Internal SDN network cannot reach local network

SepiDre · Saturday at 17:19

Hello there

I am new to network debugging with SDN networks, please be patient with me

The Story

I had proxmox running at home with a local IP 192.168.1.10/24.
This guy has a internal SDN network (done by tutorial) 192.168.10.0/24.
All server within the SDN could reach the internet.
I have a docker swarm running there.

Now I have moved the server to my office to the local IP Address 10.0.38.10/24.

Proxmox is reachable, a windows VM as well.
All VM and CT within the SDN network are not able to reach anything... exept:
tailscale could do the up, but thats all.

I tinkered with the MTU a bit bit then even tailscale did not work.
Pls help me ;(
If you need any logs pls tell me what logs

Thank you very much!

Here are some network tests

Code:

root@tailscale:~# ping 192.168.10.1
PING 192.168.10.1 (192.168.10.1) 56(84) bytes of data.
64 bytes from 192.168.10.1: icmp_seq=1 ttl=64 time=0.039 ms
64 bytes from 192.168.10.1: icmp_seq=2 ttl=64 time=0.046 ms

--- 192.168.10.1 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1011ms
rtt min/avg/max/mdev = 0.039/0.042/0.046/0.003 ms


root@tailscale:~# ping 10.0.38.10
PING 10.0.38.10 (10.0.38.10) 56(84) bytes of data.

--- 10.0.38.10 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2075ms

root@tailscale:~# ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1) 56(84) bytes of data.

--- 1.1.1.1 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1036ms

Code:

root@tailscale:~# routel 
Dst             Gateway         Prefsrc         Protocol Scope   Dev              Table
10.0.                                                tailscale0       52
10.0.                                              tailscale0       52
100.                                                tailscale0       52
100.                                          tailscale0       52
100.                                              tailscale0       52
100.                                                 tailscale0       52
100.                                                 tailscale0       52
100.                                                tailscale0       52
100.                                                 tailscale0       52
100.                                                    tailscale0       52
100.                                             tailscale0       52
100.                                        tailscale0       52
100.                                               tailscale0       52
100.                                                tailscale0       52
100.                                               tailscale0       52
100.                                               tailscale0       52
192.                                                   tailscale0       52
default         192.168.10.1                    static           eth0             
default         10.0.38.1                       static           eth1             
10.0.38.0/24                    10.0.38.253     kernel   link    eth1             
192.168.10.0/24                 192.168.10.2    kernel   link    eth0             
10.0.38.253                     10.0.38.253     kernel   host    eth1             local
10.0.38.255                     10.0.38.253     kernel   link    eth1             local
100.72.204.27                   100.72.204.27   kernel   host    tailscale0       local
127.0.0.0/8                     127.0.0.1       kernel   host    lo               local
127.0.0.1                       127.0.0.1       kernel   host    lo               local
127.255.255.255                 127.0.0.1       kernel   link    lo               local
192.168.10.2                    192.168.10.2    kernel   host    eth0             local
192.168.10.255                  192.168.10.2    kernel   link    eth0             local

Code:

❯ traceroute 1.1.1.1
traceroute to 1.1.1.1 (1.1.1.1), 30 hops max, 60 byte packets
 1  _gateway (192.168.10.1)  0.110 ms  0.088 ms  0.078 ms
 2  * * *
 3  * * *
 4  * * *
 5  * * *
 6  * * *
 7  *
 
 ❯ traceroute 192.168.10.2
traceroute to 192.168.10.2 (192.168.10.2), 30 hops max, 60 byte packets
 1  192.168.10.2 (192.168.10.2)  0.115 ms  0.087 ms  0.078 ms
 
 ❯ traceroute 192.168.10.1
traceroute to 192.168.10.1 (192.168.10.1), 30 hops max, 60 byte packets
 1  _gateway (192.168.10.1)  0.110 ms  0.080 ms  0.069 ms

❯ traceroute 10.0.38.10  -> This is resolved through tailscale
traceroute to 10.0.38.10 (10.0.38.10), 30 hops max, 60 byte packets
 1  10.0.38.10 (10.0.38.10)  0.092 ms  0.065 ms  0.053 ms

SepiDre · Saturday at 21:36

Also the network sometimes seems somehow stuck.

ggoller · Monday at 10:57

Hi!
you could check if tailscale is working using tailscale status. To check where the packets are going a tcpdump -envi any would also be useful. What SDN tutorial did you follow? How does your sdn config look like:

Code:

grep -r '' /etc/pve/sdn/*.cfg
cat /etc/network/interfaces
cat /etc/network/interfaces.d/sdn

ip a

qm config <vmid-of-tailscale-vm>

?

SepiDre · 2026-02-18T11:39:30+0100

Hi @ggoller ,

thanks for your reply.
I don't know which tutorial I used. After it worked it was done for me.

Here the results:

grep -r '' /etc/pve/sdn/*.cfg

Code:

/etc/pve/sdn/subnets.cfg:subnet: sdn1-192.168.10.0-24
/etc/pve/sdn/subnets.cfg:       vnet net10
/etc/pve/sdn/subnets.cfg:       dhcp-range start-address=192.168.10.100,end-address=192.168.10.200
/etc/pve/sdn/subnets.cfg:       gateway 192.168.10.1
/etc/pve/sdn/subnets.cfg:       snat 1
/etc/pve/sdn/subnets.cfg:
/etc/pve/sdn/vnets.cfg:vnet: net10
/etc/pve/sdn/vnets.cfg: zone sdn1
/etc/pve/sdn/vnets.cfg:
/etc/pve/sdn/zones.cfg:simple: sdn1
/etc/pve/sdn/zones.cfg: dhcp dnsmasq
/etc/pve/sdn/zones.cfg: ipam pve
/etc/pve/sdn/zones.cfg:

cat /etc/network/interfaces

Code:

# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!

auto lo
iface lo inet loopback

iface enp5s0 inet manual

auto vmbr0
iface vmbr0 inet static
        address 10.0.38.10/24
        gateway 10.0.38.1
        bridge-ports enp5s0
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 2-4094

iface wlp6s0 inet manual

auto vmbr1
iface vmbr1 inet manual
        bridge-ports none
        bridge-stp off
        bridge-fd 0
        bridge-vlan-aware yes
        bridge-vids 2-4094

source /etc/network/interfaces.d/*

cat /etc/network/interfaces.d/sdn

Code:

#version:8

auto net10
iface net10
        address 192.168.10.1/24
        post-up iptables -t nat -A POSTROUTING -s '192.168.10.0/24' -o vmbr0 -j SNAT --to-source 10.0.38.10
        post-down iptables -t nat -D POSTROUTING -s '192.168.10.0/24' -o vmbr0 -j SNAT --to-source 10.0.38.10
        post-up iptables -t raw -I PREROUTING -i fwbr+ -j CT --zone 1
        post-down iptables -t raw -D PREROUTING -i fwbr+ -j CT --zone 1
        bridge_ports none
        bridge_stp off
        bridge_fd 0
        ip-forward on

ip a

Code:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host noprefixroute
       valid_lft forever preferred_lft forever
2: enp5s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr0 state UP group default qlen 1000
    link/ether 74:56:3c:bb:91:e8 brd ff:ff:ff:ff:ff:ff
3: wlp6s0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether bc:c7:46:a0:2d:0b brd ff:ff:ff:ff:ff:ff
4: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 74:56:3c:bb:91:e8 brd ff:ff:ff:ff:ff:ff
    inet 10.0.38.10/24 scope global vmbr0
       valid_lft forever preferred_lft forever
    inet6 fe80::7656:3cff:febb:91e8/64 scope link
       valid_lft forever preferred_lft forever
5: vmbr1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
    link/ether a2:5a:0d:59:e6:bb brd ff:ff:ff:ff:ff:ff
    inet6 fe80::a05a:dff:fe59:e6bb/64 scope link
       valid_lft forever preferred_lft forever
6: net10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 36:6c:16:32:cc:2f brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.1/24 scope global net10
       valid_lft forever preferred_lft forever
    inet6 fe80::5875:5cff:feee:a038/64 scope link
       valid_lft forever preferred_lft forever
7: tap100i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master fwbr100i0 state UNKNOWN group default qlen 1000
    link/ether d2:e1:34:96:3b:42 brd ff:ff:ff:ff:ff:ff
8: fwbr100i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 0e:a0:d3:07:6b:05 brd ff:ff:ff:ff:ff:ff
9: fwpr100p0@fwln100i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP group default qlen 1000
    link/ether 8e:e4:1b:e0:98:81 brd ff:ff:ff:ff:ff:ff
10: fwln100i0@fwpr100p0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr100i0 state UP group default qlen 1000
    link/ether 0e:a0:d3:07:6b:05 brd ff:ff:ff:ff:ff:ff
11: tap100i1: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master net10 state UNKNOWN group default qlen 1000
    link/ether 36:6c:16:32:cc:2f brd ff:ff:ff:ff:ff:ff
14: tap150i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master fwbr150i0 state UNKNOWN group default qlen 1000
    link/ether ba:46:7e:dd:5f:7b brd ff:ff:ff:ff:ff:ff
15: fwbr150i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 66:a4:33:a2:c2:9a brd ff:ff:ff:ff:ff:ff
16: fwpr150p0@fwln150i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP group default qlen 1000
    link/ether 8e:5e:8a:ce:38:d4 brd ff:ff:ff:ff:ff:ff
17: fwln150i0@fwpr150p0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr150i0 state UP group default qlen 1000
    link/ether 66:a4:33:a2:c2:9a brd ff:ff:ff:ff:ff:ff
18: tap402i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master net10 state UNKNOWN group default qlen 1000
    link/ether 06:20:d3:fd:1e:90 brd ff:ff:ff:ff:ff:ff
19: tap401i0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master net10 state UNKNOWN group default qlen 1000
    link/ether 62:aa:5a:38:5d:dd brd ff:ff:ff:ff:ff:ff
20: veth999i0@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master net10 state UP group default qlen 1000
    link/ether fe:55:91:ed:b5:f4 brd ff:ff:ff:ff:ff:ff link-netnsid 0
21: veth999i1@if3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP group default qlen 1000
    link/ether fe:d8:6d:45:2b:7c brd ff:ff:ff:ff:ff:ff link-netnsid 0

qm config will not work - the tailscale vm is a lxc. Here is the config file

Code:

GNU nano 7.2                                                                                                                                            /etc/pve/lxc/999.conf                                                                                                                                                    
arch: amd64
cores: 1
features: nesting=1
hostname: tailscale
memory: 512
nameserver: 1.0.0.1 1.1.1.1
net0: name=eth0,bridge=net10,gw=192.168.10.1,hwaddr=BC:24:11:50:AB:7B,ip=192.168.10.2/24,mtu=1500,type=veth
net1: name=eth1,bridge=vmbr0,gw=10.0.38.1,hwaddr=BC:24:11:08:92:FC,ip=10.0.38.253/24,mtu=1500,type=veth
onboot: 1
ostype: ubuntu
rootfs: FastVM:subvol-999-disk-0,size=8G
startup: order=1
swap: 512
unprivileged: 1
lxc.cgroup2.devices.allow: c 10:200 rwm
lxc.mount.entry: /dev/net/tun dev/net/tun none bind,create=file

But the tailscale vm should not be the issue. It is not the GW of the other vm, those have the 192.168.10.1 as GW, tailscale is 192.168.10.2. For the routing to my tailscale networks I use manual routes.

Code:

local network
route add -net 10.0.38.0 netmask 255.255.255.0 gw 192.168.10.1 dev eth0
online vps network
route add -net 10.0.0.0 netmask 255.255.0.0 gw 192.168.10.2 dev eth0
home network
route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.10.2 dev eth0

here is the qm config of my swarm master

Code:

agent: 1
balloon: 8192
bios: ovmf
boot: order=scsi0
cipassword: **********
ciuser: root
cores: 4
description: <div align='center'>%0A  <a href='https://Helper-Scripts.com' target='_blank' rel='noopener noreferrer'>%0A    <img src='https://raw.githubusercontent.com/community-scripts/ProxmoxVE/main/misc/images/logo-81x112.png' alt='Logo' style='width%3A81px;height%3A112px;'/>%0A  </a>%0A%0A  <h2 style='font-size%3A 24px; margin%3A 20px 0;'>Debian VM</h2>%0A%0A  <p style='margin%3A 16px 0;'>%0A    <a href='https://ko-fi.com/community_scripts' target='_blank' rel='noopener noreferrer'>%0A      <img src='https://img.shields.io/badge/&#x2615;-Buy us a coffee-blue' alt='spend Coffee' />%0A    </a>%0A  </p>%0A  %0A  <span style='margin%3A 0 10px;'>%0A    <i class="fa fa-github fa-fw" style="color%3A #f5f5f5;"></i>%0A    <a href='https://github.com/community-scripts/ProxmoxVE' target='_blank' rel='noopener noreferrer' style='text-decoration%3A none; color%3A #00617f;'>GitHub</a>%0A  </span>%0A  <span style='margin%3A 0 10px;'>%0A    <i class="fa fa-comments fa-fw" style="color%3A #f5f5f5;"></i>%0A    <a href='https://github.com/community-scripts/ProxmoxVE/discussions' target='_blank' rel='noopener noreferrer' style='text-decoration%3A none; color%3A #00617f;'>Discussions</a>%0A  </span>%0A  <span style='margin%3A 0 10px;'>%0A    <i class="fa fa-exclamation-circle fa-fw" style="color%3A #f5f5f5;"></i>%0A    <a href='https://github.com/community-scripts/ProxmoxVE/issues' target='_blank' rel='noopener noreferrer' style='text-decoration%3A none; color%3A #00617f;'>Issues</a>%0A  </span>%0A</div>
efidisk0: FastVM:vm-401-disk-0,efitype=4m,size=4M
ipconfig0: ip=192.168.10.201/24,gw=192.168.10.1
localtime: 1
memory: 16384
meta: creation-qemu=9.2.0,ctime=1757168051
name: manager-01
nameserver: 1.1.1.1
net0: virtio=02:23:21:2C:69:74,bridge=net10
ostype: l26
scsi0: FastVM:vm-401-disk-1,discard=on,size=150G,ssd=1
scsi1: FastVM:vm-401-cloudinit,media=cdrom
scsihw: virtio-scsi-pci
searchdomain: 1.0.0.1
serial0: socket
smbios1: uuid=SomeUUID
sshkeys: SomeSSHKey
startup: order=4
tablet: 0
tags: community-script
vmgenid: AnotherGUID

Search

Search

Internal SDN network cannot reach local network

SepiDre

New Member

SepiDre

New Member

ggoller

Proxmox Staff Member

SepiDre

New Member

We value your privacy