I just noticed, that the conntrack helpers are per default off in PVE5:
I stumbled upon this by debugging why an LXC container with an openvpn gateways does not allow sip anymore after upgrading from PVE4 to PVE5. Still have not solved my issue, but can this be related to the underlying change in the kernel with respect to conntrack helper interaction? Just setting the aforementioned parameter to 1 does unfortunately not resolve my issue.
Anyone experiencing similar issues with conntrack/nat inside LXC containers on PVE5?
Code:
$ sysctl net.netfilter.nf_conntrack_helper
net.netfilter.nf_conntrack_helper = 0I stumbled upon this by debugging why an LXC container with an openvpn gateways does not allow sip anymore after upgrading from PVE4 to PVE5. Still have not solved my issue, but can this be related to the underlying change in the kernel with respect to conntrack helper interaction? Just setting the aforementioned parameter to 1 does unfortunately not resolve my issue.
Anyone experiencing similar issues with conntrack/nat inside LXC containers on PVE5?