You can skip this troubleshooting chapter unless any difficulties are encountered. == ip_unpriv vs ip-unpriv == There are two similar, yet distinct projects: standalone VPN-FIREWALL and Whonix TUNNEL_FIREWALL. Although both are alike, there is one difference that might be encountered. For instance, in the [[#VPN Configuration File|VPN Configuration File]] section: * Whonix TUNNEL_FIREWALL uses {{Code2|ip'''_'''unpriv}} (underscore) * Standalone VPN-FIREWALL uses {{Code2|ip'''-'''unpriv}} (hyphen) Be sure to use the right version of ip unpriv depending on whether VPN-FIREWALL or Whonix TUNNEL_FIREWALL is in use. == 50_openvpn_unpriv.conf vs 50_openvpn-unpriv.conf == Like the example above: * Whonix TUNNEL_FIREWALL uses <code>/usr/lib/tmpfiles.d/50_openvpn_unpriv.conf {{Code2|ip'''_'''unpriv}}</code> (underscore) * Standalone VPN-FIREWALL uses <code>/usr/lib/tmpfiles.d/50_openvpn-unpriv.conf {{Code2|ip'''-'''unpriv}}</code> (hyphen) == Cannot ioctl TUNSETIFF == <i>ERROR: Cannot ioctl TUNSETIFF tun: Operation not permitted (errno=1)</i> In <code>openvpn.conf</code> do not use. <pre> dev tun </pre> Use. <pre> dev tun0 </pre> == Dev tun Mismatch == In <code>openvpn.conf</code> do not use. <pre> dev tun </pre> Use. <pre> dev tun0 </pre> == /run/openvpn/openvpn.status Permission denied == <i>Options error: --status fails with '/run/openvpn/openvpn.status': Permission denied</i> To avoid permission issues, do <u>not</u>: * start OpenVPN as root; or * use <code>sudo openvpn</code>. Files in the <code>/run/openvpn</code> folder are owned by root, so they cannot be overwritten by the user <code>tunnel</code>. == debug start == To start debug, run the following commands successively. {{CodeSelect|code= sudo /usr/sbin/openvpn --rmtun --dev tun0 }} {{CodeSelect|code= sudo /usr/sbin/openvpn --mktun --dev tun0 --dev-type tun --user tunnel --group tunnel }} {{CodeSelect|code= cd /etc/openvpn/ }} {{CodeSelect|code= sudo -u tunnel openvpn /etc/openvpn/openvpn.conf }} == Linux ip link set failed == <i>Linux ip link set failed: external program exited with error status: 2</i> Use ip_unpriv as documented above. == Connectivity Test == {{connectivity_test}} == DNS Configuration == This only applies if <code>resolvconf</code> is in use. Permissions on two directories may need to be manually changed if they are not automatically applied. Check if changes are necessary with the following command. {{CodeSelect|code= ls -la /run/resolvconf }} If the output lists <code>tunnel</code> as having read / write / execute permissions for both <code>/run/resolvconf</code> and <code>/run/resolvconf/interface</code>, then nothing needs modification. If <code>tunnel</code> is not listed as a group for one or both directories, then permissions need to be changed. In that case, run. {{CodeSelect|code= sudo chown --recursive root:tunnel /run/resolvconf }} Then set the necessary permissions. {{CodeSelect|code= sudo chmod --recursive 775 /run/resolvconf }} In <code>/run/resolvconf</code>, <code>resolv.conf</code> may or may not be owned by <code>tunnel</code>, depending on whether the systemd service has already started. There is no need to modify permissions on this file, as the permissions will change when the service starts. == Terminology for Support Requests == {{Tunnel_Terminology}}