[Docker]≥0.27.0, Failed to resolve host...network is unreachable

[anonymous-99529]

Describe the problem

OS: Synology NAS (DSM 7.2.1-69057 Update 4)

When I try installing the 0.26.3, 0.27.0, and 0.27.1 versions of the image in Docker, only 0.26.3 works, the rest register successfully up to the Management service, but after that they are unreachable.

I want to use the latest version, 0.27.0 or later, to use the new feature 'Exit Node'. I would be grateful if you could help me resolve the error.

Are you using NetBird Cloud?

YES

NetBird version

Docker offcial netbirdio image 0.26.3, 0.27.0, 0.27.1

Logs: 0.26.3

2024-04-06T07:26:53Z INFO client/internal/config.go:125: generating new config /etc/netbird/config.json
2024-04-06T07:26:59Z INFO client/internal/login.go:130: peer has been successfully registered on Management Service
2024-04-06T07:26:59Z INFO client/internal/connect.go:96: starting NetBird client version 0.26.3
2024-04-06T07:27:01Z WARN client/internal/wgproxy/factory_linux.go:15: failed to initialize ebpf proxy, fallback to user space proxy: field NbXdpProg: program nb_xdp_prog: map .rodata: map create: read- and write-only maps not supported (requires >= v5.2)
2024-04-06T07:27:01Z INFO iface/tun_usp_linux.go:33: using userspace bind mode
2024-04-06T07:27:01Z INFO iface/tun_usp_linux.go:45: create tun interface
2024-04-06T07:27:01Z INFO client/internal/dns/host_linux.go:68: System DNS manager discovered: file
2024-04-06T07:27:02Z INFO signal/client/grpc.go:156: connected to the Signal Service stream
2024-04-06T07:27:02Z INFO client/internal/connect.go:239: Netbird engine started, my IP is: _REDACTED_
2024-04-06T07:27:03Z INFO management/client/grpc.go:145: connected to the Management Service stream
2024-04-06T07:27:03Z WARN client/internal/engine.go:495: running SSH server is not permitted
2024-04-06T07:27:03Z ERRO client/internal/dns/server.go:317: unable to configure DNS for this peer using file manager without a nameserver group with all domains configured
2024-04-06T07:27:03Z INFO client/internal/acl/manager.go:52: ACL rules processed in: 4.044µs, total rules count: 0

Logs: 0.27.0, 0.27.1

2024-04-06T05:50:25Z INFO client/internal/login.go:130: peer has been successfully registered on Management Service
2024-04-06T05:50:25Z INFO client/internal/connect.go:96: starting NetBird client version 0.27.0
2024-04-06T05:50:27Z WARN client/internal/wgproxy/factory_linux.go:15: failed to initialize ebpf proxy, fallback to user space proxy: field NbXdpProg: program nb_xdp_prog: map .rodata: map create: read- and write-only maps not supported (requires >= v5.2)
2024-04-06T05:50:27Z INFO iface/tun_usp_linux.go:33: using userspace bind mode
2024-04-06T05:50:27Z ERRO client/internal/routemanager/manager.go:239: Failed to resolve host api.netbird.io: lookup api.netbird.io on 192.168.0.1:53: dial udp 192.168.0.1:53: connect: network is unreachable
2024-04-06T05:50:27Z ERRO client/internal/routemanager/manager.go:239: Failed to resolve host signal.netbird.io: lookup signal.netbird.io on 192.168.0.1:53: dial udp 192.168.0.1:53: connect: network is unreachable
2024-04-06T05:50:27Z INFO client/internal/routemanager/manager.go:83: Routing setup complete
2024-04-06T05:50:27Z INFO iface/tun_usp_linux.go:45: create tun interface
2024-04-06T05:50:28Z INFO client/internal/dns/host_linux.go:68: System DNS manager discovered: file
2024-04-06T05:51:07Z WARN signal/client/grpc.go:152: disconnected from the Signal Exchange due to an error: rpc error: code = Unavailable desc = connection error: desc = "keepalive ping failed to receive ACK within timeout"
2024-04-06T05:51:09Z ERRO util/grpc/dialer.go:17: Failed to dial: dial: dial tcp [2600:1901:0:adb3::]:443: connect: network is unreachable
2024-04-06T05:51:10Z ERRO util/grpc/dialer.go:17: Failed to dial: dial: dial tcp [2600:1901:0:adb3::]:443: connect: network is unreachable
2024-04-06T05:51:11Z ERRO util/grpc/dialer.go:17: Failed to dial: dial: dial tcp 35.186.199.111:443: connect: network is unreachable
2024-04-06T05:51:14Z ERRO util/grpc/dialer.go:17: Failed to dial: dial: dial tcp 35.186.199.111:443: connect: network is unreachable

[linkiofo]

That's what happened to me

[lixmal]

Can you please verify if that issue still occurs with v0.27.3?

[linkiofo]

@lixmal The V0.27.3 issue still exists

[lixmal]

Can you try if setting the env NB_USE_LEGACY_ROUTING=true or, one step further, NB_DISABLE_CUSTOM_ROUTING=true helps?

The first one will fallback to using plain routes to implement the exit node feature, the second one would completely disable it.

[linkiofo]

@lixmal Adding the NB_USE_LEGACY_ROUTING=true and NB_DISABLE_CUSTOM_ROUTING=true variables is still a problem, and I have not successfully run v0.26.3 or later.

[lixmal]

Can you clarify which screenshot corresponds to which test attempt? You should add the variables one at a time, not together.

The first screenshot hints at missing permissions, can you share which capabilities you're starting the container with?

The second screenshot hints at an expired or invalid setup key, can you verify if it's actually valid? You should keep those secret in any case

[DevilGenius]

v0.28.7 still has problems and can only be rolled back to v0.26.3.

logs:

2024-08-06T08:05:04Z ERRO util/grpc/dialer.go:38: Failed to dial: dial: dial tcp 35.186.199.111:443: i/o timeout 2024-08-06T08:05:14Z INFO util/grpc/dialer.go:75: DialContext error: context deadline exceeded 2024-08-06T08:05:14Z INFO management/client/grpc.go:55: createConnection error: context deadline exceeded 2024-08-06T08:05:14Z ERRO management/client/grpc.go:63: failed creating connection to Management Service: context deadline exceeded 2024-08-06T08:05:14Z ERRO client/internal/login.go:96: failed connecting to the Management service https://api.netbird.io:443 context deadline exceeded Error: foreground login failed: backoff cycle failed: context deadline exceeded