Open
Description
Trying to run on FreeBSD with DCO enabled, and using --user nobody leads to
2025-05-20 09:57:00 DCO device tun7 opened
2025-05-20 09:57:00 ovpn-dco device [tun7] opened
...
2025-05-20 09:57:00 UID set to nobody
...
2025-05-20 09:57:00 Failed to poll for packets: Operation not permitted (errno=1)
2025-05-20 09:57:00 Failed to poll for packets: Operation not permitted (errno=1)
2025-05-20 09:57:16 Failed to poll for packets: Operation not permitted (errno=1)
2025-05-20 09:57:31 Failed to poll for packets: Operation not permitted (errno=1)
or, if the tun7 interface was precreated ("ifconfig tun7 create")
2025-05-20 09:57:59 Failed to create interface tun7 (SIOCSIFNAME): File exists (errno=17)
2025-05-20 09:57:59 dco_set_ifmode: failed to set ifmode=00008010: Invalid argument (errno=22)
2025-05-20 09:57:59 DCO device tun7 already exists, won't be destroyed at shutdown
2025-05-20 09:57:59 ovpn-dco device [tun7] opened
2025-05-20 09:57:59 /sbin/ifconfig tun7 10.194.2.250 10.194.2.249 mtu 1500 netmask 255.255.255.255 up
2025-05-20 09:57:59 /sbin/ifconfig tun7 inet6 fd00:abcd:194:2::103d/64 mtu 1500 up
2025-05-20 09:57:59 ../distro/dns-scripts/dns-updown
2025-05-20 09:57:59 dns up command exited with status 0
2025-05-20 09:57:59 /sbin/route add -net 10.194.0.0 10.194.2.249 255.255.0.0
add net 10.194.0.0: gateway 10.194.2.249
2025-05-20 09:57:59 /sbin/route add -net 10.194.2.1 10.194.2.249 255.255.255.255
add net 10.194.2.1: gateway 10.194.2.249
2025-05-20 09:57:59 Failed to create new peer: Invalid argument (errno=22)
2025-05-20 09:57:59 Exiting due to fatal error
... so "it just does not work". With --disable-dco it uses the tun/tap interface, which works.
So I think we need a check --user <nonroot> set? -> disable dco (for FreeBSD only, Linux DCO with capabilities works)