Parallels

Resolution

Since Virtuozzo 2.6.1, VPN support for a VE via the TUN/TAP device is available. To allow VE #101 to use the TUN/TAP device the following steps should be taken:

1. Make sure the tun module has been already loaded on the hardware node:
   
   # lsmod | grep tun
   
   If it is not there, use
   
   # modprobe tun
   
   to load it and add it into /etc/modules.conf. This module should have been loaded before Virtuozzo is started, so you should run
   
   # service vz restart
   
   to make it available at runtime (all VEs will be restarted).
   
   In order to automate modules loading before Virtuozzo services are started you may install 'openvpn' package from Virtuozzo distrib (in HW/RPMS folder) and enable it in default runlevel (use 'chkconfig' utility to do that). Please also use instructions on automated module loading suitable for base OS installed on hardware node.
   Just for example, for  Redhat-based systems (such as (Fedora Core, Redhat AS3/AS4, CentOS 3/4)) it should be enough to add 'modprobe tun' command into /etc/rc.modules file and make it executable:
   
   # chmod a+rx /etc/rc.modules
   
   On SuSE based systems usually should be enough to add tun module into MODULES_LOADED_ON_BOOT variable in /etc/sysconfig/kernel file (it should be processed by /etc/init.d/boot.loadmodules initscript).
   
   
2. Allow the VE to use the tun/tap device:
   
   # vzctl set 101 --devices c:10:200:rw --save
   
   
   
3. Create the device in the VE:
   
   # vzctl exec 101 mkdir -p /dev/net
# vzctl exec 101 mknod /dev/net/tun c 10 200
   
   
   
4. Set proper permissions for /dev/net/tun:
   
   # vzctl exec 101 chmod 600 /dev/net/tun
   
   
   

Popular Linux VPN software working with the TUN/TAP interface includes Virtual TUNnel (http://vtun.sourceforge.net) and OpenVPN (http://openvpn.sourceforge.net).