IPSec log very noisy with DPD entries filling up log in notime.

mrzaz

Running 2.2 RC, upgraded from 2.1.5

Feels like there should be a setting to set DPD logging to "Silent" as it is filling up the IPSec log in notime
rendering the internal 50 entries logfile pretty useless.

Dec 14 22:38:14 	charon: 12[ENC] parsed INFORMATIONAL_V1 request 3909045383 [ HASH N(DPD_ACK) ]
Dec 14 22:38:14 	charon: 12[NET] received packet: from x.x.x.142[500] to y.y.y.51[500] (108 bytes)
Dec 14 22:38:14 	charon: 12[NET] sending packet: from y.y.y.51[500] to x.x.x.142[500] (108 bytes)
Dec 14 22:38:14 	charon: 12[ENC] generating INFORMATIONAL_V1 request 1435593695 [ HASH N(DPD_ACK) ]
Dec 14 22:38:14 	charon: 12[ENC] parsed INFORMATIONAL_V1 request 3707901410 [ HASH N(DPD) ]
Dec 14 22:38:14 	charon: 12[NET] received packet: from x.x.x.142[500] to y.y.y.51[500] (108 bytes)
Dec 14 22:38:14 	charon: 14[NET] sending packet: from y.y.y.51[500] to x.x.x.142[500] (108 bytes)
Dec 14 22:38:14 	charon: 14[ENC] generating INFORMATIONAL_V1 request 2178405737 [ HASH N(DPD) ]
Dec 14 22:38:14 	charon: 14[IKE] sending DPD request
Dec 14 22:38:14 	charon: 14[IKE] <con3|55> sending DPD request
Dec 14 22:38:11 	charon: 14[NET] sending packet: from 2001:x:x:y::2[500] to 2001:x:x:x::2[500] (108 bytes)
Dec 14 22:38:11 	charon: 14[ENC] generating INFORMATIONAL_V1 request 2831055247 [ HASH N(DPD_ACK) ]
Dec 14 22:38:11 	charon: 14[ENC] parsed INFORMATIONAL_V1 request 3725588196 [ HASH N(DPD) ]
Dec 14 22:38:11 	charon: 14[NET] received packet: from 2001:x:x:x::2[500] to 2001:x:x:y::2[500] (108 bytes)
Dec 14 22:38:11 	charon: 14[ENC] parsed INFORMATIONAL_V1 request 3921281913 [ HASH N(DPD_ACK) ]
Dec 14 22:38:11 	charon: 14[NET] received packet: from 2001:x:x:x::2[500] to 2001:x:x:y::2[500] (108 bytes)
Dec 14 22:38:11 	charon: 14[NET] sending packet: from 2001:x:x:y::2[500] to 2001:x:x:x::2[500] (108 bytes)
Dec 14 22:38:11 	charon: 14[ENC] generating INFORMATIONAL_V1 request 2380266072 [ HASH N(DPD) ]
Dec 14 22:38:11 	charon: 14[IKE] sending DPD request
Dec 14 22:38:11 	charon: 14[IKE] <con2|48> sending DPD request
Dec 14 22:38:10 	charon: 14[NET] sending packet: from y.y.y.51[500] to x.x.x.130[500] (92 bytes)
Dec 14 22:38:10 	charon: 14[ENC] generating INFORMATIONAL_V1 request 3542310356 [ HASH N(DPD_ACK) ]
Dec 14 22:38:10 	charon: 14[ENC] parsed INFORMATIONAL_V1 request 3358983493 [ HASH N(DPD) ]
Dec 14 22:38:10 	charon: 14[NET] received packet: from x.x.x.130[500] to y.y.y.51[500] (84 bytes)
Dec 14 22:38:04 	charon: 15[NET] sending packet: from y.y.y.51[500] to x.x.x.142[500] (108 bytes)
Dec 14 22:38:04 	charon: 15[ENC] generating INFORMATIONAL_V1 request 1379051311 [ HASH N(DPD_ACK) ]
Dec 14 22:38:04 	charon: 15[ENC] parsed INFORMATIONAL_V1 request 2954687851 [ HASH N(DPD) ]</con2|48></con3|55>

Dan Lundqvist
MRZAZ.COM
Stockholm, Sweden

jimp

I think if you set "Message encoding" and "Networking" to silent that might cut it down. racoon used to log them also, but I think it only had two per instance (one where it received and one where it sent).

rubinho

I have same issue here.

Every 60 seconds 5 lines per tunnel.

All Loglevels set to silent.

very confusing :/

– Edit --

command back !

I set "IKE SA", "IKE Child SA", Networking and "Message encoding" from silent to audit (save Settings) and back to silent.

Now, the log is clean :)

jimp

Did you actually press Save on the log settings with them set to silent?

The "silent" setting just happens to be top of the list and if you didn't select anything before, it would appear to be set to silent when it may be set higher by default. That bit could use some better handling in the GUI.

rubinho

I have updated my first post

@jimp
thx

mrzaz

Seems like the current values seen in the IPSec Advanced screen (possible after upgrade) is not actual values.
I also tried to change some values and back to silent and then the log got quiet.

Does anyone know how to get similar default logging as in 2.1.5 with racoon ? 
A new good standard setting with moderate logging of the most important stuff would be nice.

The debug logging of Strongswan contains so many more areas and several options per area
so it is difficult to find an optimal level with enough "good" info but not too much.

Dan Lundqvist
MRZAZ.COM
Stockholm, Sweden