[SOLVED] LXC Container can't connect via OpenVPN

manjotsc

Member
Jul 2, 2020
72
6
13
Montreal, Quebec
I am getting this error on my LXC Containers "ERROR: Cannot open TUN/TAP dev /dev/net/tun: No such file or directory (errno=2)"

Ubuntu 20.04.1 LTS (GNU/Linux 5.4.34-1-pve x86_64)

Thanks,

Code:
root@Torrent:/vpn/UDP_Files# openvpn --config Canada-UDP.ovpn
Sat Aug 15 03:39:09 2020 WARNING: file 'userpass.txt' is group or others accessible
Sat Aug 15 03:39:09 2020 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep  5 2019
Sat Aug 15 03:39:09 2020 library versions: OpenSSL 1.1.1f  31 Mar 2020, LZO 2.10
Sat Aug 15 03:39:09 2020 WARNING: --ping should normally be used with --ping-restart or --ping-exit
Sat Aug 15 03:39:09 2020 WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Sat Aug 15 03:39:09 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]158.69.26.75:4443
Sat Aug 15 03:39:09 2020 UDP link local: (not bound)
Sat Aug 15 03:39:09 2020 UDP link remote: [AF_INET]158.69.26.75:4443
Sat Aug 15 03:39:09 2020 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Sat Aug 15 03:39:09 2020 WARNING: 'link-mtu' is used inconsistently, local='link-mtu 1602', remote='link-mtu 1570'
Sat Aug 15 03:39:09 2020 WARNING: 'tun-mtu' is used inconsistently, local='tun-mtu 1532', remote='tun-mtu 1500'
Sat Aug 15 03:39:09 2020 [*.fastestvpn.co] Peer Connection Initiated with [AF_INET]158.69.26.75:4443
Sat Aug 15 03:39:10 2020 Options error: Unrecognized option or missing or extra parameter(s) in [PUSH-OPTIONS]:5: register-dns (2.4.7)
Sat Aug 15 03:39:10 2020 ERROR: Cannot open TUN/TAP dev /dev/net/tun: No such file or directory (errno=2)
Sat Aug 15 03:39:10 2020 Exiting due to fatal error
 
For an unprivileged container, I first created a device node with the right permissions on the host (once):
mknod /dev/net/openpvn_containerid c 10 200 chown 100000:100000 /dev/net/openpvn_containerid

And then, I added the following in the containerid.conf :
lxc.mount.entry: /dev/net/openpvn_containerid dev/net/tun none bind,create=file

PS: The devices node is not persistent and it needs to be created every reboot of the host. (As described by the discussion below.)
 
Last edited:
  • Like
Reactions: manjotsc
@avw When I reboot my Proxmox Server, I have to rerun these two commands, otherwise container won't start.

"mknod /dev/net/openpvn_containerid c 10 200
chown 100000:100000 /dev/net/openpvn_containerid"
 
@avw When I reboot my Proxmox Server, I have to rerun these two commands, otherwise container won't start.

"mknod /dev/net/openpvn_containerid c 10 200
chown 100000:100000 /dev/net/openpvn_containerid"

Sorry about that. Turns out that I added the following to /etc/rc.local to do this every (re)boot:
[ ! -e /dev/net/openvpn ] && /usr/sbin/modprobe tun && /usr/bin/mknod /dev/net/openvpn c 10 200 && /usr/bin/chown 100000:100000 /dev/net/openvpn

PS: Maybe you will need to enable rc.local in systemd, or put the command line in crontab with an @ reboot...
 
Should I put just like that

" [ ! -e /dev/net/openvpn ] && /usr/sbin/modprobe tun && /usr/bin/mknod /dev/net/openvpn c 10 200 && /usr/bin/chown 100000:100000 /dev/net/openvpn "

or with container id

" [ ! -e /dev/net/openvpn ] && /usr/sbin/modprobe tun && /usr/bin/mknod /dev/net/openvpn_103 c 10 200 && /usr/bin/chown 100000:100000 /dev/net/openvpn_103 "
 
Should I put just like that

" [ ! -e /dev/net/openvpn ] && /usr/sbin/modprobe tun && /usr/bin/mknod /dev/net/openvpn c 10 200 && /usr/bin/chown 100000:100000 /dev/net/openvpn "

or with container id

" [ ! -e /dev/net/openvpn ] && /usr/sbin/modprobe tun && /usr/bin/mknod /dev/net/openvpn_103 c 10 200 && /usr/bin/chown 100000:100000 /dev/net/openvpn_103 "

You can choose the name of the node yourself. openvpn or openvpn_containerIDnumber or whatever you think is helpful.
Just make sure you use the same name in the configuration of the container in /etc/pve/lxc/containerIDnumber.conf.
Also make sure you use the same name in the command line (you forgot _103 in the first command on the second command line in your message).
 
I added the line to rc.local, but it can't start and I enabled it using this guide https://www.linuxbabe.com/linux-server/how-to-enable-etcrc-local-with-systemd

Code:
[ ! -e /dev/net/openvpn ] && /usr/sbin/modprobe tun && /usr/bin/mknod /dev/net/openvpn c 10 200 && /usr/bin/chown 100000:100000 /dev/net/openvpn

Code:
root@vms1:~# systemctl status rc-local
● rc-local.service - /etc/rc.local Compatibility
   Loaded: loaded (/etc/systemd/system/rc-local.service; enabled; vendor preset: enabled)
  Drop-In: /usr/lib/systemd/system/rc-local.service.d
           └─debian.conf
   Active: failed (Result: exit-code) since Tue 2020-09-08 07:56:16 EDT; 3s ago
  Process: 13702 ExecStart=/etc/rc.local start (code=exited, status=203/EXEC)

Sep 08 07:56:16 vms1 systemd[1]: Starting /etc/rc.local Compatibility...
Sep 08 07:56:16 vms1 systemd[13702]: rc-local.service: Failed to execute command: Exec format error
Sep 08 07:56:16 vms1 systemd[13702]: rc-local.service: Failed at step EXEC spawning /etc/rc.local: Exec format error
Sep 08 07:56:16 vms1 systemd[1]: rc-local.service: Control process exited, code=exited, status=203/EXEC
Sep 08 07:56:16 vms1 systemd[1]: rc-local.service: Failed with result 'exit-code'.
Sep 08 07:56:16 vms1 systemd[1]: Failed to start /etc/rc.local Compatibility.
 
Fixed and working, Instead of creating rc.local manually, had to run this command and then add the line to it.

Thanks,

Code:
printf '%s\n' '#!/bin/bash' 'exit 0' | sudo tee -a /etc/rc.local
 
This is what I have in there,

View attachment 19738
Your rc.local bash script terminates with exit 0 before it has a chance to execute the command at the bottom of the file. Please swap the two lines.

PS: Please note that all of this is not specific to the original issue. It is common Linux system administration. If you want the commands to automatically run at every boot on the machine, feel free to use any method you like.
 
Working now, Thanks

I put commands like this

Code:
#!/bin/bash

# OpenVPN Tun Interface

mknod /dev/net/openpvn c 10 200
chown 100000:100000 /dev/net/openpvn

exit 0
 
[root@web ~]# mknod /dev/net/openpvn_containerid c 10 100
mknod: /dev/net/openpvn_containerid: Operation not permitted

anyhelp
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!