How do I allow /dev/net/Tun in a LXD managed LXC container?

I am trying to get Openvpn run inside a LXD/LXC container, and redirect traffic coming to the container to the VPN.

The purpose is to replace a fully fledged VM that does exactly that (and toy with LXD :-)

I managed to get an IP from my main DHCP server, set up the iptables rules for masquerading / forwarding the traffic, but when I try to launch openvpn, it is blocked by the lack of (access to) /dev/net/tun device.

I came accross this post on ServerFault https://serverfault.com/questions/429461/no-tun-device-in-lxc-guest-for-openvpn, but it does not seem to work with current version of LXC and/or LXD managing the configuration...

EDIT: I tried using this incantation, but it did not succeed:

lxc config set mycontainer raw.lxc 'lxc.cgroup.devices.allow = c 10:200 rwm'

EDIT2: tried lxc config device add mycontainer tun unix-char path=/dev/net/tun major=10 minor=200 but on next stop/start, I got

error: Failed configuring device tun: Not implemented

Now I can't even lxc config device remove mycontainer tun as it throws the same Not implemented error. Container seems to be lost...

Solution 1:

You want:

lxc config device add CONTAINER tun unix-char path=/dev/net/tun

Solution 2:

I was struggling to do this as well inside a unprivileged container. What I ended up doing was

mknod /path/to/your/container/root/tun c 10 200
chown 100000:100000 /path/to/your/container/root/tun

then inside the container

mkdir /dev/net
ln -s /root/tun /dev/net/tun

This meant I did not have to make any changes to lxc conf