Hi, I am running a privileged lxc bullseye container inside a bullseye host.
Use case: I run a proprietary dial up VPN client (barracudavpn, utilizes /dev/net/tun) inside the container and use the container as a gateway to route specific IPv4 destination IPs over a dial-up VPN connection. To rule out problems with this software, I also tried this with openvpn, without success, same results.
This has worked “out-of-the-box” under Debian buster, but has stopped working after an upgrade to Debian bullseye (=buster successor).
The relevant error (e.g. in journal -xe) inside the container is:
(...) barracudavpn[109]: Error opening tunnel device /dev/net/tun: open failed: Operation not permitted
The problem is easily confirmed by:
root@host:~# ls -al /dev/net/tun
crw-rw-rw- 1 root root 10, 200 Jan 11 15:59 /dev/net/tun
root@host:~# lxc-attach -n container
root@container:~# ls -al /dev/net/tun
crw-rw-rw- 1 root root 10, 200 Jan 11 14:59 /dev/net/tun
root@container:~# cat /dev/net/tun
cat: /dev/net/tun: Operation not permitted
root@container:~#
I iterated through the various solutions I found for the notorious openvpn problem associated with /dev/net/tun, including (but not restricted to):
(...)
lxc.cgroup.devices.allow = c 10:200 rwm
lxc.mount.entry = /dev/net dev/net none bind,create=dir 0 0
(...)
At the moment I am a little lost - I tried to start the container with “-l DEBUG” but did not see anything helpful - so even a hint on how to debug this deeper would be appreciated.
Thank you.
edited: formatting