Menu
I'm calling openconnect inside an ubuntu based docker container. It successfully connects to the server and prompt for my password, but then
Got CONNECT response: HTTP/1.1 200 OK CSTP connected. DPD 30, Keepalive 20 TUNSETIFF failed: Operation not permitted I search for the TUNSETIFF word and every answer is about the command not running in sudo, but I am already root inside the container. What else can go wrong?
261
By default, Docker containers are started with a reduced set of linux capabilities (see man capabilities). The reduced set doesn't include some network related functionality (presumably so that containers can't sniff traffic from the host or other containers).
To start a container with full network capabilities, either explicitly add the SYS_NET_ADMIN capability with --cap-add argument e.g:
docker run -d --cap-add SYS_NET_ADMIN myimage Or give the container the full set of privileges with --privileged e.g:
docker run -d --privileged myimage Either run the container privileged via
docker run -d --privileged myimage
as Adrian pointed out or run it with the NET_ADMIN capability added and pass the tunnel device e.g.:
docker run -d --cap-add NET_ADMIN --device /dev/net/tun myimage
26
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
