[SOLVED] Bind mount /dev/net directory from host to unprivileged container?

[emmanuel]

I have an unprivileged container that runs Centos 7 and I want it to run as an openvpn client to a pfsense firewall. But I can't seem to get it running as the guest container does not have "dev/net/tun". So I looked online and saw people create the file directly inside the container but unprivileged containers can't create device nodes since it is a kernel policy. So the next method is to bind mount it. I tried mounting it but it seems every time I create a "net" directory inside the container's "dev" directory so I can bind mount the host's "dev/net" directory it deletes it. So I wanna ask the community if there is any way around this, and, Happy Holidays!

 

[oguz]

hi,

did you install the necessary kernel module on the host? (modprobe tun)

 

[emmanuel]

hi,

did you install the necessary kernel module on the host? (modprobe tun)

Tried that just now and it still deletes the net directory I created inside the guest's /dev directory upon reboot. :/
Is there some way to make the guest make use of the tun file inside the host's /dev/net? Or somehow mount it some other way?

Edit:
I tried to add a few lines in "/var/lib/lxc/<CT_ID>/config" but it gets deleted every time the guest is turned on. :| So the only way to persist the bind mounting is doing it via "/etc/pve/lxc/CT_ID.conf" but when I do it there, the guest refuses to turn on.

Edit#2:
This is a PRIVILEGED container, I apologize, seems that I un-ticked the unprivileged option when I restored the container file after my old HDD died and transferred it to this new proxmox instance.

 

[emmanuel]

SUCCESS! Thanks to the post below:
https://forum.proxmox.com/threads/problem-connecting-containers-to-openvpn-after-reboot.48666/

Thank you! Consider this resolved.