OpenVZ supports VPN inside a container via kernel TUN/TAP module and device. To allow VPS #101 to use the TUN/TAP device the following should be done:
#101 - VPS id. Replace #101 with your VPS id.
Make sure the tun module has already loaded on the Node.
[root@Node /]# lsmod | grep tun
If not listed, then load the tun module with the below command
[root@Node /]# modprobe tun
[root@Node /]# lsmod | grep tun
tun 82432 6
[root@Node /]# lsmod | grep tun
tun 82432 6
Run the following command in Node:
[root@Node /]# vzctl set 101 --devnodes net/tun:rw --save
[root@Node /]# vzctl set 101 --devices c:10:200:rw --save
[root@Node /]# vzctl stop 101
[root@Node /]# vzctl set 101 --capability net_admin:on --save
[root@Node /]# vzctl start 101
[root@Node /]# vzctl exec 101 mkdir -p /dev/net
[root@Node /]# vzctl exec 101 chmod 600 /dev/net/tun
To check TUN/TAP is enabled or not :
[root@Node /]# vzctl enter 101
Inside the VPS:
[root@vps /]# cat /dev/net/tun
cat: /dev/net/tun: File descriptor in bad state # It means the TUN/TAP is enabled on your VPS.
cat: /dev/net/tun: No such device # If you receive like this, then the TUN/TAP has not enabled on your VPS . Try to enable TUN/TAP again and check.
Source: http://wiki.openvz.org/VPN_via_the_TUN/TAP_device
