diff --git a/compose.yml b/compose.yml
index 9d0134b92..f3058496f 100644
--- a/compose.yml
+++ b/compose.yml
@@ -6,6 +6,7 @@ services:
       VERSION: "11"
     devices:
       - /dev/kvm
+      - /dev/net/tun
     cap_add:
       - NET_ADMIN
     ports:
diff --git a/kubernetes.yml b/kubernetes.yml
index efa668d85..2de24a46b 100644
--- a/kubernetes.yml
+++ b/kubernetes.yml
@@ -1,10 +1,11 @@
+---
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
   name: windows-pvc
 spec:
   accessModes:
-    - ReadWriteOnce
+  - ReadWriteOnce
   resources:
     requests:
       storage: 64Gi
@@ -16,59 +17,61 @@ metadata:
   labels:
     name: windows
 spec:
-  terminationGracePeriodSeconds: 120 # the Kubernetes default is 30 seconds and it may be not enough
   containers:
-    - name: windows
-      image: dockurr/windows
-      ports:
-        - containerPort: 8006
-          protocol: TCP
-        - containerPort: 3389
-          protocol: TCP
-        - containerPort: 3389
-          protocol: UDP
-      securityContext:
-        privileged: true
-      env:
-        - name: VERSION
-          value: "11"
-        - name: RAM_SIZE
-          value: "4G"
-        - name: CPU_CORES
-          value: "2"
-        - name: DISK_SIZE
-          value: "64G"
-      volumeMounts:
-        - mountPath: /storage
-          name: storage
-        - mountPath: /dev/kvm
-          name: dev-kvm
+  - name: windows
+    image: dockurr/windows
+    env:
+    - name: VERSION
+      value: "11"
+    - name: RAM_SIZE
+      value: "4G"
+    - name: CPU_CORES
+      value: "2"
+    - name: DISK_SIZE
+      value: "64G"
+    ports:
+    - containerPort: 8006
+    - containerPort: 3389
+    - containerPort: 3389
+      protocol: UDP
+    securityContext:
+      capabilities:
+        add:
+        - NET_ADMIN
+      privileged: true
+    volumeMounts:
+    - mountPath: /storage
+      name: storage
+    - mountPath: /dev/kvm
+      name: dev-kvm
+    - mountPath: /dev/net/tun
+      name: dev-tun
+  terminationGracePeriodSeconds: 120
   volumes:
-    - name: storage
-      persistentVolumeClaim:
-        claimName: windows-pvc
-    - name: dev-kvm
-      hostPath:
-        path: /dev/kvm
+  - name: storage
+    persistentVolumeClaim:
+      claimName: windows-pvc
+  - hostPath:
+      path: /dev/kvm
+    name: dev-kvm
+  - hostPath:
+      path: /dev/net/tun
+      type: CharDevice
+    name: dev-tun
 ---
 apiVersion: v1
 kind: Service
 metadata:
   name: windows
 spec:
-  type: NodePort
+  ports:
+  - name: tcp-8006
+    port: 8006
+  - name: tcp-3389
+    port: 3389
+  - name: udp-3389
+    port: 3389
+    protocol: UDP
   selector:
     name: windows
-  ports:
-    - name: tcp-8006
-      protocol: TCP
-      port: 8006
-      targetPort: 8006
-    - name: tcp-3389
-      protocol: TCP
-      port: 3389
-      targetPort: 3389
-    - name: udp-3389
-      protocol: UDP
-      port: 3389
-      targetPort: 3389
+  type: NodePort
diff --git a/readme.md b/readme.md
index f8f8b9555..2416bdf84 100644
--- a/readme.md
+++ b/readme.md
@@ -37,6 +37,7 @@ services:
       VERSION: "11"
     devices:
       - /dev/kvm
+      - /dev/net/tun
     cap_add:
       - NET_ADMIN
     ports:
@@ -49,7 +50,7 @@ services:
 Via Docker CLI:
 
 ```bash
-docker run -it --rm -p 8006:8006 --device=/dev/kvm --cap-add NET_ADMIN --stop-timeout 120 dockurr/windows
+docker run -it --rm -p 8006:8006 --device=/dev/kvm --device=/dev/net/tun --cap-add NET_ADMIN --stop-timeout 120 dockurr/windows
 ```
 
 Via Kubernetes: