Hi, I've been using and administering Proxmox since the 6.0 days, and I've never seen something like this.
I have 2 Proxmox nodes clustered (third on its way) and while the nodes themselves have no issue with connectivity, guests inside do.
The guests get DHCP addresses, can be connected to from the outside, via SSH, can ping, DNS functions correctly, however, when they try and connect via HTTPS it fails. They use HTTPS to for things like system updates, and my first thought was an MTU issue. I reduced the MTU on the VMs themselves, even drastically, without any change. I can ping with a length of 1472 to most things
This seems to be confirmed by tcpdumping the tap for the host, I see SYN packets towards the sites but nothing coming back, even from locally hosted HTTPS sites. The node itself can curl to those same sites without any issue.
I have gone through almost every possible option which might be causing issues, I've turned off the cluster level firewall, node level firewall, VM level firewall, and even ensured the hosts themselves have software level firewalls disabled. Nothing made a difference.
I have checked and rechecked pretty much any configuration on anything related (switches and gateway/firewall), but everything else on the network is working correctly.
Proxmox 9.1.0 (freshly installed)
Kernel Linux 6.17.2-1-pve
pve-manager/9.1.1
Guest VM
Rocky 9.7
virtio ethernet
Installed on a Dell R6615
AMD Epyc 9214
Broadcom Adv. Dual 25Gb Ethernet
Connected at 10Gbps to
HPE/Aruba CX 62000F
The other machine is a previous generation R6515 (with Proxmox 9.0.11), with a different 10Gbps SFP+ card, a QLogic 577xx/578xx 10 Gb Ethernet BCM57810. The same problem exists there.
I'm honestly not sure what else to look at..
I have 2 Proxmox nodes clustered (third on its way) and while the nodes themselves have no issue with connectivity, guests inside do.
The guests get DHCP addresses, can be connected to from the outside, via SSH, can ping, DNS functions correctly, however, when they try and connect via HTTPS it fails. They use HTTPS to for things like system updates, and my first thought was an MTU issue. I reduced the MTU on the VMs themselves, even drastically, without any change. I can ping with a length of 1472 to most things
This seems to be confirmed by tcpdumping the tap for the host, I see SYN packets towards the sites but nothing coming back, even from locally hosted HTTPS sites. The node itself can curl to those same sites without any issue.
I have gone through almost every possible option which might be causing issues, I've turned off the cluster level firewall, node level firewall, VM level firewall, and even ensured the hosts themselves have software level firewalls disabled. Nothing made a difference.
I have checked and rechecked pretty much any configuration on anything related (switches and gateway/firewall), but everything else on the network is working correctly.
Proxmox 9.1.0 (freshly installed)
Kernel Linux 6.17.2-1-pve
pve-manager/9.1.1
Guest VM
Rocky 9.7
virtio ethernet
Installed on a Dell R6615
AMD Epyc 9214
Broadcom Adv. Dual 25Gb Ethernet
Connected at 10Gbps to
HPE/Aruba CX 62000F
The other machine is a previous generation R6515 (with Proxmox 9.0.11), with a different 10Gbps SFP+ card, a QLogic 577xx/578xx 10 Gb Ethernet BCM57810. The same problem exists there.
I'm honestly not sure what else to look at..
