Same ip for resource in 2 different networks

seems twingate client doesnt allow one to select a particular remote network to connect to. So if you have permissions to connect to resources in multiple networks, you are connected to them all.

this causes a problem when your staging and prod share the same network configuration. assume i have a resource with an ip, say 10.0.0.20 in both staging and prod. if i have permission to connect to both those resources in prod and staging, now from twingate’s perspective there are 2 separate resources with the same ip address. so which one does twingate pick when i am trying to connect to that ip? or will it choose one at random?

Hi Prashant,

You are correct in that we specifically recommend not having “identical” resources that need to route to multiple networks. It won’t necessarily choose one at random however you may see differing routing depending on the user(s) trying to access the resource (but that routing should stay consistent for each user). I know this sounds odd, but it’s how it’s been explained to me by our back end team.

EG: You try to access 10.0.0.20 and it routes you to prod, and then your co-worker tries to access 10.0.0.20 and it routes them to staging. It should always route you to prod and them to staging, but there’s no specific way for you to route to staging or them to prod.

In this scenario, the best practice would be one of the following options:

  1. Have an entirely separate Twingate network/slug URL for Prod vs Staging so that you are logged in only to the specific instance you need and avoid overlap.
  2. Use hostnames rather than IP addresses to avoid overlap.

I know this isn’t an ideal situation, but I hope it offers a degree of solution.

Let us know if there’s any other questions!

Thanks,

-arthur

how can one do this?

Hi Prashant,

You can simply register for an additional Twingate tenant like you did the first time around.

You might also find this documentation page on “IP Overlap” useful for your use case.