Basics things you can do yourself to troubleshoot

If you are stuck, please make sure that you try the steps:

  • checking if Agent token(s) used on any of the endpoints aren't expired
  • checking if you are using the latest agent version
  • Your virtual endpoint isn't old (pre-release). Recreate it, if needed
  • recreating the virtual endpoint
  • recreating the configs of the virtual endpoint
  • recreating the actual node/endpoint
  • enabling/disabling SDN
  • adding a port range to the node with SYNTROPY_PORT_RANGE

I have my agent running, and the connection with VPN is established, but the connection status displayed is Offline/Packet loss is 100%.

A firewall setup on your side most likely causes this. This means that VPN cannot directly reach you but can transfer traffic in both directions when contacted by an Agent on your side. Therefore, the connection is working. It does not impact the performance when used from your side, and only the connection status icon is affected. Turning the firewall off on your side or tweaking its settings would fix it.

Setting up the VPS on the server behind the NAT

To determine if your wifi router has a NAT firewall enabled, try connecting two devices to the same wifi network, such as a laptop and smartphone. Then, on each device, run a Google search for “what’s my IP?” If the same IP address appears for both devices, it is likely that your wifi router has a NAT firewall enabled, meaning a computer with an internal IP behind NAT cannot act as an exit node (VPS).

Setting up the firewall using iptables command

How to update settings for the firewall on Ubuntu using theIPtables command - simply use the command below. The first command will set the policy for the FORWARD chain to ACCEPT, meaning that all packets will be allowed to pass through the FORWARD chain. The second command will display the current iptables ruleset in a human-readable format and save it.

More about IPtables command you can find in the official Ubuntu documentation.

sudo iptables -P FORWARD ACCEPT
sudo iptables -S

Setting up the firewall using ufw command

When you use the commands below, the following will happen:

  1. The command "sudo ufw default allow" will set the default policy for the firewall to allow all incoming and outgoing traffic.

  2. The command "sudo ufw enable" will enable the firewall and start blocking all incoming and outgoing traffic, except for the traffic that is explicitly allowed.

  3. The command "sudo ufw status verbose" will display a detailed report of the firewall's current status, including the default policy, the rules that are currently in effect, and the number of packets that have been blocked or allowed.

sudo ufw default allow
sudo ufw enable
sudo ufw status verbose

My Wireguard app is not peering

Your WireGuard configuration is missingpeer information? Make sure you get the config after establishing the connection between Virtual Endpoint and VPS, not before.

Didn't find the solution?

Reach out to our Developer Community on Discord.