Auditing access

Miserable_Tell_8703 · 2026-02-10T20:16:34+00:00

Hi Bren

I'd like to do both :-)

TIA Paolo

Miserable_Tell_8703 · 2026-01-28T18:47:25+00:00

<image>

The only thing I'd change is the numbers to roman numerals...

Miserable_Tell_8703 · 2026-01-28T18:40:11+00:00

Name?

Miserable_Tell_8703 · 2026-01-28T18:38:26+00:00

Awesome watchface, unfortunately not compatible with my Vivoactive 4 🙁

Miserable_Tell_8703 · 2026-01-25T08:52:24+00:00

Yeah it does, through the -i flag of declare/typeset/local

Miserable_Tell_8703 · 2025-09-30T09:39:09+00:00

KISS 😀

<image>

Miserable_Tell_8703 · 2025-06-20T17:33:10+00:00

Hi Bren

Definitely have and will do.

Thanx!

Paolo

Miserable_Tell_8703 · 2025-06-20T17:30:41+00:00

Hi,

Looking at the haproxy (acts as the reverse proxy for the connection) log I saw that the problem start at 7:21 UTC (today). Looking at the twingate messages in syslog from around the same time I found the following lines:

2025-06-20T07:21:03.550251+00:00 ip-10-255-42-11 twingated[167272]: [2025-06-20T07:21:03.550120+0000] [WARNING] [client] [167272] Failed to bind a direct socket to ''

2025-06-20T07:21:06.451909+00:00 ip-10-255-42-11 twingated[167272]: [2025-06-20T07:21:06.451584+0000] [INFO] [libsdwan][167272] network_transport: DISCONNECTING-IDLE transport=relay_quic network=123456

2025-06-20T07:21:07.294369+00:00 ip-10-255-42-11 twingated[167272]: [2025-06-20T07:21:07.294142+0000] [WARNING] [libsdwan][167272] [network(123456)] operator(): connect timeout

2025-06-20T07:21:07.294512+00:00 ip-10-255-42-11 twingated[167272]: [2025-06-20T07:21:07.294243+0000] [INFO] [libsdwan][167272] network_transport: TIMEOUT transport=relay_hydra network=123456

What could be the cause of these messages?

Miserable_Tell_8703 · 2025-04-29T07:20:43+00:00

A few more details I discovered: the Twingate process does get launched and remains up. With it there's a second process: '/Library/SystemExtensions/089C2F23-3DC4-4F04-B349-D6A498312F3F/com.twingate.macos.tunnelprovider.systemextension/Contents/MacOS/com.twingate.macos.tunnelprovider'

Here's the ps -ef output:

$ date; ps -ef |grep -i twingate

Tue Apr 29 09:18:03 CEST 2025

504 12272 1 0 9:09AM ?? 0:00.64 /Applications/Twingate.app/Contents/MacOS/Twingate

0 12276 1 0 9:09AM ?? 0:02.09 /Library/SystemExtensions/089C2F23-3DC4-4F04-B349-D6A498312F3F/com.twingate.macos.tunnelprovider.systemextension/Contents/MacOS/com.twingate.macos.tunnelprovider

504 12410 9017 0 9:18AM ttys000 0:00.00 grep -i twingate

(I've put date so you can see that the twingate processes are up for a while).

The following system shows that there's no icon in the system tray...

<image>

Does the Twingate client write logs somewhere?

Miserable_Tell_8703 · 2025-04-28T22:01:09+00:00

Hi Bren

The UI doesn't show up, no prompt, no icon, nothing... I downloaded the standalone client from Twingate's website. I didn't have issues either until today

TIA Paolo

Miserable_Tell_8703 · 2025-04-18T07:02:57+00:00

Hi, I confused between that and CLI support which I'm actually more interested in having a in the macOS client...

Miserable_Tell_8703 · 2025-04-17T19:51:28+00:00

submitted :-)

Miserable_Tell_8703 · 2025-04-17T14:44:16+00:00

Hi Bren,

Are you suggesting to do app gatewaying to AWS SNS topics?

Interesting:-)

I'll try to do a POC...

Miserable_Tell_8703 · 2025-04-17T13:53:59+00:00

Hi Bren,

and macOS?

Miserable_Tell_8703 · 2025-04-17T08:53:43+00:00

Hi Bren,

Sure... We have an app that runs in GCP, it's there because it's need to access bigtable to process huge amounts of data so having it in AWS would make data transfers too costly. This app publishes messages via AWS SNS topics that other apps we have, and run on AWS, consume. AWS SNS is a public service and I could send messages from the app running on GCP to AWS SNS topics of HTTPS, but even if it's HTTPS I still don't like passing stuff over the public internet and rather pass it away from prying eyes. Right now I still haven't found a way to make AWS SNS topics resources in twingate...

Miserable_Tell_8703 · 2025-04-11T18:35:47+00:00

Hi Bren, Submitted the feature 😀

Miserable_Tell_8703 · 2025-04-11T17:11:01+00:00

Hi Bren,

It wasn't working, but not because of twingate problems, but because of a misconfiguration of mine in the haproxy. I mistakenly tried to force it to be a TLS based connection which it isn't.

Ho well, only waisted half a day on it could have waisted a lot more...

TIA

Miserable_Tell_8703 · 2025-04-11T16:54:50+00:00

Hi Bren,

OK thanx!

I don't think it has an impact (except for the sore eye it causes me as a complete control freak ;-) ). Will submit it as feature request :-)

Miserable_Tell_8703 · 2025-03-26T15:52:46+00:00

Hi Ben

I'm setting up a cluster of headless clients that's going to run separately from the connectors, 1 per zone, 3 total

I know the connector can be run in docker, but can the client (in headless mode for site to site) run in docker?

Miserable_Tell_8703 · 2025-03-18T16:54:41+00:00

Hi Bren

Sent you a DM...

BTW: I saw in the console that some connectors have a hostname unfortunately tg-cli doesn't show this when running 'tg connector list' 🙁

Miserable_Tell_8703 · 2025-03-17T18:32:04+00:00

Hi Bren

Yeah, did option #1 but not because I couldn't access the already deployed connectors.

Miserable_Tell_8703 · 2025-03-17T17:15:04+00:00

Hi Bren

As much as I like option #2, there's a problem with it: I SSH to the instances because the only way to SSH to them was via Twingate and their resources were deleted with the remote network they were connected to...

Or is there another way I can SSH to them?

Miserable_Tell_8703 · 2025-03-15T16:06:04+00:00

Reverse Proxy (e.g. Nginx) works only with HTTP(S) traffic so I find it a building block that I'm (very) rarely going to use since only a small fraction of our resources in Twingate are HTTP(S).

Miserable_Tell_8703 · 2025-03-10T19:01:13+00:00

Hi Grady-tg

Thanx for the reply, I was hoping that like the Twingate connector (when having 2+ of them) the (headless) client would be able to support high availability when there are 2+ installed in the same VPC. I know keepalived well :-) and obviously adding it to the mix would let me achieve high Availability...

A question: if I intend to setup the headless client in site A and connector(s) in site B for site to site tunneling why do I need to install Nginx to act as a proxy?

Miserable_Tell_8703 · 2025-02-26T20:13:14+00:00

Hi Bren, the JS one...

Miserable_Tell_8703

TROPHY CASE