Can't SSH or connect to Web GUI through VPN, firewall disabled

ccgauvin94

New Member
Nov 15, 2020
2
0
1
30
My Proxmox machine is sitting behind a pfSense firewall that is also running OpenVPN. If I VPN into my local network through that pfSense box, I cannot access the Proxmox WebGUI or SSH into the proxmox machine.

I have disabled the firewall at every level - datacenter, host, and vm, and it still doesn't work. I have another VM that's running through a dedicated NIC on the same host (that NIC is in passthrough mode) and I can SSH fine into that one over the VPN, so I don't think it's a network/VPN issue.

Am I missing something? I really need remote access to this host and the vm that's not on a dedicated NIC.
 
hi,

I cannot access the Proxmox WebGUI or SSH into the proxmox machine.
what error message do you get?

you can scan with nmap (when you're on the VPN): nmap -p22,8006 your.pve.ip.here -vvv

you can also try running your ssh command with -v to see which step it fails
 
So, over the VPN I get this output from that nmap command:


Code:
Starting Nmap 7.80 ( https://nmap.org ) at 2020-11-16 13:12 MST
Initiating Ping Scan at 13:12
Scanning icarus (192.168.1.5) [2 ports]
Completed Ping Scan at 13:12, 3.00s elapsed (1 total hosts)
Nmap scan report for icarus (192.168.1.5) [host down, received no-response]
Read data files from: /usr/bin/../share/nmap
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 3.03 seconds

If I ping the NIC that's in passthrough:

Code:
Starting Nmap 7.80 ( https://nmap.org ) at 2020-11-16 13:15 MST
Initiating Ping Scan at 13:15
Scanning icarus-datalink (192.168.1.6) [2 ports]
Completed Ping Scan at 13:15, 0.00s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 13:15
Completed Parallel DNS resolution of 1 host. at 13:15, 0.01s elapsed
DNS resolution of 1 IPs took 0.01s. Mode: Async [#: 3, OK: 0, NX: 1, DR: 0, SF: 0, TR: 1, CN: 0]
Initiating Connect Scan at 13:15
Scanning icarus-datalink (192.168.1.6) [2 ports]
Discovered open port 22/tcp on 192.168.1.6
Completed Connect Scan at 13:15, 0.00s elapsed (2 total ports)
Nmap scan report for icarus-datalink (192.168.1.6)
Host is up, received syn-ack (0.00081s latency).
Scanned at 2020-11-16 13:15:42 MST for 0s

PORT     STATE    SERVICE       REASON
22/tcp   open     ssh           syn-ack
8006/tcp filtered wpl-analytics host-unreach

Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 0.03 seconds

Nothing happens running SSH with -v, it just sits there indefinitely. Hence why I'm thinking it's a firewall problem on the machine with my VPN subnet, not a networking/VPN config issue because everything on my network that isn't Proxmox is still accessible.
 
Last edited:
maybe you can first SSH to the reachable VM and then try SSHing again to PVE through there?