haugene / docker-transmission-openvpn

Docker container running Transmission torrent client with WebUI over an OpenVPN tunnel
GNU General Public License v3.0
4.14k stars 1.21k forks source link

Synology ERROR: Cannot open TUN/TAP dev /dev/net/tun: No such device (errno=19) #1542

Closed JaWas2019 closed 3 years ago

JaWas2019 commented 3 years ago

Hey guys, I'm sorry if I'm just stupid and missing something here, I don't have too much experience with docker, and even less with docker on my new Synology DS920+

I downloaded this container through the built-in docker registry. I set up all my variables, however, the container is crashing on every startup. The logs don't make sense to me, as the TUN creation as well as establishing the VPN connection seem to be working fine, it's only crashing once it's trying to open TUN. I've read that you could use the --device flag to fix this, but as I'm executing from the registry directly, I don't think I can add any flags to the startup?

Please excuse the order of the logfiles (highest=newest), this is how Synology exports it.

Any help would be highly appreciated!

` 2020-11-22 15:10:29 stdout Sun Nov 22 15:10:29 2020 Exiting due to fatal error
2020-11-22 15:10:29 stdout Sun Nov 22 15:10:29 2020 ERROR: Cannot open TUN/TAP dev /dev/net/tun: No such device (errno=19)
2020-11-22 15:10:29 stdout Sun Nov 22 15:10:29 2020 ROUTE_GATEWAY 172.17.0.1/255.255.0.0 IFACE=eth0 HWADDR=02:42:ac:11:00:02
2020-11-22 15:10:29 stdout Sun Nov 22 15:10:29 2020 Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2020-11-22 15:10:29 stdout Sun Nov 22 15:10:29 2020 Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
2020-11-22 15:10:29 stdout Sun Nov 22 15:10:29 2020 Data Channel: using negotiated cipher 'AES-256-GCM'
2020-11-22 15:10:29 stdout Sun Nov 22 15:10:29 2020 OPTIONS IMPORT: data channel crypto options modified
2020-11-22 15:10:29 stdout Sun Nov 22 15:10:29 2020 OPTIONS IMPORT: adjusting link_mtu to 1659
2020-11-22 15:10:29 stdout Sun Nov 22 15:10:29 2020 OPTIONS IMPORT: peer-id set
2020-11-22 15:10:29 stdout Sun Nov 22 15:10:29 2020 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
2020-11-22 15:10:29 stdout Sun Nov 22 15:10:29 2020 OPTIONS IMPORT: route-related options modified
2020-11-22 15:10:29 stdout Sun Nov 22 15:10:29 2020 OPTIONS IMPORT: route options modified
2020-11-22 15:10:29 stdout Sun Nov 22 15:10:29 2020 OPTIONS IMPORT: --ifconfig/up options modified
2020-11-22 15:10:29 stdout Sun Nov 22 15:10:29 2020 Socket Buffers: R=[367360->425984] S=[87040->425984]
2020-11-22 15:10:29 stdout Sun Nov 22 15:10:29 2020 OPTIONS IMPORT: --sndbuf/--rcvbuf options modified
2020-11-22 15:10:29 stdout Sun Nov 22 15:10:29 2020 OPTIONS IMPORT: compression parms modified
2020-11-22 15:10:29 stdout Sun Nov 22 15:10:29 2020 OPTIONS IMPORT: --explicit-exit-notify can only be used with --proto udp
2020-11-22 15:10:29 stdout Sun Nov 22 15:10:29 2020 OPTIONS IMPORT: timers and/or timeouts modified
2020-11-22 15:10:29 stdout Sun Nov 22 15:10:29 2020 PUSH: Received control message: 'PUSH_REPLY,redirect-gateway def1,dhcp-option DNS 103.86.96.100,dhcp-option DNS 103.86.99.100,sndbuf 524288,rcvbuf 524288,explicit-exit-notify,comp-lzo no,route-gateway 10.7.3.1,topology subnet,ping 60,ping-restart 180,ifconfig 10.7.3.4 255.255.255.0,peer-id 0,cipher AES-256-GCM'
2020-11-22 15:10:28 stdout Sun Nov 22 15:10:28 2020 SENT CONTROL [fr598.nordvpn.com]: 'PUSH_REQUEST' (status=1)
2020-11-22 15:10:27 stdout Sun Nov 22 15:10:27 2020 [fr598.nordvpn.com] Peer Connection Initiated with [AF_INET]89.40.183.195:443
2020-11-22 15:10:27 stdout Sun Nov 22 15:10:27 2020 Control Channel: TLSv1.2, cipher TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384, 4096 bit RSA
2020-11-22 15:10:27 stdout Sun Nov 22 15:10:27 2020 VERIFY OK: depth=0, CN=fr598.nordvpn.com
2020-11-22 15:10:27 stdout Sun Nov 22 15:10:27 2020 VERIFY EKU OK
2020-11-22 15:10:27 stdout Sun Nov 22 15:10:27 2020 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
2020-11-22 15:10:27 stdout Sun Nov 22 15:10:27 2020 Validating certificate extended key usage
2020-11-22 15:10:27 stdout Sun Nov 22 15:10:27 2020 VERIFY KU OK
2020-11-22 15:10:27 stdout Sun Nov 22 15:10:27 2020 VERIFY OK: depth=1, C=PA, O=NordVPN, CN=NordVPN CA5
2020-11-22 15:10:27 stdout Sun Nov 22 15:10:27 2020 VERIFY OK: depth=2, C=PA, O=NordVPN, CN=NordVPN Root CA
2020-11-22 15:10:27 stdout Sun Nov 22 15:10:27 2020 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
2020-11-22 15:10:27 stdout Sun Nov 22 15:10:27 2020 TLS: Initial packet from [AF_INET]89.40.183.195:443, sid=ae38b3e4 cf173918
2020-11-22 15:10:27 stdout Sun Nov 22 15:10:27 2020 TCP_CLIENT link remote: [AF_INET]89.40.183.195:443
2020-11-22 15:10:27 stdout Sun Nov 22 15:10:27 2020 TCP_CLIENT link local: (not bound)
2020-11-22 15:10:27 stdout Sun Nov 22 15:10:27 2020 TCP connection established with [AF_INET]89.40.183.195:443
2020-11-22 15:10:26 stdout Sun Nov 22 15:10:26 2020 Attempting to establish TCP connection with [AF_INET]89.40.183.195:443 [nonblock]
2020-11-22 15:10:26 stdout Sun Nov 22 15:10:26 2020 Socket Buffers: R=[87380->87380] S=[16384->16384]
2020-11-22 15:10:26 stdout Sun Nov 22 15:10:26 2020 TCP/UDP: Preserving recently used remote address: [AF_INET]89.40.183.195:443
2020-11-22 15:10:26 stdout Sun Nov 22 15:10:26 2020 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2020-11-22 15:10:26 stdout Sun Nov 22 15:10:26 2020 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
2020-11-22 15:10:26 stdout Sun Nov 22 15:10:26 2020 NOTE: --fast-io is disabled since we are not using UDP
2020-11-22 15:10:26 stdout Sun Nov 22 15:10:26 2020 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
2020-11-22 15:10:26 stdout Sun Nov 22 15:10:26 2020 library versions: OpenSSL 1.1.1g  21 Apr 2020, LZO 2.10
2020-11-22 15:10:26 stdout Sun Nov 22 15:10:26 2020 OpenVPN 2.4.9 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 20 2020
2020-11-22 15:10:26 stdout Setting OpenVPN credentials...
2020-11-22 15:10:26 stdout Modifying /etc/openvpn/nordvpn/fr598.nordvpn.com.ovpn for best behaviour in this container
2020-11-22 15:10:26 stdout Starting OpenVPN using config fr598.nordvpn.com.ovpn
2020-11-22 15:10:26 stdout 2020-11-22 15:10:23 Downloading from: https://downloads.nordcdn.com/configs/files/ovpn_tcp/servers/fr598.nordvpn.com.tcp.ovpn
2020-11-22 15:10:26 stdout 2020-11-22 15:10:23 Downloading config: fr598.nordvpn.com.ovpn
2020-11-22 15:10:26 stdout 2020-11-22 15:10:23 Best server : fr598.nordvpn.com
2020-11-22 15:10:25 stdout 2020-11-22 15:10:23 Searching for technology: openvpn_tcp
2020-11-22 15:10:24 stdout 2020-11-22 15:10:23 Searching for country : FR (74)
2020-11-22 15:10:24 stdout 2020-11-22 15:10:23 Selecting the best server...
2020-11-22 15:10:24 stdout 2020-11-22 15:10:23 Downloading from: https://downloads.nordcdn.com/configs/files/ovpn_tcp/servers/fr598.nordvpn.com.tcp.ovpn
2020-11-22 15:10:24 stdout 2020-11-22 15:10:23 Downloading config: default.ovpn
2020-11-22 15:10:24 stdout 2020-11-22 15:10:23 Best server : fr598.nordvpn.com
2020-11-22 15:10:23 stdout 2020-11-22 15:10:23 Searching for technology: openvpn_tcp
2020-11-22 15:10:23 stdout 2020-11-22 15:10:23 Selecting the best server...
2020-11-22 15:10:23 stdout 2020-11-22 15:10:23 Removing existing configs
2020-11-22 15:10:23 stdout 2020-11-22 15:10:23 Checking curl installation
2020-11-22 15:10:23 stdout Provider nordvpn has a custom setup script, executing it
2020-11-22 15:10:23 stdout Using OpenVPN provider: NORDVPN
2020-11-22 15:10:23 stdout Creating TUN device /dev/net/tun
2020-11-22 15:10:23 stdout Starting container with revision: baed33520630e88ba34842cab05f2cd3fd6cf28f

`

TheBarron0 commented 3 years ago

I had this issue, restoring the TUN.sh task and file from various guides (example below) fixed it for me.

https://petestechblog.com/2020/10/04/how-to-run-transmission-using-openvpn-in-docker-on-a-synology-nas-dsm-6-0/

it used to be in the documentation but I couldn't see it anymore

11jwolfe2 commented 3 years ago

I am having the exact same error on a raspberry pi kubernetes cluster.

Tue Dec  8 17:32:53 2020 [romania407] Peer Connection Initiated with [AF_INET]143.244.54.172:1198
Tue Dec  8 17:32:54 2020 OpenVPN ROUTE6: OpenVPN needs a gateway parameter for a --route-ipv6 option and no default was specified by either --route-ipv6-gateway or --ifconfig-ipv6 options
Tue Dec  8 17:32:54 2020 OpenVPN ROUTE: failed to parse/resolve route for host/network: 2000::/3
Tue Dec  8 17:32:54 2020 ERROR: Cannot open TUN/TAP dev /dev/net/tun: No such device (errno=19)
Tue Dec  8 17:32:54 2020 Exiting due to fatal error
haugene commented 3 years ago

But you solved, right @11jwolfe2. Ref #1548

Have you gotten any further here @JaWas2019? I'm thinking we probably have to put the TUN.sh script info back into the docs. Was really hoping that the CREATE_TUN_DEVICE stuff was supposed to work though :disappointed:

Beholder1984 commented 3 years ago

I have a DS1621+ and had the same issue. I got it to work by initializing the VPN connection once. Go to "Control Panel" => "Network" => "Network Interface" and create a new VPN Profile with your OpenVPN settings. Make the connection once.

Important: Do make sure to do this on your local network because all traffic from and to your NAS will go through this VPN-connection now. So you will only be able connect to it with your local IP. You can now stop the VPN connection after which you can start the docker container. The fatal error is gone. This feels like a temporary fix because after a reboot of your NAS you have to follow the same procedure again. Hopefully someone will come up with a better solution.

batlley commented 3 years ago

I had the same error on my Synology. I managed to make the container to work by simply creating the TUN device on the host/synology first. After that the error was gone and I was able to run the container on the Docker app on the synology:

This is to execute on your synology:

#!/bin/sh

# Create the necessary file structure for /dev/net/tun
if ( [ ! -c /dev/net/tun ] ); then
  if ( [ ! -d /dev/net ] ); then
    mkdir -m 755 /dev/net
  fi
  mknod /dev/net/tun c 10 200
  chmod 0755 /dev/net/tun
fi

# Load the tun module if not already loaded
if ( !(lsmod | grep -q "^tun\s") ); then
  insmod /lib/modules/tun.ko
fi
Djangox commented 3 years ago

it used to be as simple as installing the Synology VPN server app. Now running that script at boot up (scheduled task) is the key.

jsatk commented 3 years ago

I'm still getting this same error even after running the above script and setting it to always run at NAS boot up. What gives?

JaWas2019 commented 3 years ago

Hey guys, sorry for going MIA - somehow all replies to this ended up in my Spam folder unnoticed. I can fix the issue temporarily by ssh*ing onto my NAS and manually sudo executing the TUN.sh file. For some reason, not even the "run on startup" task seems to do the job - thinking it might be because of the sudo permissions - without it I get a Permission denied error. However, this still has to be repeated after every reboot.

Here's an explanation for non-tech-savvy people:

  1. Create the file listed by batlley above on your NAS and memorize where you put it
  2. Download PuTTY or any other SSH tool (I think on mac/linux you can do it directly, I'm on Windows)
  3. Enter your NAS IP and port (standard is 20) into the connection field
  4. authenticate yourself with your admin profile
  5. type sudo
  6. authenticate yourself again
  7. navigate to the folder with the file (you need to go into /volume1/ usually before seeing your normal folders)(type cd and a folder name to go to a different directory, cd .. to go up a folder or ls to see a list of folders in your current directory)
  8. make the file executable with chmod 0755 TUN.sh (I can't remember if I had to do this the first time, too long ago)
  9. run the file by typing sudo ./TUN.sh from the directory with the file

Hope this helps anyone who's never done anything with SSH, took me a while to gather

Mega-Touk commented 3 years ago

I have a DS1621+ and had the same issue. I got it to work by initializing the VPN connection once. Go to "Control Panel" => "Network" => "Network Interface" and create a new VPN Profile with your OpenVPN settings. Make the connection once.

Important: Do make sure to do this on your local network because all traffic from and to your NAS will go through this VPN-connection now. So you will only be able connect to it with your local IP. You can now stop the VPN connection after which you can start the docker container. The fatal error is gone. This feels like a temporary fix because after a reboot of your NAS you have to follow the same procedure again. Hopefully someone will come up with a better solution.

Thanks, this is working great on DS920+

Making the NAS do the work by itself is the best approach i think. I belive it's the best way to not interfere with synology processes.

Epirr commented 3 years ago

Hey guys, sorry for going MIA - somehow all replies to this ended up in my Spam folder unnoticed. I can fix the issue temporarily by ssh*ing onto my NAS and manually sudo executing the TUN.sh file. For some reason, not even the "run on startup" task seems to do the job - thinking it might be because of the sudo permissions - without it I get a Permission denied error. However, this still has to be repeated after every reboot.

Here's an explanation for non-tech-savvy people:

  1. Create the file listed by batlley above on your NAS and memorize where you put it
  2. Download PuTTY or any other SSH tool (I think on mac/linux you can do it directly, I'm on Windows)
  3. Enter your NAS IP and port (standard is 20) into the connection field
  4. authenticate yourself with your admin profile
  5. type sudo
  6. authenticate yourself again
  7. navigate to the folder with the file (you need to go into /volume1/ usually before seeing your normal folders)(type cd and a folder name to go to a different directory, cd .. to go up a folder or ls to see a list of folders in your current directory)
  8. make the file executable with chmod 0755 TUN.sh (I can't remember if I had to do this the first time, too long ago)
  9. run the file by typing sudo ./TUN.sh from the directory with the file

Hope this helps anyone who's never done anything with SSH, took me a while to gather

Thank you for this. I am very new to SSH and am having some difficulty with this unfortunately. Firstly when I enter "sudo", it just brings up a load of different letters and I'm not sure which one to use. I looked up a Synology SSH guide it had "sudo -i" so that is what I used, and managed to navigate to the directory of my TUN.sh (cd /volume1/docker/transmission)

However when I typed "sudo ./TUN.sh", it said "sudo: unable to execute ./TUN.sh: No such file or directory". Do you know how exactly I should be doing this please? I did try the "chmod 0755 TUN.sh" command but that didn't seem to do anything.

EDIT: Nvm, got it working again by doing another restart of my Synology...classic!

pchristod commented 3 years ago

Hi,

just for the sake of completeness. Like someone already suggested you do not necessarily need the TUN.sh script. Maybe the more easier way if you are unfamiliar with SSH is: Install the VPN Server Application on your Synology. Start it and make sure it's active (this will create the device for you every reboot). Then add "cap-add=NET_ADMIN" and "device=/dev/net/tun" to your Docker run command and it should also work fine.

defmech commented 3 years ago

I have a DS1621+ and had the same issue. I got it to work by initializing the VPN connection once. Go to "Control Panel" => "Network" => "Network Interface" and create a new VPN Profile with your OpenVPN settings. Make the connection once.

Important: Do make sure to do this on your local network because all traffic from and to your NAS will go through this VPN-connection now. So you will only be able connect to it with your local IP. You can now stop the VPN connection after which you can start the docker container. The fatal error is gone. This feels like a temporary fix because after a reboot of your NAS you have to follow the same procedure again. Hopefully someone will come up with a better solution.

This worked for me. Hopefully not need to reboot the NAS much. :)

pkishino commented 3 years ago

fixed

esimonds commented 3 years ago

I didn't try the tun.sh script, but the other solutions on this thread did not work for me on a DS920+ running Synology DSM7. It's possible that they work on DSM6. Can anyone comment if they've found a solution for DSM7?

I did my testing with the following configuration:

Test 1 (pchristod's solution):
Installed VPN Server, and then started the Docker container from the GUI. --> Result: "Exiting due to fatal error"

Test 2 (Beholder1984's solution): Created a VPN network device, connected successfully to it once, disconnected, and then started the Docker container from the GUI. --> Result: "Exiting due to fatal error"

Test 3 (high privileges workaround -- not desirable due to security): Uninstalled the VPN Server application. Deleted the VPN network device in Control Panel. Enabled "Execute container using high privilege". Started the Docker container from the GUI. --> Result: Loaded fine, rock solid connection for days.

pkishino commented 3 years ago

if it works with high privilege then all I can say is this is a problem with synology then and something they should fix on their end..

esimonds commented 3 years ago

So this this container doesn't require the "--privilege" or "--device" flags on non-Synology systems? Interesting.

I did some more reading more about the "with high privilege" checkbox on Synology DSM's Docker GUI:

Based on this Reddit thread, I believe the Synology checkbox is turning on the "--privileged" flag. This will "enable access to all devices on the host" according to the docker docs.

With regular Docker, it is possible enable privileged access to a specific device using the "--device" flag, but that's not available through the DSM GUI. It's probably possible to start docker with the "--device" flag using a startup script as described here, but I didn't bother. I'm happy using the "with high privilege" checkbox for now.

pkishino commented 3 years ago

no, there should be no need for privilege or device so not sure why Synology has that problem..

pchristod commented 3 years ago

Hi, we talked a bit about creating the TUN Device within the Container on a Synology NAS in this Issue https://github.com/haugene/docker-transmission-openvpn/issues/1449#issuecomment-726622078 Also never got that to work, Synology seems to be a bit special with these things as pkishino noted.

I think there are various solutions to do this, however I just wanted to clarify how I do it because I believe you misunderstood it a bit. It does work without --privileged (or High privilege as it is called in the GUI). However the GUI is pretty limited I would highly suggest you use the CLI with SSH (simply connect via SSH to your NAS and do a "sudo su"), you can run docker commands then.

1) installed the VPN Server Application and started OpenVPN, the start part is important because otherwise the Device is not created. This will also work through reboots, other then Beholder1984`s solution because the VPN Server will start automatically with every reboot. Alternatively you can still use the TUN.sh script I guess but I never liked that solution. It achieves the same in the end -> create a Device you can use in the next step.

2) I use Docker run to run it, not a startup script: docker run --restart=always --name "transmission" --cap-add=NET_ADMIN --device=/dev/net/tun --sysctl net.ipv6.conf.all.disable_ipv6=0 -d \ This is just a snippet of the first line from the command I use, you need to mount volumes and configure environment variables depending on your needs of course. Additionally you can change/remove the IPv6 command if you don't need it.

In this case I at least do not need the high privileges. But I am using the device command you also mentioned. In the end it depends on personal preference I guess which approach you want to choose. If anyone knows how to reliably create the TUN device within the container this would probably be a more ideal solution.

Edit: I do this on DSM 6, not 7, just FYI.

pkishino commented 3 years ago

thanks for the input. @haugene I'll add a link to this comment in the documentation for now..

esimonds commented 3 years ago

@pchristod Thank you for the additional details! I was able to get it working on DSM7 using "docker run" from an SSH terminal, based on your instructions.

As a bonus, this created a new entry in the Docker GUI. I was able to start/stop/delete the container from the GUI. I was also able to monitor the log and create a terminal for troubleshooting from the GUI. However, editing any parameters from the GUI (e.g. changing the port) broke the configuration and I had to delete it and then recreate from SSH or the script below.

I then created a startup script as described below.

Overall, here's what I did:

  1. Created an OpenVPN network device as described by Beholder1984. Connected successfully to it once, then disconnected, and deleted the connection. I'm not sure this was necessary, or if it was Step 2, below, that resulted in a persistent device at /dev/net/tun.

  2. Installed the "VPN Server" application from Synology Package Center, and then immediately uninstalled the VPN Server application. I'm not sure this was necessary, or if Step 1 did the job. In any case, I now have a persistent device at /dev/net/tun.

  3. Created a script called "run-transmission-docker.sh" that is executable and owned by root. It is located in a folder called /volume1/docker/bootscripts

  4. Created a startup event (Task Scheduler --> Create --> Triggered Task --> User-defined script) to run the script at boot time. Importantly, I found that my DS920+ needed ~30 seconds after booting to allow the docker service to wake up before running this command, so I added a "sleep 30" command. User: root Event: Boot-up Pre-task: leave empty User-defined script: sleep 30;bash /volume1/docker/bootscripts/run-transmission-docker.sh

Here is the script, with some details scrubbed:

#!/bin/bash
docker run -d --restart=always \
--cap-add=NET_ADMIN \
--device=/dev/net/tun \
--name "transmission" \
-p 9091:9091 \
--mount type=bind,src=/volume1/docker,dst=/docker \
--mount type=bind,src=/volume1/data,dst=/data \
-e PUID="*** your Synology docker user's UID ***" \
-e PGID="*** your Synology docker user's GID ***" \
-e OPENVPN_USERNAME="*** your VPN username ***" \
-e OPENVPN_PASSWORD="*** your VPN password ***" \
-e OPENVPN_PROVIDER="*** your VPN provider ***" \
-e OPENVPN_CONFIG="*** your VPN config ***" \
-e LOCAL_NETWORK="*** your local network subnet ***" \
-e TZ="*** your time zone ***" \
-e PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" \
-e GLOBAL_APPLY_PERMISSIONS="true" \
-e TRANSMISSION_HOME="/docker/transmission-home" \
-e TRANSMISSION_RPC_PORT="9091" \
-e TRANSMISSION_DOWNLOAD_DIR="/data/downloads/completed" \
-e TRANSMISSION_INCOMPLETE_DIR="/data/downloads/incomplete" \
-e TRANSMISSION_WATCH_DIR="/docker/transmission-home/watch" \
-e CREATE_TUN_DEVICE="true" \
-e DROP_DEFAULT_ROUTE="" \
-e WEBPROXY_ENABLED="false" \
-e WEBPROXY_PORT="8888" \
-e WEBPROXY_USERNAME="" \
-e WEBPROXY_PASSWORD="" \
-e LOG_TO_STDOUT="false" \
-e HEALTH_CHECK_HOST="google.com" \
-e REVISION="c9200cba1d5599622395f0819a9d0b862eaf3741" \
haugene/transmission-openvpn
pchristod commented 3 years ago

@esimonds Sounds great, really happy you got it working :smile:

I think in your case it was 1) but it doesn't matter anyways as long as you have a persistent device. I cannot remember if I ever tried to uninstall the VPN Server application but I think I did, which resulted in losing the TUN Device. So I simply kept it active and running. Might need to try that again at some point

One thing I saw: I don't believe the Task Scheduler is even necessary. Your container is set to restart always so it should come up automatically anyways after a reboot. You would only need the run command again if you removed and re-created the container. You can try that if you want to see if I'm really right.

Additionally I would also like to give you the tip to look for another Docker Container "Portainer". Setup is pretty simple and straightforward. It's an easy way to manage Docker via GUI, without the limited Synology Docker GUI. Amongst managing Logs etc. you can easily update Container to new images and re-creating them with one step.

camsouthall commented 3 years ago

I had the same error on my Synology. I managed to make the container to work by simply creating the TUN device on the host/synology first. After that the error was gone and I was able to run the container on the Docker app on the synology:

This is to execute on your synology:

#!/bin/sh

# Create the necessary file structure for /dev/net/tun
if ( [ ! -c /dev/net/tun ] ); then
  if ( [ ! -d /dev/net ] ); then
    mkdir -m 755 /dev/net
  fi
  mknod /dev/net/tun c 10 200
  chmod 0755 /dev/net/tun
fi

# Load the tun module if not already loaded
if ( !(lsmod | grep -q "^tun\s") ); then
  insmod /lib/modules/tun.ko
fi

Thanks!

This worked for me

Adelscott commented 3 years ago

I had the same error on my Synology. I managed to make the container to work by simply creating the TUN device on the host/synology first. After that the error was gone and I was able to run the container on the Docker app on the synology: This is to execute on your synology:

#!/bin/sh

# Create the necessary file structure for /dev/net/tun
if ( [ ! -c /dev/net/tun ] ); then
  if ( [ ! -d /dev/net ] ); then
    mkdir -m 755 /dev/net
  fi
  mknod /dev/net/tun c 10 200
  chmod 0755 /dev/net/tun
fi

# Load the tun module if not already loaded
if ( !(lsmod | grep -q "^tun\s") ); then
  insmod /lib/modules/tun.ko
fi

Thanks!

This worked for me

It worked for me too! I put it in "boot-up" triggered task. How do you ensure that the container starts after the task ?

antrax95 commented 3 years ago

Hello All,

I've tried your solution but the container still doesn't boot.

I'm on synology DSM 6.2.4-25556

here is the output log:

2021-07-28 15:31:36 net_route_v6_best_gw query: dst :: 2021-07-28 15:31:36 net_route_v6_best_gw result: via :: dev lo 2021-07-28 15:31:36 ROUTE6_GATEWAY :: ON_LINK IFACE=lo 2021-07-28 15:31:36 TUN/TAP device tun0 opened 2021-07-28 15:31:36 /sbin/ip link set dev tun0 up mtu 1500 2021-07-28 15:31:36 /sbin/ip link set dev tun0 up 2021-07-28 15:31:36 /sbin/ip addr add dev tun0 100.120.41.244/24 2021-07-28 15:31:36 /sbin/ip link set dev tun0 up mtu 1500 2021-07-28 15:31:36 /sbin/ip link set dev tun0 up 2021-07-28 15:31:36 /sbin/ip -6 addr add 2001:db8:123::2/64 dev tun0 RTNETLINK answers: Permission denied 2021-07-28 15:31:36 Linux ip -6 addr add failed: external program exited with error status: 2 2021-07-28 15:31:36 Exiting due to fatal error

wildoracle commented 3 years ago

This was working just fine for me for a couple weeks solid, and then suddenly today it keeps stopping in docker. I don't know if it's the same issue, but here's the logs (from the container, not docker) `

2021-10-27 21:04:26 stdout Use --help for more information.
2021-10-27 21:04:26 stdout Options error: In [CMD-LINE]:1: Error opening configuration file: /etc/openvpn/nordvpn/default.ovpn
2021-10-27 21:04:26 stdout Setting OpenVPN credentials...
2021-10-27 21:04:26 stdout Modification: Remap SIGUSR1 signal to SIGTERM, avoid OpenVPN restart loop
2021-10-27 21:04:26 stdout Modification: Set output verbosity to 3
2021-10-27 21:04:26 stdout Modification: Change tls-crypt keyfile path
2021-10-27 21:04:26 stdout Modification: Update/set resolv-retry to 15 seconds
2021-10-27 21:04:26 stdout Modification: Change ping options
2021-10-27 21:04:26 stdout Modification: Change ca certificate path
2021-10-27 21:04:26 stdout Modification: Point auth-user-pass option to the username/password file
2021-10-27 21:04:26 stdout Modifying /etc/openvpn/nordvpn/default.ovpn for best behaviour in this container
2021-10-27 21:04:26 stdout Starting OpenVPN using config default.ovpn
2021-10-27 21:04:26 stdout 2021-10-27 21:04:25 Downloading from: https://downloads.nordcdn.com/configs/files/ovpn_udp/servers/us8257.nordvpn.com.udp.ovpn
2021-10-27 21:04:26 stdout 2021-10-27 21:04:25 Downloading config: default.ovpn
2021-10-27 21:04:26 stdout 2021-10-27 21:04:25 Best server : us8257.nordvpn.com
2021-10-27 21:04:26 stdout 2021-10-27 21:04:25 Searching for technology: openvpn_udp
2021-10-27 21:04:26 stdout 2021-10-27 21:04:25 Searching for group: legacy_p2p
2021-10-27 21:04:25 stdout 2021-10-27 21:04:25 Selecting the best server...
2021-10-27 21:04:25 stdout 2021-10-27 21:04:25 Removing existing configs
2021-10-27 21:04:25 stdout 2021-10-27 21:04:25 Checking curl installation
2021-10-27 21:04:25 stdout Executing setup script for NORDVPN
2021-10-27 21:04:25 stdout Provider NORDVPN has a bundled setup script. Defaulting to internal config
2021-10-27 21:04:25 stdout Running with VPN_CONFIG_SOURCE auto
2021-10-27 21:04:25 stdout Using OpenVPN provider: NORDVPN
2021-10-27 21:04:25 stdout mknod: /dev/net/tun: File exists
2021-10-27 21:04:25 stdout Creating TUN device /dev/net/tun
2021-10-27 21:04:25 stdout Starting container with revision: 6922dd6b112d63e099b98165d7cadeaf411b7800

`

pkishino commented 3 years ago

Yeah, Have you updated your nas in the mean time? Look at the last row in the time stamp order.. can’t open the ovpn config file… Probably permission problem

On Thu, Oct 28, 2021 at 6:10 Andrew Hoeveler @.***> wrote:

This was working just fine for me for a couple weeks solid, and then suddenly today it keeps stopping in docker. I don't know if it's the same issue, but here's the logs (from the container, not docker) ` 2021-10-27 21:04:26 stdout Use --help for more information. 2021-10-27 21:04:26 stdout Options error: In [CMD-LINE]:1: Error opening configuration file: /etc/openvpn/nordvpn/default.ovpn 2021-10-27 21:04:26 stdout Setting OpenVPN credentials... 2021-10-27 21:04:26 stdout Modification: Remap SIGUSR1 signal to SIGTERM, avoid OpenVPN restart loop 2021-10-27 21:04:26 stdout Modification: Set output verbosity to 3 2021-10-27 21:04:26 stdout Modification: Change tls-crypt keyfile path 2021-10-27 21:04:26 stdout Modification: Update/set resolv-retry to 15 seconds 2021-10-27 21:04:26 stdout Modification: Change ping options 2021-10-27 21:04:26 stdout Modification: Change ca certificate path 2021-10-27 21:04:26 stdout Modification: Point auth-user-pass option to the username/password file 2021-10-27 21:04:26 stdout Modifying /etc/openvpn/nordvpn/default.ovpn for best behaviour in this container 2021-10-27 21:04:26 stdout Starting OpenVPN using config default.ovpn 2021-10-27 21:04:26 stdout 2021-10-27 21:04:25 Downloading from: https://downloads.nordcdn.com/configs/files/ovpn_udp/servers/us8257.nordvpn.com.udp.ovpn 2021-10-27 21:04:26 stdout 2021-10-27 21:04:25 Downloading config: default.ovpn 2021-10-27 21:04:26 stdout 2021-10-27 21:04:25 Best server : us8257.nordvpn.com 2021-10-27 21:04:26 stdout 2021-10-27 21:04:25 Searching for technology: openvpn_udp 2021-10-27 21:04:26 stdout 2021-10-27 21:04:25 Searching for group: legacy_p2p 2021-10-27 21:04:25 stdout 2021-10-27 21:04:25 Selecting the best server... 2021-10-27 21:04:25 stdout 2021-10-27 21:04:25 Removing existing configs 2021-10-27 21:04:25 stdout 2021-10-27 21:04:25 Checking curl installation 2021-10-27 21:04:25 stdout Executing setup script for NORDVPN 2021-10-27 21:04:25 stdout Provider NORDVPN has a bundled setup script. Defaulting to internal config 2021-10-27 21:04:25 stdout Running with VPN_CONFIG_SOURCE auto 2021-10-27 21:04:25 stdout Using OpenVPN provider: NORDVPN 2021-10-27 21:04:25 stdout mknod: /dev/net/tun: File exists 2021-10-27 21:04:25 stdout Creating TUN device /dev/net/tun 2021-10-27 21:04:25 stdout Starting container with revision: 6922dd6b112d63e099b98165d7cadeaf411b7800

`

— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub https://github.com/haugene/docker-transmission-openvpn/issues/1542#issuecomment-953314747, or unsubscribe https://github.com/notifications/unsubscribe-auth/AA7OFYVXUASDJAMFXFG5KMTUJBTFTANCNFSM4T6ROK3Q . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

wildoracle commented 3 years ago

I've not updated anything manually but I cannot speak to auto-updates... what is the "pension" problem?

pkishino commented 3 years ago

Permission problem lol.. can you check inside the container what permissions are set on the default.ovpn file please?

wildoracle commented 3 years ago

Sorry, I don't know how to do anything "inside" the container if the container won't run?

pkishino commented 3 years ago

I don't see the container crashing in the logs, so it should be up and running. If you are using portainer you can simple check the console and view the system inside.. otherwise you can exec into the container from terminal. https://docs.docker.com/engine/reference/commandline/exec/ would be useful to see the permissions in the /etc/openvpn/nordvpn folder (using ls -haltr)

wildoracle commented 3 years ago

Screen Shot 2021-10-28 at 9 58 56 AM I'm not sure what's going on then, because when I start the container, Synology stops it and gives the above error. Here are the logs that error says to look at: ` haugene-transmission-openvpn date stream content 2021-10-28 16:54:40 stdout Use --help for more information. 2021-10-28 16:54:40 stdout Options error: In [CMD-LINE]:1: Error opening configuration file: /etc/openvpn/nordvpn/default.ovpn 2021-10-28 16:54:40 stdout Setting OpenVPN credentials... 2021-10-28 16:54:40 stdout Modification: Remap SIGUSR1 signal to SIGTERM, avoid OpenVPN restart loop 2021-10-28 16:54:40 stdout Modification: Set output verbosity to 3 2021-10-28 16:54:40 stdout Modification: Change tls-crypt keyfile path 2021-10-28 16:54:40 stdout Modification: Update/set resolv-retry to 15 seconds 2021-10-28 16:54:40 stdout Modification: Change ping options 2021-10-28 16:54:40 stdout Modification: Change ca certificate path 2021-10-28 16:54:40 stdout Modification: Point auth-user-pass option to the username/password file 2021-10-28 16:54:40 stdout Modifying /etc/openvpn/nordvpn/default.ovpn for best behaviour in this container 2021-10-28 16:54:40 stdout Starting OpenVPN using config default.ovpn 2021-10-28 16:54:40 stdout 2021-10-28 16:54:39 Downloading from: https://downloads.nordcdn.com/configs/files/ovpn_udp/servers/us8930.nordvpn.com.udp.ovpn 2021-10-28 16:54:40 stdout 2021-10-28 16:54:39 Downloading config: default.ovpn 2021-10-28 16:54:40 stdout 2021-10-28 16:54:39 Best server : us8930.nordvpn.com 2021-10-28 16:54:40 stdout 2021-10-28 16:54:39 Searching for technology: openvpn_udp 2021-10-28 16:54:40 stdout 2021-10-28 16:54:39 Searching for group: legacy_p2p 2021-10-28 16:54:39 stdout 2021-10-28 16:54:39 Selecting the best server... 2021-10-28 16:54:39 stdout 2021-10-28 16:54:39 Removing existing configs 2021-10-28 16:54:39 stdout 2021-10-28 16:54:39 Checking curl installation 2021-10-28 16:54:39 stdout Executing setup script for NORDVPN 2021-10-28 16:54:39 stdout Provider NORDVPN has a bundled setup script. Defaulting to internal config 2021-10-28 16:54:39 stdout Running with VPN_CONFIG_SOURCE auto 2021-10-28 16:54:39 stdout Using OpenVPN provider: NORDVPN 2021-10-28 16:54:39 stdout mknod: /dev/net/tun: File exists 2021-10-28 16:54:39 stdout Creating TUN device /dev/net/tun 2021-10-28 16:54:39 stdout Starting container with revision: 6922dd6b112d63e099b98165d7cadeaf411b7800 2021-10-28 16:53:09 stdout Use --help for more information. 2021-10-28 16:53:09 stdout Options error: In [CMD-LINE]:1: Error opening configuration file: /etc/openvpn/nordvpn/default.ovpn 2021-10-28 16:53:09 stdout Setting OpenVPN credentials... 2021-10-28 16:53:09 stdout Modification: Remap SIGUSR1 signal to SIGTERM, avoid OpenVPN restart loop 2021-10-28 16:53:09 stdout Modification: Set output verbosity to 3 2021-10-28 16:53:09 stdout Modification: Change tls-crypt keyfile path 2021-10-28 16:53:09 stdout Modification: Update/set resolv-retry to 15 seconds 2021-10-28 16:53:09 stdout Modification: Change ping options 2021-10-28 16:53:09 stdout Modification: Change ca certificate path 2021-10-28 16:53:09 stdout Modification: Point auth-user-pass option to the username/password file 2021-10-28 16:53:09 stdout Modifying /etc/openvpn/nordvpn/default.ovpn for best behaviour in this container 2021-10-28 16:53:09 stdout Starting OpenVPN using config default.ovpn 2021-10-28 16:53:09 stdout 2021-10-28 16:53:08 Downloading from: https://downloads.nordcdn.com/configs/files/ovpn_udp/servers/us8930.nordvpn.com.udp.ovpn 2021-10-28 16:53:09 stdout 2021-10-28 16:53:08 Downloading config: default.ovpn 2021-10-28 16:53:09 stdout 2021-10-28 16:53:08 Best server : us8930.nordvpn.com 2021-10-28 16:53:08 stdout 2021-10-28 16:53:08 Searching for technology: openvpn_udp 2021-10-28 16:53:08 stdout 2021-10-28 16:53:08 Searching for group: legacy_p2p 2021-10-28 16:53:08 stdout 2021-10-28 16:53:08 Selecting the best server... 2021-10-28 16:53:08 stdout 2021-10-28 16:53:08 Removing existing configs 2021-10-28 16:53:08 stdout 2021-10-28 16:53:08 Checking curl installation 2021-10-28 16:53:08 stdout Executing setup script for NORDVPN 2021-10-28 16:53:08 stdout Provider NORDVPN has a bundled setup script. Defaulting to internal config 2021-10-28 16:53:08 stdout Running with VPN_CONFIG_SOURCE auto 2021-10-28 16:53:08 stdout Using OpenVPN provider: NORDVPN 2021-10-28 16:53:08 stdout mknod: /dev/net/tun: File exists 2021-10-28 16:53:08 stdout Creating TUN device /dev/net/tun 2021-10-28 16:53:07 stdout Starting container with revision: 6922dd6b112d63e099b98165d7cadeaf411b7800

`

wildoracle commented 3 years ago

I'm wondering if the settings in the run-transmission-docker.sh I used from above are not set correctly for my install? For example, I have no /volume1/data/ directory, so I created a new shared folder /volume1/docker-data/ and made that change below. BUT the other entries, such as -e TRANSMISSION_HOME="/docker/transmission-home" \ don't make sense to me because in my file structure "/transmission-home" lives inside of "/volume1/Downloads" Same thing with -e TRANSMISSION_WATCH_DIR="/docker/transmission-home/watch" \ - why would that not actually be alongside the other transmission folders such as "/data/downloads/incomplete"?

It seems like this .sh script that was posted above was edited quite a bit beyond the defaults of this project. Could someone please post a corrected one that adheres to the default installation?

#!/bin/bash docker run -d --restart=always \ --cap-add=NET_ADMIN \ --device=/dev/net/tun \ --name "transmission" \ -p 9091:9091 \ --mount type=bind,src=/volume1/docker,dst=/docker \ --mount type=bind,src=/volume1/docker-data,dst=/data \ -e PUID="1027" \ -e PGID="100" \ -e OPENVPN_USERNAME="REDACTED" \ -e OPENVPN_PASSWORD="REDACTED" \ -e OPENVPN_PROVIDER="NORDVPN" \ -e OPENVPN_CONFIG="US" \ -e LOCAL_NETWORK="REDACTED" \ -e TZ="America/Los_Angeles" \ -e PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" \ -e GLOBAL_APPLY_PERMISSIONS="true" \ -e TRANSMISSION_HOME="/docker/transmission-home" \ -e TRANSMISSION_RPC_PORT="9091" \ -e TRANSMISSION_DOWNLOAD_DIR="/data/downloads/completed" \ -e TRANSMISSION_INCOMPLETE_DIR="/data/downloads/incomplete" \ -e TRANSMISSION_WATCH_DIR="/docker/transmission-home/watch" \ -e CREATE_TUN_DEVICE="true" \ -e DROP_DEFAULT_ROUTE="" \ -e WEBPROXY_ENABLED="false" \ -e WEBPROXY_PORT="8888" \ -e WEBPROXY_USERNAME="" \ -e WEBPROXY_PASSWORD="" \ -e LOG_TO_STDOUT="false" \ -e HEALTH_CHECK_HOST="google.com" \ -e REVISION="c9200cba1d5599622395f0819a9d0b862eaf3741" \ haugene/transmission-openvpn

pkishino commented 3 years ago

Are you using synologies docker app?? If so, stop. Try using portainer. I believe the synology app doesn’t work well.

On Fri, Oct 29, 2021 at 3:45 Andrew Hoeveler @.***> wrote:

I'm wondering if the settings in the run-transmission-docker.sh I used from above are not set correctly for my install? For example, I have no /volume1/data/ directory, so I created a new shared folder /volume1/docker-data/ and made that change below. BUT the other entries, such as -e TRANSMISSION_HOME="/docker/transmission-home" \ don't make sense to me because in my file structure "/transmission-home" lives inside of "/volume1/Downloads" Same thing with -e TRANSMISSION_WATCH_DIR="/docker/transmission-home/watch" \ - why would that not actually be alongside the other transmission folders such as "/data/downloads/incomplete"?

It seems like this .sh script that was posted above was edited quite a bit beyond the defaults of this project. Could someone please post a corrected one that adheres to the default installation?

!/bin/bash docker run -d --restart=always \ --cap-add=NET_ADMIN \

--device=/dev/net/tun \ --name "transmission" \ -p 9091:9091 \ --mount type=bind,src=/volume1/docker,dst=/docker \ --mount type=bind,src=/volume1/docker-data,dst=/data \ -e PUID="1027" \ -e PGID="100" \ -e OPENVPN_USERNAME="REDACTED" \ -e OPENVPN_PASSWORD="REDACTED" \ -e OPENVPN_PROVIDER="NORDVPN" \ -e OPENVPN_CONFIG="US" \ -e LOCAL_NETWORK="REDACTED" \ -e TZ="America/Los_Angeles" \ -e PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" \ -e GLOBAL_APPLY_PERMISSIONS="true" \ -e TRANSMISSION_HOME="/docker/transmission-home" \ -e TRANSMISSION_RPC_PORT="9091" \ -e TRANSMISSION_DOWNLOAD_DIR="/data/downloads/completed" \ -e TRANSMISSION_INCOMPLETE_DIR="/data/downloads/incomplete" \ -e TRANSMISSION_WATCH_DIR="/docker/transmission-home/watch" \ -e CREATE_TUN_DEVICE="true" \ -e DROP_DEFAULT_ROUTE="" \ -e WEBPROXY_ENABLED="false" \ -e WEBPROXY_PORT="8888" \ -e WEBPROXY_USERNAME="" \ -e WEBPROXY_PASSWORD="" \ -e LOG_TO_STDOUT="false" \ -e HEALTH_CHECK_HOST="google.com" \ -e REVISION="c9200cba1d5599622395f0819a9d0b862eaf3741" \ haugene/transmission-openvpn

— You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub https://github.com/haugene/docker-transmission-openvpn/issues/1542#issuecomment-954106842, or unsubscribe https://github.com/notifications/unsubscribe-auth/AA7OFYTDUDD36X5FAWORC6LUJGK4LANCNFSM4T6ROK3Q . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

pkishino commented 3 years ago

Also, keep it simple and stick with the defaults until it works. The default compose should be fine, just edit the /data mount to whatever you use locally

wildoracle commented 3 years ago

Thanks! I was digging around other open and closed issues here and found that DSM 7 has a problem with the Synology Docker app like you mentioned. The temporary fix is to flip the "Execute container using high privilege" switch, click "apply", click "edit" again, flip the switch again and repeat until the switch is on and the container doesn't stop itself from running. Screen Shot 2021-10-29 at 8 49 04 AM

tessierp commented 2 years ago

Any solution to this if I am using docker swarm? Device is not supported when deploying in a swarm..

einreb commented 2 years ago

Was also having this problem, turns out my TUN.sh had windows file endings when I tried the following it worked for me

"The problem is that your file is using DOS (Windows) file endings (cr/lf). By changing it over to UNIX file endings (only lf) it should not work.

You can do this in VIM with “:set ff=unix”. Or in Notepad++ by clicking on the “Windows (CR + LF)” text in the bottom right and setting it to “Unix (LF)” - Onmar

sjc07023 commented 2 years ago

Hi.Successful because I set up vpn on the network and restarted it several times.

SokolovskiR commented 2 years ago

Thanks! I was digging around other open and closed issues here and found that DSM 7 has a problem with the Synology Docker app like you mentioned. The temporary fix is to flip the "Execute container using high privilege" switch, click "apply", click "edit" again, flip the switch again and repeat until the switch is on and the container doesn't stop itself from running. Screen Shot 2021-10-29 at 8 49 04 AM

thanks, that worked for me!

owenmurr commented 1 year ago

I found that installing the VPN Server application and then checking enabling OpenVPN allowed me to run my OpenVPN server via docker-compose.

Just to add my 2 pence to this thread.

wolk5 commented 1 year ago

I managed to install it on Synology dsm using this setup. It is an updated version of what has been posted above. Main change is the mounting of volumes.

docker run -d --restart=always \
--cap-add=NET_ADMIN \
--device=/dev/net/tun \
--name "transmission" \
-v /volume1/docker/transmission/data/:/data \
-v /volume1/docker/transmission/config/:/config \
-p 9091:9091 \
-e PUID="YOUR dockers users UID" \
-e PGID="YOUR dockers users GID" \
-e OPENVPN_USERNAME="YOUR USERNAME" \
-e OPENVPN_PASSWORD="YOUR PASSWORD" \
-e OPENVPN_PROVIDER="YOURPROVIDER" \
-e OPENVPN_CONFIG="dummy" \ # will give you a list of available profiles in the log
-e LOCAL_NETWORK="192.168.1.0/24" \
-e TZ="YOUR TIMEZONE" \
-e PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" \
-e GLOBAL_APPLY_PERMISSIONS="true" \
-e CREATE_TUN_DEVICE="true" \
-e DROP_DEFAULT_ROUTE="" \
-e WEBPROXY_ENABLED="false" \
-e WEBPROXY_PORT="8888" \
-e WEBPROXY_USERNAME="" \
-e WEBPROXY_PASSWORD="" \
-e LOG_TO_STDOUT="false" \
-e HEALTH_CHECK_HOST="google.com" \
-e REVISION="c9200cba1d5599622395f0819a9d0b862eaf3741" \
haugene/transmission-openvpn`
seehma commented 4 months ago

Iam not sure what exactly was the last step which lead me to a working config, i tried a lot of things. The last thing i had to do was to update my docker-compose config file and add this device command/line. I also entered the script above into /usr/local/etc/rc.d/tun.sh and gave it the proper rights to execute.

version: '3.8'

services:
  netbird:
    image: netbirdio/netbird:latest
    container_name: netbird-name
    hostname: netbird-name
    cap_add:
      - NET_ADMIN
      - SYS_ADMIN
      - SYS_RESOURCE
    devices:
      - /dev/net/tun
    environment:
      - NB_SETUP_KEY=<setup-key>
    volumes:
      - /volume1/docker/netbird-client:/etc/netbird
    restart: always

Maybe this helps somebody reading this thread...