Skip to main content
Unix & Linux

You are not logged in. Your edit will be placed in a queue until it is peer reviewed.

We welcome edits that make the post easier to understand and more valuable for readers. Because community members review edits, please try to make the post substantially better than how you found it, for example, by fixing grammar or adding additional resources and hyperlinks.

4
  • Thank you for clarification and the advise. Nebula is able to create the tun interface now, but as I understand, when using PrivateNetwork=true it isolates the process from the host namespace completely (at least in the networking part), so it no longer sees host network interfaces and thus unable to communicate with the outside world. Commented Sep 5 at 13:03
  • Here it is unable to reach DNS. Changing the endpoint to IP results in similar "network is unreachable" message. "Nebula interface is active" boringcrypto=false build=1.9.3 interface=nebula1 network=192.168.111.100/24 udpAddr="0.0.0.0:37231" "Failed to set tun tx queue length" error="operation not permitted" "DNS resolution failed for static_map host" error="lookup google.com on 1.0.0.1:53: dial udp 1.0.0.1:53: connect: network is unreachable" hostname=google.com network=ip4 Is there any way to make it see the Internet? Commented Sep 5 at 13:12
  • @user31422095 Sure, you must connect the unit namespace with the main namespace. This is done with veth pairs. You can either add the outer veth to a bridge or use the outer namespace as a (masquerading) router. How that is done best / easiest depends on your network situation. unix.stackexchange.com/questions/537014/… unix.stackexchange.com/questions/491366/… Commented Sep 5 at 14:30
  • Thank you, I will review and follow up. Commented Sep 5 at 15:20