SSL errors since configuration change

D

dominicpratt

New Member
Dec 13, 2016
8
0
1
32
Good morning from Germany,

I've changed the networking setup on my Proxmox-Host to use IPv6 in Dual-Stack. This is my configuration:

Proxmox-Host
Code: 
auto eth0
iface eth0 inet static
        address  138.201.203.16
        netmask  255.255.255.255
        gateway  138.201.203.1
    pointopoint 138.201.203.1

iface eth0 inet6 static
    address 2a01:4f8:173:130f::2a
    netmask 128
    gateway fe80::1
    up sysctl -p

auto vmbr0
iface vmbr0 inet static
    address  138.201.203.16
    netmask  255.255.255.255
    bridge_ports none
    bridge_stp off
    bridge_fd 0
    bridge_maxwait 0

    up ip route add 138.201.203.51/32 dev vmbr0
        up ip route add 138.201.203.52/32 dev vmbr0
        up ip route add 138.201.203.56/32 dev vmbr0
        up ip route add 138.201.203.57/32 dev vmbr0

iface vmbr0 inet6 static
    address  2a01:4f8:173:130f::2a
    netmask  64

Guest
Code: 
auto eth0
iface eth0 inet static
    address 138.201.203.57
    netmask 255.255.255.255
    pointopoint 138.201.203.16
    gateway 138.201.203.16
    dns-nameservers 8.8.8.8 8.8.4.4
    dns-search dominicpratt.de

iface eth0 inet6 static
        address  2a01:4f8:173:130f::d
        netmask  64
        gateway  2a01:4f8:173:130f::2a
        dns-nameservers 2001:4860:4860::8888 2001:4860:4860::8844

Problem

Since the change, I'm unable to reach HTTPS-Websites from my Guest-Machines. Example:
Code: 
root@web1: ~ # openssl s_client -connect google.de:443
CONNECTED(00000003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = px.dominicpratt.de
I keep getting the certificate from my Proxmox-Node delivered and can't figure out why and what's the problem there. Any ideas?
 
This look like a DNS problem to me.
I would suspect here google.de to resolve to the IP of your PVE node, instead of google IP.

What does happen if you remove the dns-* stuff from the interfaces configuration and let the the system use /etc/resolv.conf ?
Is your guest system a container ? THen you configure the DNS settings via the GUI.
 
This is not a DNS problem, sorry, forgot to add this one:
Code: 
root@web1: ~ # host google.de
google.de has address 216.58.208.35
google.de has IPv6 address 2a00:1450:4001:815::2003
google.de mail is handled by 30 alt2.aspmx.l.google.com.
google.de mail is handled by 20 alt1.aspmx.l.google.com.
google.de mail is handled by 50 alt4.aspmx.l.google.com.
google.de mail is handled by 40 alt3.aspmx.l.google.com.
google.de mail is handled by 10 aspmx.l.google.com.

Is your guest system a container ?
Click to expand...
It's a KVM guest.
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back