OpenVPN on Ubuntu OpenVZ

Question

I finished configuring OpenVPN on my OpenVZ vps. When I run service openvpn restart I get the following error output:

* Stopping virtual private network daemon(s)...
*   No VPN is running.                                                      
* Starting virtual private network daemon(s)...
*   Autostarting VPN 'client'
*   Autostarting VPN 'server'                                                                      SIOCSIFADDR: No such device
: ERROR while getting interface flags: No such device
SIOCSIFDSTADDR: No such device
: ERROR while getting interface flags: No such device
SIOCSIFMTU: No such device

I have a gut feeling that it is something to do with the fact that an OpenVZ machine does not have an eth0 device but a venet0:0 interface instead. I looked through all the config files I had to edit and made sure there was no reference to eth0 though. I configured it to this tutorial that I am finishing up (will be finished once I have the solution from here).

Please let me know how I need to change my configuration so that OpenVPN can start successfully.

Answer 1

It turns out that you have to set up the tun/tap device on the openvz host. To do this you need to make sure the host is running with lsmod | grep tun. If nothing appears then run modprobe tun before running lsmod | grep tun to check it appears. Now that that is done you need to give the container access with the following commands (I suggest putting this in a script and then calling that):

CTID=YOUR_CONTAINERS_ID_HERE
vzctl set $CTID --devnodes net/tun:rw --save
vzctl set $CTID --devices c:10:200:rw --save
vzctl set $CTID --capability net_admin:on --save
vzctl exec $CTID mkdir -p /dev/net
vzctl exec $CTID mknod /dev/net/tun c 10 200
vzctl exec $CTID chmod 600 /dev/net/tun

I got a warning error message shown below, but restarting openVPN on the client now seemed to work.

Also, after having done this, I was able to connect successfully but couldn't connect to anything else. I spent ages checking all iptables and packet forwarding, but the error was actually that I had left the client.conf in the /etc/openvz directory. Removing that and restarting the openvpn service fixed this issue.