Linux Headless Mode
Headless mode requires a Service Key
See the Services documentation for information on how to create a Service account and Service Keys.
Twingate’s existing Linux Client may be used in either interactive mode or headless mode.
- Interactive mode is the default mode and is documented in our Linux Client documentation. The same platform support and installation instructions apply.
- Headless mode is accessed by passing a
--headlessparameter to the
twingate setupcommand with the path to a valid Service Key specified. The Service Key is obtained from the Service configuration in the Twingate Admin console.
Working with the Linux Client in headless mode
The Twingate Client needs access to certain capabilities on the host system in order to set up a network tunnel. You must add the following parameters to the Docker run command for the Client to operate correctly:
--device /dev/net/tun --cap-add NET_ADMIN
Installation & configuration
- The Linux Client is installed by following the existing installation process.
- Configure the Linux Client in headless mode by running the
twingate setupcommand with the
curl https://binaries.twingate.com/client/linux/install.sh | sudo bash sudo twingate setup --headless /path/to/service_key.json
Additional command line parameters, including the ability to set the default log level, are available. More information is available by running
twingate help setup.
Starting & stopping the Client
# Start the client sudo twingate start # Check client status twingate status # Stop the client sudo twingate stop
The Linux Client runs as a
systemd service with logs retrievable via
# Retrieve recent client logs sudo journalctl -u twingate --since "1 hour ago"
Last updated 8 hours ago