Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Attempting to start openvpn fails as it's unable to create /dev/net/tun #53

Open
unclebobuk opened this issue May 12, 2020 · 16 comments
Open

Attempting to start openvpn fails as it's unable to create /dev/net/tun #53

unclebobuk opened this issue May 12, 2020 · 16 comments

Comments

@unclebobuk
Copy link

Hi,
attempting to get VPN tunnel up. ovpn config downloaded from provider and added. Container running inside synology (docker version 18.09.0-0506). When openvpn starts fails with the following error.

2020-05-12 09:59:06 | stdout | Tue May 12 09:59:06 2020 ERROR: Cannot open TUN/TAP dev /dev/net/tun
2020-05-12 09:59:06 | stdout | Tue May 12 09:59:06 2020 Exiting due to fatal error

I've attempted to make the device file manually and then reboot but it looks as though it's re-created at each reboot and the file disappears. I am guessing it's a permissions issue according to the post I've read here

https://discuss.linuxcontainers.org/t/openvpn-error-cannot-open-tun-tap-dev-dev-net-tun-no-such-file-or-directory-errno-2-solved/1614/4

which can be resolved by adding some config into the container config file.

As I'm using these within a NAS i don't have the environment to pull and build directly otherwise I'd do some testing.

Anyway thought I'd flag it.

thanks
Adam
@triksmelb
Copy link

Seeing the same error in the logs...

ERROR: Cannot open TUN/TAP dev /dev/net/tun: No such file or directory (errno=2)
Exiting due to fatal error

Followed the great instructions in setting up the container, even tried running the container with PGID and PUID as 0 (root) and with high privilege for the container but still the same error.

Synology DSM DSM 6.2.2-24922 4
Synology Docker 18.09.0-0513

@stroskl
Copy link

stroskl commented May 29, 2020

I also try to deploy this on a NAS (terramaster) and I came across the same issue.
doing some googling I found that the solution would be to include the "--device=/dev/net/tun" parameter in the docker run command.

however, because i'm running the container from the web management tool, I cannot include this parameter.

can someone help me on how to include this parameter as an optional variable like "DEVICES" that can take the values like "/dev/net/tun" and to be appended in the run command ?

@Montblac
Copy link

@unclebobuk @triksmelb This helped me resolve that issue running it on a Synology NAS.
https://ruimarinho.github.io/post/fix-tun-tap-not-available-on-a-synology-nas/

@triksmelb
Copy link

@stroskl depending on the container, you will most likely have to edit the environmental settings manually. I did it in a text file, SSH into my NAS, sudo -i and paste the script in there.

I used this guide (had to modify it for NordVPN but the principle is the same).

http://haugene.github.io/docker-transmission-openvpn/synology-nas/

docker run \ --cap-add=NET_ADMIN \ --device=/dev/net/tun \ -d \ -v /volume1/docker/transmission-openvpn/resolv.conf:/etc/resolv.conf \ -v /volume1/downloads/transmission/:/data \ -e "OPENVPN_PROVIDER=NORDVPN" \ -e "NORDVPN_COUNTRY=AU" \ -e "NORDVPN_PROTOCOL=TCP" \ -e "NORDVPN_CATEGORY=P2P” \ -e "OPENVPN_USERNAME=#######@gmail.com" \ -e "OPENVPN_PASSWORD=##########” \ -e "LOCAL_NETWORK=10.0.1.0/24" \ -e "OPENVPN_OPTS=--inactive 3600 --ping 10 --ping-exit 60" \ -e "PGID=100" \ -e "PUID=1026" \ -p 9091:9091 \ --sysctl net.ipv6.conf.all.disable_ipv6=0 \ --name "transmission-openvpn-syno" \ haugene/transmission-openvpn:latest

In my opinion Synology Docker Web UI is great but limited for requirements like this.

@ragnarwessels ragnarwessels mentioned this issue Aug 20, 2020
Open
@ragnarwessels
Copy link

I ran into the same issue on my Synology DS918+ this afternoon.

In my case /dev/net/tun exists.
Since it's only accesible to the root user, running the container with "high privilege" (in the Docker UI) solved the problem for me.

@Caedendi
Copy link

Caedendi commented Aug 20, 2020
edited

Thanks. I tried again today, even though I had it running before with high privilege on, and the TUN/TAP device is no longer the issue, but I have another one:

Linux ip -6 addr add failed: external program exited with error status: 2

I have no idea what I'm doing wrong.

I tried adding VPN_USERNAME and VPN_PASSWORD to the environment but that just quickly loops it in starting and crashing. BTW I have a .ovpn file in my config.

EDIT: I solved the issue. The problem was my .ovpn file generated by my VPN provider. I had to select IP layer exit: IPV4 only and connect with IP layer IPV4. My ISP doesnt provide ipv6 so i guess thats why it didnt work and my bridge shows IPV6 is disabled. The container is now running and i can access the web GUI.

@Dinth
Copy link

Dinth commented Aug 20, 2020
edited

@Caedendi Please open a new issue.

@MYeager1967
Copy link

MYeager1967 commented Dec 14, 2020
edited

I'm getting this issue after moving my NAS to a different VLAN. I'm sure it's something simple, but I'd appreciate if someone were to offer a hand here...

2020-12-14 16:31:05.774150 [info] VPN_ENABLED defined as 'yes'
2020-12-14 16:31:05.870919 [info] OpenVPN config file (ovpn extension) is located at /config/openvpn/my_expressvpn_usa_-_tampa_-_1_udp.ovpn
dos2unix: converting file /config/openvpn/my_expressvpn_usa_-_tampa_-_1_udp.ovpn to Unix format...
2020-12-14 16:31:05.955809 [info] VPN remote line defined as 'usa-tampa-1-ca-version-2.expressnetw.com 1195'
2020-12-14 16:31:06.012969 [info] VPN_REMOTE defined as 'usa-tampa-1-ca-version-2.expressnetw.com'
2020-12-14 16:31:06.068881 [info] VPN_PORT defined as '1195'
2020-12-14 16:31:06.127987 [warn] VPN_PROTOCOL not found in /config/openvpn/my_expressvpn_usa_-_tampa_-_1_udp.ovpn, assuming udp
2020-12-14 16:31:06.184817 [info] VPN_DEVICE_TYPE defined as 'tun0'
2020-12-14 16:31:06.238666 [info] LAN_NETWORK defined as '192.168.10.0/24'
2020-12-14 16:31:06.292417 [info] NAME_SERVERS defined as '8.8.8.8,8.8.4.4'
2020-12-14 16:31:06.346474 [info] VPN_OPTIONS not defined (via -e VPN_OPTIONS)
2020-12-14 16:31:06.402608 [info] Adding 8.8.8.8 to resolv.conf
2020-12-14 16:31:06.457090 [info] Adding 8.8.4.4 to resolv.conf
2020-12-14 16:31:06.508152 [info] PUID not defined. Defaulting to root user
2020-12-14 16:31:06.561781 [info] PGID not defined. Defaulting to root group
2020-12-14 16:31:06.612374 [info] Starting OpenVPN...
Mon Dec 14 16:31:06 2020 WARNING: --keysize is DEPRECATED and will be removed in OpenVPN 2.6
Mon Dec 14 16:31:06 2020 WARNING: file 'credentials.conf' is group or others accessible
Mon Dec 14 16:31:06 2020 OpenVPN 2.4.4 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on May 14 2019
Mon Dec 14 16:31:06 2020 library versions: OpenSSL 1.1.1  11 Sep 2018, LZO 2.08
Mon Dec 14 16:31:06 2020 WARNING: --ns-cert-type is DEPRECATED.  Use --remote-cert-tls instead.
Mon Dec 14 16:31:06 2020 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Mon Dec 14 16:31:06 2020 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Mon Dec 14 16:31:06 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]104.238.58.34:1195
Mon Dec 14 16:31:06 2020 Socket Buffers: R=[212992->425984] S=[212992->425984]
Mon Dec 14 16:31:06 2020 UDP link local: (not bound)
Mon Dec 14 16:31:06 2020 UDP link remote: [AF_INET]104.238.58.34:1195
Mon Dec 14 16:31:06 2020 TLS: Initial packet from [AF_INET]104.238.58.34:1195, sid=e4f73799 e3d8a2cb
Mon Dec 14 16:31:06 2020 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Mon Dec 14 16:31:06 2020 VERIFY OK: depth=1, C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=ExpressVPN CA, emailAddress=support@expressvpn.com
Mon Dec 14 16:31:06 2020 VERIFY OK: nsCertType=SERVER
Mon Dec 14 16:31:06 2020 VERIFY X509NAME OK: C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=Server-2337-0a, emailAddress=support@expressvpn.com
Mon Dec 14 16:31:06 2020 VERIFY OK: depth=0, C=VG, ST=BVI, O=ExpressVPN, OU=ExpressVPN, CN=Server-2337-0a, emailAddress=support@expressvpn.com
Mon Dec 14 16:31:06 2020 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
Mon Dec 14 16:31:06 2020 [Server-2337-0a] Peer Connection Initiated with [AF_INET]104.238.58.34:1195
Mon Dec 14 16:31:07 2020 SENT CONTROL [Server-2337-0a]: 'PUSH_REQUEST' (status=1)
Mon Dec 14 16:31:07 2020 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 10.134.0.1,comp-lzo no,route 10.134.0.1,topology net30,ping 10,ping-restart 60,ifconfig 10.134.1.50 10.134.1.49,peer-id 79,cipher AES-256-GCM'
Mon Dec 14 16:31:07 2020 OPTIONS IMPORT: timers and/or timeouts modified
Mon Dec 14 16:31:07 2020 OPTIONS IMPORT: compression parms modified
Mon Dec 14 16:31:07 2020 OPTIONS IMPORT: --ifconfig/up options modified
Mon Dec 14 16:31:07 2020 OPTIONS IMPORT: route options modified
Mon Dec 14 16:31:07 2020 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Mon Dec 14 16:31:07 2020 OPTIONS IMPORT: peer-id set
Mon Dec 14 16:31:07 2020 OPTIONS IMPORT: adjusting link_mtu to 1629
Mon Dec 14 16:31:07 2020 OPTIONS IMPORT: data channel crypto options modified
Mon Dec 14 16:31:07 2020 Data Channel: using negotiated cipher 'AES-256-GCM'
Mon Dec 14 16:31:07 2020 NCP: overriding user-set keysize with default
Mon Dec 14 16:31:07 2020 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Mon Dec 14 16:31:07 2020 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Mon Dec 14 16:31:07 2020 ROUTE_GATEWAY 172.17.0.1/255.255.0.0 IFACE=eth0 HWADDR=02:42:ac:11:00:03
Mon Dec 14 16:31:07 2020 ERROR: Cannot open TUN/TAP dev /dev/net/tun: No such file or directory (errno=2)
Mon Dec 14 16:31:07 2020 Exiting due to fatal error

The command used to kick this off is:

sudo docker run --privileged  --name="qbittorrent-vpn2" -itd -v /volume1/docker/qbittorrent-vpn/config:/config -v /volume1/docker/qbittorrent-vpn/downloads:/downloads -e "VPN_ENABLED=yes" -e "LAN_NETWORK=192.168.10.0/24" -e "NAME_SERVERS=8.8.8.8,8.8.4.4" -p 8080:8080 -p 8999:8999 -p 8999:8999/udp markusmcnugen/qbittorrentvpn

and it's running on a Synology NAS. It was running just beautifully until I moved it to the new address... The new address is 192.168.10.10.

@just-simon
Copy link

I found a solution that worked for me in this post by @blacky14
kylemanna/docker-openvpn#39 (comment)

One option was to run as privileged, another was:

  1. Grant the NET_ADMIN capability
    In Docker run --cap-add=NET_ADMIN
    In Portainer -> Capabilities tab -> turn on NET_ADMIN
    and;
  2. Add the device
    In Docker run --device=/dev/net/tun
    In Portainer -> Runtime & Resources tab -> Devices -> host=/dev/net/tun container=/dev/net/tun

I hope that helps others in this thread!

@Svenman2 Svenman2 mentioned this issue Aug 14, 2021
Open
@irobot73
Copy link

irobot73 commented Nov 9, 2021

I found a solution that worked for me in this post by @blacky14 kylemanna/docker-openvpn#39 (comment)

One option was to run as privileged, another was:

  1. Grant the NET_ADMIN capability
    In Docker run --cap-add=NET_ADMIN
    In Portainer -> Capabilities tab -> turn on NET_ADMIN
    and;
  2. Add the device
    In Docker run --device=/dev/net/tun
    In Portainer -> Runtime & Resources tab -> Devices -> host=/dev/net/tun container=/dev/net/tun

I hope that helps others in this thread!

Docker-compose that finally got running:

...
image: markusmcnugen/qbittorrentvpn
cap_add:
  - NET_ADMIN
devices:
  - /dev/net/tun
environment:...

@kamiTT kamiTT mentioned this issue Nov 23, 2021
Open
@prizemail0
Copy link

prizemail0 commented Oct 3, 2022
edited

I have an Asustor NAS and I'm getting the same issue. I cannot correct the issue by adding the suggested lines:

  • NET_ADMIN
    devices:
  • /dev/net/tun
    environment:

The docker container is created by running the following command:
sudo docker create --name qbittorrentvpn --privileged -v /volume1/Docker/qbittorrentvp n/config:/config -v /volume1/Public:/downloads -e "VPN_ENABLED=yes" -e "VPN_USERNAME=XXX" -e "VPN_PASS WORD=XXX" -e "LAN_NETWORK=192.168.1.0/24" -e "NAME_SERVERS=8.8.8.8,8.8.4.4" -e "PUID=999" -e "PGID=999 " -p 8080:8080 -p 8999:8999 -p 8999:8999/udp --cap-add=NET_ADMIN --device=/dev/net/tun markusmcnugen/qbittorrentvpn

@Floki-78
Copy link

For Asustor Nas users on the latest firmware, simply install the VPN Server app via App Central and it will create this directory for you.
May also work for Synology users if there is a similar app.

@200h
Copy link

200h commented Sep 9, 2023

Resurrecting this with a resolution I found.

I tried implementing the suggestions above via docker CLI, with no positive outcome. I'm still on DSM 6, BTW (I put off upgrading to DSM 7 long enough). Anyway, I found a post on a site for a different setup (not this repo as I was considering other alternatives), and the method to include TUN in that setup fixed the issue I was having with a vanilla installation per the instructions of this repo.

https://drfrankenstein.co.uk/2022/09/26/qbittorrent-with-gluetun-vpn-in-docker-on-a-synology-nas/

The process requires creating a scheduled task to run at boot with the below code snippet. Since I haven't upgraded to DSM 7, I'm not sure if this will correct the issue. I haven't run this through its paces to understand if the scheduled task will run prior to my docker container spooling up, but for now, this has corrected my problem.

#!/bin/sh -e

insmod /lib/modules/tun.ko

@MYeager1967
Copy link

MYeager1967 commented Sep 9, 2023 via email

@MYeager1967
Copy link

MYeager1967 commented Sep 9, 2023
edited

I'm running a TUN.sh script that looks like this...

 
# Create the necessary file structure for /dev/net/tun
if ( [ ! -c /dev/net/tun ] ); then
    if ( [ ! -d /dev/net ] ); then
        mkdir -m 755 /dev/net
    fi
    mknod /dev/net/tun c 10 200
fi
 
# Load the tun module if not already loaded
if ( !(lsmod | grep -q "^tun\s") ); then
    insmod /lib/modules/tun.ko
 
fi

Running DSM7 on a DS418Play....

@tux86
Copy link

tux86 commented Dec 31, 2023

If you are using qBittorrentVPN with Synology DSM 7.x and want to set up a VPN, utilize this Docker Compose template:

version: '3.3'
services:
  qbittorrentvpn:
    image: markusmcnugen/qbittorrentvpn
    container_name: qbittorrentvpn
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun
    volumes:
      - /volume1/docker/qbittorrentvpn:/config
      - /volume2/Downloads/__torrents:/downloads
    environment:
      - PUID=1026
      - PGID=100
      - TZ=Europe/Paris
      - WEBUI_PORT_ENV=8080
      - INCOMING_PORT_ENV=8999
      - VPN_ENABLED=yes
      - VPN_USERNAME=xxxxxxxx
      - VPN_PASSWORD=xxxxxxxx
      - LAN_NETWORK=192.168.1.0/24
      - NAME_SERVERS=8.8.8.8,1.1.1.1
    ports:
      - "8080:8080" # Web interface
      - "6881:6881" # BitTorrent port
      - "8999:8999/udp" # BitTorrent port (UDP)
    restart: unless-stopped

# To verify that the VPN is functioning, access the container console and 
# execute the following command to determine the external IP address: curl ipconfig.io

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests