ERROR: Status 1 while: ip tuntap add dev "$VM_NET_TAP" mode tap (line 163/295)

[nongze]

ERROR: Status 1 while: ip tuntap add dev "$VM_NET_TAP" mode tap (line 163/295)

root@orangepi5:~# docker run -it --rm -p 8007:8006 --device=/dev/kvm --cap-add NET_ADMIN --stop-timeout 120 dockurr/windows-arm
❯ Starting Windows for Docker v1.07...
❯ For support visit https://github.com/dockur/windows-arm

❯ Downloading product information from Microsoft...
❯ Downloading Windows 11 for ARM...
/storage/tmp/win11arm64.esd   100%[=================================================>]   4.88G  7.99MB/s    in 10m 48s
❯ Extracting Windows 11 for ARM bootdisk...
❯ Extracting Windows 11 for ARM environment...
❯ Extracting Windows 11 for ARM setup...
❯ Extracting Windows 11 for ARM image...
❯ Adding XML file for automatic installation...
❯ Building Windows 11 for ARM image...
❯ Creating a 64G growable disk image in raw format...
open: No such device
❯ ERROR: Status 1 while: ip tuntap add dev "$VM_NET_TAP" mode tap (line 163/295)

OS:Linux orangepi5 5.10.110-rockchip-rk3588 #1.1.6 SMP Thu Jun 1 21:23:54 CST 2023 aarch64 GNU/Linux(debian12)
I'm just a rookie, I don't know what this is about, I don't know how to do it, thanks.

[kroese]

Strange error!

Can you see if it helps if you add this to the run command?

--device /dev/net/tun:/dev/net/tun

[nongze]

root@orangepi5:~# docker run -it --rm -p 8007:8006 --device=/dev/kvm **--device /dev/net/tun:/dev/net/tun** --cap-add NET_ADMIN --stop-timeout 120 dockurr/windows-arm
❯ Starting Windows for Docker v1.07...
❯ For support visit https://github.com/dockur/windows-arm

❯ Downloading product information from Microsoft...
❯ Downloading Windows 11 for ARM...
/storage/tmp/win11arm64.esd   100%[=================================================>]   4.88G  3.72MB/s    in 23m 3s
❯ Extracting Windows 11 for ARM bootdisk...
❯ Extracting Windows 11 for ARM environment...
❯ Extracting Windows 11 for ARM setup...
❯ Extracting Windows 11 for ARM image...
❯ Adding XML file for automatic installation...
❯ Building Windows 11 for ARM image...
❯ Creating a 64G growable disk image in raw format...
open: No such device
❯ ERROR: Status 1 while: ip tuntap add dev "$VM_NET_TAP" mode tap (line 163/295)

It still doesn't work.

[kroese]

It seems this kernel for the OrangePI is missing the TUN module. I tested this container only on Raspberry Pi5, and in the kernel for RaspiOS it was included by default.

So according to https://superuser.com/questions/497245/how-to-load-tun-module-in-linux/519770#519770 you can try loading the module manually via

sudo modprobe tun

Or via insmod with the filename of the module, for example:

insmod /lib/modules/5.10.110-rockchip-rk3588/kernel/drivers/net/tun.ko.gz

However enabling kernel modules is not really a task for rookies usually. So maybe you can try the steps from the link above or otherwise ask on the OrangePI forums how to enable the TUN module on their kernel.

Another way to solve this would be to use a macvlan network and set -e "DHCP=Y" as it doesnt use the TUN module in that case (but a macvtap interface). You can check the FAQ on how to setup the DHCP mode. But also those steps are not really friendly for rookies, so I would first try to enable the TUN module.

[nongze]

This is feasible!
But I encountered a new problem.

root@orangepi5:~# docker run -it --rm -p 8007:8006 --device=/dev/kvm --device /dev/net/tun:/dev/net/tun --cap-add NET_ADMIN --stop-timeout 120 dockurr/windows-arm
❯ Starting Windows for Docker v1.07...
❯ For support visit https://github.com/dockur/windows-arm

❯ Downloading product information from Microsoft...
❯ Downloading Windows 11 for ARM...
/storage/tmp/win11arm64.es 100%[======================================>]   4.88G  1.11MB/s    in 75m 22s 
❯ Extracting Windows 11 for ARM bootdisk...
❯ Extracting Windows 11 for ARM environment...
❯ Extracting Windows 11 for ARM setup...
❯ Extracting Windows 11 for ARM image...
❯ Adding XML file for automatic installation...
❯ Building Windows 11 for ARM image...
❯ Creating a 64G growable disk image in raw format...
iptables v1.8.10 (legacy): can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
❯ ERROR: Status 3 while: iptables -t nat -A POSTROUTING -o "$VM_NET_DEV" -j MASQUERADE (line 178/295)

Is this about iptables? I tried updating APT, but it is already the latest version.

root@orangepi5:~# iptables --version
iptables v1.8.7 (nf_tables)

[nongze]

I am trying to do this now:

modprobe  ip_tables 
modprobe  iptable_filter
sudo echo 'ip_tables' >> /etc/modules

[kroese]

Yes that should work!

[nongze]

Another error.

root@orangepi5:~# docker run -it --rm -p 8007:8006 --device=/dev/kvm --device /dev/net/tun:/dev/net/tun --cap-add NET_ADMIN --stop-timeout 120 dockurr/windows-arm
❯ Starting Windows for Docker v1.07...
❯ For support visit https://github.com/dockur/windows-arm

❯ Downloading product information from Microsoft...
❯ Downloading Windows 11 for ARM...
/storage/tmp/win11arm64.es 100%[======================================>]   4.88G  11.3MB/s    in 7m 53s  
❯ Extracting Windows 11 for ARM bootdisk...
❯ Extracting Windows 11 for ARM environment...
❯ Extracting Windows 11 for ARM setup...
❯ Extracting Windows 11 for ARM image...
❯ Adding XML file for automatic installation...
❯ Building Windows 11 for ARM image...
❯ Creating a 64G growable disk image in raw format...
Warning: Extension multiport revision 0 not supported, missing kernel module?
iptables v1.8.10 (legacy): multiport.0 does not support invert
Try `iptables -h' or 'iptables --help' for more information.
❯ ERROR: Status 2 while: iptables -t nat -A PREROUTING -i "$VM_NET_DEV" -d "$IP" -p tcp${exclude} -j DNAT --to "$VM_NET_IP" (line 180/295)

[nongze]

I tried to manually load it, but it didn't work.

root@orangepi5:~# modprobe multiport
modprobe: FATAL: Module multiport not found in directory /lib/modules/5.10.110-rockchip-rk3588

[kroese]

Maybe they know on the OrangePI forums how to enable the modules like multiport.

Otherwise your only option is to run with DHCP=Y (if the OrangePi kernel has macvtap support).

[nongze]

root@orangepi5:~# docker-compose up -d
validating /root/docker-compose.yml: services.device_cgroup_rules must be a mapping

docker-compose.yml：as follows

version: "3"
services:
  environment:
    VERSION: "win11"
    DHCP: "Y"
  device_cgroup_rules:
    - 'c *:* rwm'
  windows:
    container_name: windows
    image: dockurr/windows-arm
    #environment:
      #VERSION: "win10"
        #DHCP: "Y"
    devices:
      - /dev/kvm
    cap_add:
      - NET_ADMIN
    ports:
      - 8006:8006
      - 3389:3389/tcp
      - 3389:3389/udp
    stop_grace_period: 2m
    restart: on-failure

[kroese]

You must put device_cgroup_rules and environment below windows

[nongze]

How to do?

[nongze]

Oh, I got it!
Waiting for my good news!

[nongze]

But I have confirmed that it supports macvlan
ERROR: You can only enable DHCP while the container is on a macvlan network!

[nongze]

Ok,It's running.But there are still some issues.

[nongze]

After I switched to Win11, it completely resolved the issue and did not use DHCP.
Summary:
对于rk3588(s)设备，如Orange Pi5/5 Plus，先使用以下命令创建macvlan，end1为你的网卡名称.
docker network create -d macvlan --subnet=192.168.1.0/24 --gateway=192.168.1.1 -o parent=end1 macnet0
Then use this docker-compose.yml

version: "3"
services:
  windows:
    environment:
      VERSION: "win11"
      #DHCP: "Y"
    device_cgroup_rules:
      - 'c *:* rwm'
    container_name: windows
    image: dockurr/windows-arm
    #environment:
      #VERSION: "win10"
        #DHCP: "Y"
    devices:
      - /dev/kvm
    cap_add:
      - NET_ADMIN
    ports:
      - 8006:8006
      - 3389:3389/tcp
      - 3389:3389/udp
    stop_grace_period: 2m
    restart: on-failure
    networks:
      macnet0:
        ipv4_address: 192.168.1.100

networks:
  macnet0:
    external: true

[kroese]

That is really strange! Because without DHCP it will need the iptables/multiport modules that were missing before, even if you use macvlan. So I do not understand why it works now suddenly.

[nongze]

Really? So this is indeed strange.

[nongze]

Perhaps it is because I used the Debian Bookworm kernel of version 6.1?

root@orangepi5:~/win# uname -a
Linux orangepi5 6.1.43-rockchip-rk3588 #1.1.8 SMP Fri Feb  2 21:16:10 CST 2024 aarch64 GNU/Linux
root@orangepi5:~/win# modprobe multiport
modprobe: FATAL: Module multiport not found in directory /lib/modules/6.1.43-rockchip-rk3588
root@orangepi5:~/win#

This is impossible！

[kroese]

I have no explanation why it works now. But hey, if it works, it works :) So I guess the issue is solved now!