I have an unraid server and I’m trying to figure out how to connect my unraid to Twingate, does anyone have a guide?
Hi Dsunn,
I’m not sure if you’re talking about deploying a connector on your unRAID box, but here’s how to do that:
-
Log in to your Twingate dashboard.
-
Click on the remote network you want to deploy a connector for.
-
Click on “Add Connector”
-
Click on the newly created Connector - It will be called wacky-dolphin or electrified-aardvark, or some other adjective/animal combination. In my case, it’s “Invisible Tarantula”.
-
Leave Docker selected as your deployment method, and click “Generate Tokens” (This will prompt you to reauthenticate for security reasons)
-
In the entry for Step 4, you’ll see a docker command block you could normally copy and paste into a Linux shell to do everything for you, but in our case we need to do it a bit differently. The command block is going to look something like this:
docker run -d --sysctl net.ipv4.ping_group_range="0 2147483647"
--env TWINGATE_NETWORK="[your twingate network name]"
--env TWINGATE_ACCESS_TOKEN="blah blah blah"
--env TWINGATE_REFRESH_TOKEN="even more blah blah blah"
--env TWINGATE_LABEL_HOSTNAME="`hostname`"
--name "twingate-invisible-tarantula"
--restart=unless-stopped
--pull=always twingate/connector:1
Either copy this out to a text editor, or open a new tab with your unRAID Administration GUI
-
In the unRAID GUI, Click on “Docker” (I know, I need to update my machine)
-
Click on “Add Container”
-
At the top of the window, click on the toggle next to Basic View to switch to Advanced view
-
Add the following data to the fields available:
Template - leave as “Select a Template”
Name - “Twingate Connector - invisible-tarantula” (note: this can be whatever you want. It’s just what shows in the unRAID containerlist)
Additional Requirements - Leave Blank
Repository -twingate/connector:1
Registry URL, Icon URL, WebUI - Leave Blank
Extra Parameters ---sysctl net.ipv4.ping_group_range="0 2147483647" --name "twingate-invisible-tarantula" --restart=unless-stopped --pull=always
Network Type - in most cases, you can leave this as “Bridge” but if you’re going to be connected to Twingate on the same network you’re running the connector on, you may want to switch this to “Host” to improve performance.
Privileged - Toggle this on to allow for one of our docker flags to work correctly. Without a privileged container and the--sysctl net.ipv4.ping_group_range="0 2147483647"argument, you may not be able to ping Twingate resources through this connector.
- Click on “Add another Path, Port, Variable, Label or Device” above the “Apply” button, and Change the values in the modal as follows:
Config Type - Change to “Variable”
Name - Twingate Network
Key -TWINGATE_NETWORK
Value -yournetworkslug(if your twingate url ismycompany.twingate.comyou would just entermycompany. No quotes., No https. No spaces. No.twingate.com
and Click Add.
- Click on “Add another Path, Port, Variable, Label or Device” above the “Apply” button, and Change the values in the modal as follows:
Config Type - Change to “Variable”
Name - Twingate Access Token
Key -TWINGATE_ACCESS_TOKEN
Value - [the long string from that docker command block you copied in step 6 that matches the TWINGATE_ACCESS_TOKEN value. In my example it would beblah blah blah. No quotes. No spaces. Nothing extra. Just that string.
and Click Add.
- Click on “Add another Path, Port, Variable, Label or Device” above the “Apply” button, and Change the values in the modal as follows:
Config Type - Change to “Variable”
Name - Twingate Refresh Token
Key -TWINGATE_REFRESH_TOKEN
Value - [the long string from that docker command block you copied in step 6 that matches the TWINGATE_REFRESH_TOKEN value. In my example it would beeven more blah blah blah. No quotes. No spaces. Nothing extra. Just that string.
and Click Add.
- Click on “Add another Path, Port, Variable, Label or Device” above the “Apply” button, and Change the values in the modal as follows:
Config Type - Change to “Variable”
Name - Twingate Log Settings
Key -TWINGATE_LOG_ANALYTICS
Value -v2
and Click Add.
-
Click on “Add another Path, Port, Variable, Label or Device” above the “Apply” button, and Change the values in the modal as follows:
Config Type - Change to “Variable”
Name - Twingate Hostname Settings
Key -TWINGATE_LABEL_HOSTNAME
Value - `hostname` (this is the wordhostnamein “grave” quotes/backticks)
and Click Add.
-
At this point, your “Add Container” screen should look similar to the following:
If it does, you can go ahead and click “Apply”
-
You’ll see something like the following:
-
If we go back to our Docker list in unRAID we should see the container up and healthy:
-
And if we go back to our Twingate dashboard, and click on the new connector, we should see something like the following:
And with that, we have a new container running on our unRAID server, and all we have to do is add a resource for the local IP of that server as a Twingate resource, and we should be able to access it remotely!
This guide is a bit messy as I just threw it together, but let me know if it helps you get up and running or if I totally lost the plot here.
Thanks,
-arthur
2 Likes
I have been trying to get this to work all day. I originally used the twingate connector from the community app store and had no issues for months. And then all of a sudden it stopped working. I got the error:
Failed to connect to [myipaddress]
[myipaddress] could not be reached
so i removed the docker container and reinstalled it with the new tokens. This did not work… I cannot for the life of me figure out how to fix it.
I started clean again and followed ur steps exactly and this is the error it gave me
The error indicates you can’t include that sysctl option since you also have it set to use the host network, so just remove the --sysctl net.ipv4.ping_group_range line and try again.
1 Like
okay so no error messages this time but the connector is still not connecting. Any idea what’s going on?
Looks like the connector is likely failing to start, you’ll need to click on the icon in the list of VMs in unRAID and click “Logs” to get the actual error message.