search

qdm12 / gluetun-wiki

Home to the Markdown Wiki page for Gluetun
MIT License
330 stars 39 forks source link

Update docker-compose.yml to access /dev/net/tun #88

Open Chillsmeit opened 1 month ago

Chillsmeit commented 1 month ago

URL to the Wiki page

https://github.com/qdm12/gluetun-wiki/blob/main/setup/providers

What's missing?

Update all the VPNs docker-compose.yml with the tun device permission. The default docker-compose.yml files in this wiki are outdated and won't work due to missing permissions. For example for ProtonVPN would be like so:

version: "3"
services:
  gluetun:
    image: qmcgaw/gluetun
    cap_add:
      - NET_ADMIN
    devices:
      - /dev/net/tun:/dev/net/tun
    environment:
      - VPN_SERVICE_PROVIDER=protonvpn
      - OPENVPN_USER=abc
      - OPENVPN_PASSWORD=abc
      - SERVER_COUNTRIES=Netherlands
github-actions[bot] commented 1 month ago

:warning: This is the Gluetun WIKI and any issue unrelated to the issue will be instantly closed as not planned without any explanation.

@qdm12 is more or less the only maintainer and is having a tough time keeping up with the issues of the project, so please:

qdm12 commented 1 month ago

Actually on most systems, Gluetun can create the tun device just fine and there is no need to have

    devices:
      - /dev/net/tun:/dev/net/tun

What error do you get when not having the devices block? 🤔

Chillsmeit commented 1 month ago

I'm on OpenSUSE Tumbleweed and it's known for being a bit more "demanding" with permissions. When I checked the logs on the docker container it said it couldn't create a connection to the TUN device because it lacked permissions. (yes I added docker to my user group) After figuring out the issue when I read the logs and fixing it, later I also noticed that on the gluetun github, their docker-compose.yml also used this parameter:

    devices:
      - /dev/net/tun:/dev/net/tun

If I remove this, this is the log I get btw:

2024-08-04T13:31:44Z INFO [routing] default route found: interface eth0, gateway 172.22.0.1, assigned IP 172.22.0.2 and family v4
2024-08-04T13:31:44Z INFO [routing] adding route for 0.0.0.0/0
2024-08-04T13:31:44Z INFO [firewall] setting allowed subnets...
2024-08-04T13:31:44Z INFO [routing] default route found: interface eth0, gateway 172.22.0.1, assigned IP 172.22.0.2 and family v4
2024-08-04T13:31:44Z INFO TUN device is not available: open /dev/net/tun: no such file or directory; creating it...
2024-08-04T13:31:44Z INFO [routing] routing cleanup...
2024-08-04T13:31:44Z INFO [routing] default route found: interface eth0, gateway 172.22.0.1, assigned IP 172.22.0.2 and family v4
2024-08-04T13:31:44Z INFO [routing] deleting route for 0.0.0.0/0
2024-08-04T13:31:44Z ERROR creating tun device: unix opening TUN device file: operation not permitted
2024-08-04T13:31:44Z INFO Shutdown successful
Chillsmeit commented 1 month ago

Mind you, this is something new. It always worked before in OpenSUSE TW without this entry:

    devices:
      - /dev/net/tun:/dev/net/tun

I think it was the new version of gluetun that made some changes. Or maybe some changes on OpenSUSEs end? I know someone who also uses Tumbleweed and the same happened to him. So this tells me it's not just me