SO_BINDTODEVICE with curl --interface or CURLOPT_INTERFACE

Question

Running this command as non-root user:

curl --interface tun0 http://google.com -v

SO_BINDTODEVICE tun0 failed with errno 1: Operation not permitted; will do regular bind

setting curl_setopt($ch, CURLOPT_INTERFACE "tun0") in php doesn't work either. But,

ping -I tun0 google.com

works fine, so it's only an issue with curl. And it even works with curl for root, but it really should work for non-root users.

I have an openpvn interface tun0 but the same thing happens with lo interface.

This happens on multiple systems, so is the --interface option just broken in curl or should I use it some other way ? Should I enable something special for curl to be able to use the interface ?

Answer 1

I don't think you've interpreted the verbose message correctly.

The --interface option to curl asks it to bind the local end of the socket to a particular IP/network interface.

Binding a socket is done with a normal bind() call.

In addition to the bind() call, linux offers the SO_BINDTODEVICE setsockopt option that is a sort of better and more complete binding to an interface. This call however requires root access to work, which most libcurl using applications won't have and then it'll fail with the above mentioned text in the verbose output.

So, the local binding of the socket works even with that message present. It just didn't work down to the SO_BINDTODEVICE level.