If your Firewalla VPN Server is not working, read through this document to diagnose and fix the issue.
Before getting started, please note that:
- WireGuard is connectionless, which means that it doesn't maintain a persistent connection. Your devices' WireGuard VPN client may show as connected even if the connection doesn't actually function.
- WireGuard profiles can't be shared. Doing so may severely affect your connection experience.
Problem 0: You need a public IP
The Firewalla VPN server needs a public IP address for you to connect back. See how to check if you have a public IP.
- If you don't have a public IP address, using the VPN Server isn't possible.
- If you have a private IPv4 address (e.g. an address within the range 100.64.0.0-100.127.255.255, which is used by some ISPs but considered private), but your ISP has given you a public IPv6 address, you can change your server's DDNS to IPv6 Only. See our VPN Server article for more information on using IPv6.
Problem 1: Port forwarding is not configured correctly upstream
If you have a router between the outside network and your Firewalla, that device may be blocking access to your Firewalla VPN Server. On your VPN Server's detail page, you'll see the message Need Manual Setup if your VPN Server isn't reachable from outside your network. Tap on it for detailed instructions on setting up port forwarding. See How to set up port forwarding for VPN Server for help.
Problem 2: UPnP port forwarding was wiped by an upstream router
If you have your Firewalla behind a router with UPnP turned on, this can cause a conflict.
Try turning off the VPN and then turning it back on after 5 seconds. This will refresh the UPnP port. If this doesn't work, reboot Firewalla. You can avoid this entirely by configuring a static port forward on your router to Firewalla instead of using UPnP. See How to set up port forwarding for VPN Server for help with configuring your router's port forwarding.
Problem 3: The VPN Server doesn't work on your own network
Not all routers support connecting to the Firewalla VPN Server from inside the same network (this is sometimes called "hairpin NAT"). If you test your VPN while connected to the same network, it may fail even though it works properly when you're outside your network.
Solve this problem by using an external network for testing. For example, you can simply disable Wi-Fi on your phone and test your VPN connection using LTE.
Comments
1 comment
I can connect to my VPN fine, the problem is, there is not internet connection. All internet traffic seems to have stopped. Any reason this would happen and what is the fix?
Please sign in to leave a comment.