Wednesday, June 26, 2013

How to Enable TUN/TAP Module in OpenVZ

How to Enable TUN/TAP Module in OpenVZ
OpenVZ supports VPN inside a container via kernel TUN/TAP module and device. To allow VPS #101 to use the TUN/TAP device the following should be done:

#101 - VPS id. Replace #101 with your VPS id.

Make sure the tun module has already loaded on the Node.
[root@Node /]# lsmod | grep tun

If not listed, then load the tun module with the below command
[root@Node /]# modprobe tun

[root@Node /]# lsmod | grep tun
tun 82432 6

Run the following command in Node:
[root@Node /]# vzctl set 101 --devnodes net/tun:rw --save
[root@Node /]# vzctl set 101 --devices c:10:200:rw --save
[root@Node /]# vzctl stop 101
[root@Node /]# vzctl set 101 --capability net_admin:on --save
[root@Node /]# vzctl start 101
[root@Node /]# vzctl exec 101 mkdir -p /dev/net
[root@Node /]# vzctl exec 101 chmod 600 /dev/net/tun

To check TUN/TAP is enabled or not :
[root@Node /]# vzctl enter 101

Inside the VPS:
[root@vps /]# cat /dev/net/tun
cat: /dev/net/tun: File descriptor in bad state # It means the TUN/TAP is enabled on your VPS.

cat: /dev/net/tun: No such device # If you receive like this, then the TUN/TAP has not enabled on your VPS . Try to enable TUN/TAP again and check.

No comments:

Post a Comment