64
edits
Changes
Warning about WireGuard update procedure.
This article describes how to use VPN via [https://www.wireguard.com WireGuard] inside a Virtuozzo 7 / OpenVZ 7 Container.
{{warning|<br>
This article describes the WireGuard configuration in an OpenVZ Container which '''does not survive WireGuard package update'''.<br>
After WireGuard package update you have to repeat the described steps to make WireGuard working again.<br>
If you wish to have a persistent configuration which survives WireGuard updates, please contact [https://www.virtuozzo.com/support/virtuozzo-professional-services.html '''Virtuozzo Professional Services''']}}
== Install WireGuard on the Host Node ==
(change the path to wireguard sources if needed)
# patch /usr/src/wireguard-0.0.20190601/device.c diff-wireguard-allow-to-run-in-Containers
<pre>
--- ./device.c.orig 2019-07-02 16:05:42.162373405 +0300
+++ ./device.c 2019-06-10 17:21:27.956413409 +0300
@@ -281,7 +281,7 @@ static void wg_setup(struct net_device *
#else
dev->tx_queue_len = 0;
#endif
- dev->features |= NETIF_F_LLTX;
+ dev->features |= NETIF_F_LLTX | NETIF_F_VIRTUAL;
dev->features |= WG_NETDEV_FEATURES;
dev->hw_features |= WG_NETDEV_FEATURES;
dev->hw_enc_features |= WG_NETDEV_FEATURES;
</pre>
{{Note|Why it's required?
it won't be automatically loaded upon request from inside a Container.
# modprobe wireguard
== Create a Container ==