defguard
defguard copied to clipboard
DefGuard
Cannot deploy Gateway
I followed the instructions https://defguard.gitbook.io/defguard/admin-and-features/setting-up-your-instance/gateway but when deploying I use docker in the location as below, replacing localhost with Defguard's ip, I always get an error. I tried using https but the cert failed. Can anyone help me with this part?
Version information
- Defguard Core version: v0.10.0
- Defguard Gateway version: v0.6.2 (if bug is applicable to VPN functionality)
- Operating system and version running the gateway: docker and ubuntu 20.04
- Your browser and version Edege 123.0.2420.65 (Official build) (64-bit)
Hi. If you deploying gateway on different VM, GRPC URL should not be a localhost and you need to update it accordingly so that your gateway could connect.
I have updated it but I still wonder if it is related to the cert. I tried https and copied the cert from the main server but it didn't work or do I have to create my own cert?
On our setup we use let's encrypt and it just works, without copying certs. Have you checked if you can reach GRPC url from gateway? from screenshot you provided i would check firewall first. Another way to test would be to use GRPC via HTTP and without DNS name, just http://your_ip:50055
I don't understand how to do this with certificates either, I get the same result on the server running the gateway
I have updated it but I still wonder if it is related to the cert. I tried https and copied the cert from the main server but it didn't work or do I have to create my own cert?
Did you succeed?
Sorry for using this issue. I got the exact same issue when creating another location on the same linux machine. I use the docker based gateway setup and copy it on my linux machine.
The base installation worked flawless. But as soon as I want to add another location, I get this error:
root@rit-dg01:~# docker run -e DEFGUARD_TOKEN=SUPERSECRETTOKEN -e DEFGUARD_GRPC_URL=http://localhost:50055/ --restart unless-stopped --network host --cap-add NET_ADMIN ghcr.io/defguard/gateway:latest
[2024-09-17T09:57:03Z INFO defguard_gateway::gateway] Starting defguard gateway version 0.7.1 with configuration: Config { token: "***", name: None, grpc_url: "http://localhost:50055/", userspace: false, grpc_ca: None, stats_period: 30, ifname: "wg0", pidfile: None, use_syslog: false, syslog_facility: "LOG_USER", syslog_socket: "/var/run/log", config_path: None, pre_up: None, post_up: None, pre_down: None, post_down: None, health_port: None }
[2024-09-17T09:57:03Z INFO defguard_wireguard_rs::wgapi_linux] Creating interface wg0
[2024-09-17T09:57:03Z INFO defguard_gateway::gateway] Trying to connect to http://localhost:50055/ and obtain the gateway configuration from defguard...
[2024-09-17T09:57:03Z ERROR defguard_gateway::gateway] Couldn't retrieve gateway configuration from the core. Using gRPC url: http://localhost:50055/. Retrying in 10s. Error: status: Unknown, message: "h2 protocol error: http2 error", details: [], metadata: MetadataMap { headers: {} }
I run the command on localhost. There is already an interface called wg0 on my linux machine. Maybe that's the problem?
Hi ,
We are facing the same issue, while create the gateway in another VM.
ERROR defguard_gateway::gateway] Couldn't retrieve gateway configuration from the core. Using gRPC url: http://localhost:50055/. Retrying in 10s. Error: status: Unknown, message: "h2 protocol error: http2 error", details: [], metadata: MetadataMap { headers: {} }
