Enable TUN/TAP for a VPS
TUN/TAP is a virtual network device that sends and receives packets to
and from userspace rather than a physical interface. OpenVZ supports
VPN inside a container via kernel TUN/TAP module and device.
First, make sure the tun module has been already loaded on the hardware node:
# lsmod | grep tun
If it is not there, use the following command to load tun module:
# modprobe tun
To make sure that tun module will be automatically loaded on every
reboot you can also add it or into /etc/modules.conf (on RHEL see
/etc/sysconfig/modules/ directory) or into
/etc/sysconfig/vz-scripts/VPSID.mount. (echo ‘modprobe tun’ >>
/etc/sysconfig/vz-scripts/VPSID.mount)
Allow the container to use the tun/tap device by running the following
commands on the host node:
vzctl set VPSID -devices c:10:200:rw -save
vzctl set VPSID -capability net_admin:on -save
And create the character device file inside the container (execute the
following on the host node):
vzctl exec VPSID mkdir -p /dev/net
vzctl exec VPSID mknod /dev/net/tun c 10 200
vzctl exec VPSID chmod 600 /dev/net/tun
----
