Search

Search for:
Language:  

No categories for selected product

How to configure TUN/TAP devices inside a container to install VPN software

Article ID: 696 
Last Review: Apr, 16 2012
Views:
APPLIES TO:
  • Parallels Virtuozzo Containers for Linux 4.7
  • Parallels Virtuozzo Containers for Linux 4.6
  • Parallels Virtuozzo Containers for Linux 4.0
  • Virtuozzo for Linux 3.x

Resolution

Follow the steps below to configure the TUN/TAP device in the container:

1. Make sure the tun module is loaded on the hardware node:
# lsmod | grep tun
tun                    18979  0

For RHEL3-based distributions load this module if necessary:
# modprobe tun
and add it into /etc/modules.conf.

For RHEL4/5-based distributions put the following line to the config /etc/modprobe.conf:
alias char-major-10-200 tun

For RHEL/CentOS 6.x based distributions create a separate file /etc/sysconfig/modules/vztun.sh to let it load automatically during the boot time:
#!/bin/sh
/sbin/modprobe tun

This file should be executable. You can make it executable by running:
chmod +x /etc/sysconfig/modules/vztun.sh


This module tun is supposed to be loaded before the Virtuozzo service is started, so run
# service vz restart
to let Virtuozzo acknowledge this module's availability (all containers will be restarted). On SuSE-based systems, add  the tun module into the MODULES_LOADED_ON_BOOT variable in /etc/sysconfig/kernel file (it should be processed by the /etc/init.d/boot.loadmodules initialization script).


2. Allow the container to use the TUN/TAP device:
# vzctl set 101 --devices c:10:200:rw --save

In that case, you will receive the following error message:

Note: Cannot set tx queue length on tun0: Operation not permitted (errno=1)

Add required permission:
# vzctl set 101 --capability net_admin:on --save
Granting such capability should be considered for trusted environments only.


3. Create the device in the container:
# vzctl exec 101 mkdir -p /dev/net
# vzctl exec 101 mknod /dev/net/tun c 10 200


4. Set proper permissions for /dev/net/tun:
# vzctl exec 101 chmod 600 /dev/net/tun


5. Install VPN software, which requires TUN/TAP interface such as Virtual TUNnel or OpenVPN.





Email subscription for changes to this article Email subscription for changes to this article
Save as PDF

Please provide feedback on this article

* Did this article help you solve your issue?
Yes
No
What can we do to improve this article?

PLEASE NOTE: Knowledge Base feedback is reviewed occasionally and we do not reply to most of the individual comments. Please contact us using one of the Support channels for a response to any support inquiries. We appreciate your feedback.

Subscribe me for article updates. My email
 
 
 
 
 
 
For Home
For Hosters
For SaaS
For IaaS
For Developers
For Health Care
 
Desktop Virtualization
- Parallels Desktop 7 for Mac
- Parallels Transporter
- Parallels Mobile
- Parallels Desktop Switch to Mac Edition
- Parallels Workstation
- Parallels Workstation Extreme
- Parallels Desktop for Mac Enterprise Edition
Server Virtualization
- Parallels Server for Mac 4.0
- Parallels Server for Mac 4.0 Mac mini Edition
- Parallels Server for Mac Bare Metal Edition
- Parallels Server Bare Metal
- Parallels Virtuozzo Containers
Automation
- Parallels Operations Automation
- Parallels Automation for Cloud Infrastructure
- Parallels Business Automation
- Parallels Business Automation Standard
- Parallels Virtual Automation
- Parallels Plesk Panel Suite
- Parallels Small Business Panel
- Parallels Domain/SSL Reseller Program
- Parallels Partner Storefront
More Products