Friday, April 9, 2010

Enable TUN/TAP

How to Enable TUN/TAP
How to configure TUN/TAP

You should do the following steps on the 'node'
To check the tun module has been already loaded on the node.
# lsmod | grep tun
If it is not loaded
# modprobe tun

Allow your container to use the tun/tap device
# vzctl set 101 --devices c:10:200:rw --save
# vzctl set 101 --capability net_admin:on --save

create the character device file inside the container
# vzctl exec 101 mkdir -p /dev/net
# vzctl exec 101 mknod /dev/net/tun c 10 200
# vzctl exec 101 chmod 600 /dev/net/tun


vzctl set {vps_id} --iptables
"iptable_filter iptable_mangle ipt_limit ipt_multiport ipt_tos ipt_TOS
ipt_REJECT ipt_TCPMSS ipt_tcpmss ipt_ttl ipt_LOG ipt_length
ip_conntrack ip_conntrack_ftp ip_conntrack_irc ipt_conntrack ipt_state
ipt_helper iptable_nat ip_nat_ftp ip_nat_irc" --save