Difference between revisions of "VPN via the TUN/TAP device"
| Line 1: | Line 1: | ||
| − | + | = VPN via the TUN/TAP device inside VE = | |
| − | + | == Kernel TUN/TAP support == | |
| − | |||
OpenVZ supports VPN inside a VE via kernel TUN/TAP module and device. | OpenVZ supports VPN inside a VE via kernel TUN/TAP module and device. | ||
| − | To allow VE #101 to use the TUN/TAP device the following | + | To allow VE #101 to use the TUN/TAP device the following should be done: |
| − | Make sure the tun module has been already loaded on the hardware node: | + | Make sure the '''tun''' module has been already loaded on the hardware node: |
<pre> | <pre> | ||
# lsmod | grep tun | # lsmod | grep tun | ||
| Line 18: | Line 17: | ||
You can also add it into /etc/modules.conf to make sure it will be loaded on every reboot automatically. | You can also add it into /etc/modules.conf to make sure it will be loaded on every reboot automatically. | ||
| − | + | == Granting VE an access to TUN/TAP == | |
Allow your VE to use the tun/tap device: | Allow your VE to use the tun/tap device: | ||
<pre> | <pre> | ||
| Line 24: | Line 23: | ||
</pre> | </pre> | ||
| − | And create the device | + | And create the character device file inside the VE: |
<pre> | <pre> | ||
# vzctl exec 101 mkdir -p /dev/net | # vzctl exec 101 mkdir -p /dev/net | ||
| Line 31: | Line 30: | ||
</pre> | </pre> | ||
| − | == | + | == Configuring VLAN inside VE == |
| − | After the configuration steps above are done it is possible to | + | After the configuration steps above are done it is possible to use VPN software working with TUN/TAP inside VE. |
The following software can be used for VPN with TUN/TAP: | The following software can be used for VPN with TUN/TAP: | ||
| Line 39: | Line 38: | ||
| − | + | == External links == | |
* [http://vtun.sourceforge.net Virtual TUNnel] | * [http://vtun.sourceforge.net Virtual TUNnel] | ||
* [http://openvpn.sourceforge.net OpenVPN] | * [http://openvpn.sourceforge.net OpenVPN] | ||
Revision as of 11:28, 1 June 2006
Contents
VPN via the TUN/TAP device inside VE
Kernel TUN/TAP support
OpenVZ supports VPN inside a VE via kernel TUN/TAP module and device. To allow VE #101 to use the TUN/TAP device the following should be done:
Make sure the tun module has been already loaded on the hardware node:
# lsmod | grep tun
If it is not there, use the following command to load tun module:
# modprobe tun
You can also add it into /etc/modules.conf to make sure it will be loaded on every reboot automatically.
Granting VE an access to TUN/TAP
Allow your VE to use the tun/tap device:
# vzctl set 101 --devices c:10:200:rw --save
And create the character device file inside the VE:
# vzctl exec 101 mkdir -p /dev/net # vzctl exec 101 mknod /dev/net/tun c 10 200 # vzctl exec 101 chmod 600 /dev/net/tun
Configuring VLAN inside VE
After the configuration steps above are done it is possible to use VPN software working with TUN/TAP inside VE.
The following software can be used for VPN with TUN/TAP:
- Virtual TUNnel (http://vtun.sourceforge.net)
- OpenVPN (http://openvpn.sourceforge.net)
