haugene
ERROR: Cannot open TUN/TAP dev /dev/net/tun: Operation not permitted (errno=1)
Is there a pinned issue for this?
- [X] I have read the pinned issues and could not find my issue
Is there an existing or similar issue/discussion for this?
- [X] I have searched the existing issues
- [X] I have searched the existing discussions
Is there any comment in the documentation for this?
- [X] I have read the documentation, especially the FAQ and Troubleshooting parts
Is this related to a provider?
- [X] I have checked the provider repo for issues
- [X] My issue is NOT related to a provider
Are you using the latest release?
- [X] I am using the latest release
Have you tried using the dev branch latest?
- [X] I have tried using dev branch
Docker run config used
transmission: container_name: transmission cap_add: - NET_ADMIN volumes: - ${DOCKERDIR}/appdata/transmission:/config - ${DATADIR}/Downloads/completed:/data/ environment: - PUID=${PUID} - PGID=${PGID} - OPENVPN_PROVIDER=NORDVPN - OPENVPN_CONFIG=default - NORDVPN_COUNTRY=GB - NORDVPN_CATEGORY=P2P - NORDVPN_PROTOCOL=tcp - OPENVPN_USERNAME=${VPNUSER} - OPENVPN_PASSWORD=${VPNPASS} # - NORDVPN_SERVER=uk2313.nordvpn.com - LOCAL_NETWORK=192.168.1.0/24 - WEBPROXY_ENABLED=true - WEBPROXY_PORT=9999 # - TRANSMISSION_WEB_UI=combustion # - TRANSMISSION_WEB_UI=kettu # - TRANSMISSION_WEB_UI=transmission-web-control # - TRANSMISSION_WEB_UI=flood-for-transmission # - TRANSMISSION_WEB_UI=shift - HEALTH_CHECK_HOST=github.com logging: driver: json-file options: max-size: 10m ports: - 9091:9091 image: haugene/transmission-openvpn:latest restart: unless-stopped networks: - network1
Current Behavior
Container up but VPN failing and so cannot even connect to container on the web interface
Expected Behavior
Web interface works as VPN connects
How have you tried to solve the problem?
rebooted server, portainer stack and removed and re-pulled container
Log output
HW/SW Environment
- OS:Ubuntu 24.04
- Docker:Docker version 27.3.1, build ce12230
Anything else?
nothing to add
Potential duplicates:
- [#2883] Cannot open TUN/TAP dev /dev/net/tun: No such device (errno=19) (65.11%)
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
Add this to your compose file
devices:
- /dev/net/tun
And it indeed solves the issue.
The main issue is probably related to an update of container.io https://github.com/qdm12/gluetun/issues/2606
@BarrRedKola Thanks, worked for me.
If you use a systemctl service to start the container you need to add this line:
--device /dev/net/tun \
Add this to your compose file
devices: - /dev/net/tunAnd it indeed solves the issue.
The main issue is probably related to an update of container.io qdm12/gluetun#2606
This is only a fix for compose users. In docker swarm this won't work.
I locked the containerd version for as long as I have no real fix for this.
Thanks to the clues above, here's a workaround for a Kubernetes environment.
I'm using k3s and ran into this problem after upgrading the version to 1.31.3 (from 1.30.x) and restarting the pod.
Modify the Deployment object to add:
volumesvolumeMountsprivileged: true
Here's a full example since indention gets out of hand with these:
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: transmission-openvpn
spec:
strategy:
type: Recreate
replicas: 1
template:
spec:
hostNetwork: false
containers:
- name: transmission-openvpn
securityContext:
privileged: true
image: "haugene/transmission-openvpn:5.3.1"
volumeMounts:
- mountPath: /dev/net/tun
name: dev-net-tun
readOnly: true
volumes:
- name: dev-net-tun
hostPath:
path: /dev/net/tun
type: CharDevice
Dumb question maybe, how do I factor this in to a docker run command?
tried:
-e DEVICES=/dev/net/tun
--device /dev/net/tun
-e device=/dev/net/tun
-v device=/dev/net/tun
Dumb question maybe, how do I factor this in to a docker run command?
tried:
-e DEVICES=/dev/net/tun --device /dev/net/tun -e device=/dev/net/tun -v device=/dev/net/tun
--device=/dev/net/tun should work
https://docs.docker.com/reference/cli/docker/container/run/#device
Thank you, much appreciated.
Weirdly, it didn't help straight away. I had appended it to the end of my run command, but it failed with the same error:
docker: Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: exec: "--device=/dev/net/tun": stat --device=/dev/net/tun: no such file or directory: unknown.
On a whim I added it immediately after cap-add and now it's working:
docker run --cap-add=NET_ADMIN -d \
--device=/dev/net/tun \
thanks again
Add this to your compose file
devices: - /dev/net/tun
I've added this but I continue to get:
error gathering device information while adding custom device "/dev/net/tun": no such file or directory
Does the /dev/net/tun device need to be available on the host, because I'm not seeing it there?
I have been trying to fix this for the last few weeks and tried different things, but still get the TUN Error
I have it working on another machine that I set up ages ago, but I can't get it working on a new machine
Mapping the /dev/net/tun doesn't resolve the issue for me
Fix that works for me :-)
Docker must have changed how you access certain things, so you now have to make the Container privileged in order to create a VPN Tunnel
So pop privileged: true in line with the image level and this will now work. I have got this working on Debian and Ubuntu VM's in Proxmox
...
privileged: true
ports:
- '9091:9091'
- '8118:8118'
image: haugene/transmission-openvpn
...
Just tried the above adding the Devices (as above) without Privileged and this also works and is probably safer
devices:
- /dev/net/tun
For my k8s configuration, I had to mount the tun device like mentioned above and I had to change this env variable to false instead of true:
- name: CREATE_TUN_DEVICE
value: "false"
fyi: k3s 1.31.x (working with 1.30), running in debian VM hosted in proxmox.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.
![stale[bot] avatar](https://avatars.githubusercontent.com/in/1724?v=4 "Published by a pub.dev verified publisher"){kind=small}
Still an issue; please unstale it 😇
I think you will have to update your docker / swarm / k8s configuration but it should work after doing so.
Try with
- new privileges NET_CAP_ADNIN or NET_RAW.
- Privileged mode
- mount /dev/net/tun into the container
As is your previous configuration will probably not work and it is. Ot related to this image itself apart from maybe the readme that should be updated.
Hi, I am trying to make it work, but I got the operation not permitted error, I followed all the tips from this thread and the other one, and nothing changes.
I can create the container but it does not start and only have this on the logs.
Starting container with revision: fd609f2ace1970858d3c32fcbd6c271b3d274d39
TRANSMISSION_HOME is currently set to: /config/transmission-home
Creating TUN device /dev/net/tun
mknod: /dev/net/tun: Operation not permitted
Here is my docker compose file.
version: '3.3'
services:
transmission-openvpn:
cap_add:
- NET_ADMIN
devices:
- /dev/net/tun
volumes:
- '/data/transmission-vpn/data/:/data'
- '/data/transmission-vpn/config:/config'
environment:
- CREATE_TUN_DEVICE=true
- OPENVPN_PROVIDER=NORDVPN
- OPENVPN_CONFIG=france
- OPENVPN_USERNAME=user
- OPENVPN_PASSWORD=pass
- LOCAL_NETWORK=192.168.1.0/24
- "NORDVPN_COUNTRY=FR"
logging:
driver: json-file
options:
max-size: 10m
privileged: true
ports:
- '9091:9091'
image: haugene/transmission-openvpn
Any ideas?
Hi, I am trying to make it work, but I got the operation not permitted error, I followed all the tips from this thread and the other one, and nothing changes.
I can create the container but it does not start and only have this on the logs.
Starting container with revision: fd609f2ace1970858d3c32fcbd6c271b3d274d39 TRANSMISSION_HOME is currently set to: /config/transmission-home Creating TUN device /dev/net/tun mknod: /dev/net/tun: Operation not permitted
Here is my docker compose file.
version: '3.3' services: transmission-openvpn: cap_add: - NET_ADMIN devices: - /dev/net/tun volumes: - '/data/transmission-vpn/data/:/data' - '/data/transmission-vpn/config:/config' environment: - CREATE_TUN_DEVICE=true - OPENVPN_PROVIDER=NORDVPN - OPENVPN_CONFIG=france - OPENVPN_USERNAME=user - OPENVPN_PASSWORD=pass - LOCAL_NETWORK=192.168.1.0/24 - "NORDVPN_COUNTRY=FR" logging: driver: json-file options: max-size: 10m privileged: true ports: - '9091:9091' image: haugene/transmission-openvpnAny ideas?
You haven't specified what you are running Docker on. VM's are allowed to run TUN's, LXC Host aren't, that's one thing I found out the hard way
Thanks for the reply @SixteenOne
Uhm, actually I am running docker on an LXC on proxmox.
So is not possible to run it like that? I need to install docker on a VM on Proxmox?
Thanks for the reply @SixteenOne
Uhm, actually I am running docker on an LXC on proxmox.
So is not possible to run it like that? I need to install docker on a VM on Proxmox?
LXC's are restricted by default, so you can't create Tunnels or Network shares etc. you can go Unprivileged route, but I chose to just create a VM instead
Ups, so I will try to change. I was moving a host installation on one machine to a one on Proxmox via LXC, so I will migrate everything again.
I moved my docker installation to a VM as @SixteenOne mentioned, and everything works smooth.