Difference between revisions of "Regigate appliance tech"
Line 21: | Line 21: | ||
Change '''"logLevel"''' to be '''"verb"''' instead of '''"info"''' and save. Now restart rfmilter using | Change '''"logLevel"''' to be '''"verb"''' instead of '''"info"''' and save. Now restart rfmilter using | ||
− | $ svc -t /service/ | + | $ svc -t /service/rfmilter-1/ |
You can inspect the log now using: | You can inspect the log now using: |
Revision as of 17:07, 7 March 2017
Contents
Debugging regigate
Set regigate debug level in HA mode
$ vim /d1/etc/rfmilter/route-1/conf.json
Change "logLevel" to be "verb" instead of "info" and save. Now restart rfmilter using
$ svc -t /service/rfmilter1-1/
You can inspect the log now using:
$ tail -f /d1/log/rfmilter/debug-1.log
Please, don't forget to reset log level to "info" after you fixed your issues.
Set regigate debug level in normal mode
$ vim /etc/rfmilter/route-1/conf.json
Change "logLevel" to be "verb" instead of "info" and save. Now restart rfmilter using
$ svc -t /service/rfmilter-1/
You can inspect the log now using:
$ tail -f /var/log/rfmilter/debug-1.log
Please, don't forget to reset log level to "info" after you fixed your issues.
Test valid provider connection
There are several tests available for you:
$ curl -k https://regify.company.com:9001/ curl: (7) Failed connect to regify.company.com:9001; No route to host
The above result means, firewall not setup correctly or wrong regigate IP entered at provider, which equals firewall not set up.
$ curl -k https://regify.company.com:9001/ curl: (35) error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert
Above you can see an SSL handshake error because of certificate issue. Maybe the cert from regigate needs to get signed again by the regify provider.
As a final test for full functionality, you can do this (for HA mode, you have to replace /etc with /d1/etc):
$ curl -k --key /etc/rfmilter/route-1/client.key -E /etc/rfmilter/route-1/client.crt https://regify.company.com:9001/ {"status":"INVALID","code":2,"desc":"","version":"4.0.10.5814"}
The return of a valid JSON encoded string (even if it says invalid) points you to a working regigate connection.
Generic questions
I can't paste the signed certificate / the rules / user lists?
Please note the following hints in order to paste:
- If you paste the cert/rules/list and ctrl+d does not work, try pressing the enter key first and then ctrl.d.
- Be sure to copy directly from PuTTY to the browser window and back.
- Every intermediate software is not allowed to add other line-breaks. If you need to use an external editor in between, please make sure he is not adding or changing the line-breaks.