The Netrinos Edge Node is supported on Ubuntu 22.04 64 bit ARM or Intel (arm64 or amd64) or later. Please ensure you have a fully functional base operating system before installing.
Netrinos is distributed as a Debian (deb) package from:
https://dist.netrinos.com/linux/edgenode/
The Edge Node version of Netrinos was created without automatic dependency management in order to avoid potential conflicts with other proprietary software running on the system. So, manual dependency installation is required.
Netrinos is written in the Go programming language and is statically linked. This means that most of the dependencies are compiled into the binary. By doing this we have kept external dependencies to a minimum.
Netrinos also supports the Nvidia Jetpack version of Ubuntu. But getting the dependencies installed may be a challenge. Watch out for missing kernel modules related to WireGuard and nftables. See Installing Dependencies later in this document.
At the time of this writing, the external dependencies for Edge Node are:
You can check the dependencies with netrinos check.
$ netrinos check WireGuard kernel modules are available nftables kernel modules are available nmap is available
You may find it easier to install Netrinos before installing the dependencies. This is perfectly acceptable. This way you can use the netrinos check command to test for dependencies more easily.
With the dependencies in place, you are ready to install the Netrinos Edge Node client. The Edge Node version is only required on Edge Devices. Devices used for access just need the regular Netrinos client.
The easiest way is to use the one-line installer script. By default, it installs the latest version. But it can install other versions with a parameter.
$ sudo true; wget -O- https://dist.netrinos.com/linux/edgenode/install-edgenode.sh | sudo bash -s $ sudo true; wget -O- https://dist.netrinos.com/linux/edgenode/install-edgenode.sh | sudo bash -s daily $ sudo true; wget -O- https://dist.netrinos.com/linux/edgenode/install-edgenode.sh | sudo bash -s [version]
The installer will automatically install, enable and start the daemon.
To install the software manually, do something like this.
$ dpkg --print-architecture
arm64
$ wget https://dist.netrinos.com/linux/edgenode/netrinos-edgenode-linux_latest_arm64.deb
$ ls -l *.deb
-rw-rw-r-- 1 nvidia nvidia 4988252 May 17 14:55 netrinos-edgenode-linux_latest_arm64.deb
$ sudo dpkg -i ./netrinos-edgenode-linux_latest_arm64.deb
The binaries, config, and logs are installed in /usr/local/bin, /etc/netrinos, and /var/log/netrinos.
To check the status of the service, type netrinos at the command prompt.
$ netrinos
Netrinos Network Status v1.2.0 b240517.1453 Account: not authenticated
Agent: Running Tunnels: Stopped Internet: Online
*** No account information provided
usage: netrinos login [username]
This Computer offline
You should see that the Agent (service) is running by default. But the tunnels cannot start until you log in.
$ netrinos login
Username: demouser
Password: ********
demouser is authenticated
Alternatively, if you are scripting the install, the username and password can be provided on the command line. Use single quotes for special characters.
$ netrinos login demouser 'Pa$$word'
It can take up to 2 minutes for a new device to sync with the network. Please be patient. Each device checks in with the config server every 60s, looking for information about the other peers in your mesh network. A full cycle of all the devices checking in takes about 2 minutes.
You can check the status by typing netrinos.
$ netrinos
Netrinos Network Status v1.2.0 b240517.1453 Account: demouser
Agent: Running Tunnels: Running Internet: Online
This Computer testbox.demouser.2ho.ca 22s
Host1 edge0001.demouser.2ho.ca -
Host2 edge0002.demouser.2ho.ca 22s
Host3 edge0033.demouser.2ho.ca L 22s
Tech PC Windows tech1.demouser.2ho.ca -
Tech PC Linux tech2.demouser.2ho.ca L 2s
If you don't see any activity, wait another minute and try again. The number of seconds in the list is the last time the sync happened with that device.
If a node shows as a dash, it has not checked in yet. It could be offline or powered down. If it shows more than 120s, it was connected but is not anymore. It could be without an Internet connection, powered off, or sleeping.
Note, the "L" beside the counter indicates that the device is on your local network. Netrinos will still encrypt the traffic, but the data will not leave your LAN.
Once a connection shows as alive, it is available for IP communication.
$ ping edge0001.demouser.2ho.ca PING edge0001.demouser.2ho.ca (100.127.129.173) 56(84) bytes of data. 64 bytes from 100.127.129.173 (100.127.129.173): icmp_seq=1 ttl=64 time=3.09 ms 64 bytes from 100.127.129.173 (100.127.129.173): icmp_seq=2 ttl=64 time=3.71 ms 64 bytes from 100.127.129.173 (100.127.129.173): icmp_seq=3 ttl=64 time=3.69 ms
If you want to reset a previous installation of Netrinos. e.g. you are moving a box to a different location and you want to start over, you can reset. This is the same as manually deleting all of the config files.
$ netrinos uninstall $ netrinos reset $ netrinos install $ netrinos login
If the netrinos check command fails to find all the components it wants, you may have to install the dependencies. Depending on how the Linux kernel was provided, some of the dependencies may or not be pre-installed. e.g.
$ netrinos check WireGuard kernel modules are NOT available nftables kernel modules are NOT available nmap is available
If the Device has a current Linux kernel, it should already contain WireGuard. No other installation should be required.
By default, the WireGuard modules will load dynamically on first use. Otherwise, it will not show as installed. You can also force it to load as below. After loading, you should be able to see the modules with lsmod.
$ lsmod | grep wireguard
$ sudo modprobe wireguard
$ lsmod | grep wireguard
wireguard 90112 0
curve25519_neon 28672 1 wireguard
libchacha20poly1305 16384 1 wireguard
libcurve25519_generic 20480 2 curve25519_neon,wireguard
ip6_udp_tunnel 16384 1 wireguard
udp_tunnel 28672 1 wireguard
To test the installation further, try creating a test interface.
$ sudo ip link add dev test type wireguard
$ ip link show dev test
5: test: <POINTOPOINT,NOARP> mtu 1420 qdisc noop state...
$ sudo ip link del dev test
If either of these techniques does not work, you will need to install WireGuard manually. Unfortunately, Jetpack may take more engineering than just this.
$ sudo apt install wireguard
Nftables is a Linux kernel module that provides advanced packet filtering and network address translation capabilities. Netrinos Edge Node utilizes nftables to perform port forwarding to remote networks, effectively handling scenarios where IP subnets may conflict. nftables may also already exist in the kernel.
$ sudo apt install nftables
$ sudo systemctl enable nftables
$ sudo systemctl start nftables
$ sudo nft list tables
table inet filter
Nmap is a network scanning application that detects devices and open ports on a network. Netrinos uses the Nmap libraries to help it scan the network, detect devices, and identify ports needing forwarding.
$ sudo apt install nmap
$ nmap localhost
22/tcp open ssh