Twingate Headless Client Gateway
Problem
IoT devices, network appliances, and other embedded systems can't run the Twingate client but still need secure access to Twingate-protected resources. There was no official solution for environments where devices couldn't run agents - a gap that came up regularly in customer conversations, particularly in operational technology and smart office deployments.
Approach
Built a Bash script that configures a Linux host as a local network gateway, combining IP forwarding and DNS proxy configuration with a Twingate headless client. Other devices on the network point to this host for their default gateway and DNS resolution, which aggregates all their outbound traffic through the single headless client and into the Twingate network. The setup is non-destructive to the host and reversible.
Outcome
Enables zero trust access for devices that can't run agents, solving a common customer ask with no official solution at the time. The project was published under the Twingate-Solutions organization and accompanied by a technical document on the Twingate documentation portal, making it a supported deployment pattern rather than an ad-hoc workaround.