Only relayed connections

netti · April 30, 2023, 1:53pm

Hi,

setup was fast and easy. Connector is running on a Raspberry Pi Docker behind a Ubiquiti UDMP
with a public IPv4 & IPv6 address.

Using an iPhone with the Twingate App as client device.

I am able to reach my created resources. But always as “relayed” connection. Never seen a direct connection in the activity logs. Doesn’t matter if my mobile device is using LTE (outside) or the local Wifi (inside).

Twingate makes no sense for me, if I am sitting in front of my resources and the connection is always routed through a relay in a different country. Also if you have a slow internet connection all resources are then also slow from internal network.

Connector log if Client is using LTE:

[DEBUG] [libsdwan] [client(3503174115)] handle_message: got MESSAGE_DIRECT_CONNECT_INFO message
[DEBUG] [libsdwan] [client(3503174115)] process_direct_connect_info_message: {"addresses":[{"ip":"56.x.x.x","port":40390}]}
[DEBUG] [libsdwan] [direct] on_bus_event: {"addresses":[{"ip":"56.x.x.x","port":40390}]}
[DEBUG] [libsdwan] [client(3503174115)] send_direct_connect_info: asldjflasdfljkhasdklf43jkhlsydvjksdkljhfnsalkjdhfsakld
[DEBUG] [libsdwan] [client(3503174115)] send_message: arg: 102 (MESSAGE_DIRECT_CONNECT_INFO), len: 91
[DEBUG] [libsdwan] [direct] operator(): say hello to addr=56.x.x.x:40390
[DEBUG] [libsdwan] [direct] operator(): say hello to addr=56.x.x.x:40390
[DEBUG] [libsdwan] [direct] operator(): say hello to addr=56.x.x.x:40390

Connector log if client is using local Wifi (resource and client in the same network):

[DEBUG] [libsdwan] [client(300553183)] handle_message: got MESSAGE_DIRECT_CONNECT_INFO message
[DEBUG] [libsdwan] [client(300553183)] process_direct_connect_info_message: {"addresses":[{"ip":"<my-wan-ip>","port":53409}]}
[DEBUG] [libsdwan] [direct] on_bus_event: {"addresses":[{"ip":"<my-wan-ip>","port":53409}]}
[DEBUG] [libsdwan] [client(300553183)] send_direct_connect_info: eyJhbGciOiasdfasdfsadfsadfsadfsadfsadfsafsadfsadfsNX1dfQ
[DEBUG] [libsdwan] [client(300553183)] send_message: arg: 102 (MESSAGE_DIRECT_CONNECT_INFO), len: 91
[DEBUG] [libsdwan] [relay] get_needed_conns_count: relay 34.65.135.45:30017, needed_conns_count 0
[DEBUG] [libsdwan] [relay] get_needed_conns_count: relay 34.65.205.249:30013, needed_conns_count 0
[DEBUG] [libsdwan] [relay] get_needed_conns_count: relay 34.65.236.137:30002, needed_conns_count 0
[DEBUG] [libsdwan] [relay] get_needed_conns_count: relay 34.65.80.146:30012, needed_conns_count 0
[DEBUG] [libsdwan] [relay] get_all_listen_addrs: listeners_ size 1
[DEBUG] [libsdwan] [direct] operator(): say hello to addr=<my-wan-ip>:53409
[DEBUG] [libsdwan] [direct] operator(): say hello to addr=<my-wan-ip>:53409
[DEBUG] [libsdwan] [direct] operator(): say hello to addr=<my-wan-ip>:53409

What can I check/do to make direct connections instead of always relayed connections?

Thx

Edit 1: Tested also Tailscale and direct connections are always established. So in general my network setup works with peer-to-peer connections.

Emrul · May 2, 2023, 11:40am

Hi @netti, relayed connections are used as a backup when a direct connection fails. In this case, you mentioned that Tailscale is working with a direct connection so Twingate ought to be behaving the same actually.

Would you be able to supply debug level logs for both your client and connector while trying to use the resource? You can submit them via help.twingate.com so our engineering team can take a look.

Many thanks, and thanks for trying Twingate.

kalpik · May 4, 2023, 3:15pm

I have the same issue. All connections are relayed. Need to understand why. Also, is there a setting to disable relayed connections altogether? I would rather have no connection than a relayed connection for privacy reasons.

jtwingate_eval · May 23, 2023, 12:54am

I’m wondering if either of you got anywhere with this issue?

I am evaluating Twingate and I am having a similar issue. I have connector deployed on a RHEL 9 VM behing a Linux router/firewall. STUN is showing available on my connector.

I am running the latest connector and latest MacOS client.

All traffic appears to be relayed, my latency is 3x higher vs OpenVPN and Tailscale.

Corporate666 · May 24, 2023, 12:43pm

Just bumping this to the top… I am having the same issue.

I have a connector installed at my work network, and one at my home (so I can access work from home and vice versa). However when I am at home on my laptop, and I try to remote desktop to my home-server in the basement, it relays the traffic over my internet connection, it does not stay on my home network.

As a matter of fact, if I am not authenticated to Twingate then I can’t even see my home server at all while I am in the next room on my laptop. I un-installed Twingate and immediately I can see and remote desktop to my home server from my home laptop.

This is a deal breaker for me - I am hoping to use Twingate to replace VPN at work.