Skip to content

ocserv in jail: cannot open /dev/tun

Description of problem:

Hi,

I installed ocserv 1.1.6 on Freebsd 13.1 in jail.

After authentication it will fail and gives me this error:

"main: tun.c:731: Can't open tun device: File exists".

Version of ocserv used:

net/ocserv 1.1.6

Client used:

On FreeBSD Client: Openconnect, version v8.20

On Android Client: Openconnect, version 1.1.15

Distributor of ocserv

FreeBSD 13.1

How reproducible:

Describe the steps to reproduce the issue:

Here is my configuration: /etc/devfs.conf:

[devfsrules_jail_overlay=5]
add include $devfsrules_hide_all
add include $devfsrules_unhide_basic
add include $devfsrules_unhide_login
add path 'tun*' unhide
add path 'vpns*' unhide

ezjail variables for vnet and devfs:

export jail_overlay_devfs_ruleset="5"
export jail_overlay_vnet_enable="YES"
export jail_overlay_vnet_interface="e0b_overlay"
export jail_overlay_exec_prestart0="/usr/local/sbin/jib addm overlay vtnet0 && /sbin/ifconfig e0a_overlay inet 172.16.1.1/30"
export jail_overlay_exec_poststop0="/usr/local/sbin/jib destroy overlay"
export jail_overlay_parameters="allow.raw_sockets=1"

Actual results:

ocserv 86578 - - main[user]:1.2.3.4:34727 new user session
ocserv 86578 - - main[user]:1.2.3.4:34727 selected IP: 172.30.1.58
ocserv 86578 - - main[user]:1.2.3.4:34727 assigned IPv4: 172.30.1.58
ocserv 86578 - - main: cannot open /dev/tun; falling back to iteration: No such file or directory
ocserv 86578 - - main: tun.c:731: Can't open tun device: File exists
ocserv 86578 - - main[user]:1.2.3.4:34727 failed authentication attempt for user 'user'
ocserv 86578 - - main[user]:1.2.3.4:34727 sending message 'auth cookie reply' to worker
ocserv 86980 - - worker[user]: 1.2.3.4 received auth reply message (value: 3)
ocserv 86980 - - worker[user]: 1.2.3.4 error receiving cookie authentication reply
ocserv 86980 - - worker[user]: 1.2.3.4 failed cookie authentication attempt
ocserv 86578 - - main[user]:1.2.3.4:34727 worker terminated
ocserv 86578 - - main[user]:1.2.3.4:34727 sending msg sm: session close to sec-mod
ocserv 86678 - - sec-mod: received request sm: session close
ocserv 86678 - - sec-mod: cmd [size=42] sm: session close
ocserv 86578 - - main[user]:1.2.3.4:34727 user disconnected (reason: unspecified, rx: 0, tx: 0)
ocserv 86678 - - sec-mod: temporarily closing session for user (session: pz8UZ3)
ocserv 86578 - - main: tun.c:781: /dev/tun254: Error destroying interface: Device not configured