[lxc-users] OpenVPN in Debian Jessie container

Joshua Schaeffer jschaeffer0922 at gmail.com
Sun May 29 17:05:53 UTC 2016 

I'm trying to setup OpenVPN in an unprivileged container. The host and container are both Debian Jessie on LXC version 1.1.5. When I try to start OpenVPN I get:

Sat May 28 20:55:57 2016 us=360137 ERROR: Cannot open TUN/TAP dev /dev/net/tun: No such file or directory (errno=2)

So it makes sense that the container can't create the tun device so I looked around and found suggestions to add an autodev hook:

lxc.cgroup.devices.deny = a
lxc.cgroup.devices.allow = c 10:200 rwm
lxc.hook.autodev = sh -c "modprobe tun; cd ${LXC_ROOTFS_MOUNT}/dev; mkdir net; mknod net/tun c 10 200; chmod 0666 net/tun"

However when I try to start the container I get an error:

lxc-start -n vpn_barracks --logpriority=DEBUG

...
       lxc-start 1464541270.246 INFO     lxc_conf - conf.c:mount_file_entries:2150 - mount points have been setup
       lxc-start 1464541270.247 INFO     lxc_conf - conf.c:run_script_argv:362 - Executing script '/usr/share/lxcfs/lxc.mount.hook' for container 'vpn_barracks', config section 'lxc'
       lxc-start 1464541270.332 INFO     lxc_conf - conf.c:run_script_argv:362 - Executing script 'sh -c "modprobe tun; cd ${LXC_ROOTFS_MOUNT}/dev; mkdir net; mknod net/tun c 10 200; chmod 0666 net/tun"' for container 'vpn_barracks', config section 'lxc'
       lxc-start 1464541270.338 ERROR    lxc_conf - conf.c:run_buffer:342 - Script exited with status 1
       lxc-start 1464541270.338 ERROR    lxc_conf - conf.c:lxc_setup:3947 - failed to run autodev hooks for container 'vpn_barracks'.
       lxc-start 1464541270.338 ERROR    lxc_start - start.c:do_start:717 - failed to setup the container
       lxc-start 1464541270.338 ERROR    lxc_sync - sync.c:__sync_wait:51 - invalid sequence number 1. expected 2
       lxc-start 1464541270.374 ERROR    lxc_start - start.c:__lxc_start:1192 - failed to spawn 'vpn_barracks'
       lxc-start 1464541270.430 WARN     lxc_commands - commands.c:lxc_cmd_rsp_recv:172 - command get_init_pid failed to receive response
       lxc-start 1464541270.431 WARN     lxc_cgmanager - cgmanager.c:cgm_get:994 - do_cgm_get exited with error
       lxc-start 1464541275.436 ERROR    lxc_start_ui - lxc_start.c:main:344 - The container failed to start.
       lxc-start 1464541275.436 ERROR    lxc_start_ui - lxc_start.c:main:346 - To get more details, run the container in foreground mode.
       lxc-start 1464541275.436 ERROR    lxc_start_ui - lxc_start.c:main:348 - Additional information can be obtained by setting the --logfile and --logpriority options.

I'd appreciate any pointers.

Thanks,
Joshua

More information about the lxc-users mailing list