Difference between revisions of "VPN via the TUN/TAP device"
m (removed redundant header, added some interlinking) |
Botinki Kira (talk | contribs) m (Robot: Automated text replacement (-VE +container)) |
||
| Line 1: | Line 1: | ||
| − | This article describes how to use VPN via the TUN/TAP device inside a [[ | + | This article describes how to use VPN via the TUN/TAP device inside a [[container]]. |
== Kernel TUN/TAP support == | == Kernel TUN/TAP support == | ||
| − | OpenVZ supports VPN inside a | + | OpenVZ supports VPN inside a container via kernel TUN/TAP module and device. |
| − | To allow | + | To allow container #101 to use the TUN/TAP device the following should be done: |
Make sure the '''tun''' module has been already loaded on the [[hardware node]]: | Make sure the '''tun''' module has been already loaded on the [[hardware node]]: | ||
| Line 17: | Line 17: | ||
You can also add it into /etc/modules.conf to make sure it will be loaded on every reboot automatically. | You can also add it into /etc/modules.conf to make sure it will be loaded on every reboot automatically. | ||
| − | == Granting | + | == Granting container an access to TUN/TAP == |
| − | Allow your | + | Allow your container to use the tun/tap device: |
<pre> | <pre> | ||
# vzctl set 101 --devices c:10:200:rw --save | # vzctl set 101 --devices c:10:200:rw --save | ||
</pre> | </pre> | ||
| − | And create the character device file inside the | + | And create the character device file inside the container: |
<pre> | <pre> | ||
# vzctl exec 101 mkdir -p /dev/net | # vzctl exec 101 mkdir -p /dev/net | ||
| Line 30: | Line 30: | ||
</pre> | </pre> | ||
| − | == Configuring VPN inside | + | == Configuring VPN inside container == |
After the configuration steps above are done it is possible to use VPN software working with TUN/TAP inside | After the configuration steps above are done it is possible to use VPN software working with TUN/TAP inside | ||
| − | + | container just like on a usual standalone linux box. | |
The following software can be used for VPN with TUN/TAP: | The following software can be used for VPN with TUN/TAP: | ||
Revision as of 13:24, 11 March 2008
This article describes how to use VPN via the TUN/TAP device inside a container.
Contents
Kernel TUN/TAP support
OpenVZ supports VPN inside a container via kernel TUN/TAP module and device. To allow container #101 to use the TUN/TAP device the following should be done:
Make sure the tun module has been already loaded on the hardware node:
# lsmod | grep tun
If it is not there, use the following command to load tun module:
# modprobe tun
You can also add it into /etc/modules.conf to make sure it will be loaded on every reboot automatically.
Granting container an access to TUN/TAP
Allow your container to use the tun/tap device:
# vzctl set 101 --devices c:10:200:rw --save
And create the character device file inside the container:
# vzctl exec 101 mkdir -p /dev/net # vzctl exec 101 mknod /dev/net/tun c 10 200 # vzctl exec 101 chmod 600 /dev/net/tun
Configuring VPN inside container
After the configuration steps above are done it is possible to use VPN software working with TUN/TAP inside container just like on a usual standalone linux box.
The following software can be used for VPN with TUN/TAP:
- Virtual TUNnel (http://vtun.sourceforge.net)
- OpenVPN (http://openvpn.sourceforge.net)
