TUN/TAP are commonly used in computer networking. Basically they are used to provide packet reception and transmission for user space programs. TUN stands for network TUNnel is a network layer device (it operates with layer 3 packets like IP packets) and TAP stands for network TAP and it is a link layer device and both of them are the virtual-network kernel devices. The TUN simulates a network layer device and it operates with layer 3 packets like IP packets.
Activating TUN/TAP module
TUN/TAP module is a subject to action on node-side. TUN/TAP kernel module is needed to be enabled in VPS for VPN configuration because TUN is used with routing and TAP is used for creating a network bridge. TUN/TAP can be viewed as a simple Point-to-Point or Ethernet device. It sent and receives packets from user space program. TUN works with IP frames whereas TAP works with Ethernet frames.
Checking TUN/TAP on a VPS server
As we previously stated TUN/TAP kernel module is need to be enabled in VPS for VPN configuration. There is a simple way to find out whether TUP/TAP is enabled or not in your VPS server. All you need is a root access to server. After logging in type:
# cat /dev/net/tun
Then you may see one of two outputs.
Case 1
cat: /dev/net/tun: File descriptor in bad state
The above output should be returned for a VPS having TUN/TAP enabled state.
Case 2
cat: /dev/ppp: No such device or address
Also it may return “Permission denied” or other error message. All these mean that VPS server has no TUN/TAP interface or it’s not enabled or there is a problem with TUN/TAP kernal module.
How to enable iptables in container (OpenVZ)
Login to your server node via SSH. And run the command below:
vzctl set 99 --netfilter full --save
’99’ – is a container ID (could be checked in VMmgr or openvz console)
This will activate an iptables module for selected containers.