IP access broken after installing a vpn

J

jiru

New Member
Sep 16, 2023
5
0
1
My current vpn is Tailscale/Wireguard. I installed it directly on the proxmox host and have successfully used this config for a few months. I also had a second proxmox host that i joined and made a cluster. The second host also had tailscale on it, but host communications for the cluster still only worked on the interface ip, which was fine, since i did not plan on separating the two hosts.

Now, all of a sudden, proxmox access is no longer available over the local ip. It is only available over the tailscale network. Also, the cluster comms are broken, so quorum is not available. I cannot web/ssh to either machine at their local ip addresses.

What would cause this change? Proxmox 7.4-3. Single NIC, management and vms share the same vmbr0.
 
try refreshing the api token for users… after 5 month or whatever u set the user can’t access ;)
pls give me a respond if it’s work or we can try different things
 
edoardofranciosi said:
try refreshing the api token for users… after 5 month or whatever u set the user can’t access ;)
pls give me a respond if it’s work or we can try different things
Click to expand...
Web and ssh doesn't work. UI won't even load, so it's not a user permissions thing.

I ssh'd into the machine and got ip address info:

Code: 
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr0 state UP group default qlen 1000
    link/ether dc:4a:3e:7d:4d:9e brd ff:ff:ff:ff:ff:ff
    altname enp0s31f6
4: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether dc:4a:3e:7d:4d:9e brd ff:ff:ff:ff:ff:ff
    inet 192.168.2.10/24 scope global vmbr0
       valid_lft forever preferred_lft forever
    inet6 fe80::de4a:3eff:fe7d:4d9e/64 scope link
       valid_lft forever preferred_lft forever
5: tailscale0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1280 qdisc pfifo_fast state UNKNOWN group default qlen 500
    link/none
    inet 100.121.138.132/32 scope global tailscale0
       valid_lft forever preferred_lft forever
    inet6 fd7a:115c:a1e0:ab12:4843:cd96:6279:8a84/128 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::f5a3:42dd:4d50:f519/64 scope link stable-privacy
       valid_lft forever preferred_lft forever
26: veth101i0@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr101i0 state UP group default qlen 1000
    link/ether fe:23:de:e9:99:d6 brd ff:ff:ff:ff:ff:ff link-netnsid 0
27: fwbr101i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether fe:47:61:d5:6b:2b brd ff:ff:ff:ff:ff:ff
28: fwpr101p0@fwln101i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP group default qlen 1000
    link/ether b6:1b:0a:1c:13:3b brd ff:ff:ff:ff:ff:ff
29: fwln101i0@fwpr101p0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr101i0 state UP group default qlen 1000
    link/ether 32:93:55:56:80:3a brd ff:ff:ff:ff:ff:ff
34: veth103i0@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr103i0 state UP group default qlen 1000
    link/ether fe:0b:4e:e3:7c:e7 brd ff:ff:ff:ff:ff:ff link-netnsid 1
35: fwbr103i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether f6:89:42:4e:af:64 brd ff:ff:ff:ff:ff:ff
36: fwpr103p0@fwln103i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP group default qlen 1000
    link/ether ea:fe:86:19:15:4a brd ff:ff:ff:ff:ff:ff
37: fwln103i0@fwpr103p0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr103i0 state UP group default qlen 1000
    link/ether 52:e7:6c:75:b2:a1 brd ff:ff:ff:ff:ff:ff
82: veth106i0@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr106i0 state UP group default qlen 1000
    link/ether fe:d4:9c:1b:9a:c0 brd ff:ff:ff:ff:ff:ff link-netnsid 3
83: fwbr106i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether ee:fe:ca:03:e7:84 brd ff:ff:ff:ff:ff:ff
84: fwpr106p0@fwln106i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP group default qlen 1000
    link/ether ae:e2:a1:80:81:da brd ff:ff:ff:ff:ff:ff
85: fwln106i0@fwpr106p0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr106i0 state UP group default qlen 1000
    link/ether aa:69:e0:27:d4:02 brd ff:ff:ff:ff:ff:ff
94: veth107i0@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr107i0 state UP group default qlen 1000
    link/ether fe:30:d8:63:5f:11 brd ff:ff:ff:ff:ff:ff link-netnsid 4
95: fwbr107i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 9a:ba:7f:b8:ce:11 brd ff:ff:ff:ff:ff:ff
96: fwpr107p0@fwln107i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP group default qlen 1000
    link/ether 4e:13:74:a2:f1:74 brd ff:ff:ff:ff:ff:ff
97: fwln107i0@fwpr107p0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr107i0 state UP group default qlen 1000
    link/ether 8e:df:99:d8:56:44 brd ff:ff:ff:ff:ff:ff
102: veth105i0@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr105i0 state UP group default qlen 1000
    link/ether fe:8e:39:f3:8d:f5 brd ff:ff:ff:ff:ff:ff link-netnsid 2
103: fwbr105i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 42:60:0d:be:d5:08 brd ff:ff:ff:ff:ff:ff
104: fwpr105p0@fwln105i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP group default qlen 1000
    link/ether a2:d4:21:01:6f:f2 brd ff:ff:ff:ff:ff:ff
105: fwln105i0@fwpr105p0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr105i0 state UP group default qlen 1000
    link/ether 3a:63:49:e4:a9:71 brd ff:ff:ff:ff:ff:ff
110: veth104i0@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr104i0 state UP group default qlen 1000
    link/ether fe:a1:3d:d9:22:59 brd ff:ff:ff:ff:ff:ff link-netnsid 5
111: fwbr104i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 66:52:dd:91:6e:8c brd ff:ff:ff:ff:ff:ff
112: fwpr104p0@fwln104i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP group default qlen 1000
    link/ether 9e:8d:b1:d0:1d:02 brd ff:ff:ff:ff:ff:ff
113: fwln104i0@fwpr104p0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr104i0 state UP group default qlen 1000
    link/ether e2:74:eb:4d:37:8f brd ff:ff:ff:ff:ff:ff
 
Last edited:
check on the tailscale administration page, under machines you should see "pve" or your proxmox server name with a green light under "last seen" it's on the right. If the node is connected u can click on 3 dots, hit the disable key expire of the pve and try to check if it works
After that u can restart tailscale on pve...
Code: 
systemctl restart tailscale

btw can u confirm in local network the proxmox gui and all sys service works fine ?
 
No, that's what im saying it's only connected via TS. I can ssh to it over TS.
proxmox access is no longer available over the local ip. It is only available over the tailscale network.
Click to expand...
 
sorry my mistake :)

have you already tried
Code: 
systemctl restart
networking?

in case you feel like it, try changing the default port of proxmox with
Code: 
nano /etc/pve/local/pveproxy.cfg
and under port try to put
Code: 
port: 8443
Code: 
systemctl restart pveproxy
and try to access proxmox with the new port
 
I restarted both services and nothing changed. That config file doesn't exist, btw. And it doesn't really get into the issue, which is why it all of a sudden stopped working. And on both hosts. I can log into it via my tailscale ip/dns with nginx installed on the host doing a reverse proxy to https://localhost:8006, but i cannot log into via it's own ip address:8006.

Furthermore, if i ssh to it via the tailscale ip and forward my local port 8006 over the tunnel, i can log into the web ui with localhost:8006 on my local machine.

And even more, if i disconnect tailscale, i can once again reach proxmox at local_ip:8006.
 
Last edited:
Ok, so i think i figured it out: I have a tailscale node advertising a subnet. The same subnet where proxmox is hosted. So I need to not accept routes for the time being until i can work with tailscale to accept routes but ignore routes for the subnet in which the host lives.
 
yay, I've done some test and it happens when there is a bad configuration of the subnets... but I can't understand... because in my configuration I'm using the right ip's... pls give me more time to test and figuring out what's going on :)
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom