Enable TUN/TAP device support in Cloud Agent VMs for VPN connectivity

Ideas Feature Requests
, ,
1

Feature request for product/service

Background Agent (GitHub, Slack, Linear,…)

Describe the request

Cloud Agent VMs currently run on a custom kernel (6.1.147) inside Docker containers that do not expose the TUN/TAP device (/dev/net/tun). The TUN kernel driver is not built into the kernel and /lib/modules/ does not exist, so it cannot be loaded at runtime.
This means no TUN-based VPN can function in Cloud Agent VMs – not OpenVPN, not WireGuard, not any commercial VPN client (NordLayer, Tailscale, etc.).
Many enterprise teams restrict access to internal services (databases, payment processors, APIs) behind a VPN. Without TUN support, Cloud Agents cannot reach these services, which limits their usefulness for full-stack development and testing workflows.

What we tried

  • NordLayer CLI daemon – crashes because the kernel also lacks the wireless netlink subsystem
  • OpenVPN (manual config) – TLS handshake succeeds, credentials authenticate, gateway returns PUSH_REPLY, but fails at Cannot open TUN/TAP dev /dev/net/tun: No such device (errno=19)
  • Loading the kernel module – modprobe is absent, /lib/modules/ does not exist, no modules can be loaded

Proposed solution

Start the Cloud Agent Docker containers with --device /dev/net/tun (or the equivalent in the container runtime). This is a standard flag used by GitHub Actions, GitLab CI, and most CI/CD platforms to support VPN connections. It:

  • Only exposes the TUN/TAP virtual network interface capability
  • Does not grant additional host access or privilege escalation
  • Does not require --privileged mode
  • Is the standard approach for containerized VPN connectivity

Alternatively, building the kernel with CONFIG_TUN=y (built-in, not module) would also solve this.

Who this helps

Any team that needs Cloud Agents to access VPN-protected resources: internal APIs, databases, payment gateways, staging environments behind corporate firewalls. This is especially relevant for finance and healthcare companies where services are IP-restricted by policy.

Workaround available

Cursor publishes Cloud Agent egress IPs which can be allowlisted in firewalls. However, this involves ~192 IPs across 12 clusters that may change, making it less secure and harder to maintain than a VPN connection.

Screenshot / Screen Recording

web-agent.png
web-agent.png1477×1705 370 KB

Operating System (if it applies)

Linux

1 Like