https://netmaker.org logo
#netmaker
Title
# netmaker
c

cool-army-24422

07/26/2022, 9:16 AM
As I have created a egress gateway and provided the range ( 10.60.224.0/32 ) Now if I want to connect or ping the nodes present in the network 10.60.224.0 , Will I be able to reach them Or do I need to add the server which is egress gateway in the present network to the 10.60.224.0 network.
b

bored-island-21407

07/26/2022, 9:50 AM
10.60.224.0/32 should be reachable from all other nodes in the network.
c

cool-army-24422

07/26/2022, 10:18 AM
But It's not reachable, do I need to add any outboaund port. The server which is an egress is an Azure VM
b

bored-island-21407

07/26/2022, 10:19 AM
is the range reachable from the egress gateway itself?
10.60.224.0/32 is an invalid ipv4 cidr
it is a network address not a host address
c

cool-army-24422

07/26/2022, 10:22 AM
Yeah my bad, after sharing the issue here I have updated it 10.60.224.0/24
b

bored-island-21407

07/26/2022, 10:22 AM
ok
c

cool-army-24422

07/26/2022, 10:23 AM
New updated graph, and I am not able to connect to egress network from Netclient-AZ also
b

bored-island-21407

07/26/2022, 10:24 AM
if the egress range is not reachable from the egress gateway how do you expect netmaker(wireguard) to solve this ?
you can only egress to a network that the egress gateway can already reach
c

cool-army-24422

07/26/2022, 10:26 AM
If I am not wrong the configuration seems good ?
How to achieve this
b

bored-island-21407

07/26/2022, 10:28 AM
what are the ip addresses of the egress gateway
c

cool-army-24422

07/26/2022, 10:28 AM
10.174.71.1
b

bored-island-21407

07/26/2022, 10:28 AM
don't need its public address just the private ones
what is output of
ip a
if that is the only ip address that it has; it cannot be used as an egress gateway
c

cool-army-24422

07/26/2022, 10:33 AM
The same node should be present with the another network also where I am pointing my egress?
according to this image what I understand is it should be mutual in both the network
b

bored-island-21407

07/26/2022, 10:33 AM
yes, the egress gateway has to be in the network that you want to make it an egress gateway for
c

cool-army-24422

07/26/2022, 10:34 AM
Cool, I tried out that also Will try once again
b

bored-island-21407

07/26/2022, 10:34 AM
it does not have a 10.60.224.X address
c

cool-army-24422

07/26/2022, 10:34 AM
will it take some time to update the configuaration?
Nope, I am adding it to the 10.60.224.0 network
[netclient] 2022-07-26 10:39:14 joining gateway-net at api.abhishekparihari.tech:443 [netclient] 2022-07-26 10:39:14 error installing: error creating node 401 Unauthorized {"Code":401,"Message":"You are unauthorized to access this endpoint."} root@Netclient-AZ:~# After giving join command it's throwing an error
b

bored-island-21407

07/26/2022, 10:40 AM
token vaild? run out of uses?
c

cool-army-24422

07/26/2022, 10:41 AM
Ok lemme create a new and use that
what does it mean, 3 Uses left or 3 are using ?
b

bored-island-21407

07/26/2022, 10:42 AM
3 left
c

cool-army-24422

07/26/2022, 10:45 AM
Mow I have added the egress gateway to the network 10.60.224.0 and I am able to reach to other nodes in this network
Now I should able to reach from any node of the left network (10.174.71.0) [egress configured] to the left network[ 10.60.224.0]
root@HZ-Netclient:~# ping 10.60.224.1 PING 10.60.224.1 (10.60.224.1) 56(84) bytes of data. ^C --- 10.60.224.1 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 2025ms root@HZ-Netclient:~#
----------------------------------------------- root@Netclient-AZ:~# ping 10.60.224.1 PING 10.60.224.1 (10.60.224.1) 56(84) bytes of data. 64 bytes from 10.60.224.1: icmp_seq=1 ttl=64 time=3.24 ms 64 bytes from 10.60.224.1: icmp_seq=2 ttl=64 time=1.69 ms 64 bytes from 10.60.224.1: icmp_seq=3 ttl=64 time=3.44 ms ^C --- 10.60.224.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2004ms rtt min/avg/max/mdev = 1.690/2.789/3.443/0.781 ms root@Netclient-AZ:~#
b

bored-island-21407

07/26/2022, 11:39 AM
Is port forwarding enabled on gateway
c

cool-army-24422

07/26/2022, 11:43 AM
Which port do i need to add? WireGuard port for the network?
as I have opened the WireGuard ports only at server side I have not opened any other ports in the peers
b

bored-island-21407

07/26/2022, 11:45 AM
It is not a port. Just google ip_forwarding to get details
c

cool-army-24422

07/26/2022, 11:45 AM
Ok sure, I will do that
Ok got it like for setting up wireGuard manually we have to make sure Ip forwarding U mean the same right?
b

bored-island-21407

07/26/2022, 11:47 AM
Yes
c

cool-army-24422

07/26/2022, 11:47 AM
in /etc/sysctl.conf file?
Thanks a lot I will do that and update
After that do I need to update anything else?
b

bored-island-21407

07/26/2022, 11:50 AM
No
c

cool-army-24422

07/26/2022, 12:23 PM
root@Netclient-AZ:~# sysctl -p net.ipv4.ip_forward = 1 after making the ip forwarding, still not able to reach
-------------------------- One more confusion root@Netclient-AZ:~# netclient pull dev-net [netclient] 2022-07-26 12:22:32 No network selected. Running Pull for all networks. [netclient] 2022-07-26 12:22:32 UDP hole punching enabled for node Netclient-AZ [netclient] 2022-07-26 12:22:35 UDP hole punching enabled for node Netclient-AZ [netclient] 2022-07-26 12:22:37 certificates/key saved [netclient] 2022-07-26 12:22:39 registration error Post "https://api.hetznerhcm.dima.kmd.dk:443/api/nodes/adm/ork-kmd/authenticate": dial tcp xxxx:443: connect: connection refused 2022/07/26 12:22:39 Post "https://api.hetznerhcm.dima.kmd.dk:443/api/nodes/adm/ork-kmd/authenticate": dial tcp xxxx:443: connect: connection refused as i am running a pull for a particular network, how come it's showing the domains of previously configured netmaker setup Which I have removed
----------- How to remove the network from peers ? which networks are either removed or deleted or the peer is removed from the network but I can see those networks in the network list and also when checking the wg
Is there any process to untag those network names which are not in use ?
b

bored-island-21407

07/26/2022, 12:33 PM
netmaker leave -n
c

cool-army-24422

07/26/2022, 12:36 PM
any further solution in this
b

bored-island-21407

07/26/2022, 12:39 PM
probably a firewall settting somewhere .... did you recreate everything after enabling fowarding ... did you specify the correct interface adapter when creating the gateway?
c

cool-army-24422

07/26/2022, 4:46 PM
thanks a lot for helping here
@bored-island-21407 appreciate it