Installing Netrinos Edge Node on Ubuntu

The Netrinos Edge Node is supported on Ubuntu 22.04 64 bit ARM or Intel (arm64 or amd64) or later. Please ensure you have a fully functional base operating system before installing.

Netrinos is distributed as a Debian (deb) package from:


The Edge Node version of Netrinos was created without automatic dependency management in order to avoid potential conflicts with other proprietary software running on the system. So, manual dependency installation is required.

Netrinos is written in the Go programming language and is statically linked. This means that most of the dependencies are compiled into the binary. By doing this we have kept external dependencies to a minimum. 

Netrinos also supports the Nvidia Jetpack version of Ubuntu. But getting the dependencies installed may be a challenge. Watch out for missing kernel modules related to WireGuard and nftables. See Installing Dependencies later in this document.

At the time of this writing, the external dependencies for Edge Node are:

Checking Dependencies

You can check the dependencies with netrinos check.

$ netrinos check
WireGuard kernel modules are available
nftables kernel modules are available
nmap is available

You may find it easier to install Netrinos before installing the dependencies. This is perfectly acceptable. This way you can use the netrinos check command to test for dependencies more easily.

Installing Netrinos

With the dependencies in place, you are ready to install the Netrinos Edge Node client. The Edge Node version is only required on Edge Devices. Devices used for access just need the regular Netrinos client. 

The easiest way is to use the one-line installer script. By default, it installs the latest version. But it can install other versions with a parameter.

$ sudo true; wget -O- | sudo bash -s
$ sudo true; wget -O- | sudo bash -s daily
$ sudo true; wget -O- | sudo bash -s [version]

The installer will automatically install, enable and start the daemon. 

To install the software manually, do something like this.

$ dpkg --print-architecture

$ wget

$ ls -l *.deb
-rw-rw-r-- 1 nvidia nvidia 4988252 May 17 14:55 netrinos-edgenode-linux_latest_arm64.deb

$ sudo dpkg -i ./netrinos-edgenode-linux_latest_arm64.deb

The binaries, config, and logs are installed in /usr/local/bin/etc/netrinos, and /var/log/netrinos.

To check the status of the service, type netrinos at the command prompt. 

$ netrinos
Netrinos Network Status v1.2.0  b240517.1453              Account: not authenticated

       Agent: Running          Tunnels: Stopped         Internet: Online       

*** No account information provided
    usage: netrinos login [username]

This Computer                                                            offline

You should see that the Agent (service) is running by default. But the tunnels cannot start until you log in.

$ netrinos login 
Username: demouser
Password: ********
demouser is authenticated

Alternatively, if you are scripting the install, the username and password can be provided on the command line. Use single quotes for special characters.

$ netrinos login demouser 'Pa$$word'

It can take up to 2 minutes for a new device to sync with the network. Please be patient. Each device checks in with the config server every 60s, looking for information about the other peers in your mesh network. A full cycle of all the devices checking in takes about 2 minutes. 

You can check the status by typing netrinos

$ netrinos 
Netrinos Network Status v1.2.0  b240517.1453                   Account: demouser

       Agent: Running          Tunnels: Running         Internet: Online       

This Computer                               22s
Host1                                        -
Host2                                      22s
Host3                               L      22s
Tech PC Windows                                 -
Tech PC Linux                          L       2s

If you don't see any activity, wait another minute and try again. The number of seconds in the list is the last time the sync happened with that device.

If a node shows as a dash, it has not checked in yet. It could be offline or powered down. If it shows more than 120s, it was connected but is not anymore. It could be without an Internet connection, powered off, or sleeping.

Note, the "L" beside the counter indicates that the device is on your local network. Netrinos will still encrypt the traffic, but the data will not leave your LAN.

Once a connection shows as alive, it is available for IP communication.

$ ping
PING ( 56(84) bytes of data.
64 bytes from ( icmp_seq=1 ttl=64 time=3.09 ms
64 bytes from ( icmp_seq=2 ttl=64 time=3.71 ms
64 bytes from ( icmp_seq=3 ttl=64 time=3.69 ms

Additional Notes

If you want to reset a previous installation of Netrinos. e.g. you are moving a box to a different location and you want to start over, you can reset. This is the same as manually deleting all of the config files.

$ netrinos uninstall
$ netrinos reset
$ netrinos install
$ netrinos login

Installing Dependencies

If the netrinos check command fails to find all the components it wants, you may have to install the dependencies. Depending on how the Linux kernel was provided, some of the dependencies may or not be pre-installed. e.g.

$ netrinos check
WireGuard kernel modules are NOT available
nftables kernel modules are NOT available
nmap is available

Installing WireGuard

If the Device has a current Linux kernel, it should already contain WireGuard. No other installation should be required.

By default, the WireGuard modules will load dynamically on first use. Otherwise, it will not show as installed. You can also force it to load as below. After loading, you should be able to see the modules with lsmod.

$ lsmod | grep wireguard
$ sudo modprobe wireguard
$ lsmod | grep wireguard
wireguard              90112  0
curve25519_neon        28672  1 wireguard
libchacha20poly1305    16384  1 wireguard
libcurve25519_generic    20480  2 curve25519_neon,wireguard
ip6_udp_tunnel         16384  1 wireguard
udp_tunnel             28672  1 wireguard

To test the installation further, try creating a test interface.

$ sudo ip link add dev test type wireguard
$ ip link show dev test
5: test: <POINTOPOINT,NOARP> mtu 1420 qdisc noop state...
$ sudo ip link del dev test

If either of these techniques does not work, you will need to install WireGuard manually. Unfortunately, Jetpack may take more engineering than just this.

$ sudo apt install wireguard

Installing nftables

Nftables is a Linux kernel module that provides advanced packet filtering and network address translation capabilities. Netrinos Edge Node utilizes nftables to perform port forwarding to remote networks, effectively handling scenarios where IP subnets may conflict. nftables may also already exist in the kernel.

$ sudo apt install nftables
$ sudo systemctl enable nftables
$ sudo systemctl start nftables
$ sudo nft list tables
table inet filter

Installing Nmap

Nmap is a network scanning application that detects devices and open ports on a network. Netrinos uses the Nmap libraries to help it scan the network, detect devices, and identify ports needing forwarding.

$ sudo apt install nmap
$ nmap localhost
22/tcp open  ssh