How to Enable/Check TUN/TAP module in VPS(OpenVZ).

The terms TUN and TAP are commonly used in computer networking terminology. These are the virtual-network kernel devices. TUN is the short of network TUNnel and TAP is the short of network tap. The TUN simulates a network layer device and it operates with layer 3 packets like IP packets.

TAP simulates a link layer device and it operates with layer 2 packets like Ethernet frames. TUN is used with routing and TAP is used for creating a network bridge.

TUN/TAP kernel module is need to be enabled in VPS for VPN configuration. Here is a simple step to find out whether TUP/TAP is enabled or not in your VPS.

Step 1: Login to VPS via SSH

Step 2: Run this command:

# cat /dev/net/tun
cat: /dev/net/tun: File descriptor in bad state

The above output should be returned for a VPS having TUN/TAP enabled state. If you get any out put other than the above(Eg: cat: /dev/ppp: No such device or address, Permission denied etc) means TUN/TAP is not enabled or has problem with TUN/TAP kernal module.

How to enable TUN/TAP in OpenVZ?

Step 1: Login to Node via SSH.

Step 2: Run the below pasted command to find out tun module is already loaded or not

[root@Node]# lsmod | grep tun

If the output of the above commands returns a blank value means the tun module is not loaded in your Node.
Run the below command to load tum module.

[root@Node]# modprobe tun
[root@Node]# lsmod | grep tun
tun    82432  6

Step 3: Enabling TUN/TAP on VPS

To make sure that tun module will be automatically loaded on every reboot you can also add it or into /etc/modules.conf (on RHEL see /etc/sysconfig/modules/ directory) or into /etc/sysconfig/vz-scripts/VPSID.mount. (echo ‘modprobe tun’ >> /etc/sysconfig/vz-scripts/VPSID.mount)

Allow the container to use the tun/tap device by running the following commands on the host node:

[root@Node]# vzctl set 101 --devnodes net/tun:rw --save
[root@Node]# vzctl set 101 --devices c:10:200:rw --save 
[root@Node]# vzctl stop 101 
[root@Node]# vzctl set 101 --capability net_admin:on --save
[root@Node]# vzctl start 101 
[root@Node]# vzctl exec 101 mkdir -p /dev/net
[root@Node]# vzctl exec 101 chmod 600 /dev/net/tun

That’s it.

Click here for more about TUN. Thank you.

Post navigation

Arunlal Ashok

Cloud Infrastructure / DevOps Engineer. I know her (Linux) since many years. Linux lover. Like to play on Linux console. I started this blog to share and discuss Linux thoughts.

Always happy for an open discussion! Write to arun (@) crybit (dot) com. Check about me for more details. About this blog and our strong members, check The team

5 thoughts on “How to Enable/Check TUN/TAP module in VPS(OpenVZ).

    1. Dear Admin please update the article with the above command between the following commands,

      [root@Node]# vzctl exec 101 mkdir -p /dev/net
      [root@Node]# vzctl exec 101 chmod 600 /dev/net/tun

Leave a Reply

Your email address will not be published. Required fields are marked *