Twingate Connector not Authenticating

Hi, new to Twingate. I’m deploying for my home server (running OpenMediaVault which is powered on Debian Bullseye). I followed the Docker Compose instructions and (after removing quotes around the network name) have been stuck in an error state where the Connector does not connect. Any suggestions would be much appreciated

Docker-compose settings:

services:
  twingate_connector:
    container_name: twingate_connector
    restart: unless-stopped
    image: "twingate/connector:latest"
    environment:
      - SSL_CERT_FILE=/etc/ssl/certs/ca-certificates.crt
      - TWINGATE_API_ENDPOINT=/connector.stock
      - TWINGATE_NETWORK=tseng
      - TWINGATE_ACCESS_TOKEN="ACCESS TOKEN"
      - TWINGATE_REFRESH_TOKEN="REFRESH TOKEN"
      - TWINGATE_LOG_LEVEL=7

Logs:

2023-08-07T08:27:47.469614324Z [INFO] [connector] starting crash reporting service
2023-08-07T08:27:47.471143707Z [INFO] [connector] initializing sdwan
2023-08-07T08:27:47.471527010Z [DEBUG] [libsdwan] sdwan_new() config: {"controller":{"mode":"access","url":"https://tseng.twingate.com","type":"enterprise","app_version":"1.57.0"},"modules":{"viper":{"nat":{"log-level":"DEBUG"},"dns-proxy":{"enable-netbios":1,"proxy-rules":[{"type":"bypass","route_id":0,"default":1}]},"generic-proxy":{"session-table-size":"1024","proxy-rules":[{"type":"bypass","route_id":0,"default":1}],"plugin-chain":[{"name":"gnrprx"}]}},"tranceport":{"ssl":{"ciphers":"ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384","curves":"P-256:P-384:P-521","sigalgs":"ECDSA+SHA256:ECDSA+SHA384:ECDSA+SHA512:RSA+SHA256:RSA+SHA384:RSA+SHA512:RSA-PSS+SHA256:RSA-PSS+SHA384:RSA-PSS+SHA512","server_auth":0,"client_auth":0},"dequeue":1,"dequeue_r":0,"enqueue":3,"enqueue_r":0,"reorder_stats":100,"vlink_idle_time":10,"frontend":{"flush":1,"flush_type":1,"max_queue":65536,"pools":[{"impl":"local","id":3,"link":"bev_http","connect_str":1},{"impl":"local","id":5,"link":"bev_tcp"},{"impl":"local","id":6,"link":"bev_udp"}]},"backend":{"flush":1,"flush_type":1,"max_queue":65536,"pools":[{"impl":"local","id":6,"link":"udp_proxy"},{"id":10,"impl":"local","link":"tcp_proxy","https_skipencrypt":1},{"impl":"local","id":8,"link":"packet"}]}}},"sdwan":{"loglevel":7,"loglevel_console":-1,"ca_path":null,"timestamp_fmt":0,"log_analytics":""},"afvpn":{"dns":null}}
2023-08-07T08:27:47.474171314Z [DEBUG] [libsdwan] crypto_module_load_ca: loaded 2 trusted certificates from "default"
2023-08-07T08:27:47.474192942Z [DEBUG] [libsdwan] crypto_module_new: available cipher suites:"ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384", curves: "P-256:P-384:P-521"
2023-08-07T08:27:47.474363125Z [WARNING] [libsdwan] [controller] set_external_tokens: failed to get access token: token invalid Invalid input: not within alphabet
2023-08-07T08:27:47.474376432Z [WARNING] [libsdwan] [controller] controller_t: failed to set access, refresh and device tokens: token invalid Invalid input: not within alphabet
2023-08-07T08:27:47.478011478Z [DEBUG] [libsdwan] [quic] init: new instance
2023-08-07T08:27:47.478035895Z [DEBUG] [libsdwan] [quic] on_accept: enabling server
2023-08-07T08:27:47.478057027Z [DEBUG] [libsdwan] reconfigure_direct_connect_socket: set the size of UDP socket buffers to 4194304 bytes
2023-08-07T08:27:47.478074004Z [DEBUG] [libsdwan] reconfigure_direct_connect_socket: reconfigured direct connect socket
2023-08-07T08:27:47.478083603Z [INFO] [libsdwan] sdwan_new: libsdwan_version=0.146.0, app_version=1.57.0, platform=Linux-x86_64
2023-08-07T08:27:47.478267463Z [INFO] [connector] started server on /connector.stock
2023-08-07T08:27:47.480600587Z [INFO] [libsdwan] sdwan_state: Offline
2023-08-07T08:27:47.480616347Z [DEBUG] [libsdwan] [controller] run_state_machine: Offline
2023-08-07T08:27:47.480619855Z [DEBUG] [libsdwan] [controller] set_state: switching from "Offline" to "Getting public keys"
2023-08-07T08:27:47.480633855Z State: Offline
2023-08-07T08:27:47.480655277Z State: Authentication
2023-08-07T08:27:47.480647446Z [INFO] [libsdwan] sdwan_state: Authenticating
2023-08-07T08:27:47.480663681Z [DEBUG] [libsdwan] [controller] get_controller_keys: fetching controller public keys...
2023-08-07T08:27:47.480756176Z [DEBUG] [libsdwan] send: sending HTTP request 1172645480659717149
2023-08-07T08:27:47.480924536Z [DEBUG] [libsdwan] http::request::send_request: GET "https://tseng.twingate.com/api/v1/public_keys" text/plain
2023-08-07T08:27:47.799878492Z [DEBUG] [libsdwan] http::response::from: certificate 3452c42ec6bef8f100225c8c21b31fec4dabe9dec8d0a5f4e45a4302a4108c16, issuer: C=US, O=Let's Encrypt, CN=R3, subject: CN=*.twingate.com
2023-08-07T08:27:47.800263620Z [DEBUG] [libsdwan] http::request::handle_response: GET "https://tseng.twingate.com/api/v1/public_keys" 200 OK (duration 0 sec)
2023-08-07T08:27:47.800303142Z [DEBUG] [libsdwan] operator(): got HTTP request 1172645480659717149 successful response
2023-08-07T08:27:47.801545136Z [DEBUG] [libsdwan] [controller] set_state: switching from "Getting public keys" to "Got public keys"
2023-08-07T08:27:47.801604474Z [DEBUG] [libsdwan] [controller] run_state_machine: Got public keys
2023-08-07T08:27:47.801555821Z State: Error
2023-08-07T08:27:47.801621618Z [DEBUG] [libsdwan] [controller] set_state: switching from "Got public keys" to "Authenticating"
2023-08-07T08:27:47.801673806Z [WARNING] [libsdwan] [controller_connector] login: called, but this must never happen
2023-08-07T08:27:47.801689876Z [WARNING] [libsdwan] [controller] operator(): failed to get an access token: this must not be called by connector
2023-08-07T08:27:47.801701464Z [DEBUG] [libsdwan] [controller] set_state: switching from "Authenticating" to "Error"
2023-08-07T08:27:47.801713126Z [INFO] [libsdwan] sdwan_state: Error
2023-08-07T08:27:47.801722990Z [DEBUG] [libsdwan] [controller] run_state_machine: Error
2023-08-07T08:27:48.683497954Z [DEBUG] [libsdwan] [controller] set_state: switching from "Error" to "Offline"
2023-08-07T08:27:48.683545977Z State: Offline
2023-08-07T08:27:48.683612329Z State: Authentication
2023-08-07T08:27:48.683574009Z [INFO] [libsdwan] sdwan_state: Offline
2023-08-07T08:27:48.683647225Z [DEBUG] [libsdwan] [controller] run_state_machine: Offline

And then this chain of events repeats over and over again.

Thank you in advance for your attention
Ben

Hey Benjamin,

Can you try adjusting your compose file as follows:

 - TWINGATE_ACCESS_TOKEN=ACCESS_TOKEN
 - TWINGATE_REFRESH_TOKEN=REFRESH_TOKEN

That is, remove the "'s from your token var lines.

What is likely happening is that the variable is being pulled in as "ACCESS_TOKEN" rather than just ACCESS_TOKEN which is what you’d expect, and the connector is having a fit because " doesn’t mean anything in the context of an actual access/refresh token (aka the not within alphabet error)

If that change doesn’t work, let me know, and we can dig deeper!

Thanks,

-arthur

Wow, that worked! Thank you so much!

If I had a comment, this sensitivity to the quotation marks doesn’t seem to take place in several of my other docker compose files, so I’m not sure if this is something the Twingate system should probably handle on its own or at least comment on in the documentation?

I’ll definitely make a note to add something to the docs. It looks like this is a (long running) point of conflict with compose specifically: https://github.com/docker/compose/issues/2854

Glad to hear you’re up and running!