nebula: Windows 10: "failed to run 'netsh' to set address: exit status 1"

Hi,

I’m trying to setup a simple network, with one lighthouse and one node. The lighthouse should run on Windows 10 (v1903, build 18362.476) while the node runs on macOS (Catalina, 10.15.1).

I’ve deployed the certificates and prepared both of the configs. Also installed TAP driver from OpenVPN.

However, when I start the lighthouse node this error appears:

D:\nebula>.\nebula.exe --config .\config.yml
time="2019-11-20T12:47:12+01:00" level=info msg="Firewall rule added" firewallRule="map[caName: caSha: direction:outgoing endPort:0 groups:[] host:any ip:<nil> proto:0 startPort:0]"
time="2019-11-20T12:47:12+01:00" level=info msg="Firewall rule added" firewallRule="map[caName: caSha: direction:incoming endPort:0 groups:[] host:any ip:<nil> proto:1 startPort:0]"
time="2019-11-20T12:47:12+01:00" level=info msg="Firewall rule added" firewallRule="map[caName: caSha: direction:incoming endPort:443 groups:[laptop home] host: ip:<nil> proto:6 startPort:443]"
time="2019-11-20T12:47:12+01:00" level=info msg="Firewall started" firewallHash=3e3f317872f504cec08154d9fb0a726ebc68235d1a5075426317696bdd388336
time="2019-11-20T12:47:12+01:00" level=info msg="Main HostMap created" network=192.168.178.122/24 preferredRanges="[192.168.178.0/24]"
time="2019-11-20T12:47:12+01:00" level=fatal msg="failed to run 'netsh' to set address: exit status 1"

Here’s the lighthouse config.yml:

pki:
  ca: D:\\nebula\\ca.crt
  cert: D:\\nebula\\lighthouse1.crt
  key: D:\\nebula\\lighthouse1.key

lighthouse:
  am_lighthouse: true
  interval: 60

listen:
  host: 0.0.0.0
  port: 4242

local_range: "192.168.178.0/24"

handshake_mac:
  key: "MYHANDSHAKE"
  accepted_keys:
    - "MYHANDSHAKE"

tun:
  dev: nebula1
  drop_local_broadcast: false
  drop_multicast: false
  tx_queue: 500
  mtu: 1300

logging:
  level: info
  format: text

# Nebula security group configuration
firewall:
  conntrack:
    tcp_timeout: 120h
    udp_timeout: 3m
    default_timeout: 10m
    max_connections: 100000

  outbound:
    - port: any
      proto: any
      host: any

  inbound:
    - port: any
      proto: icmp
      host: any
    - port: 443
      proto: tcp
      groups:
        - laptop
        - home

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Comments: 28

Most upvoted comments

We’ve moved to the wintun driver so hopefully this is no longer an issue.

+1
nbrownus on Nov 16, 2021

I’m experiencing this, as well as other issues listed here on one of my windows 10 machines.

This windows 10 machine has vmware installed, and it is a machine I use with a sophos vpn. Therefore, I have 2 network adapters with vmware, and I have a sophos ssl vpn adapter.

I was initally running through normal powershell without admin rights, I was getting the error “A device attached to the system is not functioning”

Disabling adapters same powershell, gave me error that it could not find address specified. Then through restarting adapters the error changed to the netsh error exit status 1.

Using Admin powershell, with all adapters on, I got the error “Activate failed: A device attached to the system is not functioning.”

Then I disabled my sophos VPN SSL adapter, and I received the error, “levefatal msg=Activate failed: The system cannot find the file specified.”

I turned back on the sophos vpn ssl adapter and attempted to start the application again, and it worked this time.

This is the screenshot of it working, and it shows that it’s using the sophos SSL VPN Adapter, which I really don’t like. Although in the image you will see it is referring to an Azure Sphere network, please disregard that as my sophos vpn overwrote the old azure connection.

I don’t believe this will be stable on this machine, and I would take a gander that everyone having issues has some kind of ssl vpn adapter installed on their machine.

image

Edit-----------

Even though it shows it’s activated, this is my only node that nebula does not work on. Attempting to ping one of my nebula devices gets 0 packets through. So not resolved,

Edit--------

Attempting to remove the sophos ssl vpn adapter from this machine yields an error of “Activate failed: Failed to find the tap device in registry with specified ComponentId ‘tap0901’, TAP driver may be not installed”

Edit-----

Installed OpenVPN, saw same connection result as with my sophos adapter, Couldn’t ping my first lighthouse like the first time. But my first lighthouse is unpingable because of my network config, my 2nd lighthouse was pingable.

I have a block of 5 statics here coming in through one cat cable, the 5 statics come over vlans, so 1 of the vlan goes to main office network (what I’m on), and I’m using one of the other statics direct to box.

For some reason how we’re getting these statics in here I can’t communicate from one static to the other currently.

Anyways, this worked once it started.

+1
GettingTechnicl on Dec 11, 2019

Are you running this from an admin/elevated command prompt? I’d expect an error like that asking netsh to do something that requires admin.

+1
spencerryan on Nov 20, 2019
Read more comments on GitHub
← nebula: Unable to achieve 10 Gbit/s throughput on Hetzner server
PanModal: Not working with iOS 17.1+ →