gluetun: Bug: ERROR cannot Unix Open TUN device file: no such device

Is this urgent?

Yes

Host OS

Rasbian + OMV5

CPU arch

RBI4

VPN service provider

NordVPN

What are you using to run the container

docker-compose

What is the version of Gluetun

Running version latest built on 2021-10-29T01:42:30.959Z (commit f398af1)

What’s the problem 🤔

2021/11/01 13:21:49 ERROR cannot Unix Open TUN device file: no such device

Share your logs

========================================

========================================

=============== gluetun ================

========================================

=========== Made with ❤️ by ============

======= https://github.com/qdm12 =======

========================================

========================================


Running version latest built on 2021-10-29T01:42:30.959Z (commit f398af1)


🔧 Need help? https://github.com/qdm12/gluetun/discussions/new

🐛 Bug? https://github.com/qdm12/gluetun/issues/new

✨ New feature? https://github.com/qdm12/gluetun/issues/new

☕ Discussion? https://github.com/qdm12/gluetun/discussions/new

💻 Email? quentin.mcgaw@gmail.com

💰 Help me? https://www.paypal.me/qmcgaw https://github.com/sponsors/qdm12

2021/11/01 13:21:49 INFO storage: creating /gluetun/servers.json with 11225 hardcoded servers

2021/11/01 13:21:49 INFO Alpine version: 3.14.2

2021/11/01 13:21:49 INFO OpenVPN 2.4 version: 2.4.11

2021/11/01 13:21:49 INFO OpenVPN 2.5 version: 2.5.2

2021/11/01 13:21:49 INFO Unbound version: 1.13.2

2021/11/01 13:21:49 INFO IPtables version: v1.8.7

2021/11/01 13:21:49 INFO Settings summary below:

|--VPN:

   |--Type: openvpn

   |--OpenVPN:

      |--Version: 2.5

      |--Verbosity level: 1

      |--Network interface: tun0

   |--Nordvpn settings:

      |--Regions: switzerland

      |--OpenVPN selection:

         |--Protocol: udp

|--DNS:

   |--Plaintext address: 1.1.1.1

   |--DNS over TLS:

      |--Unbound:

          |--DNS over TLS providers:

              |--Cloudflare

          |--Listening port: 53

          |--Access control:

              |--Allowed:

                  |--0.0.0.0/0

                  |--::/0

          |--Caching: enabled

          |--IPv4 resolution: enabled

          |--IPv6 resolution: disabled

          |--Verbosity level: 1/5

          |--Verbosity details level: 0/4

          |--Validation log level: 0/2

          |--Username: 

      |--Blacklist:

         |--Blocked categories: malicious

         |--Additional IP networks blocked: 13

      |--Update: every 24h0m0s
      
|--Firewall:

|--Log:

   |--Level: INFO

|--System:

   |--Process user ID: 1000

   |--Process group ID: 1000

   |--Timezone: NOT SET ⚠️ - it can cause time related issues

|--Health:

   |--Server address: 127.0.0.1:9999

   |--Address to ping: github.com

   |--VPN:

      |--Initial duration: 6s

      |--Addition duration: 5s

|--HTTP control server:

   |--Listening port: 8000

   |--Logging: enabled

|--Public IP getter:

   |--Fetch period: 12h0m0s

   |--IP file: /tmp/gluetun/ip

|--Github version information: enabled

2021/11/01 13:21:49 INFO routing: default route found: interface eth0, gateway 172.24.0.1

2021/11/01 13:21:49 INFO routing: local ethernet link found: eth0

2021/11/01 13:21:49 INFO routing: local ipnet found: 172.24.0.0/16

2021/11/01 13:21:49 INFO routing: default route found: interface eth0, gateway 172.24.0.1

2021/11/01 13:21:49 INFO routing: adding route for 0.0.0.0/0

2021/11/01 13:21:49 INFO firewall: firewall disabled, only updating allowed subnets internal list

2021/11/01 13:21:49 INFO routing: default route found: interface eth0, gateway 172.24.0.1

2021/11/01 13:21:49 INFO TUN device is not available: open /dev/net/tun: no such file or directory; creating it...

2021/11/01 13:21:49 INFO routing cleanup...

2021/11/01 13:21:49 INFO routing: default route found: interface eth0, gateway 172.24.0.1

2021/11/01 13:21:49 INFO routing: deleting route for 0.0.0.0/0

2021/11/01 13:21:49 ERROR cannot Unix Open TUN device file: no such device

2021/11/01 13:21:49 INFO Shutdown successful

Share your configuration

version: "3"
services:
  gluetun:
    image: qmcgaw/gluetun
    cap_add:
      - NET_ADMIN
    environment:
      - VPNSP=nordvpn
      - OPENVPN_USER=xxx
      - OPENVPN_PASSWORD=xxx
      - REGION=Switzerland

About this issue

Original URL
State: closed
Created 3 years ago
Comments: 26 (10 by maintainers)

Most upvoted comments

Awesome thanks @Vendetta1985

I’ll add all the information here in the repo wiki. If any of you stumble on something different please feel free to share your story too.

qdm12 on Feb 14, 2022

You can also try perhaps bind mounting with -v /dev/net/tun:/dev/net/tun if it’s there on your host?

Hello,

Sorry for my late reply and thank you very much for your help 😃

Adding “–device=/dev/net/tun:/dev/net/tun” solved my problem.

But before I also had to share my host’s “tun” resource in my LXC container… Sorry, I forgot to specify that my system was a container under Proxmox 😁

For those who have the case, I added in /etc/pve/lxc/numContainer.conf : lxc.cgroup.devices.allow: c 10:200 rwm lxc.mount.entry: /dev/net dev/net none bind,create=dir 0 0 lxc.mount.entry: /dev/net/tun dev/net/tun none bind,create=file 0 0

Thanks again for your help and your quick and efficient feedback 😎

Vendetta1985 on Feb 14, 2022

I have struggled with a similar issue for a couple of hours. I managed to fix it by running:

sudo chmod 0666 /dev/net/tun

The 0666 permission seems to be the default on some distributions but might not be for others. You can check for yourself what is the default rule on your distribution by running:

grep -nri '"tun"' /etc/udev/rules.d/ /lib/udev/rules.d/ /run/udev/rules.d /var/run/udev/rules.d

As the kernel’s documentation on Universal TUN/TAP device driver states:

There’s no harm in allowing the device to be accessible by non-root users, since CAP_NET_ADMIN is required for creating network devices or for connecting to network devices which aren’t owned by the user in question. If you want to create persistent devices and give ownership of them to unprivileged users, then you need the /dev/net/tun device to be usable by those users.

marcw on Mar 18, 2023

I just had cannot Unix Open TUN device file: no such device

Solution was to restart my server.

BillButter on Aug 19, 2022

Thanks to you all, I compiled this in https://github.com/qdm12/gluetun/wiki/TUN-device-errors

@iceball09 feel free to comment back here with your solution whenever you have the time.

Closing the issue for now, thanks!

qdm12 on Feb 20, 2022

@qdm12 my issue was resolved, but I have to admit I don’t remember what exactly fixed it!

YanisKyr on Feb 16, 2022

So… I’m adding all this to a Wiki page and there seems to be various problems.

`TUN device is not available: open /dev/net/tun: permission denied`

@OkanEsen that’s for you. A few questions/notes

Does it work with --privileged --device /dev/net/tun --security-opt=label=disable?
Does it work with --privileged --device /dev/net/tun2:/dev/net/tun --security-opt=label=disable?
Does it work with --privileged --device /dev/net/tun2?
Does it work with --privileged --device /dev/net/tun2 --security-opt=label=disable and VPN_TYPE=openvpn?
I’m also confident using /dev/net/tun2 won’t work with Wireguard in userspace mode due to some hardcoded constant in the Go Wireguard library unfortunately.

`cannot Unix Open TUN device file: operation not permitted` and `cannot create TUN device file node: operation not permitted`

That’s @Vendetta1985 problem with LXC containers and I found another discussion here with the same solution, so this is the Way ™️

`cannot Unix Open TUN device file: no such device`

@YanisKyr @iceball09 I don’t think your issue is resolved, is it?

That looks like gluetun runs the mknod command successfully but the /dev/net/tun file is still not accessible somehow… Not sure why. Did adding --device /dev/net/tun solve it?

qdm12 on Feb 16, 2022

Hey sorry I completely missed this issue.

Try adding

  devices:
    - /dev/net/tun:/dev/net/tun

to your configuration?

qdm12 on Nov 28, 2021