https://netmaker.org logo
Join Discord
Powered by
What can the ext clients access?
# client
s
What can the ext clients access?
Should my ext client "hot-rambo" be able to access "nametable" currently it seems to not be able... do I need to change netmaker-1 to be more than just an ingress?
b
it should be able to; is hot-rambo an iphone? there were some problems before with iphone ext clients not working correctly but I thought that had been resolved.
s
hot-rambo is an android phone with the Wireguard app
b
then it should work...... I have tested that exact scenario many, many times.... can you verify that netmaker-1 can access nametable
s
Would I do that by trying to ping inside of one of the docker containers on that host which is running my netmaker server?
b
yes, exec into the netmaker container and try and to nametable
s
Hmm, I'm having trouble pining:
Copy code
bash
bash-5.1# ping 10.254.158.2
PING 10.254.158.2 (10.254.158.2): 56 data bytes
ping: sendto: Destination address required
For reference, here is the interface inside that container:
Copy code
4: nm-test-net: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1280 qdisc noqueue state UNKNOWN group default qlen 1000
    link/none 
    inet 10.254.158.254/32 scope global nm-test-net
       valid_lft forever preferred_lft forever
And the routing:
Copy code
default via 172.19.0.1 dev eth0 
10.101.0.0/16 dev nm-netmaker scope link 
10.254.158.0/24 dev nm-test-net scope link 
10.254.158.1 dev nm-test-net scope link 
172.19.0.0/16 dev eth0 proto kernel scope link src 172.19.0.2
b
what is output of 
wg show
from container
s
Copy code
interface: nm-netmaker
  public key: 1Lu84lx9RUEz22nUKVHEDVaiDf+Ks5Tn7Yjr1PaHvy0=
  private key: (hidden)
  listening port: 51821

peer: j/vqBUjZNsFTVdHNR0ti/5fjdbTHYcPIxmOmWF7IUSU=
  endpoint: 216.249.124.81:51821
  allowed ips: 10.101.0.1/32
  latest handshake: 1 day, 22 hours, 29 minutes, 3 seconds ago
  transfer: 180 B received, 3.81 MiB sent
  persistent keepalive: every 20 seconds

interface: nm-test-net
  public key: x8mF4drlAQAE7j1yADa4A2ebkLn8kyfXIvOgPEqChDQ=
  private key: (hidden)
  listening port: 51822

peer: moz5gajAnMifBib8Uv8WwxZSix/Ya1s+yLWoL3j2bwg=
  allowed ips: 10.254.158.1/32
  persistent keepalive: every 20 seconds

peer: s+1HkcEuffYrtk57uYQTvwPvzztLq5EXJnddGWTDbRo=
  allowed ips: 10.254.158.3/32
  persistent keepalive: every 20 seconds

peer: 2CiWCcJRzanlFibE0tJFwRDN9tTHvX0QYZSISELChxo=
  allowed ips: 10.254.158.4/32
  persistent keepalive: every 20 seconds

peer: LqRH3RzGOuC1DH0LAFHQVYxEl7M88Se7EYu2O4t79zw=
  allowed ips: 10.254.158.2/32
  persistent keepalive: every 20 seconds

peer: Faqigyq1v0y8LAFGAqDH88l5n8cHqNJZygEZGb1R+SI=
  allowed ips: 10.254.158.5/32
  persistent keepalive: every 20 seconds
b
ok, no handshakes... can you ping netmaker-1 from nametable
s
No, I am unable
b
hmmm
s
But I can ping framework-nametable, the other node
b
need to fix that connectivity before the ext-clients will work
s
Odd, that the server node itself would be the one with the problem
b
can you do 
netclient pull -vvvv
on nametable and check if that improves anything
s
nametable can still not ping netmaker-1 afterward
b
next step would be to do a docker-compose down and docker-compose up on the server and check the netmaker logs for any errors
s
That will keep my volumes, right?
b
yes, the volumes will not be affected
s
I don't really see any errors in particular from any of the 4 containers. I still can't ping out to 
nametable
from 
netmaker-1
b
firewallls?
s
Hmm, on which side? My other framework-nametable node can access nametable. As far as firewalls on the server, it itself doesn't have a firewall, but the cloud provider the VM is running in, I've let through 443, and a range of UDP ports for wireguard
b
is the cloud provider firewall blocking ICMP?
s
ICMP is blocked from the outside to my vm's public IP, I can enable it, although I thought that the traffic was going through wireguard
b
some firewalls block all ICMP on all interfaces
probably a red herring tho, you should still get handshakes over wireguard and that does not seem to be happening
what version of netmaker and netclient?
s
I will check. Just enabled ICMP, I can ping the vm's public IP now, but still can't ping the containers netmaker IP
nametable
is running 
Netclient version v0.16.3
Netmaker container is 
gravitl/netmaker:v0.16.3
b
I have to run an errand .... will check back later
s
Sounds good. I'll probably experiment some more, and list any progress I make here
Tried to add a 2nd ingress, by installing netclient on the VM outside the container where netmaker is running. 
alarm
can ping 
netmaker-1
but neither of them can ping out to the other nodes, or be reached by the nodes.
PreviousNext
Powered by