ERROR: Cannot ioctl TUNSETIFF tun: Operation not permitted (errno=1)

---

Hi.
Am using a vpn (torguard to be precise).

I’m only getting this readout while on Antergos when trying to use the VPN via the widget.

I should be able to use the VPN via the widget as a regular user as evidenced by that fact I can run the VPN as regular user from the widget from Fedora, OpenSuse Leap, or even Ubuntu.
No issue there.
Only on Antergos.
when trying to start Torguard from Terminal as root, I can start the widget and torguard starts up fine from from the widget without an issue.

Therefore, this is obviously a permissions issue.
Here’s a few outputs (I’ve only posted relevant information) and with some solutions that I’ve tried to no avail.

lsmod
Module                  Size  Used by
tun                    28672  3

hoped for solution (root) which for some reason did not work:

openvpn --mktun --dev tun28672 --user Modisc
Fri Apr 28 17:17:04 2017 TUN/TAP device tun28672 opened
Fri Apr 28 17:17:04 2017 Persist state set to: ON

No go.
The widget still starts with the initial error report (as regualer user).
Looking for solutions, please.

EDIT: I forgot.
The ‘up’ and ‘down’ are added to this file.

cat /etc/openvpn/update-resolv-conf
#!/bin/bash
#
# Parses DHCP options from openvpn to update resolv.conf
# To use set as 'up' and 'down' script in your openvpn *.conf:
up /etc/openvpn/update-resolv-conf
down /etc/openvpn/update-resolv-conf
#

…and I’m pretty sure that the permissions for this file are correct:

ls -l /etc/openvpn/update-resolv-conf
-rw-r-xr-x 1 root root 1921 Apr 23 17:36 /etc/openvpn/update-resolv-conf

Hey.

As far as I can remember from my personal experience openvpn always needed su privileges, it creates a new virtual interface in your pc. I dont know what widget you use, I simply start from terminal everything I can, but cant you just add some sudo prefix for your widget launch path? Should work if your user is in the sudoers group which also can be important.

Cheers.

@ansgar
Thanks for your response.
The widget that I mentioned is basically this:

with the aforementioned error code.
I’ve tried adding my username to the sudoers file with a no-go.

root ALL=(ALL) ALL
myusernamehere ALL=(ALL) ALL

It’s weird because on other Linux distros that I use, it’s not presented as an issue. The widget asks me (the user) for the root password to utilize it.
It’'s not the same here on Antergos.
It basically starts up. But without it (the widget/program/openvpn/whatever) requesting root password.
It is supposed to do this. And hence the error message shown above.

Pardon my reflex, I had some issues with my pc too.

“No go” you mean it doesnt allow you to add lines to sudoers as root ?
It should be easily done once and for all.

And sometimes you may need to add these also:

%admin ALL=(ALL) ALL
%sudo   ALL=(ALL:ALL) ALL

After you edit your /etc/sudoers , login to a terminal as normal user and simply type

sudo pacman -S gksu 

(if you use kde you may need “kdesu” packet but “gksu” and “gksudo” worked for me as well.)
Maybe this will be it.

But if doesnt… Im not sure about this, but maybe it could help:

chmod -R 777 /torguard--folder

Regards.

@ansgar
Sorry.
I should have been more explicit.
What I meant by “no go” is that there was no result that had a positive impact on my operation of the vpn widget to be accessible to the user (me) without the explicit management of root to use it.

Yes, I was able to edit it, it’s just the result was negative with regards to operation of it unless accessed via terminal using root.

I’ll return after wards with details on how your suggestions went.
I appreciate your efforts to help, too!

I have tried gksudo. I know it’s not much different than from starting the widget via terminal.
The additions you suggested to /etc/sudoers file has not really affected the permissions for the VPN widget. Unfortunately, that is.
I was hopeful, though.
Somewhere there are permissions overlooked or not provided for properly.
I"m just going to keep looking into this during my spare time.
So I"m going to leave this thread ’ as is ’

I see… So this is more complicated than it looks.
Too bad I cant check the widget on my own because torguard have no free vpns for now.
Could be a bug in the widget code.Could be even some kernel privilege providing difference(I read kernels changelogs very rarely so pardon me lack of knowledge), did you checked that widget on updated arch? Because fedora and suse have older ones, not even mentioning ubuntu.

This aside, I think some small .sh for openvpn would get the same job done.
It’s a good rule to avoid gui every time you can - lower resources consumption and less bugs!

Cheers Amigo

@ansgar
Hi.
I don’t believe it would be a code error in the widget code. Am only saying that as evidenced by the fact that it’s always an updated version of the widget. The same version that Fedora, Open Suse Leap, and Ubuntu use ( I use all 3 of those as well interestingly enough). And I use that same widget on those systems as well.

As i receive no such issue with any of the above mentioned Distros I also have the Widget installed on, I 'can’t see it being a widget code error. At least that is my opinion.

As for kernel privilages, hmm…I am none too sure. Though with me using the Long Term Kernel from Arch repos, I can’t see this happening.
I’m going to check the Wiki for OpenVPN on the Arch Wiki page and have a look there again. Though I"m skeptical.

1. so somewhere I must be missing a permissions setting.
2. Or it could be just a torguard vs Arch ‘thing’.
   Arch and / or Torguard widget don’t play nice with each other in this sense, perhaps?

ps: I hear what your saying re: “lower resources consumption and less bugs!”