如何在LXD託管的LXC容器中允許/ dev / net / Tun?


9

我試圖讓Openvpn在LXD / LXC容器中運行,並將進入該容器的流量重定向到VPN。

目的是要替換完全可以完成此任務的成熟VM(並使用LXD:-)

我設法從主DHCP服務器獲取IP,設置了iptables規則來偽裝/轉發流量,但是當我嘗試啟動openvpn時,由於缺少對/ dev / net的訪問而被阻止/ tun設備。

我在ServerFault https://serverfault.com/questions/429461/no-tun-device-in-lxc-guest-for-openvpn上遇到過這篇文章,但是它似乎不適用於當前版本的LXC和/或LXD管理配置...

編輯:我嘗試使用這種咒語,但沒有成功:

lxc config set mycontainer raw.lxc 'lxc.cgroup.devices.allow = c 10:200 rwm'

EDIT2:嘗試了lxc config device add mycontainer tun unix-char path=/dev/net/tun major=10 minor=200,但是在下一站/開始時,我得到了

error: Failed configuring device tun: Not implemented

現在我什至不能lxc config device remove mycontainer tun,因為它會拋出相同的未實現錯誤。容器似乎丟失了...

0

You need to make the tun device on the host, before you start the container: sudo mknod /path/to/your/container/dev/net/tun c 10 200


14

You want:

lxc config device add CONTAINER tun unix-char path=/dev/net/tun

3

I was struggling to do this as well inside a unprivileged container. What I ended up doing was

mknod /path/to/your/container/root/tun c 10 200
chown 100000:100000 /path/to/your/container/root/tun

then inside the container

mkdir /dev/net
ln -s /root/tun /dev/net/tun

This meant I did not have to make any changes to lxc conf