Fix network isolation in modern systemd on Droidspaces
( Android Only )
01. Enter the container's root shell and delete these files:
02. Create an override systemd-networkd config to keep our static IPv4 address:
03. Mask the useless systemd-networkd-wait-online service:
Done !
@Droidspaces
( Android Only )
01. Enter the container's root shell and delete these files:
rm -f /etc/systemd/network/10-wifi.network
rm -f /etc/systemd/network/20-mobile.network
rm -f /etc/systemd/network/30-other.network
02. Create an override systemd-networkd config to keep our static IPv4 address:
mkdir -p /etc/systemd/network
cat > /etc/systemd/network/99-unmanaged.network << 'EOF'
[Match]
Name=*
[Link]
Unmanaged=yes
EOF
03. Mask the useless systemd-networkd-wait-online service:
ln -sf /dev/null /etc/systemd/system/systemd-networkd-wait-online.service
Done !
@Droidspaces
🗿1
Droidspaces v5.0.0-pre-release !
🪵 What's new?
https://github.com/ravindu644/Droidspaces-OSS/releases/tag/v5.0.0-pre-release
[ App ]
[ Backend ]
Notes:
- For existing modern systemd containers like Ubuntu 25.04, Fedora, and Arch, you must apply this fix to make NAT mode work - new containers will be automatically fixed upon installation in the app.
- Kernel configurations required for NAT mode have been updated. Please get the new configurations from the app.
@Droidspaces
🪵 What's new?
https://github.com/ravindu644/Droidspaces-OSS/releases/tag/v5.0.0-pre-release
[ App ]
- app: implemented NAT/HOST/NONE Network modes to the container configuration menu
- add network isolation configuration requirements to the Droidspaces kernel configurations
[ Backend ]
- net: implement full network isolation with NAT, bridgeless fallback, and Android routing
- fix: Configure systemd-networkd to unmanage all network interfaces, preventing DHCP conflicts with Droidspaces' static IP setup
- mask systemd-networkd-wait-online.service and make udevadm trigger non-critical in udev-trigger.service
- fix: Apply interactive terminal check for foreground mode only to interactive commands like start, restart, or enter
- Add --reset command-line option to clear container configuration while preserving name and rootfs paths
- Implement a centralized logging engine with internal functions, container-specific file logging, and refactored logging macros
- Cache cgroup mount points, optimize mountinfo parsing, ensure correct PTY allocation in new PID namespaces, and prevent terminal I/O blocking
- Add check_ns function to verify network namespace support and integrate it into network mode validation
- Add live kernel probes for bridge and veth support to check NAT networking capability
Notes:
- For existing modern systemd containers like Ubuntu 25.04, Fedora, and Arch, you must apply this fix to make NAT mode work - new containers will be automatically fixed upon installation in the app.
- Kernel configurations required for NAT mode have been updated. Please get the new configurations from the app.
@Droidspaces
🗿3
This media is not supported in your browser
VIEW IN TELEGRAM
Demonstration of our isolated networking: it works perfectly even when switching between 3 different networks 🗿
M21 -> Mobile Data -> M14
It doesn’t even feel it.. 🗣
M21 -> Mobile Data -> M14
It doesn’t even feel it.. 🗣
🗿2
Droidspaces v5.1.0-pre-release is here..!
https://github.com/ravindu644/Droidspaces-OSS/releases/tag/v5.1.0-pre-release
What's new..?
[ Backend ]
THIS MUST FIX ALL OF THE NETWORKING ISSUE IN THE NAT MODE - NO FILES EDIT NEEDED.
If you did this thing before, please revert it.
@Droidspaces
https://github.com/ravindu644/Droidspaces-OSS/releases/tag/v5.1.0-pre-release
What's new..?
[ Backend ]
net: replace static RTNETLINK IP assignment with embedded DHCP server
THIS MUST FIX ALL OF THE NETWORKING ISSUE IN THE NAT MODE - NO FILES EDIT NEEDED.
If you did this thing before, please revert it.
@Droidspaces
❤2🔥1
This media is not supported in your browser
VIEW IN TELEGRAM
Networking is unkillable now 🗿
100% uptime.
Even if you enable or disable Wi-Fi, data, or hotspot thousands of times,
no worries!
The Droidspaces daemon will perfectly handle everything in the background 🗿
100% uptime.
Even if you enable or disable Wi-Fi, data, or hotspot thousands of times,
no worries!
The Droidspaces daemon will perfectly handle everything in the background 🗿
🗿4❤1
This is how Port Forwarding Works in NAT Mode
When a container runs in NAT mode, its network is completely isolated with a private IP (like
Port forwarding solves this by creating a mapping between a port on the phone's own IP (which IS visible to your local network) and a port inside the container.
For example, mapping phone port 22 → container port 22 means:
When someone on your network SSHes into <phone-ip>:22, the phone intercepts that connection and transparently forwards it into the container - as if the container were directly reachable.
The container itself never needs a public IP. The phone acts as the gateway.
When a container runs in NAT mode, its network is completely isolated with a private IP (like
172.28.33.133) that only the phone knows about. Other devices on your local network - and even your router - have no idea this private network exists, so trying to SSH directly into the container's IP from another device will simply fail.Port forwarding solves this by creating a mapping between a port on the phone's own IP (which IS visible to your local network) and a port inside the container.
For example, mapping phone port 22 → container port 22 means:
Another Device ──► Router ──► Phone (your real IP) ──► Container (172.28.x.x)When someone on your network SSHes into <phone-ip>:22, the phone intercepts that connection and transparently forwards it into the container - as if the container were directly reachable.
The container itself never needs a public IP. The phone acts as the gateway.
Droidspaces v5.3.0-pre-release
https://github.com/ravindu644/Droidspaces-OSS/releases/tag/v5.3.0-pre-release
This will be the last release from the
What's in this release:
- Universal, fully working network isolation, with a DHCP server for assigning IPs AND a daemon that watches network changes in real time to ensure 99.999% uptime. Works on both Android and Linux - tested on kernels 4.14 to 6.19 🗿
- Cgroups won't be isolated on kernels lower than 5.2. This makes it possible to run Ubuntu 24.04 and other semi-modern distros on older kernels with 100% compatibility. I'm literally running Ubuntu 24.04 with 100% systemd health on my old 4.14.113 kernel.
- Fixed CTRL+ALT+Q tends to reboot in foreground mode.
- More misc. improvements that I can't remember.
Notes: The upstream interface is the interface that has internet access, such as
Connect to Wi-Fi → Select the interface that appears → Disable Wi-Fi and connect to mobile data → Press the refresh button in that menu → Select the interface(s) that appear.
https://github.com/ravindu644/Droidspaces-OSS/releases/tag/v5.3.0-pre-release
This will be the last release from the
network-isolation branch. Once you guys test everything and confirm it’s working, I’m going to merge network isolation into the main branch and take a break from development for a while 😇What's in this release:
- Universal, fully working network isolation, with a DHCP server for assigning IPs AND a daemon that watches network changes in real time to ensure 99.999% uptime. Works on both Android and Linux - tested on kernels 4.14 to 6.19 🗿
- Cgroups won't be isolated on kernels lower than 5.2. This makes it possible to run Ubuntu 24.04 and other semi-modern distros on older kernels with 100% compatibility. I'm literally running Ubuntu 24.04 with 100% systemd health on my old 4.14.113 kernel.
- Fixed CTRL+ALT+Q tends to reboot in foreground mode.
- More misc. improvements that I can't remember.
Notes: The upstream interface is the interface that has internet access, such as
wlan0 or rmnet0. The app can auto-detect upstream networks - all you need to do is:Connect to Wi-Fi → Select the interface that appears → Disable Wi-Fi and connect to mobile data → Press the refresh button in that menu → Select the interface(s) that appear.
🔥1🗿1
New release with new fixes:
https://github.com/ravindu644/Droidspaces-OSS/releases/tag/v5.3.1-pre-release
https://github.com/ravindu644/Droidspaces-OSS/releases/tag/v5.3.1-pre-release
GitHub
Release Droidspaces v5.3.1-pre-release · ravindu644/Droidspaces-OSS
What's Changed
docs: Add a new row to the comparison table detailing network isolation capabilities. (23f7083)
docs: Add troubleshooting for NAT mode internet access with IPv6-only upstream. (...
docs: Add a new row to the comparison table detailing network isolation capabilities. (23f7083)
docs: Add troubleshooting for NAT mode internet access with IPv6-only upstream. (...
Thanks to the latest changes around cgroups in Droidspaces,
legacy kernel users can now run relatively modern Systemd on older kernels like 4.14 as well..!
As you can see in this screenshot, I'm running Ubuntu 25.04 without any issues - 0 failed units, no "Operation not permitted", or "Function not implemented" type of nonsense.
So basically, you can run anything below Systemd v258, since they nuked the legacy code for older kernels there, which specifically blocks legacy kernels in the first place 🤡
legacy kernel users can now run relatively modern Systemd on older kernels like 4.14 as well..!
As you can see in this screenshot, I'm running Ubuntu 25.04 without any issues - 0 failed units, no "Operation not permitted", or "Function not implemented" type of nonsense.
So basically, you can run anything below Systemd v258, since they nuked the legacy code for older kernels there, which specifically blocks legacy kernels in the first place 🤡
❤2
Added the ability to completely lift the cgroup v1 restriction, even on older kernels, so users aren’t artificially blocked from using cgroup v2 🗿