VPN via the TUN/TAP device

2008-03-26T19:48:02Z

Alex7xl: /* External links */

This article describes how to use VPN via the TUN/TAP device inside a [[container]].

== Kernel TUN/TAP support ==
OpenVZ supports VPN inside a container via kernel TUN/TAP module and device.
To allow container #101 to use the TUN/TAP device the following should be done:

Make sure the '''tun''' module has been already loaded on the [[hardware node]]:
<pre>
# lsmod | grep tun
</pre>

If it is not there, use the following command to load '''tun''' module:
<pre>
# modprobe tun
</pre>

You can also add it into /etc/modules.conf to make sure it will be loaded on every reboot automatically.

== Granting container an access to TUN/TAP ==
Allow your container to use the tun/tap device:

vzctl set 101 --devices c:10:200:rw --save
vzctl set 101 --capability net_admin:on --save

And create the character device file inside the container:

vzctl exec 101 mkdir -p /dev/net
vzctl exec 101 mknod /dev/net/tun c 10 200
vzctl exec 101 chmod 600 /dev/net/tun

== Configuring VPN inside container ==
After the configuration steps above are done it is possible to use VPN software working with TUN/TAP inside
container just like on a usual standalone linux box.

The following software can be used for VPN with TUN/TAP:
* Virtual TUNnel (http://vtun.sourceforge.net)
* OpenVPN (http://openvpn.sourceforge.net)

== External links ==
* [http://vtun.sourceforge.net Virtual TUNnel]
* [http://openvpn.sourceforge.net OpenVPN]
* PPTP [http://vpnprivacy.com VPN service]

[[Category: HOWTO]]
[[Category: Networking]]

OpenVZ Virtuozzo Containers Wiki - User contributions [en]

VPN via the TUN/TAP device