I had a client contact me earlier this morning because one of their clients was receiving the following error on their VPS when trying to run OpenVPN.
Note: Cannot open TUN/TAP dev /dev/net/tun: Permission denied (errno=13)
Note: Attempting fallback to kernel 2.2 TUN/TAP interface
Cannot open TUN/TAP dev /dev/tun0: No such file or directory (errno=2)
I’ve never run into this issue before, but was able to find an awesome tutorial on the OpenVZ website.
First, make sure the tun module has been already loaded on the hardware node:
1 | # lsmod | grep tun |
If it is not there, use the following command to load tun module:
1 | # modprobe tun |
To make sure that tun module will be automatically loaded on every reboot you can also add it or into /etc/modules.conf (on RHEL see /etc/sysconfig/modules/ directory) or into /etc/sysconfig/vz-scripts/VEID.mount.
1 | echo 'modprobe tun' /etc/sysconfig/vz-scripts/VEID.mount |
Allow your container to use the tun/tap device by running the following commands on the host node:
1 | vzctl set VEID --devices c:10:200:rw --save |
2 | vzctl set VEID --capability net_admin:on --save |
And create the character device file inside the container (execute the following on the host node):
1 | vzctl exec VEID mkdir -p /dev/net |
2 | vzctl exec VEID mknod /dev/net/tun c 10 200 |
3 | vzctl exec VEID chmod 600 /dev/net/tun |
Enter cat /dev/net/tun to test whether the TUN/TAP device is available:
- If you receive the message cat: /dev/net/tun: File descriptor in bad state your TUN/TAP device is ready for use.
- If you receive the message cat: /dev/net/tun: No such device the TUN/TAP device was not successfully created.
0 comments:
Post a Comment