Running inside a customised ubuntu 20.04 container has access issues

[Kayrah87]

Running into authorisation issues inside my test machine docker container with this:

=========== end configuration ===========
running command: sudo openvpn --config /home/ploi/RSS_TestRunner_RSS.ovpn --daemon --log openvpn.log --writepid openvpn.pid
Tue Feb 28 15:09:37 2023 DEPRECATED OPTION: --max-routes option ignored.The number of routes is unlimited as of OpenVPN 2.4. This option will be removed in a future version, please remove it from your configuration.

Tue Feb 28 15:09:37 2023 OpenVPN 2.4.7 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 22 2022
Tue Feb 28 15:09:37 2023 library versions: OpenSSL 1.1.1f  31 Mar 2020, LZO 2.10
Tue Feb 28 15:09:37 2023 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Feb 28 15:09:37 2023 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Feb 28 15:09:37 2023 TCP/UDP: Preserving recently used remote address: [AF_INET]X.X.X.[227](https://github.com/XXXXX/XXXXX/actions/runs/4294400838/jobs/7483374173#step:7:228):16772
Tue Feb 28 15:09:37 2023 UDP link local: (not bound)
Tue Feb 28 15:09:37 2023 UDP link remote: [AF_INET]X.X.X.X:16772
Tue Feb 28 15:09:38 2023 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Tue Feb 28 15:09:38 2023 VERIFY OK: depth=1, O=60dee2741cde6d4eb501e983, CN=60dee2741cde6d4eb501e990
Tue Feb 28 15:09:38 2023 VERIFY KU OK
Tue Feb 28 15:09:38 2023 Validating certificate extended key usage
Tue Feb 28 15:09:38 2023 NOTE: --mute triggered...
Tue Feb 28 15:09:38 2023 4 variation(s) on previous 3 message(s) suppressed by --mute
Tue Feb 28 15:09:38 2023 [60dee2791cde6d4eb501e995] Peer Connection Initiated with [AF_INET]X.X.X.X:16772
Tue Feb 28 15:09:45 2023 Data Channel: using negotiated cipher 'AES-128-GCM'
Tue Feb 28 15:09:45 2023 Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Tue Feb 28 15:09:45 2023 Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Tue Feb 28 15:09:45 2023 ERROR: Cannot open TUN/TAP dev /dev/net/tun: No such file or directory (errno=2)
Tue Feb 28 15:09:45 2023 Exiting due to fatal error
Error: VPN connection failed.

I have tried adding in the /dev/net/tun as per google-fu, but I then get an access permissions error (errno=1)

[kota65535]

@Kayrah87 This action simply runs sudo openvpn --config /home/ploi/RSS_TestRunner_RSS.ovpn --daemon --log openvpn.log --writepid openvpn.pid as this log says. Could you run this command manually inside your customized container?

[Kayrah87]

Ah, I see. Yes, the openvpn.log shows the same

Tue Feb 28 15:31:13 2023 Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Tue Feb 28 15:31:13 2023 Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
Tue Feb 28 15:31:13 2023 ERROR: Cannot open TUN/TAP dev /dev/net/tun: No such file or directory (errno=2)
Tue Feb 28 15:31:13 2023 Exiting due to fatal error

[Kayrah87]

Also, when I create the dev/net/tun node, I then get this error:

Tue Feb 28 15:34:03 2023 ERROR: Cannot open TUN/TAP dev /dev/net/tun: Operation not permitted (errno=1)
Tue Feb 28 15:34:03 2023 Exiting due to fatal error

[Kayrah87]

Resolved. It was my bad. Had to run the container with the --privileged flag for it to have permissions to write the tun node