OpenVPN in lxc, got connection but not internet access

P

Priuxls

New Member
Jan 21, 2022
4
0
1
23
Hey friendly folks,

I did set up OpenVPN in a lxe container (ubuntu 21.10 template), so far everything is good: i followed the "OpenVPN in lxc" tutorial, did some port forwarding created a profile and connected everything worked out flawless, besides having only access to local servers such as home assistant and pihole (hassio running on a separated pc, pihole in pve).

I already checked the gateway, but it seems to be okay (255.255.255.0)

Anyone got an idea what the issue could be??

Best regards,
Roman
 
hi,

Priuxls said:
I already checked the gateway, but it seems to be okay (255.255.255.0)
Click to expand...
that's your gateway? i don't think that will work... :) (that's your subnet CIDR range, not the gateway)

Priuxls said:
Anyone got an idea what the issue could be??
Click to expand...
no clue, but it sounds like you misconfigured something, please post:
* network config /etc/network/interfaces from PVE host
* container configuration pct config CTID (change CTID for your container)

* can your other guests access the local network and the internet normally? (f.e. the pihole)
* is your PVE on bare metal hardware (e.g. not virtualized)
 
Thanks for your reply,
I think I did get the gateway mixed up here.
*my network config
Code: 
auto lo
iface lo inet loopback

iface enp0s25 inet manual

auto vmbr0
iface vmbr0 inet static
        address 192.168.178.152/24
        gateway 192.168.178.1
        bridge-ports enp0s25
        bridge-stp off
        bridge-fd 0

*config for container openvpn (102)
Code: 
arch: amd64
cores: 2
features: nesting=1
hostname: OpenVPN
memory: 512
net0: name=eth0,bridge=vmbr0,firewall=1,hwaddr=A2:B3:E9:E2:55:30,ip=dhcp,ip6=dhcp,type=veth
ostype: ubuntu
rootfs: local-lvm:vm-102-disk-0,size=10G
swap: 512
unprivileged: 1
lxc.cgroup2.devices.allow: c 10:200 rwm
lxc.mount.entry: /dev/net dev/net none bind,create=dir

Regarding the pihole, users using pihole are able to access both local network and the internet
Code: 
arch: amd64
cores: 1
features: nesting=1
hostname: pPihole
memory: 1024
net0: name=eth0,bridge=vmbr0,firewall=1,hwaddr=1E:B2:DD:85:53:75,ip=dhcp,ip6=dhcp,type=veth
onboot: 1
ostype: ubuntu
rootfs: local-lvm:vm-101-disk-0,size=12G
swap: 1024
unprivileged: 1
root@prox:~#
proxmox is running on bare metal

Kind regards,
Roman
 
thanks for the outputs :) network configs look fine to me, but maybe you'll need to use a static address for your VPN container.

what do you see if you run ip a && ip r inside the openvpn container? does it get an IP address from the same range?

also is the pihole used for the DNS on the VPN? if yes can you check if it's working properly on the VPN, e.g. if you can resolve addresses or not.

and if you're on the VPN with a client, can you reach the internet? try pinging 1.1.1.1 and so on
 
Hello,
I did run ip a && ip r and did get this response
Code: 
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0@if12: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether a2:b3:e9:e2:55:30 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 192.168.178.131/24 brd 192.168.178.255 scope global dynamic eth0
       valid_lft 863930sec preferred_lft 863930sec
    inet6 fe80::a0b3:e9ff:fee2:5530/64 scope link
       valid_lft forever preferred_lft forever
3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 500
    link/none
    inet 10.8.0.1/24 scope global tun0
       valid_lft forever preferred_lft forever
    inet6 fe80::a64e:a9e1:a4de:6934/64 scope link stable-privacy
       valid_lft forever preferred_lft forever
default via 192.168.178.1 dev eth0 proto dhcp src 192.168.178.131 metric 1024
10.8.0.0/24 dev tun0 proto kernel scope link src 10.8.0.1
192.168.178.0/24 dev eth0 proto kernel scope link src 192.168.178.131
192.168.178.1 dev eth0 proto dhcp scope link src 192.168.178.131 metric 1024
also I tried to ping 1.1.1.1 and 8.8.8.8 and both of them were responding, but as soon as I tried to ping like google.com the request timed out.
Code: 
C:\Users\roman>ping 1.1.1.1

Ping wird ausgeführt für 1.1.1.1 mit 32 Bytes Daten:
Antwort von 1.1.1.1: Bytes=32 Zeit=5ms TTL=58
Antwort von 1.1.1.1: Bytes=32 Zeit=4ms TTL=58
Antwort von 1.1.1.1: Bytes=32 Zeit=4ms TTL=58
Antwort von 1.1.1.1: Bytes=32 Zeit=4ms TTL=58

Ping-Statistik für 1.1.1.1:
    Pakete: Gesendet = 4, Empfangen = 4, Verloren = 0
    (0% Verlust),
Ca. Zeitangaben in Millisek.:
    Minimum = 4ms, Maximum = 5ms, Mittelwert = 4ms

C:\Users\roman>ping google.com
Ping-Anforderung konnte Host "google.com" nicht finden. Überprüfen Sie den Namen, und versuchen Sie es erneut.

C:\Users\roman>
 
Priuxls said:
but as soon as I tried to ping like google.com the request timed out.
Click to expand...
then i guess your DNS is causing the issue (since IP traffic seems to work fine), and maybe changing the /etc/resolv.conf to another nameserver can help :)
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back