I am creating a custom openvpn client snap,
since I want my Ubuntu Core device to auto-connect to my VPN, wherever it’s located on the planet.
However, designing this snap, I hit the following issue:
OpenVPN is starting with my .ovpn config, and then:
Sat Jun 19 19:10:48 2021 ERROR: Cannot ioctl TUNSETIFF tun: Operation not permitted (errno=1)
Sat Jun 19 19:10:48 2021 Exiting due to fatal error
My snap has following plugs:
plugs:
- network
- network-bind
- network-control
- firewall-control
I could not find any AppArmor DENIED
s, either.
Any clue if creating a tun device is supported in a snap? And if so, how?
I proceeded to add all network-related plugs I could find, and it now works:
plugs:
- network
- network-bind
- network-control
- network-manager
- network-setup-control
- network-status
- firewall-control
I have yet to find out which one of these actually did the trick. The snapcraft documentation is really lacking here…
ogra
June 19, 2021, 10:42pm
3
most likely network-setup-control solved it …
you should use the snappy-debug snap and run it in a second terminal, that might have given the correct hints
1 Like
I am still very new to this. It’s a bit hard to find the right tools / logs / output sometimes.
Thanks for the ‘snappy-debug’ hint!
I can confirm it was the network-setup-control
which was required.
This is now the list of required plugs for my openvpn snap:
- network
- network-bind
- network-control
- network-setup-control
1 Like