How to allow LXC container to access /dev/net/tun


I am trying to allow my Debian container to create/access the tun device on TurrisOS but I have failed so far. From what I have found on the Internets it requires adding THIS to container config:

# Allow /dev/net/tun
lxc.cgroup.devices.deny = a
lxc.cgroup.devices.allow = c 10:200 rwm
lxc.hook.autodev = sh -c "modprobe tun; cd ${LXC_ROOTFS_MOUNT}/dev; mkdir net; mknod net/tun c 10 200; chmod 0$

But the container doesn’t start after such a change. I know that LXC is a bit out of date and I should switch to TOS4.x but for now I want to make it work on the old config. Anyone did something similar? Like setting up OpenVPN in a container for example?