search

netbirdio / netbird

Connect your devices into a secure WireGuard®-based overlay network with SSO, MFA and granular access controls.
https://netbird.io
BSD 3-Clause "New" or "Revised" License
11.31k stars 518 forks source link

Signal didnt receive a registration header #2081

Open MichalNemec opened 6 months ago

MichalNemec commented 6 months ago

Describe the problem

No header sent from signal

To Reproduce

Steps to reproduce the behavior:

  1. default netbird self hosted
  2. keycloak
  3. nginx proxy

Expected behavior

signal should work properly

Are you using NetBird Cloud?

-

NetBird version

0.27.10

NetBird status -d output:

-

Screenshots

-

Additional context

sudo netbird up -F --log-level debug --setup-key DC5D5E9B-52B4-485E-B440-9918F49D9C7C --management-url https://vpn.domain.com:33073
2024-05-31T04:49:08+02:00 DEBG client/internal/login.go:93: connecting to the Management service https://vpn.domain.com:33073
2024-05-31T04:49:09+02:00 DEBG client/internal/login.go:63: connected to the Management service https://vpn.domain.com:33073
2024-05-31T04:49:10+02:00 DEBG client/internal/login.go:93: connecting to the Management service https://vpn.domain.com:33073
2024-05-31T04:49:11+02:00 DEBG client/internal/login.go:63: connected to the Management service https://vpn.domain.com:33073
2024-05-31T04:49:12+02:00 INFO client/internal/connect.go:119: starting NetBird client version 0.27.10 on darwin/arm64
2024-05-31T04:49:12+02:00 DEBG client/internal/connect.go:180: connecting to the Management service vpn.domain.com:33073
2024-05-31T04:49:12+02:00 DEBG client/internal/connect.go:188: connected to the Management service vpn.domain.com:33073
2024-05-31T04:49:14+02:00 DEBG signal/client/grpc.go:92: connected to Signal Service: vpn.domain.com:443
2024-05-31T04:49:14+02:00 DEBG client/internal/routemanager/systemops.go:83: Route for 0.0.0.0: interface &{26 1500 bridge100 d6:57:63:3d:24:64 up|broadcast|multicast|running} nexthop <nil>, preferred source 192.168.64.1
2024-05-31T04:49:14+02:00 DEBG client/internal/routemanager/systemops.go:88: No next hop found for ip 0.0.0.0, using preferred source 192.168.64.1
2024-05-31T04:49:14+02:00 DEBG client/internal/routemanager/systemops.go:83: Route for ::: interface &{21 1380 utun5  up|pointtopoint|multicast|running} nexthop fe80::, preferred source fe80::a4db:6535:d476:7cd3
2024-05-31T04:49:14+02:00 DEBG client/internal/routemanager/routemanager.go:52: Increasing route ref count 0 for prefix IP/32
2024-05-31T04:49:14+02:00 DEBG client/internal/routemanager/routemanager.go:56: Adding route for prefix IP/32
2024-05-31T04:49:14+02:00 DEBG client/internal/routemanager/systemops.go:83: Route for IP: interface &{12 1500 en0 d4:57:63:d3:05:74 up|broadcast|multicast|running} nexthop 192.168.0.1, preferred source 192.168.0.116
2024-05-31T04:49:14+02:00 DEBG client/internal/routemanager/systemops.go:171: Found next hop 192.168.0.1 for prefix IP/32 with interface &{12 1500 en0 d4:57:63:d3:05:74 up|broadcast|multicast|running}
2024-05-31T04:49:14+02:00 DEBG client/internal/routemanager/systemops.go:187: Adding a new route for prefix IP/32 with next hop 192.168.0.1
2024-05-31T04:49:14+02:00 DEBG client/internal/routemanager/routemanager.go:52: Increasing route ref count 1 for prefix IP/32
2024-05-31T04:49:14+02:00 INFO client/internal/routemanager/manager.go:93: Routing setup complete
2024-05-31T04:49:14+02:00 DEBG iface/wg_configurer_usp.go:37: adding Wireguard private key
2024-05-31T04:49:14+02:00 DEBG iface/tun_darwin.go:82: device is ready to use: utun100
2024-05-31T04:49:14+02:00 DEBG signal/client/grpc.go:137: signal connection state READY
2024-05-31T04:50:14+02:00 WARN signal/client/grpc.go:152: disconnected from the Signal Exchange due to an error: didn't receive a registration header from the Signal server whille connecting to the streams
2024-05-31T04:50:15+02:00 DEBG signal/client/grpc.go:137: signal connection state READY
2024-05-31T04:51:15+02:00 WARN signal/client/grpc.go:152: disconnected from the Signal Exchange due to an error: didn't receive a registration header from the Signal server whille connecting to the streams
2024-05-31T04:51:16+02:00 DEBG signal/client/grpc.go:137: signal connection state READY
2024-05-31T04:52:17+02:00 WARN signal/client/grpc.go:152: disconnected from the Signal Exchange due to an error: didn't receive a registration header from the Signal server whille connecting to the streams
2024-05-31T04:52:17+02:00 DEBG signal/client/grpc.go:137: signal connection state READY
TheRealGramdalf commented 4 months ago

I had this exact issue, in my case it was that the netbird-signal service wasn't proxied correctly. I use traefik, and while messing around with things I must have accidentally left an entrypoint: directive (essentially listen address) where I didn't mean to.

For reference, heres my current server config. Make sure the signal service is accessible on your https://domain.example.com:443 externally, not :80 or something like that.

IKA3RUS commented 2 months ago

I got the same error too with traefik. In my case, the issue was the Signal block in management.json had the port mentioned as :80 instead of the expected :443 - most probably because I must have accidentally changed NETBIRD_SIGNAL_PORT to 80 in the setup.env while setting it all up.

This is how the Signal block in management.json should look like

    "Signal": {
        "Proto": "https",
        "URI": "netbird.yourdomain.com:443",
        "Username": "",
        "Password": null
    },