refine ICMP commands

Author: ranbel

src/content/docs/cloudflare-one/connections/connect-networks/troubleshoot-tunnels/common-errors.mdx

@@ -142,10 +142,29 @@ To ping an IP address behind Cloudflare Tunnel, your system must allow ICMP traf
 
 <Tabs> <TabItem label="Linux" icon="linux">
 
-1. Ensure that `ping_group_range` includes the Group ID (GID) of the user running `cloudflared`.
+1. Ensure that `ping_group_range` includes the Group ID (GID) of the user running `cloudflared`:
 
-   1. To get the Group ID of the user, run `id -g`.
-   2. To verify the Group IDs that are allowed to use ICMP:
+   a. Find the user that owns the `cloudflared` process:
+
+		```sh
+		ps -aux | grep cloudflared
+		```
+
+		```sh output
+		johndoe         407  0.8  1.7 1259904 35296 ?       Ssl  21:02   0:00 /usr/bin/cloudflared --no-autoupdate tunnel run --token eyJhI...
+		```
+
+	 b. Get the Group ID of the `cloudflared` user:
+
+		```sh
+		id -g johndoe
+		```
+
+		```sh output
+		10001
+		```
+
+   c. Determine the Group IDs that are allowed to use ICMP:
 
    ```sh
    sudo sysctl net.ipv4.ping_group_range
@@ -155,10 +174,16 @@ To ping an IP address behind Cloudflare Tunnel, your system must allow ICMP traf
    net.ipv4.ping_group_range= 0 10000
    ```
 
-   3. Either add the user to a group within that range, or update the range to encompass a group the user is already in. To update `ping_group_range`:
+   d. Either add the user to a group within that range, or update the range to encompass a group the user is already in. To update `ping_group_range`:
 
    ```sh
    echo 0 10001 | sudo tee /proc/sys/net/ipv4/ping_group_range
+	 ```
+
+	 To make the change persist on reboot, update your `systcl` parameters:
+
+	 ```sh
+	 echo "net.ipv4.ping_group_range = 0 10001" | sudo tee /etc/sysctl.d/99-cloudflared.conf
    ```
 
 2. If you are running multiple network interfaces (for example, `eth0` and `eth1`), configure `cloudflared` to use the external Internet-facing interface: