I have written this dockerfile that runs openvpn in client mode:
FROM alpine:edge
RUN apk update
RUN mkdir /run/openrc
RUN touch /run/openrc/softlevel
RUN addgroup -S openvpn && adduser -S openvpn -G openvpn
RUN apk add --no-cache --update \
linux-headers
RUN apk add --no-cache bash openssl openrc
RUN apk add openvpn
RUN rc-update add openvpn default
VOLUME ["/etc/openvpn"]
RUN echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.d/ipv4.conf
CMD openvpn --config /etc/openvpn/openvpn.conf
But when I run the container
docker run -u openvpn -v /etc/openvpn:/etc/openvpn -itd --cap-drop all --cap-add=NET_ADMIN --device /dev/net/tun alpine-openvpn:v1
I get this error when launching
2021-10-28 15:27:31 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2021-10-28 15:27:31 ERROR: Cannot ioctl TUNSETIFF tun: Operation not permitted (errno=1)
2021-10-28 15:27:31 Exiting due to fatal error
But if I do not use openvpn user it works fine.
