Troubleshooting

Follow the step below to troubleshoot common issues with Enclave networking.

Use ping

The first step in troubleshooting is to use the ping command to see if you can reach your nodes. Enable ICMP traffic between two agents and sent requests between them. If you are able to ping your nodes, but are unable to connect other services, you might have a issue with your application configuration.

Enable punchy on your agents

If you are having issues with peer to peer connections, make sure that you have UDP hole-punching enabled on your nodes. This can be done by setting the Punch field to true in your node/user Advanced settings. By default, this is enabled.

Try a relay

Nebula can resolve across a number of different NAT types. However, there are some limitations to what can be resolved. If you are having issues with resolution, consider using a beacon as a relay. If UDP hole-punching fails and peer to peer connections are not possible, the beacon will act as a relay for the traffic.

Check your host-based firewall

If you are having issues connecting to your nodes and you have a host-based firewall enabled, make sure that you have the proper rules in place to allow traffic to your nodes.

UFW (Uncomplicated Firewall)

If you are using UFW, you will need to configure rules for you VPN subnet. For example if your VPN subnet is 10.100.0.0/16, you can give broad access to the subnet with the following command:

sudo ufw allow from 10.100.0.0/16 to 10.100.0.0/16

Feel free to restrict this as needed for your security posture.

Make sure your date and time are correct

If your date and time are not correct, certificates could have issues validating. Make sure your date and time are correct on your machines.

date