Feature request: a LISA ("Log Interpretation System & Action") to make live easier :)
I am new to the whole VPN thing and it took me a day to get my first IPsec VPN up and running, so many little things, so many log files.
But I am wondering, why do we need those written troubleshooting pages, why are we slaves to the endless log files?
Feature request: a LISA (Log Interpretation System & Action)
Marketing speak: "The LISA (Log Interpretation System & Action) is a brand new feature of pfSense, it abstracts log files, filters relevant information, presents it to the user with context, recommendations and actions".
Some examples of LISA when a user is trying to set up and connect an IPsec VPN:
"pfSense can not connect to the remote gateway IP address (18.104.22.168). Please ensure 1) the IP address (22.214.171.124) is correct, 2) you enabled the relevant in-coming and outgoing connections in the firewall <Click here to automatically create the rules>, 3) the remote gateway has enabled your IP in their firewall"
"pfSense discovered a NO_PROPOSAL_CHOSEN error. Please make sure both sides of the VPN share a common hash algorithm for IPsec Phase 1. You enabled "SHA256", the remote side only "SHA1".
"pfSense discovered an AUTHENTICATION_FAILED error. Please make sure your PSK ("Pre-Shared Key") of IPsec Phase 1 are identical with the remote side."
"pfSense discovered a INVALID_ID_INFORMATION error. Please ensure your network settings in IPsec Phase 2 (Local: 126.96.36.199, Remote:188.8.131.52/16) are identical with the remote side."
"pfSense discovered the remote IPsec internal IP is not reachable. Please ensure the firewall for IPsec is configured accordingly. <Click here to enable any connection on the IPsec network for testing>"
Just some food for thought, open for discussion. I started with LIS, now it became LISA