3 months ago
We need private cross-cloud networking (Tailscale/WireGuard) between Railway and Fly.io. Without /dev/net/tun or NET_ADMIN, these tools fall back to gVisor's userspace TCP stack, which is fundamentally broken for HTTP responses >4KB — connections hang or EOF mid-transfer.
We've exhausted every workaround across 5 different approaches. All fail at the gVisor TCP layer. The only viable path requires reflection hacks to limit TCP windows, MTU capping, and HTTP-level framing to avoid gVisor's TCP entirely — fragile and operationally costly.
Ask: Please provide any one of:
1. /dev/net/tun device in containers
2. NET_ADMIN capability
3. Opt-in privileged container mode
This is standard on Fly.io, AWS ECS, and GCP Cloud Run. It would let VPN tools use the kernel's TCP stack and eliminate this entire class of failures. Currently blocking our production cross-cloud networking.
0 Threads mention this feature
3 Replies
2 months ago
same issue here. this is super frustrating we have been trying to use railway for nearly 2 years now and we cant because of this.
17 days ago
Seconded. This is critical to our implementation as well. Super excited by Railway, but will need to keep at least half our stack on other providers if this is not an option.
16 days ago
Same issue here. We want to use tailscale to secure connections to some of our services (cross-cloud).
Please allow this @railway