I just started using Twingate and i got this

1

I just try to do as the youtube video i’m watching says “NetworkChuck”. but i occur some problem:
i run this in nas and it worked , but the log says otherwise,

DOCKER COMMAND

sudo docker run -d --sysctl net.ipv4.ping_group_range=“range” --env TWINGATE_NETWORK=“TWINGATE_NETWORK” --env TWINGATE_ACCESS_TOKEN=ACCESS_TOKEN --env TWINGATE_REFRESH_TOKEN=REFRESH_TOKEN --env TWINGATE_LABEL_HOSTNAME=“hostname
–name “twingate-name”
–restart=unless-stopped
–pull=always twingate/connector:1

LOG:

date stream content
2024-01-22T18:58:35.778916694Z stdout State: Authentication
2024-01-22T18:58:35.708852936Z stdout State: Authentication
2024-01-22T18:58:35.708528071Z stdout State: Offline
2024-01-22T18:58:24.226663541Z stdout State: Offline
2024-01-22T18:53:14.020938353Z stdout State: Authentication
2024-01-22T18:53:13.937530312Z stdout State: Authentication
2024-01-22T18:53:13.937226547Z stdout State: Offline

can someone help me

2

Hi @Choco,

Can you verify that all prerequisites are met for your Connector? (Best Practices | Docs)

3

Isn’t it only generate token and ocopy paste the command?

“reboot the docker and it just stuck in authentication”

services:
  twingate-connector:
    image: twingate/connector:latest
    environment:
      - SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
      - PATH=</usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin>
      - TWINGATE_API_ENDPOINT=/connector.stock
      - TWINGATE_NETWORK=<TENANT NAME>
      - TWINGATE_LABEL_HOSTNAME=<>
      - TWINGATE_ACCESS_TOKEN=<ACCESS TOKEN>
      - TWINGATE_REFRESH_TOKEN=<REFRESH TOKEN>
4

The deployment of the Connector does indeed require unique tokens, your Twingate tenant name and (optionally) a label for the hostname however for the Connector to work properly, it still needs to come online and register against Twingate’s Relay infrastructure hence the prerequisites above.

It’s hard to troubleshoot without logs but the message you mention could indicate that the Connector is not able to initiate outbound connections.

5

You will find more information on the role of the Connector in the documentation here: How Twingate Works | Docs

6

LOG:

|2024-01-23T19:00:34.588984681Z|stdout|State: Authentication|
|---|---|---|
|2024-01-23T19:00:34.520235167Z|stdout|State: Authentication|
|2024-01-23T19:00:34.519957074Z|stdout|State: Offline|

The log just stuck for the last hour i try to deploy again

7

Do make sure that the system you are deploying your Connector on satisfies the prerequisites from the documentation, copying them here for your convenience:

  • Connectors only require outbound Internet access.
    Inbound Internet access to a Connector host is neither required nor recommended from a security standpoint. If you wish to limit outbound connectivity, you may limit to:
    • Outbound initiated TCP Port: 443 (basic communication with the Twingate Controller and Relay infrastructure)
    • Outbound initiated TCP Ports: 30000-31000 (opening connections with Twingate Relay infrastructure in case peer-to-peer is unavailable)
    • Outbound initiated UDP and QUIC for HTTP/3 (see this guide for more information) Ports: 1-65535 (allows for peer-to-peer connectivity for optimal performance)
  • Ensure that Connectors have both permission and routing rules to access private Resources. Resources that you configure in the Admin console will be resolved and routed from the Connector host.