[SOLVED] Can't Access Web UI over IPSec Connection

DonMikeovski97

New Member
Jan 21, 2022
2
0
1
24
Germany
Hello guys,

as the title say's i cant't access the Web UI over an IPSec Connection. My Setup is as follows:

Site-A: OPNSense VM at Home running on TrueNAS, ISP is Starlink so no static IP
Site-B: OPNSense VM running on Proxmox on a Rootserver, static IP from Hoster

When i try to connect to the Web UI of the Proxmox Server i just get a white screen. Page just loads the icon in the Tab and the keeps loading forever.
Enabling the Developer Console in Firefox show's that the Site is trying to load but never finishes and gets stuck at some point.
I checked Firewall Rules etc. and everything seems to work fine. I also can Access the Web UI of the OPNSense VM Running on Proxmox. So nothing indicates that theres a basic Problem with the connection to the Subnet where Proxmox is running. Also SSH is working properly.

I tested every approach that i cloud find and made sense to me so far:

- Disableing th Firewall in Proxmox
- Increasing the HTTP connection timeout in my browser
- Checked that "Disable hardware checksum offload" and "Disable hardware TCP segmentation offload" in OPNSense Firewall is enabled,
- Deactivated the same features in the proxmox host through /etc/interfaces file with the following entrys:

pre-up ethtool -G eno1 rx 1024 tx 1024
pre-up ethtool -K eno1 tx off gso off
post-up ethtool -K vmbr1 tx off gso off

Im pretty much out of ideas. Maybe im missing something very basic.
Im not too farmiliar with Linux but wokrin on it, so please bear with me.

Just hoping somebody has an idea.

Best regards,

Mike
 
Last edited:
Oct 7, 2019
130
29
33
This could be related to MTU for packets going through the VPN being too high. Find the biggest MTU your VPN supports:

- From the workstation you want to access the webUI, ping the ProxmoxVE host:
Code:
For Linux: ping -s 1500 -M do Proxmox.IP.addr.ess
For Windows: ping 192.168.10.1 -l 1500 –f

You will probably get no reply, as 1500 is too big to get through a VPN. Try values from 1380 upwards to around 1460 instead.

Once you find a value that fits, clamp MSS on your OPNSense for traffic flowing through the VPN at both ends.
 

DonMikeovski97

New Member
Jan 21, 2022
2
0
1
24
Germany
This could be related to MTU for packets going through the VPN being too high. Find the biggest MTU your VPN supports:

- From the workstation you want to access the webUI, ping the ProxmoxVE host:
Code:
For Linux: ping -s 1500 -M do Proxmox.IP.addr.ess
For Windows: ping 192.168.10.1 -l 1500 –f

You will probably get no reply, as 1500 is too big to get through a VPN. Try values from 1380 upwards to around 1460 instead.

Once you find a value that fits, clamp MSS on your OPNSense for traffic flowing through the VPN at both ends.
Hi Victor,

thanks for the Reply!

Well so it was something Basic.
Adjusted MTU on both OPNSense LAN interfaces and the Proxmoc Linux Bridge Adpater.
Now everthing works as excepted.

Really appriciate your Help! :)

Best regards,
Mike
 
Last edited:

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!