VM's HTTPS requests are redirected to the proxmox web interface

davidh2o

New Member
Apr 6, 2021
2
0
1
18
Hello,

First of all, this is my setup:

I have a server at Hetzner with 2 public IP addresses.
One for Proxmox and one for the OPNSense.
My /etc/network/interfaces looks like this:

Code:
# network interface settings; autogenerated
# Please do NOT modify this file directly, unless you know what
# you're doing.
#
# If you want to manage parts of the network configuration manually,
# please utilize the 'source' or 'source-directory' directives to do
# so.
# PVE will preserve these directives, but will NOT read its network
# configuration from sourced files, so do not attempt to move any of
# the PVE managed interfaces into external files!

auto lo
iface lo inet loopback

iface enp35s0 inet manual
#Internetzugang Hetzner RZ

auto vmbr0
iface vmbr0 inet static
        address 157.90.90.106/26
        gateway 157.90.90.65
        bridge-ports enp35s0
        bridge-stp off
        bridge-fd 0
#Brücke OPNSense - Proxmox

auto vmbr1
iface vmbr1 inet manual
        bridge-ports none
        bridge-stp off
        bridge-fd 0
#VM Netzwerk

Proxmox is using the 157.90.90.106 and the OPNSense 157.90.90.90. This is working fine. I can access the Internet from the Router VM and alle VMs in LAN (vmbr1).
But I can only access HTTP sites and Ping, SSH. Everything execpt HTTPS Sites.

If I try to Access a website like apple.com I get a certificate warning and the Proxmox login opens and I get my Proxmox certificate.
This is the case on all sites that do not use HSTS. Only the HSTS error message appears when opening these pages.

I dont have any Proxyserver installed on my PVE (except PVEPROXY (I disabled SPICE)) and I dont have any IPTables rules.

Thank you for your help
 

davidh2o

New Member
Apr 6, 2021
2
0
1
18
Edit: I can Acess webservers running on the proxmox host from outside. (on port 80 and 443)
Edit2: And I can access the Proxmox GUI on port 8006 and 443 from outside.

I also tried this config:

Code:
auto lo
iface lo inet loopback

auto enp35s0
iface enp35s0 inet static
        address 157.90.90.106/32
        gateway 157.90.90.65
        pointopoint 157.90.90.65
#Hetzner RZ Internet

auto vmbr0
iface vmbr0 inet static
        address 157.90.90.106/32
        bridge-ports none
        bridge-stp off
        bridge-fd 0
        up ip route add 157.90.90.90/32 dev vmbr0
#Proxmox <--> OPNSense

auto vmbr1
iface vmbr1 inet manual
        bridge-ports none
        bridge-stp off
        bridge-fd 0
#VM Netzwerk
 
Last edited:

ph0x

Active Member
Jul 5, 2020
723
119
43
/dev/null
If you want to use OPNSense as gateway you have to set it as such and not the Hetzner gateway.
The subnet mask in the second file should be /26, I guess. And the ip route command should contain something like ip route add default, but this can also be set with the correct gateway address.

Why do you have two addresses, anyway? If all traffic should go through OPNSense, one public address for that is enough.

As far as I know, Hetzner provides a guide on how to setup the networking, you should probably stick to that.
 
Last edited:

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE and Proxmox Mail Gateway. We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!