Skip to main content
onderoglu
onderoglu
New Member
December 5, 2025
Solved

Internet problems with work group users after LDAP integration

  • December 5, 2025
  • 3 replies
  • 629 views

Hi,

I have 2 firewall rules, if the computer is in "open group", there is no problem, They are working with rule 94. But a computer that is not in the group cannot use rule 95. If I disable rule 94, everyone is working.

I don't have this problem with my other firewalls.

Thank you

 

1)

edit 94
set srcintf "CLIENT"
set dstintf "virtual-wan-link"
set action accept
set srcaddr "all"
set dstaddr "all"
set schedule "always"
set service "ALL"
set ssl-ssh-profile "no-inspection2"
set logtraffic all
set nat enable
set groups "Open Group"
next
end

 

2)


edit 95
set srcintf "CLIENT"
set dstintf "virtual-wan-link"
set action accept
set srcaddr "all"
set dstaddr "all"
set schedule "always"
set service "ALL"
set utm-status enable
set ssl-ssh-profile "certificate-inspection"
set av-profile "default"
set webfilter-profile "default"
set ips-sensor "default"
set application-list "default"
set logtraffic all
set nat enable

Best answer by AEK

According to the logs:

  1. The traffic seems matched by policy 94 (even if it is not in Open Group)
  2. Then followed by: func=__iprope_user_identity_check line=x msg="ret-stop"
  3. Then denied

This is probably due to authentication settings. You need CLI to check and fix it.

In "config user setting" you have probably set "auth-on-demand" to always.

Try set it to the default value "implicitly" and see if it helps.

3 replies

AEK
SuperUser
AEK
SuperUser
December 5, 2025

Hi Onder

Use the following cli commands the reproduce the issue to see what is happening.

diag debug flow filter addr x.x.x.x
diag debug console timestamp enable
diag debug flow show iprope enable
diag debug flow show function-name enable
diag debug flow trace start 100
diag debug enable

 Where x.x.x.x is the IP of a user that is not in the Open Group.

AEK
onderoglu
onderogluAuthor
New Member
December 6, 2025

Thank you for your support

 

2025-12-06 11:27:22 id=65308 trace_id=2 func=print_pkt_detail line=6144 msg="vd-root:0 received a packet(proto=1, 192.168.40.87:1->8.8.8.8:2048) tun_id=0.0.0.0 from CLIENT. type=8, code=0, id=1, s eq=37248."
2025-12-06 11:27:22 id=65308 trace_id=2 func=init_ip_session_common line=6355 msg="allocate a new session-245a286f"
2025-12-06 11:27:22 id=65308 trace_id=2 func=iprope_dnat_check line=5556 msg="in-[CLIENT], out-[]"
2025-12-06 11:27:22 id=65308 trace_id=2 func=iprope_dnat_tree_check line=836 msg="len=0"
2025-12-06 11:27:22 id=65308 trace_id=2 func=iprope_dnat_check line=5581 msg="result: skb_flags-02000000, vid-0, ret-no-match, act-accept, flag-00000000"
2025-12-06 11:27:22 id=65308 trace_id=2 func=vf_ip_route_input_common line=2615 msg="find a route: flag=04000000 gw-212.252.101.113 via port1"
2025-12-06 11:27:22 id=65308 trace_id=2 func=__iprope_fwd_check line=830 msg="in-[CLIENT], out-[port1],skb_flags-02000000, vid-0, app_id: 0, url_cat_id: 0"
2025-12-06 11:27:22 id=65308 trace_id=2 func=__iprope_tree_check line=528 msg="gnum-100004, use int hash, slot=23, len=11"
2025-12-06 11:27:22 id=65308 trace_id=2 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-4294967295, ret-no-match, act-accept"
2025-12-06 11:27:22 id=65308 trace_id=2 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-85, ret-no-match, act-accept"
2025-12-06 11:27:22 id=65308 trace_id=2 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-83, ret-no-match, act-accept"
2025-12-06 11:27:22 id=65308 trace_id=2 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-62, ret-no-match, act-accept"
2025-12-06 11:27:22 id=65308 trace_id=2 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-58, ret-no-match, act-accept"
2025-12-06 11:27:22 id=65308 trace_id=2 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-56, ret-no-match, act-accept"
2025-12-06 11:27:22 id=65308 trace_id=2 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-94, ret-matched, act-accept"
2025-12-06 11:27:22 id=65308 trace_id=2 func=__iprope_user_identity_check line=1944 msg="ret-stop"
2025-12-06 11:27:22 id=65308 trace_id=2 func=__iprope_fwd_check line=867 msg="after iprope_captive_check(): is_captive-0, ret-stop, act-drop, idx-0"
2025-12-06 11:27:22 id=65308 trace_id=2 func=iprope_fwd_auth_check line=896 msg="after iprope_captive_check(): is_captive-0, ret-stop, act-drop, idx-0"
2025-12-06 11:27:22 id=65308 trace_id=2 func=iprope_shaping_check line=994 msg="in-[CLIENT], out-[port1], skb_flags-02000000, vid-0"
2025-12-06 11:27:22 id=65308 trace_id=2 func=__iprope_check line=2447 msg="gnum-100015, check-ffffffffa002f370"
2025-12-06 11:27:22 id=65308 trace_id=2 func=__iprope_check_one_policy line=2181 msg="checked gnum-100015 policy-1, ret-no-match, act-accept"
2025-12-06 11:27:22 id=65308 trace_id=2 func=__iprope_check line=2464 msg="gnum-100015 check result: ret-no-match, act-accept, flag-00000000, flag2-00000000"
2025-12-06 11:27:22 id=65308 trace_id=2 func=iprope_policy_group_check line=4976 msg="after check: ret-no-match, act-accept, flag-00000000, flag2-00000000"
2025-12-06 11:27:22 id=65308 trace_id=2 func=fw_forward_handler line=839 msg="Denied by forward policy check (policy 0)"
2025-12-06 11:27:27 id=65308 trace_id=3 func=print_pkt_detail line=6144 msg="vd-root:0 received a packet(proto=1, 192.168.40.87:1->8.8.8.8:2048) tun_id=0.0.0.0 from CLIENT. type=8, code=0, id=1, seq=37249."
2025-12-06 11:27:27 id=65308 trace_id=3 func=init_ip_session_common line=6355 msg="allocate a new session-245a2caf"
2025-12-06 11:27:27 id=65308 trace_id=3 func=iprope_dnat_check line=5556 msg="in-[CLIENT], out-[]"
2025-12-06 11:27:27 id=65308 trace_id=3 func=iprope_dnat_tree_check line=836 msg="len=0"
2025-12-06 11:27:27 id=65308 trace_id=3 func=iprope_dnat_check line=5581 msg="result: skb_flags-02000000, vid-0, ret-no-match, act-accept, flag-00000000"
2025-12-06 11:27:27 id=65308 trace_id=3 func=vf_ip_route_input_common line=2615 msg="find a route: flag=04000000 gw-212.252.101.113 via port1"
2025-12-06 11:27:27 id=65308 trace_id=3 func=__iprope_fwd_check line=830 msg="in-[CLIENT], out-[port1], skb_flags-02000000, vid-0, app_id: 0, url_cat_id: 0"
2025-12-06 11:27:27 id=65308 trace_id=3 func=__iprope_tree_check line=528 msg="gnum-100004, use int hash, slot=23, len=11"
2025-12-06 11:27:27 id=65308 trace_id=3 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-4294967295, ret-no-match, act-accept"
2025-12-06 11:27:27 id=65308 trace_id=3 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-85, ret-no-match, act-accept"
2025-12-06 11:27:27 id=65308 trace_id=3 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-83, ret-no-match, act-accept"
2025-12-06 11:27:27 id=65308 trace_id=3 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-62, ret-no-match, act-accept"
2025-12-06 11:27:27 id=65308 trace_id=3 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-58, ret-no-match, act-accept"
2025-12-06 11:27:27 id=65308 trace_id=3 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-56, ret-no-match, act-accept"
2025-12-06 11:27:27 id=65308 trace_id=3 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-94, ret-matched, act-accept"
2025-12-06 11:27:27 id=65308 trace_id=3 func=__iprope_user_identity_check line=1944 msg="ret-stop"
2025-12-06 11:27:27 id=65308 trace_id=3 func=__iprope_fwd_check line=867 msg="after iprope_captive_check(): is_captive-0, ret-stop, act-drop, idx-0"
2025-12-06 11:27:27 id=65308 trace_id=3 func=iprope_fwd_auth_check line=896 msg="after iprope_captive_check(): is_captive-0, ret-stop, act-drop, idx-0"
2025-12-06 11:27:27 id=65308 trace_id=3 func=iprope_shaping_check line=994 msg="in-[CLIENT], out-[port1], skb_flags-02000000, vid-0"
2025-12-06 11:27:27 id=65308 trace_id=3 func=__iprope_check line=2447 msg="gnum-100015, check-ffffffffa002f370"
2025-12-06 11:27:27 id=65308 trace_id=3 func=__iprope_check_one_policy line=2181 msg="checked gnum-100015 policy-1, ret-no-match, act-accept"
2025-12-06 11:27:27 id=65308 trace_id=3 func=__iprope_check line=2464 msg="gnum-100015 check result: ret-no-match, act-accept, flag-00000000, flag2-00000000"
2025-12-06 11:27:27 id=65308 trace_id=3 func=iprope_policy_group_check line=4976 msg="after check: ret-no-match, act-accept, flag-00000000, flag2-00000000"
2025-12-06 11:27:27 id=65308 trace_id=3 func=fw_forward_handler line=839 msg="Denied by forward policy check (policy 0)"
2025-12-06 11:27:32 id=65308 trace_id=4 func=print_pkt_detail line=6144 msg="vd-root:0 received a packet(proto=1, 192.168.40.87:1->8.8.8.8:2048) tun_id=0.0.0.0 from CLIENT. type=8, code=0, id=1, seq=37250."
2025-12-06 11:27:32 id=65308 trace_id=4 func=init_ip_session_common line=6355 msg="allocate a new session-245a3150"
2025-12-06 11:27:32 id=65308 trace_id=4 func=iprope_dnat_check line=5556 msg="in-[CLIENT], out-[]"
2025-12-06 11:27:32 id=65308 trace_id=4 func=iprope_dnat_tree_check line=836 msg="len=0"
2025-12-06 11:27:32 id=65308 trace_id=4 func=iprope_dnat_check line=5581 msg="result: skb_flags-02000000, vid-0, ret-no-match, act-accept, flag-00000000"
2025-12-06 11:27:32 id=65308 trace_id=4 func=vf_ip_route_input_common line=2615 msg="find a route: flag=04000000 gw-212.252.101.113 via port1"
2025-12-06 11:27:32 id=65308 trace_id=4 func=__iprope_fwd_check line=830 msg="in-[CLIENT], out-[port1], skb_flags-02000000, vid-0, app_id: 0, url_cat_id: 0"
2025-12-06 11:27:32 id=65308 trace_id=4 func=__iprope_tree_check line=528 msg="gnum-100004, use int hash, slot=23, len=11"
2025-12-06 11:27:32 id=65308 trace_id=4 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-4294967295, ret-no-match, act-accept"
2025-12-06 11:27:32 id=65308 trace_id=4 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-85, ret-no-match, act-accept"
2025-12-06 11:27:32 id=65308 trace_id=4 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-83, ret-no-match, act-accept"
2025-12-06 11:27:32 id=65308 trace_id=4 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-62, ret-no-match, act-accept"
2025-12-06 11:27:32 id=65308 trace_id=4 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-58, ret-no-match, act-accept"
2025-12-06 11:27:32 id=65308 trace_id=4 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-56, ret-no-match, act-accept"
2025-12-06 11:27:32 id=65308 trace_id=4 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-94, ret-matched, act-accept"
2025-12-06 11:27:32 id=65308 trace_id=4 func=__iprope_user_identity_check line=1944 msg="ret-stop"
2025-12-06 11:27:32 id=65308 trace_id=4 func=__iprope_fwd_check line=867 msg="after iprope_captive_check(): is_captive-0, ret-stop, act-drop, idx-0"
2025-12-06 11:27:32 id=65308 trace_id=4 func=iprope_fwd_auth_check line=896 msg="after iprope_captive_check(): is_captive-0, ret-stop, act-drop, idx-0"
2025-12-06 11:27:32 id=65308 trace_id=4 func=iprope_shaping_check line=994 msg="in-[CLIENT], out-[port1], skb_flags-02000000, vid-0"
2025-12-06 11:27:32 id=65308 trace_id=4 func=__iprope_check line=2447 msg="gnum-100015, check-ffffffffa002f370"
2025-12-06 11:27:32 id=65308 trace_id=4 func=__iprope_check_one_policy line=2181 msg="checked gnum-100015 policy-1, ret-no-match, act-accept"
2025-12-06 11:27:32 id=65308 trace_id=4 func=__iprope_check line=2464 msg="gnum-100015 check result: ret-no-match, act-accept, flag-00000000, flag2-00000000"
2025-12-06 11:27:32 id=65308 trace_id=4 func=iprope_policy_group_check line=4976 msg="after check: ret-no-match, act-accept, flag-00000000, flag2-00000000"
2025-12-06 11:27:32 id=65308 trace_id=4 func=fw_forward_handler line=839 msg="Denied by forward policy check (policy 0)"
2025-12-06 11:27:37 id=65308 trace_id=5 func=print_pkt_detail line=6144 msg="vd-root:0 received a packet(proto=1, 192.168.40.87:1->8.8.8.8:2048) tun_id=0.0.0.0 from CLIENT. type=8, code=0, id=1, seq=37251."
2025-12-06 11:27:37 id=65308 trace_id=5 func=init_ip_session_common line=6355 msg="allocate a new session-245a36a1"
2025-12-06 11:27:37 id=65308 trace_id=5 func=iprope_dnat_check line=5556 msg="in-[CLIENT], out-[]"
2025-12-06 11:27:37 id=65308 trace_id=5 func=iprope_dnat_tree_check line=836 msg="len=0"
2025-12-06 11:27:37 id=65308 trace_id=5 func=iprope_dnat_check line=5581 msg="result: skb_flags-02000000, vid-0, ret-no-match, act-accept, flag-00000000"
2025-12-06 11:27:37 id=65308 trace_id=5 func=vf_ip_route_input_common line=2615 msg="find a route: flag=04000000 gw-212.252.101.113 via port1"
2025-12-06 11:27:37 id=65308 trace_id=5 func=__iprope_fwd_check line=830 msg="in-[CLIENT], out-[port1], skb_flags-02000000, vid-0, app_id: 0, url_cat_id: 0"
2025-12-06 11:27:37 id=65308 trace_id=5 func=__iprope_tree_check line=528 msg="gnum-100004, use int hash, slot=23, len=11"
2025-12-06 11:27:37 id=65308 trace_id=5 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-4294967295, ret-no-match, act-accept"
2025-12-06 11:27:37 id=65308 trace_id=5 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-85, ret-no-match, act-accept"
2025-12-06 11:27:37 id=65308 trace_id=5 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-83, ret-no-match, act-accept"
2025-12-06 11:27:37 id=65308 trace_id=5 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-62, ret-no-match, act-accept"
2025-12-06 11:27:37 id=65308 trace_id=5 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-58, ret-no-match, act-accept"
2025-12-06 11:27:37 id=65308 trace_id=5 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-56, ret-no-match, act-accept"
2025-12-06 11:27:37 id=65308 trace_id=5 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-94, ret-matched, act-accept"
2025-12-06 11:27:37 id=65308 trace_id=5 func=__iprope_user_identity_check line=1944 msg="ret-stop"
2025-12-06 11:27:37 id=65308 trace_id=5 func=__iprope_fwd_check line=867 msg="after iprope_captive_check(): is_captive-0, ret-stop, act-drop, idx-0"
2025-12-06 11:27:37 id=65308 trace_id=5 func=iprope_fwd_auth_check line=896 msg="after iprope_captive_check(): is_captive-0, ret-stop, act-drop, idx-0"
2025-12-06 11:27:37 id=65308 trace_id=5 func=iprope_shaping_check line=994 msg="in-[CLIENT], out-[port1], skb_flags-02000000, vid-0"
2025-12-06 11:27:37 id=65308 trace_id=5 func=__iprope_check line=2447 msg="gnum-100015, check-ffffffffa002f370"
2025-12-06 11:27:37 id=65308 trace_id=5 func=__iprope_check_one_policy line=2181 msg="checked gnum-100015 policy-1, ret-no-match, act-accept"
2025-12-06 11:27:37 id=65308 trace_id=5 func=__iprope_check line=2464 msg="gnum-100015 check result: ret-no-match, act-accept, flag-00000000, flag2-00000000"
2025-12-06 11:27:37 id=65308 trace_id=5 func=iprope_policy_group_check line=4976 msg="after check: ret-no-match, act-accept, flag-00000000, flag2-00000000"
2025-12-06 11:27:37 id=65308 trace_id=5 func=fw_forward_handler line=839 msg="Denied by forward policy check (policy 0)"

onderoglu
onderogluAuthor
New Member
December 6, 2025

Thank you for your support,

 

FW1 # diag debug flow filter addr 192.168.40.87

FW1 # diag debug console timestamp enable

FW1 # diag debug flow show iprope enable
show trace messages about iprope

FW1 # diag debug flow show function-name enable
show function name

FW1 # diag debug flow trace start 100

FW1 # diag debug enable

FW1 # 2025-12-06 11:43:56 id=65308 trace_id=101 func=print_pkt_detail line=6144 msg="vd-root:0 received a packet(proto=1, 192.168.40.87:1->8.8.8.8:2048) tun_id=0.0.0.0 from CLIENT. type=8, code=0, id=1, seq=37301."
2025-12-06 11:43:56 id=65308 trace_id=101 func=init_ip_session_common line=6355 msg="allocate a new session-245db22b"
2025-12-06 11:43:56 id=65308 trace_id=101 func=iprope_dnat_check line=5556 msg="in-[CLIENT], out-[]"
2025-12-06 11:43:56 id=65308 trace_id=101 func=iprope_dnat_tree_check line=836 msg="len=0"
2025-12-06 11:43:56 id=65308 trace_id=101 func=iprope_dnat_check line=5581 msg="result: skb_flags-02000000, vid-0, ret-no-match, act-accept, flag-00000000"
2025-12-06 11:43:56 id=65308 trace_id=101 func=vf_ip_route_input_common line=2615 msg="find a route: flag=04000000 gw-**.**.101.113 via port1"
2025-12-06 11:43:56 id=65308 trace_id=101 func=__iprope_fwd_check line=830 msg="in-[CLIENT], out-[port1], skb_flags-02000000, vid-0, app_id: 0, url_cat_id: 0"
2025-12-06 11:43:56 id=65308 trace_id=101 func=__iprope_tree_check line=528 msg="gnum-100004, use int hash, slot=23, len=11"
2025-12-06 11:43:56 id=65308 trace_id=101 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-4294967295, ret-no-match, act-accept"
2025-12-06 11:43:56 id=65308 trace_id=101 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-85, ret-no-match, act-accept"
2025-12-06 11:43:56 id=65308 trace_id=101 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-83, ret-no-match, act-accept"
2025-12-06 11:43:56 id=65308 trace_id=101 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-62, ret-no-match, act-accept"
2025-12-06 11:43:56 id=65308 trace_id=101 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-58, ret-no-match, act-accept"
2025-12-06 11:43:56 id=65308 trace_id=101 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-56, ret-no-match, act-accept"
2025-12-06 11:43:56 id=65308 trace_id=101 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-94, ret-matched, act-accept"
2025-12-06 11:43:56 id=65308 trace_id=101 func=__iprope_user_identity_check line=1944 msg="ret-stop"
2025-12-06 11:43:56 id=65308 trace_id=101 func=__iprope_fwd_check line=867 msg="after iprope_captive_check(): is_captive-0, ret-stop, act-drop, idx-0"
2025-12-06 11:43:56 id=65308 trace_id=101 func=iprope_fwd_auth_check line=896 msg="after iprope_captive_check(): is_captive-0, ret-stop, act-drop, idx-0"
2025-12-06 11:43:56 id=65308 trace_id=101 func=iprope_shaping_check line=994 msg="in-[CLIENT], out-[port1], skb_flags-02000000, vid-0"
2025-12-06 11:43:56 id=65308 trace_id=101 func=__iprope_check line=2447 msg="gnum-100015, check-ffffffffa002f370"
2025-12-06 11:43:56 id=65308 trace_id=101 func=__iprope_check_one_policy line=2181 msg="checked gnum-100015 policy-1, ret-no-match, act-accept"
2025-12-06 11:43:56 id=65308 trace_id=101 func=__iprope_check line=2464 msg="gnum-100015 check result: ret-no-match, act-accept, flag-00000000, flag2-00000000"
2025-12-06 11:43:56 id=65308 trace_id=101 func=iprope_policy_group_check line=4976 msg="after check: ret-no-match, act-accept, flag-00000000, flag2-00000000"
2025-12-06 11:43:56 id=65308 trace_id=101 func=fw_forward_handler line=839 msg="Denied by forward policy check (policy 0)"
2025-12-06 11:43:59 id=65308 trace_id=102 func=print_pkt_detail line=6144 msg="vd-root:0 received a packet(proto=17, 192.168.40.87:60918->192.168.39.10:53) tun_id=0.0.0.0 from CLIENT. "
2025-12-06 11:43:59 id=65308 trace_id=102 func=resolve_ip_tuple_fast line=6252 msg="Find an existing session, id-245d9027, original direction"
2025-12-06 11:43:59 id=65308 trace_id=102 func=vf_ip_route_input_common line=2615 msg="find a route: flag=04000000 gw-192.168.39.10 via SUNUCU"
2025-12-06 11:43:59 id=65308 trace_id=102 func=__iprope_fwd_check line=830 msg="in-[CLIENT], out-[SUNUCU], skb_flags-02000000, vid-0, app_id: 0, url_cat_id: 0"
2025-12-06 11:43:59 id=65308 trace_id=102 func=__iprope_tree_check line=528 msg="gnum-100004, use int hash, slot=65, len=9"
2025-12-06 11:43:59 id=65308 trace_id=102 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-4294967295, ret-no-match, act-accept"
2025-12-06 11:43:59 id=65308 trace_id=102 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-55, ret-matched, act-accept"
2025-12-06 11:43:59 id=65308 trace_id=102 func=__iprope_user_identity_check line=1944 msg="ret-matched"
2025-12-06 11:43:59 id=65308 trace_id=102 func=__iprope_check_one_policy line=2417 msg="policy-55 is matched, act-accept"
2025-12-06 11:43:59 id=65308 trace_id=102 func=__iprope_fwd_check line=867 msg="after iprope_captive_check(): is_captive-0, ret-matched, act-accept, idx-55"
2025-12-06 11:43:59 id=65308 trace_id=102 func=iprope_shaping_check line=994 msg="in-[CLIENT], out-[SUNUCU], skb_flags-02000000, vid-0"
2025-12-06 11:43:59 id=65308 trace_id=102 func=__iprope_check line=2447 msg="gnum-100015, check-ffffffffa002f370"
2025-12-06 11:43:59 id=65308 trace_id=102 func=__iprope_check_one_policy line=2181 msg="checked gnum-100015 policy-1, ret-no-match, act-accept"
2025-12-06 11:43:59 id=65308 trace_id=102 func=__iprope_check line=2464 msg="gnum-100015 check result: ret-no-match, act-accept, flag-00000000, flag2-00000000"
2025-12-06 11:43:59 id=65308 trace_id=102 func=iprope_policy_group_check line=4976 msg="after check: ret-no-match, act-accept, flag-00000000, flag2-00000000"
2025-12-06 11:43:59 id=65308 trace_id=102 func=__ip_session_run_tuple line=3583 msg="run helper-dns-udp(dir=original)"
2025-12-06 11:43:59 id=65308 trace_id=103 func=print_pkt_detail line=6144 msg="vd-root:0 received a packet(proto=17, 192.168.39.10:53->192.168.40.87:60918) tun_id=0.0.0.0 from SUNUCU. "
2025-12-06 11:43:59 id=65308 trace_id=103 func=resolve_ip_tuple_fast line=6252 msg="Find an existing session, id-245d9027, reply direction"
2025-12-06 11:43:59 id=65308 trace_id=103 func=vf_ip_route_input_common line=2615 msg="find a route: flag=04000000 gw-192.168.40.87 via CLIENT"
2025-12-06 11:43:59 id=65308 trace_id=103 func=npu_handle_session44 line=1236 msg="Trying to offloading session from SUNUCU to CLIENT, skb.npu_flag=00000400 ses.state=00010204 ses.npu_state=0x00000000"
2025-12-06 11:43:59 id=65308 trace_id=103 func=fw_forward_dirty_handler line=444 msg="state=00030204, state2=00000001, npu_state=00100000"
2025-12-06 11:43:59 id=65308 trace_id=103 func=__iprope_check line=2447 msg="gnum-100008, check-ffffffffa002ede0"
2025-12-06 11:43:59 id=65308 trace_id=103 func=iprope_policy_group_check line=4976 msg="after check: ret-no-match, act-drop, flag-00000000, flag2-00000000"
2025-12-06 11:43:59 id=65308 trace_id=103 func=__iprope_check line=2447 msg="gnum-100008, check-ffffffffa002ede0"
2025-12-06 11:43:59 id=65308 trace_id=103 func=iprope_policy_group_check line=4976 msg="after check: ret-no-match, act-drop, flag-00000000, flag2-00000000"
2025-12-06 11:43:59 id=65308 trace_id=103 func=__ip_session_run_tuple line=3583 msg="run helper-dns-udp(dir=reply)"
2025-12-06 11:43:59 id=65308 trace_id=104 func=print_pkt_detail line=6144 msg="vd-root:0 received a packet(proto=1, 192.168.40.87:1->204.79.197.200:2048) tun_id=0.0.0.0 from CLIENT. type=8, code=0, id=1, seq=37302."
2025-12-06 11:43:59 id=65308 trace_id=104 func=init_ip_session_common line=6355 msg="allocate a new session-245db4f9"
2025-12-06 11:43:59 id=65308 trace_id=104 func=iprope_dnat_check line=5556 msg="in-[CLIENT], out-[]"
2025-12-06 11:43:59 id=65308 trace_id=104 func=iprope_dnat_tree_check line=836 msg="len=0"
2025-12-06 11:43:59 id=65308 trace_id=104 func=iprope_dnat_check line=5581 msg="result: skb_flags-02000000, vid-0, ret-no-match, act-accept, flag-00000000"
2025-12-06 11:43:59 id=65308 trace_id=104 func=vf_ip_route_input_common line=2615 msg="find a route: flag=04000000 gw-**.**.101.113 via port1"
2025-12-06 11:43:59 id=65308 trace_id=104 func=__iprope_fwd_check line=830 msg="in-[CLIENT], out-[port1], skb_flags-02000000, vid-0, app_id: 0, url_cat_id: 0"
2025-12-06 11:43:59 id=65308 trace_id=104 func=__iprope_tree_check line=528 msg="gnum-100004, use int hash, slot=23, len=11"
2025-12-06 11:43:59 id=65308 trace_id=104 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-4294967295, ret-no-match, act-accept"
2025-12-06 11:43:59 id=65308 trace_id=104 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-85, ret-no-match, act-accept"
2025-12-06 11:43:59 id=65308 trace_id=104 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-83, ret-no-match, act-accept"
2025-12-06 11:43:59 id=65308 trace_id=104 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-62, ret-no-match, act-accept"
2025-12-06 11:43:59 id=65308 trace_id=104 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-58, ret-no-match, act-accept"
2025-12-06 11:43:59 id=65308 trace_id=104 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-56, ret-no-match, act-accept"
2025-12-06 11:43:59 id=65308 trace_id=104 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-94, ret-matched, act-accept"
2025-12-06 11:43:59 id=65308 trace_id=104 func=__iprope_user_identity_check line=1944 msg="ret-stop"
2025-12-06 11:43:59 id=65308 trace_id=104 func=__iprope_fwd_check line=867 msg="after iprope_captive_check(): is_captive-0, ret-stop, act-drop, idx-0"
2025-12-06 11:43:59 id=65308 trace_id=104 func=iprope_fwd_auth_check line=896 msg="after iprope_captive_check(): is_captive-0, ret-stop, act-drop, idx-0"
2025-12-06 11:43:59 id=65308 trace_id=104 func=iprope_shaping_check line=994 msg="in-[CLIENT], out-[port1], skb_flags-02000000, vid-0"
2025-12-06 11:43:59 id=65308 trace_id=104 func=__iprope_check line=2447 msg="gnum-100015, check-ffffffffa002f370"
2025-12-06 11:43:59 id=65308 trace_id=104 func=__iprope_check_one_policy line=2181 msg="checked gnum-100015 policy-1, ret-no-match, act-accept"
2025-12-06 11:43:59 id=65308 trace_id=104 func=__iprope_check line=2464 msg="gnum-100015 check result: ret-no-match, act-accept, flag-00000000, flag2-00000000"
2025-12-06 11:43:59 id=65308 trace_id=104 func=iprope_policy_group_check line=4976 msg="after check: ret-no-match, act-accept, flag-00000000, flag2-00000000"
2025-12-06 11:43:59 id=65308 trace_id=104 func=fw_forward_handler line=839 msg="Denied by forward policy check (policy 0)"
2025-12-06 11:44:00 id=65308 trace_id=105 func=print_pkt_detail line=6144 msg="vd-root:0 received a packet(proto=1, 192.168.40.87:1->8.8.8.8:2048) tun_id=0.0.0.0 from CLIENT. type=8, code=0, id=1, seq=37303."
2025-12-06 11:44:00 id=65308 trace_id=105 func=init_ip_session_common line=6355 msg="allocate a new session-245db5b4"
2025-12-06 11:44:00 id=65308 trace_id=105 func=iprope_dnat_check line=5556 msg="in-[CLIENT], out-[]"
2025-12-06 11:44:00 id=65308 trace_id=105 func=iprope_dnat_tree_check line=836 msg="len=0"
2025-12-06 11:44:00 id=65308 trace_id=105 func=iprope_dnat_check line=5581 msg="result: skb_flags-02000000, vid-0, ret-no-match, act-accept, flag-00000000"
2025-12-06 11:44:00 id=65308 trace_id=105 func=vf_ip_route_input_common line=2615 msg="find a route: flag=04000000 gw-**.**.101.113 via port1"
2025-12-06 11:44:00 id=65308 trace_id=105 func=__iprope_fwd_check line=830 msg="in-[CLIENT], out-[port1], skb_flags-02000000, vid-0, app_id: 0, url_cat_id: 0"
2025-12-06 11:44:00 id=65308 trace_id=105 func=__iprope_tree_check line=528 msg="gnum-100004, use int hash, slot=23, len=11"
2025-12-06 11:44:00 id=65308 trace_id=105 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-4294967295, ret-no-match, act-accept"
2025-12-06 11:44:00 id=65308 trace_id=105 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-85, ret-no-match, act-accept"
2025-12-06 11:44:00 id=65308 trace_id=105 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-83, ret-no-match, act-accept"
2025-12-06 11:44:00 id=65308 trace_id=105 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-62, ret-no-match, act-accept"
2025-12-06 11:44:00 id=65308 trace_id=105 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-58, ret-no-match, act-accept"
2025-12-06 11:44:00 id=65308 trace_id=105 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-56, ret-no-match, act-accept"
2025-12-06 11:44:00 id=65308 trace_id=105 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-94, ret-matched, act-accept"
2025-12-06 11:44:00 id=65308 trace_id=105 func=__iprope_user_identity_check line=1944 msg="ret-stop"
2025-12-06 11:44:00 id=65308 trace_id=105 func=__iprope_fwd_check line=867 msg="after iprope_captive_check(): is_captive-0, ret-stop, act-drop, idx-0"
2025-12-06 11:44:00 id=65308 trace_id=105 func=iprope_fwd_auth_check line=896 msg="after iprope_captive_check(): is_captive-0, ret-stop, act-drop, idx-0"
2025-12-06 11:44:00 id=65308 trace_id=105 func=iprope_shaping_check line=994 msg="in-[CLIENT], out-[port1], skb_flags-02000000, vid-0"
2025-12-06 11:44:00 id=65308 trace_id=105 func=__iprope_check line=2447 msg="gnum-100015, check-ffffffffa002f370"
2025-12-06 11:44:00 id=65308 trace_id=105 func=__iprope_check_one_policy line=2181 msg="checked gnum-100015 policy-1, ret-no-match, act-accept"
2025-12-06 11:44:00 id=65308 trace_id=105 func=__iprope_check line=2464 msg="gnum-100015 check result: ret-no-match, act-accept, flag-00000000, flag2-00000000"
2025-12-06 11:44:00 id=65308 trace_id=105 func=iprope_policy_group_check line=4976 msg="after check: ret-no-match, act-accept, flag-00000000, flag2-00000000"
2025-12-06 11:44:00 id=65308 trace_id=105 func=fw_forward_handler line=839 msg="Denied by forward policy check (policy 0)"
2025-12-06 11:44:03 id=65308 trace_id=106 func=print_pkt_detail line=6144 msg="vd-root:0 received a packet(proto=1, 192.168.40.87:1->204.79.197.200:2048) tun_id=0.0.0.0 from CLIENT. type=8, code=0, id=1, seq=37304."
2025-12-06 11:44:03 id=65308 trace_id=106 func=init_ip_session_common line=6355 msg="allocate a new session-245db841"
2025-12-06 11:44:03 id=65308 trace_id=106 func=iprope_dnat_check line=5556 msg="in-[CLIENT], out-[]"
2025-12-06 11:44:03 id=65308 trace_id=106 func=iprope_dnat_tree_check line=836 msg="len=0"
2025-12-06 11:44:03 id=65308 trace_id=106 func=iprope_dnat_check line=5581 msg="result: skb_flags-02000000, vid-0, ret-no-match, act-accept, flag-00000000"
2025-12-06 11:44:03 id=65308 trace_id=106 func=vf_ip_route_input_common line=2615 msg="find a route: flag=04000000 gw-**.**.101.113 via port1"
2025-12-06 11:44:03 id=65308 trace_id=106 func=__iprope_fwd_check line=830 msg="in-[CLIENT], out-[port1], skb_flags-02000000, vid-0, app_id: 0, url_cat_id: 0"
2025-12-06 11:44:03 id=65308 trace_id=106 func=__iprope_tree_check line=528 msg="gnum-100004, use int hash, slot=23, len=11"
2025-12-06 11:44:03 id=65308 trace_id=106 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-4294967295, ret-no-match, act-accept"
2025-12-06 11:44:03 id=65308 trace_id=106 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-85, ret-no-match, act-accept"
2025-12-06 11:44:03 id=65308 trace_id=106 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-83, ret-no-match, act-accept"
2025-12-06 11:44:03 id=65308 trace_id=106 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-62, ret-no-match, act-accept"
2025-12-06 11:44:03 id=65308 trace_id=106 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-58, ret-no-match, act-accept"
2025-12-06 11:44:03 id=65308 trace_id=106 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-56, ret-no-match, act-accept"
2025-12-06 11:44:03 id=65308 trace_id=106 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-94, ret-matched, act-accept"
2025-12-06 11:44:03 id=65308 trace_id=106 func=__iprope_user_identity_check line=1944 msg="ret-stop"
2025-12-06 11:44:03 id=65308 trace_id=106 func=__iprope_fwd_check line=867 msg="after iprope_captive_check(): is_captive-0, ret-stop, act-drop, idx-0"
2025-12-06 11:44:03 id=65308 trace_id=106 func=iprope_fwd_auth_check line=896 msg="after iprope_captive_check(): is_captive-0, ret-stop, act-drop, idx-0"
2025-12-06 11:44:03 id=65308 trace_id=106 func=iprope_shaping_check line=994 msg="in-[CLIENT], out-[port1], skb_flags-02000000, vid-0"
2025-12-06 11:44:03 id=65308 trace_id=106 func=__iprope_check line=2447 msg="gnum-100015, check-ffffffffa002f370"
2025-12-06 11:44:03 id=65308 trace_id=106 func=__iprope_check_one_policy line=2181 msg="checked gnum-100015 policy-1, ret-no-match, act-accept"
2025-12-06 11:44:03 id=65308 trace_id=106 func=__iprope_check line=2464 msg="gnum-100015 check result: ret-no-match, act-accept, flag-00000000, flag2-00000000"
2025-12-06 11:44:03 id=65308 trace_id=106 func=iprope_policy_group_check line=4976 msg="after check: ret-no-match, act-accept, flag-00000000, flag2-00000000"
2025-12-06 11:44:03 id=65308 trace_id=106 func=fw_forward_handler line=839 msg="Denied by forward policy check (policy 0)"
2025-12-06 11:44:05 id=65308 trace_id=107 func=print_pkt_detail line=6144 msg="vd-root:0 received a packet(proto=1, 192.168.40.87:1->8.8.8.8:2048) tun_id=0.0.0.0 from CLIENT. type=8, code=0, id=1, seq=37305."
2025-12-06 11:44:05 id=65308 trace_id=107 func=init_ip_session_common line=6355 msg="allocate a new session-245dba32"
2025-12-06 11:44:05 id=65308 trace_id=107 func=iprope_dnat_check line=5556 msg="in-[CLIENT], out-[]"
2025-12-06 11:44:05 id=65308 trace_id=107 func=iprope_dnat_tree_check line=836 msg="len=0"
2025-12-06 11:44:05 id=65308 trace_id=107 func=iprope_dnat_check line=5581 msg="result: skb_flags-02000000, vid-0, ret-no-match, act-accept, flag-00000000"
2025-12-06 11:44:05 id=65308 trace_id=107 func=vf_ip_route_input_common line=2615 msg="find a route: flag=04000000 gw-**.**.101.113 via port1"
2025-12-06 11:44:05 id=65308 trace_id=107 func=__iprope_fwd_check line=830 msg="in-[CLIENT], out-[port1], skb_flags-02000000, vid-0, app_id: 0, url_cat_id: 0"
2025-12-06 11:44:05 id=65308 trace_id=107 func=__iprope_tree_check line=528 msg="gnum-100004, use int hash, slot=23, len=11"
2025-12-06 11:44:05 id=65308 trace_id=107 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-4294967295, ret-no-match, act-accept"
2025-12-06 11:44:05 id=65308 trace_id=107 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-85, ret-no-match, act-accept"
2025-12-06 11:44:05 id=65308 trace_id=107 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-83, ret-no-match, act-accept"
2025-12-06 11:44:05 id=65308 trace_id=107 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-62, ret-no-match, act-accept"
2025-12-06 11:44:05 id=65308 trace_id=107 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-58, ret-no-match, act-accept"
2025-12-06 11:44:05 id=65308 trace_id=107 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-56, ret-no-match, act-accept"
2025-12-06 11:44:05 id=65308 trace_id=107 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-94, ret-matched, act-accept"
2025-12-06 11:44:05 id=65308 trace_id=107 func=__iprope_user_identity_check line=1944 msg="ret-stop"
2025-12-06 11:44:05 id=65308 trace_id=107 func=__iprope_fwd_check line=867 msg="after iprope_captive_check(): is_captive-0, ret-stop, act-drop, idx-0"
2025-12-06 11:44:05 id=65308 trace_id=107 func=iprope_fwd_auth_check line=896 msg="after iprope_captive_check(): is_captive-0, ret-stop, act-drop, idx-0"
2025-12-06 11:44:05 id=65308 trace_id=107 func=iprope_shaping_check line=994 msg="in-[CLIENT], out-[port1], skb_flags-02000000, vid-0"
2025-12-06 11:44:05 id=65308 trace_id=107 func=__iprope_check line=2447 msg="gnum-100015, check-ffffffffa002f370"
2025-12-06 11:44:05 id=65308 trace_id=107 func=__iprope_check_one_policy line=2181 msg="checked gnum-100015 policy-1, ret-no-match, act-accept"
2025-12-06 11:44:05 id=65308 trace_id=107 func=__iprope_check line=2464 msg="gnum-100015 check result: ret-no-match, act-accept, flag-00000000, flag2-00000000"
2025-12-06 11:44:05 id=65308 trace_id=107 func=iprope_policy_group_check line=4976 msg="after check: ret-no-match, act-accept, flag-00000000, flag2-00000000"
2025-12-06 11:44:05 id=65308 trace_id=107 func=fw_forward_handler line=839 msg="Denied by forward policy check (policy 0)"
2025-12-06 11:44:07 id=65308 trace_id=108 func=print_pkt_detail line=6144 msg="vd-root:0 received a packet(proto=1, 192.168.40.87:1->204.79.197.200:2048) tun_id=0.0.0.0 from CLIENT. type=8, code=0, id=1, seq=37306."
2025-12-06 11:44:07 id=65308 trace_id=108 func=init_ip_session_common line=6355 msg="allocate a new session-245dbbb0"
2025-12-06 11:44:07 id=65308 trace_id=108 func=iprope_dnat_check line=5556 msg="in-[CLIENT], out-[]"
2025-12-06 11:44:07 id=65308 trace_id=108 func=iprope_dnat_tree_check line=836 msg="len=0"
2025-12-06 11:44:07 id=65308 trace_id=108 func=iprope_dnat_check line=5581 msg="result: skb_flags-02000000, vid-0, ret-no-match, act-accept, flag-00000000"
2025-12-06 11:44:07 id=65308 trace_id=108 func=vf_ip_route_input_common line=2615 msg="find a route: flag=04000000 gw-**.**.101.113 via port1"
2025-12-06 11:44:07 id=65308 trace_id=108 func=__iprope_fwd_check line=830 msg="in-[CLIENT], out-[port1], skb_flags-02000000, vid-0, app_id: 0, url_cat_id: 0"
2025-12-06 11:44:07 id=65308 trace_id=108 func=__iprope_tree_check line=528 msg="gnum-100004, use int hash, slot=23, len=11"
2025-12-06 11:44:07 id=65308 trace_id=108 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-4294967295, ret-no-match, act-accept"
2025-12-06 11:44:07 id=65308 trace_id=108 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-85, ret-no-match, act-accept"
2025-12-06 11:44:07 id=65308 trace_id=108 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-83, ret-no-match, act-accept"
2025-12-06 11:44:07 id=65308 trace_id=108 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-62, ret-no-match, act-accept"
2025-12-06 11:44:07 id=65308 trace_id=108 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-58, ret-no-match, act-accept"
2025-12-06 11:44:07 id=65308 trace_id=108 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-56, ret-no-match, act-accept"
2025-12-06 11:44:07 id=65308 trace_id=108 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-94, ret-matched, act-accept"
2025-12-06 11:44:07 id=65308 trace_id=108 func=__iprope_user_identity_check line=1944 msg="ret-stop"
2025-12-06 11:44:07 id=65308 trace_id=108 func=__iprope_fwd_check line=867 msg="after iprope_captive_check(): is_captive-0, ret-stop, act-drop, idx-0"
2025-12-06 11:44:07 id=65308 trace_id=108 func=iprope_fwd_auth_check line=896 msg="after iprope_captive_check(): is_captive-0, ret-stop, act-drop, idx-0"
2025-12-06 11:44:07 id=65308 trace_id=108 func=iprope_shaping_check line=994 msg="in-[CLIENT], out-[port1], skb_flags-02000000, vid-0"
2025-12-06 11:44:07 id=65308 trace_id=108 func=__iprope_check line=2447 msg="gnum-100015, check-ffffffffa002f370"
2025-12-06 11:44:07 id=65308 trace_id=108 func=__iprope_check_one_policy line=2181 msg="checked gnum-100015 policy-1, ret-no-match, act-accept"
2025-12-06 11:44:07 id=65308 trace_id=108 func=__iprope_check line=2464 msg="gnum-100015 check result: ret-no-match, act-accept, flag-00000000, flag2-00000000"
2025-12-06 11:44:07 id=65308 trace_id=108 func=iprope_policy_group_check line=4976 msg="after check: ret-no-match, act-accept, flag-00000000, flag2-00000000"
2025-12-06 11:44:07 id=65308 trace_id=108 func=fw_forward_handler line=839 msg="Denied by forward policy check (policy 0)"
2025-12-06 11:44:10 id=65308 trace_id=109 func=print_pkt_detail line=6144 msg="vd-root:0 received a packet(proto=1, 192.168.40.87:1->8.8.8.8:2048) tun_id=0.0.0.0 from CLIENT. type=8, code=0, id=1, seq=37307."
2025-12-06 11:44:10 id=65308 trace_id=109 func=init_ip_session_common line=6355 msg="allocate a new session-245dbe25"
2025-12-06 11:44:10 id=65308 trace_id=109 func=iprope_dnat_check line=5556 msg="in-[CLIENT], out-[]"
2025-12-06 11:44:10 id=65308 trace_id=109 func=iprope_dnat_tree_check line=836 msg="len=0"
2025-12-06 11:44:10 id=65308 trace_id=109 func=iprope_dnat_check line=5581 msg="result: skb_flags-02000000, vid-0, ret-no-match, act-accept, flag-00000000"
2025-12-06 11:44:10 id=65308 trace_id=109 func=vf_ip_route_input_common line=2615 msg="find a route: flag=04000000 gw-**.**.101.113 via port1"
2025-12-06 11:44:10 id=65308 trace_id=109 func=__iprope_fwd_check line=830 msg="in-[CLIENT], out-[port1], skb_flags-02000000, vid-0, app_id: 0, url_cat_id: 0"
2025-12-06 11:44:10 id=65308 trace_id=109 func=__iprope_tree_check line=528 msg="gnum-100004, use int hash, slot=23, len=11"
2025-12-06 11:44:10 id=65308 trace_id=109 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-4294967295, ret-no-match, act-accept"
2025-12-06 11:44:10 id=65308 trace_id=109 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-85, ret-no-match, act-accept"
2025-12-06 11:44:10 id=65308 trace_id=109 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-83, ret-no-match, act-accept"
2025-12-06 11:44:10 id=65308 trace_id=109 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-62, ret-no-match, act-accept"
2025-12-06 11:44:10 id=65308 trace_id=109 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-58, ret-no-match, act-accept"
2025-12-06 11:44:10 id=65308 trace_id=109 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-56, ret-no-match, act-accept"
2025-12-06 11:44:10 id=65308 trace_id=109 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-94, ret-matched, act-accept"
2025-12-06 11:44:10 id=65308 trace_id=109 func=__iprope_user_identity_check line=1944 msg="ret-stop"
2025-12-06 11:44:10 id=65308 trace_id=109 func=__iprope_fwd_check line=867 msg="after iprope_captive_check(): is_captive-0, ret-stop, act-drop, idx-0"
2025-12-06 11:44:10 id=65308 trace_id=109 func=iprope_fwd_auth_check line=896 msg="after iprope_captive_check(): is_captive-0, ret-stop, act-drop, idx-0"
2025-12-06 11:44:10 id=65308 trace_id=109 func=iprope_shaping_check line=994 msg="in-[CLIENT], out-[port1], skb_flags-02000000, vid-0"
2025-12-06 11:44:10 id=65308 trace_id=109 func=__iprope_check line=2447 msg="gnum-100015, check-ffffffffa002f370"
2025-12-06 11:44:10 id=65308 trace_id=109 func=__iprope_check_one_policy line=2181 msg="checked gnum-100015 policy-1, ret-no-match, act-accept"
2025-12-06 11:44:10 id=65308 trace_id=109 func=__iprope_check line=2464 msg="gnum-100015 check result: ret-no-match, act-accept, flag-00000000, flag2-00000000"
2025-12-06 11:44:10 id=65308 trace_id=109 func=iprope_policy_group_check line=4976 msg="after check: ret-no-match, act-accept, flag-00000000, flag2-00000000"
2025-12-06 11:44:10 id=65308 trace_id=109 func=fw_forward_handler line=839 msg="Denied by forward policy check (policy 0)"
2025-12-06 11:44:11 id=65308 trace_id=110 func=print_pkt_detail line=6144 msg="vd-root:0 received a packet(proto=1, 192.168.40.87:1->204.79.197.200:2048) tun_id=0.0.0.0 from CLIENT. type=8, code=0, id=1, seq=37308."
2025-12-06 11:44:11 id=65308 trace_id=110 func=init_ip_session_common line=6355 msg="allocate a new session-245dbee4"
2025-12-06 11:44:11 id=65308 trace_id=110 func=iprope_dnat_check line=5556 msg="in-[CLIENT], out-[]"
2025-12-06 11:44:11 id=65308 trace_id=110 func=iprope_dnat_tree_check line=836 msg="len=0"
2025-12-06 11:44:11 id=65308 trace_id=110 func=iprope_dnat_check line=5581 msg="result: skb_flags-02000000, vid-0, ret-no-match, act-accept, flag-00000000"
2025-12-06 11:44:11 id=65308 trace_id=110 func=vf_ip_route_input_common line=2615 msg="find a route: flag=04000000 gw-**.**.101.113 via port1"
2025-12-06 11:44:11 id=65308 trace_id=110 func=__iprope_fwd_check line=830 msg="in-[CLIENT], out-[port1], skb_flags-02000000, vid-0, app_id: 0, url_cat_id: 0"
2025-12-06 11:44:11 id=65308 trace_id=110 func=__iprope_tree_check line=528 msg="gnum-100004, use int hash, slot=23, len=11"
2025-12-06 11:44:11 id=65308 trace_id=110 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-4294967295, ret-no-match, act-accept"
2025-12-06 11:44:11 id=65308 trace_id=110 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-85, ret-no-match, act-accept"
2025-12-06 11:44:11 id=65308 trace_id=110 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-83, ret-no-match, act-accept"
2025-12-06 11:44:11 id=65308 trace_id=110 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-62, ret-no-match, act-accept"
2025-12-06 11:44:11 id=65308 trace_id=110 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-58, ret-no-match, act-accept"
2025-12-06 11:44:11 id=65308 trace_id=110 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-56, ret-no-match, act-accept"
2025-12-06 11:44:11 id=65308 trace_id=110 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-94, ret-matched, act-accept"
2025-12-06 11:44:11 id=65308 trace_id=110 func=__iprope_user_identity_check line=1944 msg="ret-stop"
2025-12-06 11:44:11 id=65308 trace_id=110 func=__iprope_fwd_check line=867 msg="after iprope_captive_check(): is_captive-0, ret-stop, act-drop, idx-0"
2025-12-06 11:44:11 id=65308 trace_id=110 func=iprope_fwd_auth_check line=896 msg="after iprope_captive_check(): is_captive-0, ret-stop, act-drop, idx-0"
2025-12-06 11:44:11 id=65308 trace_id=110 func=iprope_shaping_check line=994 msg="in-[CLIENT], out-[port1], skb_flags-02000000, vid-0"
2025-12-06 11:44:11 id=65308 trace_id=110 func=__iprope_check line=2447 msg="gnum-100015, check-ffffffffa002f370"
2025-12-06 11:44:11 id=65308 trace_id=110 func=__iprope_check_one_policy line=2181 msg="checked gnum-100015 policy-1, ret-no-match, act-accept"
2025-12-06 11:44:11 id=65308 trace_id=110 func=__iprope_check line=2464 msg="gnum-100015 check result: ret-no-match, act-accept, flag-00000000, flag2-00000000"
2025-12-06 11:44:11 id=65308 trace_id=110 func=iprope_policy_group_check line=4976 msg="after check: ret-no-match, act-accept, flag-00000000, flag2-00000000"
2025-12-06 11:44:11 id=65308 trace_id=110 func=fw_forward_handler line=839 msg="Denied by forward policy check (policy 0)"
2025-12-06 11:44:15 id=65308 trace_id=111 func=print_pkt_detail line=6144 msg="vd-root:0 received a packet(proto=1, 192.168.40.87:1->204.79.197.200:2048) tun_id=0.0.0.0 from CLIENT. type=8, code=0, id=1, seq=37309."
2025-12-06 11:44:15 id=65308 trace_id=111 func=init_ip_session_common line=6355 msg="allocate a new session-245dc29f"
2025-12-06 11:44:15 id=65308 trace_id=111 func=iprope_dnat_check line=5556 msg="in-[CLIENT], out-[]"
2025-12-06 11:44:15 id=65308 trace_id=111 func=iprope_dnat_tree_check line=836 msg="len=0"
2025-12-06 11:44:15 id=65308 trace_id=111 func=iprope_dnat_check line=5581 msg="result: skb_flags-02000000, vid-0, ret-no-match, act-accept, flag-00000000"
2025-12-06 11:44:15 id=65308 trace_id=111 func=vf_ip_route_input_common line=2615 msg="find a route: flag=04000000 gw-**.**.101.113 via port1"
2025-12-06 11:44:15 id=65308 trace_id=111 func=__iprope_fwd_check line=830 msg="in-[CLIENT], out-[port1], skb_flags-02000000, vid-0, app_id: 0, url_cat_id: 0"
2025-12-06 11:44:15 id=65308 trace_id=111 func=__iprope_tree_check line=528 msg="gnum-100004, use int hash, slot=23, len=11"
2025-12-06 11:44:15 id=65308 trace_id=111 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-4294967295, ret-no-match, act-accept"
2025-12-06 11:44:15 id=65308 trace_id=111 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-85, ret-no-match, act-accept"
2025-12-06 11:44:15 id=65308 trace_id=111 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-83, ret-no-match, act-accept"
2025-12-06 11:44:15 id=65308 trace_id=111 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-62, ret-no-match, act-accept"
2025-12-06 11:44:15 id=65308 trace_id=111 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-58, ret-no-match, act-accept"
2025-12-06 11:44:15 id=65308 trace_id=111 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-56, ret-no-match, act-accept"
2025-12-06 11:44:15 id=65308 trace_id=111 func=__iprope_check_one_policy line=2181 msg="checked gnum-100004 policy-94, ret-matched, act-accept"
2025-12-06 11:44:15 id=65308 trace_id=111 func=__iprope_user_identity_check line=1944 msg="ret-stop"
2025-12-06 11:44:15 id=65308 trace_id=111 func=__iprope_fwd_check line=867 msg="after iprope_captive_check(): is_captive-0, ret-stop, act-drop, idx-0"
2025-12-06 11:44:15 id=65308 trace_id=111 func=iprope_fwd_auth_check line=896 msg="after iprope_captive_check(): is_captive-0, ret-stop, act-drop, idx-0"
2025-12-06 11:44:15 id=65308 trace_id=111 func=iprope_shaping_check line=994 msg="in-[CLIENT], out-[port1], skb_flags-02000000, vid-0"
2025-12-06 11:44:15 id=65308 trace_id=111 func=__iprope_check line=2447 msg="gnum-100015, check-ffffffffa002f370"
2025-12-06 11:44:15 id=65308 trace_id=111 func=__iprope_check_one_policy line=2181 msg="checked gnum-100015 policy-1, ret-no-match, act-accept"
2025-12-06 11:44:15 id=65308 trace_id=111 func=__iprope_check line=2464 msg="gnum-100015 check result: ret-no-match, act-accept, flag-00000000, flag2-00000000"
2025-12-06 11:44:15 id=65308 trace_id=111 func=iprope_policy_group_check line=4976 msg="after check: ret-no-match, act-accept, flag-00000000, flag2-00000000"
2025-12-06 11:44:15 id=65308 trace_id=111 func=fw_forward_handler line=839 msg="Denied by forward policy check (policy 0)"

 

onderoglu
onderogluAuthor
New Member
December 7, 2025

you are perfect, 

config user setting

set auth-on-demand implicitly

 

thank you very much...

    Terms & ConditionsAccessibility statement