s2s openvpn can't ping containers with 2 nics (pub and priv)

yaboc

Renowned Member
Nov 13, 2012
85
2
73
hi

i have proxmox host with public ips assigned to host and few containers inside. i created a bridge to create private network which works fine between the containers. i set up pfsense in a vm with a public and private ip (11.12.13.52). then i have openvpn pfsense s2s from my home to the server. i can ping px vms <-> my home network nodes over vpn but only containers that have private ip assigned and do not thve public ip.

working node with private ip that can ping overvpn

Code:
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet dhcp

auto eth1
iface eth1 inet static
        address 11.12.13.88
        netmask 255.255.255.0
        gateway 11.12.13.52

Code:
default via 11.12.13.52 dev eth1 onlink
11.12.13.0/24 dev eth1 proto kernel scope link src 11.12.13.88

container that doesn't reach my home network which has public and private nic.

Code:
auto lo
iface lo inet loopback

auto eth0
iface eth0 inet static
        address 126.221.xxx.xxx
        netmask 255.255.255.254
# --- BEGIN PVE ---
        post-up ip route add 126.221.xxx.2 dev eth0
        post-up ip route add default via 126.221.xxx.2 dev eth0
        pre-down ip route del default via 126.221.xxx.2 dev eth0
        pre-down ip route del 126.221.xxx.2 dev eth0
# --- END PVE ---

auto eth1
iface eth1 inet static
        address 11.12.13.54
        netmask 255.255.255.0
        gateway 11.12.13.52

Code:
default via 126.221.xxx.2 dev eth0
11.12.13.0/24 dev eth1 proto kernel scope link src 11.12.13.54
126.221.xxx.2 dev eth0 scope link
126.221.xxx.xxx/31 dev eth0 proto kernel scope link src 126.221.xxx.xxx

it's defaulting to routing internal traffic via public gateway.
when i add default route for internal traffic to the container above i'm getting network is unreachable. any ideas? thanks
 
Last edited:
Problem still open?

If yes: the description is not quite clear in all details. In order to deliver them the easiest would be to post the result of
Code:
pvereport

as well as telling more precisely where your pfsense is located.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!