Saturday, January 29, 2011

OPENVPN error "Cannot open TUN/TAP dev /dev/net/tun: Permission denied (errno=13)"

Hi I get the following error when I try to run openvpn in my Ubuntu Server

Fri Jan 8 02:12:59 2010 OpenVPN 2.1_rc11 i486-pc-linux-gnu [SSL] [LZO2] [EPOLL] [PKCS11] built on Mar 9 2009
Fri Jan 8 02:12:59 2010 WARNING: --keepalive option is missing from server config
Fri Jan 8 02:12:59 2010 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Fri Jan 8 02:12:59 2010 Diffie-Hellman initialized with 1024 bit key
Fri Jan 8 02:12:59 2010 WARNING: file '/etc/openvpn/easy-rsa/2.0/keys/server.key' is group or others accessible
Fri Jan 8 02:12:59 2010 /usr/bin/openssl-vulnkey -q -b 1024 -m
Fri Jan 8 02:12:59 2010 TLS-Auth MTU parms [ L:1543 D:140 EF:40 EB:0 ET:0 EL:0 ]
Fri Jan 8 02:12:59 2010 ROUTE default_gateway=192.0.2.1
Fri Jan 8 02:12:59 2010 Note: Cannot open TUN/TAP dev /dev/net/tun: Permission denied (errno=13)
Fri Jan 8 02:12:59 2010 Note: Attempting fallback to kernel 2.2 TUN/TAP interface
Fri Jan 8 02:12:59 2010 Cannot allocate TUN/TAP dev dynamically
Fri Jan 8 02:12:59 2010 Exiting

This is my config file for server side

dev tun
proto tcp
port 1194

ca /etc/openvpn/easy-rsa/2.0/keys/ca.crt
cert /etc/openvpn/easy-rsa/2.0/keys/server.crt
key /etc/openvpn/easy-rsa/2.0/keys/server.key
dh /etc/openvpn/easy-rsa/2.0/keys/dh1024.pem

user nobody
group nogroup
server 10.8.0.0 255.255.255.0

persist-key
persist-tun

#status openvpn-status.log
#verb 3
client-to-client

push "redirect-gateway def1"

log-append /var/log/openvpn
comp-lzo

I'm runining from my root account. So I don't know why the permission is denied. Also if I type in modprobe tun I get the following output.

WARNING: Deprecated config file /etc/modprobe.conf, all config files belong into /etc/modprobe.d/. FATAL: Could not load /lib/modules/2.6.18-128.2.1.el5.028stab064.7ent/modules.dep: No such file or directory

From serverfault $pageUsers[$entry.posts[0].author].name

  • The tun/tap module isn't loading, because it looks like your kernel isn't installed correctly. Therefore while you probably do have permission to use the device node, there's no device answering on the kernel side. Resolve the modprobe errors (just running depmod -a as root might do it) and see what happens then.

    Andrew McGregor : So, /lib/modules/2.6.18-128.2.1.el5.028stab064.7ent actually exists? If not, something is badly wrong with your kernel installation, and you want to track that down. I presume you ran depmod as root.
    Andrew McGregor : Ok, there is a problem with the way the kernel was installed in that VM image. So, either contact the provider, or install a new kernel yourself.
    From Andrew McGregor

  • Hope this helps

    http://forums.quantact.com/viewtopic.php?f=25&t=1106

    From $pageUsers[$post.author].name

  • I wish I had caught this before, as this is something that has happened to me many times before.

    You're running on an OpenVZ VPS. Therefore, kernel modules such as tun will not work. You will need your provider to enable them for you.

    Consequently, things such as FUSE will not work without the provider enabling that as well, and also things like swap cannot work whatsoever.

    From Keith Morrow
Posted by Ku XI at 5:34 PM

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)