[SOLVED] No access to Proxmox webui from VPN tunnel

[jwalley]

I've seen this posted a million times and I've been pulling my hair out for two days not and I'm sure it something simple. Here is my set up:
1. I'm on Proxmox 8.2.4 with a community license.
2. I'm hosting on OVH
3. I'm running a pfsense client and followed the instructions from both Proxmox and OVH
4. I set up a jumpbox (ubuntu) on my LAN (10.3.40.100 via dhcp)

The good:
I can successfully VPN into my LAN from the internet.
I can ping all my virtual machines on that LAN from my external laptop over vpn
if I log into my jumpbox I browse the internet
from the jump box i can access the Promox webgui (10.3.40.254)
from the jumphost I can ping ALL assets, gateways and Internet

The bad
from pfsense in Diagnostics / Ping succeeds if i select the LAN interface to 10.3.40.254 (webui)
from pfsense in Diagnostics / Ping fails if i select the OPENVPN interface to 10.3.40.254 (webui)
from pfsense in Diagnostics / Ping successed if i select the OPENVPN interface to 10.3.40.100 (jumpbox)
from my laptop VPN'd with a VPN address of 172.30.1.2 ping fails to 10.3.40.254(webui)
from my laptop VPN'd with a VPN address of 172.30.1.2 ping succeeds to 10.3.40.100 (jumpbox)

Everyone seems to think it s routing issue in pfsense but i cant see it.
if I run a netstat -rWn from pfsense I get the following:
Routing tables

Internet:
Destination Gateway Flags Nhop# Mtu Netif Expire
default xxx.xxx.xxx.254 UGS 8 1500 vtnet0
10.3.40.0/24 link#2 U 3 1500 vtnet1
10.3.40.1 link#4 UHS 4 16384 lo0
127.0.0.1 link#4 UH 2 16384 lo0
172.30.1.0/24 link#7 U 5 1500 ovpns1
172.30.1.1 link#4 UHS 6 16384 lo0
xxx.xxx.xxx.xxx link#4 UH 1 16384 lo0
xxx.xxx.xxx..254 link#1 UHS 7 1500 vtnet0

 

[jwalley]

Figured I would add the /etc/network/interfaces as well. Dunno if it will help

============================

auto lo
iface lo inet loopback

iface eno1np0 inet manual

iface enp3s0f1np1 inet manual

iface enx96b0ff949703 inet manual

auto vmbr0
iface vmbr0 inet static
address xxx.xxx.xxx.xxx/24
gateway xxx.xxx.xxx.254
bridge-ports eno1np0
bridge-stp off
bridge-fd 0
hwaddress D0:50:99:FD:88:81

auto vmbr1
iface vmbr1 inet static
address 10.3.40.254/24
bridge-ports enp3s0f1np1
bridge-stp off
bridge-fd 0

 

[jwalley]

okay i found the issue. I hope this helps someone else. Proxmox had no route to my vpn tunnel so it couldn't return the traffic. I did a tcpdump and could see the traffic coming in but it wasn't returning. I created a route by using

ip route add 172.30.1.0/24 via 10.3.40.1

and tada it worked. to make this a permanent route I updated the /etc/network/interfaces adding the following:

auto lo
iface lo inet loopback

iface eno1np0 inet manual

iface enp3s0f1np1 inet manual

iface enx96b0ff949703 inet manual

auto vmbr0
iface vmbr0 inet static
        address xxx.xxx.xxx.xxx/24
        gateway xxx.xxx.xxx.254
        bridge-ports eno1np0
        bridge-stp off
        bridge-fd 0
        hwaddress D0:50:99:FD:88:81

auto vmbr1
iface vmbr1 inet static
        address 10.3.40.254/24
        bridge-ports enp3s0f1np1
        bridge-stp off
        bridge-fd 0
        post-up ip route add 172.30.1.0/24 via 10.3.40.1 dev vmbr1