It's possible that you've configured a VPN connection from Nebula Firewall to a Non-Nebula Firewall with the correct settings. However, you might be experiencing frequent disconnects, and the Nebula Control Center (NCC) does not display a stable, complete VPN connection.
- Topology
- You may see the incomplete VPN connection info shown on Nebula [NCC]
- The disconnected status
- Short tunnel uptime
- No Last heartbeat
- How to solve this situation?
In the current design, when you enter a Private Subnet in the respective field, the NSG will initiate a Connectivity Check to this IP address. This means if you enter an IP address that is not reachable, may it be because you have firewall rules or routes in place, the VPN tunnel will think of it being disconnected and there closing the tunnel, leading to stability issues regarding the online connectivity.
It is recommended to use the LAN interface IP of the remote subnets' gateway - in our example, we are instead simulating a connectivity check to a server on the IP 192.168.2.33.
- How to establish Site to Site IPSec VPN between Nebula and Non-Nebula devices
- VPN Connectivity Check
Also interesting:
Do you want to have a look directly on one of our test devices? Have a look here in our virtual Lab: