Overview
After some recent Machine Job Infrastructure maintenance in June of 2026, some users have experienced issues with establishing outbound Twingate (UDP VPN) tunnels on CircleCI Linux machine executors. The Twingate client would authenticate and start but hang indefinitely at "Waiting for status…" without reaching "Online." The root cause was identified as a CIDR collision due to changes in the machine-agent's networking configuration, and there is a solution.
Prerequisites
- Ensure you have access to modify your Twingate configuration.
- Familiarity with network configurations and CIDR notations.
Solution
The issue was caused by a CIDR collision introduced by the infrastructure change, which moved Linux machine executor runners into a VPC using the 10.0.0.0/16 range. This conflicted with a Twingate resource routing the same range, causing DNS and connectivity issues.
Steps to Resolve:
-
Identify the CIDR Collision:
- Confirm if your Twingate configuration routes the 10.0.0.0/16 range.
- Use
resolvectlon the runner to check the DNS server configuration. Look for entries likeCurrent DNS Server: 10.0.0.2.
-
Modify Twingate Configuration:
- Remove or adjust the overlapping 10.0.0.0/16 route from your Twingate configuration.
- Ensure that the Twingate routes do not conflict with the runner's VPC DNS.
-
Verify the Solution:
- Restart the Twingate service and check if the client reaches "Online" status.
- Monitor the job execution to ensure there are no further connectivity issues.
Comments
Article is closed for comments.