Getting "Cannot ioctl TUNSETIFF tun: Operation not permitted (errno=1)" error while trying to connect to OpenVPN on Alpine docker container

Question

What do i do to fix this error:

ERROR: Cannot ioctl TUNSETIFF tun: Operation not permitted (errno =1).

On a Docker container running the "prantlf/alpine-glibc" image, I'm trying to connect to OpenVPN.

My Dockerfile:

FROM prantlf/alpine-glibc:latest

USER root
RUN apk add --update --no-cache openssh && \
    apk add openvpn && \
    apk add curl && \

ENTRYPOINT ["/entrypoint.sh"]
EXPOSE 22
COPY entrypoint.sh /
COPY app.out /
COPY ovpn_udp.conf /

Im building with:

docker build -t ovpn .

Im running with:

docker run --privileged --device /dev/net/tun --cap-add=NET_ADMIN -d -p 22:22 ovpn

Trying to connect with:

openvpn --config ovpn_conf.conf

Here is the full openvpn log im getting:

2022-09-23 19:57:47 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
2022-09-23 19:57:47 OpenVPN 2.5.6 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Mar 24 2022
2022-09-23 19:57:47 library versions: OpenSSL 1.1.1l  24 Aug 2021, LZO 2.10
Enter Auth Username:
Enter Auth Password:
2022-09-23 19:57:55 WARNING: --ping should normally be used with --ping-restart or --ping-exit
2022-09-23 19:57:55 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2022-09-23 19:57:55 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2022-09-23 19:57:55 TCP/UDP: Preserving recently used remote address: [AF_INET]107.181.177.179:1194
2022-09-23 19:57:55 Socket Buffers: R=[212992->212992] S=[212992->212992]
2022-09-23 19:57:55 UDP link local: (not bound)
2022-09-23 19:57:55 UDP link remote: [AF_INET]107.181.177.179:1194
2022-09-23 19:57:55 TLS: Initial packet from [AF_INET]107.181.177.179:1194, sid=e01c45d4 841186d0
2022-09-23 19:57:55 VERIFY OK: depth=2, C=VG, O=Surfshark, CN=Surfshark Root CA
2022-09-23 19:57:55 VERIFY OK: depth=1, C=VG, O=Surfshark, CN=Surfshark Intermediate CA
2022-09-23 19:57:55 VERIFY KU OK
2022-09-23 19:57:55 Validating certificate extended key usage
2022-09-23 19:57:55 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2022-09-23 19:57:55 VERIFY EKU OK
2022-09-23 19:57:55 VERIFY OK: depth=0, CN=ca-van-v005.prod.surfshark.com
2022-09-23 19:57:56 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1633', remote='link-mtu 1581'
2022-09-23 19:57:56 WARNING: 'auth' is used inconsistently, local='auth SHA512', remote='auth [null-digest]'
2022-09-23 19:57:56 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
2022-09-23 19:57:56 [ca-van-v005.prod.surfshark.com] Peer Connection Initiated with [AF_INET]107.181.177.179:1194
2022-09-23 19:57:57 SENT CONTROL [ca-van-v005.prod.surfshark.com]: 'PUSH_REQUEST' (status=1)
2022-09-23 19:57:57 PUSH: Received control message: 'PUSH_REPLY,dhcp-option DNS 162.252.172.57,dhcp-option DNS 149.154.159.92,redirect-gateway def1,sndbuf 524288,rcvbuf 524288,explicit-exit-notify,block-outside-dns,route-gateway 10.8.8.1,topology subnet,ping 60,ping-restart 180,ifconfig 10.8.8.30 255.255.255.0,peer-id 24,cipher AES-256-GCM'
2022-09-23 19:57:57 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:7: block-outside-dns (2.5.6)
2022-09-23 19:57:57 OPTIONS IMPORT: timers and/or timeouts modified
2022-09-23 19:57:57 OPTIONS IMPORT: explicit notify parm(s) modified
2022-09-23 19:57:57 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
2022-09-23 19:57:57 Socket Buffers: R=[212992->425984] S=[212992->425984]
2022-09-23 19:57:57 OPTIONS IMPORT: --ifconfig/up options modified
2022-09-23 19:57:57 OPTIONS IMPORT: route options modified
2022-09-23 19:57:57 OPTIONS IMPORT: route-related options modified
2022-09-23 19:57:57 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2022-09-23 19:57:57 OPTIONS IMPORT: peer-id set
2022-09-23 19:57:57 OPTIONS IMPORT: adjusting link_mtu to 1656
2022-09-23 19:57:57 OPTIONS IMPORT: data channel crypto options modified
2022-09-23 19:57:57 Data Channel: using negotiated cipher 'AES-256-GCM'
2022-09-23 19:57:57 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2022-09-23 19:57:57 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2022-09-23 19:57:57 ROUTE_GATEWAY 172.17.0.1/255.255.0.0 IFACE=eth0 HWADDR=02:42:ac:11:00:0a
2022-09-23 19:57:57 ERROR: Cannot ioctl TUNSETIFF tun: Operation not permitted (errno=1)
2022-09-23 19:57:57 Exiting due to fatal error

host machine os: Ubuntu 20.4

Getting "Cannot ioctl TUNSETIFF tun: Operation not permitted (errno=1)" error while trying to connect to OpenVPN on Alpine docker container

0 Answers0