How to Enable/Check TUN/TAP module in VPS(OpenVZ).

The terms TUN and TAP are commonly used in computer networking terminology. These are the virtual-network kernel devices. TUN is the short of network TUNnel and TAP is the short of network tap. The TUN simulates a network layer device and it operates with layer 3 packets like IP packets.

TAP simulates a link layer device and it operates with layer 2 packets like Ethernet frames. TUN is used with routing and TAP is used for creating a network bridge.

TUN/TAP kernel module is need to be enabled in VPS for VPN configuration. Here is a simple step to find out whether TUP/TAP is enabled or not in your VPS.

Step 1: Login to VPS via SSH

Step 2: Run this command:

# cat /dev/net/tun
cat: /dev/net/tun: File descriptor in bad state

The above output should be returned for a VPS having TUN/TAP enabled state. If you get any out put other than the above(Eg: cat: /dev/ppp: No such device or address, Permission denied etc) means TUN/TAP is not enabled or has problem with TUN/TAP kernal module.

How to enable TUN/TAP in OpenVZ?

Step 1: Login to Node via SSH.

Step 2: Run the below pasted command to find out tun module is already loaded or not

[[email protected]]# lsmod | grep tun
[[email protected]]#

If the output of the above commands returns a blank value means the tun module is not loaded in your Node.
Run the below command to load tum module.

[[email protected]]# modprobe tun
[[email protected]]# lsmod | grep tun
tun    82432  6

Step 3: Enabling TUN/TAP on VPS

To make sure that tun module will be automatically loaded on every reboot you can also add it or into /etc/modules.conf (on RHEL see /etc/sysconfig/modules/ directory) or into /etc/sysconfig/vz-scripts/VPSID.mount. (echo ‘modprobe tun’ >> /etc/sysconfig/vz-scripts/VPSID.mount)

Allow the container to use the tun/tap device by running the following commands on the host node:

[[email protected]]# vzctl set 101 --devnodes net/tun:rw --save
[[email protected]]# vzctl set 101 --devices c:10:200:rw --save 
[[email protected]]# vzctl stop 101 
[[email protected]]# vzctl set 101 --capability net_admin:on --save
[[email protected]]# vzctl start 101 
[[email protected]]# vzctl exec 101 mkdir -p /dev/net
[[email protected]]# vzctl exec 101 chmod 600 /dev/net/tun

That’s it.

Click here for more about TUN. Thank you.

