https://netmaker.org logo
Join Discord
Powered by
Hello everyone, I am probably being thick but I ha...
# client
w
Hello everyone, I am probably being thick but I have a netmaker-1 instance set up on a server and it is running the container stack and my three nodes are looking healthy. Netclient pull shows them fine, however, I am unable to ping/connect to the other nodes.
If it is relevant I have no section in my wg status showing "latest handshake" between the two nodes, just with the netmaker-1 instance which I can ping
On a related note, I have another network configured that I want to route all my traffic through the netmaker-1 instance but the dns resolution never resolves for this, I have used the eth0 name as well we nm-central name and both just result in the clients timing out. What are you supposed to put for the interface if the ingress and egress node is the netmaker instance?
That last post is just in regard to following the documentation, it doesn't specify what the interface should be in this case.
b
The interface for an egress must be the interface that the egress node would use to reach the egress range. For example, if a node has interface eth0 with address 192.168.3.5 and eth1 with address 192.168.10.8 and netmaker interface with address 10.10.10.99 and the egress range is 192.168.10.0/24 , the interface would be eth1.
w
That makes sense, but the netmaker-1 instance doesn't have access to that egress range from what I can tell
b
IP route get x.x.x.x will tell which interface a computer will use to route to that address (x.x.x.x)
w
Right, so running 
ip route get 10.14.14.254
shows 
via 172.31.1.1 dev eth0 src <public_ip_address> uid 0
so I take it it's the eth0 interface which is what I have been trying
I can't ping that 10.14.14.254 though just as an fyi because the netclient isn't running on this server, just the docker-compose stack
b
Run IP get inside the netmaker container
w
okay bear with me
Copy code
bash
ip route get 10.14.14.254
local 10.14.14.254 dev lo src 10.14.14.254 uid 0
Okay so from the netmaker container it looks like it might be 
lo
as the interface not eth0
b
lo is the loopback interface
w
okay so 
ip addr show
shows both interfaces I would expect to see
Copy code
bash
nm-central: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1280 qdisc noqueue state UNKNOWN group default qlen 1000
    link/none
    inet 10.14.14.254/24 scope global nm-central
so shall I use 
nm-central
and see what happens
So the tunnel goes up on the external client but my ip still says my normal isp's ip
so I don't think its routing the traffic
I am going to bed though, I have spent 3 hours trying to get this to work 😆
I have tried again this morning and neither issue work, I cannot ping/ssh using the subnet ip any of the nodes and while it seems traffic is forwarded to the netmaker-1 it just hangs there and never resolves. The other node is on the same lan than I am on so its very weird that ip can't be used to connect to it.
Rebuilt and followed every stage of the documentation (wanted to make sure I didn't miss anything) and the external clients can't route traffic through the netmaker server
I will start froms scratch on 0.14.4. 1. docker compose just restarted and running with the new verison: 2. Create a point to site vpn as I am only using the netmaker-1 and external clients (a phone with the wireguard app) 3. Get info about the interfaces to use 4. Use nm-site interface (wg0 and lo didn't work) 5. Follow docs here and input that ip range https://docs.netmaker.org/egress-gateway.html and nm-site 6. Create an external client 7. scan qr code, toggle it on and make a request to a website 8. dns timeout on the phone (so it seems the request is going there.
@bored-island-21407 The only other things I can think may be relevant is that the server host is hetzner, there is no firewall outside the server, I can wget from the container and download from within that, my local isp uses CGNAT instead of dynamic ip or static ip but I am testing on both my mobile data and wifi. Thank you for being so patient with me
b
when you run 
ip route
in the netmaker container what is the first line that contains default
w
@bored-island-21407 the third image shows all three IP route commands, itself, the subnet and Google dns
b
you should be using eth0 as your egress gateway interface
w
alright I will set that and add the ip ranges from the docs
I'm afraid that doesn't work, the internet just drops off when wireguard is enabled
I wonder if its Hetzner, maybe I should try on a different provider
b
if you can give me a day or so, I will see if the same issue exists in our test environment
w
Of course I can, if I can figure this out I will happily buy you a coffee/beer (or just do my best to convince my company to move their ancient vpn
Thank you for the time thus far regardless
Hi @bored-island-21407 I'm not pestering for an update, just thought to assist the troubleshooting and can confirm the same steps as above also do not work on a digital ocean droplet. So it doesn't appear to be hetzner specific for me. Thanks and take care.
b
confirmed that similar issue exists in our test environment. People are working on it
w
No problem, thanks and have a good one!
PreviousNext
Powered by