Is there any restriction on running VM NICs in promiscuous mode?

S

starkruzr

Well-Known Member
Aug 28, 2014
167
7
58
Washington, District of Columbia, United States
I've tried to set up VPN servers on my Proxmox VE server, first OpenVPN and now SoftEther, with no luck, and noted in the SoftEther installation instructions that some virtualization environments (with no specificity as to which, sadly) need some kind of explicit instructions in order to get their VMs to allow their NICs to run in promiscuous mode. The VM I'm using is using a VirtIO NIC. Is this sufficient?

Thanks!
 
There is nothing needed to set them to promiscuous mode. They do that by default. You can see this yourself in the syslog when starting/stopping a VM.

I have succesfully run routers, firewalls, vpn servers, web filters, etc in KVM just fine. Where are you having trouble with OpenVPN? It is really a straight forward configuration.
 
It doesn't seem to be straightforward at all. I've followed the directions both for OpenVPN and SoftEther, which I thought were simple enough, but neither one works -- SoftEther simply won't connect at all through the port forwards in my firewall and OpenVPN connects but appears to have all kinds of problems allowing clients to route Internet-destined packets through it every time I set it up.
 
Nemesiz said:
Can you describe what you want to achieve?
Click to expand...
This part is easy :)

I have a simple, 1-subnet network at home on a broadband internet connection, with PVE running inside the firewall. I want to stand up a VPN server inside the firewall, behind NAT, which bridges clients onto the LAN. On the client side, when a client connects to the VPN, it should receive an IP address from the DHCP server already running on the LAN, and all of its traffic should be sent through the VPN connection and back out through the internet connection via my home LAN.

This has thus far been impossible to achieve with either SoftEther or OpenVPN. SoftEther refuses to allow any hosts to connect, and OpenVPN's Mac client (at the very least) seems to ignore the directive to redirect its gateway through the VPN.
 
starkruzr said:
This part is easy :)

I have a simple, 1-subnet network at home on a broadband internet connection, with PVE running inside the firewall. I want to stand up a VPN server inside the firewall, behind NAT, which bridges clients onto the LAN. On the client side, when a client connects to the VPN, it should receive an IP address from the DHCP server already running on the LAN, and all of its traffic should be sent through the VPN connection and back out through the internet connection via my home LAN.

This has thus far been impossible to achieve with either SoftEther or OpenVPN. SoftEther refuses to allow any hosts to connect, and OpenVPN's Mac client (at the very least) seems to ignore the directive to redirect its gateway through the VPN.
Click to expand...
that's not how OpenVPN works. ;) you need a separate subnet for OpenVPN and routes between the networks.
 
starkruzr said:
This has thus far been impossible to achieve with either SoftEther or OpenVPN. SoftEther refuses to allow any hosts to connect, and OpenVPN's Mac client (at the very least) seems to ignore the directive to redirect its gateway through the VPN.
Click to expand...

What software do you use for clients?
 
L2TP use UDP 500 and UDP 1701 and protocol 50.

As of Mac SoftEther client don`t work as gateway. Try to set SE server as OpenVPN server and try to connect with Tunnelblick.
 
starkruzr said:
I've tried to set up VPN servers on my Proxmox VE server, first OpenVPN and now SoftEther, with no luck, and noted in the SoftEther installation instructions that some virtualization environments (with no specificity as to which, sadly) need some kind of explicit instructions in order to get their VMs to allow their NICs to run in promiscuous mode. The VM I'm using is using a VirtIO NIC. Is this sufficient?

Thanks!
Click to expand...
I have a similar issue with you.

I have installed in a ubuntu 24.04 softether vpn server and configured it via soft ether server manager from a win machine. While I have a successful connection with clients, speeds are another story, I also have a softether VPN server on an old dell optiplex machine (so physical one), and clients have decent speeds.

client speed results:
54 Mbit Down / 7.2 Mbit Up 61ms with softether installed directly on a physical machine running windows.
1.6 Mbit Down / 7.7 Mbit Up 76ms with softether installed on linux as VM on Proxmox.


PS There ware 2 options to set to speed up tcp connections but didnt help.
Edit file (inside the vm not the host) /etc/sysctl.conf and set
net.core.default_qdisc=fq
net.ipv4.tcp_congestion_control=bbr
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back