It seems I have created myself a puzzle.
I've got PVE 9.1.4 running, using vmbr0 as the main bridge. (Default setup there). There are a few slightly more complex bits I've added, E.G for extra VLAN's, but I don't think this should be affecting anything in this issue, its all just on vmbr0. Config as thus:
I am not using SDN features, apart from a couple of VNet definitions. Everything else is pretty much at default under SDN. I've got the PVE firewall enabled at Datacenter, Node, and (on the majority) of VMs / CTs as well. My strategy is to have the firewall default policies Input = DROP, Output = ACCEPT, and then configure explicit rules for incoming traffic to each VM. Works great.
I previously had a WireGuard VPN server on a machine on my LAN, in fact it still exists, but it was running on Windows along with a bunch of other services, so I decided to decommission it. I created a new VM in PVE running Ubuntu Server, and configured this as my WireGuard server. It uses "routing" mode, E.G WG clients get assigned IP's in a pool dedicated to WireGuard. Then, I have a static route on my physical network gateway, pointing the WG subnet to the WG server. This has worked great in the past before PVE was involved.
I've got to a point where I can connect to the WG server from another WAN connection (testing), and my PC receives an IP in the WG subnet, and I can successfully route to (ping) Internet Hosts, as well as the physical gateway, the WG server (VM) LAN IP, and the WG server WG interface IP. I can also access the web interface of PVE from the WG client.
However, I cannot access any VMs running on Proxmox, and it seems I cannot access (ping) various generic hosts on the remote LAN which the WireGuard subnet should be able to route to.
I am currently very stuck, so would appreciate some help. GPT is useless here, it just gets confused with this one!
I hope that makes sense, I can certainly provide more detail as needed. I am not 100% sure if this is a Proxmox issue, or a general issue with my WireGuard, but I am pretty sure I had my WG setup working similarly before (before PVE involved), without any issues.
Thanks.
I've got PVE 9.1.4 running, using vmbr0 as the main bridge. (Default setup there). There are a few slightly more complex bits I've added, E.G for extra VLAN's, but I don't think this should be affecting anything in this issue, its all just on vmbr0. Config as thus:
I am not using SDN features, apart from a couple of VNet definitions. Everything else is pretty much at default under SDN. I've got the PVE firewall enabled at Datacenter, Node, and (on the majority) of VMs / CTs as well. My strategy is to have the firewall default policies Input = DROP, Output = ACCEPT, and then configure explicit rules for incoming traffic to each VM. Works great.
I previously had a WireGuard VPN server on a machine on my LAN, in fact it still exists, but it was running on Windows along with a bunch of other services, so I decided to decommission it. I created a new VM in PVE running Ubuntu Server, and configured this as my WireGuard server. It uses "routing" mode, E.G WG clients get assigned IP's in a pool dedicated to WireGuard. Then, I have a static route on my physical network gateway, pointing the WG subnet to the WG server. This has worked great in the past before PVE was involved.
I've got to a point where I can connect to the WG server from another WAN connection (testing), and my PC receives an IP in the WG subnet, and I can successfully route to (ping) Internet Hosts, as well as the physical gateway, the WG server (VM) LAN IP, and the WG server WG interface IP. I can also access the web interface of PVE from the WG client.
However, I cannot access any VMs running on Proxmox, and it seems I cannot access (ping) various generic hosts on the remote LAN which the WireGuard subnet should be able to route to.
I am currently very stuck, so would appreciate some help. GPT is useless here, it just gets confused with this one!
I hope that makes sense, I can certainly provide more detail as needed. I am not 100% sure if this is a Proxmox issue, or a general issue with my WireGuard, but I am pretty sure I had my WG setup working similarly before (before PVE involved), without any issues.
Thanks.
