Getting PiVPN to run on Proxmox LXC container

2020/02/01

Getting PiVPN to run on Proxmox LXC container

Problem

I want a quick & easy VPN solution to my homelab running Proxmox. Installing PiVPN is easiest, however, containers by default are not allowed to create TUN devices. I’ve tried installing Turnkey Linux with OpenVPN, but that gave me even more headaches as far as routing issues are concerned.. I want a quick and easy VPN solution that allows both access to my home network and internet, dammit!

Solution

A reader let me know that it’s important to make sure that the container is Privileged. This means either creating it as a privileged container, or change unprivileged = 1 in the /etc/pve/lxc/xxx.conf file to unprivileged = 0. Thanks Kees!

On the Proxmox host

Edit the /etc/pve/lxc/xxx.conf file; add the following:

lxc.cgroup.devices.allow = c 10:200 rwm
lxc.hook.autodev = sh -c "modprobe tun; cd ${LXC_ROOTFS_MOUNT}/dev; mkdir net; mknod net/tun c 10 200; chmod 0666 net/tun"

Make sure that unprivileged = 0.

Update: Since PVE 7.0, Proxmox makes use of the lcgroupsv2. Thus, the following should be added to the xxx.conf file:

lxc.cgroup2.devices.allow: c 10:200 rwm
lxc.hook.autodev = sh -c "modprobe tun; cd ${LXC_ROOTFS_MOUNT}/dev; mkdir net; mknod net/tun c 10 200; chmod 0666 net/tun"

On the container:

Perform commands:

cd /dev
mkdir net
mknod net/tun c 10 200
chmod 0666 net/tun

And reboot. Done.