The following command will allow host 192.168.1.10 to have write access and mount this volume remotely, all while identifying changes as ‘root’ – this is helpful for a container data store when you have docker running on a VM in proxmox but want to piggyback from the resilient ZFS storage in proxmox.
zfs set sharenfs="[email protected]" gdata/containers
I’m experimenting with TunSafe which is a fork of wireguard that includes traffic obfuscation built-in. Traffic obfuscation is useful to hide VPN traffic from ISP’s network throttling which is done when network packet inspection identifies a tunnel protocol.
You will need a privileged container in proxmox.
Add this to container configuration file
lxc.mount.entry: /dev/net/tun dev/net/tun none bind,create=file
Without this setting on the configuration file of the container tunsafe will not start. Error similar to:
~# systemctl status tunsafe.service
● tunsafe.service - TunSafe service
Loaded: loaded (/etc/systemd/system/tunsafe.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Sun 2021-01-24 19:22:59 UTC; 26s ago
Process: 6949 ExecStart=/opt/tunsafe/tunsafe start -d /opt/tunsafe/TunSafe.conf (code=exited, status=1/FAILURE)
Main PID: 6949 (code=exited, status=1/FAILURE)
Jan 24 19:22:59 tunsafe-gw systemd: Starting TunSafe service...
Jan 24 19:22:59 tunsafe-gw tunsafe: Loading file: /opt/tunsafe/TunSafe.conf
Jan 24 19:22:59 tunsafe-gw tunsafe: Started TCP listening socket on port 443
Jan 24 19:22:59 tunsafe-gw tunsafe: Error opening tun device
Jan 24 19:22:59 tunsafe-gw systemd: tunsafe.service: Main process exited, code=exited, status=1/FAILURE
Jan 24 19:22:59 tunsafe-gw systemd: tunsafe.service: Failed with result 'exit-code'.
Jan 24 19:22:59 tunsafe-gw systemd: Failed to start TunSafe service.