OpenVZ - Virtual Private Server

How to enable TUN/TAP device

OpenVZ supports VPN inside a container via kernel TUN/TAP module and device. To allow container #101 to use the TUN/TAP device the following should be done:

Make sure the tun module has been already loaded on the hardware node:

lsmod | grep tun

If it is not there, use the following command to load tun module:

modprobe tun

To make sure that tun module will be automatically loaded on every reboot you can also add it or into /etc/modules.conf (on RHEL see /etc/sysconfig/modules/ directory).

If you are looking for a hosting provider who support tun/tap by default visit

Granting container an access to TUN/TAP

Allow your container to use the tun/tap device by running the following commands on the host node:

vzctl set 101 –devnodes net/tun:rw –save
vzctl set 101 –devices c:10:200:rw –save
vzctl set 101 –capability net_admin:on –save vzctl exec 101 mkdir -p /dev/net
vzctl exec 101 chmod 600 /dev/net/tun