我准备在 VPSVPN Server上设置一个Centos 7,作为 Docker 容器运行。但是,安装OpenVPN和配置后,我看到服务器状态失败:
这是我的服务器配置文件文件:
port 1194
proto udp
dev tun
ca ca.crt
cert server.crt
key server.key
dh dh2048.pem
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "redirect-gateway def1 bypass-dhcp"
push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"
keepalive 10 120
cipher AES-256-CBC
user nobody
group nobody
persist-key
persist-tun
status openvpn-status.log
verb 3
explicit-exit-notify 1
messages运行以下命令后,var/log/ 文件中的内容如下:
系统控制启动[电子邮件保护]
Oct 7 08:35:39 systemd: Cannot add dependency job for unit systemd-vconsole-setup.service, ignoring: Unit is masked.
Oct 7 08:35:39 systemd: Starting OpenVPN Robust And Highly Flexible Tunneling Application On server...
Oct 7 08:35:39 openvpn: Fri Oct 7 08:35:39 2022 OpenVPN 2.4.12 x86_64-redhat-linux-gnu [Fedora EPEL patched] [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Mar 17 2022
Oct 7 08:35:39 openvpn: Fri Oct 7 08:35:39 2022 library versions: OpenSSL 1.0.2k-fips 26 Jan 2017, LZO 2.06
Oct 7 08:35:39 openvpn: Fri Oct 7 08:35:39 2022 Diffie-Hellman initialized with 2048 bit key
Oct 7 08:35:39 openvpn: Fri Oct 7 08:35:39 2022 ROUTE_GATEWAY ON_LINK IFACE=venet0 HWADDR=00:00:00:00:00:00
Oct 7 08:35:39 openvpn: Fri Oct 7 08:35:39 2022 ERROR: Cannot open TUN/TAP dev /dev/net/tun: No such file or directory (errno=2)
Oct 7 08:35:39 openvpn: Fri Oct 7 08:35:39 2022 Exiting due to fatal error
Oct 7 08:35:39 systemd: Started OpenVPN Robust And Highly Flexible Tunneling Application On server.
Oct 7 08:35:39 systemd: [email protected]: main process exited, code=exited, status=1/FAILURE
Oct 7 08:35:39 systemd: Unit [email protected] entered failed state.
Oct 7 08:35:39 systemd: [email protected] failed.
答案1
tun在容器中,只有当托管提供商为您的容器提供这种可能性时,才有可能创建和使用设备。他们需要:
tuntap在主机上加载驱动程序- 授予您的容器使用它的权限
如果满足此要求,您可以创建一个缺失的设备节点并将其与 OpenVPN 或其他应用程序一起使用:
mkdir -p /dev/net
mknod /dev/net/tun c 10 200
chmod 0666 /dev/net/tun
可能您需要在每次容器启动时创建它,在这种情况下,创建一个 systemd unitt 来为您运行这些命令并将其设置为网络所需会很方便:
[Unit]
Description=/dev/net/tun device node
Requires=sysinit.target
After=sysinit.target
Documentation=https://www.kernel.org/doc/Documentation/networking/tuntap.txt
[Service]
Type=oneshot
RemainAfterExit=yes
ExecStart=mkdir -p /dev/net
ExecStart=mknod /dev/net/tun c 10 200
ExecStart=chmod 0666 /dev/net/tun
[Install]
WantedBy=network-pre.target
将其保存/etc/systemd/system/tuntap-dev.service并运行systemctl enable tuntap-dev.service以在启动时启动它。