Standard Troubleshooting Procedures
Here’s some simple ideas you can use to investigate problems with VPNs and proxy servers.
Make sure the service is running on the server. Assuming your proxy server runs under systemd, that would mean issuing commands such as
systemctl status xray
,systemctl status openvpn@server
, orsystemctl status tor@default
(these are just examples ofsystemctl status
commands).Review the logs on both ends of the connection (server and client). On the server, issue appropriate commands such as
journalctl -u xray
ortail /var/log/nginx/error.log
(these are just examples), depending on what software you are running and how you are running it. Also view the logs on your client.What is listening on the server and on what ports and protocols? Issue the command
ss -tulpn
and make sure the results are as expected. Is your server listening where you expect it to be listening?Is your server IP address reacheable? Issue the
ping
command on the client.If you are using TCP, is your TCP port reachable? Attempt to
telnet
to your TCP port. Can you reach that port, and does it let you connect?Are packets arriving at your firewall as expected?
iptables
andnftables
both allow you to count packets for each input port and protocol.Double-check and triple-check that your configuration files match. You’d be amazed how many problems turn out to be due to mismatches between server configuration and client configuration.
Search for previous occurrences of any error messages in a search engine and on the GitHub issues tab for your software repository.
Run
tcpdump
on the server and make sure packets are arriving as your expect. The equivalent for GUI clients is Wireshark. Make sure the expected packets are going out to the expected destination.If you’re going to ask for help, produce all the evidence you’ve collected so far, along with the complete instructions that someone else would need to recreate your environment (both server and client).