OpenVZ Forum


Home » General » Support » Access to ifconfig denied from container (OpenVPN internet routing)
Access to ifconfig denied from container (OpenVPN internet routing) [message #37123] Wed, 19 August 2009 14:27 Go to next message
imagenesis is currently offline  imagenesis
Messages: 6
Registered: August 2009
Junior Member
I am receiving the following error when executing with a config file that attempts to route clients internet traffic:


Wed Aug 19 18:20:20 2009 /sbin/ifconfig tun0 10.30.0.1 pointopoint 10.30.0.2 mtu 1500
Wed Aug 19 18:20:23 2009 event_wait : Interrupted system call (code=4)
Wed Aug 19 18:20:23 2009 ERROR: Linux route delete command failed: could not execute external program
Wed Aug 19 18:20:23 2009 /sbin/ifconfig tun0 0.0.0.0
Wed Aug 19 18:20:23 2009 Linux ip addr del failed: could not execute external program
Wed Aug 19 18:20:23 2009 SIGINT[hard,] received, process exiting




server 10.30.0.0 255.255.255.0
client-to-client
push "dhcp-option DNS ###"
push "redirect-gateway def1"
keepalive 10 120
port 1194
proto udp
dev tun

[Updated on: Wed, 19 August 2009 14:31]

Report message to a moderator

Re: Access to ifconfig denied from container (OpenVPN internet routing) [message #37125 is a reply to message #37123] Wed, 19 August 2009 14:45 Go to previous messageGo to next message
imagenesis is currently offline  imagenesis
Messages: 6
Registered: August 2009
Junior Member
I think this problems is stemming from the fact that openvpn didn't properly create tun0 in the first place.

Executing:

openvpn --mktun tun --dev tun0
Wed Aug 19 18:40:27 2009 TUN/TAP device tun0 opened
Wed Aug 19 18:40:27 2009 Cannot ioctl TUNSETPERSIST(1) tun0: Operation not permitted (errno=1)
Wed Aug 19 18:40:27 2009 Exiting


How do I grant access to the container to execute:

ioctl TUNSETPERSIST(1) tun0

[Updated on: Wed, 19 August 2009 14:47]

Report message to a moderator

Re: Access to ifconfig denied from container (OpenVPN internet routing) [message #37128 is a reply to message #37125] Wed, 19 August 2009 15:49 Go to previous messageGo to next message
maratrus is currently offline  maratrus
Messages: 1495
Registered: August 2007
Location: Moscow
Senior Member
Hi,

I suppose a capability should be set.
(see man vzctl)
Could you please strace the program to find out what capability should be added.

Report message to a moderator

Re: Access to ifconfig denied from container (OpenVPN internet routing) [message #37137 is a reply to message #37128] Thu, 20 August 2009 21:09 Go to previous messageGo to next message
imagenesis is currently offline  imagenesis
Messages: 6
Registered: August 2009
Junior Member
Here is the strace:

Quote:

execve("/usr/local/sbin/openvpn", ["openvpn", "--mktun", "tun", "--dev", "tun0"], [/* 21 vars */]) = 0
brk(0) = 0x8a66000
uname({sys="Linux", node="nixism1.memorycraze.com", ...}) = 0
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat64(3, {st_mode=S_IFREG|0644, st_size=15637, ...}) = 0
mmap2(NULL, 15637, PROT_READ, MAP_PRIVATE, 3, 0) = 0xb7f03000
close(3) = 0
open("/lib/libssl.so.6", O_RDONLY) = 3
read(3, " \177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\240\270\0\00 04\0\0\0 "..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=284524, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f02000
mmap2(NULL, 287496, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7ebb000
mmap2(0xb7efe000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x42) = 0xb7efe000
close(3) = 0
open("/lib/libcrypto.so.6", O_RDONLY) = 3
read(3, " \177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\3005\3\0004\ 0\0\0 "..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1295264, ...}) = 0
mmap2(NULL, 1308704, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7d7b000
mmap2(0xb7ea4000, 77824, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x129) = 0xb7ea4000
mmap2(0xb7eb7000, 14368, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7eb7000
close(3) = 0
open("/lib/libdl.so.2", O_RDONLY) = 3
read(3, " \177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0P\n\0\0004\0\ 0\0 "..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=14644, ...}) = 0
mmap2(NULL, 12408, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7d77000
mmap2(0xb7d79000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0xb7d79000
close(3) = 0
open("/lib/libc.so.6", O_RDONLY) = 3
read(3, " \177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\320_\1\0004\ 0\0\0 "..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=1603396, ...}) = 0
mmap2(NULL, 1324452, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7c33000
mmap2(0xb7d71000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x13e) = 0xb7d71000
mmap2(0xb7d74000, 9636, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7d74000
close(3) = 0
open("/usr/lib/libgssapi_krb5.so.2", O_RDONLY) = 3
read(3, " \177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\320c\0\0004\ 0\0\0 "..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=184812, ...}) = 0
mmap2(NULL, 183708, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7c06000
mmap2(0xb7c32000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2c) = 0xb7c32000
close(3) = 0
open("/usr/lib/libkrb5.so.3", O_RDONLY) = 3
read(3, " \177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`\21\1\0004\0 \0\0 "..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=609068, ...}) = 0
mmap2(NULL, 611912, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7b70000
mmap2(0xb7c03000, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x92) = 0xb7c03000
close(3) = 0
open("/lib/libcom_err.so.2", O_RDONLY) = 3
read(3, " \177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\340\7\0\0004 \0\0\0 "..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=6300, ...}) = 0
mmap2(NULL, 9164, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7b6d000
mmap2(0xb7b6f000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0xb7b6f000
close(3) = 0
open("/usr/lib/libk5crypto.so.3", O_RDONLY) = 3
read(3, " \177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\2207\0\0004\ 0\0\0 "..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=155608, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7b6c000
mmap2(NULL, 155040, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7b46000
mmap2(0xb7b6b000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x25) = 0xb7b6b000
close(3) = 0
open("/lib/libresolv.so.2", O_RDONLY) = 3
read(3, "\177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\300 \0\0004\0\0\0"..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=74616, ...}) = 0
mmap2(NULL, 75976, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7b33000
mmap2(0xb7b42000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xe) = 0xb7b42000
mmap2(0xb7b44000, 6344, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7b44000
close(3) = 0
open("/usr/lib/libz.so.1", O_RDONLY) = 3
read(3, " \177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\300\25\0\000 4\0\0\0 "..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=73580, ...}) = 0
mmap2(NULL, 76400, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7b20000
mmap2(0xb7b32000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x11) = 0xb7b32000
close(3) = 0
open("/usr/lib/libkrb5support.so.0", O_RDONLY) = 3
read(3, " \177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0`\31\0\0004\0 \0\0 "..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=32024, ...}) = 0
mmap2(NULL, 34852, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7b17000
mmap2(0xb7b1f000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x7) = 0xb7b1f000
close(3) = 0
open("/lib/libkeyutils.so.1", O_RDONLY) = 3
read(3, " \177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\20\10\0\0004 \0\0\0 "..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=6404, ...}) = 0
mmap2(NULL, 9208, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7b14000
mmap2(0xb7b16000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1) = 0xb7b16000
close(3) = 0
open("/lib/libselinux.so.1", O_RDONLY) = 3
read(3, " \177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\0005\0\0004\ 0\0\0 "..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=91892, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7b13000
mmap2(NULL, 97112, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7afb000
mmap2(0xb7b11000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x15) = 0xb7b11000
close(3) = 0
open("/lib/libsepol.so.1", O_RDONLY) = 3
read(3, " \177ELF\1\1\1\0\0\0\0\0\0\0\0\0\3\0\3\0\1\0\0\0\340.\0\0004\ 0\0\0 "..., 512) = 512
fstat64(3, {st_mode=S_IFREG|0755, st_size=241432, ...}) = 0
mmap2(NULL, 286624, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0xb7ab5000
mmap2(0xb7af0000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3a) = 0xb7af0000
mmap2(0xb7af1000, 40864, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xb7af1000
close(3) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7ab4000
set_thread_area({entry_number:-1 -> 6, base_addr:0xb7ab4a10, limit:1048575, seg_32bit:1, contents:0, read_exec_only:0, limit_in_pages:1, seg_not_present:0, useable:1}) = 0
mprotect(0xb7b42000, 4096, PROT_READ) = 0
mprotect(0xb7d71000, 8192, PROT_READ) = 0
mprotect(0xb7d79000, 4096, PROT_READ) = 0
mprotect(0xb7f21000, 4096, PROT_READ) = 0
munmap(0xb7f03000, 15637) = 0
access("/etc/selinux/", F_OK) = 0
brk(0) = 0x8a66000
brk(0x8a87000) = 0x8a87000
open("/etc/selinux/config", O_RDONLY|O_LARGEFILE) = -1 ENOENT (No such file or directory)
open("/proc/mounts", O_RDONLY|O_LARGEFILE) = 3
fstat64(3, {st_mode=S_IFREG|0444, st_size=0, ...}) = 0
mmap2(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xb7f06000
read(3, "/dev/simfs / simfs rw 0 0\n/proc "..., 4096) = 173
read(3, "", 4096) = 0
close(3) = 0
munmap(0xb7f06000, 4096) = 0
gettimeofday({1250802512, 290382}, NULL) = 0
time(NULL) = 1250802512
open("/proc/sys/crypto/fips_enabled", O_RDONLY) = -1 ENOENT (No such file or directory)
rt_sigaction(SIGINT, {0x808df70, [INT], SA_RESTORER|SA_RESTART, 0xb7c5be28}, {SIG_DFL, [], 0}, Cool = 0
rt_sigaction(SIGTERM, {0x808df70, [TERM], SA_RESTORER|SA_RESTART, 0xb7c5be28}, {SIG_DFL, [], 0}, Cool = 0
rt_sigaction(SIGHUP, {SIG_IGN, [HUP], SA_RESTORER|SA_RESTART, 0xb7c5be28}, {SIG_DFL, [], 0}, Cool = 0
rt_sigaction(SIGUSR1, {SIG_IGN, [USR1], SA_RESTORER|SA_RESTART, 0xb7c5be28}, {SIG_DFL, [], 0}, Cool = 0
rt_sigaction(SIGUSR2, {SIG_IGN, [USR2], SA_RESTORER|SA_RESTART, 0xb7c5be28}, {SIG_DFL, [], 0}, Cool = 0
rt_sigaction(SIGPIPE, {SIG_IGN, [PIPE], SA_RESTORER|SA_RESTART, 0xb7c5be28}, {SIG_DFL, [], 0}, Cool = 0
open("/dev/net/tun", O_RDWR) = 3
ioctl(3, TUNSETIFF, 0xbfc602ac) = 0
time(NULL) = 1250802512
gettimeofday({1250802512, 291479}, NULL) = 0
open("/etc/localtime", O_RDONLY) = 4
 ...

[ Show the rest of the message ]

Report message to a moderator

Re: Access to ifconfig denied from container (OpenVPN internet routing) [message #37262 is a reply to message #37137] Sun, 30 August 2009 08:31 Go to previous message
maratrus is currently offline  maratrus
Messages: 1495
Registered: August 2007
Location: Moscow
Senior Member
Hi,

thanks for the info.
I suppose we bumped into the similar problem there
http://forum.openvz.org/index.php?t=tree&th=4280&#pa ge_top
but we might reach it from the different side.

My second comment suggested that you may use nonpersistent mode. Unfortunately I cannot recall how to do it but if you want you can read OpenVPN documentation or search through the Google.
Anyway please read the topic mentioned above and you'll find a howto written by tomfra (Tomas France). I hope it will be helpful in your case.

Report message to a moderator

Previous Topic: Network setup how to do it.
Next Topic: ejabberd in container
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Mon Jun 03 13:01:11 GMT 2024

Total time taken to generate the page: 0.00430 seconds
Powered by FUDforum Powered by Virtuozzo Containers