Deployment step through VPN

GitLab CI/CD
1

VPN Connection Failing during Deployment

I have a server that sits behind an AWS VPC. I have a VPC Client Endpoint set up and use it regularly for server access. I am now attempting to use this same VPN connection to tunnel into the network and deploy code to that server. I found this thread and have it working until the very end but cannot get past a permissions issue.
Thu Oct 22 16:26:37 2020 ERROR: Cannot ioctl TUNSETIFF tun: Operation not permitted (errno=1)

GitLab Shared Runner on:

  • Ubuntu 20.04, up to date
  • GitLab Runner
    • Version: 13.5.0
    • Git revision: ece86343
    • Git branch: 13-5-stable
    • GO version: go1.13.8
    • Built: 2020-10-20T12:05:22+0000
    • OS/Arch: linux/amd64
  • Docker 19.03.13, build 4484c46d9d

My config.toml

concurrent = 1
check_interval = 0

[session_server]
  session_timeout = 1800

[[runners]]
  name = "runner"
  url = "https://gitlab.xxxxxxxxx.net/"
  token = "xxxxxxxxxxxxxxxxxxx"
  executor = "docker"
  [runners.custom_build_dir]
  [runners.cache]
    [runners.cache.s3]
    [runners.cache.gcs]
    [runners.cache.azure]
  [runners.docker]
    tls_verify = false
    image = "ubuntu:20.04"
    privileged = true
    disable_entrypoint_overwrite = false
    oom_kill_disable = false
    disable_cache = false
    volumes = ["/cache"]
    shm_size = 0
    devices = ["/dev/net/tun"]

My repo .gitlab-ci.yml file

stages:
  - deploy

deploy_sandbox:
  stage: deploy
  image: ubuntu:18.04
  before_script:
    - cat $CLIENT_OVPN >> client.ovpn
    - cat $CLIENT_VPN_CRT >> client.crt
    - chmod 600 client.crt
    - cat $CLIENT_VPN_KEY >> client.key
    - chmod 600 client.key
    - mkdir -p /dev/net
    - mknod /dev/net/tun c 10 200
    - chmod 600 /dev/net/tun
    - which openvpn || (apt-get update -y -qq && apt-get install -y -qq openvpn) # Install openvpn if not available.
    - openvpn --config client.ovpn --log client.log --daemon # Start openvpn with config as a deamon.
    - sleep 30s # Wait for some time so the vpn can connect before doing anything else.
    - cat client.log # Print the vpn log.
    - ping -c 1 10.0.1.168 # Ping the server I want to deploy to. If not available this stops the deployment process.
  script:
    - pwd
  only:
    - develop
    - merge_request
  when: manual
  environment:
    name: sandbox
    url: https://xxxxxx.com
  variables:
    GIT_DEPTH: 0

I added the commands to create /dev/net/tun to address Cannot open TUN/TAP dev /dev/net/tun: No such file or directory (errno=2) errors

I have tried adding different combinations of privileged,devices = ["/dev/net/tun"], and cap_add = ["NET_ADMIN"] in my config.toml file.

Now I am receiving the following error:
Thu Oct 22 16:26:37 2020 ERROR: Cannot ioctl TUNSETIFF tun: Operation not permitted (errno=1)

From my research many people say to just run the openvpn command as sudo but docker does not liek that, even in privileged mode.