I want to connect my Proxmox host to a VPN server, so all outgoing traffic routes through this VPN (so the IP cannot not be leaked). I do not want to set up a VPN on each container individually.
Now, the wireguard configuration below works perfectly on a container:
The AllowedIPs was calculated with https://www.procustodibus.com/blog/2021/03/wireguard-allowedips-calculator/. I cannot route the following traffic over the VPN:
- all internal traffic on the Proxmox server, i.e. 10.10.0.0/16
- the VPN server itself, i.e. 172.1.1.1/32
- our company network, i.e. 111.1.1.0/24
If I deploy this config to the Proxmox host, the VPN drops most of the packets, only sometimes this works (deploying this on any container works all the time). I tinkered around with the AllowedIPs on the host, for example only routing ip.me through the VPN (AllowedIPs = 212.102.35.236/32) to check if the VPN is up, and even then the connection was shaky at best. Any hints?
Now, the wireguard configuration below works perfectly on a container:
Code:
[Interface]
PrivateKey = ...
Address = 10.2.0.2/32
[Peer]
PublicKey = ...
Endpoint = 172.1.1.1:51820
AllowedIPs = 0.0.0.0/5, 8.0.0.0/7, 10.0.0.0/13, 10.8.0.0/15, 10.11.0.0/16, 10.12.0.0/14, 10.16.0.0/12, 10.32.0.0/11, 10.64.0.0/10, 10.128.0.0/9, 11.0.0.0/8, 12.0.0.0/6, 16.0.0.0/4, 32.0.0.0/3, 64.0.0.0/3, 96.0.0.0/5, 104.0.0.0/6, 108.0.0.0/7, 110.0.0.0/8, 111.0.0.0/16, 111.1.0.0/24, 111.1.2.0/23, 111.1.4.0/22, 111.1.8.0/21, 111.1.16.0/20, 111.1.32.0/19, 111.1.64.0/18, 111.1.128.0/17, 111.2.0.0/15, 111.4.0.0/14, 111.8.0.0/13, 111.16.0.0/12, 111.32.0.0/11, 111.64.0.0/10, 111.128.0.0/9, 112.0.0.0/4, 128.0.0.0/3, 160.0.0.0/5, 168.0.0.0/6, 172.0.0.0/16, 172.1.0.0/24, 172.1.1.0/32, 172.1.1.2/31, 172.1.1.4/30, 172.1.1.8/29, 172.1.1.16/28, 172.1.1.32/27, 172.1.1.64/26, 172.1.1.128/25, 172.1.2.0/23, 172.1.4.0/22, 172.1.8.0/21, 172.1.16.0/20, 172.1.32.0/19, 172.1.64.0/18, 172.1.128.0/17, 172.2.0.0/15, 172.4.0.0/14, 172.8.0.0/13, 172.16.0.0/12, 172.32.0.0/11, 172.64.0.0/10, 172.128.0.0/9, 173.0.0.0/8, 174.0.0.0/7, 176.0.0.0/4, 192.0.0.0/2The AllowedIPs was calculated with https://www.procustodibus.com/blog/2021/03/wireguard-allowedips-calculator/. I cannot route the following traffic over the VPN:
- all internal traffic on the Proxmox server, i.e. 10.10.0.0/16
- the VPN server itself, i.e. 172.1.1.1/32
- our company network, i.e. 111.1.1.0/24
If I deploy this config to the Proxmox host, the VPN drops most of the packets, only sometimes this works (deploying this on any container works all the time). I tinkered around with the AllowedIPs on the host, for example only routing ip.me through the VPN (AllowedIPs = 212.102.35.236/32) to check if the VPN is up, and even then the connection was shaky at best. Any hints?