I am online, but can't access the resource

# Versions
$ sudo twingate --version
Twingate 2023.250.97595 | 0.149.1
$ uname -a
Linux hostname 6.1.61 #1-NixOS SMP PREEMPT_DYNAMIC Thu Nov  2 08:35:33 UTC 2023 x86_64 GNU/Linux

# Twingate is online
$ sudo twingate status

# Resource is visible in the resources list
$ sudo twingate resources -l | grep "\[dev\]RDS"

# I have no other VPN running
$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host noprefixroute
       valid_lft forever preferred_lft forever
2: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 4e:40:7d:db:7b:18 brd ff:ff:ff:ff:ff:ff permaddr dc:41:a9:fb:d4:6b
    inet brd scope global dynamic noprefixroute wlan0
       valid_lft 570sec preferred_lft 495sec
    inet6 fe80::4c40:7dff:fedb:7b18/64 scope link
       valid_lft forever preferred_lft forever
    inet6 fe80::d84e:7a08:93b1:ee85/64 scope link noprefixroute
       valid_lft forever preferred_lft forever
5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
    link/ether 02:42:3c:98:7f:ce brd ff:ff:ff:ff:ff:ff
    inet brd scope global docker0
       valid_lft forever preferred_lft forever
8: sdwan0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 500
    inet scope global noprefixroute sdwan0
       valid_lft forever preferred_lft forever
    inet6 fe80::8b24:5035:36d9:e199/64 scope link noprefixroute
       valid_lft forever preferred_lft forever
  • I have no access to the resource (every TCP connection to the address fails with TIMEOUT, however ICMP ECHO works correctly)
  • My device is not visible in activities
  • My colleague has an access to the resource, and his device is visible in activities list
  • dig-ing address on my and colleagues laptop shows different answers

How to solve this problem? I’ve tried restarting, unplugging and plugging back in and every other possible trivial solution

When you dig the resource, are you still getting back a CGNAT IP (100.x.x.x) even if that is different from your colleagues?

; <<>> DiG 9.18.19 <<>> REDACTED
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23936
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

; EDNS: version: 0, flags:; udp: 1232


;; Query time: 759 msec
;; WHEN: Tue Dec 05 20:30:57 +04 2023
;; MSG SIZE  rcvd: 209

The response you’re getting back indicates that Twingate is not actively intercepting the lookup request, as that IP is the public IP for that particular hostname/resource.

I am unsure which user account is yours in the tenant so I can’t confirm security group assignments and such, but are you certain you have appropriate/equivalent access to the resource in question?

Can you DM me the full output of twingate resources

How do I DM here? I know how to do this in other discourse forums, but I can’t find the button in this one

Might just be easier to email me - arthur (at) twingate.com

From private conversation it turned out that twingate sets up local DNS server which overrides all other DNS configurations basically intercepting all of the DNS queries. This solution was never intended for setups where local DNS server is used, since twingated tries to listen on 53 port, and it is not configurable.

I’ve disabled local DNS server and twingate was able to setup properly. However, I do not consider it a solution since

  1. I need this local resolver, since I am using not only twingate. I am connecting to multiple VPNs from time to time and this is requirement of my job, so I don’t want to change my DNS configurations every time I connect to different VPN.

  2. I do not feel comfortable when a closed-source program collects and reports all of my DNS queries.

  3. I think that there can be a better solution where I could just use my local DNS server to redirect resource-specific queries to twingated, just on different port. But it is not configurable


Twingate has DNS server available in their IP range. I’ve configured my local DNS server to forward requests there and it solved the problem

These are the servers:

nameserver[0] :
nameserver[1] :
nameserver[2] :
nameserver[3] :