PVE SDN can't pass DHCP to VM in VM? (cascade virtual machine)

[upve]

PVE host on bare metal <---in--- PVE vm <--in-- Ubuntu

So, PVE vm can get IP address from SDN DHCP which is enabled on PVE host on bare metal.

However, Ubuntu which is running in PVE vm can't get IP address from PVE host on bare metal.

firewall configured correctly on PVE host on bare metal. firewall disabled on PVE vm at datacenter level.

 

[Halfeez92]

Same with me. I was going to create a thread for this, lucky you already opened it.

For me, I am using PNET LAB inside Proxmox VE. The VM on Proxmox can get the DHCP on the Proxmox SDN, but not the nested VM. I tried to set static address pointing to Proxmox SDN as gateway, it works and can ping to the internet. But not on DHCP.

I was thinking maybe this had to do with promiscious mode, or proxy arp or something like that but I don't know the details.

 

[_gabriel]

Turn off "MAC filter" under PVE VM -> Firewall -> Options

 

[Halfeez92]

Turn off "MAC filter" under PVE VM -> Firewall -> Options

I have already turn off the MAC filter but still not avail.

 

[upve]

Same with me. I was going to create a thread for this, lucky you already opened it.

For me, I am using PNET LAB inside Proxmox VE. The VM on Proxmox can get the DHCP on the Proxmox SDN, but not the nested VM. I tried to set static address pointing to Proxmox SDN as gateway, it works and can ping to the internet. But not on DHCP.

I was thinking maybe this had to do with promiscious mode, or proxy arp or something like that but I don't know the details.

Same here, manually assigned IP address within the DHCP range from PVE SDN with SNAT enabled, internet connection worked.

However, can't get IP address from PVe SDN DHCP server.

 

[upve]

Turn off "MAC filter" under PVE VM -> Firewall -> Options

If the firewall is disabled at datacenter level, I assume anything under firewall at any level will be disabled?

 

[Halfeez92]

I found these lines in proxmox networking logs. Surely they got ignored.

Nov 10 12:04:45 pve dnsmasq-dhcp[754096]: DHCPDISCOVER(isolate) 00:50:79:66:68:01 ignored
Nov 10 12:04:46 pve dnsmasq-dhcp[754096]: DHCPDISCOVER(isolate) 00:50:79:66:68:01 ignored
Nov 10 12:04:49 pve dnsmasq-dhcp[754096]: DHCPDISCOVER(isolate) 00:50:79:66:68:01 ignored

[ATTACH type="full"]77472[/ATTACH]

 

[Halfeez92]

After hours of investigation and ChatGPT-ing, I have found the solution.

Basically, you need to alter the dnsmasq configuration for your selected Vnets or Zones.

To do so, first you need to disable the line dhcp-ignore=tag:!known by commenting the line with the hashtag like so # dhcp-ignore=tag:!known in the file /etc/dnsmasq.d/<your vnets@zone folder>/00-default.conf.

What the line does? ChatGPT replied to me with this answer:

• This line tells dnsmasq to ignore DHCP requests from clients that are not known (not listed in the ethers file, which is typically used to map MAC addresses to specific IP addresses).
• If the MAC address of a client (e.g., the nested VM) is not listed in the dhcp-hostsfile (/etc/dnsmasq.d/isolate/ethers), its DHCP requests will be ignored.

After disabling the dhcp-ignore, you need to change the dhcp-range configuration on 10-<your vnets@zone name>.conf. This is because the default configuration is giving the static IP from the Proxmox SDN configuration. To do so, change the line dhcp-range from the file:

dhcp-option=tag:<vnets@zone name>-192.168.x.0-24,option:router,192.168.x.1
dhcp-option=tag:<vnets@zone name>-192.168.x.0-24,option:dns-server,8.8.8.8
dhcp-range=set:<vnets@zone name>-192.168.x.0-24,192.168.x.0,static,255.255.255.0,infinite

Please take note at the line 192.168.x.0,static. Change it like so 192.168.x.2,192.168.x.254. What this does is, we are stating the start IP address and the last of IP address to give out. So basically, we are giving the IP range starting from 192.168.x.2 till 192.168.x.254. You might want to change this accordingly to your environment.

Last but not least, restart the service by entering this command systemctl restart dnsmasq@<your vnets@zone name>. If you are not sure on the vnets or zone name, you can press Tab so it will populate the list you currently have.

However, I have not yet tried to re-apply the SDN configuration on the WebUI. As I concern, this will rewrite back the configuration you edited. Let me know if it is reverted back to default Proxmox SDN configuration.

 

[upve]

After hours of investigation and ChatGPT-ing, I have found the solution.

Basically, you need to alter the dnsmasq configuration for your selected Vnets or Zones.

To do so, first you need to disable the line dhcp-ignore=tag:!known by commenting the line with the hashtag like so # dhcp-ignore=tag:!known in the file /etc/dnsmasq.d/<your vnets@zone folder>/00-default.conf.

What the line does? ChatGPT replied to me with this answer:


After disabling the dhcp-ignore, you need to change the dhcp-range configuration on 10-<your vnets@zone name>.conf. This is because the default configuration is giving the static IP from the Proxmox SDN configuration. To do so, change the line dhcp-range from the file:

dhcp-option=tag:<vnets@zone name>-192.168.x.0-24,option:router,192.168.x.1
dhcp-option=tag:<vnets@zone name>-192.168.x.0-24,option:dns-server,8.8.8.8
dhcp-range=set:<vnets@zone name>-192.168.x.0-24,192.168.x.0,static,255.255.255.0,infinite

Please take note at the line 192.168.x.0,static. Change it like so 192.168.x.2,192.168.x.254. What this does is, we are stating the start IP address and the last of IP address to give out. So basically, we are giving the IP range starting from 192.168.x.2 till 192.168.x.254. You might want to change this accordingly to your environment.

Last but not least, restart the service by entering this command systemctl restart dnsmasq@<your vnets@zone name>. If you are not sure on the vnets or zone name, you can press Tab so it will populate the list you currently have.

However, I have not yet tried to re-apply the SDN configuration on the WebUI. As I concern, this will rewrite back the configuration you edited. Let me know if it is reverted back to default Proxmox SDN configuration.

Haven't tried yet, but seems promising. I'd prefer proxmox team to add such feature. As this might be one of the most frequent issue people will hit.
Otherwise, it seems that using a simple DHCP server as a VM will be way easier and less trouble. The SDN feature and function is somewhat incomplete at this stage seems to me.

 

[Halfeez92]

Haven't tried yet, but seems promising. I'd prefer proxmox team to add such feature. As this might be one of the most frequent issue people will hit.
Otherwise, it seems that using a simple DHCP server as a VM will be way easier and less trouble. The SDN feature and function is somewhat incomplete at this stage seems to me.

You are correct. I have already asked a lot of forum, most of them suggesting to use firewall vm such as pfsense, opnsense or sophos to hane the dhcp and access list.

Proxmox iptables are really buggy.

 

[arsine]

After hours of investigation and ChatGPT-ing, I have found the solution.

Basically, you need to alter the dnsmasq configuration for your selected Vnets or Zones.

To do so, first you need to disable the line dhcp-ignore=tag:!known by commenting the line with the hashtag like so # dhcp-ignore=tag:!known in the file /etc/dnsmasq.d/<your vnets@zone folder>/00-default.conf.

What the line does? ChatGPT replied to me with this answer:


After disabling the dhcp-ignore, you need to change the dhcp-range configuration on 10-<your vnets@zone name>.conf. This is because the default configuration is giving the static IP from the Proxmox SDN configuration. To do so, change the line dhcp-range from the file:

dhcp-option=tag:<vnets@zone name>-192.168.x.0-24,option:router,192.168.x.1
dhcp-option=tag:<vnets@zone name>-192.168.x.0-24,option:dns-server,8.8.8.8
dhcp-range=set:<vnets@zone name>-192.168.x.0-24,192.168.x.0,static,255.255.255.0,infinite

Please take note at the line 192.168.x.0,static. Change it like so 192.168.x.2,192.168.x.254. What this does is, we are stating the start IP address and the last of IP address to give out. So basically, we are giving the IP range starting from 192.168.x.2 till 192.168.x.254. You might want to change this accordingly to your environment.

Last but not least, restart the service by entering this command systemctl restart dnsmasq@<your vnets@zone name>. If you are not sure on the vnets or zone name, you can press Tab so it will populate the list you currently have.

However, I have not yet tried to re-apply the SDN configuration on the WebUI. As I concern, this will rewrite back the configuration you edited. Let me know if it is reverted back to default Proxmox SDN configuration.

I was having the same issues where the SDN addresses weren't being assigned automatically but if statically assigned they would work. Following these steps resolved the issue. Thanks!

 

[serko54]

Yes.. same problem with new uploaded Proxmox 8.3
DHCP with SDM works with Simple vnets, but fails with VLAN type vnets +dhcp range configured

And looks like VLAN config lives somewhere else, but not here /etc/dnsmasq.d# (here are Simlpe vnet configs) at least at this folder I can't fine nothing similar to my tesllab vlan vnet

 

[Jeff L.]

root@pve01:/etc/dnsmasq.d# pveversion
pve-manager/8.4.1/2a5fa54a8503f96d (running kernel: 6.8.12-9-pve)
root@pve01:/etc/dnsmasq.d#

I am also encountering the behavior described by the OP. I am trying to file @arsine 's workaround but I'm getting tripped up. The configuration files for me are /etc/dnsmasq.d/<zone_name>/00-default.conf, not /etc/dnsmasq/<vnet_name>@<zone_name>/00-default.conf. Perhaps this was a change in 8.4. How can I follow the OP's guidance given this change? Please include an example config if you don't mind.