Troubleshooting VPN with the VPN job logs

When you encounter problems with your VPN connections, it is always advisable to analyze the job logs. In fact, there are several job logs that contain error messages and other information related to a VPN environment.

It is important that you analyze job logs on both sides of the connection if both sides are IBM® i models. When a dynamic connection fails to start, it is helpful if you understand what is happening on the remote system.

The VPN jobs, QTOVMAN, QTOKVPNIKE, and QTOKVPNIK2, run in the subsystem QSYSWRK. You can view their respective job logs from IBM Navigator for i.

This section introduces the most important jobs for a VPN environment. The following list shows the job names with a brief explanation of what the job is used for:

QTCPIP

This job is the base job that starts all the TCP/IP interfaces. If you have fundamental problems with TCP/IP in general, analyze the QTCPIP job log.

QTOKVPNIKE

The QTOKVPNIKE job is the VPN key manager job. The VPN key manager listens to UDP port 500 to perform the Internet Key Exchange (IKE) protocol processing.

QTOKVPNIK2

The QTOKVPNIK2 job is the VPN key manager job for IKEv2. The VPN key manager listens to UDP port 500 to perform the Internet Key Exchange version 2 (IKEv2) protocol processing.

QTOVMAN

This job is the connection manager for VPN connections. The related job log contains messages for every connection attempt that fails.

QTPPANSxxx

This job is used for PPP dial-up connections. It answers to connection attempts where *ANS is defined in a PPP profile.

QTPPPCTL

This is a PPP job for dial-out connections.

QTPPPL2TP

This is the Layer Two Tunneling Protocol (L2TP) manager job. If you have problems setting up an L2TP tunnel, look for messages in this job log.