This will guide you though setting up secure remote access to your network resources using Twingate, just follow long to easy remote network access.
Why I Chose Twingate?
Twingate's zero-trust approach provides granular access control with better performance. Plus, their Docker-based connector deployment makes it incredibly easy to get started, I find it more central than Tailscale - but that is personal preference.
Step 1: Installing Docker Desktop via Terminal
I prefer doing everything from the command line, so I used Homebrew for the Docker installation.
# Install Docker
sudo apt install -y docker.io
# Enable Docker service
sudo systemctl enable docker --now
# Add user to docker group
sudo usermod -aG docker $USER
Step 2: Installing Connectors (both of them)
I headed over to Twingate's website and created an account. The setup process involves:
- Creating a Remote Network - This represents the network where your connector will be deployed
- Adding a Connector - Twingate will generate a connector with a random name
- Generating Tokens - You'll need both an Access Token and Refresh Token
Lets go though those now, from the admin portal login with Azure (in my case)
Once logged into the admin portal choose Networks > Remote Networks then add a remote network as below:
Then from the Location choose "On Premise" for this example:
Then from the Location choose "On Premise" for this example:
Then give it a name as below, this will then appear as "offline" as you have no connector or resources for that network, click on the network:
When the "Demo Network" opens you will notice you have 2x connectors already created with cool names:
If you click on one of the connectors you will be taken to the deployment page with all the deployment options, to which we need "Docker" so click on that:
We now need to generate the token, which should be this section here, click on the "Generate Tokens" button:
This will require a re-authentication for security:
When the "Demo Network" opens you will notice you have 2x connectors already created with cool names:
If you click on one of the connectors you will be taken to the deployment page with all the deployment options, to which we need "Docker" so click on that:
We now need to generate the token, which should be this section here, click on the "Generate Tokens" button:
This will require a re-authentication for security:
When you have authenticated this will generate new tokens as below (redacted)
When you have the tokens you will see the command you need to install this on your server as below, just click copy command then paste this into the shell on the target device:
Then after a couple of seconds you will see the connector appear online as below:
Then after a couple of seconds you will see the connector appear online as below:
You now need to repeat this process for the other connector to get that online as well.
Step 3 : Assigning Resources
This is the final section which involves assigning resources to those connectors for remote access for that we need Network > Resources > New Resource:
You can then enter the name and the IP address for that resource, that is the basic update complete - but what if you want more restrictions?
If you wish it to lock after 1 day and require a reason for unlock then you can set auto-lock as below:
Then what if you only want TCP:22 allowed and block UDP and ICMP as well:
Then finally what if you wanted magic DNS with a hostname, so people could use ssh.bear.local?
When you are done click "Create Resource" then finally we need to assigned which users have access to this resource:
This completes the resource addition - you need to repeat this for all your other resources required as well, then all you need to do is get the application for your devices and login to access these resources.
Then what if you only want TCP:22 allowed and block UDP and ICMP as well:
Then finally what if you wanted magic DNS with a hostname, so people could use ssh.bear.local?
This completes the resource addition - you need to repeat this for all your other resources required as well, then all you need to do is get the application for your devices and login to access these resources.