nym icon indicating copy to clipboard operation
nym copied to clipboard
verified publisher icon nymtech

Running a gateway with "ip_packet_router" enabled fails

Open wiiinnie opened this issue 1 year ago • 4 comments

Describe the issue After enabling "ip_packet_router" in the config.toml the node crashes on startup.

Expected behaviour Start the gateway

Stack Traces Creating TUN device with: address=10.0.0.1, netmask=255.255.255.0 Using MTU size: 1420 ip packet router has failed: tun device error: EPERM: Operation not permitted

Steps to Reproduce Start the gateway with "ip_packet_router" enabled as normal user (not using sudo)

An example:

  1. The command from the docs to enable the ip_packet router doesn't work:

./nym-gateway setup-ip-packet-router --id MYID --enabled false

Results in:

Caused by: 0: client-core error: this operation would have resulted in clients keys being overwritten without permission 1: this operation would have resulted in clients keys being overwritten without permission

  1. However you can manually overwrite the setting in the config.toml which you should do to replicate

  2. Start the nym-gateway binary

Which area of Nym were you using?

  1. nym-gateway 1.1.34

Additional context As a work around you can init the node as sudo (which will create the config.toml in /root/.nym instead of $HOME/user/.nym. When you enable the ip_packet_router now and start the node as sudo as well, it actually works.

wiiinnie avatar Mar 21 '24 12:03 wiiinnie

This problem tells you that you already have IPR in your data storage, to activate it you have two options:

1

Remove it and start a new one

rm -rf ~/.nym/gateways/<MY_ID>/data/ip-packet-router-data

./nym-gateway setup-ip-packet-router --id <MY_ID>

2

Open config file and set the correct values

[ip_packer_router_enabled]
enabled = true

# UNDER [storage_paths] CHANGE
ip_packet_router_config = '/root/.nym/gateways/<MY_ID/config/ip_packet_router_config.toml'

After that

Restart gateway or reload and restart your systemd service

serinko avatar Mar 21 '24 15:03 serinko

@jstuczyn @octol I think it would be good to turn the error into a warning and give a choice to use the command to enable and set the path in the config even if the IPR was initiated before and already exists in /data

serinko avatar Mar 21 '24 15:03 serinko

I have had the same problem and it turned out that the gateway must be run as root, which is a security issue. So, it looks like it is a permission issue where a user is not allowed to access TUN, would be great to address it.

JohnSmith-PrivacyRebels avatar Mar 21 '24 15:03 JohnSmith-PrivacyRebels

I have the same problem when I'm trying to upgrade my gateway to Fast and Furious V2.

Follwoing the maintenance page, I did

Re-run init with the same values as you used initially for your <NODE>

and then I found out the ip_packet_router was set to false in my config file.

Therefore, I tried ./nym-gateway setup-ip-packet-router --id <GATEWAY_ID> --enabled true, and see the error mentioned in this issue.

By manually set the ip_packet_router to true, I could start the gateway, but not sure whether it will cause any problem in the program behind the scene.

P.S. ip_packet_router_config is also set to empty after upgrading, and by leaving this value empty, I can still start the gateway successfully. Maybe you will need some fix to check the config value is not empty, or don't overwrite this config path while re-run init.

BlankerL avatar Mar 25 '24 17:03 BlankerL

I believe this ticket should've been closed a while ago, therefore I'm closing, please correct me if I'm wrong by re-opening.

tommyv1987 avatar Sep 10 '24 15:09 tommyv1987