In this article:

    Applicable to:

    • Twingate Client (all operating systems)

    Overview

    The Twingate Client relies on IP addresses within the 100.96/12 CGNAT range to facilitate secure communication between the Client, Connector, and Resources. Since Twingate assumes all traffic in this range is meant for its own encrypted connections, any unrelated services using CGNAT IPs may get blocked or misrouted.

    There are two common scenarios where this may cause issues:

    1. DNS resolution failures – If your system’s DNS servers use an IP within the 100.96/12 CGNAT range, it can cause DNS routing conflicts, leading to internet connectivity issues.

    2. Connectivity issues with non-Twingate CGNAT-based resources – If you use other services that also rely on CGNAT IPs, the Twingate Client may incorrectly drop traffic to those resources, even if they are unrelated to Twingate.

    This article explains how to identify, diagnose, and resolve these conflicts.

    Identifying the Issue

    Check Your System’s DNS Configuration

    To determine if your system is using a conflicting DNS IP, run the following command for your operating system:

    Windows

    Run in Command Prompt:

    ipconfig

    Linux

    Run in Terminal:

    ifconfig

    macOS

    Run in Terminal:

    scutil --dns

    Look for DNS servers assigned to your network interface. If any of them fall within the 100.96/12 CGNAT range, they are likely causing conflicts..

    Check If local network uses CGNAT IPs

    If you are unable to connect to specific non-Twingate resources, check if they use CGNAT IP addresses in the 100.96/12 range.

    1. Disable the Twingate Client and check if you can access the resource.
    2. Re-enable Twingate and attempt access again.
    3. If the resource is only inaccessible when Twingate is active, the issue is likely due to Twingate dropping traffic to CGNAT IPs.

    Solution/Workaround

    If You Are Experiencing a DNS Resolution Failure

    Change your system’s primary DNS servers to addresses outside the CGNAT range.

    Recommended public DNS servers:

    • Google DNS: 8.8.8.8 & 8.8.4.4
    • Quad9 DNS: 9.9.9.9 & 149.112.112.112

    If Your Network Uses CGNAT IP Space

    •  If you manage the resource, try assigning it a different IP outside the 100.96/12 range.
    •  If you cannot adjust the resource IP and must use this CGNAT range reach out to Support for additional troubleshooting.