Installing Proxmox Mail Gateway on AWS

Georgio

New Member
Sep 6, 2020
1
0
1
45
Hi,
I would like to deploy a Proxmox Mail Gateway on AWS. So, I followed the AWS import AMI tutorial. I installed Porxmox on VM Workstation first, then exported the image as OVF, then converted it to OVA and tried to import it to AWS. During the import process a received the error: "ClientError: EFI partition detected. UEFI booting is not supported in EC2."

The problem is with the EFI partition that Proxmox creates. Is there any way to install it without creating EFI partition, to make it BIOS bootable? Did somebody install Proxmox on AWS somehow? How did you do it?
 
I was able to get this to work in AWS, by reconfiguring Debian to use network-manager to completely manage the network connection (including ifupdown), then adding the ProxMox repository, updating ifupdown2 from there, THEN installing the mail gateway bits.

If you need, I can try and dig up my rough notes for how I did it.

I believe it was something along the lines of:

sudo rm /run/network/interfaces.d/ens5
You may need to change ens5 to something else, depending on what your interface is, but that was the default one for my AWS Debian 11 instances.

sudo rm /etc/network/interfaces

sudo nano /etc/network/interfaces


Then in this new "interfaces" file, enter only the following and save:
auto lo
iface lo inet loopback


sudo nano /etc/NetworkManager/NetworkManager.conf

In this file, change managed=false to managed=true and save

sudo nano /etc/NetworkManager/conf.d/10-globally-managed-devices.conf

In this new conf file, enter only the following and save:
[keyfile]
unmanaged-devices=none


sudo service NetworkManager restart

Then assuming you've added the proxmox repo:
sudo apt install ifupdown2

Then you should be able to install proxmox-mailgateway without issue.
 
Robbus

Thanks for the write-up, I have followed your instructions and I am almost there but got stuck with an installation error of ifupdown2

sudo apt install ifupdown2 Reading package lists... Done Building dependency tree... Done Suggested packages: python3-gvgen The following packages will be REMOVED: ifupdown The following NEW packages will be installed: ifupdown2 0 upgraded, 1 newly installed, 1 to remove and 5 not upgraded. Need to get 237 kB of archives. After this operation, 1463 kB of additional disk space will be used. Do you want to continue? [Y/n] y Get:1 http://download.proxmox.com/debian/pmg bullseye/pmg-no-subscription amd64 ifupdown2 all 3.1.0-1+pmx3 [237 kB] Fetched 237 kB in 0s (831 kB/s) dpkg: ifupdown: dependency problems, but removing anyway as you requested: cloud-init depends on ifupdown. (Reading database ... 31697 files and directories currently installed.) Removing ifupdown (0.8.36) ... Selecting previously unselected package ifupdown2. (Reading database ... 31661 files and directories currently installed.) Preparing to unpack .../ifupdown2_3.1.0-1+pmx3_all.deb ... Unpacking ifupdown2 (3.1.0-1+pmx3) ... Setting up ifupdown2 (3.1.0-1+pmx3) ... Installing new version of config file /etc/default/networking ... Reloading network config on first install error: lo : lo: pre-up cmd '/etc/network/if-pre-up.d/cloud_inet6' failed: returned 2 (/etc/network/if-pre-up.d/cloud_inet6: 11: ADDRFAM: parameter not set ) Processing triggers for man-db (2.9.4-2) ...

I tried disabling the ipv6 completely, but without success.

After this error when I install Proxmox mail gateway I am sometimes able to log in but after a little while it freezes and i loose the EC2 instance all together so there is still something wrong in my network configuration

Any further ideas how to trouble shoot or any pointers what I have missed?
 
Made some progress I installed ifupdown2 from the Debian repository so before adding the Proxmox repository.

ifupdown2/stable 3.1.0-1+pmx3 all [upgradable from: 3.0.0-1]

So installing version 3.0.0-1 gives me no error while installing version 3.1.0-1+pmx3 gives me the ipv6 error

error: lo : lo: pre-up cmd '/etc/network/if-pre-up.d/cloud_inet6' failed: returned 2 (/etc/network/if-pre-up.d/cloud_inet6: 11: ADDRFAM: parameter not set)

Then adding the
deb http://download.proxmox.com/debian/pmg bullseye pmg-no-subscription repository

and do the installation:

sudo apt install -y proxmox-mailgateway

reboot and I have access.

So now the questions is will the following update break the config



updateifupdown.png

For now, I disabled it from updating.

sudo apt-mark hold ifupdown2
 
Last edited:
Why not take a snapshot of your EC2 instance and then try to update. This would answer your question and help me decide if I should follow your footsteps or not ;)
 
OK, so I went ahead and wanted to try that myself with the above mentioned strategies using NetworkManager and both ifupdown 3.0.0/Debian and also another one with 3.1.0/Proxmox. Virgin t2.small instance with the stock Debian 11 API.

Both survived reboots, despite a few error messages from cloud-init and NetworkManager in the logs. So far both seem to work before installing PMG.

After installing and starting PMG the systems became unresponsive. Also after reboot all seems good until PMG starts then they go unresponsive. I could never connect to the web UI.

Network however seems to be up. Ping still works and my SSH sessions are still connected and my tail -f /var/log/syslog still gets updated, but unresponsive to my input (I managed to type top -d 30 but it never showed up).

So PMG not working may be unrelated to networking or a specific ifupdown2 version but I am not sure, since network seems kind of up.

Also, the above mentioned error seems to exist with both versions, but ifupdown2 3.1.0/Proxmox seems to restart network during install while 3.0.1 seemingly does not. After manual restart it shows the same error: error: lo : lo: pre-up cmd '/etc/network/if-pre-up.d/cloud_inet6' failed: returned 2 (/etc/network/if-pre-up.d/cloud_inet6: 11: ADDRFAM: parameter not set)

tail -f /var/log/syslog when PMG starts and systems become unresponsive:

Code:
11:43:25 ip..3 systemd[1]: Reloading.
11:43:26 ip..3 systemd[1]: /lib/systemd/system/clamav-freshclam.service:11: Standard output type syslog is obsolete, automatically updating to journal. Please update your unit file, and consider removing the setting altogether.
11:43:26 ip..3 systemd[1]: /lib/systemd/system/clamav-daemon.service:12: Standard output type syslog is obsolete, automatically updating to journal. Please update your unit file, and consider removing the setting altogether.
11:43:26 ip..3 systemd[1]: Reloading.
11:43:26 ip..3 systemd[1]: /lib/systemd/system/clamav-freshclam.service:11: Standard output type syslog is obsolete, automatically updating to journal. Please update your unit file, and consider removing the setting altogether.
11:43:26 ip..3 systemd[1]: /lib/systemd/system/clamav-daemon.service:12: Standard output type syslog is obsolete, automatically updating to journal. Please update your unit file, and consider removing the setting altogether.
11:43:26 ip..3 systemd[1]: Started Daily Proxmox Mail Gateway activities.
11:43:26 ip..3 systemd[1]: Started Hourly Proxmox Mail Gateway activities.
11:43:26 ip..3 systemd[1]: Started Send Daily System Report Mail.
11:43:26 ip..3 systemd[1]: Started Send Daily Spam Report Mails.
11:43:26 ip..3 systemd[1]: Condition check resulted in Proxmox Mail Gateway Database Mirror Daemon being skipped.
11:43:26 ip..3 systemd[1]: Starting Proxmox Mail Gateway Policy Daemon...
11:43:26 ip..3 systemd[1]: Condition check resulted in Proxmox Mail Gateway Cluster Tunnel Daemon being skipped.
11:43:28 ip..3 pmgpolicy[27203]: Process Backgrounded
11:43:28 ip..3 pmgpolicy[27203]: 2022/11/08-11:43:28 main (type Net::Server::PreForkSimple) starting! pid(27203)
11:43:28 ip..3 pmgpolicy[27203]: Binding to TCP port 10022 on host 127.0.0.1 with IPv4
11:43:28 ip..3 pmgpolicy[27203]: Group Not Defined.  Defaulting to EGID '0'
11:43:28 ip..3 pmgpolicy[27203]: User Not Defined.  Defaulting to EUID '0'
11:43:28 ip..3 pmgpolicy[27203]: Setting up serialization via flock
11:43:28 ip..3 pmgpolicy[27203]: Policy daemon (re)started
11:43:28 ip..3 pmgpolicy[27203]: Beginning prefork (5 processes)
11:43:28 ip..3 pmgpolicy[27203]: Starting "5" children
11:43:28 ip..3 systemd[1]: Started Proxmox Mail Gateway Policy Daemon.
11:43:28 ip..3 systemd[1]: Reloading.
11:43:28 ip..3 systemd[1]: /lib/systemd/system/clamav-freshclam.service:11: Standard output type syslog is obsolete, automatically updating to journal. Please update your unit file, and consider removing the setting altogether.
11:43:28 ip..3 systemd[1]: /lib/systemd/system/clamav-daemon.service:12: Standard output type syslog is obsolete, automatically updating to journal. Please update your unit file, and consider removing the setting altogether.
11:43:29 ip..3 systemd[1]: Reloading.
11:43:29 ip..3 systemd[1]: /lib/systemd/system/clamav-freshclam.service:11: Standard output type syslog is obsolete, automatically updating to journal. Please update your unit file, and consider removing the setting altogether.
11:43:29 ip..3 systemd[1]: /lib/systemd/system/clamav-daemon.service:12: Standard output type syslog is obsolete, automatically updating to journal. Please update your unit file, and consider removing the setting altogether.
11:43:29 ip..3 systemd[1]: Starting Proxmox Mail Gateway's privileged loopback API daemon...
11:43:31 ip..3 pmgdaemon[27290]: starting server
11:43:31 ip..3 pmgdaemon[27290]: starting 3 worker(s)
11:43:31 ip..3 pmgdaemon[27290]: worker 27291 started
11:43:31 ip..3 pmgdaemon[27290]: worker 27292 started
11:43:31 ip..3 pmgdaemon[27290]: worker 27293 started
11:43:31 ip..3 systemd[1]: Started Proxmox Mail Gateway's privileged loopback API daemon.
11:43:31 ip..3 systemd[1]: Starting Proxmox Mail Gateway's unprivileged API and API-proxy daemon...
11:43:33 ip..3 pmgproxy[27302]: starting server
11:43:33 ip..3 pmgproxy[27302]: starting 3 worker(s)
11:43:33 ip..3 pmgproxy[27302]: worker 27303 started
11:43:33 ip..3 pmgproxy[27302]: worker 27304 started
11:43:33 ip..3 pmgproxy[27302]: worker 27305 started
11:43:34 ip..3 systemd[1]: Started Proxmox Mail Gateway's unprivileged API and API-proxy daemon.
11:47:29 ip..3 pmg-smtp-filter[26499]: starting database maintenance
11:51:29 ip..3 pmgpolicy[27203]: starting policy database maintenance (greylist, rbl)

Network related logs on boot:

Code:
cloud-ifupdown-helper: Generated configuration for eth0
systemd[1]: Found device /sys/subsystem/net/devices/eth0.
systemd[1]: Finished Helper to synchronize boot up for ifupdown.
cloud-init[323]: Cloud-init v. 20.4.1 running 'init-local' at Tue, 08 Nov 2022 09:28:23 +0000. Up 6.03 seconds.
dhclient[327]: Internet Systems Consortium DHCP Client 4.4.1
dhclient[327]: Copyright 2004-2018 Internet Systems Consortium.
dhclient[327]: All rights reserved.
dhclient[327]: For info, please visit https://www.isc.org/software/dhcp/
dhclient[327]:
dhclient[327]: Listening on LPF/eth0/0a:f2:99:0e:5a:65
dhclient[327]: Sending on   LPF/eth0/0a:f2:99:0e:5a:65
dhclient[327]: Sending on   Socket/fallback
dhclient[327]: DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 3
dhclient[327]: DHCPOFFER of 172.31.14.93 from 172.31.0.1
dhclient[327]: DHCPREQUEST for 172.31.14.93 on eth0 to 255.255.255.255 port 67
dhclient[327]: DHCPACK of 172.31.14.93 from 172.31.0.1
dhclient[327]: bound to 172.31.14.93 -- renewal in 1607 seconds.
systemd[1]: Finished Initial cloud-init job (pre-networking).
systemd[1]: Reached target Network (Pre).
systemd[1]: Starting Network initialization...
networking[343]: networking: Configuring network interfaces
networking[358]: error: lo : lo: pre-up cmd '/etc/network/if-pre-up.d/cloud_inet6' failed: returned 2 (/etc/network/if-pre-up.d/cloud_inet6: 11>
networking[358]: )
systemd[1]: Finished Network initialization.
systemd[1]: Starting Initial cloud-init job (metadata service crawler)...
systemd[1]: Started ifup for eth0.
ifup[378]: error: main exception: cannot find interfaces: eth0
systemd[1]: ifup@eth0.service: Main process exited, code=exited, status=1/FAILURE
systemd[1]: ifup@eth0.service: Failed with result 'exit-code'.
cloud-init[389]: Cloud-init v. 20.4.1 running 'init' at Tue, 08 Nov 2022 09:28:24 +0000. Up 7.54 seconds.
cloud-init[389]: ci-info: +++++++++++++++++++++++++++Net device info++++++++++++++++++++++++++++
cloud-init[389]: ci-info: +--------+-------+-----------+-----------+-------+-------------------+
cloud-init[389]: ci-info: | Device |   Up  |  Address  |    Mask   | Scope |     Hw-Address    |
cloud-init[389]: ci-info: +--------+-------+-----------+-----------+-------+-------------------+
cloud-init[389]: ci-info: |  eth0  | False |     .     |     .     |   .   | 0a:f2:99:0e:5a:65 |
cloud-init[389]: ci-info: |   lo   |  True | 127.0.0.1 | 255.0.0.0 |  host |         .         |
cloud-init[389]: ci-info: |   lo   |  True |  ::1/128  |     .     |  host |         .         |
cloud-init[389]: ci-info: +--------+-------+-----------+-----------+-------+-------------------+
cloud-init[389]: ci-info: +++++++++++++++++++Route IPv6 info+++++++++++++++++++
cloud-init[389]: ci-info: +-------+-------------+---------+-----------+-------+
cloud-init[389]: ci-info: | Route | Destination | Gateway | Interface | Flags |
cloud-init[389]: ci-info: +-------+-------------+---------+-----------+-------+
cloud-init[389]: ci-info: +-------+-------------+---------+-----------+-------+

NetworkManager[417]: <info>  [1667899705.5960] NetworkManager (version 1.30.6) is starting... (for the first time)
NetworkManager[417]: <info>  [1667899705.5961] Read config: /etc/NetworkManager/NetworkManager.conf (lib: no-mac-addr-change.conf) (etc: 10-globally-managed-devices.conf)
NetworkManager[417]: <info>  [1667899705.6222] bus-manager: acquired D-Bus service "org.freedesktop.NetworkManager"
NetworkManager[417]: <info>  [1667899705.6392] manager[0x55e8947af040]: monitoring kernel firmware directory '/lib/firmware'.
NetworkManager[417]: <info>  [1667899705.6392] monitoring ifupdown state file '/run/network/ifstate'.
dbus-daemon[416]: [system] Activating via systemd: service name='org.freedesktop.hostname1' unit='dbus-org.freedesktop.hostname1.service' requested by ':1.4' (uid=0 pid=417 comm="/usr/sbin/NetworkManager --no-daemon ")
NetworkManager[417]: <info>  [1667899706.0332] hostname: hostname: using hostnamed
NetworkManager[417]: <info>  [1667899706.0332] hostname: hostname changed from (none) to "ip-172-31-14-93"
NetworkManager[417]: <info>  [1667899706.0335] dns-mgr[0x55e8947a4170]: init: dns=default,systemd-resolved rc-manager=symlink (auto)
NetworkManager[417]: <info>  [1667899706.0520] Loaded device plugin: NMWifiFactory (/usr/lib/x86_64-linux-gnu/NetworkManager/1.30.6/libnm-device-plugin-wifi.so)
NetworkManager[417]: <info>  [1667899706.0564] Loaded device plugin: NMTeamFactory (/usr/lib/x86_64-linux-gnu/NetworkManager/1.30.6/libnm-device-plugin-team.so)
NetworkManager[417]: <info>  [1667899706.0692] Loaded device plugin: NMBluezManager (/usr/lib/x86_64-linux-gnu/NetworkManager/1.30.6/libnm-device-plugin-bluetooth.so)
NetworkManager[417]: <info>  [1667899706.0716] Loaded device plugin: NMAtmManager (/usr/lib/x86_64-linux-gnu/NetworkManager/1.30.6/libnm-device-plugin-adsl.so)
NetworkManager[417]: <info>  [1667899706.0729] Loaded device plugin: NMWwanFactory (/usr/lib/x86_64-linux-gnu/NetworkManager/1.30.6/libnm-device-plugin-wwan.so)
NetworkManager[417]: <info>  [1667899706.0732] manager: rfkill: Wi-Fi enabled by radio killswitch; enabled by state file
NetworkManager[417]: <info>  [1667899706.0732] manager: rfkill: WWAN enabled by radio killswitch; enabled by state file
NetworkManager[417]: <info>  [1667899706.0733] manager: Networking is enabled by state file
NetworkManager[417]: <info>  [1667899706.0735] dhcp-init: Using DHCP client 'internal'
dbus-daemon[416]: [system] Activating via systemd: service name='org.freedesktop.nm_dispatcher' unit='dbus-org.freedesktop.nm-dispatcher.service' requested by ':1.4' (uid=0 pid=417 comm="/usr/sbin/NetworkManager --no-daemon ")
NetworkManager[417]: <info>  [1667899706.0763] settings: Loaded settings plugin: ifupdown ("/usr/lib/x86_64-linux-gnu/NetworkManager/1.30.6/libnm-settings-plugin-ifupdown.so")
NetworkManager[417]: <info>  [1667899706.0763] settings: Loaded settings plugin: keyfile (internal)
NetworkManager[417]: <info>  [1667899706.0763] ifupdown: management mode: managed
NetworkManager[417]: <info>  [1667899706.0764] ifupdown:       interface-parser: parsing file /etc/network/interfaces
NetworkManager[417]: <info>  [1667899706.0764] ifupdown:       interface-parser: finished parsing file /etc/network/interfaces
NetworkManager[417]: <info>  [1667899706.0836] device (lo): carrier: link connected
NetworkManager[417]: <info>  [1667899706.0842] manager: (lo): new Generic device (/org/freedesktop/NetworkManager/Devices/1)
NetworkManager[417]: <info>  [1667899706.0850] manager: (eth0): new Ethernet device (/org/freedesktop/NetworkManager/Devices/2)
NetworkManager[417]: <info>  [1667899706.0920] settings: (eth0): created default wired connection 'Wired connection 1'
NetworkManager[417]: <info>  [1667899706.0945] device (eth0): state change: unmanaged -> unavailable (reason 'managed', sys-iface-state: 'external')
NetworkManager[417]: <info>  [1667899706.0959] device (eth0): carrier: link connected
NetworkManager[417]: <warn>  [1667899706.1094] Error: failed to open /run/network/ifstate
NetworkManager[417]: <info>  [1667899706.1171] modem-manager: ModemManager available
NetworkManager[417]: <info>  [1667899706.1183] device (eth0): state change: unavailable -> disconnected (reason 'none', sys-iface-state: 'managed')
NetworkManager[417]: <info>  [1667899706.1233] policy: auto-activating connection 'Wired connection 1' (d1bb5f0c-f7fe-319e-be01-fee2fefcd9b8)
NetworkManager[417]: <info>  [1667899706.1272] device (eth0): Activation: starting connection 'Wired connection 1' (d1bb5f0c-f7fe-319e-be01-fee2fefcd9b8)
NetworkManager[417]: <info>  [1667899706.1279] device (eth0): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed')
NetworkManager[417]: <info>  [1667899706.1300] manager: NetworkManager state is now CONNECTING
NetworkManager[417]: <info>  [1667899706.1311] device (eth0): state change: prepare -> config (reason 'none', sys-iface-state: 'managed')
NetworkManager[417]: <info>  [1667899706.1331] device (eth0): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed')
NetworkManager[417]: <info>  [1667899706.1351] dhcp4 (eth0): activation: beginning transaction (timeout in 45 seconds)
NetworkManager[417]: <info>  [1667899706.1530] dhcp4 (eth0): state changed unknown -> bound, address=172.31.14.93
NetworkManager[417]: <info>  [1667899706.1541] device (eth0): state change: ip-config -> ip-check (reason 'none', sys-iface-state: 'managed')
NetworkManager[417]: <info>  [1667899706.1612] device (eth0): state change: ip-check -> secondaries (reason 'none', sys-iface-state: 'managed')
NetworkManager[417]: <info>  [1667899706.1623] device (eth0): state change: secondaries -> activated (reason 'none', sys-iface-state: 'managed')
NetworkManager[417]: <info>  [1667899706.1642] manager: NetworkManager state is now CONNECTED_LOCAL
NetworkManager[417]: <info>  [1667899706.1684] manager: NetworkManager state is now CONNECTED_SITE
NetworkManager[417]: <info>  [1667899706.1691] policy: set 'Wired connection 1' (eth0) as default for IPv4 routing and DNS
dbus-daemon[416]: [system] Activating via systemd: service name='org.freedesktop.resolve1' unit='dbus-org.freedesktop.resolve1.service' requested by ':1.4' (uid=0 pid=417 comm="/usr/sbin/NetworkManager --no-daemon ")
NetworkManager[417]: <info>  [1667899706.1757] device (eth0): Activation: successful, device activated.
NetworkManager[417]: <info>  [1667899706.1763] manager: NetworkManager state is now CONNECTED_GLOBAL
NetworkManager[417]: <info>  [1667899706.1767] manager: startup complete
systemd[1]: NetworkManager-dispatcher.service: Succeeded.
 
Last edited:
Turns out EC2 instance type t2.small (1 vCPU, 2GB) are too small, unresponsiveness was caused by clamd starting up and never recovering. Changing to instance type t2.medium (2 vCPU, 4GB RAM) or t2.large (8GB) solved the problem.

So, after all this back and forth it seems it works just fine with ifupdown2 3.1.0-1 from the Proxmox repository. However, I was not happy about the network config hack and found there is a way to get PMG to work with the AMIs original network setup by using apt install proxmox-mailgateway-container instead.

https://pmg.proxmox.com/pmg-docs/pmg-admin-guide.html#pmg_install_on_debian_container

After reading this post from @si458 I simply did the following to get it to work:

Install fresh Debian11 EC2 instance via EC2 console.

After the first login:

sudo apt update sudo apt dist-upgrade

set a root password:

sudo root passwd root exit

Add the No-Subscription repository:

sudo nano /etc/apt/sources.list

Add the following:
# PMG pmg-no-subscription repository provided by proxmox.com, # NOT recommended for production use deb http://download.proxmox.com/debian/pmg bullseye pmg-no-subscription

Install the Proxmox key:

sudo wget https://enterprise.proxmox.com/debian/proxmox-release-bullseye.gpg -O /etc/apt/trusted.gpg.d/proxmox-release-bullseye.gpg

dist-upgrade the OS to install the ifupdown module and reboot:

sudo apt update sudo apt dist-upgrade sudo reboot now

After reboot:

sudo apt install proxmox-mailgateway-container ifupdown

I added ifupdown to the apt install command to avoid it being uninstalled. I believe it is needed for cloud-init to work, others posted they had to reinstall it again after PMG install but this should avoid it.

Then login as root using the web UI.

I hope this install will now work as a base for a good PMG setup. Trying to replace a Windows based MDaemon mail server that lives in a Windows EC2 instance - however, it runs Windows Server 2019 including ClamAV and a lot of other things on a t2.small without any performance problems, so getting Proxmox Mail Gateway to work on t2.small would be almost a requirement before I get the go-ahead. I hope this turns out to be a clamd bug or something.
 
Last edited:
The default Debian AMI I tested in AWS seems to come without swap space configured.

If proper swap is assigned PMG also starts properly on t2.small with 2GiB of memory only and another 2GiB of swap.

As far as I can tell, swap is required by clamd to properly start on t2small with only 2GiB.
 
AlexHK thanks for the update after enabling Clam antivirus, immediate the memory consumption jumped, so I decided to upgrade to t3a.medium. GP3. As the server isn't handling any traffic yet apart from some testing and sitting at 2.2GB we are already using the SWAP.

memory.png
 
I apologize for not answering sooner, although it looks like it was already mostly figured out:

I forgot in my steps (it was a rough list based on memory) that I actually removed cloud-init and netplan.io after installing (but before configuring) network-manager. From my own bash_history:

sudo rm /run/network/interfaces.d/ens5
sudo rm /etc/network/interfaces
sudo nano /etc/network/interfaces
sudo apt update
sudo apt install htop network-manager
sudo apt remove cloud-init netplan.io
sudo nano /etc/NetworkManager/NetworkManager.conf
sudo nano /etc/NetworkManager/conf.d/10-globally-managed-devices.conf
sudo service NetworkManager restart

I had not run in to any if the issues with ifdown2 that you're seeing, so I wonder if that's the key part missing from my original steps.

As for performance, t3a.medium at the minimum for me :)
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!