I use Lutris and run VK Play GameCenter through it. I also use WireGuard and network namespace to route traffic from Lutris to WireGuard. In this configuration VK Play GameCenter doesn't work and according to tcpdump (sudo -E ip netns exec lutris-ns tcpdump -nn -i wg-lutris
) I see that it doesn't even send packets to the network.
Here my script:
#!/usr/bin/bash
NOMO="lutris"
NET_NS="$NOMO-ns"
WG_NOMO="wg-$NOMO"
sudo ip netns add $NET_NS
sudo ip link add $WG_NOMO type wireguard
sudo ip link set $WG_NOMO netns $NET_NS
sudo ip -n $NET_NS addr add 192.168.2.2/29 dev $WG_NOMO
sudo ip netns exec $NET_NS wg setconf $WG_NOMO /etc/wireguard/$WG_NOMO.conf
sudo ip -n $NET_NS link set $WG_NOMO up
sudo ip -n $NET_NS route add default dev $WG_NOMO
sudo -E ip netns exec $NET_NS sudo -E -u \#$(id -u) -g \#$(id -g) /usr/bin/lutris
sudo ip -n $NET_NS link set $WG_NOMO down
sudo ip -n $NET_NS link del $WG_NOMO
sudo ip netns del $NET_NS
At the same time, if I use WireGuard at system level (without network namespace) - VK Play GameCenter works.
There are no problems with network namespace working either. If I change the lutris call to a curl call - it works:
sudo -E ip netns exec $NET_NS sudo -E -u \#$(id -u) -g \#$(id -g) curl https://2ip.ru # <-- this is work
Searching for installers via lutris itself in isolated namespace also works. The problem is only with VK Play GameCenter and only when I use network namespace.
Question - as far as I understand network isolation should affect only network settings and the program should not even notice it. What can lead to the fact that the program does not even try to send packets?
The problem was that my network namespace did not have the lo
interface up. Everything was solved by adding one line to the script:
sudo ip -n $NET_NS link set lo up