Community & Support
Last updated
Last updated
Community support is done - by the community as well as us (defguard authors) on our Matrix - Support channel.
Since this a community support please remember that it may take some time to get a response, as there is no-one assigned for the support 24/h - especially during the weekends, when people are just off.
If you have an actuail production setup that requires proper support, please please go to our support page, where you can buy premium or enterprise support.
Here you can submit a bug
And here you can submit a feature request
Before submitting your questions to our support (Matrix, direct), here are few things:
If you have configured your defguard instance correctly, after connecting to the VPN you should be able from a client to ping your VPN server, for example if you have the following setup:
after connecting to VPN you should be able to ping: 10.1.1.1
If you are not able to ping the VPN server the most common problem is that you have choosen a network that may be in conflict with your other networks (router, ...). To examine your routing use on Mac and Linux netstat -rn command. Let's look at the example from above, the VPN network is: 10.1.1.0/24, let's look at the network route tabile:
In the example above you can see that the whole 10.0.0.0 network (with mask 255.0.0.0 eg /8) is routed through default device en0.
Because of the main routing 10.0.0.0/8 the VPN server routing the network 10.1.1.0/24 (which is included in 10.0.0.0/8) will not work.
Another common problem is that your server on which the gateway is working, has some firewall rules that interfere with VPN network. Please examine carefully ufw and iptables (even if ufw is disabled there may be iptables rules).
A user has no access to the VPN location - sometimes admins forget that they change the VPN settings and change a group that is allowed to access the VPN location. If the user is not a part of that group which VPN location is configured to access:
will not be able to connect.
In this scenario the user has VPN Location in the client since previously were able to connect to this location, but after changing the settings the user needs to Update their client configuration.
It's not done automatically now - since for security reasons there is a token required for obtaining the configuration by the desktop client.
Please remember that defguard is absolutly free, and the only way for now we have any support is that when someone just buys the support on our website. Please consider it...
In order to get help on a not working VPN setup to figure out what is actually wrong, please prepare the following things:
itsthe the Routing table of the server and client
Firewall rules of the server and client
Detailed information about your VPN setup - all fields (besides the keys) from the VPN configuration - can be downloaded with support information feature - if you don't want to attach this to the isse/Matrix chat - you can send it to us directly (there is a button to send).
Logs - before submitting logs, please:
Desktop Client
Change in Desktop Client settings Logging threshold to DEBUG - you need to restart the desktop client after changing logging threshold.
Launch the client from the command line, so that you have more logs (the desktop client has it's own logs and there is a vpn service that is gathering logs just for the VPN connections and not the desktop client itself) - so in the terminal you will have desktop client logs:
Gather desktop client service log (responsible for the connections) - that are located in folders:
Mac & Linux: /var/log/defguard-service/
Windows: C:\Logs\defguard-service (will be changed soon)
After connecting and gathering Desktop Client and client Service logs, gather logs: core, proxy and gateway logs - from journalctl from your servers.
Prepare a package of all this and submit it to the #Support channel.
