Learn how to configure Tailscale to run in an unprivileged LXC container with full kernel-level TUN device support for optimal performance! This tutorial covers everything from basic LXC setup to the fascinating technical details of how TUN devices work under the hood. Including, but not limited to: - The difference between LXC and OCI (Docker) containers - How to configure an unprivileged LXC for Tailscale - The magic behind /dev/net/tun and kernel networking - Why TUN devices need special privileges - How VPN traffic flows through your system - When to use userspace vs kernel networking modes As usual, there are chapters available for finding the bit of the video you need. Personal accounts are always free on Tailscale and can include up to 3 users and 100 devices. Get started today at ## Code snippet ``` : c 10:200 rwm : /dev/net/tun dev/net/tun none bind,create=file ``` ---- Chapters: 00:00 - Start 01:58 - Configuring an LXC for Tailscale 06:36 - What is /dev/net/tun ?