Issue with resolving DNS, Ubuntu

Support / Troubleshooting
1

Hi there, so I think I have an issue with the resolving of the DNS. I have a validated that:

  • The containers run correctly and are connected, as can be seen in the dashboard of the remote device

  • That I have successfully installed the client, as was defined in the instructions. When I run twingate resources in the terminal, I see the resources listed as I would expect, and I therefore think that the connection should be good and the client installed correctly.

    image
    image718×84 12.6 KB

  • I can further confirm that the connection exists by running nmcli connection show which lists a sdwan0 connection, which as far as I can tell, should be the connection of TwinGate.

  • The last thing that i checked was the /etc/resolv.conf that was configured as being:

nameserver 127.0.0.53
options edns0 trust-ad
search .

Which seems to be correct, when comparing it to other forum posts…

When I ping one of the resources, nothing happens. This connection already works with my Android devices, however, so there must be an issue with the configuration of the Linux machine in some way or form.

My linux machine has the following specs:

            .-/+oossssoo+/-.               ddfsdsf@dsfdsfds-desktop 
        `:+ssssssssssssssssss+:`           ------------------------- 
      -+ssssssssssssssssssyyssss+-         OS: Ubuntu 23.10 x86_64 
    .ossssssssssssssssssdMMMNysssso.       Host: B550 Taichi 
   /ssssssssssshdmmNNmmyNMMMMhssssss/      Kernel: 6.5.0-10-generic 
  +ssssssssshmydMMMMMMMNddddyssssssss+     Uptime: 24 mins 
 /sssssssshNMMMyhhyyyyhmNMMMNhssssssss/    Packages: 2227 (dpkg), 30 (snap) 
.ssssssssdMMMNhsssssssssshNMMMdssssssss.   Shell: bash 5.2.15 
+sssshhhyNMMNyssssssssssssyNMMMysssssss+   Resolution: 3440x1440 
ossyNMMMNyMMhsssssssssssssshmmmhssssssso   DE: GNOME 45.0 
ossyNMMMNyMMhsssssssssssssshmmmhssssssso   WM: Mutter 
+sssshhhyNMMNyssssssssssssyNMMMysssssss+   WM Theme: Adwaita 
.ssssssssdMMMNhsssssssssshNMMMdssssssss.   Theme: Yaru-dark [GTK2/3] 
 /sssssssshNMMMyhhyyyyhdNMMMNhssssssss/    Icons: Yaru-dark [GTK2/3] 
  +sssssssssdmydMMMMMMMMddddyssssssss+     Terminal: gnome-terminal 
   /ssssssssssshdmNNNNmyNMMMMhssssss/      CPU: AMD Ryzen 9 5950X (32) @ 3.400GHz 
    .ossssssssssssssssssdMMMNysssso.       GPU: NVIDIA GeForce RTX 3090 
      -+sssssssssssssssssyyyssss+-         Memory: 6140MiB / 128724MiB 
        `:+ssssssssssssssssss+:`
            .-/+oossssoo+/-.

In short, I think that something is causing to not resolve the addresses correctly. I am not great at networking, I love the product and any help would be very welcome :slight_smile:

Thanks!

1 Like
2

Hi @peda,

the resource that is mapped to your NAS seems to be configured to point to 127.0.0.1 which is the loopback address which would not work (unless your Connector is installed directly on your NAS but I assume it isnt the case since you mentioned containers (Im guessing your Connector is running as a container?).

For connectivity to work, there are 2 prerequisites:

  • the Connectors need to be able to route traffic to the resources (meaning that the Connector needs to route traffic to your NAS which I assume has a different IP that is not 127.0.0.1)
  • if using FQDN for resources, your Connectors also need to be able to locally resolve those FQDNs (the best way to figure out if that is the case is often to connect to the host where your Connector is deployed and run a dig or nslookup command to see if your FQDNs are resolvable from the perspective of your Connector.
3

Hi Bren, thank you for your swift reply! So the NAS is working! It works fine when I use my android phone. (Yes, I have ported everything to localhost as my Jellyfin application and some other things run natively on my NAS). It just with my Linux computer (ubuntu) that it doesnt work…

So the problem is not the NAS, but that the Linux client is not working, while the Android client is.
Does that make sense?

Thank you for your time!

4

Hey @Peda,

How are you trying to access your NAS? is it via IP or hostname? Are you accessing from the CLI or from a browser? If its a hostname, and you do a nslookup <hostname> - do you get a response or does it fail?

If you add a random website (say www.kittens.com as a Twingate resource, and do a nslookup www.kittens.com while connected to Twingate, what kind of response do you get back?

5

Hi @Arthur, thanks for your fast response! So when I do nslookup, I get the following:
image
Note that I would be expecting my application for the NAS to run on port 8096, so explicitly test that too. As you can see there is a server fail. Note that this is available on my Android device via TwinGate.

I added a resource kittens.com, with an alias kittens.local to my nas group. When i print out twingate resources I get:

RESOURCE NAME	ADDRESS    	ALIAS        	AUTH STATUS
kittens      	kittens.com	kittens.local	Not authenticated
NAS          	127.0.0.1  	nas.local    	Not authenticated
trng         	127.0.0.1  	trng.local   	Not authenticated

I notice that I am not authenticated. When I try to authenticate, I get nowhere:

➜ sudo twingate auth nas
07:26:43 [ERROR] Error: failed to process command "auth-end": no "auth_flow_id" in auth-end command

Running it with sudo yields the same result. Doing an NSLookUp on kittens.local doesnt get me any further:

✖  nslookup kittens.local
;; communications error to 127.0.0.53#53: timed out
Server:		127.0.0.53
Address:	127.0.0.53#53

** server can't find kittens.local: SERVFAIL

Could it be that i have an authorization issue? It would explain the point of failure. I already redid the setup, but that didnt help. In the setup it tries to Authenticate and nothing happens. The output of the setup is:

✖  sudo twingate setup
Twingate Setup 2023.250.97595 | 0.149.1
By continuing, you agree to the User Terms of Service (https://twingate.com/terms/user)
and acknowledge the Privacy Policy (https://twingate.com/privacy). [A]gree/[q]uit: A
Your current Twingate network is 'geelenio'. Do you want to change it? [y/N]: 
Do you want to automatically start the Twingate service at boot? [Y/n]: 
Enabled Twingate to start automatically
Do you want the Twingate service to automatically login after restart?
This requires saving authentication data in /var/lib/twingate (accessible only to root) [y/N]: y
Do you want to automatically share application error reports with Twingate? [Y/n]: Y
Do you want to start Twingate now? [Y/n]: Y
Twingate has been started; user authentication is required for access to Resources
To start desktop notifications, run `twingate desktop-start`.
Alternatively, you can run `/usr/bin/twingate-notifier console` in order to receive Twingate authentication requests in the console.

When I try to authenticate i get stuck:

✖  /usr/bin/twingate-notifier console
Twingate Client Status: Online

Nothing happens at this point, so I quit the operation (CTLR+C). I also looked at this post here: Issue connecting after installation on fresh linux system - #5 by jimb0 But I do not have that many SDWANs:

✖  nmcli connection show
NAME                UUID                                  TYPE      DEVICE          
MyWiFiNetwork           c55eaaa2-3f4a-428b-b65e-6f1a4f8b9b2e  wifi      wlp8s0          
br-f5aa98ddfb54     90de535b-4251-42d5-bbfd-7fba374d9889  bridge    br-f5aa98ddfb54 
lo                  931b1970-d410-4ff9-b34b-3233016682cf  loopback  lo              
sdwan0              242cfaaa-2502-4950-a85f-ef7f17e263a6  tun       sdwan0          
br-1aad98d0c41f     1d1ce2e4-929e-4e2a-bd1f-9ffbcd99ceb3  bridge    br-1aad98d0c41f 
br-3616f43ba47e     c4346913-ae49-4787-9b7e-2ea512604cc0  bridge    br-3616f43ba47e 
docker0             39f9ef66-ae89-48bf-b028-47b61c8f2d15  bridge    docker0         
virbr0              bc2934fd-a4f0-4bcf-b1f9-d87d0581526c  bridge    virbr0          
Wired connection 1  61ee18aa-3ad5-35f5-bb6e-40e116c2e3a7  ethernet  --

(I redacted my wifi network here).

What would be the next steps?

Thanks sooo much for your time :slight_smile:

6

My post is blocked by Akismet…

image
image860×360 31.8 KB

Any way to resolve that?

In the meanwhile, I have figured out that stopping and starting the service triggers the authentication process. Unfortunately this doesnt change anything in terms of still not being able to connect…

✖  sudo twingate service-stop
Stopped Twingate

~                                                                                                                                                             21:02:51 
➜ sudo twingate service-start
Twingate has been started; user authentication is required for access to Resources

~                                                                                                                                                             21:02:58 
➜ sudo twingate resources
RESOURCE NAME	ADDRESS    	ALIAS        	AUTH STATUS
kittens      	kittens.com	kittens.local	Auth expires in 4 days
NAS          	127.0.0.1  	nas.local    	Auth expires in 4 days
trng         	127.0.0.1  	trng.local   	Auth expires in 4 days
7

I apologize for the spam filtering. This should not be an issue any longer.

Can you try doing nslookup kittens.com rather than kittens.local and tell me what you get back?

8

No worries, I am happy that we could resolve it. Here are my results:

➜ nslookup kittens.local
Server:		127.0.0.53
Address:	127.0.0.53#53

Non-authoritative answer:
Name:	kittens.local
Address: 100.108.216.190


~                                                                                    19:40:56 
➜ nslookup kittens.com
Server:		127.0.0.53
Address:	127.0.0.53#53

Non-authoritative answer:
Name:	kittens.com
Address: 100.108.216.191

BTW: I had to reinstall my computer, so things might be a little different this time…

9

@Arthur , friendly reminder, is there any news?

10

@Bren, I hope it OK that I tag you too. I understand that I risk becoming really annoying…

11

Hi @peda, not a problem at all!

So there is one thing I’d like to check… Could you change your alias from nas.local to nas.int and see if it makes a difference?

(my train of thought is based on the fact that, technically speaking, the .local domain is reserved (take a look at the article here), so I wonder if it’s simply a case of Linux trying to resolve it without leveraging DNS because it is a .local…

Let me know if that changes the behavior!

12

@Bren, you are a genius, it works now! Who would have thought that it is that simple!

13

ahhhh that’s great!!!