ERROR: Cannot ioctl TUNSETIFF tun: Operation not permitted (errno=1)

Question

ERROR: Cannot ioctl TUNSETIFF tun: Operation not permitted (errno=1)

zyssai opened this issue 3 years ago · 0 comments

Hi, I'm coming from deprecated <guillaumedsde/qbittorrent-openvpn:latest>
Everything worked fine, but now i'm unable to get <guillaumedsde/alpine-qbittorrent-openvpn:latest> working
I followed #63, without success.

All my containers are under traefik v2.
VPN is custom from VPNUnlimited.

INFO: Configuring Docker networks: 192.168.90.169/24
[cont-init.d] 03-setup-iptables: exited 0.
[cont-init.d] done.
[services.d] starting services
[services.d] done.
2022-03-30 13:46:54 DEPRECATED OPTION: --cipher set to 'AES-256-CBC' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'AES-256-CBC' to --data-ciphers or change --cipher 'AES-256-CBC' to --data-ciphers-fallback 'AES-256-CBC' to silence this warning.
2022-03-30 13:46:54 OpenVPN 2.5.2 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on May 4 2021
2022-03-30 13:46:54 library versions: OpenSSL 1.1.1l 24 Aug 2021, LZO 2.10
2022-03-30 13:46:54 TCP/UDP: Preserving recently used remote address: [AF_INET]XX.XX.98.70:1194
2022-03-30 13:46:54 Socket Buffers: R=[212992->212992] S=[212992->212992]
2022-03-30 13:46:54 UDP link local: (not bound)
2022-03-30 13:46:54 UDP link remote: [AF_INET]XX.XX.98.70:1194
2022-03-30 13:46:55 TLS: Initial packet from [AF_INET]XX.XX.98.70:1194, sid=02f0115e c28e00f8
2022-03-30 13:46:55 VERIFY OK: depth=1, C=US, ST=NY, L=New York, O=Simplex Solutions Inc., OU=Vpn Unlimited, CN=server.vpnunlimitedapp.com, name=server.vpnunlimitedapp.com, emailAddress=support@simplexsolutionsinc.com
2022-03-30 13:46:55 VERIFY KU OK
2022-03-30 13:46:55 Validating certificate extended key usage
2022-03-30 13:46:55 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2022-03-30 13:46:55 VERIFY EKU OK
2022-03-30 13:46:55 VERIFY OK: depth=0, CN=openvpn2.vpnunlimitedapp.com
2022-03-30 13:46:55 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, peer certificate: 4096 bit RSA, signature: RSA-SHA512
2022-03-30 13:46:55 [openvpn2.vpnunlimitedapp.com] Peer Connection Initiated with [AF_INET]XX.XX.98.70:1194
2022-03-30 13:46:56 SENT CONTROL [openvpn2.vpnunlimitedapp.com]: 'PUSH_REQUEST' (status=1)
2022-03-30 13:47:01 SENT CONTROL [openvpn2.vpnunlimitedapp.com]: 'PUSH_REQUEST' (status=1)
2022-03-30 13:47:01 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS XX.XX.0.1,rcvbuf 262144,sndbuf 262144,comp-lzo no,ping 5,ping-exit 30,route XX.XX.0.1,topology net30,ifconfig XX.XX.1.162 XX.XX.1.161,peer-id 100,cipher AES-256-GCM'
2022-03-30 13:47:01 WARNING: You have specified redirect-gateway and redirect-private at the same time (or the same option multiple times). This is not well supported and may lead to unexpected results
2022-03-30 13:47:01 Pushed option removed by filter: 'dhcp-option DNS XX.XX.0.1'
2022-03-30 13:47:01 OPTIONS IMPORT: timers and/or timeouts modified
2022-03-30 13:47:01 OPTIONS IMPORT: compression parms modified
2022-03-30 13:47:01 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
2022-03-30 13:47:01 Socket Buffers: R=[212992->425984] S=[212992->425984]
2022-03-30 13:47:01 OPTIONS IMPORT: --ifconfig/up options modified
2022-03-30 13:47:01 OPTIONS IMPORT: route options modified
2022-03-30 13:47:01 OPTIONS IMPORT: peer-id set
2022-03-30 13:47:01 OPTIONS IMPORT: adjusting link_mtu to 1625
2022-03-30 13:47:01 OPTIONS IMPORT: data channel crypto options modified
2022-03-30 13:47:01 Data Channel: using negotiated cipher 'AES-256-GCM'
2022-03-30 13:47:01 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2022-03-30 13:47:01 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2022-03-30 13:47:01 ROUTE_GATEWAY 192.168.90.1/255.255.255.0 IFACE=eth0 HWADDR=XX:XX:XX:XX:5a:a9
2022-03-30 13:47:01 ERROR: Cannot ioctl TUNSETIFF tun: Operation not permitted (errno=1)
2022-03-30 13:47:01 Exiting due to fatal error

`docker-compose.yml` file

version: "3.9"
services:
  qbittorrent-openvpn:
    image: guillaumedsde/alpine-qbittorrent-openvpn:latest
    container_name: qbittorrent
    restart: unless-stopped
    networks:
      t2_proxy:
        ipv4_address: 192.168.90.169
    security_opt:
      - no-new-privileges:true
    volumes:
      - '$TORRENTDIR:/Torrents'
      - '$DOCKERDIR/qbittorrent/config:/config'
      - '/etc/localtime:/etc/localtime:ro'
      - '$DOCKERDIR/qbittorrent/config.ovpn:/config/openvpn/config.ovpn'
      - '$DOCKERDIR/qbittorrent/config/03-setup-iptables:/etc/cont-init.d/03-setup-iptables:ro'
    environment:
      - PUID=0 #$PUID
      - PGID=0 #$PGID
      - OPENVPN_PROVIDER=$OPENVPN_PROVIDER
      - OPENVPN_CONFIG=$OPENVPN_CONFIG
      - OPENVPN_USERNAME=$OPENVPN_USERNAME
      - OPENVPN_PASSWORD=$OPENVPN_PASSWORD
      - LAN=$LOCAL_NETWORK
      - DNS=1.1.1.1
      - HEALTH_CHECK_HOST=google.com
      - CREATE_TUN_DEVICE=true
    ports:
      - "8080:8080"
    cap_add:
      - NET_ADMIN
    labels:
      - "traefik.enable=true"
      - "com.centurylinklabs.watchtower.enable=true"
      ## HTTP Routers
      - "traefik.http.routers.qbittorrent-rtr.entrypoints=https"
      - "traefik.http.routers.qbittorrent-rtr.rule=Host(`qbit.$DOMAINNAME0`)"
      ## Middlewares
      - "traefik.http.routers.qbittorrent-rtr.middlewares=chain-oauth@file"
      ## HTTP Services
      - "traefik.http.routers.qbittorrent-rtr.service=qbittorrent-svc"
      - "traefik.http.services.qbittorrent-svc.loadbalancer.server.port=8080"
 
  networks:
    t2_proxy:
      name: t2_proxy
      driver: bridge
      ipam:
        config:
          - subnet: 192.168.90.0/24
here is .env
OPENVPN_PROVIDER=
OPENVPN_CONFIG=
OPENVPN_USERNAME=xxxxxxxxxxx
OPENVPN_PASSWORD=xxxxxxxxxxx

Any help appreciated

docker-compose.yml file

`docker-compose.yml` file