openvpn – Giovanni F. Mazzeo De Santolo https://desantolo.com That italian IT guy Sun, 27 Dec 2020 05:38:51 +0000 en-US hourly 1 https://wordpress.org/?v=6.8.2 123042357 Allowing OpenVPN to create tun device on LXC / Proxmox https://desantolo.com/2018/11/allowing-openvpn-to-create-tun-device-on-lxc-proxmox/ Mon, 19 Nov 2018 01:56:57 +0000 https://desantolo.com/?p=569 Continue reading ]]> Due to built-in security of LXC, trying to setup a tunnel interface inside a container is by blocked by default.

ERROR: Cannot open TUN/TAP dev /dev/net/tun

To allow this for a specific container in Proxmox, we need to make a few tweaks to allow this interface to work in a specific container (we don’t want to allow all containers to be able to setup a tunnel – hackers can hide their tracks using it).

How to do this:

ADD these lines to /etc/pve/lxc/<container-id>.conf

lxc.cgroup.devices.allow = c 10:200 rwm
lxc.hook.autodev = sh -c "modprobe tun; cd ${LXC_ROOTFS_MOUNT}/dev; mkdir net; mknod net/tun c 10 200; chmod 0666 net/tun"

 

]]> 569