if the LAN cable is not connected to the server, the VM will not start

I

ips

New Member
Nov 29, 2025
1
0
1
Hello,
I did fresh install of proxmox 9.1 and have problem if the LAN cable is not connected to the server vmbr0, the vm will not start after adding a virtual interface and
apparmor="DENIED" profile="/{,usr/}sbin/dhclient"
but the file contains a permission policy in /etc/apparmor.d/usr.sbin.dhclient
owner @{PROC}/@{pid}/task/[0-9]*/comm rw,

I'm currently connected to nic1 because I have the server at home and I'm configuring it before installing it at the company
any ideas?

pveversion -v
Code: 
proxmox-ve: 9.1.0 (running kernel: 6.17.2-2-pve)
pve-manager: 9.1.1 (running version: 9.1.1/42db4a6cf33dac83)
proxmox-kernel-helper: 9.0.4
proxmox-kernel-6.17.2-2-pve-signed: 6.17.2-2
proxmox-kernel-6.17: 6.17.2-2
proxmox-kernel-6.17.2-1-pve-signed: 6.17.2-1
ceph-fuse: 19.2.3-pve2
corosync: 3.1.9-pve2
criu: 4.1.1-1
frr-pythontools: 10.3.1-1+pve4
ifupdown2: 3.3.0-1+pmx11
intel-microcode: 3.20250812.1~deb13u1
ksm-control-daemon: 1.5-1
libjs-extjs: 7.0.0-5
libproxmox-acme-perl: 1.7.0
libproxmox-backup-qemu0: 2.0.1
libproxmox-rs-perl: 0.4.1
libpve-access-control: 9.0.4
libpve-apiclient-perl: 3.4.2
libpve-cluster-api-perl: 9.0.7
libpve-cluster-perl: 9.0.7
libpve-common-perl: 9.0.15
libpve-guest-common-perl: 6.0.2
libpve-http-server-perl: 6.0.5
libpve-network-perl: 1.2.3
libpve-rs-perl: 0.11.3
libpve-storage-perl: 9.1.0
libspice-server1: 0.15.2-1+b1
lvm2: 2.03.31-2+pmx1
lxc-pve: 6.0.5-3
lxcfs: 6.0.4-pve1
novnc-pve: 1.6.0-3
proxmox-backup-client: 4.1.0-1
proxmox-backup-file-restore: 4.1.0-1
proxmox-backup-restore-image: 1.0.0
proxmox-firewall: 1.2.1
proxmox-kernel-helper: 9.0.4
proxmox-mail-forward: 1.0.2
proxmox-mini-journalreader: 1.6
proxmox-offline-mirror-helper: 0.7.3
proxmox-widget-toolkit: 5.1.2
pve-cluster: 9.0.7
pve-container: 6.0.18
pve-docs: 9.1.1
pve-edk2-firmware: 4.2025.05-2
pve-esxi-import-tools: 1.0.1
pve-firewall: 6.0.4
pve-firmware: 3.17-2
pve-ha-manager: 5.0.8
pve-i18n: 3.6.4
pve-qemu-kvm: 10.1.2-4
pve-xtermjs: 5.5.0-3
qemu-server: 9.1.0
smartmontools: 7.4-pve1
spiceterm: 3.4.1
swtpm: 0.8.0+pve3
vncterm: 1.9.1
zfsutils-linux: 2.3.4-pve1

cat /etc/network/interfaces
Code: 
auto lo
iface lo inet loopback

iface nic0 inet manual

auto nic1
iface nic1 inet dhcp

auto vmbr0
iface vmbr0 inet static
        address 10.10.75.10/24
        bridge-ports nic0
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 2-4094
#gateway 10.10.75.1

source /etc/network/interfaces.d/*

ethtool -k nic0
Code: 
Features for nic0:
rx-checksumming: on
tx-checksumming: on
        tx-checksum-ipv4: off [fixed]
        tx-checksum-ip-generic: on
        tx-checksum-ipv6: off [fixed]
        tx-checksum-fcoe-crc: off [fixed]
        tx-checksum-sctp: on
scatter-gather: on
        tx-scatter-gather: on
        tx-scatter-gather-fraglist: off [fixed]
tcp-segmentation-offload: on
        tx-tcp-segmentation: on
        tx-tcp-ecn-segmentation: off [fixed]
        tx-tcp-mangleid-segmentation: off
        tx-tcp6-segmentation: on
        tx-tcp-accecn-segmentation: off [fixed]
generic-segmentation-offload: on
generic-receive-offload: on
large-receive-offload: off [fixed]
rx-vlan-offload: on
tx-vlan-offload: on
ntuple-filters: off
receive-hashing: on
highdma: on [fixed]
rx-vlan-filter: on [fixed]
vlan-challenged: off [fixed]
tx-gso-robust: off [fixed]
tx-fcoe-segmentation: off [fixed]
tx-gre-segmentation: on
tx-gre-csum-segmentation: on
tx-ipxip4-segmentation: on
tx-ipxip6-segmentation: on
tx-udp_tnl-segmentation: on
tx-udp_tnl-csum-segmentation: on
tx-gso-partial: on
tx-tunnel-remcsum-segmentation: off [fixed]
tx-sctp-segmentation: off [fixed]
tx-esp-segmentation: off [fixed]
tx-udp-segmentation: on
tx-gso-list: off [fixed]
tx-nocache-copy: off
loopback: off [fixed]
rx-fcs: off [fixed]
rx-all: off
tx-vlan-stag-hw-insert: off [fixed]
rx-vlan-stag-hw-parse: off [fixed]
rx-vlan-stag-filter: off [fixed]
l2-fwd-offload: off [fixed]
hw-tc-offload: on
esp-hw-offload: off [fixed]
esp-tx-csum-hw-offload: off [fixed]
rx-udp_tunnel-port-offload: off [fixed]
tls-hw-tx-offload: off [fixed]
tls-hw-rx-offload: off [fixed]
rx-gro-hw: off [fixed]
tls-hw-record: off [fixed]
rx-gro-list: off
macsec-hw-offload: off [fixed]
rx-udp-gro-forwarding: off
hsr-tag-ins-offload: off [fixed]
hsr-tag-rm-offload: off [fixed]
hsr-fwd-offload: off [fixed]
hsr-dup-offload: off [fixed]

ip route
Code: 
default via 172.16.43.1 dev nic1 
10.10.75.0/24 dev vmbr0 proto kernel scope link src 10.10.75.10 linkdown 
172.16.43.0/24 dev nic1 proto kernel scope link src 172.16.43.14

dmesg
Code: 
[    8.773509] igb 0000:07:00.0 nic1: igb: nic1 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX
[    9.593356] kauditd_printk_skb: 110 callbacks suppressed
[    9.593359] audit: type=1400 audit(1764408357.584:121): apparmor="DENIED" operation="create" class="net" info="failed protocol match" error=-13 profile="/{,usr/}sbin/dhclient" pid=959 comm="dhclient" family="unix" sock_type="dgram" protocol=0 requested="create" denied="create" addr=none
[    9.597767] audit: type=1400 audit(1764408357.588:122): apparmor="DENIED" operation="create" class="net" info="failed protocol match" error=-13 profile="/{,usr/}sbin/dhclient" pid=960 comm="dhclient" family="unix" sock_type="stream" protocol=0 requested="create" denied="create" addr=none
[    9.597772] audit: type=1400 audit(1764408357.588:123): apparmor="DENIED" operation="create" class="net" info="failed protocol match" error=-13 profile="/{,usr/}sbin/dhclient" pid=960 comm="dhclient" family="unix" sock_type="stream" protocol=0 requested="create" denied="create" addr=none
[    9.625919] audit: type=1400 audit(1764408357.618:124): apparmor="DENIED" operation="capable" class="cap" profile="/{,usr/}sbin/dhclient" pid=960 comm="dhclient" capability=21  capname="sys_admin"
[    9.626033] audit: type=1400 audit(1764408357.618:125): apparmor="DENIED" operation="create" class="net" info="failed protocol match" error=-13 profile="/{,usr/}sbin/dhclient" pid=960 comm="dhclient" family="unix" sock_type="dgram" protocol=0 requested="create" denied="create" addr=none
[    9.634198] audit: type=1400 audit(1764408357.626:126): apparmor="DENIED" operation="create" class="net" info="failed protocol match" error=-13 profile="/{,usr/}sbin/dhclient" pid=960 comm="dhclient" family="unix" sock_type="dgram" protocol=0 requested="create" denied="create" addr=none
[    9.634201] audit: type=1400 audit(1764408357.626:127): apparmor="DENIED" operation="create" class="net" info="failed protocol match" error=-13 profile="/{,usr/}sbin/dhclient" pid=960 comm="dhclient" family="unix" sock_type="dgram" protocol=0 requested="create" denied="create" addr=none
[    9.642896] audit: type=1400 audit(1764408357.635:128): apparmor="DENIED" operation="create" class="net" info="failed protocol match" error=-13 profile="/{,usr/}sbin/dhclient" pid=960 comm="dhclient" family="unix" sock_type="dgram" protocol=0 requested="create" denied="create" addr=none
[    9.662420] audit: type=1400 audit(1764408357.653:129): apparmor="DENIED" operation="create" class="net" info="failed protocol match" error=-13 profile="/{,usr/}sbin/dhclient" pid=960 comm="dhclient" family="unix" sock_type="dgram" protocol=0 requested="create" denied="create" addr=none
[    9.678834] vmbr0: port 1(nic0) entered blocking state
[    9.678839] vmbr0: port 1(nic0) entered disabled state
[    9.678851] igb 0000:06:00.0 nic0: entered allmulticast mode
[   10.026161] audit: type=1400 audit(1764408358.017:130): apparmor="STATUS" operation="profile_replace" info="same as current profile, skipping" profile="unconfined" name="/usr/bin/lxc-copy" pid=1062 comm="apparmor_parser"
[   22.232561] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  366.981622] kauditd_printk_skb: 5 callbacks suppressed
[  366.981624] audit: type=1400 audit(1764408714.557:136): apparmor="DENIED" operation="capable" class="cap" profile="swtpm" pid=2345 comm="swtpm" capability=21  capname="sys_admin"
[  367.507738] tap100i0: entered promiscuous mode
[  367.530557] vmbr0: port 2(tap100i0) entered blocking state
[  367.530561] vmbr0: port 2(tap100i0) entered disabled state
[  367.530570] tap100i0: entered allmulticast mode
[  367.530793] igb 0000:06:00.0 nic0: entered promiscuous mode
[  367.539582] vmbr0: port 2(tap100i0) entered blocking state
[  367.539584] vmbr0: port 2(tap100i0) entered forwarding state
[  537.692305] tap100i0: left allmulticast mode
[  537.692320] vmbr0: port 2(tap100i0) entered disabled state
[  537.700928] igb 0000:06:00.0 nic0: left promiscuous mode

journalctl
Code: 
Nov 28 15:26:34 pve pvedaemon[7788]: start failed: QEMU exited with code 1
Nov 28 15:26:34 pve pvedaemon[1195]: <root@pam> end task UPID:pve:00001E6C:00032CAF:6929B118:qmstart:100:root@pam: start failed: QEMU exited with code 1
Nov 28 15:26:34 pve qm[7877]: VM 100 qmp command failed - VM 100 not running
Nov 28 15:26:34 pve pvedaemon[7870]: Failed to run vncproxy.
Nov 28 15:26:34 pve pvedaemon[1197]: <root@pam> end task UPID:pve:00001EBE:00032D4C:6929B11A:vncproxy:100:root@pam: Failed to run vncproxy.
Nov 28 15:28:09 pve pvedaemon[8149]: start failed: QEMU exited with code 1
Nov 28 15:28:09 pve pvedaemon[1197]: <root@pam> end task UPID:pve:00001FD5:000351FA:6929B178:qmstart:100:root@pam: start failed: QEMU exited with code 1
Nov 28 15:52:10 pve pveproxy[12142]: got inotify poll request in wrong process - disabling inotify
Nov 28 17:18:37 pve pvedaemon[25804]: start failed: QEMU exited with code 1
Nov 28 17:18:37 pve pvedaemon[1197]: <root@pam> end task UPID:pve:000064CC:000D6F07:6929CB5B:qmstart:100:root@pam: start failed: QEMU exited with code 1
Nov 28 17:31:08 pve pvedaemon[28019]: VM 100 qmp command failed - VM 100 not running
Nov 28 17:31:08 pve pvedaemon[28019]: VM 100 qmp command failed - VM 100 not running
 
You must log in or register to reply here.
Top Bottom