Changes
no edit summary
'''VPN via the TUN/TAP device inside VE'''
=== Kernel tun support ===
OpenVZ supports VPN inside a VE via kernel TUN/TAP module and device.
To allow VE #101 to use the TUN/TAP device the following steps should be taken:
Make sure the tun module has been already loaded on the hardware node:
<pre>
# lsmod | grep tun
</pre>
If it is not there, use the following command to load '''tun''' module:
<pre>
# modprobe tun
</pre>
You can also add it into /etc/modules.conf to make sure it will be loaded on every reboot automatically.
=== Granting VE an access to TUN/TAP ===
Allow your VE to use the tun/tap device:
<pre>
# vzctl set 101 --devices c:10:200:rw --save
</pre>
And create the device in the VE:
<pre>
# vzctl exec 101 mkdir -p /dev/net
# vzctl exec 101 mknod /dev/net/tun c 10 200
# vzctl exec 101 chmod 600 /dev/net/tun
</pre>
=== Configure VLAN inside VE ===
After the configuration steps above are done it is possible to use TUN/TAN devices inside VE and use VPN software working with TUN/TAP.
The following software can be used for VPN with TUN/TAP:
* Virtual TUNnel (http://vtun.sourceforge.net)
* OpenVPN (http://openvpn.sourceforge.net)
=== External links ===
* [http://vtun.sourceforge.net Virtual TUNnel]
* [http://openvpn.sourceforge.net OpenVPN]
=== Kernel tun support ===
OpenVZ supports VPN inside a VE via kernel TUN/TAP module and device.
To allow VE #101 to use the TUN/TAP device the following steps should be taken:
Make sure the tun module has been already loaded on the hardware node:
<pre>
# lsmod | grep tun
</pre>
If it is not there, use the following command to load '''tun''' module:
<pre>
# modprobe tun
</pre>
You can also add it into /etc/modules.conf to make sure it will be loaded on every reboot automatically.
=== Granting VE an access to TUN/TAP ===
Allow your VE to use the tun/tap device:
<pre>
# vzctl set 101 --devices c:10:200:rw --save
</pre>
And create the device in the VE:
<pre>
# vzctl exec 101 mkdir -p /dev/net
# vzctl exec 101 mknod /dev/net/tun c 10 200
# vzctl exec 101 chmod 600 /dev/net/tun
</pre>
=== Configure VLAN inside VE ===
After the configuration steps above are done it is possible to use TUN/TAN devices inside VE and use VPN software working with TUN/TAP.
The following software can be used for VPN with TUN/TAP:
* Virtual TUNnel (http://vtun.sourceforge.net)
* OpenVPN (http://openvpn.sourceforge.net)
=== External links ===
* [http://vtun.sourceforge.net Virtual TUNnel]
* [http://openvpn.sourceforge.net OpenVPN]
