3

I am trying to create an lxc container that acts as a vpn server. I am trying to add the tap/tun adapter to the container's device list. I have tried adding the following line to the lxc config.

lxc.cgroup.devices.allow = c 10:200 rwm

That did not seems to add it to the container. I have tried creating the folder

/var/lib/lxc/vm1/rootfs/dev/net and mknod -m 666 /var/lib/lxc/vm1/rootfs/dev/net/tun c 10 200

This does not work as well. Using mknod inside the container throws an error Operation not permitted

Any ideas on how I proceed? I am still new to VPN servers and LXC containers.

ashwinjv
  • 2,787
  • 1
  • 23
  • 32

4 Answers4

3

I was able to solve it by following the steps here: http://heider.io/blog/2013/10/26/openvpn-in-a-lxc-container/ but I had to add these to the end of configs in /var/lib/lxc/vm1/config

[Edit] I no longer am in need of this answer, but for other folks looking, the web page is no longer accessible, here is the archive version of it - https://web.archive.org/web/20190730140350/http://heider.io/blog/2013/10/26/openvpn-in-a-lxc-container/ and here is a picture of the contents - picture of the contents

ashwinjv
  • 2,787
  • 1
  • 23
  • 32
  • I have the same problem, but the solution shown in your link doesn't work for me. When trying that, I get: "lxc-start: unknow key lxc.hook.autodev lxc-start: failed to read configuration file". Any ideas? – PonyEars Jul 08 '14 at 22:49
  • Which version of lxc are you using? lxc has had a few updates regarding how to allow users to add custom groups. – ashwinjv Aug 01 '14 at 03:19
1

In 2021, on Proxmox, the way I got it to work is by adding these two lines to the lxc configuration file at /etc/pve/lxc/{id}.conf:

lxc.cgroup.devices.allow: c 10:200 rwm
lxc.mount.entry: /dev/net/tun dev/net/tun none bind,create=file
Sam Sirry
  • 631
  • 5
  • 22
  • 1
    Also mind that on many Linux distros LXC guest config files appear in 2 places -- in '/etc/lxc/guests/...' and in '/var/lib/lxc/.../config'. The former is just a hard link to the latter, and it is the latter which is actually read by the LXC logic for guest config. So if you change config in the former make sure you see identical config in the latter, b/c if not your changes will never be read. – maratbn Mar 22 '23 at 03:31
0

For libvirt_lxc (virt-manager, libvirtd) virt-manager -> Open lxc machine -> Add device misc

<hostdev mode="capabilities" type="misc">
  <source>
    <char>/dev/net/tun</char>
  </source>
</hostdev>

Please check:
https://www.redhat.com/archives/libvirt-users/2018-January/msg00075.html

Cristian Florescu
  • 1,660
  • 20
  • 24
0

Update for 2022: after upgrading to Ubuntu Jammy I had to change

lxc.cgroup.devices.allow: c 10:200 rwm

to

lxc.cgroup2.devices.allow: c 10:200 rwm

ref: https://discuss.linuxcontainers.org/t/dev-net-tun-stopped-working-after-debian-upgrade-from-buster-to-bullseye-operation-not-permitted/10086/2

Mike B
  • 1,600
  • 1
  • 12
  • 8