Quick reference

• Maintained by: Twingate⁠
• Where to get help: Twingate Help Center⁠, Twingate Community Forum⁠
• Supported architectures: amd64, arm32v7, arm64v8

What is the Twingate Connector?

Twingate⁠ makes Zero Trust Network Access easy to deploy, even easier to use, and always secure. Twingate is a central Zero Trust orchestration layer, so you can create a best-in-class security ecosystem without having to recut your network.

The Connector⁠ is a Twingate component that is deployed behind your firewall to provide access to private Resources.

Learn more about how Twingate works⁠, explore Twingate use cases⁠ and read our Docker deployment guide⁠.

Quickstart

To start a Connector, you will need an Access Token and a Refresh Token to run the Connector. These can be generated via the Twingate Admin Console or the Twingate API. For more information, see the Docker deployment guide⁠.

Use the following command to start a single Twingate Connector:

docker run -d
    --sysctl net.ipv4.ping_group_range="0 2147483647"
    --env TWINGATE_NETWORK="twingate-network"
    --env TWINGATE_ACCESS_TOKEN=""
    --env TWINGATE_REFRESH_TOKEN=""
    --env TWINGATE_DNS="198.51.100.42"
    --env TWINGATE_LABEL_HOSTNAME="`hostname`"
    --env TWINGATE_LOG_ANALYTIcS="v2"
    --name "twingate-connector-name"
    --restart=unless-stopped
    --pull=always
    twingate/connector:1

Parameters

• TWINGATE_NETWORK: Your Twingate network slug, e.g. <name> for the Network <name>.twingate.com.
• TWINGATE_ACCESS_TOKEN: A time-expiring access token used to authenticate the Connector. Generated via the Twingate Admin Console or the API.
• TWINGATE_REFRESH_TOKEN: A time-expiring refresh token used to authenticate the Connector. Generated via the Twingate Admin Console or the API.
• TWINGATE_DNS: (Optional) A custom, locally resolver, DNS server for the Connector to use.
• TWINGATE_LABEL_HOSTNAME: The local machine's hostname.
• TWINGATE_LOG_ANALYTICS: (Optional) Enables local network connection logs. Set to "v2" to enable logs.

To make the Connector available on the host machine's local network, remove --sysctl net.ipv4.ping_group_range="0 2147483647". This is recommended when Clients may be on the same local network as the Connector as it will allow peer-to-peer connections.