Install Tailscale in LXC Container on Proxmox VE

  • Blog
  • Install Tailscale in LXC Container on Proxmox VE

If you install Tailscale on an LXC container running in Proxmox VE environment you may encounter an error when starting the tailscaled.service service. The error will look something like below:

Jul 22 13:12:00 pihole tailscaled[442501]: logger closing down
Jul 22 13:12:01 pihole tailscaled[442501]: getLocalBackend error: createEngine: tstun.New("tailscale0"): CreateTUN("tailscale0") failed; /dev/net/tun does not exist
Jul 22 13:12:01 pihole systemd[1]: tailscaled.service: Main process exited, code=exited, status=1/FAILURE

From the error we can see Tailscale requires /dev/net/tun but from the LXC container the kernel module is not loaded.

$ ls -l /dev/net/tun
ls: cannot access '/dev/net/tun': No such file or directory

But on the load you will see it’s loaded.

root@pvenode:~# ls -l /dev/net/tun
crw-rw-rw- 1 root root 10, 200 Jun  2 17:55 /dev/net/tun

TUN (“network TUNnel”) is a software-based virtual network kernel device that is used to routing packets. It works by simulating a physical network interface. The TUN device operates at layer 3 of the OSI model ( network layer) and used to route packets between user space and kernel space. TUN is commonly used in the creation of VPNs (Virtual Private Networks) and tunneling applications. It allows software applications to handle packets directly.

Enable /dev/net/tun in LXC Container

We can allow the creation a TUN device in the LXC container by modifying the container’s configuration as follows:

Option 1: Automated method

We created a bash script available in our Github repository that enables you to enable creation of TUN device.

Clone the repository:

git clone https://github.com/cloudspinx/proxmox_scripts.git

Change into proxmox_scripts dirctory:

cd proxmox_scripts

Run the script to active creation of TUN device in your LXC container:

bash enable_tun_for_container.sh

Select Container ID:

Available containers:
VMID       Status     Lock         Name
109        running                 cloud.cloudspinx.com
110        running                 pihole.cloudspinx.com
111        running                 projects.cloudspinx.com
112        running                 grafana.cloudspinx.com
114        running                 dash.cloudspinx.com
115        running                 erp.cloudspinx.com
116        stopped                 erp-14-template
Enter the container ID you want to modify: 111
Stopping container 111...


Starting container 111...
Verifying /dev/net/tun inside the container...

crw-rw-rw- 1 nobody nogroup 10, 200 Jun  2 17:55 /dev/net/tun
Success: /dev/net/tun exists inside the container.
Done.

You can validate manually by:

pct enter <container_id>

Then check device availability:

$ ls -l /dev/net/tun
crw-rw-rw- 1 root root 10, 200 Jun  2 17:55 /dev/net/tun

Option 2: Manual activation method

If not using automated method then follow the following steps to enable manually.

Step 1: List all LXC containers in Proxmox VE

List all containers available in your Proxmox Virtual Environment.

# pct list
VMID       Status     Lock         Name
109        running                 cloud.cloudspinx.com
110        running                 pihole.cloudspinx.com
111        running                 projects.cloudspinx.com
112        running                 grafana.cloudspinx.com
114        running                 dash.cloudspinx.com
115        running                 erp.cloudspinx.com

Step 2: Stop the container

If the LXC container that you want to modify is running, stop it.

pct stop <container_id>

Step 3: Edit container configuration file

Open the container configuration located at /etc/pve/lxc/<container_id>.conf.

nano /etc/pve/lxc/<container_id>.conf

# Example of container ID 110
nano /etc/pve/lxc/110.conf

At the end of the file, add the following lines:

lxc.cgroup2.devices.allow: c 10:200 rwm
lxc.mount.entry: /dev/net/tun dev/net/tun none bind,create=file

Step 4: Start Container

With the configurations made, restart your LXC contaiener.

pct start <container_id>

Step 5: Verify creation of /dev/net/tun

Access container shell

pct enter <container_id>

Check for the creation of /dev/net/tun device.

$ ls -l /dev/net/tun
crw-rw-rw- 1 root root 10, 200 Jun  2 17:55 /dev/net/tun

You can then proceed with the installation and configuration of Tailscale or Headscale.

Your IT Journey Starts Here!

Ready to level up your IT skills? Our new eLearning platform is coming soon to help you master the latest technologies.

  • Learn at your own pace
  • Access expert-led premium content
  • Gain in-demand IT certification tips and practice questions
  • Master essential skills: Linux, Scripting and Automation, Kubernetes, Cloud, IaC, GitOps, DevOps, Cybersecurity, and more.

Be the first to know when we launch! Join our waitlist now.

Join Waiting List
Twitter Facebook Linkedin Whatsapp Reddit

Join our Linux and open source community. Subscribe to our newsletter for tips, tricks, and collaboration opportunities!

Recent Post

Categories

Leave a Comment

Your email address will not be published. Required fields are marked *

Related Post

Git PR vs MR vs Release vs RC vs Tag vs Branch

Let’s clarify the differences between merge requests (commonly called pull requests in GitHub), releases, release candidates (RCs), tags, and branches […]

  • NO COMMENTS
  • September 5, 2024
Set up Kind Kubernetes with Nginx Ingress using Terraform

Kind (which in full means “Kubernetes IN Docker”), is a command line tool that enables you to run Kubernetes clusters […]

  • NO COMMENTS
  • September 1, 2024
Migrate packages from one cPanel server to another

Are you looking for an easy way to migrate packages from one cPanel server to a new cPanel server? In […]

  • NO COMMENTS
  • August 28, 2024

You can connect with CloudSpinx using the following channels

Hosting Services  
Consultancy Services
Development Services
Networking Services
  • Structured Cabling
  • Firewall solutions
  • Smart Home Solutions
  • Internet filtering
  • Surveillance
  • Communication
Storage & Backup
  • NAS / SAN Storage
  • Software-defined storage (SDS)
  • OS / Apps Backups
  • CCTV Backups
  • Data Recovery
Office Services
Business Applications
  • ERP
  • CRM
  • POS
  • Project Management
  • Communication
  • Communication & Collaboration
  • Accounting & Finance
  • Asset Management
  • E-commerce Platforms
  • Business intelligence
Latest Articles
Newsletter
Follow Us
X-twitter Linkedin Facebook-f Github
Contact US
© Copyright 2024 CloudSpinx Limited
Download CloudSpinx Profile!

Cancellation Policy

Refund Policy

TOS

Let's Connect

Unleash the full potential of your business with CloudSpinx. Our expert solutions specialists are standing by to answer your questions and tailor a plan that perfectly aligns with your unique needs.
You will get a response from our solutions specialist within 12 hours
We understand emergencies can be stressful. For immediate assistance, chat with us now

Contact CloudSpinx today!

Download CloudSpinx Profile

Discover the full spectrum of our expertise and services by downloading our detailed Company Profile. Simply enter your first name, last name, and email address.