Virtual Private Network (VPN) is a technology which allows you to establish a secure network connection even over an insecure public network. Setting up a VPN for a separate container is possible via the TUN/TAP device. To allow a particular container to use this device, do the following:
-
Make sure the
tun.o
module is already loaded before OpenVZ is started:# lsmod
-
Allow the container to use the TUN/TAP device:
# vzctl set MyCT --devices c:10:200:rw --save
-
Create the corresponding device inside the container and set the proper permissions:
# prlctl exec MyCT mkdir -p /dev/net # prlctl exec MyCT mknod /dev/net/tun c 10 200 # prlctl exec MyCT chmod 600 /dev/net/tun
Configuring the VPN properly is a common Linux administration task, which is out of the scope of this guide. Some popular Linux software for setting up a VPN over the TUN/TAP driver includes Virtual TUNnel and OpenVPN.