C
crinitic
Guest
Hi all,
I installed for the first time a proxmox server and I am learning to work with it. One of the VM I created is hosting a OpenVPN community server. The servers works almost perfectly, except that the clients are always disconnected after approx 16 minutes.
I got a lot of support from the OpenVPN community, and we narrowed the problem down to the VM, and they advised me to continue asking here because they are not able to identify the cause of the issue further.
It seems to be mainly a firewall issue, since when I log the dropped packets in the VM, I get a lot of:
Dec 18 02:17:55 vpn kernel: [852189.017793] iptables denied: IN=eth0 OUT= MAC=7e:44:56:0a:26:b2:7e:3b:16:c5:1c:7b:08:00 SRC=CLIENT_PUB_IP DST=10.99.0.11 LEN=113 TOS=0x00 PREC =0x00 TTL=116 ID=30248 PROTO=UDP SPT=50686 DPT=1194 LEN=93
Here is my network config on the host:
auto vmbr2
iface vmbr2 inet static
address 10.99.0.254
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '10.99.0.0/24' -o vmbr0 -j MASQUERADE # define out rule
post-down iptables -t nat -D POSTROUTING -s '10.99.0.0/24' -o vmbr0 -j MASQUERADE # kill out rule
post-up iptables -t nat -A PREROUTING -i vmbr0 -p udp --dport 1194 -j DNAT --to 10.99.0.11:1194
post-down iptables -t nat -D PREROUTING -i vmbr0 -p udp --dport 1194 -j DNAT --to 10.99.0.11:1194
and those are on the VM:
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t filter -A INPUT -p udp --dport 1194 -j ACCEPT
iptables -t nat -I POSTROUTING -o eth0 -j SNAT --to 10.99.0.11
iptables -I INPUT -i tun+ -j ACCEPT
iptables -I FORWARD -i tun+ -j ACCEPT
iptables -I OUTPUT -o tun+ -j ACCEPT
iptables -I FORWARD -o tun+ -j ACCEPT
iptables -t nat -I POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
Any idea why I am getting a lot of packets dropped by the firewall ?
Thank you a lot for your help
I installed for the first time a proxmox server and I am learning to work with it. One of the VM I created is hosting a OpenVPN community server. The servers works almost perfectly, except that the clients are always disconnected after approx 16 minutes.
I got a lot of support from the OpenVPN community, and we narrowed the problem down to the VM, and they advised me to continue asking here because they are not able to identify the cause of the issue further.
It seems to be mainly a firewall issue, since when I log the dropped packets in the VM, I get a lot of:
Dec 18 02:17:55 vpn kernel: [852189.017793] iptables denied: IN=eth0 OUT= MAC=7e:44:56:0a:26:b2:7e:3b:16:c5:1c:7b:08:00 SRC=CLIENT_PUB_IP DST=10.99.0.11 LEN=113 TOS=0x00 PREC =0x00 TTL=116 ID=30248 PROTO=UDP SPT=50686 DPT=1194 LEN=93
Here is my network config on the host:
auto vmbr2
iface vmbr2 inet static
address 10.99.0.254
netmask 255.255.255.0
bridge_ports none
bridge_stp off
bridge_fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '10.99.0.0/24' -o vmbr0 -j MASQUERADE # define out rule
post-down iptables -t nat -D POSTROUTING -s '10.99.0.0/24' -o vmbr0 -j MASQUERADE # kill out rule
post-up iptables -t nat -A PREROUTING -i vmbr0 -p udp --dport 1194 -j DNAT --to 10.99.0.11:1194
post-down iptables -t nat -D PREROUTING -i vmbr0 -p udp --dport 1194 -j DNAT --to 10.99.0.11:1194
and those are on the VM:
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t filter -A INPUT -p udp --dport 1194 -j ACCEPT
iptables -t nat -I POSTROUTING -o eth0 -j SNAT --to 10.99.0.11
iptables -I INPUT -i tun+ -j ACCEPT
iptables -I FORWARD -i tun+ -j ACCEPT
iptables -I OUTPUT -o tun+ -j ACCEPT
iptables -I FORWARD -o tun+ -j ACCEPT
iptables -t nat -I POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE
Any idea why I am getting a lot of packets dropped by the firewall ?
Thank you a lot for your help