The VPN Logs tab gives administrators visibility into IPSec tunnel negotiation events for DHCP-based tunnels. Use it to quickly diagnose connectivity issues, verify that tunnels are establishing correctly, and support audit or compliance requirements.
Accessing VPN logs
- Log in to the Cloudi-Fi admin console.
- In the left-hand navigation, click Networks
- Click the VPN Logs tab in the navigation bar
By default, the log view shows events from the last hour. Use the Event time filter to adjust the time range if you need to look further back.
Understanding the Log Table
Each row in the VPN Logs table represents a single IPSec tunnel event. The columns are described below.
| Column | Description |
| Event time | Date and time the event was recorded, displayed in your local timezone. |
| Session ID | Unique numeric identifier for the IKE session. Useful when correlating multiple events belonging to the same tunnel negotiation. |
| Location | The Cloudi-Fi location (network site) where the event occurred. |
| VPN credential | The user or device credential (typically an email address) associated with the tunnel. |
| Severity | Outcome indicator for the event. See Severity levels below. |
| Event reason | The specific action or outcome that triggered the log entry. See Event reasons below. |
| Node | The Cloudi-Fi infrastructure node that handled the tunnel negotiation |
Severity Levels
The Severity column indicates whether the event completed successfully or encountered a problem.
| Severity | Meaning |
| Success | The event completed without errors. The tunnel was established or the operation concluded as expected. |
| Error | The event failed. Review the Event reason column for details on what went wrong. |
| N/A | Severity does not apply to this event type (for example, informational lifecycle events such as SA closed or Delete received). |
Event Reasons
The Event reason column describes the specific IPSec/IKE event that was logged.
| Event reason | Description |
| SA established | An IPSec Security Association (SA) was successfully negotiated and the tunnel is active. |
| IKE initialization | The IKE (Internet Key Exchange) handshake process was initiated between the client and the Cloudi-Fi node. |
| Preshared key mismatch | Authentication failed because the preshared key provided by the client does not match the key configured on the server. This is a common cause of tunnel failures — verify that the VPN credential's preshared key is correct on both sides. |
| Rekeying | The existing Security Association is being renegotiated to refresh encryption keys. This is a normal, automatic process and does not indicate an error. |
| Retransmit | A packet was retransmitted because no response was received within the expected timeframe. Occasional retransmits are normal; repeated retransmits may indicate network instability. |
| Delete sent | A Delete payload was sent to the peer to terminate the Security Association. This typically occurs on a clean disconnect. |
| Delete received | A Delete payload was received from the peer, indicating that the remote side has closed the Security Association. |
| SA closed | The Security Association has been closed and the tunnel is no longer active. |
Filtering Logs
Use the Filters at the top of the VPN Logs tab to narrow down the events displayed. You can filter by any combination of the following criteria:
- Event time — Restrict results to a specific date and time range.
- Location — Show events for one or more network sites.
- VPN credential — Filter by a specific user or device credential.
- Severity — Show only Success, Error, or N/A events.
- Event reason — Select one or more specific event types (e.g., show only Preshared key mismatch and IKE initialization events).
- Node — Filter by the infrastructure node that handled the event.
Active filters are shown as removable tags directly below the search bar. Click it to edit them or click × on any tag to remove that filter.
Common Issues and Next Steps
Repeated "Preshared key mismatch" errors
This is the most common cause of VPN tunnel failures. The preshared key configured on the client device does not match the key stored in Cloudi-Fi. To resolve:
- Navigate to the DHCP section of the admin console and verify or regenerate the preshared key for your tunnel.
- Ensure the client device has been updated with the correct key.
- After updating, rebounce the tunnel and check the logs for an SA established event.
Tunnel establishes then disconnects shortly after
Look for a sequence of SA established → Delete received or SA closed events within a short time window. This may indicate a client-side timeout, a network interruption, or a mismatch in IKE lifetime settings. Check for Retransmit events preceding the closure as a sign of network instability.
No events appearing for a credential
If an admin reports that the VPN is not connecting but no events appear in the logs, the tunnel negotiation is not reaching the Cloudi-Fi node. Verify that the client is configured to connect to the correct gateway address and that there are no firewall rules blocking IKE traffic (UDP port 500 and 4500).