[SOLVED] Configuring a Proxmox VE cluster running over an OpenVPN intranet

[Think Privacy]

Someone gave me a link to this old guide:

https://web.archive.org/web/2015031...uster-running-over-an-openvpn-intranet-part-1

Sadly it is very out of date and I don't want to attempt to try it with 4.2 as I am sure it will break things.

I was wondering if anyone might be able to create a new up to date guide for this for Proxmox 4.2?

 

[LnxBil]

Why don't you just setup a new proxmox cluster inside your proxmox and try for yourself?

Depending on the network speed, it should be possible and was also discussed here on the forums recently.

 

[Think Privacy]

Why don't you just setup a new proxmox cluster inside your proxmox and try for yourself?

Depending on the network speed, it should be possible and was also discussed here on the forums recently.

Could you point me to the recent discussion - I have searched the forums and had no luck so far. I am new to Proxmox (only been using it a couple of days) so this is pretty advanced stuff for me to try without some sort of guide.

Some issues with the guide I linked to:

1. He uses UFW in the example but Proxmox 4.2 uses pve-firewall
2. Proxmox no longer uses apache, it uses pve-proxy.
3. Proxmox doesn't use any dummy interfaces and given he states in the dummy interface section that proxmox will not boot if you mess that part up, I don't want to risk messing it up.

 

[Think Privacy]

So I have this setup and running now.

Couple of things to bare in mind.

1. I didn't setup a dummy interface, instead I added the following to /etc/network/interfaces:

#For OpenVPN
auto vmbr20
iface vmbr20 inet static
address 10.100.0.1
netmask 255.255.255.0
network 10.100.0.0
broadcast 10.100.0.255
bridge_ports none
bridge_stp off
bridge_fd 0
post-up route add -net 224.0.0.0 netmask 240.0.0.0 dev vmbr20​

2. I didn't use his up.sh and down.sh (and removed them from the OpenVPN server.conf) because I was getting errors with tap0. Instead I did the following:

ip tuntap add name tap0 mode tap​

Not sure if the above is a good way to do it but it works (happy to accept suggestions based on the original guide using up/down scripts)

3. He uses ufw in the guide - I just added equivalent rules to iptables to open up 1194 for OpenVPN.

4. Debian 8 (due to systemd) seems to have some issues when running OpenVPN as a service. If you start OpenVPN:

service openvpn start​

It doesn't work - it starts but it does so without any configuration file. So you need to use:

systemctl start openvpn@<conf file>.service
​

Where <conf file> is the name of your server configuration file in /etc/openvpn (usually this is just called server.conf if you followed the guide) eg:

systemctl start openvpn@server.service
(note: don't add the .conf)​

You can then tell systemd to start the vpn on boot with:

systemctl enable openvpn@server.service​

NOTE:
You can do the same on your client machines just put your client.conf in /etc/openvpn/ (along with keys/certs) and start the client with:

systemctl start openvpn@client.service
​

And if you want it to start at boot do:

systemctl enable openvpn@client.service
​

I haven't setup the cluster yet so currently I am managing all the servers from their own pveproxy interface but I have moved them all off their public IP Addresses and onto the private vpn and can currently connect to them via my desktop browser (connected to the same VPN) on their relevant https://10.*.*.*:8006 URL).

I will update further once I setup the cluster & enable multicast.

Other than the changes above I pretty much followed the original guide completely, so I hope this makes things a little easier for others.

(Thanks to gardar in ##proxmox on freenode for helping me troubleshoot the systemd issues and pointing me to the original guide).

 

[Romkus]

Hi, Think Privacy! And thank You for writing about Your building! Have You succeed with building cluster? Does multicast work with OpenVPN? And.. can it really work as HA cluster? I think I have to tune my one, but I'm so pretty noob in this...

 

[ddhulla]

Hi we connected multiple datacenter proxmox network via ZeroTier One VPN.
default is router mode. we used bridge mode of zerotier for making all in one LAN.