OpenVPN Cannot allocate TUN/TAP dev dynamically

12,749

I'd guess that you need to use the --ifconfig-pool-persist option on your server in order to keep the client <-> ip address mapping across the restarts of your server daemon. Otherwise the clients need to call ifconfig to reconfigure their tun device even with --persist-tun active. This will invariably fail if they do not have root priveleges.

Share:
12,749

Related videos on Youtube

Pyd
Author by

Pyd

Updated on September 18, 2022

Comments

  • Pyd
    Pyd almost 2 years

    OpenVPN clients work fine when they're started by /etc/init.d/openvpn for the first time, but they can't reconnect if the master server is restarted.

    This is the error I get in syslog:

    ovpn-openvpn[8113]: Note: Cannot ioctl TUNSETIFF tun: Operation not permitted (errno=1)
    ovpn-openvpn[8113]: Note: Attempting fallback to kernel 2.2 TUN/TAP interface
    ovpn-openvpn[8113]: Cannot allocate TUN/TAP dev dynamically
    ovpn-openvpn[8113]: Exiting
    

    This are the file permissions of tun device:

    crw-rw-rw- 1 root root 10, 200 2011-03-24 16:51 /dev/net/tun
    

    If I then restart the client using "/etc/init.d/openvpn restart", they connect normally.

    Also, problems only appear when openvpn runs as user 'nobody'. Running as 'root' solves everything but it's not a viable solution.

    'persist-tun' option also helps a bit, but not too much. Tunnels still don't last overnight.

    Any suggestions?