[SOLVED] Can't access Proxmox web interface through VPN (but can ping proxmox)

F

fr0zt

New Member
Feb 9, 2024
7
1
3
Hello,

My proxmox server is running at my parents house with ip 192.168.1.4. When trying to access it through a wireguard vpn from my house, I can't reach it at http://192.168.1.4:8006.

My setup:
- My parents house has ip range 192.168.1.1/24 (router at 192.168.1.254).
- There is a proxmox server with static ip 192.168.1.4
- Proxmox is running a Windows VM and a pivpn LXC (using wireguard)
- The pivpn LXC is configured with a wireguard server that gives out ip addresses with 192.168.2.1/254
- My home ip range is 10.0.0.1/254

Symptoms:
- When I connect to the vpn from my laptop at my house, my laptop gets an ip address of 192.168.2.52. When I try to ping 192.168.1.4, I get a response.
- However, when I try to navigate to http://192.168.1.4:8006, it just doesn't connect ("This site can’t be reached").
- If I remote desktop into the windows machine then I CAN reach http://192.168.1.4:8006 from a browser on the windows machine.
- I can reach http://192.168.1.254 (the router's admin page)

Does anyone know what might be causing me to not be able to reach the proxmox ui through the vpn?
 
Leaving a comment here because I'm in the same Boat.
Wireguard through Fritz.Box, can access everything on LAN besides the pve and all its Services. Disabled every Firewall, on the Datacenter and below just to be sure. Hopefully someone has an idea.
 
Does your pivpn have a 192.168.1.x/24 address, or only 192.168.2.x/24 addresses?

If you ssh to the pivpn from home, can you then ssh to 192.168.1.4?

Just to confirm, when you say you can reach the router admin page at 192.168.1.254, I assume that is directly from home and not through the remote desktop?
 
Sorry for the quote/code syntax here - not sure how to get it working on these forums.

> Does your pivpn have a 192.168.1.x/24 address, or only 192.168.2.x/24 addresses?

Its address is 192.168.1.11 (static). It's when I connect from my laptop at home to the pivpn that my laptop gets a 192.168.2.x/24 address
```
root@pivpn:~# ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.11 netmask 255.255.255.255 broadcast 192.168.1.11
```

> If you ssh to the pivpn from home, can you then ssh to 192.168.1.4?

I'm not sure about this. I haven't purposefully opened ssh on the pivpn machine

> Just to confirm, when you say you can reach the router admin page at 192.168.1.254, I assume that is directly from home and not through the remote desktop?

Correct
 
"192.168.1.11 netmask 255.255.255.255 broadcast 192.168.1.11" this looks more like /32 than /24
 
no, rewrite the config please: IP: 192.168.1.11 netmask 255.255.255.0 broadcast 192.168.1.255
and check your default gateway.
 
It's probably a routing problem, your incoming connection is on 192.168.2.x but the Proxmox server is on a different subnet (192.168.1.x)

if you run ip route on your wireguard server what does it show?

which subnet is the Windows PC on?
 
> if you run ip route on your wireguard server what does it show?

```
root@pivpn:~# ip route
default via 192.168.1.254 dev eth0
10.43.74.0/24 dev wg0 proto kernel scope link src 10.43.74.1
192.168.1.254 dev eth0 scope link
```

> which subnet is the Windows PC on?

The windows ip has ip 192.168.1.84

> it's expected as require httpS://

That doesn't seem to make a difference. On the Windows VM both http://192.168.1.4:8006 and https://192.168.1.4:8006 work. Neither work from my house laptop

> "192.168.1.11 netmask 255.255.255.255 broadcast 192.168.1.11" this looks more like /32 than /24

Sorry - I'm quite inexperienced at this, so I could have made a mistake setting up the pivpn server. Does the following imply that I did something wrong? (Ie should that be /24 instead of /32?)

```
root@pivpn:~# cat /etc/network/interfaces
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
address 192.168.1.11/32
```
 
Yes, given that you stated "My parents house has ip range 192.168.1.1/24 (router at 192.168.1.254).", your pi that should likely be 192.168.1.11/24. In most cases, everything on the shared layer 2 network should should have the same /##, where ## can be from 0 to 32.
 
> Yes, given that you stated "My parents house has ip range 192.168.1.1/24 (router at 192.168.1.254).", your pi that should likely be 192.168.1.11/24. In most cases, everything on the shared layer 2 network should should have the same /##, where ## can be from 0 to 32.

Ok, I think I know where this came from. In setting up the Proxmox LXC for pivpn, it asked to assign a static up address. I wrote 192.168.1.11/32 (I thought this had to be /32 to make it static, but clearly I'm misunderstanding something about networking). I'll see if I can change it to /24 and if that fixes things
 
This is solved. Thanks so much for the help. I'm not sure why the symptom was that I could ping proxmox but not connect to its web interface.

The solution was to set the static ip to 192.168.1.11/24 instead of 192.168.1.11/32.

My understanding is 192.168.1.11/24 is shorthand for :
- ip address: 192.168.1.11
- subnet mask: 255.255.255.0
(so I had been inadvertantly setting the subnet mask to 255.255.255.255)
 
  • Like
Reactions: _gabriel
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back