How do I allow /dev/net/Tun in a LXD managed LXC container?

I am trying to get Openvpn run inside a LXD/LXC container, and redirect traffic coming to the container to the VPN.

The purpose is to replace a fully fledged VM that does exactly that (and toy with LXD :-)

I managed to get an IP from my main DHCP server, set up the iptables rules for masquerading / forwarding the traffic, but when I try to launch openvpn, it is blocked by the lack of (access to) /dev/net/tun device.

I came accross this post on ServerFault https://serverfault.com/questions/429461/no-tun-device-in-lxc-guest-for-openvpn, but it does not seem to work with current version of LXC and/or LXD managing the configuration...

EDIT: I tried using this incantation, but it did not succeed:

lxc config set mycontainer raw.lxc 'lxc.cgroup.devices.allow = c 10:200 rwm'

EDIT2: tried lxc config device add mycontainer tun unix-char path=/dev/net/tun major=10 minor=200 but on next stop/start, I got

error: Failed configuring device tun: Not implemented

Now I can't even lxc config device remove mycontainer tun as it throws the same Not implemented error. Container seems to be lost...

Thanks. I created the node. I changed its owner:group to 100000:100000. But I still can't see it from within the container...

This solved the ERROR: Cannot open TUN/TAP dev /dev/net/tun: No such file or directory (errno=2) error I've been getting trying to initiate an OpenVPN connection from a container. Mentioning this here in hopes to add this answer to Google searches on that error. If this also solved @alci 's question, this answer should be accepted.

I now get ERROR: Cannot open TUN/TAP dev /dev/net/tun: Operation not permitted (errno=1) instead of ERROR: Cannot open TUN/TAP dev /dev/net/tun: No such file or directory (errno=2)