Project

General

Profile

Bug #27548

Can't dynamically create tun* devices in iocage jails

Added by Daniel Kempkens over 2 years ago. Updated almost 2 years ago.

Status:
Closed: Behaves correctly
Priority:
No priority
Assignee:
Brandon Schneider
Category:
Middleware
Target version:
Seen in:
Severity:
New
Reason for Closing:
Reason for Blocked:
Needs QA:
Yes
Needs Doc:
Yes
Needs Merging:
Yes
Needs Automation:
No
Support Suite Ticket:
n/a
Hardware Configuration:
ChangeLog Required:
No

Description

Setting up a new VNET iocage jail, installing and configuring OpenVPN (as a client) and trying to start the service results in the following error in /var/log/messages:

Jan  2 22:44:24 test openvpn[61265]: Cannot allocate TUN/TAP dev dynamically
Jan  2 22:44:24 test openvpn[61265]: Exiting due to fatal error

This has also been discussed over at the FreeNAS Forums.

The proposed solution (adding a devfs rule and "statically" creating the interface on the host) seems to hacky to me and definitly isn't required for Warden-based jails.
I have an old Warden-based jail - with no special configuration whatsoever - and OpenVPN just works.


Related issues

Related to FreeNAS - Bug #40872: Add ability to allocate TUN devices dynamically in iocageDone

History

#1 Updated by Dru Lavigne over 2 years ago

  • Assignee changed from Release Council to Brandon Schneider
  • Target version set to 11.3

#2 Updated by Brandon Schneider over 2 years ago

  • Status changed from Unscreened to Closed: Behaves correctly

As noted in that forum post: devfs rule -s 4 add path 'tun*' unhide in pre-init is the correct solution. iocage is by default secure and limits the devices that a user can create inside the jail.

#3 Updated by Dru Lavigne over 2 years ago

  • Target version changed from 11.3 to N/A

#4 Updated by Dru Lavigne almost 2 years ago

  • Related to Bug #40872: Add ability to allocate TUN devices dynamically in iocage added

#5 Updated by Steve Levey almost 2 years ago

Is there any chance this broke in 11.2 Beta 3?

devfs rule -s 4 add path 'tun*' unhide in pre-init worked in Beta 2, but I am now getting this error again.

#6 Updated by Coyt Barringer almost 2 years ago

I agree with Steve. I'm working through this problem right now and adding that devfs rule is not doing anything. OpenVPN still throws same error on 11.2-BETA3. No clue how to fix it though.

#7 Updated by Steve Levey almost 2 years ago

Confirmed.. went back to Beta 2. OpenVPN came up just fine

On Beta 2
freenas# devfs rule -s 4 show
100 include 1
200 include 2
300 include 3
400 path zfs unhide
500 path tun* unhide
600 path bpf* unhide

On Beta 3
freenas# devfs rule -s 4 show
100 include 1
200 include 2
300 include 3
400 path zfs unhide

#8 Updated by Steve Levey almost 2 years ago

Nevermind... It looks like it has already been reported

https://redmine.ixsystems.com/issues/45919

Also available in: Atom PDF