the SFOS device.
    • Select option 5 Device Management.
    • Select option 3 Advanced Shell.

    You could also collect the strongswan logs in debugging if it's not an issue caused by the unstable gateway. 

      • To put the strongswan service in debugging, type the following command: service strongswan:debug -ds nosync
        • Output
          • SFVUNL_AZ01_SFOS 18.0.3 MR-3# service strongswan:debug -ds nosync
            200 OK
      • Run the following command to check the status of the service: service -S | grep strongswan
        • Output
          • SFVUNL_AZ01_SFOS 18.0.3 MR-3# service -S | grep strongswan
            strongswan RUNNING,DEBUG
      • Note: Run the same command to remove the service from the debug.
    • To check the live logs run the following command from Advanced Shell: tail -f /log/strongswan.log
    • The less command allows you to parse through the static log files. You can also match keywords within the logs by entering /<keyword or string>
      • less /log/strongswan.log
    • The grep command applies a search filter for the keyword within the logs.
      • grep ‘<Keyword/String>’ /log/strongswan.log 
      • You could filter logs with the tunnel name if there are multiple IPsec tunnels.

    Thanks,

Reply
  • FormerMember
    0 FormerMember

    Hi ,

    Thanks for reaching out, and welcome to the Sophos Community!

    Could you please provide the output of the following command from the Advanced Shell? 

    • grep -i "dead" /log/dgd.log

    SSH into the XG firewall by following this KBA: Sophos XG Firewall: How to SSH to the firewall using PuTTY utility

    • To connect using SSH, you may use any SSH client to connect to port 22 of the SFOS device.
    • Select option 5 Device Management.
    • Select option 3 Advanced Shell.

    You could also collect the strongswan logs in debugging if it's not an issue caused by the unstable gateway. 

      • To put the strongswan service in debugging, type the following command: service strongswan:debug -ds nosync
        • Output
          • SFVUNL_AZ01_SFOS 18.0.3 MR-3# service strongswan:debug -ds nosync
            200 OK
      • Run the following command to check the status of the service: service -S | grep strongswan
        • Output
          • SFVUNL_AZ01_SFOS 18.0.3 MR-3# service -S | grep strongswan
            strongswan RUNNING,DEBUG
      • Note: Run the same command to remove the service from the debug.
    • To check the live logs run the following command from Advanced Shell: tail -f /log/strongswan.log
    • The less command allows you to parse through the static log files. You can also match keywords within the logs by entering /<keyword or string>
      • less /log/strongswan.log
    • The grep command applies a search filter for the keyword within the logs.
      • grep ‘<Keyword/String>’ /log/strongswan.log 
      • You could filter logs with the tunnel name if there are multiple IPsec tunnels.

    Thanks,

Children
No Data