Twingate Error Invalid Token

May 22 21:46:28 aaaa twingate-connector[294201]: [DEBUG] [libsdwan] [controller] get_sd: getting SD
May 22 21:46:28 aaaa twingate-connector[294201]: [DEBUG] [libsdwan] [controller] require_access_token: dat.expired
May 22 21:46:28 aaaa twingate-connector[294201]: [DEBUG] [libsdwan] send: sending HTTP request 3146316002492581774
May 22 21:46:28 aaaa twingate-connector[294201]: [DEBUG] [libsdwan] http::request::send_request: POST “https://example.twingate.com/api/v5/connector/refresh” application/json
May 22 21:46:29 aaaa twingate-connector[294201]: [DEBUG] [libsdwan] http::response::from: certificate exmplaeid, issuer: C=US, O=Let’s Encrypt, CN=R3, subject: CN=.twingate.com
May 22 21:46:29 aaaa twingate-connector[294201]: [DEBUG] [libsdwan] http::request::handle_response: POST “domain/api/v5/connector/refresh” 200 OK (duration 1 sec)
May 22 21:46:29 aaaa twingate-connector[294201]: [DEBUG] [libsdwan] operator(): got HTTP request 3146316002492581774 successful response
May 22 21:46:29 aaaa twingate-connector[294201]: [DEBUG] [libsdwan] [controller] verify_token: {“alg”:“ES256”,“kid”:“example kid”,“typ”:“DAT”} {“nt”:“AN”,“aid”:“23498”,“did”:“239488”,“jti”:“dejrhjekrh-1cd4-4598-9603-9ce26073a311”,“iss”:“twingate”,“aud”:“example”,“exp”:1684781201,“iat”:1684777601,“ver”:“4”,“tid”:“16818”,“rnw”:1684777901,“rnetid”:“41384”}
May 22 21:46:29 aaaa twingate-connector[294201]: [WARNING] [libsdwan] [controller] parse_verify_token: token verification failed: token expired
May 22 21:46:29 aaaa twingate-connector[294201]: [WARNING] [libsdwan] [controller] operator(): failed to get SD: Invalid token, err code 1
May 22 21:46:32 aaaa twingate-connector[294201]: [DEBUG] [libsdwan] [controller] get_sd: getting SD
May 22 21:46:32 aaaa twingate-connector[294201]: [DEBUG] [libsdwan] [controller] require_access_token: dat.expired
May 22 21:46:32 aaaa twingate-connector[294201]: [DEBUG] [libsdwan] send: sending HTTP request 3146316002492581774
May 22 21:46:32 aaaa twingate-connector[294201]: [DEBUG] [libsdwan] http::request::send_request: POST “domain/api/v5/connector/refresh” application/json
May 22 21:46:33 aaaa twingate-connector[294201]: [DEBUG] [libsdwan] http::response::from: certificate example id, issuer: C=US, O=Let’s Encrypt, CN=R3, subject: CN=.twingate.com
May 22 21:46:33 aaaa twingate-connector[294201]: [DEBUG] [libsdwan] http::request::handle_response: POST “domain/api/v5/connector/refresh” 200 OK (duration 1 sec)
May 22 21:46:33 aaaa twingate-connector[294201]: [DEBUG] [libsdwan] operator(): got HTTP request 3146316002492581774 successful response
May 22 21:46:33 aaaa twingate-connector[294201]: [DEBUG] [libsdwan] [controller] verify_token: {“alg”:“ES256”,“kid”:“example kid”,“typ”:“DAT”} {“nt”:“AN”,“aid”:“89337”,“did”:“647682”,“jti”:“23423jds-7987-4a5f-aa7b-17b8e8f1a0d9”,“iss”:“twingate”,“aud”:“example”,“exp”:1684781205,“iat”:1684777605,“ver”:“4”,“tid”:“16818”,“rnw”:1684777905,“rnetid”:“41384”}
May 22 21:46:33 aaaa twingate-connector[294201]: [WARNING] [libsdwan] [controller] parse_verify_token: token verification failed: token expired
May 22 21:46:33 aaaa twingate-connector[294201]: [WARNING] [libsdwan] [controller] operator(): failed to get SD: Invalid token, err code 1

Same issue after removing and reinstalling the connector
DNS 8.8.8.8
Ports from 30000-31000 and 443 are opened
I deleted the network and added it again, then I added a connector with a new name, and the issue persists

Twingate connector version : v1.54
OS: Ubuntu 20.04 LTS

Hello and welcome to the forum!

The tokens being expired makes me wonder if there’s a time synchronization issue happening. The token details show that

• It was issued at 1684777605 (May 22 17:45:45 UTC)
• It expired at 1684781205 (May 22 18:45:45 UTC)
• The time in the log is May 22 21:46:33 - a good amount of time off from the token (some difference might be from UTC vs local time differences, but the minutes and seconds should be the same)

The log times should be in UTC, so it seems like your machine’s time may be in the future.

Could you let me know what the command timedatectl prints? You should see something like

               Local time: Tue 2023-05-23 22:30:25 UTC
           Universal time: Tue 2023-05-23 22:30:25 UTC
                 RTC time: Tue 2023-05-23 22:30:25
                Time zone: Etc/UTC (UTC, +0000)
System clock synchronized: yes
              NTP service: active
          RTC in local TZ: no

I’m speaking from experience here. A Debian VM running on my local Mac loves to go way out of sync after being woken from a long sleep.

Ditto on clock drift from what @alexb notes.

Take the line
May 22 21:46:29 aaaa twingate-connector[294201]: [DEBUG] [libsdwan] [controller] verify_token: ...“iat”:1684777601,...

iat epoch is GMT: Monday, May 22, 2023 5:46:41 PM.
Assuming the logs are timestamped localized to timezone vs UTC with the Controller, there is a difference of 12s between the Connector (log timestamp) and Controller(iat). The Connector can only be within a =/- 5s difference from the Controller.

The below KB article will cover this a bit more.

Cheers!

Thank you I installed

sudo apt-get install chrony
sudo systemctl stop ntpd
sudo systemctl disable ntpd
sudo systemctl start chrony
sudo systemctl enable chrony
sudo systemctl status chrony
systemctl restart twingate-connector

Works great Thanks !!!

I try to install chrony then works great thanks.

For all Unraid(maybe not limited to Unraid) users. I can confirm, that this issue was related to false time zone and or time on my machine.

I did configure the right Timezone in Unraid UI(Settings → Date and Time). I did also add the German NTP servers. Have a look here

Restarted container and voila !
Thanks for pointing me into the right direction !