managing twingate

Quick Start

Automated Deployment

Connectors

Resources

Remote Networks

Best Practices

JIT Access Requests

Reviewing Access Requests

Usage-based Auto-lock

Ephemeral Access

Resource Tags

Aliases

Kubernetes

Route Traffic from Kubernetes

Manage Kubernetes using kubectl

Private Resources in Kubernetes

Publicly Exposed Resources in Kubernetes

Privileged Access for Kubernetes

Team

Users

Admins

How to Offboard Users

Social Logins

Groups

Identity Providers

Entra ID Configuration

Google Workspace Configuration

JumpCloud Configuration

Keycloak Configuration

Okta Configuration

OneLogin Configuration

SCIM Provisioning API

Security Policies

Location requirements via geoblocking

Security Policies: Migration Guide

Policy Guides

Authentication

Device-only Resource Policies

Trusted Devices

Two-Factor Authentication

Devices

Client Application

Endpoint Requirements

Using Twingate

Managed Devices

Windows Client Migration to .NET 8

macOS & iOS

macOS standalone Client

Windows Managed Devices

Device Administration

1Password XAM Configuration

CrowdStrike Configuration

Device Security Posture Checks

Device Security Guide

Intune Configuration

Jamf Configuration

Kandji Configuration

Linux device ID migration

Manually Verified Devices

SentinelOne Configuration

Services

Headless Clients

Linux Headless Mode

Windows Headless Mode

CI/CD Configuration

Userspace Networking

Analytics

Network Overview

Audit Logs

Admin Console Export

Audit Logs Schema

Network Traffic

Detailed Network Event Schemas

Network Events Admin Console Export

User Activity

Device Report

Syncing Data to AWS S3

Internet Security

Browser Security

NextDNS Integration

DNS Filtering

DNS-over-HTTPS (DoH)

Internet Security Client Configuration

Exit Networks

Identity Firewall

Administration

Admin Console Security

Subscription Management

Managed Service Providers

Customer Network

MSP Billing

Cancel Your Subscription

Notifications

Troubleshooting

Device Failures

DNS Failures

Connector Failures

Firewall Failures

Split Tunnel Failures

additional resources

Help Center ↗

Need help?

Troubleshooting

Changelog

FAQ

Twingate Trust Center

Twingate & Customer Data

DORA Compliance

GDPR Compliance

HIPAA Compliance

PCI Compliance

SOC 2 Report

Responsible Disclosure Policy

Getting Started with DigitalOcean and Twingate

Secure access to your DigitalOcean environment from anywhere in the world.

Overview

This guide explains how to set up Twingate to securely access your DigitalOcean environment using a cloud-init script and doctl. By integrating Twingate with DigitalOcean, you can ensure that your private resources remain protected while enabling seamless remote access.

Prerequisites

Before you begin, ensure you have the following:

A DigitalOcean account with API access.
The doctl CLI tool installed and configured with your DigitalOcean credentials.
A Twingate account with access to the Admin Console.
Basic familiarity with DigitalOcean Droplets and cloud-init.

Installation Steps

1. Generate Connector Access and Refresh Tokens

Start by generating new Access and Refresh tokens for a Connector. Follow these steps:

Log in to the Twingate Admin Console.

Twingate Admin Console
Navigate to Remote Networks.

Remote Networks Screen
Select the Remote Network you want to add a Connector to.

Selected Network Screen
Add a Connector or select one that hasn’t been deployed yet.
Select the See More option.

Selected Connector
Select the DigitalOcean option.

All Connector Options
Scroll down to Step 2 and click Generate Tokens.

Step 2 of Connector Setup
Authenticate when prompted to complete token generation.
Scroll down to Step 4 to copy the installation command.

Step 4 of Connector Setup

Important

Make sure you do not reuse token sets. It is important that each Connector has its own unique token set.

2. Deploy the Connector using doctl

Paste the command from Step 1.8 into your terminal of choice.

Verify that the doctl command finishes successfully. This will create a new Droplet with the Twingate Connector installed and configured using cloud-init.

3. Verify Installation In DigitalOcean and the Twingate Admin Console

DigitalOcean

Log in to your DigitalOcean Control Panel.
Navigate to the Droplets section.
Locate the Droplet created for the Twingate Connector.
Verify that the Droplet is running.

Step 2 of Connector Setup

Twingate Admin Console

Navigate back to the Admin Console.
Navigate to Remote Networks.
Select the Remote Network you added your new Connector to.
Select the new Connector.
Verify that the Controller and Relay statuses are connected.

Step 2 of Connector Setup

Troubleshooting

Common Issues

Token Errors: Ensure the Access and Refresh tokens are correctly entered in the cloud-init script.
Copy / Paste Errors: Depending on how your terminal interprets white spacing, copying to a separate script may be necessary.
Connectivity Problems: Verify that the Droplet was created successfully using doctl compute droplet list and check that the Twingate Connector service is running.
doctl Not Found: Ensure you have installed and authenticated the doctl CLI tool. Visit the DigitalOcean documentation for installation instructions.

If issues persist, take a look at the troubleshooting docs

Next Steps

Once Twingate is configured, you can explore additional resources to enhance your setup:

Connector Management: Learn how to manage and monitor your Twingate Connectors.
Setting Up Resources: Learn how to configure Twingate Resources to gain access to private applications and services.

Last updated 4 days ago

Home

Guides

Use Cases

VPN Replacement

Infrastructure Access

Device Security Controls

Application Gating

Homelab & Personal Use Cases

Internet Security

Compliance

Architecture

Introduction to DNS

How Twingate Works

How DNS Works with Twingate

Twingate vs. VPNs

Twingate vs. Mesh VPNs

Peer-to-peer Communication

How NAT Traversal Works

How to troubleshoot peer-to-peer connections

Encryption in Twingate

API

Getting Started with the API

Exploring the APIs

Introduction to the Twingate Javascript CLI

Introduction to the Twingate Python CLI

Schema

Twingate Labs ↗

managing twingate

Quick Start

Automated Deployment

Connectors

Understanding Connectors

Deploying Connectors

Aptible Deployment

AWS Deployment

Azure Deployment

Linux Deployment

GCP Deployment

K8s Helm Chart Deployment

Connector Best Practices

Updating Connectors

Docker Container Upgrades

K8s Helm Chart Upgrades

Systemd Service Upgrades

Advanced Connector Management

Connector Metrics Overview

Real-time Connection Logs

Connector Details

Connector Metadata

Supporting Unqualified Domain Names

Connector Health Checks

Deployment Automation

Resources

Remote Networks

Best Practices

JIT Access Requests

Reviewing Access Requests

Usage-based Auto-lock

Ephemeral Access

Resource Tags

Aliases

Kubernetes

Route Traffic from Kubernetes

Manage Kubernetes using kubectl

Private Resources in Kubernetes

Publicly Exposed Resources in Kubernetes

Privileged Access for Kubernetes

Team

Users

Admins

How to Offboard Users

Social Logins

Groups

Identity Providers

Entra ID Configuration

Google Workspace Configuration

JumpCloud Configuration

Keycloak Configuration

Okta Configuration

OneLogin Configuration