By default, Coder workspaces do not contain a TUN device, making it difficult to run a VPN. However, Coder offers an admin configuration setting that, when enabled, automatically creates a TUN device within all Kubernetes CVM-enabled workspaces.
At this time, Coder does not support TUN devices for other workspace types (such as EC2 or Docker).
If you're working with EC2 workspaces, we recommend enabling privileged mode in the workspace provider settings, which will allow users to create their own TUN device.
To enable TUN devices for Kubernetes CVM-enabled workspaces:
The new setting will apply to workspaces after you rebuild them.
Users running workspaces with TUN devices should be able to run VPN clients
within their workspace as long as they have root (or
sudo) access within their
We've tested this feature using the Tailscale VPN within Coder.