My employer uses an Atmos Agent VPN client on the employee’s laptop for remote employee access, with what I believe is an Aruba VPN. (Looking at the Windows ipconfig info, it appears to use a Wireguard tunnel.) With VyOS Stream 2026.02 configured as a home network firewall, this VPN connection works well. But VyOS 2026.04.13-0034-rolling seems to block the VPN from connecting. (With Stream 2026.02, when the laptop boots and the client starts, it connects almost instantly. With the latest rolling build, the VPN client tries repeatedly to connect but fails. And if I reboot the router back into Stream 2026.02 with the client attempting to connect, once the router is back up, the VPN client immediately connects.)
Unfortunately I don’t think the VPN client logs are available to me (as an end user of the laptop). Any ideas on what the issue may be and what I can do to address it?
(FWIW, this VPN client worked well with even earlier VyOS builds, and does work well with other firewalls (pfSense, OpenWRT) - it is only the more recent builds of VyOS that are causing issues.)
Update: The issue also occurs with Stream 2026.03, so something changed between 2026.02 and 2026.03. I hope this helps narrow it down.
Can you examine the conntrack table on a working connection and compare it to the conntrack table entry for a non-working?
conntrack -L -s <source IP of your laptop> -d <ip address of vpn endpoint>
If you don’t know the IP address of the endpoint you can just do the -s flag but it’ll show all conntrack entries for your laptop which might be a lot.
Also: Are you doing flowtable offload? If so, does disabling it help?
I don’t have any idea what the problem might be, there are just some suggestions to try and track it down.
Thank you for your suggestions. Since I use this VPN connection to work from home, it may be a few days before I can experiment some more. I’ll come back if I discover anything useful.
I snuck in some experiments, and I may have figured it out. My ethernet is over a USB C-ethernet adapter, and when I turned off all power saving features (in the Windows control panel and Device Manager) - including Energy Efficient Ethernet - it now connects and seems stable. (It seems stable over wifi, as well.) FWIW, I also turned off Energy Efficient Ethernet on my router via ethtool. So I think the issue was in my Windows client and not VyOS after all. Thanks for your thoughts - they got me digging deeper.