Difference between revisions of "VPN via the TUN/TAP device"
(Removed a link to vpnprivacy.com - they were advertising on this page.) |
(→Granting container an access to TUN/TAP) |
||
Line 18: | Line 18: | ||
== Granting container an access to TUN/TAP == | == Granting container an access to TUN/TAP == | ||
− | Allow your container to use the tun/tap device: | + | Allow your container to use the tun/tap device by running the following commands on the host node: |
vzctl set 101 --devices c:10:200:rw --save | vzctl set 101 --devices c:10:200:rw --save | ||
vzctl set 101 --capability net_admin:on --save | vzctl set 101 --capability net_admin:on --save | ||
− | And create the character device file inside the container: | + | And create the character device file inside the container (execute the following on the host node): |
vzctl exec 101 mkdir -p /dev/net | vzctl exec 101 mkdir -p /dev/net |
Revision as of 18:43, 1 July 2009
This article describes how to use VPN via the TUN/TAP device inside a container.
Contents
Kernel TUN/TAP support
OpenVZ supports VPN inside a container via kernel TUN/TAP module and device. To allow container #101 to use the TUN/TAP device the following should be done:
Make sure the tun module has been already loaded on the hardware node:
# lsmod | grep tun
If it is not there, use the following command to load tun module:
# modprobe tun
You can also add it into /etc/modules.conf to make sure it will be loaded on every reboot automatically.
Granting container an access to TUN/TAP
Allow your container to use the tun/tap device by running the following commands on the host node:
vzctl set 101 --devices c:10:200:rw --save vzctl set 101 --capability net_admin:on --save
And create the character device file inside the container (execute the following on the host node):
vzctl exec 101 mkdir -p /dev/net vzctl exec 101 mknod /dev/net/tun c 10 200 vzctl exec 101 chmod 600 /dev/net/tun
Configuring VPN inside container
After the configuration steps above are done it is possible to use VPN software working with TUN/TAP inside container just like on a usual standalone linux box.
The following software can be used for VPN with TUN/TAP:
- Virtual TUNnel (http://vtun.sourceforge.net)
- OpenVPN (http://openvpn.sourceforge.net)