|
| 1 | +--- |
| 2 | +title: TUN device enablement |
| 3 | +description: Learn how to enable TUN devices for VPN usage within Coder. |
| 4 | +state: alpha |
| 5 | +--- |
| 6 | + |
| 7 | +By default, Coder workspaces do not contain a TUN device, making it difficult to |
| 8 | +run a VPN. However, Coder offers an admin configuration setting that, when |
| 9 | +enabled, automatically creates a TUN device within all Kubernetes [CVM-enabled |
| 10 | +workspaces](cvms/index.md). |
| 11 | + |
| 12 | +> At this time, Coder does not support TUN devices for other workspace types |
| 13 | +> (such as EC2 or Docker). |
| 14 | +> |
| 15 | +> If you're working with EC2 workspaces, we recommend enabling privileged mode |
| 16 | +> in the workspace provider settings, which will allow users to create their own |
| 17 | +> TUN device. |
| 18 | +
|
| 19 | +## Enable TUN devices in Coder |
| 20 | + |
| 21 | +To enable TUN devices for Kubernetes [CVM-enabled workspaces](cvms/index.md): |
| 22 | + |
| 23 | +1. Log into Coder, and go to **Manage** > **Admin**. |
| 24 | +1. On the **Infrastructure** page, scroll down to the **Workspace container |
| 25 | + runtime** section. |
| 26 | +1. Under **Enable TUN device**, click the toggle to switch this feature **On**. |
| 27 | +1. Click **Save workspaces**. |
| 28 | + |
| 29 | + |
| 30 | + |
| 31 | +The new setting will apply to workspaces **after** you rebuild them. |
| 32 | + |
| 33 | +Users running workspaces with TUN devices should be able to run VPN clients |
| 34 | +within their workspace as long as they have root (or `sudo`) access within their |
| 35 | +workspace. |
| 36 | + |
| 37 | +> We've tested this feature using the [Tailscale](https://tailscale.com/) VPN |
| 38 | +> within Coder. |
0 commit comments