colima
colima copied to clipboard
abiosoft
Colima is not able to access local network connections after mac update
Description
Colima containers are not able to access the local network.
Possible cause: After recent macos updates, local network access for applications must be specifically enabled via System Settings. (Privacy and Security -> Local Network) I had to explicitly enable it for "Docker" however there is Calima doesn't appear in the list of options to be enabled.
Version
colima version && limactl --version && qemu-img --version
colima version 0.7.5
git commit: 1588c066b9ab9dae8205ef265929c7eb43dca473
runtime: docker
arch: aarch64
client: v27.3.1
server: v27.1.1
limactl version 0.23.2
qemu-img version 9.1.0
Copyright (c) 2003-2024 Fabrice Bellard and the QEMU Project developers
Operating System
- [ ] macOS Intel <= 13 (Ventura)
- [ ] macOS Intel >= 14 (Sonoma)
- [ ] Apple Silicon <= 13 (Ventura)
- [X] Apple Silicon >= 14 (Sonoma)
- [ ] Linux
Output of colima status
INFO[0000] colima is running using macOS Virtualization.Framework
INFO[0000] arch: aarch64
INFO[0000] runtime: docker
INFO[0000] mountType: virtiofs
INFO[0000] socket: unix:///Users/xxxx/.colima/default/docker.sock
Reproduction Steps
- Run any container
- ping any computer on the local network
Expected behaviour
The local computer should be able to be reached by the container
Additional context
No response
Go to System Settings -> Privacy & Security -> Local Network and make sure the relevant Docker application has local network access enabled. Although Colima may not be on the list, Docker's settings may affect it. In addition, you can actually use servbay to replace docker, which is easier to use on mac than tools such as docker and mamp
Local Network is enabled for Docker. I need to reach a server on our local network and I need to stick to a container based approach.
check : https://github.com/abiosoft/colima/issues/711 and make sure you can reach it. It may be a resolution issue.
I met the similar problem. I couldn't push docker image to a registry in a local network by IP address. The workaround for me is setting network.address to true in ~/.colima/default/colima.yaml
# Network configurations for the virtual machine.
network:
# Assign reachable IP address to the virtual machine.
# NOTE: this is currently macOS only and ignored on Linux.
# Default: false
address: true
Apple Silicon (M1): Sequoia 15.1
$ docker login my.private.registry
Authenticating with existing credentials...
Login did not succeed, error: Error response from daemon: Get "https://my.private.registry/v2/": net/http: TLS handshake timeout
Username (mread): ^C
$ docker login my.private.registry
Authenticating with existing credentials...
Login did not succeed, error: Error response from daemon: Get "https://my.private.registry/v2/": context deadline exceeded
Username (mread): ^C
$ docker login my.private.registry
Authenticating with existing credentials...
Login did not succeed, error: Error response from daemon: Get "https://my.private.registry/v2/": net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers)
Username (mread): ^C
I see the above various timeouts connecting to a private Artifactory instance over VPN, on Mac OS 15.1. There were no issues prior to the Sequioa upgrade. network.address: true and network.dns: [ <my internal DNS> ] unfortunately don't improve anything. Using Docker Desktop instead of Colima does work, so my Artifactory instance and other networking are fine.
And unlike the OP, Colima does appear in my System Settings → Privacy & Security → Local Network, and I have given it access. I also added & enabled it under Developer Tools (which seemed to be required for Docker Desktop, FWIW) and Full Disk Access to no effect. A complete reinstall of Colima including the removal of ~/.colima/ also made no difference.
$ colima version && limactl --version && qemu-img --version
colima version 0.8.0
git commit: 9c08cff339f087c0600d9d56af7b5fbcfe02e287
runtime: docker
arch: aarch64
client: v27.3.1
server: v27.3.1
limactl version 1.0.1
qemu-img version 9.1.1
Copyright (c) 2003-2024 Fabrice Bellard and the QEMU Project developers
$ colima status
INFO[0000] colima is running using QEMU
INFO[0000] arch: aarch64
INFO[0000] runtime: docker
INFO[0000] mountType: sshfs
INFO[0000] address: 192.168.106.6
INFO[0000] socket: unix:///Users/mread/.colima/default/docker.sock
I have a similar issue after upgrading to Sequoia 15.1. Pulling images from a registry behind a VPN does not work anymore with colima flag --network-address.
Error message is similar to the previous poster, e.g. net/http: request canceled while waiting for connection (Client.Timeout exceeded while awaiting headers).
However, if network-address flag is not set, pulling works fine.
Reinstalling colima, using dev version, deleting profiles and colima/lima related files did not help. For me, colima does not apppear under System Settings → Privacy & Security → Local Network.
$ colima status -p k8s
INFO[0000] colima [profile=k8s] is running using QEMU
INFO[0000] arch: x86_64
INFO[0000] runtime: docker
INFO[0000] mountType: sshfs
INFO[0000] address: 192.168.XXX.XX
INFO[0000] socket: unix:///Users/xxx/.colima/k8s/docker.sock
INFO[0001] kubernetes: enabled
$ colima version && limactl --version && qemu-img --version
colima version HEAD-38c20fc
git commit: 38c20fc1ee04d6202375fa66cb3c3e46571c413a
limactl version 1.0.1
qemu-img version 9.1.1
Copyright (c) 2003-2024 Fabrice Bellard and the QEMU Project developers
Operating System is 15.1 (24B83) on Intel Mac.
However, if network-address flag is not set, pulling works fine.
Can you share the output of colima ssh -- ip route after starting Colima with network address enabled?
You should get something like the following
default via 192.168.106.1 dev col0 proto dhcp src 192.168.106.2 metric 100
default via 192.168.5.2 dev eth0 proto dhcp src 192.168.5.1 metric 200
...
What happens if you delete the entry for the network address?
colima ssh -- sudo ip route del default via 192.168.106.1
Can you share the output of
colima ssh -- ip routeafter starting Colima with network address enabled?
default via 192.168.106.1 dev col0 proto dhcp src 192.168.106.24 metric 100
default via 192.168.5.2 dev eth0 proto dhcp src 192.168.5.6 metric 200
10.42.0.0/24 dev cni0 proto kernel scope link src 10.42.0.1
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
192.168.5.0/24 dev eth0 proto kernel scope link src 192.168.5.6 metric 200
192.168.5.2 dev eth0 proto dhcp scope link src 192.168.5.6 metric 200
192.168.106.0/24 dev col0 proto kernel scope link src 192.168.106.24 metric 100
192.168.106.1 dev col0 proto dhcp scope link src 192.168.106.24 metric 100
What happens if you delete the entry for the network address?
colima ssh -- sudo ip route del default via 192.168.106.1
This fixes the issue as a workaround - I can still reach colima from my host with network-address and pulling images in colima from the Registry behind VPN works.
@f-helm if that indeed resolves it, then an update can be pushed to enforce the behaviour.
I would wait for confirmation from others as well.
Heya! Also had this issue and that fix deleting the routing table entry worked for me!
However, if network-address flag is not set, pulling works fine.
Can you share the output of
colima ssh -- ip routeafter starting Colima with network address enabled?You should get something like the following
default via 192.168.106.1 dev col0 proto dhcp src 192.168.106.2 metric 100 default via 192.168.5.2 dev eth0 proto dhcp src 192.168.5.1 metric 200 ...What happens if you delete the entry for the network address?
colima ssh -- sudo ip route del default via 192.168.106.1
The same issue after updating to 15.1, removing the routing solves the issue.
This should be resolved now with the new release https://github.com/abiosoft/colima/releases/tag/v0.8.1.
just for history, if anyone will face something similar, in my case, on fresh install I did:
colima start
later, realized that I need --network-address so tried:
colima stop
colima start --network-address
but it did not worked out 🤔
to fix this - make sure to at start from scratch by running:
colima delete
colima start --network-address
for me colima delete was the missing piece, because stop, start won't change those settings created on initial setup
just in case want to leave it here for future newcomers like me 🙂
FYI, I am having this issue.
This is my start flags:
colima start
--cpus 12
--disk 256
--memory 64
--mount /Users/ub:r
--mount /opt/data:w
--network-address
--network-host-addresses
--verbose
ub@UBS04 ~ % colima version && limactl --version && qemu-img --version colima version 0.8.4 git commit: e2ddc15483af66e9b8a525d779a0cc926f15dbcb
runtime: docker arch: aarch64 client: v28.4.0 server: v28.3.3 limactl version 1.2.1 qemu-img version 10.1.0 Copyright (c) 2003-2025 Fabrice Bellard and the QEMU Project developers
After a delete and create, or even a restart it's fine for a period, maybe up to 24 hours, then it becomes an issue again.
Confirmed that deleting the main route fixes things.
What was also very weird, I could ping machines, but nothing else - no ssh, no http, no nothing. It seemed to affect TCP ?
Update: Confirmed, it's an issue everytime I start colima.
I now need to run this straight after to get any sort of connectivity: colima ssh -- sudo ip route del default via 192.168.5.2
Hey, nice question and answers. Bacause of whole your answers, I resolved it. In my case(m1 mac, colima 0.9.1, docker client 28.2.2-rd, docker engine 28.4.0), When running colima profile(you can see "colima list"), Type "colima start --edit" and find "dns" setting line.
Colima guide(https://github.com/abiosoft/colima/blob/main/docs/FAQ.md#editing-the-config) show me to write like this dns: [1.1.1.1, 2.2.2.2]
However, my colima.yaml.. so, I modified right. It works!
dns:
- 1.1.1.1
- 2.2.2.2
I hope this is helpful.
