About cookies on this site Our websites require some cookies to function properly (required). In addition, other cookies may be used with your consent to analyze site usage, improve the user experience and for advertising. For more information, please review your options. By visiting our website, you agree to our processing of information as described in IBM’sprivacy statement. To provide a smooth navigation, your cookie preferences will be shared across the IBM web domains listed here.
Troubleshooting
Problem
Tunnel fails when your adding QRadar on Cloud data gateway to deployment and interface does not exist.
Resolving The Problem
- Check the recent entries in
/var/log/openvpn.logfor errors:less +G /var/log/openvpn.log - If the recent errors look similar to the following, it indicates the allowlisted public IP is not getting through the firewall and establishing a connection:
us=601809 Attempting to establish TCP connection with [AF_INET]y.y.y.y.y:443 [nonblock]This TCP connection error can be resolved by checking the public IP of your data gateway and allowlist. - If the recent errors look similar to the following, it indicates you are able to connect, but the VPN tunnel cannot be established:
us=601809 Attempting to establish TCP connection with [AF_INET]y.y.y.y.y:443 [nonblock] us=602264 TCP connection established with [AF_INET]y.y.y.y:443 us=602439 TCP_CLIENT link local: (not bound) us=602497 TCP_CLIENT link remote: [AF_INET]y.y.y.y:443 us=659543 Connection reset, restarting [0] us=659838 TCP/UDP: Closing socket us=660086 SIGUSR1[soft,connection-reset] received, process restartingThis error indicates the connection gets reset and the socket is closed before the VPN tunnel is established. It is important to note we do not send resets, we simply drop the traffic. Some firewalls block at an application level and further block connections even if TCP 443 is allowed. - Check the firewall at your site to ensure it is not filtering VPN.
- Once the VPN is allowed to connect and you get the correct output from
ifconfig tun0, rerun the host add script by using a slightly different command:/opt/qradar/bin/setup_qradar_host.py mh_setup interactive –r
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSKMKU","label":"IBM QRadar on Cloud"},"ARM Category":[{"code":"a8m0z000000cwtNAAQ","label":"Deployment"},{"code":"a8m0z000000cwszAAA","label":"Install"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
More support for:
IBM QRadar on Cloud
Component:
Deployment, Install
Software version:
All Versions
Document number:
6838833
Modified date:
11 November 2022
UID
ibm16838833
Manage My Notification Subscriptions