diff --git a/salt/lxc-containers/autodev.sh b/salt/lxc-containers/autodev.sh
new file mode 100644
index 000000000..ddf1066
--- /dev/null
+++ b/salt/lxc-containers/autodev.sh
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+cd ${LXC_ROOTFS_MOUNT}/dev
+
+mkdir net
+mknod net/tun c 10 200
+chmod 0666 net/tun
diff --git a/salt/lxc-containers/config b/salt/lxc-containers/config
index e178672..09847ee 100644
--- a/salt/lxc-containers/config
+++ b/salt/lxc-containers/config
@@ -41,7 +41,7 @@ lxc.network.ipv4.gateway={{ pillar['hosts-inet'][net][gw] }}
 {%- endfor %}
 
 
-lxc.cap.drop = sys_module sys_time sys_nice sys_pacct sys_rawio sys_time
+lxc.cap.drop = sys_module sys_time sys_nice sys_pacct sys_rawio sys_time mknod
 
 lxc.cgroup.memory.limit_in_bytes = 512M
 lxc.cgroup.memory.kmem.tcp.limit_in_bytes = 128M
@@ -49,3 +49,4 @@ lxc.cgroup.memory.kmem.tcp.limit_in_bytes = 128M
 
 # tuntap
 lxc.cgroup.devices.allow = c 10:200 rw
+lxc.hook.autodev = /var/lib/lxc/autodev.sh
diff --git a/salt/lxc-containers/init.sls b/salt/lxc-containers/init.sls
index f9e201d..774ae13 100644
--- a/salt/lxc-containers/init.sls
+++ b/salt/lxc-containers/init.sls
@@ -1,6 +1,11 @@
 lxc:
   pkg.installed: []
 
+/var/lib/lxc/autodev.sh:
+  file.managed:
+    - source: salt://lxc-containers/autodev.sh
+      mode: 0755
+
 {%- set n = 0 %}
 {%- for id, container in pillar['containers'].items() %}
 
@@ -22,19 +27,6 @@ lxc:
     - require:
         - cmd: /var/lib/lxc/{{ id }}
 
-/var/lib/lxc/{{ id }}/rootfs/dev/net:
-  file.directory:
-    - mode: 0755
-
-/var/lib/lxc/{{ id }}/rootfs/dev/net/tun:
-  file.mknod:
-    - ntype: 'c'
-    - major: 10
-    - minor: 200
-    - mode: 0666
-    - require:
-      - file: /var/lib/lxc/{{ id }}/rootfs/dev/net
-
 /var/lib/lxc/{{ id }}/rootfs/etc/hosts:
   file.managed:
     - source: salt://lxc-containers/hosts
diff --git a/salt/vpn/openvpn.sls b/salt/vpn/openvpn.sls
index 853e21a..208f9e3 100644
--- a/salt/vpn/openvpn.sls
+++ b/salt/vpn/openvpn.sls
@@ -1,19 +1,6 @@
 openvpn:
   pkg.installed: []
 
-/dev/net:
-  file.directory:
-    - mode: 0755
-
-/dev/net/tun:
-  file.mknod:
-    - ntype: 'c'
-    - major: 10
-    - minor: 200
-    - mode: 0666
-    - require:
-      - file: /dev/net
-
 {%- for name, conf in pillar['openvpn'].items() %}
 
 hostroutes-{{ name }}:
@@ -56,8 +43,6 @@ autostart-{{ name }}:
         require_in:
           - file: /etc/openvpn/{{ name }}.conf
           - file: /etc/openvpn/{{ name }}.auth
-        require:
-          - file: /dev/net/tun
 
 start-{{ name }}:
   service.running:
@@ -68,7 +53,5 @@ start-{{ name }}:
         watch:
           - file: /etc/openvpn/{{ name }}.conf
           - file: /etc/openvpn/{{ name }}.auth
-        require:
-          - file: /dev/net/tun
       
 {%- endfor %}