No tun device in lxc guest for openvpn
I am trying to set up an openvpn server inside a lxc guest. However, it seams there is no tun device available in the container.
Starting openvpn inside the container gives me this error:
Tue Sep 18 13:04:18 2012 Note: Cannot open TUN/TAP dev /dev/net/tun: No such file or directory (errno=2)
Tue Sep 18 13:04:18 2012 do_ifconfig, tt->ipv6=0, tt->did_ifconfig_ipv6_setup=0
Tue Sep 18 13:04:18 2012 /sbin/ifconfig 10.6.0.1 pointopoint 10.6.0.2 mtu 1500
SIOCSIFADDR: No such device
: ERROR while getting interface flags: No such device
SIOCSIFDSTADDR: No such device
: ERROR while getting interface flags: No such device
SIOCSIFMTU: No such device
Tue Sep 18 13:04:18 2012 Linux ifconfig failed: external program exited with error status: 1
Tue Sep 18 13:04:18 2012 Exiting
In my containers config, I see the following:
#tun
lxc.cgroup.devices.allow = c 10:200 rwm
I'd assume this enabled tun devices for the container, but modprobe tun gives me another error:
FATAL: Could not load /lib/modules/3.2.0-30-generic/modules.dep: No such file or directory
I'm assuming I am missing some permission or something in my container. Can someone tell me what it is?
Solution 1:
I'm not familiar with lxc, but try the following commands:
# mkdir /dev/net
# mknod /dev/net/tun c 10 200
# chmod 666 /dev/net/tun
Solution 2:
The answers above don't actually work now with current versions of lxc. Manually creating a character device with mknod has no effect - the device is not visible inside the container. Use of the autodev functionality in lxc is required.
- For systems with
systemdSee LXC Config on the Arch Linux Wiki for OpenVPN in Linux Containers. - In an Alpine Linux container (without
systemd) I use:
lxc.cgroup.devices.deny = a
lxc.cgroup.devices.allow = c 10:200 rwm
lxc.hook.autodev = sh -c "modprobe tun; cd ${LXC_ROOTFS_MOUNT}/dev; mkdir net; mknod net/tun c 10 200; chmod 0666 net/tun"
The order is important - the deny must be first.