VPN in container requires tun/tap device – if you don’t have one you have to create it with mknod command. But, there is the problem – in the LXC (Proxmox) unprivileged container is mknod (as syscall) not allowed, because this would introduce possible security problems (see this article).
tinc is a great mesh Virtual Private Network daemon, with just one little glitch (and also some little crypto problems ;-). I find its configuration really tedious and complicated compared to OpenVPN and its possibility to centrally assign IP addresses and push options to clients. I know, that’s the tax for being mesh, but wouldn’t it be great to configure your mesh network a bit centrally ?