Setting up openvpn client in LXC containers

I

inxsible

Active Member
Feb 6, 2020
139
8
38
I am trying to set up a openvpn client with my provider in a LXC container but it keeps failing
Code: 
2021-08-03 19:51:19 ERROR: Cannot open TUN/TAP dev /dev/net/tun: No such file or directory (errno=2)
2021-08-03 19:51:19 Exiting due to fatal error

So it seems that unprivileged containers cannot set up the /tun/tap devices. My options at this point are:
  1. Use a privileged container -- since I use Archlinux in most of my containers, using a privileged container is a problem due to : https://forum.proxmox.com/threads/psa-do-not-upgrade-to-systemd-247.80936/#post-357555
  2. Use a VM -- causes resource wastage especially for a service that's only used only for some time and sits idle most of the time
  3. This reddit post : https://www.reddit.com/r/Proxmox/comments/giqbzx/openvpn_client_lxc_tun_error/ --- describes changing the container's config file but I am unsure of any issues that it might cause, especially security wise.

Can someone please comment on the above 3 options as to which would be optimal -- mostly with security in mind? Are there any other options available?
 
hi,

see our wiki [0]

the article describes setting up a server, but you can use the same config lines for passing /dev/net/tun into the container:
Code: 
 lxc.cgroup2.devices.allow: c 10:200 rwm
 lxc.mount.entry: /dev/net dev/net none bind,create=dir

that allows the /dev/net/tun device from the host to be used in the container, that way you can create VPN interfaces in the container (client/server)

[0]: https://pve.proxmox.com/wiki/OpenVPN_in_LXC
 
Last edited:
  • Like
Reactions: Creegz and inxsible
oguz said:
hi,

see our wiki [0]

the article describes setting up a server, but you can use the same config lines for passing /dev/net/tun into the container:
Code: 
 lxc.cgroup2.devices.allow: c 10:200 rwm
 lxc.mount.entry: /dev/net dev/net none bind,create=dir

that allows the /dev/net/tun device from the host to be used in the container, that way you can create VPN interfaces in the container (client/server)

[0]: https://pve.proxmox.com/wiki/OpenVPN_in_LXC
Click to expand...
Wonderful. I'll try that out and post back.
 
I forgot to update... but this worked in allowing me to run openvpn client from within the container.
 
inxsible said:
I forgot to update... but this worked in allowing me to run openvpn client from within the container.
Click to expand...
great, you can mark the thread [SOLVED] so others also know what to expect :)
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back