When I tried to migrate my OpenVPN setup to a container on my new Proxmox server I run into multiple problems, where searching through the Internet provided solutions that did not work or were out of date. So I thought I put everything one needs to setup OpenVPN on Debian 9 within a Proxmox / LXC container together in one blog post.
Getting a TUN device into the unprivileged container
As you really should run container in unprivileged mode the typical solutions with adding/allowing
lxc.cgroup.devices.allow: c 10:200 rwm
won’t work. And running a container in privileged mode is a bad bad idea, but gladly there is a native LXC solution.
Stop the container with
pct stop <containerid>
Add following line to
lxc.mount.entry = /dev/net/tun dev/net/tun none bind,create=file
start the container with
pct start <containerid>
OpenVPN will now be able to create a tun device. Just do a test run with
openvpn --config /etc/openvpn/blabla.conf
Add OpenVPN config files to the “autostart”
You need to put the OpenVPN files into
/etc/openvpn/ with the extension .conf. And if you add a new file you need to run
before doing a
service openvpn restart.
Changes in existing config files don’t need the systemd reload.
Getting systemd to start openvpn within a unprivileged container
So OpenVPN works now manually but not with the “init” script. You see following error message in the log file
daemon() failed or unsupported: Resource temporarily unavailable (errno=11)
To solve this edit
and but a
# in front of
now reload systemd with
and it should work.
Hope that info/tips helped you to solve the problems faster than I did. If you know some other tips / solutions for running OpenVPN in a Debian 9 container withing LXC / Proxmox write a comment! Thx!
This is a Security Bloggers Network syndicated blog post authored by robert. Read the original post at: Robert Penz Blog