For any problems that arise, a good first bet is to check the Firezone logs.
To view Firezone logs, run
sudo firezone-ctl tail.
Debugging Connectivity Issues
Most connectivity issues with Firezone are caused by other
nftables rules which interfere with Firezone's operation. If you have rules
active, you'll need to ensure these don't conflict with the Firezone rules.
Internet Connectivity Drops when Tunnel is Active
If your Internet connectivity drops whenever you activate your WireGuard
tunnel, you should make sure that the
FORWARD chain allows packets
from your WireGuard clients to the destinations you want to allow through
If you're using
ufw, this can be done by making sure the default routing
ubuntu@fz:~$ sudo ufw default allow routed
Default routed policy changed to 'allow'
(be sure to update your rules accordingly)
ufw status for a typical Firezone server might look like this:
ubuntu@fz:~$ sudo ufw status verbose
Logging: on (low)
Default: deny (incoming), allow (outgoing), allow (routed)
New profiles: skip
To Action From
-- ------ ----
22/tcp ALLOW IN Anywhere
80/tcp ALLOW IN Anywhere
443/tcp ALLOW IN Anywhere
51820/udp ALLOW IN Anywhere
22/tcp (v6) ALLOW IN Anywhere (v6)
80/tcp (v6) ALLOW IN Anywhere (v6)
443/tcp (v6) ALLOW IN Anywhere (v6)
51820/udp (v6) ALLOW IN Anywhere (v6)
Need additional help?
If you're looking for help installing, configuring, or using Firezone, we're happy to help.