OpenVPN in a lxc container

Recently I’ve been playing with lxc as a lightweight alternative to full blown virtualization and wanted to run OpenVPN in the container.

However, the tun device is not available by default in lxc containers, leading to this error:

1
ERROR: Cannot open TUN/TAP dev /dev/net/tun: No such file or directory (errno=2)

As usual there’s a bunch of solutions floating around the net, but due to recent changes to lxc/systemd the old way of creating the tun device inside the container doesn’t work anymore. Instead it has to be created using the autodev hook.

For this, create a script named autodev in /var/lib/lxc/yourcontainer/

1
2
3
4
5
6
#!/bin/bash

cd ${LXC_ROOTFS_MOUNT}/dev
mkdir net
mknod net/tun c 10 200
chmod 0666 net/tun

and make it executable:

1
chmod +x autodev

Then add

1
2
3
4
lxc.hook.autodev=/var/lib/lxc/yourcontainer/autodev

# /dev/net/tun
lxc.cgroup.devices.allow = c 10:200 rwm

to /var/lib/lxc/yourcontainer/config.

More information can be found at https://wiki.archlinux.org/index.php/Lxc-systemd.