[SOLVED] Proxmox via VPN

dekkert

Member
Feb 3, 2022
10
1
8
58
Hello,

I have several servers rented from my provider—let's say three, for example.

  • Each server has an external IP address that I only use for configuration purposes via SSH (125.10.10.*).
  • All servers also have internal IPs, which I use for internal communication between the servers (10.18.12.*).
  • To access the servers from outside, I use a WireGuard VPN with addresses in the 10.24.. range.
  • Each server has its own Class C network: 10.24.10., 10.24.20., and 10.24.30.*.
  • The server with the 10.24.30.* network is the WireGuard server, and the others are clients.
Everything works fine. I can access the servers from each other internally, and I can connect externally via WireGuard.

Now, I've installed Proxmox 8 on server 10.18.12.20, with the WireGuard address/network 10.24.20.1/16. Using pveproxy, I have access only via the WireGuard VPN, which works well.

My question is: how should I configure the internal network bridge for the VMs so that they can communicate with each other and so that I can access the VMs directly from outside via WireGuard?

My first attempt was to give a VM the IP address 10.24.20.50, but there was no connection between the bridge and the WireGuard network.

In my second attempt, I assigned the VM the IP 10.24.21.50 with a new subnet (10.24.21.*) to connect the WireGuard network with the VM bridge network, but I wasn't sure how to make this work.

Do you have any ideas or resources on how to achieve this? Port forwarding isn't an ideal solution.

----
Perhaps an addon:

By the first try ipadress looks like (different numers 50 instead of 20).

4: wg0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
link/none
inet 10.24.50.1/16 scope global wg0
valid_lft forever preferred_lft forever
5: vmbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether fe:e7:8d:a1:c9:b4 brd ff:ff:ff:ff:ff:ff
inet 10.24.50.1/16 scope global vmbr0
valid_lft forever preferred_lft forever
inet6 fe80::4c7a:dcff:fe85:f670/64 scope link
valid_lft forever preferred_lft forever

Thank you.
 
Last edited:
It is working now with the first attempt.

I have only set the gateway in the virtual machine 10.24.20.98 to 10.24.20.1.