Standard Troubleshooting Procedures

Here’s some simple ideas you can use to investigate problems with VPNs and proxy servers.

  1. Make sure the service is running on the server. Assuming your proxy server runs under systemd, that would mean issuing commands such as systemctl status xray, systemctl status openvpn@server, or systemctl status tor@default (these are just examples of systemctl status commands).

  2. Review the logs on both ends of the connection (server and client). On the server, issue appropriate commands such as journalctl -u xray or tail /var/log/nginx/error.log (these are just examples), depending on what software you are running and how you are running it. Also view the logs on your client.

  3. What is listening on the server and on what ports and protocols? Issue the command ss -tulpn and make sure the results are as expected. Is your server listening where you expect it to be listening?

  4. Is your server IP address reacheable? Issue the ping command on the client.

  5. If you are using TCP, is your TCP port reachable? Attempt to telnet to your TCP port. Can you reach that port, and does it let you connect?

  6. Are packets arriving at your firewall as expected? iptables and nftables both allow you to count packets for each input port and protocol.

  7. Double-check and triple-check that your configuration files match. You’d be amazed how many problems turn out to be due to mismatches between server configuration and client configuration.

  8. Search for previous occurrences of any error messages in a search engine and on the GitHub issues tab for your software repository.

  9. Run tcpdump on the server and make sure packets are arriving as your expect. The equivalent for GUI clients is Wireshark. Make sure the expected packets are going out to the expected destination.

  10. If you’re going to ask for help, produce all the evidence you’ve collected so far, along with the complete instructions that someone else would need to recreate your environment (both server and client).