[docs/tfclient] add documentation on windows firewall issues
/ build (push) Successful in 2m0s Details
/ build_x64 (push) Successful in 3m14s Details
/ build_arm64 (push) Successful in 3m14s Details
/ build_win64 (push) Successful in 11m13s Details

This commit is contained in:
core 2023-10-10 10:23:25 -04:00
parent 256a38d66b
commit 89315a3e9d
Signed by: core
GPG Key ID: FDBF740DADDCEECF
6 changed files with 56 additions and 0 deletions

Binary file not shown.

After

Width:  |  Height:  |  Size: 20 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 9.9 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 11 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 5.1 KiB

View File

@ -0,0 +1,11 @@
---
sidebar_position: 3
---
# Troubleshooting
This page lists common issues with tfclient and how to resolve them. This page will be updated occasionally as needed.
## On Windows, traffic can leave but cannot enter
This is [a known issue with Nebula](https://github.com/slackhq/nebula/issues/621), and by extension tfclient. [A workaround is available - see here for details.](/docs/tfclient/windows_firewall)

View File

@ -0,0 +1,45 @@
---
sidebar_position: 2
---
# Windows Firewall Setup
:::info
This is only needed on Windows-based platforms. On macOS and Linux, the firewall works correctly out-of-the-box.
:::
On Windows-based platforms, Nebula (and by extension tfclient) cannot properly configure Windows Defender Firewall automatically, thus preventing any inbound traffic from reaching your machine over your network (outbound traffic will still work). To fix this, you need to add a firewall rule to Windows Defender Firewall.
It is recommended that you add a rule allowing **all inbound traffic from your network.** Nebula has a built-in firewall, thus it is preferred to allow the Nebula firewall to function as intended and leave Windows Defender Firewall essentially disabled for your VPN's subnet, allowing Nebula to function in it's place.
## Adding the inbound rule
1. Search for "Windows Defender Firewall with Advanced Security" and open it. This requires administrator privileges. You should see the window below.
![Windows Defender Firewall Window](img/firewall_main.png)
2. Select "Inbound Rules" on the left, and then click "New Rule" to open the New Inbound Rule Wizard. You should see the window below.
![New Inbound Rule Wizard](img/new_rule_1.png)
3. Select the Custom option, and click Next.
4. Click the Next button for the Program step.
5. Click the Next button for the Protocol and Port step.
6. Select the "These IP addresses" checkbox under "Which remote IP addresses does this rule apply to?" as shown below.
![These IP addresses radio](img/new_rule_2.png)
7. Select the Add button next to "These IP addresses" to open the window shown below.
![IP Address popup](img/new_rule_3.png)
8. In the box under "This IP address or subnet" enter the CIDR notation of your network i.e. `10.16.0.0/15`. Ask your network administrator for this value if you do not know it.
9. Click the "OK" button.
10. Click the "Next" button.
11. Under "What action should be taken when a connection matches the specified conditions?", select "Allow the connection", then click Next.
12. Click "Next" on the Profile page.
13. Enter a title for the rule. We recommend using something like `tfclient/nebula/YOUR_NETWORK_NAME/YOUR_NETWORK_CIDR`, such as `tfclient/nebula/corporate/10.16.0.0/15`.
14. If desired, enter additional descriptions in the second text box.
15. Select the "Finish" option.
The changes should take effect immediately, and traffic should begin flowing 5-10 seconds after applying the rule (give Nebula time to perform handshakes and establish tunnels). If it does not take effect immediately, rebooting the affected machine typically resolves any issues.