====== TUN/TAP/PPP inside unprivileged LXC ======
lxc.mount.entry = /dev/net/tun dev/net/tun none bind,create=file
lxc.mount.entry = /dev/ppp dev/ppp none bind,create=file
NOTE: PPP requres ''CAP_NET_ADMIN'', and this is not possible to setup in unpriv container
Some hints:
# With this container fails
#lxc.cap.keep: net_admin
lxc.cgroup.devices.allow = c 108:0 rwm
# On PVE host!
chown 100000:100000 /dev/ppp