[Bug]: Windows client not able to join network

[jivanyatra]

Contact Details

jivanyatra@gmail.com

What happened?

I have installed the Windows client, and I followed the instructions. When I open it and try to join a network via enrollment key, I see this error message:

If I close it, and reopen it, I see this:

If I open a command prompt and try to run netclient.exe help , a User Account Control window opens so I hit "Yes" to allow netclient to make changes. Then another command-prompt window pops up briefly, disappears, but nothing is displayed onscreen.

HOWEVER!! If I input the command netclient.exe daemon (figuring I can start it manually), I get a big log output (attached, though I edited out my home IP). Then after a minute, additional messages pop up, and I know I'm connected because I can see my PC on app.netmaker.io and I can access other hosts.

I can ALSO manually run netclient.exe join -t INSERT_ENROLLMENT_KEY and after a UAC approval and Firewall exception, it also works! (I DID try this first, then uninstalled/reinstalled to try to get error messages and screenshots, so the above daemon command output may or may not be helpful?)

So something about the GUI client is broken, and it may have to do with Access Control or Windows permissions? Every time I run the netclient.exe command in a command prompt, it asks for permission to make changes.

Not exactly sure if this is related to https://github.com/gravitl/netmaker/issues/1896, but perhaps? I don't self-host an egress/ingress server (yet?)... I use an account that's hosted by NetMaker. I wonder if my workaround might also work for them?

Anyway, I'm new to NetMaker, and I'm happy to work with you and test to solve this bug.

Version

v0.21.0

What OS are you using?

Windows

Relevant log output

[netclient.exe] 2023-10-15 04:20:31 migration to v0.18 started
daemon called
[netclient.exe] 2023-10-15 04:20:31 error running command: Set-NetIPInterface -Forwarding Enabled
[netclient.exe] 2023-10-15 04:20:31
[netclient.exe] 2023-10-15 04:20:31 WARNING: Error encountered setting ip forwarding. This can break functionality.
completed pull for server 30c4cdac-6abc-4bed-bddf-0f159808cc3e.app.prod.netmaker.io
[netclient.exe] 2023-10-15 04:20:32 adding addresses to netmaker interface
[netclient.exe] 2023-10-15 04:20:32 Starting Proxy...
[netclient.exe] 2023-10-15 04:20:32 initialized endpoint detection on port 51722
[netclient.exe] 2023-10-15 04:20:32 set nat info: &{MY.HOME.IP.ADDR 192.168.1.15 51722 51722 false symmetric}
[GIN-debug] [WARNING] Creating an Engine instance with the Logger and Recovery middleware already attached.

[GIN-debug] [WARNING] Running in "debug" mode. Switch to "release" mode in production.
 - using env:   export GIN_MODE=release
 - using code:  gin.SetMode(gin.ReleaseMode)

[GIN-debug] GET    /status                   --> github.com/gravitl/netclient/functions.status (3 handlers)
[GIN-debug] POST   /register                 --> github.com/gravitl/netclient/functions.register (3 handlers)
[GIN-debug] GET    /network/:net             --> github.com/gravitl/netclient/functions.getNetwork (3 handlers)
[GIN-debug] GET    /allnetworks              --> github.com/gravitl/netclient/functions.getAllNetworks (3 handlers)
[GIN-debug] GET    /netclient                --> github.com/gravitl/netclient/functions.getNetclient (3 handlers)
[GIN-debug] POST   /connect/:net             --> github.com/gravitl/netclient/functions.connect (3 handlers)
[GIN-debug] POST   /leave/:net               --> github.com/gravitl/netclient/functions.leave (3 handlers)
[GIN-debug] GET    /servers                  --> github.com/gravitl/netclient/functions.servers (3 handlers)
[GIN-debug] POST   /uninstall                --> github.com/gravitl/netclient/functions.uninstall (3 handlers)
[GIN-debug] GET    /pull/:net                --> github.com/gravitl/netclient/functions.pull (3 handlers)
[GIN-debug] POST   /nodepeers                --> github.com/gravitl/netclient/functions.nodePeers (3 handlers)
[GIN-debug] POST   /join                     --> github.com/gravitl/netclient/functions.join (3 handlers)
[GIN-debug] POST   /sso                      --> github.com/gravitl/netclient/functions.sso (3 handlers)
[netclient.exe] 2023-10-15 04:20:34 Starting Turn Listener:  134.209.220.128:36865 30c4cdac-6abc-4bed-bddf-0f159808cc3e.app.prod.netmaker.io
{"time":"2023-10-15T04:20:35.8109529-04:00","level":"ERROR","source":"mqhandlers.go 133}","msg":"error updating client to server's version","error":"remove C:\\Program Files (x86)\\Netclient\\netclient.exe: Access is denied."}

==== I only edited out my home IP above, it was there correctly ====
==== After a minute, this came up ====
[netclient.exe] 2023-10-15 04:22:52 Starting proxy for Peer:  Q/7YDe2i89xn0K4x/qgO45lUr3QAs0jQzKD9MLoTTSI=
[netclient.exe] 2023-10-15 04:22:52 ----> Established Remote Conn with RPeer: Q/7YDe2i89xn0K4x/qgO45lUr3QAs0jQzKD9MLoTTSI=, ----> RAddr: 134.209.220.128:46405
[netclient.exe] 2023-10-15 04:22:52 updating interface netmaker peer Q/7YDe2i89xn0K4x/qgO45lUr3QAs0jQzKD9MLoTTSI=: endpoint 127.0.0.1:58988

Contributing guidelines

• [X] Yes, I did.

[jivanyatra]

I THOUGHT the version I was using was the latest, 0.21.0... Reading the logs I see a message that says "migration to v0.18 started"... And I downloaded it via the Windows instructions link in app.netmaker.io's interface for adding a host.

Also, worth pointing out... If I launch an elevated command prompt, and I execute netclient.exe commands, they seem to work just I'd expect on Linux. netclient.exe list no longer has any trouble listing connected networks.

[jivanyatra]

Update: So it seems to connect, but after a while it no longer does. The netmaker.io interface shows it as either Warning or Error.

In an elevated command prompt, I can run netclient list and it shows the network. It claims to be connected, but I cannot ping the other ips, nor can I access their services via the dns entry+port. If I run netclient join -t ENROLLMENT_KEY again, I still cannot access the other hosts. Not sure why it all of a sudden stopped...

[jivanyatra]

Update:

Okay, figured things out. For reference, I'm on an AMD64 machine, and I foolishly tried to use the x86.msi installer. This is what I did to get things up and running:

• Deleted config files in C:\Program Files (x86)\Netclient\
• Moved logs files from that folder to elsewhere
• Using Win 11's Add/Remove prompt, uninstall Netclient
• Download the latest netclient-windows-amd64.exe (which is the CLI app)
• Open elevated Powershell window.
• Navigate to Downloads folder.
• Run .\netclient-windows-amd64.exe install. Click ALLOW on the Security prompt! In the terminal window, you should see:
• Run .\netclient-windows-amd64.exe join -t ENROLLMENT KEY
• Then, download the netclient-gui-windows-amd64.exe
• You may need to allow connection through the firewall using the instructions in their documentation. I did as part of my troubleshooting, but now that it's working, I'm loathe to mess with it and I don't need to worry about the security implications in my use case. YMMV.
• Open an explorer window and double-click to run the gui application.
• It will open without any errors and it will show your NetMaker network name, and also show whether you are connected or not. The toggle should work. You can also click the network name to view details.
• DO NOT go to File > Host Settings !! The app will cease to function and you will need to restart it.

In short, do not use the installer, since most modern windows 10 and 11 installs are 64-bit.

Use the correct amd64 CLI app to install via administrator-level powershell. Then use it also to join the network.

Use the correct amd64 gui app to toggle status.

Whatever is going on with the installer, it is not installing the daemon correctly or successfully. Perhaps using the x86.msi installer but manually creating a service will work? I haven't tried it and don't have a need. Good luck to you all, and here's hoping NetMaker puts out a working 64-bit windows installer in the future! NetMaker works great and I love it, even if it is still rough around the edges at this time.

[JohnsonCN-Ben]

Thanks for the deterministic way of installing - I had almost given up on Netmaker as the one Windows node we wanted to all see was only limping along. I could get a few packets from time to time.

Nuked it's install (misexec /uninstall bad-x86install-we-accidently-got.msi) and followed your example, and it works perfectly now.

[jivanyatra]

@JohnsonCN-Ben glad I could help!

[jivanyatra]

@afeiszli @mattkasun

Sorry for pinging you both! I don't see guidelines on if we should comment to keep issues open, or if they only go stale after a threshold, etc. Not sure what the etiquette is to keep issues open, but I'm hoping to keep this open and get some guidance.

I'm happy to contribute changes to the documentation pending the outcome.

[mighty-services]

Hy There´ I have the message like you described in the beginning updating interface netmaker peer ... endpoint 127.0.0.1:39410 on several peers. All of these lost connection. The ones with it´s real ip-address work great!

I´m using a self-hosted netmaker server and have the netclient deployed on several ubuntu maschines running 22.04 lts with latest updates. The netmaker server runs also on the latest version 0.21.0 in containers. The clients are on different sites, each running a different type of firewall.

[jivanyatra]

Hmmm, I have not encountered this issue on any of the Linux machines. I am also not self-hosting (yet). Sorry!