Friday, January 4, 2013

Enable TUN/TAP With OpenVZ Or Virtuozzo Containers For OpenVPN

On the masternode, perform the following:
lsmod | grep tun
If that yields no results, you have to load it into the kernel:
modprobe tun
Next, you'll want to ensure this module is loaded across system reboots so you can do either of the following:
echo 'modprobe tun' >> /etc/rc.local
--- OR ---
echo 'modprobe tun' >> /etc/rc.modules
...whichever you are accustom to.

Next we have to allow the container access to the TUN/TAP device:
(use your container ID in place of CT_ID)
vzctl set CT_ID --devices c:10:200:rw --save
vzctl set CT_ID --capability net_admin:on --save
Lastly, we have to create the device and assign the proper permissions to it:
(use your container ID in place of CT_ID)
vzctl stop CT_ID
vzctl exec CT_ID mkdir -p /dev/net
vzctl exec CT_ID mknod /dev/net/tun c 10 200
vzctl exec CT_ID chmod 600 /dev/net/tun
vzctl start CT_ID
Your container should now be able to install OpenVPN or other VPN software.

No comments:

Post a Comment