iptables service not started because of error (SVC_RUN_EXCEPT)

I was recently setting up an OpenVPN Server on a brand new VPS on OpenVZ from an un-named host and I was given the following error when I tried to start everything up after installation:

iptables service not started because of error (SVC_RUN_EXCEPT)

OpenVPN iptables issue


The Issue

This is a pretty general error but is specific in terms of OpenVPN. This issue will occur when TUN/TAP is not enabled on your VPS container. As it turns out, my host was using OpenVZ and unlike XEN or other platforms, TUN/TAP is not enabled for the container.

The Solution

As a re-seller, your answer most likely lies with your host. Ask them to make sure the iptables state and nat modules are enabled for your container. This probably won’t be an issue. After that, you’ll need to ask them to open up the TUN/TAP interface.

Here are a few links, one from OpenVPN and one from OpenVZ, that instruct you on just how to make sure your container has everything it needs to use TUN/TAP

Let me know how it goes or if more instruction is needed.


  • http://technologyplusblog.com Andy

    This does not help. Please stop spamming this link all over forums and websites. It looks bad and is providing useless information.

  • http://www.danblee.com Dan B. Lee

    Hi Andy,

    Care to explain why this doesn’t help? I’ve had success with enabling TUN/TAP on the container. I’ve seen one occurrence where there was a bug in the kernel and enabling TUN/TAP and PPP on the container didn’t actually turn on TUN/TAP, but that was rare.

    Regarding spam, I’ve replied to three places on the internet with the TUN/TAP fix. I didn’t just post the link, the solution is in my post, the link was for more detailed help including screenshots. By definition, that’s not spam.

    I hope you replied to this post because you were having trouble with this issue instead of the “spamming” accusation. I’d like to work to find an answer with you. Let me know where you’re at with it and we can go forward with finding a fix.


  • http://www.danblee.com Dan B. Lee

    Andy I took a look at your post on your site. It looks like the link is broken here:


    Your link says it’s in a Debian 6 VPS. My post that I “spammed” on a few of the support forums says it’s in regards to OpenVZ but I didn’t mention it was on CentOS. Is this where there’s some confusion?

  • http://technologyplusblog.com Andy

    I have tried this on CentOS, it does not work to solve that specific error. I already had my host enable this.

  • http://technologyplusblog.com Andy

    Also, the spamming is annoying. You were bumping old threads and it just looks bad for your website.

    Yes, I am having problems with my OpenVPN AS server. I am receiving the error stated and your guide does not help at all.

  • http://www.danblee.com Dan B. Lee

    If you’re sure your host has enabled TUN/TAP on your container then you might be having the issue that I’ve seen with it not actually enabling like it should. I dug up an email from a ticket my host gave me not too long ago regarding TUN/TAP enabled but not actually working on the container:

    ===== Please reply above this line =====


    I have an open ticket with SolusVM – we’ve enabled it via SolusVM as well as manually via the command line, however, it doesn’t seem to actually be working/available. It is installed and operational on the node, but I’m unsure at this point why it’s not available inside of your VPS.

    Once I know more, I’ll let you know.

    Thank you,

    As I said before, this is rare, but if you’ve got a standard install of OpenVPN on OpenVZ, TUN/TAP has always been an issue. It’s kind of odd, considering xen and kvm have zero issues right out of the box with OpenVPN and TUN/TAP or PPP. Go figure. If I ever hear back from my support guys about the kernel issue I’ll definitely update here.

  • http://www.danblee.com Dan B. Lee

    As an update to this, my host just put my VM in another container with TUN/TAP enabled and it works now. He still has a ticket open with SolusVM. Notes here:

    ===== Please reply above this line =====

    Sure thing – I’m still working with SolusVM to find out why enabling it via SolusVM doesn’t work. I’ve spun up a new VPS for testing so I don’t have to mess with yours. Let me know if you have issues, and I’ll relay them back to SolusVM.

    If there are any more updates I’ll comment on this thread.

  • ghazifreak

    Hi, I had this problem and rebooting the vps works for me.

    Yes I found your web from google.

  • ghazifreak

    but mind you that openvpn works flawlessly on my vps before but for some reason it’s stop working and threw me that error maybe because my vps was suspended for late payment.

    I update my post because I notice that you got this problem from first install so I think my solution above probably will not works for certain people.

  • http://www.danblee.com Dan B. Lee

    Thanks for the response. I found that while a reboot definitely helps right away, eventually the service using the port in question will eventually begin using it again and you’ll have to reboot again. I’m hoping my solution was a real fix to the entire container and not just a band-aid. Cheers!

  • jyc

    Hi men…
    Just install iptables…as a service!! By default, it is not activated under ubuntu…try it!

  • http://www.danblee.com Dan B. Lee

    Can you explain why this would help?

  • http://dbdiary.com Omer


    I asked my provider they enabled the tun and everything… I restart the my VPS many times but still no luck… any other suggestion… i’m using centos.