Enable TUN/TAP device in Centos 6 HN w/VZ 4.7

Discussion in 'General Discussion' started by HoracioS, Oct 30, 2011.

  1. HoracioS

    HoracioS Kilo Poster

    Messages:
    118
    According to recent updated http://kb.parallels.com/696, you need to enable tun in /etc/modprobe.conf.

    The main problem is /etc/modprobe.conf has been deprecated in CentOS 6 !!!!

    Can you please explain and update KB with the solution for it?


    with best regards,
    Horacio
  2. Faris Raouf

    Faris Raouf Product Expert

    Messages:
    772
    You just need to create a new file in /etc/modprobe.d/ or find a suitable file in there to add the line to, then (I would guess) use the install command.

    Having said that, you don't necessarily need to do so. I don't know about Centos 6, but in Centos 5 it certainly isn't needed.

    If you lsmod | grep tun then you may well find it is loaded anyway, and it is likely to be loaded before VZ by default. In other words you don't necessarily need to do anything other than follow the rest of the instructions.

    Faris.
  3. Faris Raouf

    Faris Raouf Product Expert

    Messages:
    772
    p.s. check out /etc/rc.modules -- dunno it's status in Centos 6, but that's where I load modules early in Centos 5.
  4. HoracioS

    HoracioS Kilo Poster

    Messages:
    118
    Thank you very much Faris.

    Can you please detail the syntax into the .conf file?
    I added: alias tun , but I think is a wrong syntax.

    thank you very much in advance
  5. Faris Raouf

    Faris Raouf Product Expert

    Messages:
    772
    Yes, you'd probably need to use the install command in /etc/modprobe.d/whatver.conf

    I'd be much more comfortable loading it via /etc/rc.modules to be honest, where the syntax is simply "modprobe tun", just as you'd do at the command line.

    Faris.
  6. figjam

    figjam New Member

    Messages:
    110
    Hi Horacio,

    As Faris says, you usually don't need to specifically load the tun module. "lsmod | grep tun" should show it as already loaded. For other modules such as fuse, I follow documents like this What is the correct way to load modules for iptables on Centos 6 and put an executable file in /etc/sysconfig/modules

    I call mine virtuozzo.modules. All you need to do is create /etc/sysconfig/modules/virtuozzo.modules with the following contents:

    #!/bin/sh
    modprobe tun



    Save and exit the file, execute:
    chmod 700 /etc/sysconfig/modules/virtuozzo.modules

    and it will be automatically loaded/run at boot. I originally started using this method in CentOS 5 and it's the same for CentOS 6.

    Cheers,


    Andrew
  7. figjam

    figjam New Member

    Messages:
    110
    Hi Horacio,

    It took me a while, but I just remembered that the recommended way to have the tun module and any dependencies loaded is to make sure openvpn is installed and configured to start on boot, as per step 5 of the kb article you referred to How to configure TUN/TAP devices inside a container to install VPN software?

    Just do a:
    yum install openvpn

    and:
    chkconfig --add openvpn

    and it will all be taken care of.


    Cheers,


    Andrew
  8. KristianM

    KristianM Product Expert

    Messages:
    426
    Hi,

    you should change that to:
    "/sbin/modprobe tun"

    As it is possible that no $PATH is set yet while booting.
    Just to be on the safe side :)

    Regards,
    Kristian
  9. Faris Raouf

    Faris Raouf Product Expert

    Messages:
    772
    Just to backtrack a bit....

    The part of the KB that says to install openvpn (from the VZ CD, if I remember correctly) never made sense to me.

    Firstly, it means you end up with openvpn on your HN, which isn't necessarily what you want.

    Secondly, openvpn is excluded from yum updates by the vz yum exclude file, I think, so you'd never get any updates.

    So ... does anybody have any ideas/guesses why these instructions might be in the KB? I'm guessing something in the openvpn init.d makes sure mod tun gets loaded? Maybe that's all there is to it.
  10. figjam

    figjam New Member

    Messages:
    110
    It's wrong. OpenVPN is installed but but not enabled by default when you install Virtuozzo 4.0. That would be why it's excluded in the default yum repositories. You actually only have to execute:

    chkconfig --add openvpn

    once Virtuozzo is installed.



    Cheers,


    Andrew
  11. KristianM

    KristianM Product Expert

    Messages:
    426
    Hi,

    actually the only reason that OpenVPN is installed is that you can create a secure tunnel to Parallels.
    There is actually no requirement to install openvpn to "install" or "activate" the tun module.
    As the tun module is part of the kernel package, all one actually has to do is:

    "/bin/modprobe tun" and then check with "lsmod | grep tun". The next step will be to add this device to the CTs.

    Regards,
    Kristian

Share This Page