How to install VPN for Promox Web Access from Internet ?

C

cdarsac

New Member
May 28, 2021
25
4
3
60
Toulouse (in France)
Hello everybody,

To access the Promox web interface from the Internet, I was advised to install a VPN.

I looked for tutorials on this topic describing step by step the necessary steps, but I found nothing conclusive.

On another forum (https://www.knx-fr.com), "Filou59" advised me the following method:

Access from the outside via a VPN: Wireguard or OpenVPN.
A VPN must be set up on Proxmox via a Container LXC for example, redirecting the traffic of the port used by the VPN to the VM at the livebox level.
Then we access Proxmox or its local network via the VPN.

That’s fine, but a little complicated for me to do alone.

Can you help me a little, or do you have any other suggestions? :)
 
Last edited:
hi,

cdarsac said:
To access the Promox web interface from the Internet, I was advised to install a VPN.
Click to expand...
is your server self-hosted at home or in a datacenter?

if at home, you probably have a router for your network. you'd have to add a port forwarding rule on the web interface of your router (searching online for your router model can help you here).

let's say your router is 192.168.1.1 and your PVE server is 192.168.1.100. you create a container, and install for example openvpn [0]. imagine this container has the local IP 192.168.1.150

so your forwarding rule would look like:

internet ---> router public IP (1.2.3.4) port 1194 (for openvpn) ---> container (192.168.1.150) port 1194

afterwards you should be able to reach the VPN server from outside your network.

cdarsac said:
That’s fine, but a little complicated for me to do alone.

Can you help me a little, or do you have any other suggestions?
Click to expand...
you can also open an SSH port or just the web interface port 8006 to the public (you can pick a higher port number to make it less likely to be scanned), but be sure that your passwords are sufficiently complex. it would be also advisable to use SSH keys instead of passwords, and keep all packages updated on your server.
having SSH access can be helpful in case your VPN container suddenly isn't working for some reason.
also if you expose the GUI make sure to activate two factor authentication for root@pam user and other admin users you might have made.

[0]: https://pve.proxmox.com/wiki/OpenVPN_in_LXC
 
By far the simplest way is to use something like tailscale www.tailscale.com

Free for personal use. You install a small client on your host, then on your remote system you install the client app and once you login you will see your host in the app with a dedicated remote IP. Very simple, very quick and easy.
 
bobmc said:
By far the simplest way is to use something like tailscale www.tailscale.com

Free for personal use. You install a small client on your host, then on your remote system you install the client app and once you login you will see your host in the app with a dedicated remote IP. Very simple, very quick and easy.
Click to expand...
Question, do I need to install Tailscale directly in the server (or If it's possible) or I need to create a LXC container?
 
You can install tailscale directly on the host and then you would be able to remotely access the web GUI or SSH terminal. If you wished you could also install directly onto a VM or container to make them directly accessible from your remote client (up to 20 devices on the free plan)
 
bobmc said:
You can install tailscale directly on the host and then you would be able to remotely access the web GUI or SSH terminal. If you wished you could also install directly onto a VM or container to make them directly accessible from your remote client (up to 20 devices on the free plan)
Click to expand...
So if I install tailscale on the host directly I can just create up to 20 KVM/LXC machines? Or what do you mean? Sorry I don't get It.
 
If you install tailscale on your host, then you can access the host remotely - but only the host itself. If you needed to access one of your VM's or LXC containers then you would have to use a console session to that VM on the host. You might want directly access your VM without logging into your host first - if that was the case, then you could install tailscale on the VM.

At this point you would have three devices (proxmox host, VM and your remote device) on your tailscale account. You can have a maximum of 20 devices registered with tailscale. Nothing to do with how many KVM/LXC devices you have in proxmox.
 
bobmc said:
If you install tailscale on your host, then you can access the host remotely - but only the host itself. If you needed to access one of your VM's or LXC containers then you would have to use a console session to that VM on the host. You might want directly access your VM without logging into your host first - if that was the case, then you could install tailscale on the VM.

At this point you would have three devices (proxmox host, VM and your remote device) on your tailscale account. You can have a maximum of 20 devices registered with tailscale. Nothing to do with how many KVM/LXC devices you have in proxmox.
Click to expand...
So if I wanna SSH the machine through the proxmox web ui using tailscale I will be able to connect as normal isn't it? Also, once im comnected using tailscale to the host, how should I connect to the proxmox ui using my browser? Should I just try the host local IP and the port?
 
Not exactly

When you install tailscale on a device, it gets an additional special IP beginning with 100 - eg.100.123.45.67 and you use that to connect to -e.g https://100.123.45.67:8006 would be to access the web ui and ssh root@100.123.45.67 but only when you're not on your local network and only from a computer that also has tailscale installed - does that make sense?

Take a look on the tailscale website, there's plenty of documentation and help guides there - it's a general purpose VPN tool not specific to proxmox
 
bobmc said:
Not exactly

When you install tailscale on a device, it gets an additional special IP beginning with 100 - eg.100.123.45.67 and you use that to connect to -e.g https://100.123.45.67:8006 would be to access the web ui and ssh root@100.123.45.67 but only when you're not on your local network and only from a computer that also has tailscale installed - does that make sense?

Take a look on the tailscale website, there's plenty of documentation and help guides there - it's a general purpose VPN tool not specific to proxmox
Click to expand...
Yes, I get it. Many thanks really appreciate it. :)
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back