Для запуска openvpn в lxc не привилегированном контейнере, в логах видим
systemd[1]: openvpn.service: Failed to reset devices.list: Operation not permitted service openvpn stop
nano /etc/init.d/tun
/bin/sh
### BEGIN INIT INFO
# Provides:tun
# Required-Start: $network
# Required-Stop: $openvpn
# Default-Start: S 1 2
# Default-Stop: 0 6
# Short-Description: Make a tun device.
# Description: Create a tundev for openvpn
### END INIT INFO
# Aktionen case \"$1\" in start)
mkdir /dev/net
mknod /dev/net/tun c 10 200
chmod 666 /dev/net/tun
stop)
rm /dev/net/tun
rmdir /dev/net
restart)
#do nothing!
esac
exit 0
chmod 755 /etc/init.d/tunupdate-rc.d tun defaultsservice openvpn start
