cloudflare-warp isn't working

ewwhash commented 1 year ago

Describe the bug

cloudflare-warp client is not working, neither wgcf is. It works in docker vm, so it's clearly a problem with managing DNS/nixos-fw. filestat /etc/resolv.conf is not changed at all, but on other distros it does. CloudflareWarp adapter isn't exist, and warp-svc says that network is unreachable. However, the RUST_BACKTRACE=debug hasn't enough information to properly identify the problem ip route is still points to default gateway iptables -vnL has 0.0.0.0/0 in every chain, but in other distros it creates firewall rules

Steps To Reproduce

Steps to reproduce the behavior:

/etc/nixos/configuration.nix networking.nameservers = [ "1.1.1.1" "1.1.0.1" ]; services.resolved.enable = false; networking.networkmanager.dns = "none"; environment.systemPackages = with pkgs; [cloudflare-warp nft]
sudo warp-svc && warp-cli register && warp-cli connect
warp-svc points that network is unreachable

Expected behavior

warp-svc should change the DNS and ip route, CloudflareWarp tun adapter should exist,

Notify maintainers

@WolfangAukang

Metadata

system: "x86_64-linux"
host os: Linux 5.15.88, NixOS, 23.05 (Stoat), 23.05pre444846.d7705c01ef0
multi-user?: yes
sandbox: yes
version: nix-env (Nix) 2.12.0
channels(chebuya): "nixos"
channels(root): "nixos"
nixpkgs: /nix/var/nix/profiles/per-user/root/channels/nixos

drishal commented 1 year ago

exactly the same issue here, used to work before with just using

 environment.systemPackages = with pkgs; [cloudflare-warp];
 systemd.packages = with pkgs; [ cloudflare-warp ];

Now the systemd service no longer works

WolfangAukang commented 1 year ago

@drishal Can you test it with this module? I have it working just fine, or at least I am getting warp=on on my device. @BrightYC To be honest, I never used these options you indicate together with Cloudflare Warp, so I have no idea on how to proceed here. If you have any recommendations, I can gladly help.

jeslinmx commented 11 months ago

Any chance you could upload your journalctl -u warp-svc?

drishal commented 11 months ago

@drishal Can you test it with this module? I have it working just fine, or at least I am getting warp=on on my device. @BrightYC To be honest, I never used these options you indicate together with Cloudflare Warp, so I have no idea on how to proceed here. If you have any recommendations, I can gladly help.

Unfortunately for now I switched back to arch Linux a few weeks back since nix had completrly broken mesa and vaapi on my system after an upgrade 😅

jeslinmx commented 9 months ago

Using it with @WolfangAukang's module works with the caveat that you have to manually run sudo warp-svc. The systemd unit doesn't work, so it has to be disabled with systemd.services.warp-svc.enable = false;. Specifically, it willl constantly restart (and on my system, causes the fans to go full tilt) due to these problems:

2023-11-27T02:07:45.980Z  WARN main_loop: warp::warp::dns_forwarding::linux: Couldn't associate address to localhost e=Os { code: 2, kind: NotFound, message: "No such file or directory" } ip=fd01:db8:1111::2
2023-11-27T02:07:45.981Z  WARN main_loop: warp::warp::dns_forwarding::linux: Couldn't associate address to localhost e=Os { code: 2, kind: NotFound, message: "No such file or directory" } ip=fd01:db8:1111::3
2023-11-27T02:07:45.981Z  WARN main_loop: warp::warp: Unable to bind local UDP socket error=Os { code: 99, kind: AddrNotAvailable, message: "Cannot assign requested address" } sockaddr=[fd01:db8:1111::2]:53
2023-11-27T02:07:45.981Z  WARN main_loop: warp::warp: Unable to bind local TCP socket error=Os { code: 99, kind: AddrNotAvailable, message: "Cannot assign requested address" } sockaddr=[fd01:db8:1111::2]:53
2023-11-27T02:07:45.981Z  WARN main_loop: warp::warp: Unable to bind local UDP socket error=Os { code: 99, kind: AddrNotAvailable, message: "Cannot assign requested address" } sockaddr=[fd01:db8:1111::3]:53
2023-11-27T02:07:45.981Z  WARN main_loop: warp::warp: Unable to bind local TCP socket error=Os { code: 99, kind: AddrNotAvailable, message: "Cannot assign requested address" } sockaddr=[fd01:db8:1111::3]:53
WARN main_loop: warp::warp::log_helpers: Failed to bind some UDP ports, but could not identify cause because: lsof command not found or does not accept valid input
Caused by:
   No such file or directory (os error 2)
2023-11-27T02:07:45.982Z ERROR main_loop: warp::warp::dns_recovery::unix: Error setting DNS servers Os { code: 30, kind: ReadOnlyFilesystem, message: "Read-only file system" }

So the problem is caused by the user systemd uses to run warp-svc not having the permissions to dynamically change the DNS server, bind UDP and TCP sockets, and possibly bind addresses to localhost.

Does anyone with deeper Linux/NixOS know how to give the user this permission?

jeslinmx commented 7 months ago

cloudflare-warp seems to now be working for me out of the box without any custom modules/configuration, or calling sudo warp-svc manually. Not sure when this was fixed, but thanks!

muneebusmani commented 7 months ago

how do you run and connect to warp? i tried but i have to manually run sudo warp-svc, which i absolutely hate to do, any proper solution yet?

muneebusmani commented 7 months ago

cloudflare-warp seems to now be working for me out of the box without any custom modules/configuration, or calling sudo warp-svc manually. Not sure when this was fixed, but thanks!

how do you connect to warp ? i know about sudo warp-svc , but what is the other way?

jeslinmx commented 7 months ago

In your configuration.nix,

  environment.systemPackages = [ pkgs.cloudflare-warp ]; # for warp-svc
  systemd.packages = [ pkgs.cloudflare-warp ]; # for warp-cli
  systemd.targets.multi-user.wants = [ "warp-svc.service" ]; # causes warp-svc to be started automatically

Then all you will need to do is warp-cli connect as an ordinary user.

muneebusmani commented 7 months ago

@ewwhash i think you should mark this as closed as the solution is here:

In your configuration.nix,

  environment.systemPackages = [ pkgs.cloudflare-warp ]; # for warp-svc
  systemd.packages = [ pkgs.cloudflare-warp ]; # for warp-cli
  systemd.targets.multi-user.wants = [ "warp-svc.service" ]; # causes warp-svc to be started automatically

Then all you will need to do is warp-cli connect as an ordinary user.

jeslinmx commented 7 months ago

Is there any interest to implement this as a module so we can simply do services.cloudflare-warp.enable?

muneebusmani commented 7 months ago

not yet

treyfortmuller commented 1 month ago

Now that https://github.com/NixOS/nixpkgs/pull/321142 is merged I think we're in good shape to close this issue. Happy to follow up if you run into any issues with the new module @ewwhash @jeslinmx

pxp9 commented 3 weeks ago

Hi, I got one issue,

Does anyone know what it is happening with warp-taskbar ?

I tried to open it but it crashed because of GTK

pxp9 commented 3 weeks ago

I am running Nixos 24 branch unstable

jeslinmx commented 3 weeks ago

I am also getting crashes but with a massive core dump. But maybe we should take this up in a different issue.

musjj commented 3 weeks ago

Are there any prerequisites for the service to work? I enabled it, but https://one.one.one.one/help stills shows No for every entry. I also tried to run warp-cli registration new and restarting the service, but it still does not work.

I'm also getting this error, not sure if it's relevant:

Aug 11 23:36:26 $HOST warp-svc[1115]: 2024-08-11T16:36:26.383Z ERROR warp::root_ca: This OS does not support custom root CA management

marcusramberg commented 3 weeks ago

For the warp-taskbar, you'll need to be using the provided user systemd service, see https://github.com/NixOS/nixpkgs/pull/323580 . @musjj even after enabling the cloudflare-warp service you'll need to connect with warp-cli or using the taskbar menu. (and register with your zero trust org if you're using it as a zero trust client.) I think this issue should be closed in favor of more specific issues with the package/module.

pxp9 commented 2 weeks ago

new issue created so this issue can be closed.

NixOS / nixpkgs