Wireguard with Proxmox KVM Machine and Proxmox Firewall

OliverB

Member
Apr 22, 2016
99
2
13
23
Hello,

I have installed Wireguard in Proxmox KVM virtual Ubuntu Machine, because many changes must be do for running it into a lxc container. My Wireguard works fine clients can connect and everything worked. So my Wireguard VM have a network adapter with a public ip address. So I enabled the Proxmox Firewall for this Network Card. Settings were like this:

Firewall: YES
Input Policy: DROP
Output Policy: DROP

I have only open the required ports on this KVM Machine. But after I enabled the Proxmox VM for this network adapter the clients in the WireGuard VPN can't ping each other anymore! But why?

I checked the server, two interfaces ens18 and wg0. First one with public ip, second one for Wireguard server. I also checked iptables -L -t nat on the machine

Code:
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination        

Chain INPUT (policy ACCEPT)
target     prot opt source               destination        

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination        

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination        
MASQUERADE  all  --  anywhere             anywhere          
MASQUERADE  all  --  anywhere             anywhere
Any idea why proxmox firewall is blocking this? What can I do that this is working with Promox Firewall? I have also set the clients listen port the static port e.g. 51280 and open this on proxmox firewall but nothing changed.

Hope anyone can help me!

Regards
 

Stefan_R

Proxmox Staff Member
Staff member
Jun 4, 2019
282
44
28
Vienna
Could you post your firewall configuration? (/etc/pve/firewall/*.fw files, pve-firewall compile on the PVE host)
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE and Proxmox Mail Gateway. We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!