Linux Headless Mode

Home

Use Cases

VPN Replacement

Infrastructure Access

Device Controls

IP-based Access

Homelab & Personal Use Cases

Internet Security

Compliance

Architecture

How Twingate Works

How DNS Works with Twingate

Twingate vs. VPNs

Twingate vs. Mesh VPNs

Peer-to-peer Communication

API

Getting Started with the API

Twingate Labs ↗

additional resources

Help Center ↗

Changelog

FAQ

Twingate Trust Center

GDPR Compliance

HIPAA Compliance

PCI Compliance

SOC 2 Report

Responsible Disclosure Policy

Headless mode requires a Service Key

See the Services documentation for information on how to create a Service account and Service Keys.

Twingate’s existing Linux Client may be used in either interactive mode or headless mode.

Interactive mode is the default mode and is documented in our Linux Client documentation. The same platform support and installation instructions apply.
Headless mode is accessed by passing a --headless parameter to the twingate setup command with the path to a valid Service Key specified. The Service Key is obtained from the Service configuration in the Twingate Admin console.

Working with the Linux Client in headless mode

The Twingate Client needs access to certain capabilities on the host system in order to set up a network tunnel. You must add the following parameters to the Docker run command for the Client to operate correctly:

--device /dev/net/tun --cap-add NET_ADMIN

Installation & configuration

The Linux Client is installed by following the existing installation process.
Configure the Linux Client in headless mode by running the twingate setup command with the --headless parameter.

For example:

curl https://binaries.twingate.com/client/linux/install.sh | sudo bash
sudo twingate setup --headless /path/to/service_key.json

Additional command line parameters, including the ability to set the default log level, are available. More information is available by running twingate help setup.

Starting & stopping the Client

# Start the client
sudo twingate start

# Check client status
twingate status

# Stop the client
sudo twingate stop

Troubleshooting

The Linux Client runs as a systemd service with logs retrievable via journalctl.

# Retrieve recent client logs
sudo journalctl -u twingate --since "1 hour ago"

Last updated 8 hours ago

Home

Use Cases

VPN Replacement

Infrastructure Access

Device Controls

IP-based Access

Homelab & Personal Use Cases

Internet Security

Compliance

Architecture

How Twingate Works

How DNS Works with Twingate

Twingate vs. VPNs

Twingate vs. Mesh VPNs

Peer-to-peer Communication

API

Getting Started with the API

Twingate Labs ↗

managing twingate

Quick Start

Automated Deployment

Connectors

Understanding Connectors

Deploying Connectors

Best Practices

Updating Connectors

Advanced Connector Management

Resources

Remote Networks

Team

Users

Groups

Identity Providers

Security Policies

Policy Guides

Two-Factor Authentication

Devices

Client Application

Managed Devices

Device Administration

Services

Headless Clients

CI/CD Configuration

Analytics

Admin Actions Report

Detailed Network Event Schema

Analyzing Network Traffic

User Activity Report

Internet Security

DNS-over-HTTPS (DoH)

NextDNS Integration

Administration

Admin Console Security

Subscription management

additional resources

Help Center ↗

Changelog

FAQ

Twingate Trust Center

GDPR Compliance

HIPAA Compliance

PCI Compliance

SOC 2 Report

Responsible Disclosure Policy

VPN Replacement

Infrastructure Access

Device Controls

IP-based Access

Homelab & Personal Use Cases

Internet Security

Compliance

How Twingate Works

How DNS Works with Twingate

Twingate vs. VPNs

Twingate vs. Mesh VPNs

Peer-to-peer Communication

Getting Started with the API

Automated Deployment

Understanding Connectors

Deploying Connectors