In addition to the systray icon and GUI of the regular client, Netrinos also has a command line interface. The GUI was designed primarily end user convenience. It does not include the full functionality of Netrinos. The Netrinos cli provides more functionality and can be useful for things like scripted installs. Typing netrinos help will give you a basic summary.
$ netrinos help
Netrinos Network Status
usage: netrinos <commands> ... where <commands> are:
status, config, version Show status, config, version
loop Show the status updating
login [username], logout Add credentials
log [n] Show and follow the log file, last 'n' lines
install, uninstall * Install or uninstall the Netrinos service
agent [status|start|stop] * Start or stop the Agent service
tunnel [status|start|stop] Start or stop the WireGuard tunnel nwg0 interface
set autostart [yes|no] Start the tunnel on boot
wg, wgw * Show WireGuard tunnels with names, etc.
relay set {host} {dest,...} Configure relay traffic
relay set none Remove all relays
relay [enable|disable] Turn relaying on or off
run * Run in the foreground with logging to the console
help This help
* Requires elevated privileges
netrinos status
Status (or just netrinos with no other arguments) will show you the network status
$ netrinos
Netrinos Network Status v1.2.0 b240517.1453 Account: demouser
Agent: Running Tunnels: Running Internet: Online
This Computer testbox.demouser.2ho.ca 22s
Host1 edge0001.demouser.2ho.ca -
Host2 edge0002.demouser.2ho.ca 22s
Host3 edge0033.demouser.2ho.ca L 22s
Tech PC Windows tech1.demouser.2ho.ca -
Tech PC Linux tech2.demouser.2ho.ca L 2s
Account is the user account you are currently logged in to. If it shows unauthenticated, you need to log in.
Agent shows if the Netrinos service is running or not. Netrinos as a configuration manager for WireGuard. When its running, it will check in with Netrinos every 60 seconds looking for changes to the peers.
Tunnels shows if the Wireguard network is running. The tunnels are independent of the configuration service.
Internet shows if your Internet connection is currently working. It tries to contact Google as the test.
This Computer is the computer you are currently on.
testbox.demouser.2ho.ca is the FQDN (fully qualified domain name) of this device. It is a DNS name that resolves to the private IP of this device.
22s is the time that has elapsed since this device last contacted the Netrinos config server or the other device. If you are online, it should always be less than 120s or so.
Host1,2,3 etc are the other devices in your network, along with their FQDN and time sine they were last contacted.
netrinos config
Shows additional information from the Netrinos configuration file.
$ netrinos config
Netrinos Network Control v1.2.0
Username: demouser
Tunnel Name: testbox.demouser.2ho.ca
Secure IP: 100.64.129.168
Config Broker: hub.2ho.ca
Last Contact: 3s ago
Account Server: https://app.netrinos.com
Public Key: abc123abc123abc123abc123abc123abc123abc123a=
Local Endpoint: 192.168.1.112:51820
Node Type: EdgeNode
WireGuard Mode: requires elevation
NFTables: not found
Relay Hosting: Disabled
Relay Routes: none
Tunnel: Running
Internet: Connected
AutoStart: Enabled
Version: 1.2.0
Build: 240517.1453
Autostart indicates if the tunnels are set to start automatically on the device booting.
Relay Hosting and Relay are not used in the context of the Edge Node.
Tunnel Name is the FQDN of this box. This is the name other devices use to contact this node. SecureIP it the corresponding Private IP of that name. This address is not exposed to the public Internet. To access it, you must be running a Netrinos client with an account that has permission to access it.
netrinos version
Display the version of the Netrinos software. Useful for scripting.
netrinos loop
Display the status and refresh every second. Useful for monitoring.
netrinos logout
Log out of the netrinos network and go offline until you log in again
netrinos login
Log this box into a Netrinos account. The username and password is optional on the command line. If not provided, you will be prompted. This is scriptable on if you add the username and password on the command line. Be sure to use single quotes if the password contains special characters.
$ netrinos login
Username: demouser
Password: ********
demouser is authenticated
$ netrinos login demouser 'Pa$$word'
The password is used only at the initial login. After this, Netrinos uses access tokens. The password is not stored on the device.
netrinos log
This is a convenience option and is equivalent to:
tail: -f var/log/netrinos/netrinos.log
$ netrinos log Watching: /var/log/netrinos/netrinos.log (press ^C to cancel) 2024/05/18 10:46:21 edge0001.demouser.2ho.ca AllowedIPs: 100.64.37.127/32 2024/05/18 10:46:21 edge0001.demouser.2ho.ca AllowedIPs: 100.64.37.144/32 2024/05/18 10:46:22 tech1.demouser.2ho.ca AllowedIPs: 100.64.37.154/32 2024/05/18 10:46:22 peers - edge0001, tech1, edge0003(local) 2024/05/18 10:46:22 sync - complete - waiting
netrinos install, uninstall
This will install or uninstall the Netrinos service. Netrinos install is equivalent to:
$ sudo systemctl enable netrinos-edgenode $ sudo systemctl start netrinos-edgenode
netrinos agent [status|start|stop]
This is equivalent to:
$ sudo systemctl status netrinos-edgenode $ sudo systemctl start netrinos-edgenode
$ sudo systemctl stop netrinos-edgenode
netrinos tunnel [ status | start | stop ]
This will bring the WireGuard interface nwg0 up, down, or check its status. It is similar to the native WireGuard commands. However, Netrinos does not use this method to control WireGuard.
$ sudo wg-quick up nwg0 $ sudo wg-quick down nwg0 $ sudo systemctl enable wg-quick@nwg0 $ sudo systemctl status wg-quick@nwg0 $ sudo systemctl disable wg-quick@nwg0
netrnos set autostart [ yes | no ]
Changes the Netrinos client's settings to start automatically when the device boots. The default is yes.
netrinos wg, wgw
This is similar to the native WireGuard wg command, except that it adds information and aims to be friendlier. It can also search for a specific device without having to look through the whole list. The wgw command gives its output in a wide format that is easier to use with many devices.
$ netrinos wg self: nwg0 public key: nkmX7uqtA0RC8QFPnmO8Bz8WdKMYu91U3Ed+gxuxNic= private ip: 100.64.37.168: listening port: 51820 peer: hub.2ho.ca public key: 7W6tOXILETJdHX2Wcf5o+c2zzDCbHxO6U/RSu2F7zAo= endpoint: 159.203.29.105:51820 allowed ips: 100.127.128.0/18 latest handshake: 55s transfer: 124 B received, 212 B sent persistent keepalive: every 25s peer: edge0001.demouser.2ho.ca public key: s5q6Pdd1SGwYa0EwGov80AskZKoiuljOO6Yd9YM2I04= endpoint: 99.254.15.188:51820 allowed ips: 100.64.37.195/32 latest handshake: 55s transfer: 92 B received, 244 B sent persistent keepalive: every 25s
$ netrinos wg edge0001 self: nwg0 public key: nkmX7uqtA0RC8QFPnmO8Bz8WdKMYu91U3Ed+gxuxNic= private ip: 100.64.37.168: listening port: 51820 peer: edge0001.demouser.2ho.ca public key: 5rnUmK0J3bbvYOdlpfEX5c4v13XksO5rKFuB+VthWHU= endpoint: 123.124.125.126:51820 allowed ips: 100.64.129.144/32 latest handshake: - transfer: 0 B received, 1332 B sent persistent keepalive: every 25s
$ netrinos wgw Type PublicKey Name SecureIP Endpoint LastHS Rec Sent AllowedIPs self nkmX7uqtA0RC8QFPnmO8Bz8WdKMYu91U3Ed+gxuxNic= testbox.demouser.2ho.ca 100.64.37.168 0.0.0.0:51820 peer 7W6tOXILETJdHX2Wcf5o+c2zzDCbHxO6U/RSu2F7zAo= hub.2ho.ca 100.127.128.1 159.203.29.105:51820 0s 92B 180B 100.127.128.0/18 peer s5q6Pdd1SGwYa0EwGov80AskZKoiuljOO6Yd9YM2I04= edge0001.demouser.2ho.ca 100.64.37.195 99.254.15.188:51820 0s 92B 180B 100.64.37.195/32 peer 7sxlDqklY5RYdaUUGai5Hb+A69Oq/mt2eInpKqA7x2g= edge0002.demouser.2ho.ca 100.64.37.173 184.147.65.134:51820 0s 92B 180B 100.64.37.173/32 peer Jse8DaQaxB868xpy6Xe39tqn5wqx4JDfTdRjKP9VmS0= edge0003.demouser.2ho.ca 100.64.37.141 192.168.10.222:51820 0s 92B 180B 100.64.37.141/32
netrinos relay...
Generic masquerading in the regular Netrinos client. This has no context in the Edge Node as it provides much more specific port forwarding features.
netrinos run
Runs the agent in the console and not in a service. This can be useful for debugging.