Fixin’ issues one ticket at a time!
vps
VPN via the TUN/TAP device
Aug 13th
I had a client contact me earlier this morning because one of their clients was receiving the following error on their VPS when trying to run OpenVPN.
Note: Cannot open TUN/TAP dev /dev/net/tun: Permission denied (errno=13) Note: Attempting fallback to kernel 2.2 TUN/TAP interface Cannot open TUN/TAP dev /dev/tun0: No such file or directory (errno=2)
I’ve never run into this issue before, but was able to find an awesome tutorial on the OpenVZ website.
First, make sure the tun module has been already loaded on the hardware node:
# lsmod | grep tun
If it is not there, use the following command to load tun module:
# modprobe tun
To make sure that tun module will be automatically loaded on every reboot you can also add it or into /etc/modules.conf (on RHEL see /etc/sysconfig/modules/ directory) or into /etc/sysconfig/vz-scripts/VEID.mount. (echo ‘modprobe tun’ >> /etc/sysconfig/vz-scripts/VEID.mount)
Allow your container to use the tun/tap device by running the following commands on the host node:
vzctl set VEID --devices c:10:200:rw --save vzctl set VEID --capability net_admin:on --save
And create the character device file inside the container (execute the following on the host node):
vzctl exec VEID mkdir -p /dev/net vzctl exec VEID mknod /dev/net/tun c 10 200 vzctl exec VEID chmod 600 /dev/net/tun
Enter cat /dev/net/tun to test whether the TUN/TAP device is available:
- If you receive the message cat: /dev/net/tun: File descriptor in bad state your TUN/TAP device is ready for use.
- If you receive the message cat: /dev/net/tun: No such device the TUN/TAP device was not successfully created.
Enable NAT module for VPS can’t initialize iptables table `nat’: Table does not exist
Aug 10th
I was getting the following error in a container on one of my nodes.
[root@server1 ~]# iptables -t nat -F
iptables v1.3.5: can’t initialize iptables table `nat’: Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.[root@server1 ~]# iptables -t nat -nvL
iptables v1.3.5: can’t initialize iptables table `nat’: Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
You can fix this by using the following commands.
[root@yoshi ~]# vzctl stop 150
[root@yoshi ~]# vzctl set 150 –iptables “iptable_nat iptable_filter iptable_mangle ip_conntrack ipt_conntrack ipt_REDIRECT ipt_REJECT ipt_multiport ipt_helper ipt_LOG ipt_state” –save
Saved parameters for VE 150
[root@yoshi ~]# vzctl restart 150
[root@yoshi ~]# vzctl enter 150
[root@server1 ~]# iptables -t nat -nvL
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destinationChain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destinationChain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
A few OpenVZ commands
Feb 28th
Below are the commonly used OpenVZ commands, which are run from the main node.
vzlist -a
Shows list of all the VPS’s hosted on the Node.
vzctl start VEID
To start the VPS
vzctl stop VEID
To stop (Shut Down) the VPS
vzctl status VEID
To view the status of the particular VPS
vzctl stop VEID –fast
To stop the VPS quickly and forcefully
vzctl enter VEID
To enter in a particular VPS
vzctl set VEID –hostname vps.domain.com –save
To set the Hostname of a VPS
vzctl set VEID –ipadd 1.2.3.4 –save
To add a new IP to the hosting VPS
vzctl set VEID –ipdel 1.2.3.4 –save
To delete the IP from VPS
vzctl set VEID –userpasswd root:new_password –save
To reset root password of a VPS
vzctl set VEID –nameserver 1.2.3.4 –save
To add the nameserver IP’s to the VPS
vzctl exec VEID command
To run any command on a VPS from Node
vzyum VEID install package_name
To install any package/Software on a VPS from Node
**VEID refers to the ID of the Particular VPS**