Fatal Error since containerd.io update

[Fleggy]

I am running kylemanna\openvpn in OpenMediaVault 7. Recently there was an update to containerd.io and since then I am getting the following error message and I cannot start my container

Running 'openvpn --config /etc/openvpn/openvpn.conf --client-config-dir /etc/openvpn/ccd --crl-verify /etc/openvpn/crl.pem '
Tue Dec 10 02:57:00 2024 OpenVPN 2.4.9 x86_64-alpine-linux-musl [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD] built on Apr 20 2020
Tue Dec 10 02:57:00 2024 library versions: OpenSSL 1.1.1g 21 Apr 2020, LZO 2.10
Tue Dec 10 02:57:00 2024 Diffie-Hellman initialized with 2048 bit key
Tue Dec 10 02:57:00 2024 CRL: loaded 1 CRLs from file /etc/openvpn/crl.pem
Tue Dec 10 02:57:00 2024 Outgoing Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Dec 10 02:57:00 2024 Incoming Control Channel Authentication: Using 160 bit message hash 'SHA1' for HMAC authentication
Tue Dec 10 02:57:00 2024 ROUTE_GATEWAY 172.17.0.1/255.255.0.0 IFACE=eth0 HWADDR=02:42:ac:11:00:02
Tue Dec 10 02:57:00 2024 ERROR: Cannot open TUN/TAP dev /dev/net/tun: Operation not permitted (errno=1)
Tue Dec 10 02:57:00 2024 Exiting due to fatal error

[Fleggy]

Apparently you can fix it by adding /dev/net/tun to the compose file but as I built this without a compose file, I am lost on how to fix it

[netzknecht]

--device=/dev/net/tun:/dev/net/tun should work to allow the device to run inside the container with docker run command.

[Fleggy]

--device=/dev/net/tun:/dev/net/tun should work to allow the device to run inside the container with docker run command.

I tried docker run --device=/dev/net/tun:/dev/net/tun but I get an error saying docker run requires at least 1 argument

[rotrico]

Maybe it can help somebody: I had same issue in a plesk server running Ubuntu Server 22.04 with this docker (ERROR: Cannot open TUN/TAP dev /dev/net/tun: Operation not permitted (errno=1)
Problem started one week ago with an upgrade of containerd.io package to 1.7.24-1. Using apt I downgraded to 1.7.23-1 and it started to work again.

[netzknecht]

I tried docker run --device=/dev/net/tun:/dev/net/tun but I get an error saying docker run requires at least 1 argument

This is not surprising if you run the command without defining an image. The --device parameter is an option(al) parameter for the docker run command. You have to add it to the server process. But I'm not sure how to add additional paramters to the docker run command in OMV - perhaps, it's only possible via docker compose.

[Fleggy]

I tried docker run --device=/dev/net/tun:/dev/net/tun but I get an error saying docker run requires at least 1 argument

This is not surprising if you run the command without defining an image. The --device parameter is an option(al) parameter for the docker run command. You have to add it to the server process. But I'm not sure how to add additional paramters to the docker run command in OMV - perhaps, it's only possible via docker compose.

My OpenVPN is run via command line, not a compose file. So I SSH to the server and run commands via CLI

[viczem]

I fixed this issue using a command where I added the flags --cap-add=MKNOD and --device /dev/net/tun (see more details at https://openvpn.net/as-docs/docker.html). As a result, the following command was used to start the server:
docker run -d -v $OVPN_DATA:/etc/openvpn -p 1194:1194/udp --device /dev/net/tun --cap-add=MKNOD --cap-add=NET_ADMIN kylemanna/openvpn

I also added two options to the client's configuration file to disable compression (Windows 11 OpenVPN 2.6.12)

allow-compression no
disable-dco