ovpn_dco_v2 module to lxc unprivileged container for Openvpn.

R

r4w

New Member
Oct 1, 2024
2
0
1
Hi all,

I am new to Proxmox but I have been a long time user of virtualisation using Vmware.
I am trying to build an unprivileged container for Openvpn and trying to leverage the DCO (ovpn_dco_v2) module.
I have successfully compiled and loaded the module on the host (PVE) and I can also see loaded in LXC container.
However, when openvpn tries to use that, I get the following:

Code: 
2025-01-15 11:22:28 dco_get_peer_stats_multi: netlink reports error (-28): Operation not permitted
2025-01-15 11:22:28 dco_get_peer_stats_multi: failed to send netlink message: Operation not permitted (-1)

I didn't try yet to use a privileged container, I am wondering if there is the container is missing some permissions in the configuration which I am not aware of.
Any help is greatly appreciated.

Thank you.
 
Update, I don't see the error with a privileged container.
I tried to add lxc.apparmor.profile = unconfined to the unprivileged container but no changes in behaviour.
 
r4w said:
Hi all,

I am new to Proxmox but I have been a long time user of virtualisation using Vmware.
I am trying to build an unprivileged container for Openvpn and trying to leverage the DCO (ovpn_dco_v2) module.
I have successfully compiled and loaded the module on the host (PVE) and I can also see loaded in LXC container.
However, when openvpn tries to use that, I get the following:

Code: 
2025-01-15 11:22:28 dco_get_peer_stats_multi: netlink reports error (-28): Operation not permitted
2025-01-15 11:22:28 dco_get_peer_stats_multi: failed to send netlink message: Operation not permitted (-1)

I didn't try yet to use a privileged container, I am wondering if there is the container is missing some permissions in the configuration which I am not aware of.
Any help is greatly appreciated.

Thank you.
Click to expand...
Hi,
 
I use also OpenVPN on an unprivileged Ubuntu 24.04 CT. Packages come directly from the repositories. But I had to set this LXC features:

Code: 
lxc.cgroup.devices.allow: c 10:200 rwm
lxc.mount.entry: /dev/net dev/net none bind,create=dir
features: nesting=1

This allows openvpn to work normally here.
 
  • Like
Reactions: Johannes S
You must log in or register to reply here.
Top Bottom