Log in

Sangfor Support Center

Table of Contents
< All Topics
Print

[BBC] BBC device fails to send Auto VPN configuration to AF

Posted
Updated
Byadmin
Views3

Problem Description

The customer's headquarters has BBC, the headquarters has WOC equipment, and the branches have both WOC equipment and AF equipment. Atuo VPN related configurations were distributed between the headquarters and branches through BBC devices. It was found that the AF devices failed to connect to the VPN normally, and the VPN related configurations could not be distributed normally.

Warning Information

Both BBC and AF devices have the following error: The device did not report a legal configuration, resulting in the inability to send the configuration

Effective troubleshooting steps

  1. For this type of problem, first check the BBC error, and then go to the branch AF device to check the BBC module log. Combining the BBC error report and AF log, it can be preliminarily determined that this problem is caused by the AF device failing to report the configuration to the BBC normally, resulting in an abnormality in the BBC sending the configuration to the AF.

  2. Try to manually report the AF device on BBC, but the report fails.

  3. Try to use wget or curl in the AF background to obtain the link that reports the configuration failure. The execution is as follows: either the connection fails or an unknown parameter error is reported.



4. Consult with R&D colleagues, who suggest first confirming the existence of the process reported by the VPN configuration by running ps aux | grep rest_gate. It is found that this process does not exist for this AF device, as shown in the following figure: (For normal process conditions, please refer to the following troubleshooting steps)


5. [High-risk operation] This operation will restart VPN and BBC-VPN related processes. Please find an expert to assess the impact first.

Restart /etc/init.d/sfvpn-mon restart (AF device VPN related process restart) and /etc/init.d/vpnbbc-mon restart (BBC reporting, sending VPN process restart). After restarting the process, the rest_gate.lua process is normal.

  1. Re-download the VPN configuration from BBC. The download is successful and the problem is solved.

Root cause

The process rest_gate.lua for BBC to send and report VPN configuration on AF devices did not start. It returned to normal after being manually started.

solution

/etc/init.d/vpnbbc-mon restart Manually start the AF device BBC reporting and VPN sending process

Suggestions and Conclusion

  1. If you encounter an abnormal BBC configuration, first check the small circle on the BBC to see what the configuration details are.

  2. Check the log file /sf/log/today/sfvt_bbccfgmngsrv.log configured and sent on BBC to see if there is any error in the operation log sent at the corresponding time point in the log.

  3. Check the BBC module log of the branch device to see if there is any abnormality

  4. /etc/init.d/sfvpn-mon restart (AF device VPN related processes) and /etc/init.d/vpnbbc-mon restart (BBC reporting and sending VPN processes)

Original Link

https://support.sangfor.com.cn/cases/list?product_id=63&type=1&category_id=19742&isOpen=true