generic error (-101): Network is unreachable

[uberspeck]

Is there a pinned issue for this?

• I have read the pinned issues and could not find my issue

Is there an existing or similar issue/discussion for this?

• I have searched the existing issues
• I have searched the existing discussions

Is there any comment in the documentation for this?

• I have read the documentation, especially the FAQ and Troubleshooting parts

Is this related to a provider?

• I have checked the provider repo for issues
• My issue is NOT related to a provider

Are you using the latest release?

• I am using the latest release

Have you tried using the dev branch latest?

• I have tried using dev branch

Docker run config used

services:
    transmission-openvpn:
        cap_add:
            - NET_ADMIN
        volumes:
            - '/Volumes/media:/data'
            - '/Users/brian/Documents/Docker/Transmission/config:/config'
        environment:
            - OPENVPN_PROVIDER=PIA
            - OPENVPN_CONFIG=us_denver
            - OPENVPN_USERNAME=****
            - OPENVPN_PASSWORD=****
            - LOCAL_NETWORK=192.168.1.0/24
            - TRANSMISSION_DOWNLOAD_DIR=/data/Complete
            - TRANSMISSION_INCOMPLETE_DIR=/data/Incomplete
            - TRANSMISSION_INCOMPLETE_DIR_ENABLED=true
            - TRANSMISSION_DOWNLOAD_QUEUE_SIZE=10
            - TRANSMISSION_DOWNLOAD_QUEUE_ENABLED=true
            - TRANSMISSION_TRASH_ORIGINAL_TORRENT_FILES=true
            - TRANSMISSION_TRASH_CAN_ENABLED=false
            - TZ=America/Denver
        logging:
            driver: json-file
            options:
                max-size: 10m
        ports:
            - '8080:9091'
        image: haugene/transmission-openvpn

Current Behavior

Transmission fails to launch

Expected Behavior

Transmission should launch

How have you tried to solve the problem?

I've tried manually setting DNS, setting OPENVPN_OPTS, disabling CREATE_TUNs_DEVICE, running in privileged mode etc.

Log output

 ✔ Network transmission_default                   Created                                                                                                                       0.0s
 ✔ Container transmission-transmission-openvpn-1  Created                                                                                                                       0.3s
Attaching to transmission-openvpn-1
transmission-openvpn-1  | Starting container with revision: 07f5a2b9aea5028c9bb75438c1552708e91dde71
transmission-openvpn-1  | TRANSMISSION_HOME is currently set to: /config/transmission-home
transmission-openvpn-1  | Creating TUN device /dev/net/tun
transmission-openvpn-1  | Using OpenVPN provider: PIA
transmission-openvpn-1  | Running with VPN_CONFIG_SOURCE auto
transmission-openvpn-1  | Provider PIA has a bundled setup script. Defaulting to internal config
transmission-openvpn-1  | Executing setup script for PIA
transmission-openvpn-1  | Downloading OpenVPN config bundle openvpn into temporary file /tmp/tmp.3DSdLlqkJe
transmission-openvpn-1  | Extract OpenVPN config bundle into PIA directory /etc/openvpn/pia
transmission-openvpn-1  | Starting OpenVPN using config us_denver.ovpn
transmission-openvpn-1  | Modifying /etc/openvpn/pia/us_denver.ovpn for best behaviour in this container
transmission-openvpn-1  | Modification: Point auth-user-pass option to the username/password file
transmission-openvpn-1  | Modification: Change ca certificate path
transmission-openvpn-1  | Modification: Change ping options
transmission-openvpn-1  | Modification: Update/set resolv-retry to 15 seconds
transmission-openvpn-1  | Modification: Change tls-crypt keyfile path
transmission-openvpn-1  | Modification: Set output verbosity to 3
transmission-openvpn-1  | Modification: Remap SIGUSR1 signal to SIGTERM, avoid OpenVPN restart loop
transmission-openvpn-1  | Modification: Updating status for config failure detection
transmission-openvpn-1  | Setting OpenVPN credentials...
transmission-openvpn-1  | adding route to local network 192.168.1.0/24 via 192.168.107.1 dev eth0
transmission-openvpn-1  | 2024-11-10 09:14:47 DEPRECATED OPTION: --cipher set to 'aes-128-cbc' but missing in --data-ciphers (AES-256-GCM:AES-128-GCM). Future OpenVPN version will ignore --cipher for cipher negotiations. Add 'aes-128-cbc' to --data-ciphers or change --cipher 'aes-128-cbc' to --data-ciphers-fallback 'aes-128-cbc' to silence this warning.
transmission-openvpn-1  | 2024-11-10 09:14:47 OpenVPN 2.5.9 aarch64-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [PKCS11] [MH/PKTINFO] [AEAD] built on Sep 29 2023
transmission-openvpn-1  | 2024-11-10 09:14:47 library versions: OpenSSL 3.0.2 15 Mar 2022, LZO 2.10
transmission-openvpn-1  | 2024-11-10 09:14:47 NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
transmission-openvpn-1  | 2024-11-10 09:14:47 CRL: loaded 1 CRLs from file -----BEGIN X509 CRL-----
transmission-openvpn-1  | MIICWDCCAUAwDQYJKoZIhvcNAQENBQAwgegxCzAJBgNVBAYTAlVTMQswCQYDVQQI
transmission-openvpn-1  | EwJDQTETMBEGA1UEBxMKTG9zQW5nZWxlczEgMB4GA1UEChMXUHJpdmF0ZSBJbnRl
transmission-openvpn-1  | cm5ldCBBY2Nlc3MxIDAeBgNVBAsTF1ByaXZhdGUgSW50ZXJuZXQgQWNjZXNzMSAw
transmission-openvpn-1  | HgYDVQQDExdQcml2YXRlIEludGVybmV0IEFjY2VzczEgMB4GA1UEKRMXUHJpdmF0
transmission-openvpn-1  | ZSBJbnRlcm5ldCBBY2Nlc3MxLzAtBgkqhkiG9w0BCQEWIHNlY3VyZUBwcml2YXRl
transmission-openvpn-1  | aW50ZXJuZXRhY2Nlc3MuY29tFw0xNjA3MDgxOTAwNDZaFw0zNjA3MDMxOTAwNDZa
transmission-openvpn-1  | MCYwEQIBARcMMTYwNzA4MTkwMDQ2MBECAQYXDDE2MDcwODE5MDA0NjANBgkqhkiG
transmission-openvpn-1  | 9w0BAQ0FAAOCAQEAQZo9X97ci8EcPYu/uK2HB152OZbeZCINmYyluLDOdcSvg6B5
transmission-openvpn-1  | jI+ffKN3laDvczsG6CxmY3jNyc79XVpEYUnq4rT3FfveW1+Ralf+Vf38HdpwB8EW
transmission-openvpn-1  | B4hZlQ205+21CALLvZvR8HcPxC9KEnev1mU46wkTiov0EKc+EdRxkj5yMgv0V2Re
transmission-openvpn-1  | ze7AP+NQ9ykvDScH4eYCsmufNpIjBLhpLE2cuZZXBLcPhuRzVoU3l7A9lvzG9mjA
transmission-openvpn-1  | 5YijHJGHNjlWFqyrn1CfYS6koa4TGEPngBoAziWRbDGdhEgJABHrpoaFYaL61zqy
transmission-openvpn-1  | MR6jC0K2ps9qyZAN74LEBedEfK7tBOzWMwr58A==
transmission-openvpn-1  | -----END X509 CRL-----
transmission-openvpn-1  |
transmission-openvpn-1  | 2024-11-10 09:14:47 TCP/UDP: Preserving recently used remote address: [AF_INET]181.41.206.86:1198
transmission-openvpn-1  | 2024-11-10 09:14:47 Socket Buffers: R=[229376->229376] S=[229376->229376]
transmission-openvpn-1  | 2024-11-10 09:14:47 UDP link local: (not bound)
transmission-openvpn-1  | 2024-11-10 09:14:47 UDP link remote: [AF_INET]181.41.206.86:1198
transmission-openvpn-1  | 2024-11-10 09:14:47 TLS: Initial packet from [AF_INET]181.41.206.86:1198, sid=07a15ac5 0563429a
transmission-openvpn-1  | 2024-11-10 09:14:47 WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
transmission-openvpn-1  | 2024-11-10 09:14:47 VERIFY OK: depth=1, C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=Private Internet Access, name=Private Internet Access, [email protected]
transmission-openvpn-1  | 2024-11-10 09:14:47 VERIFY KU OK
transmission-openvpn-1  | 2024-11-10 09:14:47 Validating certificate extended key usage
transmission-openvpn-1  | 2024-11-10 09:14:47 ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
transmission-openvpn-1  | 2024-11-10 09:14:47 VERIFY EKU OK
transmission-openvpn-1  | 2024-11-10 09:14:47 VERIFY OK: depth=0, C=US, ST=CA, L=LosAngeles, O=Private Internet Access, OU=Private Internet Access, CN=denver421, name=denver421
transmission-openvpn-1  | 2024-11-10 09:14:47 Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA512
transmission-openvpn-1  | 2024-11-10 09:14:47 [denver421] Peer Connection Initiated with [AF_INET]181.41.206.86:1198
transmission-openvpn-1  | 2024-11-10 09:14:47 PUSH: Received control message: 'PUSH_REPLY,comp-lzo no,redirect-gateway def1,route-ipv6 2000::/3,dhcp-option DNS 10.0.0.243,route-gateway 10.10.112.1,topology subnet,ping 10,ping-restart 60,ifconfig 10.10.112.73 255.255.255.0,peer-id 3,cipher AES-128-GCM'
transmission-openvpn-1  | 2024-11-10 09:14:47 OPTIONS IMPORT: timers and/or timeouts modified
transmission-openvpn-1  | 2024-11-10 09:14:47 OPTIONS IMPORT: compression parms modified
transmission-openvpn-1  | 2024-11-10 09:14:47 OPTIONS IMPORT: --ifconfig/up options modified
transmission-openvpn-1  | 2024-11-10 09:14:47 OPTIONS IMPORT: route options modified
transmission-openvpn-1  | 2024-11-10 09:14:47 OPTIONS IMPORT: route-related options modified
transmission-openvpn-1  | 2024-11-10 09:14:47 OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
transmission-openvpn-1  | 2024-11-10 09:14:47 OPTIONS IMPORT: peer-id set
transmission-openvpn-1  | 2024-11-10 09:14:47 OPTIONS IMPORT: adjusting link_mtu to 1625
transmission-openvpn-1  | 2024-11-10 09:14:47 OPTIONS IMPORT: data channel crypto options modified
transmission-openvpn-1  | 2024-11-10 09:14:47 Data Channel: using negotiated cipher 'AES-128-GCM'
transmission-openvpn-1  | 2024-11-10 09:14:47 Outgoing Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
transmission-openvpn-1  | 2024-11-10 09:14:47 Incoming Data Channel: Cipher 'AES-128-GCM' initialized with 128 bit key
transmission-openvpn-1  | 2024-11-10 09:14:47 net_route_v4_best_gw query: dst 0.0.0.0
transmission-openvpn-1  | 2024-11-10 09:14:47 net_route_v4_best_gw result: via 192.168.107.1 dev eth0
transmission-openvpn-1  | 2024-11-10 09:14:47 ROUTE_GATEWAY 192.168.107.1/255.255.255.0 IFACE=eth0 HWADDR=02:42:c0:a8:6b:02
transmission-openvpn-1  | 2024-11-10 09:14:47 GDG6: remote_host_ipv6=n/a
transmission-openvpn-1  | 2024-11-10 09:14:47 net_route_v6_best_gw query: dst ::
transmission-openvpn-1  | 2024-11-10 09:14:47 sitnl_send: rtnl: generic error (-101): Network is unreachable
transmission-openvpn-1  | 2024-11-10 09:14:47 ROUTE6: default_gateway=UNDEF
transmission-openvpn-1  | 2024-11-10 09:14:47 ERROR: Cannot open TUN/TAP dev /dev/net/tun: Operation not permitted (errno=1)
transmission-openvpn-1  | 2024-11-10 09:14:47 Exiting due to fatal error
transmission-openvpn-1 exited with code 1

HW/SW Environment

- OS: MacOS Sequoia 15.1
- Docker: 4.35

Anything else?

Transmission was previously working fine with the config above until recently.

[olsonpm]

I also ran into this recently - odd since I tried a couple older image tags and the same error pops up. I use arch, Docker version 27.3.1. I will look into this when I have time.

[uberspeck]

Update: I found that this workaround solves the issue when using Docker Desktop for MacOS. Unfortunately I prefer OrbStack so I'm still trying to figure that out.

[hyyyjinx]

+1 error just popped up for me after 1+ year of reliable service. no config changes

ubuntu. kernel: 6.8.0-49-generic
vDocker version 27.3.1, build ce12230

as a workaround you can add --privileged=true to your docker run command or privileged: true in the compose yaml

[olsonpm]

So the error message and things I googled went over my head. That said, I believe running this script got me up and running again. There may have been other things that are also necessary - I wasn't procedural when debugging this

#!/bin/sh

# Create the necessary file structure for /dev/net/tun
if ( [ ! -c /dev/net/tun ] ); then
  if ( [ ! -d /dev/net ] ); then
    mkdir -m 755 /dev/net
  fi
  mknod /dev/net/tun c 10 200
  chmod 0755 /dev/net/tun
fi

# Load the tun module if not already loaded
if ( !(lsmod | grep -q "^tun\s") ); then
  insmod /usr/lib/modules/6.11.8-arch1-2/kernel/drivers/net/tun.ko.zst
fi

[bonovski]

The devices option needs to be added apparently, that's what chatgpt said and he wasn't wrong. :)

cap_add:
  - NET_ADMIN
devices:
  - /dev/net/tun

[svenoaks]

I added --device=/dev/net/tun to my docker run command and it started working again on Ubuntu

UPDATE: after upgrading from Ubuntu 22.04 to 24.04, it started failing again and per chatGPT's suggestion I ran:

sudo usermod -aG docker $USER
newgrp docker

and it worked again

[bonovski]

Strange, I've been running my ubuntu server now for 5 years and never had to redo the permissions after an os update.