https://netmaker.org logo
Join Discord
Powered by
So I have the netmaker server up and running with ...
# install
g
So I have the netmaker server up and running with a public ip (node is also ingress), created my network and deployed a netclient (docker) over a VM I have on a different network at some other location. I set the docker netclient node as egress, but I cannot reach the IPs (ping) on the egress node network (i.e. 10.10.10.5), any clue as to why? or maybe I missed some other config.. (I am trying to ping an IP behind the egress node from an external client: cellphone with wireguard installed)
b
what is the ip range of your netmaker network?
g
isn't the one on the screenshot above correct? 10.10.10.0/24 so that means the whole range right? or do I have to specify it with 10.10.10.1-10.10.10.254 ?
b
that is the correct way to spec the range
but are you trying to set your egress range to your netmaker network range?
g
no, that range is my private network (at home) network range. My netmaker network range is different: 10.21.45.0/24 So Ingress and Egress network range is: 10.21.45.0/24 My private home network range (where my egress node is): 10.10.10.0/24 From my cellphone external client I am trying to reach my internal network home like: ping 10.10.10.5 -> does not work. HOWEVER I am able to ping ONLY the egress node IP (which is 10.10.10.3 -> this IP i can ping, anyother I cannot)
b
phone= android or apple?
g
android
I have not tried with a PC external client, should I?
just to try out I suppose
b
what do you mean by Ingress Range --- there is no ingress range
g
meaning where the ingress and egress nodes are. The netmaker network:
b
ok.
did you create your external client before or after you created the egress gateway
g
I created an access token, I used the docker commands shown there to create my node at home. After it showed up on the netmaker nodes dashboard I set it as egress. Then I proceed to create the external client and scanned it with QR. I do re-create/re-scan the ext client on every change I made to my netmaker network because I know the config changes (like allowed IP ranges or DCHP Server, etc.)
I should mention I have pfSense back at home as firewall but I am not seeing any firewall logs blocking anything so that's not it
b
have you tried running the netclient binary as opposed to the netclient-docker for your egress node (eliminates docker networking funnies)
g
that's a great idea, I will try that
my only concern is upgrading.. I hate the fact that there might be left-overs when doing upgrades from time to time
that's why I always chose docker
is "cleaner"
but I will give it a try
b
the only reason for netclient-docker is really for k8
there is no advantage (and many disadvantages, imho) to running netclient-docker vice netclient
g
gotcha yeah I figure kubernetes was the reason but then again just to mention it, Is just cleaner for me in my opinion to lunch a docker container. BUt you are aboslutely correct
I will give it a try and let you know if that solves it
b
if you install netclient using your package manager, upgrading is just as easy as docker updates
g
understood
question: could I just try to isntall it on pfSEnse directly?
b
I think some others have tried that....
g
I know I am not supposed to mess with my firewall but just asking if possible
kk fair enough
b
does pfSEnse have systemd
running netclient without systemd is not 100% foolproof ... some more work is needed there
g
ok no worries, thanks a bunch for your help. I will just install the native client instead of the docker one and let you know here if that's it
Yup that fixed it. Many thanks. Originally I thought there were some custom made scripts to install the netclient but as you mentioned today I could just use the regular package manager to add/remove the app. So thanks again.
b
👍
4 Views
PreviousNext
Powered by