How to Enable TUN/TAP module in OpenVZ

In computer networking, TUN and TAP are virtual-network kernel devices. TUN (namely network TUNnel) simulates a network layer device and it operates with layer 3 packets like IP packets. TAP (namely network tap) simulates a link layer device and it operates with layer 2 packets like Ethernet frames. TUN is used with routing, while TAP is used for creating a network bridge.

OpenVZ supports VPN inside a container via kernel TUN/TAP module and device.

>>> How to enable TUN/TAP in OpenVZ?

Step 1 : Login to your node server via SSH.

 Step 2 : Make sure the tun module has already loaded on the Node. For that please run the below command.

root@Node]#  lsmod | grep tun


If the output of the above command is not listed which means the tun module is not loaded in your Node.

Then load the tun module with the below command

[root@Node]# modprobe tun

[root@Node]# lsmod | grep tun

tun    82432  6

>>>  Enabling TUN/TAP on VPS

Run the following command in host Node to allow the container to use the tun/tap device.

[root@Node]# vzctl set 222 –devnodes net/tun:rw –save

[root@Node]# vzctl set 222 –devices c:10:200:rw –save 

[root@Node]# vzctl stop 222 

[root@Node]# vzctl set 222 –capability net_admin:on –save

[root@Node]# vzctl start 222

[root@Node]# vzctl exec 222 mkdir -p /dev/net

[root@Node]# vzctl exec 222 chmod 600 /dev/net/tun

#222 – VPS  id. Replace #222 with your VPS id.

Step 4 : To check TUN/TAP is enabled or not in VPS(222).

LogintoVPS via SSH and run the following command.

[root@vps]# cat /dev/net/tun

cat: /dev/net/tun: File descriptor in bad state

The output of the above command means TUN/TAP is enabled on your VPS.

If you receive any other output like(cat: /dev/net/tun: No such device)then the TUN/TAP has not enabled on your VPS.Try to enable TUN/TAP again and check.