Enable tun for OpenVZ Ubuntu 12.04 containers in CentOS 6.4

2013-08-10
#tun #server #openvz #vpn #ubuntu #centos

To enable tun device in OpenVZ containers tun module

  • needs to be loaded in the host system (in my case CentOS 6.4)
  • containter (in my case Ubuntu Server 12.04) must be allowed to use tun

I’ve grabbed container configuration from askbuntu.

§ Load tun after boot automatically

Edit tun.modules:

# vim /etc/sysconfig/modules/tun.modules
#!/bin/sh
/sbin/modprobe tun

Set permissions for tun.modules:

chmod 755 /etc/sysconfig/modules/tun.modules

Reboot host system and test tun module loaded:

$ lsmod | grep tun
tun                    15493  2

§ Edit container configuration

Issue following commands in host terminal as root (change ‘101’ to your container id):

vzctl set 101 --devnodes net/tun:rw --save
vzctl set 101 --devices c:10:200:rw --save
vzctl set 101 --capability net_admin:on --save
vzctl exec 101 mkdir -p /dev/net
vzctl exec 101 mknod /dev/net/tun c 10 200
vzctl exec 101 chmod 600 /dev/net/tun

Now configured OpenVPN will work correctly.