netbirdio / netbird

Connect your devices into a secure WireGuard®-based overlay network with SSO, MFA and granular access controls.
https://netbird.io
BSD 3-Clause "New" or "Revised" License
11.25k stars 517 forks source link

netbird try (and can't) set /proc/sys/net/ipv4/conf/all/src_valid_mark #2290

Open lfarkas opened 4 months ago

lfarkas commented 4 months ago

with the latest netbird and on home assistant with netbird addon i've got this error:

2024-07-19T14:57:37+02:00 ERRO client/internal/routemanager/systemops/systemops_linux.go:100: Error setting up sysctl: 1 errors occurred:
    * write sysctl net.ipv4.conf.all.src_valid_mark: open /proc/sys/net/ipv4/conf/all/src_valid_mark: read-only file system
2024-07-19T14:57:37+02:00 INFO client/internal/routemanager/manager.go:135: Routing setup complete

after i google it there are same problems with wireguard: https://forums.docker.com/t/sysctl-error-setting-key-net-ipv4-conf-all-src-valid-mark-read-only-file-system/92567/8 but even though this container has NET_ADMIN and NET_RAW privileges it's still got this error, although the above many solution eg this one: https://community.home-assistant.io/t/wireguard-stopped-working/352348 suggest: Turns out I can create this error at will with this in the config for a peer: allowed_ips:

lfarkas commented 1 month ago

any news on this?

lixmal commented 4 weeks ago

Have you tried setting the option, e.g. with docker

docker run --sysctl net.ipv4.conf.all.src_valid_mark=1 [...]

?

lfarkas commented 4 weeks ago

it's a home assistant addon where the container run by the supervisor... but has a lot's of privileges:

ost_network: true
host_dbus: true
privileged:
  - SYS_ADMIN
  - SYS_RESOURCE
  - NET_ADMIN
  - NET_RAW
  - BPF
corrreia commented 4 weeks ago

The container itself doesn't seem to have the perms required, right?