AWS VPC Tailscale Exit Node for all Proxmox VE

R

rfhacker

New Member
Proxmox Subscriber
Jul 15, 2024
3
0
1
I've got a Proxmox on a local network and an AWS VPC with a static IP, and I would like for every VM on Proxmox to route through Tailscale and out the exit node at AWS. On the internet all of my source traffic from my VMs should appear as my AWS static IP. How would you go about doing this?

I've read on the LXC container route, but that seems to be the reverse of what i'm doing. I don't really want to run a Tailscale client on each VM either if i can help it.

What i want to do is run Tailscale on the Proxmox host (which I understand it's frowned upon) pointed to the my Tailscale exit node at AWS (already configured as an exit node), and somehow have the VMs all use that path for their way out. I feel there should be a solution on the Proxmox host that i could configure to allow this to work. I have installed Tailscale on the Proxmox host, configured it to point to the exit node at AWS and for the proxmox host itself it works as expected going out AWS...its the VMs that of course don't automagically follow that path too.

I modified the Linux Bridge gateway on Proxmox to be the AWS exit node Tailscale IP (100.x) and that didn't work. Not sure what to try next....

thanks!
 
What I would do is install tailscale on my pfsense box, and create firewall rules to route the VMs over tailscale. I might even created a dedicated VLAN just for those VMs and do the routing for the entire VLAN. If you don't have a separate firewall/router that you could install tailscale on, then I am not sure what you can do.
 
Thanks! A good idea, and i would rather do this than set each VM. Currently it's on a flat network so i'd need to work on the segmentation of VLANs which i'll do if i cant figure this out.

I am still convinced there is a configuration on the Proxmox i can do, so i'll keep the question open for the group. Some combination of ip_forwarding and iptables maybe?

using something like:

iptables -t nat -A POSTROUTING -o tailscale0 -j MASQUERADE

or perhaps adding a network interface for tailscale0 within the proxmox network?

Happy to hear any ideas, links, or similar sounding findings by anyone else...thanks!
 
A separate bridge connected to tail scale might work. Not sure how you would make that happen though. Probably just the limits of my networking experience showing through.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back