RESOLUTION
Since Virtuozzo 2.6.1, VPN support for a VE via the TUN/TAP device is available. To allow VE #101 to use the TUN/TAP device the following steps should be taken:- Make sure the tun module has been already loaded on the hardware node:
# lsmod | grep tun
If it is not there, use
# modprobe tun
to load it and add it into /etc/modules.conf. This module should have been loaded before Virtuozzo is started, so you should run
# service vz restart
to make it available at runtime (all VEs will be restarted).
In order to automate modules loading before Virtuozzo services are started you may install 'openvpn' package from Virtuozzo distrib (in HW/RPMS folder) and enable it in default runlevel (use 'chkconfig' utility to do that). Please also use instructions on automated module loading suitable for base OS installed on hardware node.
Just for example, for Redhat-based systems (such as (Fedora Core, Redhat AS3/AS4, CentOS 3/4)) it should be enough to add 'modprobe tun' command into /etc/rc.modules file and make it executable:
# chmod a+rx /etc/rc.modules
On SuSE based systems usually should be enough to add tun module into MODULES_LOADED_ON_BOOT variable in /etc/sysconfig/kernel file (it should be processed by /etc/init.d/boot.loadmodules initscript).
- Allow the VE to use the tun/tap device:
# vzctl set 101 --devices c:10:200:rw --save - Create the device in the VE:
# vzctl exec 101 mkdir -p /dev/net
# vzctl exec 101 mknod /dev/net/tun c 10 200 - Set proper permissions for /dev/net/tun:
# vzctl exec 101 chmod 600 /dev/net/tun
Keywords: tun,vpn,openvpn,tunnel,tap
English
Chinese
French
German
Japanese
Russian
Spanish