Welcome!

Share and discuss the best content and new marketing ideas, build your professional profile and become a better marketer together.

Sign up

This question has been flagged
82 Views

READ here 

This guide explains the process of setting up an OpenVPN container on an unprivileged Debian container with LXC.

All the commands assume a default PVE installation from the official installer.

If your storage is called differently, please adapt the commands accordingly. (e.g., replace ‘local’ with the name of your storage for holding the templates)

Creating the Container

Firstly you need to download the Debian container template.

 # pveam update
 # pveam available | grep debian-10-standard
 system          debian-10-standard_10.7-1_amd64.tar.gz
 # pveam download local debian-10-standard_10.7-1_amd64.tar.gz

After the download is finished, create the container:

 #  pct create 123 local:vztmpl/debian-10-standard_10.7-1_amd64.tar.gz --unprivileged 1 -features nesting=1 --net0 name=eth0,bridge=vmbr0,firewall=1,ip=dhcp,type=veth --storage local-lvm

After container is created, you need to edit the configuration file to add the /dev/net/tun device.

 # pct config 123
 arch: amd64
 hostname: CT123
 memory: 512
 net0: name=eth0,bridge=vmbr0,firewall=1,hwaddr=FE:75:64:2A:A3:58,ip=dhcp,type=veth
 ostype: debian
 rootfs: local-lvm:vm-123-disk-0,size=4G
 features: nesting=1
 swap: 512
 unprivileged: 1
 # nano /etc/pve/lxc/123.conf

Add the following lines at the end (if you’re using PVE

 lxc.cgroup2.devices.allow: c 10:200 rwm
 lxc.mount.entry: /dev/net dev/net none bind,create=dir

Press Ctrl-X and answer “Y” for saving and press Enter.

For your unprivileged container to be able to access the /dev/net/tun from your host, you need to set the owner by running:

 # chown 100000:100000 /dev/net/tun

Check the permissions are set correctly:

 # ls -l /dev/net/tun
 crw-rw-rw- 1 100000 100000 10, 200 Dec 22 13:26 /dev/net/tun

Finally start the container:

 # pct start 123

If you did everything correctly then the container should start.

Avatar
Discard