Enable logging at the debug level on the Event Log Viewer.



To enable logging at the debug level, please check Enable debug logging on the Event Viewer tab of Web console.

When you want to always enable this, please add the log_level_debug setting on the Global Configuration tab of Web console.

- Global Configuration[Tab] > Global Settings[Tab]

  1. Click Add VPN's Settings button and show the Add a New Global Setting (VPN) dialog.

  2. Setting Name: Select log_level_debug.

  3. Setting Value: Enter 1 to enable the debug logging. When disabling it, please enter 0.

  4. Click OK button.

  5. Click Save Configuration button.

  6. Restart Rockhopper like this (Ubuntu):

    # sudo /etc/init.d/rockhopper restart
    or
    # sudo systemctl restart rockhopper


By default, encryption and authentication key values for IKE SAs and Child SAs, which are exchanged by IKEv2 between VPN peers, are not shown on the Event Viewer tab. By adding the dbg_log_keys_info and setting the value to 1, you can see them. To actually apply it, you need to restart Rockhopper.
This information is helpful when you want to see encrypted IKEv2 and ESP packets on a protocol analyzer like Wireshark (Edit > Preferences... > Preferences - Profile > Protocols > ISAKMP and ESP).

- Event Viewer [Tab]
Property Type Event ID Message Tag Value Name
IKEv2: Initiator's SPI 463 DBG_IKESA_GENERATED_KEY_VALUES_SK_EI SPI_I
IKEv2: Responder's SPI 463 DBG_IKESA_GENERATED_KEY_VALUES_SK_EI SPI_R
IKEv2: SK_ei 463 DBG_IKESA_GENERATED_KEY_VALUES_SK_EI ikesa->keys.sk_ei
IKEv2: SK_er 464 DBG_IKESA_GENERATED_KEY_VALUES_SK_ER ikesa->keys.sk_er
IKEv2: SK_ai 461 DBG_IKESA_GENERATED_KEY_VALUES_SK_AI ikesa->keys.sk_ai
IKEv2: SK_ar 462 DBG_IKESA_GENERATED_KEY_VALUES_SK_AR ikesa->keys.sk_ar
ESP: SPI (outbound) 452 DBG_CHILDSA_GENERATED_NEW_KEY_VALUES_ENC SPI_O
ESP: SPI (inbound) 452 DBG_CHILDSA_GENERATED_NEW_KEY_VALUES_ENC SPI_I
ESP: Encryption Key (outbound) 452 DBG_CHILDSA_GENERATED_NEW_KEY_VALUES_ENC childsa->keys.encr_enc_key
ESP: Decryption Key (inbound) 453 DBG_CHILDSA_GENERATED_NEW_KEY_VALUES_DEC childsa->keys.encr_dec_key
ESP: Integrity Key
(outbound) 		455 DBG_CHILDSA_GENERATED_NEW_KEY_VALUES_INTEG_OUTB childsa->keys.integ_outb_key
ESP: Integrity Key
(inbound) 		454 DBG_CHILDSA_GENERATED_NEW_KEY_VALUES_INTEG_INB childsa->keys.integ_inb_key

You can view the encryption algorithm and the integrity algorithm for the VPN connection on the Top tab.



Back to Top