Unable to access Proxmox Server via OpenVPN connection

G

gProxiA

Member
May 20, 2020
31
4
13
My Firewall has 5 Interfaces:
  • 3 Interfaces for WAN (External IPs)
  • 1 Interface for LAN (10.0.0.10)
  • 1 Interface for DMZ (192.168.0.10)
The OpenVPN Server is listening on tcp Port 443 and udp Port 1194 (WAN Interface)

My proxmox Server hast two Interfaces:
  • 1 Interface for LAN (10.0.0.3)
  • 1 Interface for DMZ (192.168.0.3)

When I now try to access the GUI via VPN, I get the message "Request timeout", ping does not work either, however the VMs are accessible.
The GUI of the firewall is also accessible.


Any ideas?
 
gProxiA said:
My Firewall has 5 Interfaces:
  • 3 Interfaces for WAN (External IPs)
  • 1 Interface for LAN (10.0.0.10)
  • 1 Interface for DMZ (192.168.0.10)
The OpenVPN Server is listening on tcp Port 443 and udp Port 1194 (WAN Interface)

My proxmox Server hast two Interfaces:
  • 1 Interface for LAN (10.0.0.3)
  • 1 Interface for DMZ (192.168.0.3)

When I now try to access the GUI via VPN, I get the message "Request timeout", ping does not work either, however the VMs are accessible.
The GUI of the firewall is also accessible.
Click to expand...
Where is the OpenVPN server located where dou you want to connect from?
 
Can you please post the following output from the proxmox

1. netstat -rn
2. cat /etc/network/interfaces


From the openvpn

1. Go to firewall>rules>openvpn

Check whether rules are existing ( share the screenshot)
 
ermanishchawla said:
Can you please post the following output from the proxmox

1. netstat -rn
2. cat /etc/network/interfaces


From the openvpn

1. Go to firewall>rules>openvpn

Check whether rules are existing ( share the screenshot)
Click to expand...

Thank you for your Reply!

Here the screenshots

1. netstat
1591265903804.png

2. interfaces
1591265947455.png


OpenVPN Rules on WAN Interface (OpenVPN connection)

1591266054496.png
 
Last edited:
Richard said:
Where is the OpenVPN server located where dou you want to connect from?
Click to expand...

The OpenVPN Server is located on the Firewall.

Traffic:

Client PC connects via OpenVPN client to the OpenVPN Server (Firewall), All Traffic which comes to specifc VPN port is forwarded to the OpenVPN Server. From there you can connect to the whole internal Network
 
ermanishchawla said:
I asked for rules in openvpn tab not wan, openvpn is connecting then no issues in wan side , just show what is there in firewall rules of openvpn tab
Click to expand...

The OpenVPN Connection works. I have a rule for each Connection (UDP 1194 and TCP 443)

I Can access the Hardware Firewall through the OpenVPN and all VMs on Proxmox Host. The only thing that does not work is the access to the Proxmox Node.
(Ping, GUI,... not working)
 
gProxiA said:
The OpenVPN Connection works. I have a rule for each Connection (UDP 1194 and TCP 443)

I Can access the Hardware Firewall through the OpenVPN and all VMs on Proxmox Host. The only thing that does not work is the access to the Proxmox Node.
(Ping, GUI,... not working)
Click to expand...

Check whether Proxmox IP is published in the routing table advertised by OpenvPN
 
gProxiA said:
My Firewall has 5 Interfaces:
  • 3 Interfaces for WAN (External IPs)
  • 1 Interface for LAN (10.0.0.10)
  • 1 Interface for DMZ (192.168.0.10)
The OpenVPN Server is listening on tcp Port 443 and udp Port 1194 (WAN Interface)

My proxmox Server hast two Interfaces:
  • 1 Interface for LAN (10.0.0.3)
  • 1 Interface for DMZ (192.168.0.3)

When I now try to access the GUI via VPN, I get the message "Request timeout", ping does not work either, however the VMs are accessible.
The GUI of the firewall is also accessible.


Any ideas?
Click to expand...
Hi! Did you ever solve this? If yes can you please share the solution?
 
gProxiA said:
Yes, I have. It was a missing Firewall Rule.

action: Pass
Interface: LAN
Source: LAN net
Destination: LAN net
Click to expand...
Hi,

Can you please let me know where this was missing? On the Proxmox firewall or on the network firewall.
 
I would like to know this setup as well.

I've got one WAN port on pfSense and one LAN (192.168.70.1/24) port active. ProxMox runs on 192.168.70.3 and an OpenVPN server runs on pfSense to push all IPv4 & IPv6 traffic through the tunnel from/to the client. Accessing ProxMox over an OpenVPN client connection is crucial to having access to ALL system resources. I understand the part of checking the pfsense routing table, but there's no 192.168.70.3 posted in the table, nor am I able to figure out how to add it properly to the table. How would one fix this issue? If possible, provide some screenshots. As a pretext, consider my pfSense install as fresh but with one OpenVPN server running, one user created for client access, and two Ports forwarded for a Minecraft server.
 
Az_2170 said:
I would like to know this setup as well.

I've got one WAN port on pfSense and one LAN (192.168.70.1/24) port active. ProxMox runs on 192.168.70.3 and an OpenVPN server runs on pfSense to push all IPv4 & IPv6 traffic through the tunnel from/to the client. Accessing ProxMox over an OpenVPN client connection is crucial to having access to ALL system resources. I understand the part of checking the pfsense routing table, but there's no 192.168.70.3 posted in the table, nor am I able to figure out how to add it properly to the table. How would one fix this issue? If possible, provide some screenshots. As a pretext, consider my pfSense install as fresh but with one OpenVPN server running, one user created for client access, and two Ports forwarded for a Minecraft server.
Click to expand...
Figured this one out on my own. After attempting to access ProxMox over the VPN connection, I looked up the port that's used to access the PVE GUI in the firewall system logs to see if it was being logged as blocked by default. Sure enough it was. So I added a rule in OpenVPN firewall rules to pass the traffic from my tunnel IP directly to my PVE server IP on port 8006: worked immediately.
 
Az_2170 said:
Figured this one out on my own. After attempting to access ProxMox over the VPN connection, I looked up the port that's used to access the PVE GUI in the firewall system logs to see if it was being logged as blocked by default. Sure enough it was. So I added a rule in OpenVPN firewall rules to pass the traffic from my tunnel IP directly to my PVE server IP on port 8006: worked immediately.
Click to expand...
Could you share what your firewall rule looks like?
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back