Truenas Scale Connector Install

Is there a way to install a connector on TrueNAS Scale other than on a VM?

  1. On TrueNAS Scale, go to AppsLaunch Docker Image
  2. Set the Application Name to anything, for example Twingate.
  3. Set Image Repository to twingate/connector and set the Image Tag to latest
  4. Under Container Environment Variables click Add 3 times
    a. Set TWINGATE_NETWORK to the name of your network. (so if I access twingate from mynet.twingate.com, I would set this to mynet)
    a. Set TWINGATE_ACCESS_TOKEN to your access token from the connector information.
    a. Set TWINGATE_REFRESH_TOKEN to your refresh token from the connector information.
    a. Set TWINGATE_LABEL_HOSTNAME to your truenas hostname (so like my-truenas)
  5. Hit Save
  6. Now go to System SettingsAdvanced
  7. Under the sysctl tab, click Add
  8. Close the warning popup, and set following:
    a. Variable: net.ipv4.ping_group_range
    a. Value: 0 2147483647
    a. Enabled: :white_check_mark:
  9. Then hit save.
    a. I’m not sure if this step is enabled, but --sysctl net.ipv4.ping_group_range="0 2147483647" is passed as a parameter to the twingate docker command, and I’m guessing it’s there for a reason.

If you need more images to guide you through this, let me know. I’m currently limited to one embedded photo per post because that’s how the twingate forums are set up.

2 Likes

That worked! Thank you! The only change I had to make for it to work was to change the application name to match the connector name.

1 Like

Hello, I tried the exact same, but can’t get it to connect.

Hey arichter – are you seeing the connector constantly restart? Or is it starting but you’re unable to connect to resources through it?

Let us know!

Thanks,

-arthur

The controller will not connect
I seems stable and i Active the whole time.

OK - we’d likely need to see some Connector logs (Details on how to obtain them here: Twingate Connector Logs ) to figure out what’s going on, if you’re not seeing it fail.

I don’t actually see it having checked in with us at all which suggests it’s not actually starting properly, and/or it’s starting but cannot reach the internet successfully.

Hey Andreas,

Taking a look at your logs the issue could potentially be related to a time/clock discrepancy. Our connectors are extremely sensitive to clock drift (as little as 5 seconds difference can cause issues), and based on timestamps in your logs, there’s a variance of a few hours. which means even though in the “real world” the issued token(s) are “valid”, but to the connector it is 19:53 and the token expires at 16:54.

On your NAS, is the date and time set correctly / syncing to a NTP server? If not, try adjusting that and restarting the connector.

Any future logs can be sent to arthur(at)twingate.com

Thanks,

-arthur

Ive been able to get my docker image to run as active and stay that way but will never connect on the twingate side. Im very new to NAS servers and remote access stuff. I tried looking into what you all have mentioned. When i tried redoing the docker image through the shell in truenas it would say permissions denied. Kinda lost at this point. Been trying to get it to connect for a week. Videos of set up make it look super easy. Haha. Not for me apparently

Hey Alvin,

Do you have any sort of firewall that might be restricting traffic? If you’re seeing the container stay up it’s surprising that you’re not seeing it show up in the dashboard.

If you want to get your connector/container logs and send them through to arthur (at) twingate.com I can take a look and see if anything jumps out!

Thanks!

-arthur

Ok ill try that out when i get a chance. For thoae logs , those are grab in the shell inside trunas with the camands ? Like i said im still learning

Alvin,

The easiest way to see what’s happening inside of the container is to use the logging service for the Truenas Apps service. Inside of the Truenas interface, go to Apps and then click on the menu dots for your Connector app, and choose logs:

You should be able to leave the default options and just click the button to display the last 500 lines of log entries for this Connector.

Ok i did poke around in that before wondering what that was. So just send that over and it should show whats going on?

I wanted to say thank you for the detailed instructions, since this has been coming up quite a bit more we decided we should build out a full guide and your message was what I based my initial testing off of :pray:

Guide is up at Deploy a Twingate Connector within TrueNAS SCALE | Docs for anybody in the future that finds this thread and needs it.

1 Like

Even after following the steps, I am still seeing the connector showing as not connected in web console… even though docker says active in truenas scale

Hi Subha,

Do you see any error messages in the connector logs (Ben points out how to view them a couple posts up thread.)

Hi Arthur,

I went through the log and this is where I see the error:

2023-09-12T00:16:10.892257497Z [WARN] [libsdwan] [controller] parse_verify_token: token verification failed: token expired
2023-09-12T00:16:10.892332075Z [WARN] [libsdwan] [controller] operator(): failed to get SD: Invalid token, err code 1
2023-09-12T00:16:12.728208519Z [DEBUG] [libsdwan] [controller] get_sd: getting SD
2023-09-12T00:16:12.728347173Z [DEBUG] [libsdwan] [controller] require_access_token: dat.expired

I have also sent you the log at your email address.

Thanks

OK, so that suggests to me that there is a date/time issue/mismatch with the machine/TrueNAS/Container - because essentially the token is expiring before we get it. This has come up a few times with TrueNAS installs.

Because everyone’s setup is different I don’t have a specific solution, but make sure your machines time is set correctly, and the Timezone is set correctly within TrueNAS and that the connector is getting the same Timezone and not offset by any degree.

If you search the forums for TrueNAS you may find discussion about it, and you can also google for TrueNAS Container Timezone. There are plenty of results for it.

Thanks,

-arthur