I had a client contact me earlier this morning because one of their clients was receiving the following error on their VPS when trying to run OpenVPN.

Note: Cannot open TUN/TAP dev /dev/net/tun: Permission denied (errno=13)
Note: Attempting fallback to kernel 2.2 TUN/TAP interface
Cannot open TUN/TAP dev /dev/tun0: No such file or directory (errno=2)

I’ve never run into this issue before, but was able to find an awesome tutorial on the OpenVZ website.

First, make sure the tun module has been already loaded on the hardware node:

# lsmod | grep tun

If it is not there, use the following command to load tun module:

# modprobe tun

To make sure that tun module will be automatically loaded on every reboot you can also add it or into /etc/modules.conf (on RHEL see /etc/sysconfig/modules/ directory) or into /etc/sysconfig/vz-scripts/VEID.mount.

echo 'modprobe tun' /etc/sysconfig/vz-scripts/VEID.mount

Allow your container to use the tun/tap device by running the following commands on the host node:

vzctl set VEID --devices c:10:200:rw --save
vzctl set VEID --capability net_admin:on --save

And create the character device file inside the container (execute the following on the host node):

vzctl exec VEID mkdir -p /dev/net
vzctl exec VEID mknod /dev/net/tun c 10 200
vzctl exec VEID chmod 600 /dev/net/tun

Enter cat /dev/net/tun to test whether the TUN/TAP device is available:

• If you receive the message cat: /dev/net/tun: File descriptor in bad state your TUN/TAP device is ready for use.
• If you receive the message cat: /dev/net/tun: No such device the TUN/TAP device was not successfully created.