Can a client run on a resource?

I have a server in the cloud that I need to access via Twingate from my lan as a resource, but I also need it to run as a client to deploy Ansible roles into my lan servers which are also resources.

It seems that it can do one or the other but not both. How can I configure this to work?


Hi @csharp2a, it sounds like you are using it similar to a bastion host? You have a server in the cloud, possibly running a service account (headless client) to deploy the Ansible roles to other resources that are back on your home network, but you are looking to remotely access this cloud server from your home network?

Is the connector and client running on the same server and how are they configured? You may be able to configure it similar to the site-to-site use case, but I suspect the client/connector needs to be separated if they aren’t already.

Hi @Grady, no the cloud server running Ansible does not have the connector on it. The connector is on its own dedicated server instance in the cloud network.

I think you get where I am headed, but I will try to put more context around the ask.

The issue is that if the Ansible server is not running the TG client, I cannot connect to servers on the home lan which is the expected behavior. I can however connect to it via a TG client on my lan, as it is a resource. If I startup a client on the Ansible server, then it can connect to the servers on the lan that are TG resources, but then I am not able to reach it as if it was a resource from the lan. When the Ansible server is running the client I can still get to it via its public address, but that is not what I am after.

I want to be able to get to it from the lan as if it was a resource even though it is running the client.

Hi @csharp2a - I ran this by our internal teams and I’m being told that this use case is supported. Let me make sure I understand where its getting stuck for you:

  1. TG Client 1 (home lan) → TG Connector 1 (host in cloud VPC)
  2. TG Connector 1 → Ansible host (running TG Client 2)
  3. Ansible host (w/ TG Client 2) → TG Connector 2 (home lan)

So (3) is successful - the Ansible host is able to reach back to the home lan just fine through TG Client 2, right? Its failing somewhere between (1) & (2), but you can bypass (1) & (2) by using the public address? And does (3) stop working if you treat it as a resource, or is it still working you just aren’t able to remotely access it?

And finally… are you seeing these connections coming through in your recent activity within the Admin console? And if so, what is it showing you?