[SOLVED] PVE 7 - How to make all new CTs have PPP enabled

[yswery]

Hey Team

So I know that we can make a single selected container have PPP working by simply adding into their XXX.conf file the following:

lxc.cgroup.devices.allow: c 108:0 rwm
lxc.mount.entry: /dev/ppp dev/ppp none bind,create=file

However what we want to do is that all existing and new CTs will have PPP enabled the same way, is there any non-hacky way (i.e cronjob to grep and add the lines manually) to do this?

I tried adding the above to /usr/share/lxc/config/common.conf.d/02-enable-ppp.conf but then I get the following errors when trying to do anything with PCT:

$ ~  pct status 203
Failed to load config for 203
Failure to retrieve information on /var/lib/lxc:203
command 'lxc-info -n 203 -p' failed: exit code 1

Does anyone have a direction we can do with this?

 

[oguz]

hi,

try changing the colons to equal sign in that file you added:

lxc.cgroup.devices.allow = c 108:0 rwm
lxc.mount.entry = /dev/ppp dev/ppp none bind,create=file

 

[pocok]

Sorry, I need to re-open this, as even though I have ppp and pppoe installed on the host itself, in the container, it still does not work (this is after moving from PVE version 6 to 7). For example, in an OpenWrt container I always get the following in the logs:

Wed Oct 27 07:02:06 2021 daemon.notice netifd: Interface 'wan' is now down
Wed Oct 27 07:02:06 2021 daemon.notice netifd: Interface 'wan' is disabled
Wed Oct 27 07:02:06 2021 daemon.notice netifd: Interface 'wan' is enabled
Wed Oct 27 07:02:06 2021 daemon.notice netifd: Interface 'wan' is setting up now
Wed Oct 27 07:02:06 2021 daemon.err insmod: failed to insert /lib/modules/5.11.22-5-pve/slhc.ko
Wed Oct 27 07:02:06 2021 daemon.err insmod: failed to insert /lib/modules/5.11.22-5-pve/ppp_generic.ko
Wed Oct 27 07:02:06 2021 daemon.err insmod: failed to insert /lib/modules/5.11.22-5-pve/pppox.ko
Wed Oct 27 07:02:06 2021 daemon.err insmod: failed to insert /lib/modules/5.11.22-5-pve/pppoe.ko
Wed Oct 27 07:02:06 2021 daemon.info pppd[10419]: Plugin rp-pppoe.so loaded.
Wed Oct 27 07:02:06 2021 daemon.info pppd[10419]: RP-PPPoE plugin version 3.8p compiled against pppd 2.4.8
Wed Oct 27 07:02:06 2021 daemon.err pppd[10419]: Couldn't open the /dev/ppp device: Operation not permitted
Wed Oct 27 07:02:06 2021 daemon.notice netifd: wan (10419): /usr/sbin/pppd: Sorry - this system lacks PPP kernel support
Wed Oct 27 07:02:06 2021 daemon.notice netifd: wan (10419):
Wed Oct 27 07:02:06 2021 daemon.err pppd[10419]: Sorry - this system lacks PPP kernel support
Wed Oct 27 07:02:06 2021 daemon.notice netifd: Interface 'wan' is now down
Wed Oct 27 07:02:06 2021 daemon.notice netifd: Interface 'wan' is disabled
Wed Oct 27 07:02:06 2021 daemon.notice netifd: Interface 'wan' is enabled
Wed Oct 27 07:02:06 2021 daemon.notice netifd: Interface 'wan' is setting up now
Wed Oct 27 07:02:06 2021 daemon.err insmod: failed to insert /lib/modules/5.11.22-5-pve/slhc.ko
Wed Oct 27 07:02:06 2021 daemon.err insmod: failed to insert /lib/modules/5.11.22-5-pve/ppp_generic.ko
Wed Oct 27 07:02:06 2021 daemon.err insmod: failed to insert /lib/modules/5.11.22-5-pve/pppox.ko
Wed Oct 27 07:02:06 2021 daemon.err insmod: failed to insert /lib/modules/5.11.22-5-pve/pppoe.ko
Wed Oct 27 07:02:06 2021 daemon.info pppd[10442]: Plugin rp-pppoe.so loaded.
Wed Oct 27 07:02:06 2021 daemon.info pppd[10442]: RP-PPPoE plugin version 3.8p compiled against pppd 2.4.8

I've added the two addtional lines in the LXCs config, as mentioned above (these were necessary previously as well)

Maybe the issue is that apparently, these ppp/pppoe kernel modules are in the 'base' modules, but OpenWrt expects to have them separately as per the error log?

 

[oguz]

Sorry, I need to re-open this, as even though I have ppp and pppoe installed on the host itself, in the container, it still does not work (this is after moving from PVE version 6 to 7). For example, in an OpenWrt container I always get the following in the logs:

Wed Oct 27 07:02:06 2021 daemon.notice netifd: Interface 'wan' is now down
Wed Oct 27 07:02:06 2021 daemon.notice netifd: Interface 'wan' is disabled
Wed Oct 27 07:02:06 2021 daemon.notice netifd: Interface 'wan' is enabled
Wed Oct 27 07:02:06 2021 daemon.notice netifd: Interface 'wan' is setting up now
Wed Oct 27 07:02:06 2021 daemon.err insmod: failed to insert /lib/modules/5.11.22-5-pve/slhc.ko
Wed Oct 27 07:02:06 2021 daemon.err insmod: failed to insert /lib/modules/5.11.22-5-pve/ppp_generic.ko
Wed Oct 27 07:02:06 2021 daemon.err insmod: failed to insert /lib/modules/5.11.22-5-pve/pppox.ko
Wed Oct 27 07:02:06 2021 daemon.err insmod: failed to insert /lib/modules/5.11.22-5-pve/pppoe.ko
Wed Oct 27 07:02:06 2021 daemon.info pppd[10419]: Plugin rp-pppoe.so loaded.
Wed Oct 27 07:02:06 2021 daemon.info pppd[10419]: RP-PPPoE plugin version 3.8p compiled against pppd 2.4.8
Wed Oct 27 07:02:06 2021 daemon.err pppd[10419]: Couldn't open the /dev/ppp device: Operation not permitted
Wed Oct 27 07:02:06 2021 daemon.notice netifd: wan (10419): /usr/sbin/pppd: Sorry - this system lacks PPP kernel support
Wed Oct 27 07:02:06 2021 daemon.notice netifd: wan (10419):
Wed Oct 27 07:02:06 2021 daemon.err pppd[10419]: Sorry - this system lacks PPP kernel support
Wed Oct 27 07:02:06 2021 daemon.notice netifd: Interface 'wan' is now down
Wed Oct 27 07:02:06 2021 daemon.notice netifd: Interface 'wan' is disabled
Wed Oct 27 07:02:06 2021 daemon.notice netifd: Interface 'wan' is enabled
Wed Oct 27 07:02:06 2021 daemon.notice netifd: Interface 'wan' is setting up now
Wed Oct 27 07:02:06 2021 daemon.err insmod: failed to insert /lib/modules/5.11.22-5-pve/slhc.ko
Wed Oct 27 07:02:06 2021 daemon.err insmod: failed to insert /lib/modules/5.11.22-5-pve/ppp_generic.ko
Wed Oct 27 07:02:06 2021 daemon.err insmod: failed to insert /lib/modules/5.11.22-5-pve/pppox.ko
Wed Oct 27 07:02:06 2021 daemon.err insmod: failed to insert /lib/modules/5.11.22-5-pve/pppoe.ko
Wed Oct 27 07:02:06 2021 daemon.info pppd[10442]: Plugin rp-pppoe.so loaded.
Wed Oct 27 07:02:06 2021 daemon.info pppd[10442]: RP-PPPoE plugin version 3.8p compiled against pppd 2.4.8

I've added the two addtional lines in the LXCs config, as mentioned above (these were necessary previously as well)

Maybe the issue is that apparently, these ppp/pppoe kernel modules are in the 'base' modules, but OpenWrt expects to have them separately as per the error log?

can you try changing the config entry from lxc.cgroup.devices.allow to lxc.cgroup2.devices.allow? [0]

[0]: https://pve.proxmox.com/pve-docs/chapter-pct.html#pct_cgroup_compat

 

[pocok]

can you try changing the config entry from lxc.cgroup.devices.allow to lxc.cgroup2.devices.allow? [0]

[0]: https://pve.proxmox.com/pve-docs/chapter-pct.html#pct_cgroup_compat

That absolutely did the trick, thank you!

Before your reply, I did also some additional troubleshooting, and comparing with a different Proxmox host (with version 6 on top of Debian 10), in the screenshot of the terminal, the left side is the 'old' host, which I had ppp working in LXC, and the right is the 'new' host, which didn't work.

It seems like in the OpenWrt LXC container, under /lib/modules/*kernelversion* is softlinked to the module directory of previous version of the kernel. This is probably due that both hosts were 'converted' to PVE from a vanilla Debian 10 and 11 respectively (instead of directly installing PVE from an ISO). Since I have installed 'pppoe' after converting to PVE this time, there are less modules available (pppoe.ko, pppox.ko as it seems was missing) in the previous version of the kernel.

Wireguard is also woring within the container, as the more recent kernel in the new host has it as a 'main' module integrated.



Nevertheless, the fix was the one mentioned above in this case! Thank you!

 

[giovannivl]

Thanks! I'm using openfortivpn (Ubuntu 22.10) so my LXC CT conf on host (nano /etc/pve/lxc/[IDNODE].conf):

lxc.cgroup2.devices.allow: c 108:0 rwm
lxc.mount.entry: /dev/ppp dev/ppp none bind,create=file

and host shell:
chown 100000:100000 /dev/ppp

Restart LXC CT