====== TUN/TAP/PPP inside unprivileged LXC ======

<file /etc/pve/lxc/100.conf>
lxc.mount.entry = /dev/net/tun dev/net/tun none bind,create=file
lxc.mount.entry = /dev/ppp dev/ppp none bind,create=file
</file>

NOTE: PPP requres ''CAP_NET_ADMIN'', and this is not possible to setup in unpriv container

Some hints:

<file /etc/pve/lxc/100.conf>
# With this container fails
#lxc.cap.keep: net_admin
lxc.cgroup.devices.allow = c 108:0 rwm
</file>

<code bash>
# On PVE host!
chown 100000:100000 /dev/ppp
</code>