Skip to content

Instantly share code, notes, and snippets.

@wastrachan

wastrachan/openvpn-in-lxd.txt

Last active March 21, 2023 13:07
Show Gist options
  • Star 23 You must be signed in to star a gist
  • Fork 7 You must be signed in to fork a gist
  • Save wastrachan/8d75ecf39db1fc25ae73c93989a8df11 to your computer and use it in GitHub Desktop.
Save wastrachan/8d75ecf39db1fc25ae73c93989a8df11 to your computer and use it in GitHub Desktop.
Download ZIP
OpenVPN in LXD Container
Raw
openvpn-in-lxd.txt
# On the host
=============
lxc config set openvpn raw.lxc 'lxc.cgroup.devices.allow = c 10:200 rwm'
lxc config device add openvpn tun unix-char path=/dev/net/tun
# In the container
==================
1. mknod /dev/net/tun c 10 200
2. install OpenVPN (https://github.com/Nyr/openvpn-install or manual)
3. edit /lib/systemd/system/openvpn@.service -- comment out/remove `LimitNPROC=10`
4. systemctl daemon-reload or reboot container
@Wizlonex
Copy link

Totally brilliant. I spent way too long looking for a solution. Nothing worked, until this. THANK YOU.

@kkremitzki
Copy link

This worked for me as well. Thanks!

@starkers
Copy link

Cheers dude

@thalesmaoa
Copy link

thalesmaoa commented Oct 22, 2018
edited

Maybe I did something wrong, however I can't get it to work. I'm using a bridge connection:

Mon Oct 22 03:22:06 2018 Unrecognized option or missing parameter(s) in local.ovpn:14: block-outside-dns (2.3.10)
Mon Oct 22 03:22:06 2018 OpenVPN 2.3.10 x86_64-pc-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [MH] [IPv6] built on Jun 22 2017
Mon Oct 22 03:22:06 2018 library versions: OpenSSL 1.0.2g  1 Mar 2016, LZO 2.08
Mon Oct 22 03:22:06 2018 Control Channel Authentication: tls-auth using INLINE static key file
Mon Oct 22 03:22:06 2018 Outgoing Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Mon Oct 22 03:22:06 2018 Incoming Control Channel Authentication: Using 512 bit message hash 'SHA512' for HMAC authentication
Mon Oct 22 03:22:06 2018 Socket Buffers: R=[212992->212992] S=[212992->212992]
Mon Oct 22 03:22:06 2018 UDPv4 link local: [undef]
Mon Oct 22 03:22:06 2018 UDPv4 link remote: [AF_INET] server_ip:1194

Any suggestion?

EDIT:
I found the problem. Does not install without following the proposed order.

@FinduschkaLi
Copy link

In case you are installing openvpn via the bashfile obtained via
wget https://git.io/vpn -O openvpn-install.sh
make sure that the server files actually lie in folder: /etc/opevpn/ and not in /etc/openvpn/server/.
I had to move all files from /etc/openvpn/server to /etc/openvpn/ in order for the server to start.
Maybe there is also a configuration for this path?

@FinduschkaLi
Copy link

In case you are installing openvpn via the bashfile obtained via
wget https://git.io/vpn -O openvpn-install.sh
make sure that the server files actually lie in folder: /etc/opevpn/ and not in /etc/openvpn/server/.
I had to move all files from /etc/openvpn/server to /etc/openvpn/ in order for the server to start.
Maybe there is also a configuration for this path?

@friki67
Copy link

friki67 commented Oct 30, 2022

Hello!

Trying to get this working in a container ubuntu/focal. When I first launch the container, I can list /dev/net/tun, so when I try to do mknod it says it exists.

But when I try to launch openvpn I always get

ERROR: Cannot open TUN/TAP dev /dev/net/tun: No such file or directory (errno=2)

I've tried debian and opensuse containers, same result. What am I doing wrong?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment