namespaceslinux-namespaces

The program does not use the network during network isolation


I use Lutris and run VK Play GameCenter through it. I also use WireGuard and network namespace to route traffic from Lutris to WireGuard. In this configuration VK Play GameCenter doesn't work and according to tcpdump (sudo -E ip netns exec lutris-ns tcpdump -nn -i wg-lutris) I see that it doesn't even send packets to the network.

Here my script:

#!/usr/bin/bash

NOMO="lutris"
NET_NS="$NOMO-ns"
WG_NOMO="wg-$NOMO"

sudo ip netns add $NET_NS
sudo ip link add $WG_NOMO type wireguard
sudo ip link set $WG_NOMO netns $NET_NS

sudo ip -n $NET_NS addr add 192.168.2.2/29 dev $WG_NOMO
sudo ip netns exec $NET_NS wg setconf $WG_NOMO /etc/wireguard/$WG_NOMO.conf
sudo ip -n $NET_NS link set $WG_NOMO up
sudo ip -n $NET_NS route add default dev $WG_NOMO

sudo -E ip netns exec $NET_NS sudo -E -u \#$(id -u) -g \#$(id -g) /usr/bin/lutris

sudo ip -n $NET_NS link set $WG_NOMO down
sudo ip -n $NET_NS link del $WG_NOMO
sudo ip netns del $NET_NS

At the same time, if I use WireGuard at system level (without network namespace) - VK Play GameCenter works.

There are no problems with network namespace working either. If I change the lutris call to a curl call - it works:

sudo -E ip netns exec $NET_NS sudo -E -u \#$(id -u) -g \#$(id -g) curl https://2ip.ru # <-- this is work

Searching for installers via lutris itself in isolated namespace also works. The problem is only with VK Play GameCenter and only when I use network namespace.

Question - as far as I understand network isolation should affect only network settings and the program should not even notice it. What can lead to the fact that the program does not even try to send packets?


Solution

  • The problem was that my network namespace did not have the lo interface up. Everything was solved by adding one line to the script:

    sudo ip -n $NET_NS link set lo up