Follow the step below to troubleshoot common issues with Enclave networking.
The first step in troubleshooting is to use the ping command to see if you can reach your nodes. Enable ICMP traffic between two agents and sent requests between them. If you are able to ping your nodes, but are unable to connect other services, you might have a issue with your application configuration.
Try a relay
Nebula can resolve across a number of different NAT types. However, there are some limitations to what can be resolved. If you are having issues with resolution, consider using a beacon as a relay. If UDP hole-punching fails and peer to peer connections are not possible, the beacon will act as a relay for the traffic.
Check your host-based firewall
If you are having issues connecting to your nodes and you have a host-based firewall enabled, make sure that you have the proper rules in place to allow traffic to your nodes.
UFW (Uncomplicated Firewall)
If you are using UFW, you will need to configure rules for you VPN subnet. For example if your VPN subnet is
10.100.0.0/16, you can give broad access to the subnet with the following command:
sudo ufw allow from 10.100.0.0/16 to 10.100.0.0/16
Feel free to restrict this as needed for your security posture.
Make sure your date and time are correct
If your date and time are not correct, certificates could have issues validating. Make sure your date and time are correct on your machines.