Skip to main content

Troubleshoot

For any problems that arise, a good first bet is to check the Firezone logs.

To view Firezone logs, run sudo firezone-ctl tail.

Debugging Connectivity Issues

Most connectivity issues with Firezone are caused by other iptables or nftables rules which interfere with Firezone's operation. If you have rules active, you'll need to ensure these don't conflict with the Firezone rules.

Internet Connectivity Drops when Tunnel is Active

If your Internet connectivity drops whenever you activate your WireGuard tunnel, you should make sure that the FORWARD chain allows packets from your WireGuard clients to the destinations you want to allow through Firezone.

If you're using ufw, this can be done by making sure the default routing policy is allow:

ubuntu@fz:~$ sudo ufw default allow routed
Default routed policy changed to 'allow'
(be sure to update your rules accordingly)

A ufw status for a typical Firezone server might look like this:

ubuntu@fz:~$ sudo ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), allow (routed)
New profiles: skip

To Action From
-- ------ ----
22/tcp ALLOW IN Anywhere
80/tcp ALLOW IN Anywhere
443/tcp ALLOW IN Anywhere
51820/udp ALLOW IN Anywhere
22/tcp (v6) ALLOW IN Anywhere (v6)
80/tcp (v6) ALLOW IN Anywhere (v6)
443/tcp (v6) ALLOW IN Anywhere (v6)
51820/udp (v6) ALLOW IN Anywhere (v6)

Need additional help?

If you're looking for help installing, configuring, or using Firezone, we're happy to help.