Bug #27548
Can't dynamically create tun* devices in iocage jails
Description
Setting up a new VNET iocage
jail, installing and configuring OpenVPN (as a client) and trying to start the service results in the following error in /var/log/messages
:
Jan 2 22:44:24 test openvpn[61265]: Cannot allocate TUN/TAP dev dynamically
Jan 2 22:44:24 test openvpn[61265]: Exiting due to fatal error
This has also been discussed over at the FreeNAS Forums.
The proposed solution (adding a devfs
rule and "statically" creating the interface on the host) seems to hacky to me and definitly isn't required for Warden-based jails.
I have an old Warden-based jail - with no special configuration whatsoever - and OpenVPN just works.
Related issues
History
#1
Updated by Dru Lavigne about 3 years ago
- Assignee changed from Release Council to Brandon Schneider
- Target version set to 11.3
#2
Updated by Brandon Schneider about 3 years ago
- Status changed from Unscreened to Closed: Behaves correctly
As noted in that forum post: devfs rule -s 4 add path 'tun*' unhide in pre-init is the correct solution. iocage is by default secure and limits the devices that a user can create inside the jail.
#3
Updated by Dru Lavigne about 3 years ago
- Target version changed from 11.3 to N/A
#4
Updated by Dru Lavigne over 2 years ago
- Related to Bug #40872: Add ability to allocate TUN devices dynamically in iocage added
#5
Updated by Steve Levey over 2 years ago
Is there any chance this broke in 11.2 Beta 3?
devfs rule -s 4 add path 'tun*' unhide in pre-init worked in Beta 2, but I am now getting this error again.
#6
Updated by Coyt Barringer over 2 years ago
I agree with Steve. I'm working through this problem right now and adding that devfs rule is not doing anything. OpenVPN still throws same error on 11.2-BETA3. No clue how to fix it though.
#7
Updated by Steve Levey over 2 years ago
Confirmed.. went back to Beta 2. OpenVPN came up just fine
On Beta 2
freenas# devfs rule -s 4 show
100 include 1
200 include 2
300 include 3
400 path zfs unhide
500 path tun* unhide
600 path bpf* unhide
On Beta 3
freenas# devfs rule -s 4 show
100 include 1
200 include 2
300 include 3
400 path zfs unhide
#8
Updated by Steve Levey over 2 years ago
Nevermind... It looks like it has already been reported