• Compute
    Compute

    Configure a popular Linux OS or use popular developer Tools

  • Cloud hosting
    Cloud hosting

    Host a VPS in the Cloud in seconds

  • Collaborate, CMS, CRM`s
    Collaborate, CMS, CRM`s

    Collaborate with these popular CMS, CRM & collaboration tools

  • Database & E-Commerce
    Database & E-Commerce

    Create a database or an E-Commerce environment in seconds

[Intermediate] How to: Enable TUN/TAP on Linux VPS with SkySilk

Modified on Mon, Jun 22, 2020 at 2:47 PM


TABLE OF CONTENTS


How to Enable TUN/TAP on Linux VPS


TUN/TAP is enabled by default on every SkySilk VPS!

Once enabled, please see below for information on activating TUN/TAP and enabling specific devices.


Activating the TUN device


When using a VPN, a special network device is used by the system to add a tunnel (TUN) to your virtual network stack. 

We have enabled this device by default on all of our VPS offerings, however, you will need to activate it from within your virtual machine by running the following commands as root:


cd /dev
mkdir net
mknod net/tun c 10 200
chmod 0666 net/tun


Script to Activate TUN at Startup


The above commands will need to be run every time the virtual machine starts, so we can create a convenient script that runs those commands automatically on machine startup. 

We will then add this script to the /etc/rc.local directory, which ensures that the script will run once the machine has booted for any reason. 


Create the following script in /usr/sbin/tunscript.sh using your favorite text editor (like nano):


#!/bin/bash
mkdir /dev/net
mknod /dev/net/tun c 10 200
chmod 0666 /dev/net/tun

Make sure that the script is executable:


chmod +x /usr/sbin/tunscript.sh

and add the script to /etc/rc.local so that it looks similar to this: (Note: If /etc/rc.local file does not exist, create the file in the /etc/ directory with the command "touch /etc/rc.local" )


/usr/sbin/tunscript.sh || exit 1                                                          
exit 0


The or (||) exit 1 will report a failure if the script failed to run. The exit 0 denotes the end of rc.local, and reports that rc.local has run successfully. 

Now the TUN device will be created every time the system boots. 

Note: On some Linux distributions you may receive this error when attempting to access the device after enabling TUN/TAP:


tun: Operation not permitted

If that is the case please send us a support ticket with your TUN/TAP enable request, and we will manually enable the device.


Why do I need to do this?


In order to provide a secure virtual environment, user access to system devices is strictly controlled. The devices subsystem of Linux is used to allow or deny access to specified system devices, such as FUSE mounts or hard drives. At an administrative level, this is controlled by adding or removing devices from the Device Whitelist for each user's control group. Furthermore, each VPS has it's own control group, which takes advantage of the Linux kernel's no-nonsense enforcement of permissions to isolate VMs from one another. 


The TUN/TAP interface is a system device found in the network stack, and the commands mentioned here create a file that allows your operating system to access that device. While each VPS has it's own private virtual network stack, certain system devices are disabled to prevent exploitation of your neighbors.


Fortunately, the TUN/TAP interface is secure and enabled for all of our VPS offerings, but must be manually activated when needed as a security precaution. 


The device is activated by running the mknod command, which creates a special file used by the operating system to communicate with the device. The arguments for this command denote the file, type, major number, and minor number. 

In this case, we are specifying that the /dev/net/tun file is a 'c', or character device - which means the system will treat the data in the file as characters, as opposed to blocks for a block device. The major and minor numbers are essentially the address for the device, where 10 is a miscellaneous category, and 200 specifically denotes the /dev/net/tun interface. 


For a complete list of devices available, click here.


Can you enable a device on my VPS?


We would be happy to! Please send us a support ticket with your request, and we will review it ASAP.



Join our Private Discord Chat to chat with, as well as find community assistance from other Verified SkySilk Users:
https://invite.gg/SkySilk 


CLICK TO DEPLOY AN UBUNTU LINUX VPS

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article