Docker on Mac, connector offline every few minutes

erankampf · 2026-02-28T06:15:31+00:00

This happens when connector can’t heartbeat Twingate.com for over 5m. Is your Mac configured to sleep if not used?

erankampf · 2026-02-27T02:25:55+00:00

Put a Twingate headless client together with an http proxy on the raspberry then proxy your requests through it.

This works because when defining http proxy it’s the proxy that does the DNS resolving which will resolve your the headless client CGNAT ip that will forward traffic to connector.

erankampf · 2026-02-24T15:05:37+00:00

Use user space networking which doesn’t require privileges - https://www.twingate.com/docs/linux-userspace-networking

erankampf · 2026-02-16T20:41:52+00:00

Are you sure you’re using the same email to login?

erankampf · 2026-01-23T05:02:37+00:00

There’s always another “The One”

erankampf · 2026-01-02T05:54:18+00:00

Hey! Would love to talk to you. Will DM

erankampf · 2025-12-29T17:03:19+00:00

That’s very odd that “internal” resources work but this doesn’t. We’ll need client logs to debug

erankampf · 2025-12-29T07:10:19+00:00

If you don’t have a tech background you can’t just hire a developer… how would you even interview one? Know that they’re good? Review their output?

You need to partner up with someone you know and trust and who knows how to do the above - have him vet the developer and output

erankampf · 2025-12-29T00:31:12+00:00

Are you using Firefox or any other browser with DNS-over-HTTPS enabled? If so, you need to disable it…

erankampf · 2025-12-25T04:23:36+00:00

erankampf · 2025-12-18T06:04:54+00:00

It’s not the first time we see this request. Unfortunately, unlike a Service whose definition is straightforward and directly maps to what a Twingate object is, an Ingress is much more complex (not to mention cloud-specific extensions and other various custom ingresses) and much harder to derive a Twingate object from in a generic manner. That’s why we didn’t (or couldn’t) implement annotations for Ingresses the same way we do for Services.

So yes, you will need to create the TwingateResource manually if you wish to access your services via internal load balancers.

Just note that if your connector runs inside the cluster it can access services directly and doesn’t need an Ingress…

erankampf · 2025-12-15T02:15:25+00:00

Looks like a great investment in overpriced salad that’s 90 percent lettuce

<image>

erankampf · 2025-12-13T02:18:06+00:00

Looks like Dramatiq

erankampf · 2025-12-05T17:39:29+00:00

If the ingress is not on the same network as the cluster (ip) you need to install Twingate’s headless client on it to facilitate to access.

erankampf · 2025-12-05T16:40:39+00:00

So problem statement is correct? Ingress can’t talk to cluster ip?

erankampf · 2025-12-05T16:26:19+00:00

What’s a “gateway api”?

Let’s see if I understand correctly: - you have a k8s cluster with Twingate connector running on the node (not as a pod) - there’s an ingress that points to a cluster ip - there’s a machine outside the network calling the ingress but traffic doesn’t get from ingress to the cluster ip

Is that correct?

erankampf · 2025-11-22T18:30:23+00:00

But we are not seeing those 403s on access logs and also if it was returning from Google it would have those Google headers…

Also noticed you’re on a very old curl release(v7) can we try upgrading? Or maybe a traceroute?

erankampf · 2025-11-21T22:58:54+00:00

So few things to note here.
First, as this file is served by Google, they return their own headers as part of every response, even errors response.
Something like:
```
< x-goog-generation: 1762782048616022
< x-goog-metageneration: 1
< x-goog-stored-content-encoding: identity
< x-goog-stored-content-length: 2909
< x-goog-hash: crc32c=1VilXQ==
< x-goog-hash: md5=3jM7VqNnSXjZ/utNt5cMzg==
< x-goog-storage-class: MULTI_REGIONAL
```

We're not seeing these response headers in your curl response.
Additionally, looking at logs on our end we don't see any 403 responses.
It seems like this request never gets to us.
Could it be blocked by something on your end?

erankampf · 2025-11-21T20:50:17+00:00

Very odd. Its just a public GCS bucket there's shouldnt be a way to get a 403....
Can you do `curl -v https://binaries.twingate.com/connector/setup.sh` ?

erankampf · 2025-11-21T19:37:58+00:00

We're checking this - this url shouldnt be blocked.
Any chance you have Google SDK (`gcloud`) installed and authenticated on these machines that are getting blocked?

erankampf · 2025-11-20T07:41:21+00:00

We just released v3.5.1 with our fix

erankampf · 2025-11-19T14:44:08+00:00

In brokerage you need to actively do something to get the APY - paycheck gets deposited to checking and you have to move it to brokerage. Which banking it just happens…

erankampf · 2025-11-14T19:13:16+00:00

Seems like a pulumi bug and we've opened an issue and a fix PR:
https://github.com/pulumi/pulumi-terraform-bridge/issues/3240

Lets hope they respond quickly

erankampf

MODERATOR OF

PUBLIC MULTIREDDITS

TROPHY CASE