Introduction

While setting up Container1 inside an OpenVZ container, I encountered the following error:

ls: cannot access /dev/net/tun: No such file or directory

This occurs when the TUN/TAP device is not enabled for the container. Since many networking applications rely on /dev/net/tun to create virtual network interfaces, its absence can prevent services from starting correctly. This article explains the cause of the issue and the steps required to enable the TUN device and restore functionality.

Understanding the Problem

In OpenVZ environments, containers do not automatically receive access to host devices. The TUN device must be explicitly enabled by the host node administrator. If it is not enabled, applications that depend on a TUN/TAP interface will fail to start.

This issue can occur after:
Deployment of a new service requiring TUN/TAP access
Container migrations
Host-level configuration changes
Node reboots
Container recreation

The Solution

The fix must be applied on the OpenVZ host node, not inside the container.

Enable TUN support using the following commands:

vzctl set <CTID> --devnodes net/tun:rw --save
vzctl set <CTID> --devices c:10:200:rw --save
vzctl restart <CTID>

Replace <CTID> with your actual container ID.

What These Commands Do

  1. Enable the TUN Device Node: vzctl set <CTID> --devnodes net/tun:rw --save — This allows the container to access /dev/net/tun with read and write permissions.
  2. Allow the TUN Character Device: vzctl set <CTID> --devices c:10:200:rw --save — This grants access to the Linux TUN/TAP character device (major number 10, minor number 200).
  3. Restart the Container: vzctl restart <CTID>— A restart is required for the changes to take effect.

Verifying the Fix

After the container restarts, run:

ls -l /dev/net/tun

Expected output:

crw-rw-rw- 1 root root 10, 200 ... /dev/net/tun

You can also test the device using:

cat /dev/net/tun

The message ‘File descriptor in bad state’ is normal and confirms that the TUN device is present and functioning correctly.

Additional Host Verification

If the problem persists, verify that the TUN kernel module is loaded on the host:

lsmod | grep tun

If no output is returned, load the module using:

modprobe tun

Then restart the container and test again.

Conclusion

The /dev/net/tun: No such file or directory error is a common issue in OpenVZ containers when TUN device access has not been enabled. Fortunately, the solution is straightforward once you know that the TUN device must be enabled at the host level.

By granting the required device permissions and restarting the container, Container1 can successfully create tunnel interfaces and operate normally. Understanding how OpenVZ handles device access can help administrators quickly diagnose and resolve similar networking and container-related issues in the future.

Post Views: 0

Leave a Reply