Unfortunately, we are not aware of an IPSec system that issues easy-to-understand error messages to the user. Therefore, as soon as an error occurs within a VPN connection, you have to analyze the log files and deduce the error from them. In many cases, the actual error is only logged on one side of the connection, the other side only receives a general error message such as "INVALID_ID". For this reason, it is often necessary to analyze the log files of both sides.

In the Intra2net system, the log data for IPSec connections can be found in the "messages" log file (menu "Information > System > Logfiles") and is labeled by date and time along with the name of the VPN service. For strongSwan version 4, the name is "pluto" and for strongSwan version 6, it is "charon".

The version of strongSwan currently in use on a system can be viewed in the "Services > VPN > Settings" menu. You can also switch between versions there.

The location of the log files on other devices should be documented in the manual. Often, logging of IPSec events must first be enabled before data is actually collected.

The first step in analyzing an error is to determine which phase of the connection the error occurs in.