Issue deplying Twingate Docker connector on Proxmox LXC

I am deploying a Twingate Docker connector on a Proxmox LXC running Ubuntu 22.04.2 LTS on my home server.

Apologies, as I am a newbie.

Every time I paste and run the Docker command provided by the copy & paste section, I get this error:

docker: Error response from daemon: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: write /proc/sys/net/ipv4/ping_group_range: invalid argument: unknown.

This is basically what I copied the from copy & paste section.

docker run -d
    --sysctl net.ipv4.ping_group_range="0 2147483647"
    --env TENANT_URL="https://MYTEAM.twingate.com"
    --env ACCESS_TOKEN="XXMYTOKENXX"
    --env REFRESH_TOKEN="XXMYREFRESHTOKENXX"
    --env TWINGATE_LABEL_HOSTNAME="`hostname`"
    --name "twingate-MY-CONNECTOR"
    --restart=unless-stopped
    $(docker run --help | grep -- --pull >/dev/null && echo "--pull=always")
    twingate/connector:1

I have it deployed on Proxmox.

It is on a VM though.

I would suggest setting up an Ubuntu VM instead of a container.

You can try that.

image1920×930 65.1 KB

Tell me if it works!

Hello! Thanks for your response!
I wished to deploy it in a LXC because it takes up less resource and boots faster!

I understand that it works normally in Ubuntu or Debian. but wanted to see if it also works on LXC as I am using Portainer to manage my other Docker containers

I am having the same issue getting it to work in a proxmox LXC. I can get it to work in a full vm in proxmox. I think it might be because a LXC container only load the bare minimum files or something is locked in the configurations.

We’d recommend running the Docker Twingate Connector on a full VM rather than an LXC container, otherwise you’ve got containers all the way down

I’d be curious to hear what happens if you install via the systemd installation method in a Proxmox LXC container! A quick and easy way to install that way is the “Linux” installation method in the Admin Console:

Screenshot 2023-05-01 at 15.54.01799×371 26 KB

If you try this out, let me know whether it works!

I had the same problem. Going with the Linux way to deploy works. Just need to remember to type the password because the prompt for it gets lost between the command paste and the curl output.

Hi,

I think containers running Connectors need to be privileged containers (as opposed to unprivileged, which I think is the default?).

I was having the same issue with Proxmox unprivileged LXC/Docker.
So decided to try the following as no one else appears to suggest it so far:

Removed the following parameter from the docker run command of the connector:

--sysctl net.ipv4.ping_group_range="0 2147483647"

And instead, specify my DNS server

--env DNS_SERVER="192.168.xxx.xxx"

To my surprise, not only the connector started without error, and it appeared straightaway connected within Twingate.

So I tried it so far it seems to work fine with both my CIDR and DNS resources.

Note I have AdGard Home & Nginx Proxy Manager on the same docker instance as the connector.

Finally, I am unsure what side effect may be expected, if any one could enlight me you would be welcome.

Hello TEF2one,

Ping requires some additional permissions so without that sysctl parameter they will fail to be forwarded through the connector.

That being said… tcp and udp should work fine without it so if you don’t need to ping it should still work for you. Just something to keep in mind.

Thanks, well this is good then as ping isn’t someting I plan to do…

I was able to succesfully deploy the twingate connector in an LXC unprivileged container (used the proxmox Debian template). There were some packages missing, so after deploying the LXC CT do:

# apt update && apt dist-upgrade -y
# apt install sudo
# apt install bash
# apt install curl

Then follow the systemd installation method. Has been working perfectly for over 2 weeks on minimum resources (2GiB RAM, single vCPU, and 16G storage). I have a feeling that LXC CT resources could even be lowered to 1GiB RAM, 1 vCPU and 8G storage (maybe even 5G storage will be plenty)

image1303×423 40.9 KB