You can skip this troubleshooting chapter unless any difficulties are encountered.
== ip_unpriv vs ip-unpriv ==
There are two similar, yet distinct projects: standalone VPN-FIREWALL and Whonix TUNNEL_FIREWALL. Although both are alike, there is one difference that might be encountered. For instance, in the [[#VPN Configuration File|VPN Configuration File]] section:
* Whonix TUNNEL_FIREWALL uses {{Code2|ip'''_'''unpriv}} (underscore)
* Standalone VPN-FIREWALL uses {{Code2|ip'''-'''unpriv}} (hyphen)
Be sure to use the right version of ip unpriv depending on whether VPN-FIREWALL or Whonix TUNNEL_FIREWALL is in use.
== 50_openvpn_unpriv.conf vs 50_openvpn-unpriv.conf ==
Like the example above:
* Whonix TUNNEL_FIREWALL uses /usr/lib/tmpfiles.d/50_openvpn_unpriv.conf {{Code2|ip'''_'''unpriv}}
(underscore)
* Standalone VPN-FIREWALL uses /usr/lib/tmpfiles.d/50_openvpn-unpriv.conf {{Code2|ip'''-'''unpriv}}
(hyphen)
== Cannot ioctl TUNSETIFF ==
ERROR: Cannot ioctl TUNSETIFF tun: Operation not permitted (errno=1)
In openvpn.conf
do not use.
dev tunUse.
dev tun0== Dev tun Mismatch == In
openvpn.conf
do not use.
dev tunUse.
dev tun0== /run/openvpn/openvpn.status Permission denied == Options error: --status fails with '/run/openvpn/openvpn.status': Permission denied To avoid permission issues, do not: * start OpenVPN as root; or * use
sudo openvpn
.
Files in the /run/openvpn
folder are owned by root, so they cannot be overwritten by the user tunnel
.
== debug start ==
To start debug, run the following commands successively.
{{CodeSelect|code=
sudo /usr/sbin/openvpn --rmtun --dev tun0
}}
{{CodeSelect|code=
sudo /usr/sbin/openvpn --mktun --dev tun0 --dev-type tun --user tunnel --group tunnel
}}
{{CodeSelect|code=
cd /etc/openvpn/
}}
{{CodeSelect|code=
sudo -u tunnel openvpn /etc/openvpn/openvpn.conf
}}
== Linux ip link set failed ==
Linux ip link set failed: external program exited with error status: 2
Use ip_unpriv as documented above.
== Connectivity Test ==
{{connectivity_test}}
== DNS Configuration ==
This only applies if resolvconf
is in use.
Permissions on two directories may need to be manually changed if they are not automatically applied. Check if changes are necessary with the following command.
{{CodeSelect|code=
ls -la /run/resolvconf
}}
If the output lists tunnel
as having read / write / execute permissions for both /run/resolvconf
and /run/resolvconf/interface
, then nothing needs modification. If tunnel
is not listed as a group for one or both directories, then permissions need to be changed. In that case, run.
{{CodeSelect|code=
sudo chown --recursive root:tunnel /run/resolvconf
}}
Then set the necessary permissions.
{{CodeSelect|code=
sudo chmod --recursive 775 /run/resolvconf
}}
In /run/resolvconf
, resolv.conf
may or may not be owned by tunnel
, depending on whether the systemd service has already started. There is no need to modify permissions on this file, as the permissions will change when the service starts.
== Terminology for Support Requests ==
{{Tunnel_Terminology}}