Hi,
I am evaluating whether I can use TwinGate for my clients environment.
Local Network with Edgerouter ER6P. Mostly WIN 10 pc’s;
Remote VPS running Windows Server 2012 R2.
Due to a catastrophic failure of the clients on prem server, I have hurriedly set up a VPS running Server 2012 R2 and installed an image of the failed server. This has worked fine insofar that the clients PC’s can access the server via RDP to use their main application.
I would like to get the “old way of working” back without compromising security. In other words, the VPS appears to simply be another resource on their local network and the local PC’s can join the domain and use AD etc.
I have looked at MS DirectAccess and other similar solutions but either they simply do not work or do not easily satisfy the “as part of the local network” requirement.
My questions are:
Will Twingate work with Server 2012 R2 (can I install a connector with Multipass and Chocolatey)?
There appears to be a path length issue with the above proposition (server 2012 R2) and it may be a solution to move to Server 2016 or newer. Not out of the question but if it can stay as is for now it would be nice;
Will I be able to easily install a Twingate environment that will allow me to satisfy my environment requirement of "VPS appear to simply be another resource on their local network and the local PC’s can join the domain and use AD etc."
I haven’t tried chocolately on Windows 2012 R2, but it should be supported:
Remember though we always recommend more than one connector per environment. So you might want to consider also spinning up an Ubuntu VM to run an additional connector (or think of another way to provide redundancy if that VPC would be running on the same host as the Windows Machine anyway - the host being the failure point).
As far as AD goes. Yes. I assume this is an on-prem AD.
For Twingate you simply add the AD resources as well:
In the future you can think of Start Before Login as something you might want to integrate as well!
We are here to help. Just reply to this message and we will continue to guide you through.
Hi @DingoBlue - to add one thing to what @Jason mentioned: since your Windows is on a VPS and the Chocolatey/Multipass installer sets up a Hyper-V VM you must make sure the VPS supports Nested Virtualization otherwise the Windows instance won’t be able to create and VMs. If a Linux VPS is an option it might be more straight-forward to setup and will satisfy the ‘as part of the local network’ requirement.
Date 21/02/2023 4:00:42 AM
Subject [Twingate Forum] [Support / Troubleshooting] Can a Connector be
installed on Windows Server 2012 R2 running on a VPS?
The installation was not on a VM. I tried to tun the installation on a Win 10 Pro pc using Chocolatey etc. Maybe that is my issue?
I tried running a re-install with much the effect. I used a different connector as Chocolatey advised that my previous submission was already installed yet that installation had failed.
Hi @Jason and @Emrul ,
With regard to the VPS with Windows Server 2012 R2, I have decided on the path of least resistance and added a networked ubuntu 22.04 vps with Docker loaded connected to the server vps and checked they can see each other.
I cannot, for some reason, get the Connector to connect. Before going through the install process again, can you identify anything in the following that may assist?
I have authenticated the cli console.
Thank you and regards
…ls
comtel@comtelvpn:~$ systemctl status twingate
● twingate.service - Twingate Remote Access Client
Loaded: loaded (/lib/systemd/system/twingate.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2023-02-21 16:13:22 AEDT; 9min ago
Main PID: 11728 (twingated)
Tasks: 7 (limit: 2139)
Memory: 4.0M
CPU: 2.074s
CGroup: /system.slice/twingate.service
└─11728 /usr/sbin/twingated /etc/twingate/config.json
Feb 21 16:20:22 comtelvpn.comtelres.com twingated[11728]: [2023-02-21T16:20:22.484385+1100] [ERROR] [libsdwan] HYD: afvpn_rpc_call: pool not found: id 128,>
Feb 21 16:20:22 comtelvpn.comtelres.com twingated[11728]: [2023-02-21T16:20:22.484997+1100] [ERROR] [libsdwan] Node[AN 21686]::send_message: failed to make>
Feb 21 16:20:22 comtelvpn.comtelres.com twingated[11728]: [2023-02-21T16:20:22.485221+1100] [ERROR] [libsdwan] Node[AN 21686]::send_user_flow_info: failed >
Feb 21 16:20:38 comtelvpn.comtelres.com twingated[11728]: [2023-02-21T16:20:38.504979+1100] [INFO] [libsdwan] Controller: got SD: {“nt”:“CN”,“uid”:“192212”>
Feb 21 16:21:22 comtelvpn.comtelres.com twingated[11728]: [2023-02-21T16:21:22.484861+1100] [ERROR] [libsdwan] HYD: afvpn_rpc_call: pool not found: id 128,>
Feb 21 16:21:22 comtelvpn.comtelres.com twingated[11728]: [2023-02-21T16:21:22.484912+1100] [ERROR] [libsdwan] Node[AN 21686]::send_message: failed to make>
Feb 21 16:21:22 comtelvpn.comtelres.com twingated[11728]: [2023-02-21T16:21:22.484933+1100] [ERROR] [libsdwan] Node[AN 21686]::send_user_flow_info: failed >
Feb 21 16:22:22 comtelvpn.comtelres.com twingated[11728]: [2023-02-21T16:22:22.484723+1100] [ERROR] [libsdwan] HYD: afvpn_rpc_call: pool not found: id 128,>
Feb 21 16:22:22 comtelvpn.comtelres.com twingated[11728]: [2023-02-21T16:22:22.484774+1100] [ERROR] [libsdwan] Node[AN 21686]::send_message: failed to make>
Feb 21 16:22:22 comtelvpn.comtelres.com twingated[11728]: [2023-02-21T16:22:22.484794+1100] [ERROR] [libsdwan] Node[AN 21686]::send_user_flow_info: failed >
lines 1-20/20 (END)
…
comtel@comtelvpn:~$ systemctl status systemd-resolved
● systemd-resolved.service - Network Name Resolution
Loaded: loaded (/lib/systemd/system/systemd-resolved.service; enabled; vendor preset: enabled)
Active: active (running) since Tue 2023-02-21 14:44:41 AEDT; 1h 51min ago
Docs: man:systemd-resolved.service(8)
man:org.freedesktop.resolve1(5) writing-network-configuration-managers writing-resolver-clients
Main PID: 757 (systemd-resolve)
Status: “Processing requests…”
Tasks: 1 (limit: 2139)
Memory: 8.4M
CPU: 103ms
CGroup: /system.slice/systemd-resolved.service
└─757 /lib/systemd/systemd-resolved
Feb 21 14:44:41 comtelvpn.comtelres.com systemd[1]: Starting Network Name Resolution…
Feb 21 14:44:41 comtelvpn.comtelres.com systemd-resolved[757]: Positive Trust Anchors:
Feb 21 14:44:41 comtelvpn.comtelres.com systemd-resolved[757]: . IN DS 20326 8 2 e06d44b80b8f1d39a95c0b0d7c65d08458e880409bbc683457104237c7f8ec8d
Feb 21 14:44:41 comtelvpn.comtelres.com systemd-resolved[757]: Negative trust anchors: home.arpa 10.in-addr.arpa 16.172.in-addr.arpa 17.172.in-addr.arpa 18>
Feb 21 14:44:41 comtelvpn.comtelres.com systemd-resolved[757]: Using system hostname ‘comtelvpn.comtelres.com’.
Feb 21 14:44:41 comtelvpn.comtelres.com systemd[1]: Started Network Name Resolution.
Feb 21 16:07:27 comtelvpn.comtelres.com systemd-resolved[757]: sdwan0: Bus client set DNS server list to: 100.95.0.251, 100.95.0.252, 100.95.0.253, 100.95.>
Feb 21 16:07:27 comtelvpn.comtelres.com systemd-resolved[757]: sdwan0: Bus client set search domain list to: ~.
Feb 21 16:13:22 comtelvpn.comtelres.com systemd-resolved[757]: sdwan0: Bus client set DNS server list to: 100.95.0.251, 100.95.0.252, 100.95.0.253, 100.95.>
Feb 21 16:13:22 comtelvpn.comtelres.com systemd-resolved[757]: sdwan0: Bus client set search domain list to: ~.
…
comtel@comtelvpn:~$ twingate status
online
…
comtel@comtelvpn://$ sudo ufw status
Status: active
Hi @DingoBlue - I think you may have installed the Twingate Client for Linux rather than the Connector? Could you try to uninstall the client and then follow the connector instructions (copy and paste the command generated in the Admin Console UI)
I still cannot get Connectors to connect.
Before trying this connector deployment on my Ubuntu 22.04 vps, I removed all docker containers and images and deinstalled Twingate - in essence a clean slate.
I then deployed using the Twingate generated Docker script - see output below marked DOCKER DEPLOYMENT.
I then tried a Linux deployment - see output below marked LINUX DEPLOYMENT.
Each was a different connector.
Is there anything blocking inbound 443 or 30000 to 31000?
That is the only thing I can think of.
When you install the linux connector be sure to use local logs and then send those to us please.
Also check TOP. Do you see the Twingate process running?
Date 23/02/2023 12:07:13 PM
Subject [Twingate Forum] [Support / Troubleshooting] Can a Connector be
installed on Windows Server 2012 R2 running on a VPS?
Hi @Jason ,
I have reinstalled (after removing and old containers and images) and
still no connection.
I hvae rebooted the connector vm.
Please find below screen scrape of Connector installation process.
There in nothing I can identify in TOP that relates to Twingate apart
from dockerd.
Also in the following are my UFW settings.
Attached are log files for Admin, user and network.
Date 23/02/2023 12:07:13 PM
Subject [Twingate Forum] [Support / Troubleshooting] Can a Connector be
installed on Windows Server 2012 R2 running on a VPS?
(Attachment f46527a9_847e_4371_af43_ea6b97ab2e3b.gzip is missing)
(Attachment fe5169de_6aed_4ecb_9752_7c1589629116.gzip is missing)
(Attachment d59b1299_990b_4396_9e14_cf2d62a17eb7.gzip is missing)
@Jason@Emrul ,
In case it is of assistance in our chat, and with reference to the diagram earlier in this thread, I have 2 connectors that appear to be working fine, they show connected on the Admin screen and have 1 active resource in each (both Win 10 pro). The sites are Support Site and Local Site. Both are using a QNAP NAS as the connector host. I have not had time to get any dns stuff working as I have been trying to resolve the Remote VPS issue.
The diagram for Remote VPS is not up to date. The server vm is now networked to an Ubuntu 22.04 vm via internal nics and I am trying to get the Connector going on that vm. Note that there is a MeshCentral service and a Wireguard service running on this system. I use MeshCentral for some client support. Wireguard was trying to resolve my problem before I started to look at Twingate and if we need to blow it away I can live with that. However, I do not see why they should interfere with the Twingate connector.
Should it be of use I can let you ssh into the Ubuntu system.
If it is OK with yourselves, in this chat I would like to see;
if we can get the Remote VPS connecting;
if we can set up dns so that all systems play seamlessly together;
if we can get the Remote VPS server DC and AD being part of the Local Site from the users perspective; in other words, they can join the domain etc.
I do understand this may be a little more than you planned but if I can understand everything I need to, I believe/hope I can get this project running quickly.
Thank you for taking this time. It is very much appreciated.
Regards
tomorrow.