Did you try running the container in priveleged mode? I'm not the most informed on the exact implementation of cap-add NET_ADMIN, but does it allow proper access to /dev/net/tun on host?

i thought so, but im not quite sure

have running adguard containers running with NET_ADMIN

thought i had privileged in my compose will try to run it with

feeling so dumb right now... I am sure at some point I had "privileged: true" in my compose... added it and now it works

thanks

Thanks for posting this it got me started!

I do seem to have hit roadblock now that the container stays started for a little while (i was missing the command, i mean geez what container doesnt have a default entry point?! - wow this project has one of the most terribly constructed docker images and getting started doc, and yes i can and have done better myself).

not sure why but i am getting nowhere with this, this is my log and YES my host kernel does have tun module and probe works just fine on the host.

also made sure i set to privileged and add the CAP

any ideas?

2022/02/14 23:42:38 logtail started

2022/02/14 23:42:38 Program starting: v1.20.4-t8e32002cf, Go 1.17.6-tse44d304e54: []string{"tailscaled"}

2022/02/14 23:42:38 LogID: 98bc02a786cf692a8d62e34909c6e23cc422293efa5654d1cfb48a29f1bcf9ab

2022/02/14 23:42:38 logpolicy: using system state directory "/var/lib/tailscale"

2022/02/14 23:42:38 wgengine.NewUserspaceEngine(tun "tailscale0") ...

2022/02/14 23:42:38 Linux kernel version: 5.10.0-11-amd64

2022/02/14 23:42:38 is CONFIG_TUN enabled in your kernel? \modprobe tun` failed with: modprobe: can't change directory to '/lib/modules': No such file or directory`

2022/02/14 23:42:38 wgengine.NewUserspaceEngine(tun "tailscale0") error: tstun.New("tailscale0"): operation not permitted

2022/02/14 23:42:38 flushing log.

2022/02/14 23:42:38 logger closing down

2022/02/14 23:42:38 logtail: dialed "log.tailscale.io:443" in 79ms

2022/02/14 23:42:38 createEngine: tstun.New("tailscale0"): operation not permitted

do you have tailscale running on your host?

had to deinstall it from the host to get the container running