If you plan to install YAMS inside a Proxmox LXC container, some specific host-level configuration is required before you run the YAMS installation script. These steps ensure Docker and the VPN component (Gluetun) can function correctly within the LXC environment by providing access to the necessary TUN device.
Note: This guide is based on the solution discovered and shared by forum user Bobs_Manager. You can find the original discussion here on the YAMS Forum.
⚠️ Important: Only use an unprivileged LXC container for YAMS. Privileged containers pose significant security risks and are not recommended.
Follow these steps on your Proxmox host system:
Access the Proxmox Host Shell: Log into your Proxmox server via SSH or use the web UI’s shell access for the node (not the LXC console).
Edit the LXC Configuration File: Open the configuration file specific to the LXC container where you intend to install YAMS. Replace <container-ID>
with the actual numeric ID of your LXC container.
nano /etc/pve/lxc/<container-ID>.conf
Add Configuration Lines: Append the following lines to the end of the file. These lines grant the container necessary permissions and crucially mount the /dev/net/tun
device from the host into the container.
lxc.cgroup.devices.allow: a
lxc.cap.drop:
lxc.cgroup2.devices.allow: c 10:200 rwm
lxc.mount.entry: /dev/net/tun dev/net/tun none bind,create=file
Your configuration file should now look similar to this at the end:
Save and Close: Save the changes to the configuration file and exit the editor.
Restart the LXC Container: For the changes to take effect, you must restart the LXC container. You can do this via the Proxmox web UI or using the following commands on the Proxmox host:
pct stop <container-ID>
pct start <container-ID>
After completing these prerequisites and restarting the LXC container, you can now log into the LXC container’s console and proceed with the standard YAMS installation as described in the Installation Guide.