Can't SSH or connect to Web GUI through VPN, firewall disabled

C

ccgauvin94

New Member
Nov 15, 2020
2
0
1
30
My Proxmox machine is sitting behind a pfSense firewall that is also running OpenVPN. If I VPN into my local network through that pfSense box, I cannot access the Proxmox WebGUI or SSH into the proxmox machine.

I have disabled the firewall at every level - datacenter, host, and vm, and it still doesn't work. I have another VM that's running through a dedicated NIC on the same host (that NIC is in passthrough mode) and I can SSH fine into that one over the VPN, so I don't think it's a network/VPN issue.

Am I missing something? I really need remote access to this host and the vm that's not on a dedicated NIC.
 
hi,

ccgauvin94 said:
I cannot access the Proxmox WebGUI or SSH into the proxmox machine.
Click to expand...
what error message do you get?

you can scan with nmap (when you're on the VPN): nmap -p22,8006 your.pve.ip.here -vvv

you can also try running your ssh command with -v to see which step it fails
 
So, over the VPN I get this output from that nmap command:


Code: 
Starting Nmap 7.80 ( https://nmap.org ) at 2020-11-16 13:12 MST
Initiating Ping Scan at 13:12
Scanning icarus (192.168.1.5) [2 ports]
Completed Ping Scan at 13:12, 3.00s elapsed (1 total hosts)
Nmap scan report for icarus (192.168.1.5) [host down, received no-response]
Read data files from: /usr/bin/../share/nmap
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 3.03 seconds

If I ping the NIC that's in passthrough:

Code: 
Starting Nmap 7.80 ( https://nmap.org ) at 2020-11-16 13:15 MST
Initiating Ping Scan at 13:15
Scanning icarus-datalink (192.168.1.6) [2 ports]
Completed Ping Scan at 13:15, 0.00s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 13:15
Completed Parallel DNS resolution of 1 host. at 13:15, 0.01s elapsed
DNS resolution of 1 IPs took 0.01s. Mode: Async [#: 3, OK: 0, NX: 1, DR: 0, SF: 0, TR: 1, CN: 0]
Initiating Connect Scan at 13:15
Scanning icarus-datalink (192.168.1.6) [2 ports]
Discovered open port 22/tcp on 192.168.1.6
Completed Connect Scan at 13:15, 0.00s elapsed (2 total ports)
Nmap scan report for icarus-datalink (192.168.1.6)
Host is up, received syn-ack (0.00081s latency).
Scanned at 2020-11-16 13:15:42 MST for 0s

PORT     STATE    SERVICE       REASON
22/tcp   open     ssh           syn-ack
8006/tcp filtered wpl-analytics host-unreach

Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 0.03 seconds

Nothing happens running SSH with -v, it just sits there indefinitely. Hence why I'm thinking it's a firewall problem on the machine with my VPN subnet, not a networking/VPN config issue because everything on my network that isn't Proxmox is still accessible.
 
Last edited:
maybe you can first SSH to the reachable VM and then try SSHing again to PVE through there?
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom