VPN via the TUN/TAP device on the OpenVZ container

Here one can find interesting information about OpenVZ management and maintenance. OpenVZ control panels information also goes here

VPN via the TUN/TAP device on the OpenVZ container

Postby lik » Mon May 18, 2009 5:20 am

VPN via the TUN/TAP device

Kernel TUN/TAP support

OpenVZ supports VPN inside a container via kernel TUN/TAP module and device. To allow container #101 to use the TUN/TAP device the following should be done:

Make sure the tun module has been already loaded on the hardware node:
Code: Select all
lsmod | grep tun

If it is not there, use the following command to load tun module:
Code: Select all
modprobe tun

You can also add it into /etc/modules.conf to make sure it will be loaded on every reboot automatically.

Granting container an access to TUN/TAP

Allow your container to use the tun/tap device:
Code: Select all
vzctl set 101 --devices c:10:200:rw --save
vzctl set 101 --capability net_admin:on --save

Where '101' is a needed veid of the VM container.
And create the character device file inside the container:
Code: Select all
vzctl exec 101 mkdir -p /dev/net
vzctl exec 101 mknod /dev/net/tun c 10 200
vzctl exec 101 chmod 600 /dev/net/tun

Configuring VPN inside container

After the configuration steps above are done it is possible to use VPN software working with TUN/TAP inside container just like on a usual standalone linux box.

The following software can be used for VPN with TUN/TAP:

* Virtual TUNnel (http://vtun.sourceforge.net)
* OpenVPN (http://openvpn.sourceforge.net)

Taken from the official OpenVZ wiki http://wiki.openvz.org
Posts: 497
Joined: Wed Dec 15, 2010 3:21 am

Return to OpenVZ related


  • Related topics
    Last post