netbirdio
Netbird client not connecting from Windows app, maybe signal service problem ?
Describe the problem
Ubuntu 22.04 Docker Version : 26.1.4 Docker Compose infrastructure
I set up an on-premise infrastructure with Traefik SSL Wildcard certificate, real domain, public ip, cloudflare dns, etc... with Netbird behind, everything on docker compose stack (not Swarm mode). Everything is working fine with traefik : accessible UI and no error in every container when launching the setup.
Now, when I tried to connect from another laptop from another network (literary via internet) with windows netbird app, I cannot get my IP via the VPN. Peer is showing up on UI but nothing else.
Expected behavior
Getting an IP address on my host via the VPN setup.
Are you using NetBird Cloud?
Self-hosted docker compose stack (no swarm)
NetBird version
mgmt & signal version : 0.27.10
Additional context
-
Authentik setup, no problem btw. Windows app launch correctly the connection page, and connect.
-
I get this log from the management ctn, running in a loop with the next logs :
2024-06-12T18:56:20Z DEBG management/server/grpcserver.go:323: Login request from peer [4hZzGBJYIQVK/utDUQ/4rzVSq0y5C/0iazGxms7fWUA=] [172.71.131.76]
2024-06-12T18:56:20Z DEBG management/server/peer.go:708: same SSH key provided for peer cpkthcsdnpqs73dvs6dg, skipping update
- I tried via docker container on my windows client, but i get the same loop on management and no response on signal ctn, but I get this error on the client container :
2024-06-14T17:57:05Z ERRO signal/client/grpc.go:88: failed to connect to the signalling server context deadline exceeded
2024-06-14T17:57:05Z ERRO client/internal/connect.go:357: error while connecting to the Signal Exchange Service nb.<domain.name>:443: context deadline exceeded
2024-06-14T17:57:05Z ERRO client/internal/connect.go:232: rpc error: code = FailedPrecondition desc = failed connecting to Signal Service : context deadline exceeded
- Test STUN/TUN from Trickle ICE :
hey @Wizend It must be that your signal service is improperly configured and not accessible. I assume, that there is a missing config in traefik. Have yo utried pining your signal from the machine that experiences issues?
Hi !
I'll try to and answer in the next comment, but here is my compose.yml file. You'll find all of my traefik setup, maybe you right, I missed something :
networks:
ba-net:
external: true
volumes:
netbird-mgmt:
driver: local
netbird-signal:
driver: local
netbird-coturn:
driver: local
services:
#UI dashboard
dashboard:
image: netbirdio/dashboard:latest
restart: unless-stopped
environment:
# Endpoints
- NETBIRD_MGMT_API_ENDPOINT=https://nb-api.<domain.name>
- NETBIRD_MGMT_GRPC_API_ENDPOINT=https://nb-api.<domain.name>
# OIDC
- AUTH_AUDIENCE=<ClientID>
- AUTH_CLIENT_ID=<ClientID>
- AUTH_CLIENT_SECRET=
- AUTH_AUTHORITY=https://authentik.<domain.name>/application/o/netbird/
- USE_AUTH0=false
- AUTH_SUPPORTED_SCOPES=openid profile email offline_access api
- AUTH_REDIRECT_URI=
- AUTH_SILENT_REDIRECT_URI=
- NETBIRD_TOKEN_SOURCE=accessToken
networks:
- ba-net
labels:
- "traefik.enable=true"
- "traefik.http.routers.netbird.entryPoints=web,web-secure"
- "traefik.http.routers.netbird.rule=Host(`nb.<domain.name>`)"
- "traefik.http.services.netbird.loadbalancer.passHostHeader=true"
- "traefik.http.services.netbird.loadbalancer.server.port=80"
# Signal
signal:
image: netbirdio/signal:latest
restart: unless-stopped
volumes:
- netbird-signal:/var/lib/netbird
networks:
- ba-net
labels:
- "traefik.enable=true"
- "traefik.http.routers.netbirdsignal.entryPoints=web,web-secure"
- "traefik.http.routers.netbirdsignal.rule=Host(`nb-api.<domain.name>`) && PathPrefix(`/signalexchange.SignalExchange/`)"
- "traefik.http.routers.netbirdsignal.service=netbirdsignal"
- "traefik.http.services.netbirdsignal.loadbalancer.passHostHeader=true"
- "traefik.http.services.netbirdsignal.loadbalancer.server.port=80"
- "traefik.http.services.netbirdsignal.loadbalancer.server.scheme=h2c"
# Management
management:
image: netbirdio/management:latest
restart: unless-stopped
depends_on:
- dashboard
volumes:
- netbird-mgmt:/var/lib/netbird
- ./management.json:/etc/netbird/management.json
networks:
- ba-net
command: [
"--port", "443",
"--log-file", "console",
"--log-level", "debug",
"--disable-anonymous-metrics=true",
"--single-account-mode-domain=nb.<domain.name>",
"--dns-domain=<domain.name>"
]
labels:
- "traefik.enable=true"
- "traefik.http.routers.netbirdapi.entryPoints=web,web-secure"
- "traefik.http.routers.netbirdapi.rule=Host(`nb-api.<domain.name>`) && PathPrefix(`/api`)"
- "traefik.http.routers.netbirdapi.service=netbirdapi"
- "traefik.http.services.netbirdapi.loadbalancer.passHostHeader=true"
- "traefik.http.services.netbirdapi.loadbalancer.server.port=443"
- "traefik.http.routers.netbirdmanagement.entryPoints=web,web-secure"
- "traefik.http.routers.netbirdmanagement.rule=Host(`nb-api.<domain.name>`) && PathPrefix(`/management.ManagementService/`)"
- "traefik.http.routers.netbirdmanagement.service=netbirdmanagement"
- "traefik.http.services.netbirdmanagement.loadbalancer.passHostHeader=true"
- "traefik.http.services.netbirdmanagement.loadbalancer.server.port=443"
- "traefik.http.services.netbirdmanagement.loadbalancer.server.scheme=h2c"
# Coturn
coturn:
image: coturn/coturn:latest
restart: unless-stopped
domainname: nb.<domain.name>
volumes:
- ./turnserver.conf:/etc/turnserver.conf:ro
network_mode: host
command:
- -c /etc/turnserver.conf