Running a gateway with "ip_packet_router" enabled fails

nymtech / nym

Nym provides strong network-level privacy against sophisticated end-to-end attackers, and anonymous transactions using blinded, re-randomizable, decentralized credentials.

https://nymtech.net

1.25k stars 231 forks source link

Running a gateway with "ip_packet_router" enabled fails #4489

Open wiiinnie opened 5 months ago

wiiinnie commented 5 months ago

Describe the issue After enabling "ip_packet_router" in the config.toml the node crashes on startup.

Expected behaviour Start the gateway

Stack Traces Creating TUN device with: address=10.0.0.1, netmask=255.255.255.0 Using MTU size: 1420 ip packet router has failed: tun device error: EPERM: Operation not permitted

Steps to Reproduce Start the gateway with "ip_packet_router" enabled as normal user (not using sudo)

An example: 1) The command from the docs to enable the ip_packet router doesn't work:

./nym-gateway setup-ip-packet-router --id MYID --enabled false

Results in:

Caused by: 0: client-core error: this operation would have resulted in clients keys being overwritten without permission 1: this operation would have resulted in clients keys being overwritten without permission

2) However you can manually overwrite the setting in the config.toml which you should do to replicate

3) Start the nym-gateway binary

Which area of Nym were you using? 1) nym-gateway 1.1.34

Additional context As a work around you can init the node as sudo (which will create the config.toml in /root/.nym instead of $HOME/user/.nym. When you enable the ip_packet_router now and start the node as sudo as well, it actually works.

serinko commented 5 months ago

This problem tells you that you already have IPR in your data storage, to activate it you have two options:

Remove it and start a new one

rm -rf ~/.nym/gateways/<MY_ID>/data/ip-packet-router-data

./nym-gateway setup-ip-packet-router --id <MY_ID>

Open config file and set the correct values

[ip_packer_router_enabled]
enabled = true

# UNDER [storage_paths] CHANGE
ip_packet_router_config = '/root/.nym/gateways/<MY_ID/config/ip_packet_router_config.toml'

After that

Restart gateway or reload and restart your systemd service

serinko commented 5 months ago

@jstuczyn @octol I think it would be good to turn the error into a warning and give a choice to use the command to enable and set the path in the config even if the IPR was initiated before and already exists in /data

JohnSmith-PrivacyRebels commented 5 months ago

I have had the same problem and it turned out that the gateway must be run as root, which is a security issue. So, it looks like it is a permission issue where a user is not allowed to access TUN, would be great to address it.

BlankerL commented 5 months ago

I have the same problem when I'm trying to upgrade my gateway to Fast and Furious V2.

Follwoing the maintenance page, I did

Re-run init with the same values as you used initially for your <NODE>

and then I found out the ip_packet_router was set to false in my config file.

Therefore, I tried ./nym-gateway setup-ip-packet-router --id <GATEWAY_ID> --enabled true, and see the error mentioned in this issue.

By manually set the ip_packet_router to true, I could start the gateway, but not sure whether it will cause any problem in the program behind the scene.

P.S. ip_packet_router_config is also set to empty after upgrading, and by leaving this value empty, I can still start the gateway successfully. Maybe you will need some fix to check the config value is not empty, or don't overwrite this config path while re-run init.