[SOLVED] openconnect in dockers/IBM bluemix (Error: TUNSETIFF failed: Inappropriate ioctl for device)

openconnect in dockers/IBM bluemix (Error: TUNSETIFF failed: Inappropriate ioctl for device)

I've created my own container image based on Ubuntu 14.04 and installed openconnect using apt-get. I can ping google, and access the app I have running on the port I expect.

Now I am trying to get a VPN connection from the container to a on-prem database. I've tried it in my Ubuntu 14.04 virtual box first without a problem. See below for details. I am now trying to do the same in the container, but get the following error (see below for full log):
TUNSETIFF failed: Inappropriate ioctl for device

Things that I found:
Source: https://serverfault.com/questions/379710/openvpn-setup-service-wont-start
"What type of VPS do you have? You may need your provider to enable TUN/TAP devices on the host node."
-> Given that it works on my laptop in the exact same way, I assume that has been enabled on the host.
Source: https://groups.google.com/forum/#!topic/docker-user/2jFeDGJj36E
Do I have a tun device?
-> It is there with all the appropriate rights
Source: https://serverfault.com/questions/680721/how-to-create-dev-tun-device-inside-unprivileged-lxc-container
and
Source: https://hub.docker.com/r/dperson/openvpn-client/
Maybe I should add some flags?

 cf ic run --device /dev/net/tun --cap-drop ALL --cap-add MKNOD --name <containerName> -p 11821:11821 -d <namespace>/<containerName python /<some pythong script>&

I also tried without cap-drop, without --device, using --cap-add ALL, using cap-add SYS_NET_ADMIN, with the same result, 1 extra error line:
mknod: '/dev/net/tun': Operation not permitted
TUNSETIFF failed: Inappropriate ioctl for device Running with --privileged is not allowed in Bluemix

Anybody any pointers? Is there any other information is should provide? Thanks!

Succesfull

enter code here
$ sudo openconnect -u <username> <vpn IP>
POST <vpn IP>
Attempting to connect to server <IP>
SSL negotiation with <vpn IP>
Connected to HTTPS on <vpn IP>
XML POST enabled
Please enter your username and password.
Password:
POST <vpn IP>
Got CONNECT response: HTTP/1.1 200 OK
CSTP connected. DPD 30, Keepalive 20
Connected tun0 as 10.x.x.x, using SSL
Established DTLS connection (using OpenSSL)

From container

 $openconnect -u <username> <vpn IP>
 POST <vpn IP>
 Attempting to connect to server <ip>
 SSL negotiation with <vpn IP>
 Connected to HTTPS on <vpn IP>
 XML POST enabled
 Pleas e enter your username and password.
 Password:
 POST <vpn IP>
 Got CONNECT response: HTTP/1.1 200 OK
 CSTP connected. DPD 30, Keepalive 20
 TUNSETIFF failed: Inappropriate ioctl for device

Solution

Unfortunately, you would probably have to be able to run the container with the --privileged or --cap-add flags, which are not supported on IBM Containers