How to Enable TUN/TAP module in OpenVZ

In computer networking, TUN and TAP are virtual-network kernel devices. TUN (namely network TUNnel) simulates a network layer device and it operates with layer 3 packets like IP packets. TAP (namely network tap) simulates a link layer device and it operates with layer 2 packets like Ethernet frames. TUN is used with routing, while TAP is used for creating a network bridge.

OpenVZ supports VPN inside a container via kernel TUN/TAP module and device.

>>> How to enable TUN/TAP in OpenVZ?

Step 1 : Login to your node server via SSH.

 Step 2 : Make sure the tun module has already loaded on the Node. For that please run the below command.

root@Node]#  lsmod | grep tun

 [root@Node]#

If the output of the above command is not listed which means the tun module is not loaded in your Node.

Then load the tun module with the below command

[root@Node]# modprobe tun

[root@Node]# lsmod | grep tun

tun    82432  6

>>>  Enabling TUN/TAP on VPS

Run the following command in host Node to allow the container to use the tun/tap device.

[root@Node]# vzctl set 222 –devnodes net/tun:rw –save

[root@Node]# vzctl set 222 –devices c:10:200:rw –save 

[root@Node]# vzctl stop 222 

[root@Node]# vzctl set 222 –capability net_admin:on –save

[root@Node]# vzctl start 222

[root@Node]# vzctl exec 222 mkdir -p /dev/net

[root@Node]# vzctl exec 222 chmod 600 /dev/net/tun

#222 – VPS  id. Replace #222 with your VPS id.

Step 4 : To check TUN/TAP is enabled or not in VPS(222).

LogintoVPS via SSH and run the following command.

[root@vps]# cat /dev/net/tun

cat: /dev/net/tun: File descriptor in bad state

The output of the above command means TUN/TAP is enabled on your VPS.

If you receive any other output like(cat: /dev/net/tun: No such device)then the TUN/TAP has not enabled on your VPS.Try to enable TUN/TAP again and check.