Configuring openvpn in LXC container

By default, the openvpn service will not run in the lxc container. The container does not have permission to create the tun interface. It's not difficult to fix it, I'll tell you below what needs to be done.

After running openvpn in the lxc container, you will see the following error in the log:

ERROR: Cannot open TUN/TAP dev /dev/net/tun: No such file or directory (errno=2)
Exiting due to fatal error

The container cannot create a network interface. He doesn't have the right to do it. Let's give these rights. You need to add parameters to the container config:

lxc.mount.entry = /dev/net dev/net none bind,create=dir
lxc.cgroup.devices.allow = c 10:200 rwm

If you have proxmox , then you need to change the wrong config that lives at approximately the same address - / var / lib / lxc / 103 / config, it is erased after each start. This one is /etc/pve/lxc/103.conf . It accepts the format of lxc configs, so the data can be added in its original form, although the existing parameters are indicated there differently.

After the changes, don't forget to restart the container.