diff --git a/README.md b/README.md
index 78aea5cb..a85f0495 100644
--- a/README.md
+++ b/README.md
@@ -46,6 +46,14 @@ Cloudflare **DNS 1.1.1.1 over TLS** is used to connect to any PIA server for mul
 
 ## Setup
 
+1. Make sure you have your `/dev/net/tun` device setup on your host:
+
+	```bash
+	mkdir -p -m 755 /dev/net
+	mknod /dev/net/tun c 10 200
+	insmod /lib/modules/tun.ko
+	```
+
 1. Create a network to be used by this container and other containers connecting to it with:
 
     ```bash
@@ -61,8 +69,9 @@ Cloudflare **DNS 1.1.1.1 over TLS** is used to connect to any PIA server for mul
 1. Run the container with (at least change `/yourhostpath` to your actual path):
 
     ```bash
-    docker run -d --restart=always --name=pia --cap-add=NET_ADMIN \
-    --network=pianet -v /yourhostpath/auth.conf:/auth.conf:ro \
+    docker run -d --restart=always --name=pia \
+	--cap-add=NET_ADMIN --device=/dev/net/tun --network=pianet \
+	-v /yourhostpath/auth.conf:/auth.conf:ro \
     -e REGION=Germany -e PROTOCOL=udp -e ENCRYPTION=normal \
     qmcgaw/private-internet-access
     ```
diff --git a/docker-compose.yml b/docker-compose.yml
index f85983c0..6e46d750 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -5,6 +5,8 @@ services:
         container_name: pia
         cap_add:
             - NET_ADMIN
+        devices:
+            - /dev/net/tun
         networks:
             - pianet
         volumes:
diff --git a/entrypoint.sh b/entrypoint.sh
index c640f0c6..4b36784b 100644
--- a/entrypoint.sh
+++ b/entrypoint.sh
@@ -7,10 +7,6 @@ echo "nameserver 127.0.0.1" > /etc/resolv.conf
 echo "options ndots:0" >> /etc/resolv.conf
 printf "DONE\nStarting Unbound to connect to Cloudflare DNS 1.1.1.1 at its TLS endpoint..."
 unbound
-printf "DONE\nCreating TUN device..."
-mkdir -p /dev/net
-mknod /dev/net/tun c 10 200
-chmod 600 /dev/net/tun
 printf "DONE\nStarting OpenVPN using $PROTOCOL with $ENCRYPTION encryption\n"
 cd /openvpn-$PROTOCOL-$ENCRYPTION
 openvpn --config "$REGION.ovpn" --auth-user-pass /auth.conf