wallenstein/algo
1
0
Fork 0
mirror of https://github.com/trailofbits/algo.git synced 2025-04-18 15:17:07 +02:00
Code Issues Projects Releases Wiki Activity

Troubleshooting IPsec NAT issues (#1498)

Browse source
This commit is contained in:
David Myers 2019-06-24 04:24:06 -04:00 committed by Jack Ivanov
parent 8462f0fb6c
commit f152d3a746
1 changed files with 13 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
docs/troubleshooting.md
View file

@ -31,6 +31,7 @@ First of all, check [this](https://github.com/trailofbits/algo#features) and ens
* [Wireguard: clients can connect on Wifi but not LTE](#wireguard-clients-can-connect-on-wifi-but-not-lte)
* ["Error 809" or IKE_AUTH requests that never make it to the server](#error-809-or-ike_auth-requests-that-never-make-it-to-the-server)
* [Windows: Parameter is incorrect](#windows-parameter-is-incorrect)
* [IPsec: Difficulty connecting through router](#ipsec-difficulty-connecting-through-router)
* [I have a problem not covered here](#i-have-a-problem-not-covered-here)
## Installation Problems
@ -470,6 +471,18 @@ The problem may happen if you recently moved to a new server, where you have Alg
The VPN connection should work again
### IPsec: Difficulty connecting through router
Some routers treat IPsec connections specially because older versions of IPsec did not work properly through [NAT](https://en.wikipedia.org/wiki/Network_address_translation). If you're having problems connecting to your AlgoVPN through a specific router using IPsec you might need to change some settings on the router.
#### Change the "VPN Passthrough" settings
If your router has a setting called something like "VPN Passthrough" or "IPsec Passthrough" try changing the setting to a different value.
#### Change the default pfSense NAT rules
If your router runs [pfSense](https://www.pfsense.org) and a single IPsec client can connect but you have issues when using multiple clients, you'll need to change the **Outbound NAT** mode to **Manual Outbound NAT** and disable the rule that specifies **Static Port** for IKE (UDP port 500). See [Outbound NAT](https://docs.netgate.com/pfsense/en/latest/book/nat/outbound-nat.html#outbound-nat) in the [pfSense Book](https://docs.netgate.com/pfsense/en/latest/book).
## I have a problem not covered here
If you have an issue that you cannot solve with the guidance here, [join our Gitter](https://gitter.im/trailofbits/algo) and ask for help. If you think you found a new issue in Algo, [file an issue](https://github.com/trailofbits/algo/issues/new).