I'm trying to run console Cisco VPN client
in Docker.
I start the container like that:
docker run -it -v /srv/vpn/keys/:/root/keys/ --network=host --cap-add=NET_ADMIN --device=/dev/net/tun -v /dev/net/tun:/dev/net/tun vpn-vpnc-client_img
And then run the vpnc
client inside Docker container
vpnc-connect /root/keys/vpnc.conf --local-port 0
It produces the following output:
Cannot open "/proc/sys/net/ipv4/route/flush": Read-only file system
Cannot open "/proc/sys/net/ipv4/route/flush": Read-only file system
Cannot open "/proc/sys/net/ipv4/route/flush": Read-only file system
Cannot open "/proc/sys/net/ipv4/route/flush": Read-only file system
Cannot open "/proc/sys/net/ipv4/route/flush": Read-only file system
Cannot open "/proc/sys/net/ipv4/route/flush": Read-only file system
Cannot open "/proc/sys/net/ipv4/route/flush": Read-only file system
Cannot open "/proc/sys/net/ipv4/route/flush": Read-only file system
Cannot open "/proc/sys/net/ipv4/route/flush": Read-only file system
Cannot open "/proc/sys/net/ipv4/route/flush": Read-only file system
Cannot open "/proc/sys/net/ipv4/route/flush": Read-only file system
Cannot open "/proc/sys/net/ipv4/route/flush": Read-only file system
Cannot open "/proc/sys/net/ipv4/route/flush": Read-only file system
Cannot open "/proc/sys/net/ipv4/route/flush": Read-only file system
Cannot open "/proc/sys/net/ipv4/route/flush": Read-only file system
Cannot open "/proc/sys/net/ipv4/route/flush": Read-only file system
VPNC started in background (pid: 257)...
vpnc
connects and creates proper routes, so VPN seems to work. My concern is the warning message.
According to the documentation, for /proc/sys/net/ipv4/route/flush
Writing to this file results in a flush of the routing cache.
I don't understand this statement. Is it critical that routing cache did not get flushed?
Also, as I understand, I can issue
echo 1 > /proc/sys/net/ipv4/route/flush
manually after start of the container. But I use monit
inside docker container to restart the vpnc
if connection gets lost. Can I bind mount /proc/sys/net/ipv4/route/flush
from host inside container somehow, and issue the command to flush routing cache from monit script inside container?
Best Answer
I am one of the core developers of OpenConnect and maintainers of the vpnc-script — which is used by both vpnc and OpenConnect for routing and DNS configuration.
This error message actually comes from the
vpnc-script
, not fromvpnc
itself, and…This error doesn't matter at all. It come from the command
ip -4 route flush cache
, which triggers IPv4 route flushing, which is an unnecessary, deprecated, no-op in modern Linux kernels.We retain it only for backwards-compatibility, in case someone somewhere is running
vpnc
/OpenConnect on an annnnnnnnnnnnnnnnncieeeeeeent Linux kernel.We suppressed the error message in a 2019 change to the standard
vpnc-script
.If you simply replace your
vpnc-script
with the latest version, the error will go away.