Enabling VPN for Containers

Virtual Private Network (VPN) is a technology which allows you to establish a secure network connection even over an insecure public network. Setting up a VPN for a separate Container is possible via the TUN/TAP device. To allow a particular Container to use this device, the following steps are required:

• Make sure the tun.o module is already loaded before Virtuozzo is started:

  # lsmod

• Allow the Container to use the TUN/TAP device:

  # prlctl set 101 --devices c:10:200:rw

  Note: Currently, the --devices option may not be supported by the prlctl utility. Use vzctl instead.

• Create the corresponding device inside the Container and set the proper permissions:

  # prlctl exec 101 mkdir -p /dev/net

  # prlctl exec 101 mknod /dev/net/tun c 10 200

  # prlctl exec 101 chmod 600 /dev/net/tun

Configuring the VPN properly is a common Linux administration task, which is out of the scope of this guide. Some popular Linux software for setting up a VPN over the TUN/TAP driver includes Virtual TUNnel <http://vtun.sourceforge.net/> and OpenVPN <http://openvpn.sourceforge.net/>.