There can be various issues regarding the TUN device depending on your host environment. This usually means you do not have the tun kernel module. Properly loading the module on your host should do the trick, otherwise you might have to re-compile your Kernel with the tun module.
Kernel TUN/TAP support
OpenVZ supports VPN inside a container via kernel TUN/TAP module and device. To allow container myst to use the TUN/TAP device the following should be done:
Make sure the tun module has been already enabled/loaded on the physical server on which OpenVZ is installed and running:
lsmod | grep tun
If it is not there, use the following command to load tun module:
modprobe tun
To make sure that tun module will be automatically loaded on every reboot you can also add it or into /etc/modules.conf (on RHEL see /etc/sysconfig/modules/ directory).
Most common errors
#1 Could not open /dev/net/tun: Permission denied
This means that your /dev/net/tun file has the incorrect permissions. The correct permissions are crw-rw-rw-. Note your current permissions and compare them with the following output:
ls -l /dev/net
If your /dev/net/tun does not look like that, run the following to recreate that special file:
sudo rm /dev/net/tun
sudo mknod /dev/net/tun c 10 200
sudo chmod 666 /dev/net/tun
# check again now
ls -l /dev/net
#2 Cannot create TUN device file node: operation not permitted
This means you’re most like not super-user (sudo). However, you should never see this message unless you were trying to run:
sudo chmod 666 /dev/net/tun
Once you’ve correctly re-created /dev/net/tun, you can modprobe it:
sudo modprobe tun
If you received an error here, there are other issues, possibly there is a network profile, service or card that is incompatible with your current kernel.
#3 Failed to create TUN device: CreateTUN(\"myst0\") failed; /dev/net/tun does not exist"
In your Docker run command or docker-compose.yml file, use:
--device /dev/net/tun:/dev/net/tun
or
devices:
- /dev/net/tun:/dev/net/tun
#4 Modprobe: FATAL: Module tun not found in directory /lib/modules/...
This error means you are missing the tun.ko.xz or tun.ko.gz in your kernel modules. This can be because your current kernel is not compatible with the current version of the TUN/TAP device driver. This would generally only ever occur in Linux distros with Rolling Release models. It should never happen on a stable or long-term distro such as Ubuntu, Debian, CentOS, or RHEL.
If you received that error in a stable distro, then check if the header is there first:
find /lib/modules -iname tun\.*
If you see only one line when you run that command, tun was BUILT but not LOADED, try rebooting. You can also try removing any network related kernel packages you’ve installed and simply updating or upgrading your system.