Synology ERROR: Cannot open TUN/TAP dev /dev/net/tun: No such device (errno=19) #1542
Comments
|
I had this issue, restoring the TUN.sh task and file from various guides (example below) fixed it for me. it used to be in the documentation but I couldn't see it anymore |
|
I am having the exact same error on a raspberry pi kubernetes cluster. |
|
But you solved, right @11jwolfe2. Ref #1548 Have you gotten any further here @JaWas2019? I'm thinking we probably have to put the TUN.sh script info back into the docs. Was really hoping that the CREATE_TUN_DEVICE stuff was supposed to work though 😞 |
|
I have a DS1621+ and had the same issue. I got it to work by initializing the VPN connection once. Go to "Control Panel" => "Network" => "Network Interface" and create a new VPN Profile with your OpenVPN settings. Make the connection once. Important: Do make sure to do this on your local network because all traffic from and to your NAS will go through this VPN-connection now. So you will only be able connect to it with your local IP. |
|
I had the same error on my Synology. I managed to make the container to work by simply creating the TUN device on the host/synology first. After that the error was gone and I was able to run the container on the Docker app on the synology: This is to execute on your synology: |
|
it used to be as simple as installing the Synology VPN server app. Now running that script at boot up (scheduled task) is the key. |
|
I'm still getting this same error even after running the above script and setting it to always run at NAS boot up. What gives? |
|
Hey guys, sorry for going MIA - somehow all replies to this ended up in my Spam folder unnoticed. Here's an explanation for non-tech-savvy people:
Hope this helps anyone who's never done anything with SSH, took me a while to gather |
Thanks, this is working great on DS920+ Making the NAS do the work by itself is the best approach i think. |
Thank you for this. I am very new to SSH and am having some difficulty with this unfortunately. Firstly when I enter "sudo", it just brings up a load of different letters and I'm not sure which one to use. I looked up a Synology SSH guide it had "sudo -i" so that is what I used, and managed to navigate to the directory of my TUN.sh (cd /volume1/docker/transmission) However when I typed "sudo ./TUN.sh", it said "sudo: unable to execute ./TUN.sh: No such file or directory". Do you know how exactly I should be doing this please? I did try the "chmod 0755 TUN.sh" command but that didn't seem to do anything. EDIT: Nvm, got it working again by doing another restart of my Synology...classic! |
|
Hi, just for the sake of completeness. Like someone already suggested you do not necessarily need the TUN.sh script. Maybe the more easier way if you are unfamiliar with SSH is: Install the VPN Server Application on your Synology. Start it and make sure it's active (this will create the device for you every reboot). Then add "cap-add=NET_ADMIN" and "device=/dev/net/tun" to your Docker run command and it should also work fine. |
This worked for me. Hopefully not need to reboot the NAS much. :) |
|
fixed |
|
I didn't try the tun.sh script, but the other solutions on this thread did not work for me on a DS920+ running Synology DSM7. It's possible that they work on DSM6. Can anyone comment if they've found a solution for DSM7? I did my testing with the following configuration:
Test 1 (pchristod's solution): Test 2 (Beholder1984's solution): Test 3 (high privileges workaround -- not desirable due to security): |
|
if it works with high privilege then all I can say is this is a problem with synology then and something they should fix on their end.. |
|
So this this container doesn't require the "--privilege" or "--device" flags on non-Synology systems? Interesting. I did some more reading more about the "with high privilege" checkbox on Synology DSM's Docker GUI: Based on this Reddit thread, I believe the Synology checkbox is turning on the "--privileged" flag. This will "enable access to all devices on the host" according to the docker docs. With regular Docker, it is possible enable privileged access to a specific device using the "--device" flag, but that's not available through the DSM GUI. It's probably possible to start docker with the "--device" flag using a startup script as described here, but I didn't bother. I'm happy using the "with high privilege" checkbox for now. |
|
no, there should be no need for privilege or device so not sure why Synology has that problem.. |
|
Hi, I think there are various solutions to do this, however I just wanted to clarify how I do it because I believe you misunderstood it a bit. It does work without --privileged (or High privilege as it is called in the GUI). However the GUI is pretty limited I would highly suggest you use the CLI with SSH (simply connect via SSH to your NAS and do a "sudo su"), you can run docker commands then.
In this case I at least do not need the high privileges. But I am using the device command you also mentioned. In the end it depends on personal preference I guess which approach you want to choose. If anyone knows how to reliably create the TUN device within the container this would probably be a more ideal solution. Edit: |
|
thanks for the input. |
|
@pchristod Thank you for the additional details! I was able to get it working on DSM7 using "docker run" from an SSH terminal, based on your instructions. As a bonus, this created a new entry in the Docker GUI. I was able to start/stop/delete the container from the GUI. I was also able to monitor the log and create a terminal for troubleshooting from the GUI. However, editing any parameters from the GUI (e.g. changing the port) broke the configuration and I had to delete it and then recreate from SSH or the script below. I then created a startup script as described below. Overall, here's what I did:
Here is the script, with some details scrubbed: |
|
@esimonds Sounds great, really happy you got it working 😄 I think in your case it was 1) but it doesn't matter anyways as long as you have a persistent device. I cannot remember if I ever tried to uninstall the VPN Server application but I think I did, which resulted in losing the TUN Device. So I simply kept it active and running. Might need to try that again at some point One thing I saw: I don't believe the Task Scheduler is even necessary. Your container is set to restart always so it should come up automatically anyways after a reboot. You would only need the run command again if you removed and re-created the container. You can try that if you want to see if I'm really right. Additionally I would also like to give you the tip to look for another Docker Container "Portainer". Setup is pretty simple and straightforward. It's an easy way to manage Docker via GUI, without the limited Synology Docker GUI. Amongst managing Logs etc. you can easily update Container to new images and re-creating them with one step. |
Thanks! This worked for me |
It worked for me too! I put it in "boot-up" triggered task. How do you ensure that the container starts after the task ? |
|
Hello All, I've tried your solution but the container still doesn't boot. I'm on synology DSM 6.2.4-25556 here is the output log: 2021-07-28 15:31:36 net_route_v6_best_gw query: dst :: |
|
This was working just fine for me for a couple weeks solid, and then suddenly today it keeps stopping in docker.
` |
|
Yeah, Have you updated your nas in the mean time?
Look at the last row in the time stamp order.. can’t open the ovpn config
file…
Probably permission problem
…On Thu, Oct 28, 2021 at 6:10 Andrew Hoeveler ***@***.***> wrote:
This was working just fine for me for a couple weeks solid, and then
suddenly today it keeps stopping in docker.
I don't know if it's the same issue, but here's the logs (from the
container, not docker)
`
2021-10-27 21:04:26 stdout Use --help for more information.
2021-10-27 21:04:26 stdout
Options error: In [CMD-LINE]:1: Error opening configuration file: /etc/openvpn/nordvpn/default.ovpn
2021-10-27 21:04:26 stdout Setting OpenVPN credentials...
2021-10-27 21:04:26 stdout
Modification: Remap SIGUSR1 signal to SIGTERM, avoid OpenVPN restart loop
2021-10-27 21:04:26 stdout Modification: Set output verbosity to 3
2021-10-27 21:04:26 stdout Modification: Change tls-crypt keyfile path
2021-10-27 21:04:26 stdout
Modification: Update/set resolv-retry to 15 seconds
2021-10-27 21:04:26 stdout Modification: Change ping options
2021-10-27 21:04:26 stdout Modification: Change ca certificate path
2021-10-27 21:04:26 stdout
Modification: Point auth-user-pass option to the username/password file
2021-10-27 21:04:26 stdout
Modifying /etc/openvpn/nordvpn/default.ovpn for best behaviour in this container
2021-10-27 21:04:26 stdout Starting OpenVPN using config default.ovpn
2021-10-27 21:04:26 stdout 2021-10-27 21:04:25 Downloading from:
https://downloads.nordcdn.com/configs/files/ovpn_udp/servers/us8257.nordvpn.com.udp.ovpn
2021-10-27 21:04:26 stdout
2021-10-27 21:04:25 Downloading config: default.ovpn
2021-10-27 21:04:26 stdout 2021-10-27 21:04:25 Best server :
us8257.nordvpn.com
2021-10-27 21:04:26 stdout
2021-10-27 21:04:25 Searching for technology: openvpn_udp
2021-10-27 21:04:26 stdout
2021-10-27 21:04:25 Searching for group: legacy_p2p
2021-10-27 21:04:25 stdout
2021-10-27 21:04:25 Selecting the best server...
2021-10-27 21:04:25 stdout 2021-10-27 21:04:25 Removing existing configs
2021-10-27 21:04:25 stdout 2021-10-27 21:04:25 Checking curl installation
2021-10-27 21:04:25 stdout Executing setup script for NORDVPN
2021-10-27 21:04:25 stdout
Provider NORDVPN has a bundled setup script. Defaulting to internal config
2021-10-27 21:04:25 stdout Running with VPN_CONFIG_SOURCE auto
2021-10-27 21:04:25 stdout Using OpenVPN provider: NORDVPN
2021-10-27 21:04:25 stdout mknod: /dev/net/tun: File exists
2021-10-27 21:04:25 stdout Creating TUN device /dev/net/tun
2021-10-27 21:04:25 stdout
Starting container with revision: 6922dd6
`
—
You are receiving this because you modified the open/close state.
Reply to this email directly, view it on GitHub
<#1542 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AA7OFYVXUASDJAMFXFG5KMTUJBTFTANCNFSM4T6ROK3Q>
.
Triage notifications on the go with GitHub Mobile for iOS
<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
or Android
<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
|
|
I've not updated anything manually but I cannot speak to auto-updates... what is the "pension" problem? |
|
Permission problem lol.. |
|
Sorry, I don't know how to do anything "inside" the container if the container won't run? |
|
I don't see the container crashing in the logs, so it should be up and running. If you are using portainer you can simple check the console and view the system inside.. |
|
` |
|
I'm wondering if the settings in the It seems like this .sh script that was posted above was edited quite a bit beyond the defaults of this project. Could someone please post a corrected one that adheres to the default installation?
|
|
Are you using synologies docker app?? If so, stop. Try using portainer. I
believe the synology app doesn’t work well.
…On Fri, Oct 29, 2021 at 3:45 Andrew Hoeveler ***@***.***> wrote:
I'm wondering if the settings in the run-transmission-docker.sh I used
from above are not set correctly for my install?
For example, I have no /volume1/data/ directory, so I created a new shared
folder /volume1/docker-data/ and made that change below.
BUT the other entries, such as -e
TRANSMISSION_HOME="/docker/transmission-home" \ don't make sense to me
because in my file structure "/transmission-home" lives inside of
"/volume1/Downloads"
Same thing with -e
TRANSMISSION_WATCH_DIR="/docker/transmission-home/watch" \ - why would
that not actually be alongside the other transmission folders such as
"/data/downloads/incomplete"?
It seems like this .sh script that was posted above was edited quite a bit
beyond the defaults of this project. Could someone please post a corrected
one that adheres to the default installation?
#!/bin/bash docker run -d --restart=always \ --cap-add=NET_ADMIN \
--device=/dev/net/tun \ --name "transmission" \ -p 9091:9091 \ --mount
type=bind,src=/volume1/docker,dst=/docker \ --mount
type=bind,src=/volume1/docker-data,dst=/data \ -e PUID="1027" \ -e
PGID="100" \ -e OPENVPN_USERNAME="REDACTED" \ -e
OPENVPN_PASSWORD="REDACTED" \ -e OPENVPN_PROVIDER="NORDVPN" \ -e
OPENVPN_CONFIG="US" \ -e LOCAL_NETWORK="REDACTED" \ -e
TZ="America/Los_Angeles" \ -e
PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" \ -e
GLOBAL_APPLY_PERMISSIONS="true" \ -e
TRANSMISSION_HOME="/docker/transmission-home" \ -e
TRANSMISSION_RPC_PORT="9091" \ -e
TRANSMISSION_DOWNLOAD_DIR="/data/downloads/completed" \ -e
TRANSMISSION_INCOMPLETE_DIR="/data/downloads/incomplete" \ -e
TRANSMISSION_WATCH_DIR="/docker/transmission-home/watch" \ -e
CREATE_TUN_DEVICE="true" \ -e DROP_DEFAULT_ROUTE="" \ -e
WEBPROXY_ENABLED="false" \ -e WEBPROXY_PORT="8888" \ -e
WEBPROXY_USERNAME="" \ -e WEBPROXY_PASSWORD="" \ -e LOG_TO_STDOUT="false" \
-e HEALTH_CHECK_HOST="google.com" \ -e
REVISION="c9200cba1d5599622395f0819a9d0b862eaf3741" \
haugene/transmission-openvpn
—
You are receiving this because you modified the open/close state.
Reply to this email directly, view it on GitHub
<#1542 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AA7OFYTDUDD36X5FAWORC6LUJGK4LANCNFSM4T6ROK3Q>
.
Triage notifications on the go with GitHub Mobile for iOS
<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675>
or Android
<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.
|
|
Also, keep it simple and stick with the defaults until it works. The default compose should be fine, just edit the /data mount to whatever you use locally |
|
Thanks! I was digging around other open and closed issues here and found that DSM 7 has a problem with the Synology Docker app like you mentioned. The temporary fix is to flip the "Execute container using high privilege" switch, click "apply", click "edit" again, flip the switch again and repeat until the switch is on and the container doesn't stop itself from running. |
|
Any solution to this if I am using docker swarm? Device is not supported when deploying in a swarm.. |
|
Was also having this problem, turns out my TUN.sh had windows file endings when I tried the following it worked for me "The problem is that your file is using DOS (Windows) file endings (cr/lf). You can do this in VIM with “:set ff=unix”. |
|
Hi.Successful because I set up vpn on the network and restarted it several times. |
thanks, that worked for me! |
|
I found that installing the VPN Server application and then checking enabling OpenVPN allowed me to run my OpenVPN server via docker-compose. Just to add my 2 pence to this thread. |
|
I managed to install it on Synology dsm using this setup. It is an updated version of what has been posted above. Main change is the mounting of volumes. |
|
Iam not sure what exactly was the last step which lead me to a working config, i tried a lot of things. Maybe this helps somebody reading this thread... |
and others
Hey guys, I'm sorry if I'm just stupid and missing something here, I don't have too much experience with docker, and even less with docker on my new Synology DS920+
I downloaded this container through the built-in docker registry. I set up all my variables, however, the container is crashing on every startup. The logs don't make sense to me, as the TUN creation as well as establishing the VPN connection seem to be working fine, it's only crashing once it's trying to open TUN. I've read that you could use the --device flag to fix this, but as I'm executing from the registry directly, I don't think I can add any flags to the startup?
Please excuse the order of the logfiles (highest=newest), this is how Synology exports it.
Any help would be highly appreciated!
`
The text was updated successfully, but these errors were encountered: