Calling OpenConnect VPN client in docker container shows TUNSETIFF failed: Operation not permitted Calling OpenConnect VPN client in docker container shows TUNSETIFF failed: Operation not permitted docker docker

Calling OpenConnect VPN client in docker container shows TUNSETIFF failed: Operation not permitted


docker vpn

By default, Docker containers are started with a reduced set of linux capabilities (see man capabilities). The reduced set doesn't include some network related functionality (presumably so that containers can't sniff traffic from the host or other containers).

To start a container with full network capabilities, either explicitly add the SYS_NET_ADMIN capability with --cap-add argument e.g:

docker run -d --cap-add SYS_NET_ADMIN myimage

Or give the container the full set of privileges with --privileged e.g:

docker run -d --privileged myimage

docker vpn

Either run the container privileged via

docker run -d --privileged myimage

as Adrian pointed out or run it with the NET_ADMIN capability added and pass the tunnel device e.g.:

docker run -d --cap-add NET_ADMIN --device /dev/net/tun myimage

docker vpn

Starting the container with --privileged. (Thanks Adrian Mouat for the answer).

Recent Posts
How can I color dots in a xy scatterplot according to column value?
How to update a claim in ASP.NET Identity?
What does {0} mean when initializing an object?
Accessing members of items in a JSONArray with Java
How to log SQL statements in Spring Boot?
Powershell Get-WebSite name parameter is ignored
How to detect scroll to bottom of html element
Java synchronized method
How to test controllers with CodeIgniter?
Detect Visual Composer
Matplotlib: Specify format of floats for tick labels
Rails join a list of strings with commas and "and" before the last