Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ERROR: Cannot open TUN/TAP dev /dev/net/tun: Operation not permitted (errno=1) #2900

Open
8 tasks done
DavidPeltz opened this issue Dec 7, 2024 · 13 comments
Open
8 tasks done

Comments

@DavidPeltz
Copy link

Is there a pinned issue for this?

  • I have read the pinned issues and could not find my issue

Is there an existing or similar issue/discussion for this?

  • I have searched the existing issues
  • I have searched the existing discussions

Is there any comment in the documentation for this?

  • I have read the documentation, especially the FAQ and Troubleshooting parts

Is this related to a provider?

  • I have checked the provider repo for issues
  • My issue is NOT related to a provider

Are you using the latest release?

  • I am using the latest release

Have you tried using the dev branch latest?

  • I have tried using dev branch

Docker run config used

transmission:
container_name: transmission
cap_add:
- NET_ADMIN
volumes:
- ${DOCKERDIR}/appdata/transmission:/config
- ${DATADIR}/Downloads/completed:/data/
environment:
- PUID=${PUID}
- PGID=${PGID}
- OPENVPN_PROVIDER=NORDVPN
- OPENVPN_CONFIG=default
- NORDVPN_COUNTRY=GB
- NORDVPN_CATEGORY=P2P
- NORDVPN_PROTOCOL=tcp
- OPENVPN_USERNAME=${VPNUSER}
- OPENVPN_PASSWORD=${VPNPASS}
# - NORDVPN_SERVER=uk2313.nordvpn.com
- LOCAL_NETWORK=192.168.1.0/24
- WEBPROXY_ENABLED=true
- WEBPROXY_PORT=9999
# - TRANSMISSION_WEB_UI=combustion
# - TRANSMISSION_WEB_UI=kettu
# - TRANSMISSION_WEB_UI=transmission-web-control
# - TRANSMISSION_WEB_UI=flood-for-transmission
# - TRANSMISSION_WEB_UI=shift
- HEALTH_CHECK_HOST=github.com
logging:
driver: json-file
options:
max-size: 10m
ports:
- 9091:9091
image: haugene/transmission-openvpn:latest
restart: unless-stopped
networks:
- network1

Current Behavior

Container up but VPN failing and so cannot even connect to container on the web interface

Expected Behavior

Web interface works as VPN connects

How have you tried to solve the problem?

rebooted server, portainer stack and removed and re-pulled container

Log output

_transmission_logs.txt

HW/SW Environment

- OS:Ubuntu 24.04
- Docker:Docker version 27.3.1, build ce12230

Anything else?

nothing to add

Copy link

github-actions bot commented Dec 7, 2024

Potential duplicates:

@BarrRedKola
Copy link

BarrRedKola commented Dec 9, 2024

Add this to your compose file

devices:
  - /dev/net/tun

And it indeed solves the issue.

The main issue is probably related to an update of container.io qdm12/gluetun#2606

@hanspetzer
Copy link

@BarrRedKola Thanks, worked for me.

If you use a systemctl service to start the container you need to add this line:
--device /dev/net/tun \

@silvanschermer
Copy link

Add this to your compose file

devices:
  - /dev/net/tun

And it indeed solves the issue.

The main issue is probably related to an update of container.io qdm12/gluetun#2606

This is only a fix for compose users. In docker swarm this won't work.

I locked the containerd version for as long as I have no real fix for this.

@DaemonDude23
Copy link

DaemonDude23 commented Dec 10, 2024

Thanks to the clues above, here's a workaround for a Kubernetes environment.
I'm using k3s and ran into this problem after upgrading the version to 1.31.3 (from 1.30.x) and restarting the pod.

Modify the Deployment object to add:

  • volumes
  • volumeMounts
  • privileged: true

Here's a full example since indention gets out of hand with these:

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: transmission-openvpn
spec:
  strategy:
    type: Recreate
  replicas: 1
  template:
    spec:
      hostNetwork: false
      containers:
        - name: transmission-openvpn
          securityContext:
            privileged: true
          image: "haugene/transmission-openvpn:5.3.1"
          volumeMounts:
            - mountPath: /dev/net/tun
              name: dev-net-tun
              readOnly: true
      volumes:
        - name: dev-net-tun
          hostPath:
            path: /dev/net/tun
            type: CharDevice

@allywilson
Copy link

Dumb question maybe, how do I factor this in to a docker run command?

tried:


-e DEVICES=/dev/net/tun
--device /dev/net/tun
-e device=/dev/net/tun
-v device=/dev/net/tun

@hanspetzer
Copy link

Dumb question maybe, how do I factor this in to a docker run command?

tried:


-e DEVICES=/dev/net/tun
--device /dev/net/tun
-e device=/dev/net/tun
-v device=/dev/net/tun

--device=/dev/net/tun should work

https://docs.docker.com/reference/cli/docker/container/run/#device

@allywilson
Copy link

Thank you, much appreciated.

Weirdly, it didn't help straight away. I had appended it to the end of my run command, but it failed with the same error:

docker: Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: exec: "--device=/dev/net/tun": stat --device=/dev/net/tun: no such file or directory: unknown.

On a whim I added it immediately after cap-add and now it's working:

docker run --cap-add=NET_ADMIN -d \
  --device=/dev/net/tun \

thanks again

@demonbane
Copy link

Add this to your compose file

devices:
  - /dev/net/tun

I've added this but I continue to get:

error gathering device information while adding custom device "/dev/net/tun": no such file or directory

Does the /dev/net/tun device need to be available on the host, because I'm not seeing it there?

@tessierp
Copy link

Same problem as everyone else.. still no solution

@iamzoltan
Copy link

--device=/dev/net/tun this worked for me

@SixteenOne
Copy link

SixteenOne commented Dec 28, 2024

I have been trying to fix this for the last few weeks and tried different things, but still get the TUN Error

I have it working on another machine that I set up ages ago, but I can't get it working on a new machine

Mapping the /dev/net/tun doesn't resolve the issue for me

Fix that works for me :-)

Docker must have changed how you access certain things, so you now have to make the Container privileged in order to create a VPN Tunnel

So pop privileged: true in line with the image level and this will now work. I have got this working on Debian and Ubuntu VM's in Proxmox

...

    privileged: true
    ports:
      - '9091:9091'
      - '8118:8118'
    image: haugene/transmission-openvpn

...

Just tried the above adding the Devices (as above) without Privileged and this also works and is probably safer

devices:
  - /dev/net/tun

@davinkevin
Copy link
Contributor

davinkevin commented Dec 31, 2024

For my k8s configuration, I had to mount the tun device like mentioned above and I had to change this env variable to false instead of true:

            - name: CREATE_TUN_DEVICE
              value: "false"

fyi: k3s 1.31.x (working with 1.30), running in debian VM hosted in proxmox.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests