I am trying to build container running juniper VPN client. My environment is Ubuntu 14.04. I am using the msjnc(http://mad-scientist.us/juniper.html). The problem I experienced is once msjnc launched, it should bring up a tunnel interface - tun0. Inside docker, such interface never get created. I manually create the /dev/net/tun with mknod /dev/net/tun c 10 200 and result is the same. Did I miss anything or such configuration is not supported inside docker?
Thanks for your reply! I use the “–device” and "–privileged=true to create the container and still can’t launch the VPN tunnel.
I enabled the verbose log and compare the output within and outside of docker container. When I run outside of container, one VPN component “ncsvc” is owned by root with SUID/SGID and log file it generated is also owned by root. When I launch VPN inside docker container, “ncsvc” is still owned by root with SUID/SGID, but log file it generated is owned by regular user. I think this is the key. If SUID program can’t run as root inside container, it can’t bring up the additional VPN tunnel interface. It seems I am hitting the dead end now.:->