I had a client contact me earlier this morning because one of their clients was receiving the following error on their VPS when trying to run OpenVPN.

Note: Cannot open TUN/TAP dev /dev/net/tun: Permission denied (errno=13)
Note: Attempting fallback to kernel 2.2 TUN/TAP interface
Cannot open TUN/TAP dev /dev/tun0: No such file or directory (errno=2)

I’ve never run into this issue before, but was able to find an awesome tutorial on the OpenVZ website.

First, make sure the tun module has been already loaded on the hardware node:

# lsmod | grep tun

If it is not there, use the following command to load tun module:

# modprobe tun

To make sure that tun module will be automatically loaded on every reboot you can also add it or into /etc/modules.conf (on RHEL see /etc/sysconfig/modules/ directory) or into /etc/sysconfig/vz-scripts/VEID.mount.

echo 'modprobe tun' /etc/sysconfig/vz-scripts/VEID.mount

Allow your container to use the tun/tap device by running the following commands on the host node:

vzctl set VEID --devices c:10:200:rw --save
vzctl set VEID --capability net_admin:on --save

And create the character device file inside the container (execute the following on the host node):

vzctl exec VEID mkdir -p /dev/net
vzctl exec VEID mknod /dev/net/tun c 10 200
vzctl exec VEID chmod 600 /dev/net/tun

Enter cat /dev/net/tun to test whether the TUN/TAP device is available:

• If you receive the message cat: /dev/net/tun: File descriptor in bad state your TUN/TAP device is ready for use.
• If you receive the message cat: /dev/net/tun: No such device the TUN/TAP device was not successfully created.

I was getting the following error in a container on one of my nodes.

[root@server1 ~]# iptables -t nat -F
iptables v1.3.5: can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

[root@server1 ~]# iptables -t nat -nvL
iptables v1.3.5: can’t initialize iptables table `nat’: Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.

You can fix this by using the following commands.

[root@yoshi ~]# vzctl stop 150
[root@yoshi ~]# vzctl set 150 --iptables "iptable_nat iptable_filter iptable_mangle  ip_conntrack ipt_conntrack ipt_REDIRECT ipt_REJECT ipt_multiport  ipt_helper ipt_LOG ipt_state" --save
Saved parameters for VE 150
[root@yoshi ~]# vzctl restart 150
[root@yoshi ~]# vzctl enter 150
[root@server1 ~]# iptables -t nat -nvL
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source               destination

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source               destination

Below are the commonly used OpenVZ commands, which are run from the main node.

Shows list of all the VPS’s hosted on the Node.

vzlist -a

To start the VPS

vzctl start VEID

To stop (Shut Down) the VPS

vzctl stop VEID

To view the status of the particular VPS

vzctl status VEID

To stop the VPS quickly and forcefully

vzctl stop VEID –fast

To enter in a particular VPS

vzctl enter VEID

To set the Hostname of a VPS

vzctl set VEID –hostname vps.domain.com –save

To add a new IP to the hosting VPS

vzctl set VEID –ipadd 1.2.3.4 –save

To delete the IP from VPS

vzctl set VEID –ipdel 1.2.3.4 –save

To reset root password of a VPS

vzctl set VEID –userpasswd root:new_password –save

To add the nameserver IP’s to the VPS

vzctl set VEID –nameserver 1.2.3.4 –save

To run any command on a VPS from Node

vzctl exec VEID command

To install any package/Software on a VPS from Node

vzyum VEID install package_name 

**VEID refers to the ID of the Particular VPS**