IP access broken after installing a vpn

J

jiru

New Member
Sep 16, 2023
5
0
1
My current vpn is Tailscale/Wireguard. I installed it directly on the proxmox host and have successfully used this config for a few months. I also had a second proxmox host that i joined and made a cluster. The second host also had tailscale on it, but host communications for the cluster still only worked on the interface ip, which was fine, since i did not plan on separating the two hosts.

Now, all of a sudden, proxmox access is no longer available over the local ip. It is only available over the tailscale network. Also, the cluster comms are broken, so quorum is not available. I cannot web/ssh to either machine at their local ip addresses.

What would cause this change? Proxmox 7.4-3. Single NIC, management and vms share the same vmbr0.
 
edoardofranciosi said:
try refreshing the api token for users… after 5 month or whatever u set the user can’t access ;)
pls give me a respond if it’s work or we can try different things
Click to expand...
Web and ssh doesn't work. UI won't even load, so it's not a user permissions thing.

I ssh'd into the machine and got ip address info:

Code: 
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master vmbr0 state UP group default qlen 1000
    link/ether dc:4a:3e:7d:4d:9e brd ff:ff:ff:ff:ff:ff
    altname enp0s31f6
4: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether dc:4a:3e:7d:4d:9e brd ff:ff:ff:ff:ff:ff
    inet 192.168.2.10/24 scope global vmbr0
       valid_lft forever preferred_lft forever
    inet6 fe80::de4a:3eff:fe7d:4d9e/64 scope link
       valid_lft forever preferred_lft forever
5: tailscale0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1280 qdisc pfifo_fast state UNKNOWN group default qlen 500
    link/none
    inet 100.121.138.132/32 scope global tailscale0
       valid_lft forever preferred_lft forever
    inet6 fd7a:115c:a1e0:ab12:4843:cd96:6279:8a84/128 scope global
       valid_lft forever preferred_lft forever
    inet6 fe80::f5a3:42dd:4d50:f519/64 scope link stable-privacy
       valid_lft forever preferred_lft forever
26: veth101i0@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr101i0 state UP group default qlen 1000
    link/ether fe:23:de:e9:99:d6 brd ff:ff:ff:ff:ff:ff link-netnsid 0
27: fwbr101i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether fe:47:61:d5:6b:2b brd ff:ff:ff:ff:ff:ff
28: fwpr101p0@fwln101i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP group default qlen 1000
    link/ether b6:1b:0a:1c:13:3b brd ff:ff:ff:ff:ff:ff
29: fwln101i0@fwpr101p0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr101i0 state UP group default qlen 1000
    link/ether 32:93:55:56:80:3a brd ff:ff:ff:ff:ff:ff
34: veth103i0@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr103i0 state UP group default qlen 1000
    link/ether fe:0b:4e:e3:7c:e7 brd ff:ff:ff:ff:ff:ff link-netnsid 1
35: fwbr103i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether f6:89:42:4e:af:64 brd ff:ff:ff:ff:ff:ff
36: fwpr103p0@fwln103i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP group default qlen 1000
    link/ether ea:fe:86:19:15:4a brd ff:ff:ff:ff:ff:ff
37: fwln103i0@fwpr103p0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr103i0 state UP group default qlen 1000
    link/ether 52:e7:6c:75:b2:a1 brd ff:ff:ff:ff:ff:ff
82: veth106i0@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr106i0 state UP group default qlen 1000
    link/ether fe:d4:9c:1b:9a:c0 brd ff:ff:ff:ff:ff:ff link-netnsid 3
83: fwbr106i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether ee:fe:ca:03:e7:84 brd ff:ff:ff:ff:ff:ff
84: fwpr106p0@fwln106i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP group default qlen 1000
    link/ether ae:e2:a1:80:81:da brd ff:ff:ff:ff:ff:ff
85: fwln106i0@fwpr106p0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr106i0 state UP group default qlen 1000
    link/ether aa:69:e0:27:d4:02 brd ff:ff:ff:ff:ff:ff
94: veth107i0@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr107i0 state UP group default qlen 1000
    link/ether fe:30:d8:63:5f:11 brd ff:ff:ff:ff:ff:ff link-netnsid 4
95: fwbr107i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 9a:ba:7f:b8:ce:11 brd ff:ff:ff:ff:ff:ff
96: fwpr107p0@fwln107i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP group default qlen 1000
    link/ether 4e:13:74:a2:f1:74 brd ff:ff:ff:ff:ff:ff
97: fwln107i0@fwpr107p0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr107i0 state UP group default qlen 1000
    link/ether 8e:df:99:d8:56:44 brd ff:ff:ff:ff:ff:ff
102: veth105i0@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr105i0 state UP group default qlen 1000
    link/ether fe:8e:39:f3:8d:f5 brd ff:ff:ff:ff:ff:ff link-netnsid 2
103: fwbr105i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 42:60:0d:be:d5:08 brd ff:ff:ff:ff:ff:ff
104: fwpr105p0@fwln105i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP group default qlen 1000
    link/ether a2:d4:21:01:6f:f2 brd ff:ff:ff:ff:ff:ff
105: fwln105i0@fwpr105p0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr105i0 state UP group default qlen 1000
    link/ether 3a:63:49:e4:a9:71 brd ff:ff:ff:ff:ff:ff
110: veth104i0@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr104i0 state UP group default qlen 1000
    link/ether fe:a1:3d:d9:22:59 brd ff:ff:ff:ff:ff:ff link-netnsid 5
111: fwbr104i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 66:52:dd:91:6e:8c brd ff:ff:ff:ff:ff:ff
112: fwpr104p0@fwln104i0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master vmbr0 state UP group default qlen 1000
    link/ether 9e:8d:b1:d0:1d:02 brd ff:ff:ff:ff:ff:ff
113: fwln104i0@fwpr104p0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master fwbr104i0 state UP group default qlen 1000
    link/ether e2:74:eb:4d:37:8f brd ff:ff:ff:ff:ff:ff
 
Last edited:
check on the tailscale administration page, under machines you should see "pve" or your proxmox server name with a green light under "last seen" it's on the right. If the node is connected u can click on 3 dots, hit the disable key expire of the pve and try to check if it works
After that u can restart tailscale on pve...
Code: 
systemctl restart tailscale

btw can u confirm in local network the proxmox gui and all sys service works fine ?
 
No, that's what im saying it's only connected via TS. I can ssh to it over TS.
proxmox access is no longer available over the local ip. It is only available over the tailscale network.
Click to expand...
 
sorry my mistake :)

have you already tried
Code: 
systemctl restart
networking?

in case you feel like it, try changing the default port of proxmox with
Code: 
nano /etc/pve/local/pveproxy.cfg
and under port try to put
Code: 
port: 8443
Code: 
systemctl restart pveproxy
and try to access proxmox with the new port
 
I restarted both services and nothing changed. That config file doesn't exist, btw. And it doesn't really get into the issue, which is why it all of a sudden stopped working. And on both hosts. I can log into it via my tailscale ip/dns with nginx installed on the host doing a reverse proxy to https://localhost:8006, but i cannot log into via it's own ip address:8006.

Furthermore, if i ssh to it via the tailscale ip and forward my local port 8006 over the tunnel, i can log into the web ui with localhost:8006 on my local machine.

And even more, if i disconnect tailscale, i can once again reach proxmox at local_ip:8006.
 
Last edited:
Ok, so i think i figured it out: I have a tailscale node advertising a subnet. The same subnet where proxmox is hosted. So I need to not accept routes for the time being until i can work with tailscale to accept routes but ignore routes for the subnet in which the host lives.
 
yay, I've done some test and it happens when there is a bad configuration of the subnets... but I can't understand... because in my configuration I'm using the right ip's... pls give me more time to test and figuring out what's going on :)
 
  • Like
Reactions: Sinistercalling718
edoardofranciosi said:
yay, I've done some test and it happens when there is a bad configuration of the subnets... but I can't understand... because in my configuration I'm using the right ip's... pls give me more time to test and figuring out what's going on :)
Click to expand...
Did you ever figure this out, I'm having this issue right now
 
You must log in or register to reply here.
Top Bottom