Skip to content

VPN Troubleshooting

This guide covers common VPN issues and how to resolve them. If you cannot find a solution here, contact IT using the information on the Support page.

Connection Issues

Tailscale Shows "Disconnected" or "Needs Login"

Your VPN session has expired or was not established.

  1. Open your terminal and run:

    tailscale up --login-server https://headscale.synderys.com

  2. Complete the Authentik sign-in when the browser opens.

  3. Verify the connection by checking the Tailscale status in your system tray.

What to expect

After re-authenticating, Tailscale will reconnect within a few seconds. The system tray icon will change to show a connected state.

Cannot Reach Internal Services Despite Being Connected

If Tailscale shows "Connected" but you cannot access internal services:

  1. Confirm your internet connection is working by visiting any public website.

  2. Check your Tailscale status by running:

    tailscale status

  3. Look for your device in the output. If your device is listed and connected, the issue may be DNS-related (see the DNS section below).

  4. Try disconnecting and reconnecting:

    tailscale down
tailscale up --login-server https://headscale.synderys.com

  5. If the problem persists, restart the Tailscale service:

    Quit Tailscale from the menu bar and reopen it from Applications.

    Right-click the Tailscale icon in the system tray, select Exit, then relaunch Tailscale from the Start menu.

    sudo systemctl restart tailscaled

DNS Issues

Internal Hostnames Do Not Resolve

If you can reach internal services by IP address but not by hostname:

  1. Check that Tailscale is managing your DNS by running:

    tailscale dns status

  2. If DNS is not being routed through Tailscale, your system's DNS resolver may be overriding it. This is common on systems with custom DNS configurations or third-party DNS tools.

  3. Try flushing your local DNS cache:

    sudo dscacheutil -flushcache
sudo killall -HUP mDNSResponder

    Open Command Prompt as Administrator and run:

    ipconfig /flushdns

    sudo systemd-resolve --flush-caches

  4. Restart your browser after flushing the DNS cache.

DNS Resolution Is Slow

If pages take a long time to load after connecting to the VPN:

  1. This is often caused by DNS queries timing out against one resolver before falling back to another.

  2. Disconnect any other VPN clients or DNS management tools that might conflict with Tailscale.

  3. If the issue persists after removing conflicting tools, contact IT.

Corporate or Hotel Firewall Issues

VPN Cannot Connect on Certain Networks

Some corporate networks, hotels, and public Wi-Fi hotspots block VPN traffic.

  1. Tailscale uses multiple connection methods and will usually find a path through restrictive firewalls automatically.

  2. If the connection fails, try switching to a different network (such as a mobile hotspot) to confirm the issue is network-specific.

  3. If you must use the restricted network, contact IT. They may be able to configure a relay for your connection.

What to expect

Tailscale is designed to work through most firewalls without configuration. If it cannot establish a direct connection, it will automatically attempt to relay traffic through DERP servers. In rare cases, heavily restricted networks may block all VPN traffic.

Account and Authentication Issues

"Authentication failed" During VPN Login

  1. Verify your Synderys credentials work by signing in directly at https://auth.synderys.com.

  2. If you can sign in to Authentik but the VPN login fails, your account may not have VPN access enabled. Contact IT.

  3. If your Authentik login also fails, see Account Recovery.

Frequent Re-authentication Prompts

If Tailscale asks you to sign in more often than expected:

  1. Ensure your system clock is set to automatic. Time drift can cause sessions to expire prematurely.

  2. Check that Tailscale is not being restarted by other software (such as security tools or system cleaners).

  3. If the issue persists, contact IT to check your session duration settings.

When to Contact IT

Contact IT if:

  • You have followed all steps above and the issue persists
  • You see error messages not covered in this guide
  • You need VPN access enabled for your account
  • You are on a network that blocks all VPN traffic and need a workaround

See the Support page for contact information and escalation procedures.