OpenVPN using a tun or tap device with OpenVZ/Virtuozzo

If you want to run OpenVPN within a Virtuozzo or OpenVZ container using the tun or tap device you probably need to make a few config changes on the hardware node and the container. First of all you need to be sure that the tun module is loaded on the hardware node itself. The easiest way to check that is using lsmod
lsmod | grep tun
If the module is not there you can load it manually:
modprobe tun
If you want to make sure that the tun module will be loaded at boot time you need to add modprobe tun to the file /etc/rc.modules and make this file executable:
echo "modprobe tun" >> /etc/rc.modules
chmod +x /etc/rc.modules
CentOS and RHEL check the existence of this file at boot time. Next to allow the container to use the tun or tap device:
vzctl set CTID --devices c:10:200:rw --save
vzctl set CTID --capability net_admin:on --save

Note: CTID is the container-id

Now create the character device with the correct permissions within the container:

vzctl stop CTID
vzctl exec CTID mkdir -p /dev/net
vzctl exec CTID mknod /dev/net/tun c 10 200
vzctl exec CTID chmod 600 /dev/net/tun
vzctl start CTID
Now OpenVPN should be working within your container.


You are here: Home Howtos and FAQs Virtualization OpenVPN using a tun or tap device with OpenVZ/Virtuozzo