Fix ACCEPT_CLIENTS #45

New Issue

Closed

opened 2025-11-19 07:12:47 -06:00 by GiteaMirror · 2 comments

GiteaMirror commented 2025-11-19 07:12:47 -06:00

Owner

Copy Link

Originally created by @oschwartz10612 on GitHub (Aug 8, 2025).

Originally assigned to: @oschwartz10612 on GitHub.

ACCEPT_CLIENTS gets overridden by the cli arg

Originally created by @oschwartz10612 on GitHub (Aug 8, 2025). Originally assigned to: @oschwartz10612 on GitHub. ACCEPT_CLIENTS gets overridden by the cli arg

GiteaMirror closed this issue 2025-11-19 07:12:47 -06:00

GiteaMirror commented 2025-11-19 07:12:48 -06:00

Author

Owner

Copy Link

@Lokowitz commented on GitHub (Aug 8, 2025):

I also noticed that --native is not working with docker for me, only with native newt installation.
After adding --cap-add=NET_ADMIN it works.

I am not a pro but i saw in other projects that they also use these commands:

  --cap-add=SYS_MODULE
  --sysctl="net.ipv4.conf.all.src_valid_mark=1"
  --sysctl="net.ipv4.ip_forward=1"

Docker logs without --cap-add=NET_ADMIN

INFO: 2025/08/08 11:54:44 Received WireGuard clients configuration from remote server
FATAL: 2025/08/08 11:54:44 Failed to create WireGuard interface: operation not permitted

@Lokowitz commented on GitHub (Aug 8, 2025): I also noticed that `--native` is not working with docker for me, only with native newt installation. After adding `--cap-add=NET_ADMIN` it works. I am not a pro but i saw in other projects that they also use these commands: ``` --cap-add=SYS_MODULE --sysctl="net.ipv4.conf.all.src_valid_mark=1" --sysctl="net.ipv4.ip_forward=1" ``` ## Docker logs without --cap-add=NET_ADMIN ``` INFO: 2025/08/08 11:54:44 Received WireGuard clients configuration from remote server FATAL: 2025/08/08 11:54:44 Failed to create WireGuard interface: operation not permitted ```

GiteaMirror commented 2025-11-19 07:12:48 -06:00

Author

Owner

Copy Link

@oschwartz10612 commented on GitHub (Aug 9, 2025):

Yeah should add this to the docs. Because its a native WG tunnel the container namespace needs that permission.

@oschwartz10612 commented on GitHub (Aug 9, 2025): Yeah should add this to the docs. Because its a native WG tunnel the container namespace needs that permission.

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

dev

msg-opt

dependabot/go_modules/prod-patch-updates-3194e6d214

dependabot/docker/minor-updates-1134f52710

ssh-agent

msg-delivery

icmp2

port-firewall

platform

hp-multi-client

holepunch

updown

1.10.2

v1.10.2

1.10.1

v1.10.1

1.10.0

v1.10.0

1.9.5

1.9.4

1.9.3

1.9.2

1.9.1

1.9.0

v1.9.0

1.8.1

v1.8.1

v1.8.0

1.8.0

1.8.0-rc.0

1.7.0

1.6.1

1.7.0-rc.0

1.6.0

v1.0.1

1.4.9

1.5.2

1.5.1

1.5.0

1.4.4

1.4.3

1.4.2

1.4.1

1.4.0

1.3.4

1.3.3

1.3.2

1.3.1

1.3.0

1.2.1

1.2.0

1.1.3

1.1.2

1.1.1

1.1.0

1.0.0

1.0.0-beta.5

1.0.0-beta.4

1.0.0-beta.3

1.0.0-beta.2

1.0.0-beta.1

Labels

Clear labels

bug

enhancement

good first issue

help wanted

Improvement

pull-request

Mirrored from GitHub Pull Request

No Label

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

GiteaMirror ninjasurge

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/newt#45