Switch the rootless network stack from slirp4netns+builtin to pasta+ implicit (faster and propagates the real client source IP). The earlier pasta+builtin attempt bricked the daemon because rootlesskit rejects mismatched net/port-driver pairs; expose a single CFG_ROOTLESS_NET knob (pasta default, slirp4netns fallback) and derive the matching port driver in-script so an invalid combo can't be configured. Disable userland-proxy in the rootless daemon.json (merged, not clobbered) so containers see the real source IP. Both driver binaries are always installed, so switching is a config flip + rootless re-setup. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> Signed-off-by: librelad <librelad@digitalangels.vip>
9 lines
950 B
Plaintext
Executable File
9 lines
950 B
Plaintext
Executable File
# ================================================================================
|
|
# Docker Network - Network settings for the Docker Network **ADVANCED**
|
|
# ================================================================================
|
|
|
|
CFG_NETWORK_NAME=vpn # Network Name - Docker network name for container communication
|
|
CFG_NETWORK_SUBNET=10.100.0.0/16 # Network Subnet - Subnet range for Docker network
|
|
CFG_NETWORK_MTU=1500 # Network MTU - Maximum transmission unit for network packets
|
|
CFG_ROOTLESS_NET=pasta # Rootless Network Driver - Network stack for rootless Docker; pasta (default): faster and preserves the real client source IP; slirp4netns: legacy fallback if pasta misbehaves. The matching rootlesskit port driver is selected automatically. [pasta:Pasta (recommended)|slirp4netns:slirp4netns (fallback)]
|