Run cjdns as a non-root user

There are two ways to run cjdns as a non-root user. You might need this if you want to run cjdns on OpenVZ or start the network as a normal user.

Method 1: Setup the tun interface ahead of time (required for OpenVZ)

If you are using an OpenVZ based VPS then you will need to use this as OpenVZ does not permit persistent tunnels.

Create a cjdns user:

sudo useradd cjdns

Create a new TUN device and give the cjdns user authority to access it:

sudo /sbin/ip tuntap add mode tun user cjdns dev cjdroute0

4b-1: Setup the interface manually

Run those commands to prepare your TUN device:

sudo /sbin/ip addr add <your ipv6 address>/8 dev cjdroute0
sudo /sbin/ip link set mtu 1312 dev cjdroute0
sudo /sbin/ip link set cjdroute0 up

These commands should be executed as root now every time the system restarts. You might also want to place these commands in /etc/rc.local if your system supports it.

Old versions of iproute2

If you see an error when running /sbin/ip, your version of iproute2 might be old.

sudo /sbin/ip tuntap add mode tun user cjdns
Object "tuntap" is unknown, try "ip help".

The fix: for now grab a copy of a newer ip binary and copy it to your home directory. Replacing the system binaries is not likely a good idea.

4b-2: Fire it up!

sudo -u cjdns ./cjdroute < cjdroute.conf

To delete a tunnel, use this command:

sudo /sbin/ip tuntap del mode tun <name of tunnel>

Method 2: Give the capabilities to create the tun device to the cjdroute executable

Run this command as root after building (and every time you rebuild cjdroute):

setcap "cap_net_admin+eip cap_net_raw+eip" cjdroute