It might happen to you, that you configured a Nebula-to-NonNebula VPN with the correct configuration. However, this is disconnecting frequently, and there is no complete VPN-connection shown on Nebula Control Center (NCC).
- You may see the incomplete VPN connection info shown on NCC
- The disconnected status
- Short tunnel uptime
- No Last heartbeat
- How to solve this situation?
In the current design, when you enter a Private Subnet in the respective field, the NSG will initiate a Connectivity Check to this IP address. This means if you enter an IP address that is not reachable, may it be because you have firewall rules or routes in place, the VPN tunnel will think of it being disconnected and there closing the tunnel, leading to stability issues regarding the online connectivity.
It is recommended to use the LAN interface IP of the remote subnets' gateway - in our example, we are instead simulating a connectivity check to a server on the IP 192.168.2.33.
- How to establish Site to Site IPSec VPN between Nebula and Non-Nebula devices
- VPN Connectivity Check
Do you want to have a look directly on one of our test devices? Have a look here in our virtual Lab: