Service Templates

cloudflared

/etc/init.d/cloudflared

#!/bin/sh /etc/rc.common

START=90

USE_PROCD=1

T_TOKEN="eyJhIjo..."

PROG=/opt/cloudflared

PROG_ARGS="tunnel run --token $T_TOKEN"

start_service() {
        procd_open_instance
        procd_set_param command $PROG $PROG_ARGS
        # procd_set_param respawn
        procd_set_param stdout 1
        procd_set_param stderr 1
        procd_close_instance
}

reload_service() {
        stop
        start
}

ICMP proxy feature

openwrt 默认禁止 ICMP Proxy，可能会影响 cloudflared 运行。

2024-11-09T00:37:05Z WRN The user running cloudflared process has a GID (group ID) that is not within ping_group_range. You might need to add that user to a group within that range, or instead update the range to encompass a group the user is already in by modifying /proc/sys/net/ipv4/ping_group_range. Otherwise cloudflared will not be able to ping this network error="Group ID 0 is not between ping group 1 to 0"
2024-11-09T00:37:05Z WRN ICMP proxy feature is disabled error="cannot create ICMPv4 proxy: Group ID 0 is not between ping group 1 to 0 nor ICMPv6 proxy: socket: permission denied"

设置为仅 root 用户可以使用这个 feature:

a. only once: sysctl net.ipv4.ping_group_range='0 1'

b. 或者 永久生效:

/etc/sysctl.d/99-allow-ping.conf

net.ipv4.ping_group_range=0 1

• https://opennms.discourse.group/t/how-to-allow-unprivileged-users-to-use-icmp-ping/1573