Parallels

Resolution

Since Virtuozzo 2.6.1, VPN support for a container via the TUN/TAP device is available. To allow container #101 to use the TUN/TAP device the following steps should be taken:


1. Make sure the tun module has been already loaded on the hardware node:

If it is not there, use

to load it and add it into /etc/modules.conf. This module should have been loaded before Virtuozzo is started, so you should run

to make it available at runtime (all containers will be restarted).

In order to automate modules loading before Virtuozzo services are started you may install 'openvpn' package from Virtuozzo distributive (in HW/RPMS folder) and enable it in default runlevel (use 'chkconfig' utility to do that). Please also use instructions on automated module loading suitable for base OS installed on hardware node.
Just for example, for  RedHat-based systems (such as Fedora Core, RedHat AS3/AS4, CentOS 3/4/5) it should be enough to add 'modprobe tun' command into /etc/rc.modules file and make it executable:

On SuSE based systems usually should be enough to add tun module into MODULES_LOADED_ON_BOOT variable in /etc/sysconfig/kernel file (it should be processed by /etc/init.d/boot.loadmodules initscript).

2. Allow the container to use the tun/tap device:

In case you notice the following error message:

Note: Cannot set tx queue length on tun0: Operation not permitted (errno=1)

you may add required permission:
however please use this capability in case only the functionality is affected without it. Granting such capability should be done to trusted environments only.

3. Create the device in the container:

 
4. Set proper permissions for /dev/net/tun:

 
Popular Linux VPN software working with the TUN/TAP interface includes Virtual TUNnel (http://vtun.sourceforge.net) and OpenVPN (http://openvpn.sourceforge.net).