[TUTORIAL] HOWTO - Proxmox VE 8-x.x Wifi with routed configuration
- Thread starter jeenam
- Start date
-
- Tags
- howto install wifi wifi
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
@jeenam I'm trying to reproduce your setup step by step, but at step 11 the PVE web interface is not available, although the PVE connects to the Wi-Fi network and the Internet is available on it. Could you please suggest me what the configuration should be if I specified the address 192.168.0.200 during the Proxmox installation and my router settings are as follows:
IP address pool: 192.168.0.100 - 192.168.0.249
Default gateway: 192.168.0.1
IP address pool: 192.168.0.100 - 192.168.0.249
Default gateway: 192.168.0.1
Code:
auto lo
iface lo inet loopback
iface enp1s0 inet manual
auto wlp2s0
iface wlp2s0 inet manual
address 192.168.0.200/24
gateway 192.168.0.1
auto vmbr0
iface vmbr0 inet static
address 192.168.1.1/24
bridge-ports none
bridge-stp off
bridge-fd 0
source /etc/network/interfaces.d/*@jeenam I'm trying to reproduce your setup step by step, but at step 11 the PVE web interface is not available, although the PVE connects to the Wi-Fi network and the Internet is available on it. Could you please suggest me what the configuration should be if I specified the address 192.168.0.200 during the Proxmox installation and my router settings are as follows:
IP address pool: 192.168.0.100 - 192.168.0.249
Default gateway: 192.168.0.1
Code:auto lo iface lo inet loopback iface enp1s0 inet manual auto wlp2s0 iface wlp2s0 inet manual address 192.168.0.200/24 gateway 192.168.0.1 auto vmbr0 iface vmbr0 inet static address 192.168.1.1/24 bridge-ports none bridge-stp off bridge-fd 0 source /etc/network/interfaces.d/*
First check if the pveproxy service is running:
systemctl status pveproxyIf the service is not running it's usually because the hostname and IP address information are not set properly in /etc/hosts. Make sure the IP address of the system is in /etc/hosts and then try starting pveproxy.
Code:
systemctl start pveproxy
systemctl status pveproxyCode:auto lo iface lo inet loopback iface enp1s0 inet manual auto wlp4s0 iface wlp4s0 inet manual address 192.168.1.100/24 gateway 192.168.1.1 auto vmbr0 iface vmbr0 inet static address 192.168.2.1/24 bridge-ports none bridge-stp off bridge-fd 0 auto vnet1 iface vnet1 inet static address 192.168.3.1/24 bridge-ports none bridge-stp off bridge-fd 0 hwaddress f6:c7:43:09:0b:45 post-up echo 1 > /proc/sys/net/ipv4/ip_forward post-up iptables -A FORWARD -i wlp4s0 -j ACCEPT post-up iptables -A FORWARD -0 wlp4s0 -j ACCEPT post-up iptables -A FORWARD -i vnet1 -j ACCEPT post-up iptables -A FORWARD -0 vnet1 -j ACCEPT source /etc/network/interfaces.d/*
Hello,
thanks for your Tutorials.
Would you be so kindly and answer some questions?
Why do you use 3 different ip-ranges (192.168.1.0, 192.168.2.0, 192.168.3.0)? Is this something wifi-specific?
I am asking because I installed a second ThinClient with proxmox in a standard installation using ethernet. The setup generated this interfaces-file.
Code:
auto lo
iface lo inet loopback
iface eno1 inet manual
auto vmbr0
iface vmbr0 inet static
address 192.168.3.98/24
gateway 192.168.3.103
bridge-ports eno1
bridge-stp off
bridge-fd 0
source /etc/network/interfaces.d/*In this standard-config, only for virtual bridging device vmbr0 tcp/ip is configured, not eno1.
When I do the same on the second Thinclient with wifi, this does not work. --> replace "bridge-ports eno1 " by "bridge-ports wlp2s0"
The result is that wlp2s0 gets connected successfully to wifi-accesspoint, but tcp/ip is not working.
I have to do 2 things:
- config an ip address for both devices, wlp2s0 and vmbr0
- set parameter bridge-ports to "none".
Would you be so kindly and explain the reason for this?
Hello,
thanks for your Tutorials.
Would you be so kindly and answer some questions?
Why do you use 3 different ip-ranges (192.168.1.0, 192.168.2.0, 192.168.3.0)? Is this something wifi-specific?
The
vmbr0 I left alone because I was lazy. It is completely unused in the configuration. You have to specify network configuration when you install Proxmox and it creates vmbr0 by default and bridges it to the local ethernet interface. It is impossible to install Proxmox without specifying a network configuration. To avoid network conflicts I configure vmbr0 to use a network I will never access. You can pick any private range you like as long as it is NEVER used. It is never used because you cannot bridge a wifi interface (unless your wifi router supports WDS mode - which I'm not even going to get into). 192.168.1.0/24 is the IP address of the local network the wifi adapter communicates with. The network address and subnet should match whatever your wifi network uses. 192.168.1.0/24 is typical for most home wifi routers.192.168.3.0 is the virtual network hosted by the Proxmox server.
vnet1 serves as the virtual interface to that network. You can specify any network range you want, but will have to account for the modification accordingly in the other steps.I am asking because I installed a second ThinClient with proxmox in a standard installation using ethernet. The setup generated this interfaces-file.
Code:auto lo iface lo inet loopback iface eno1 inet manual auto vmbr0 iface vmbr0 inet static address 192.168.3.98/24 gateway 192.168.3.103 bridge-ports eno1 bridge-stp off bridge-fd 0 source /etc/network/interfaces.d/*
In this standard-config, only for virtual bridging device vmbr0 tcp/ip is configured, not eno1.
When I do the same on the second Thinclient with wifi, this does not work. --> replace "bridge-ports eno1 " by "bridge-ports wlp2s0"
The result is that wlp2s0 gets connected successfully to wifi-accesspoint, but tcp/ip is not working.
I have to do 2 things:
- config an ip address for both devices, wlp2s0 and vmbr0
- set parameter bridge-ports to "none".
Would you be so kindly and explain the reason for this?
The reason I wrote the tutorial is because, again, you CANNOT bridge a wireless interface. Proxmox makes this VERY clear in their documentation. If you want to utilize wifi you must use a routed configuration, which is what the configuration in the tutorial achieves. The way it works is Proxmox creates a virtual network (vnet1) and virtual machines are assigned interfaces that connect to that virtual network. The vnet1 virtual interface is then attached to the Proxmox server. VMs/containers that have interfaces that connect to vnet1 then use the Proxmox server's vnet1 interface as their gateway. Linux routing then handles the rest as packets are forwarded through the Proxmox server's network stack and routed through the wifi interface and on through the local network the wifi interface is connected to. The Proxmox server is acting as a basic Linux router for VMs/containers.
See the image in section 10.3 of this link to get a visualization of what is actually happening under the hood.
Last edited:
Big thanks for explanation.Thevmbr0... It is completely unused in the configuration.
The reason I wrote the tutorial is because, again, you CANNOT bridge a wireless interface... If you want to utilize wifi you must use a routed configuration, which is what the configuration in the tutorial achieves. The way it works is Proxmox creates a virtual network (vnet1) and virtual machines are assigned interfaces that connect to that virtual network. The vnet1 virtual interface is then attached to the Proxmox server. VMs/containers that have interfaces that connect to vnet1 then use the Proxmox server's vnet1 interface as their gateway.
Just one question: Do I really need 2 different ip-ranges that this routing works? In your example, 192.168.1.0 is your local home network, and 192.168.3.0 is for vnet1
Big thanks for explanation.
Just one question: Do I really need 2 different ip-ranges that this routing works? In your example, 192.168.1.0 is your local home network, and 192.168.3.0 is for vnet1
Yes. It is a routed configuration, meaning the Proxmox server routes packets from the vnet1 virtual network to your local network. You cannot bridge the wireless adapter to the same network as your local network. That's the point of the tutorial.
2) Configure your wifi router to route to networks that will be associated with wifi adapter. Example for /24 network:
Destination = 192.168.3.0
Netmask = 255.255.255.0
Gateway = 192.168.1.100 (specify IP address of wifi adapter)
8) Configure /etc/network/interfaces:
...
auto wlp4s0
iface wlp4s0 inet manual
address 192.168.1.100/24
gateway 192.168.1.1
...
auto vnet1
iface vnet1 inet static
address 192.168.3.1/24
in this example, the home network is 192.168.1.0
wifi adapter has IP 192.168.1.100
static route 192.168.3.0/24 --> gateway 192.168.1.100 is set on Router
ping to 192.168.1.100 from 192.168.1.0 works
ping to 192.168.3.1 from 192.168.1.0 works
Problem:
I also run an openvpn server on a rPi
OVPN-Clients get ips from range 10.0.8.0/24
But neither 192.168.1.100 nor 192.168.3.1 is reachable from OVPN-Clients
But all other IPs in 192.168.1.0 are reachable from OVPN-Clients
Is there a firewall (nftables, iptables, ebtables, etc) which blocks in standard installation config?
Thanks a lot
Last edited:
in this example, the home network is 192.168.1.0
wifi adapter has IP 192.168.1.100
static route 192.168.3.0/24 --> gateway 192.168.1.100 is set on Router
ping to 192.168.1.100 from 192.168.1.0 works
ping to 192.168.3.1 from 192.168.1.0 works
Problem:
I also run an openvpn server on a rPi
OVPN-Clients get ips from range 10.0.8.0/24
But neither 192.168.1.100 nor 192.168.3.1 is reachable from OVPN-Clients
But all other IPs in 192.168.1.0 are reachable from OVPN-Clients
Is there a firewall (nftables, iptables, ebtables, etc) which blocks in standard installation config?
Thanks a lot
No. There is no firewall enabled by default.
things you wrote about static routes is only for getting from outside to VMs, right?If your router cannot support the addition of specific static routes this setup will not work.
12) Create SDN config (Datacenter --> SDN):
Zones: Simple, ID = Zone1 (use any name you like for ID)
Vnet: Name = vnet1 (use any name you like for Name), Zone = Zone1 (must match Zone ID)
Subnet: Subnet = 192.168.3.0/24, Gateway = 192.168.3.1
13) Apply config: SDN --> Apply
Code:auto vnet1 iface vnet1 inet static address 192.168.3.1/24 bridge-ports none bridge-stp off bridge-fd 0 hwaddress f6:c7:43:09:0b:45 post-up echo 1 > /proc/sys/net/ipv4/ip_forward post-up iptables -A FORWARD -i wlp4s0 -j ACCEPT post-up iptables -A FORWARD -0 wlp4s0 -j ACCEPT post-up iptables -A FORWARD -i vnet1 -j ACCEPT post-up iptables -A FORWARD -0 vnet1 -j ACCEPT [/QUOTE]
I have the problem that all my VMs/LXC cannot reach the internet.
F. ex., one LXC has IP 192.168.3.10, I can ping 192.168.3.1 with an answer. I can also pint from LXC to LXC, from 192.168.3.10 to 192.168.3.11
I suppose that host's network device is not connected with vnet1-device
I read in Proxmox-help under "Zone":
Code:
Simple Zones
This is the simplest plugin. It will create an isolated VNet bridge. This bridge is not linked to a physical interface, and VM traffic is only local on each the node. It can be used in NAT or routed setups.How can I "bridge"/connect vnet1 to the real network device?
Static routes are so that hosts on your local networks can reach the VM's. Since the VNET subnet is not local, your DHCP server will not be pushing static routes to the VNET to clients that use DHCP. Hosts with static addresses will attempt to use the default gateway to route to hosts on the VNET subnet. Unless you configure your router with the static route it will not know how to reach the VNET.things you wrote about static routes is only for getting from outside to VMs, right?
You can't bridge the wifi interface unless your wireless router supports WDS mode. It's the reason I wrote the tutorial in the first place.I have the problem that all my VMs/LXC cannot reach the internet.
F. ex., one LXC has IP 192.168.3.10, I can ping 192.168.3.1 with an answer. I can also pint from LXC to LXC, from 192.168.3.10 to 192.168.3.11
I suppose that host's network device is not connected with vnet1-device
I read in Proxmox-help under "Zone":
Code:Simple Zones This is the simplest plugin. It will create an isolated VNet bridge. This bridge is not linked to a physical interface, and VM traffic is only local on each the node. It can be used in NAT or routed setups.
How can I "bridge"/connect vnet1 to the real network device?
You can't bridge the wifi interface unless your wireless router supports WDS mode. It's the reason I wrote the tutorial in the first place.
Yes, I know that. In my case, it has nothing to do with DHCP or Wifi.
I am running Proxmox on a VPS. VPS has a public IPv4-address. Proxmox has only it's virtual network device "ens192"
I created a vnet1 192.168.14.0/24
Proxmox-VMs got a static IP within 192.168.14.0/24.
This VMs cannot get a connection out to the internet.
By creating a SDN with 192.168.14.0/24 on Proxmox-Host, Proxmox should route any IP 192.168.14.0/24 to the internet, but it doesnt.
//EDIT:
Forgott what I wrote. If found the problem:
-->
# post-up echo 1 > /proc/sys/net/ipv4/ip_forwardIP-Forwarding have to be enabled on network-device. Without forwarding, vnet1 is not "connected" to network-device
Last edited:
Yes, I know that. In my case, it has nothing to do with DHCP or Wifi.
I am running Proxmox on a VPS. VPS has a public IPv4-address. Proxmox has only it's virtual network device "ens192"
I created a vnet1 192.168.14.0/24
Proxmox-VMs got a static IP within 192.168.14.0/24.
This VMs cannot get a connection out to the internet.
By creating a SDN with 192.168.14.0/24 on Proxmox-Host, Proxmox should route any IP 192.168.14.0/24 to the internet, but it doesnt.
//EDIT:
Forgott what I wrote. If found the problem:
--># post-up echo 1 > /proc/sys/net/ipv4/ip_forward
IP-Forwarding have to be enabled on network-device. Without forwarding, vnet1 is not "connected" to network-device
That is correct. Forwarding has to be enabled. That's why it was included in the instructions.
Great work on the tutorial, was able to set it up flawlessly.
Couple of question though, is there a way for my router to “see” machines connected to vnet1?
Also I believe I was able to set up static route for my router as well(OpenWrt), but my tv can’t connect to the 192.168.3.0 subnet. PC and other devices have no issues now was able to set routes for Windows and Linux..
Any ideas?
Couple of question though, is there a way for my router to “see” machines connected to vnet1?
Also I believe I was able to set up static route for my router as well(OpenWrt), but my tv can’t connect to the 192.168.3.0 subnet. PC and other devices have no issues now was able to set routes for Windows and Linux..
Any ideas?
Great work on the tutorial, was able to set it up flawlessly.
Couple of question though, is there a way for my router to “see” machines connected to vnet1?
Also I believe I was able to set up static route for my router as well(OpenWrt), but my tv can’t connect to the 192.168.3.0 subnet. PC and other devices have no issues now was able to set routes for Windows and Linux..
Any ideas?
The reason your Windows and Mac clients can access the vnet1 network is because you added explicit routes so they know how to reach the vnet. In the case of your TV, there's no way to add static routes. The only way to push static routes to a device like that would be if the DHCP server (in this case your router) can also push static routes to DHCP clients.
https://www.google.com/search?q=dhcp+static+route