[SOLVED] Zerotier and pve-firewall

[jamest65]

Hi All,

I am able to use zerotier for ssh and rdp with a NAT based configuration to all my VM's. from my remote laptop over my residential broadband

Q. is it possible to allow GUI access with zerotier through pve-firewall to the 8006/GUI?

if I turn off pve-firewall I obviously gain access. I have tried putting in the same rules for my remote residential broadband IP in Data Centre and Node level, pve-firewall is still blocking the GUI access over zerotier? Just to be clear I can use zerotier to ssh and RDP to my VMs but not to my DC GUI/ssh level?

any assistance greatly appreciated, this is my final hurdle for a full-blown secure Proxmox dev lab.

 

[jamest65]

I scratched this idea and just use a forward tunnel instead which will work when am roaming around. it's also a simpler way to manage the firewall rules. I am also assuming that it isn't possible to open up the 9993 port with pve due to security.

ssh -L local_port:destination_server_ip:remote_port ssh_server_hostname

remote forwarding example ssh -p 22 -L 8006:127.0.0.1:8006 -N -f root@myipaddress

-p is which port you need ssh access in case it's different from the default port 22. 8006 is the port you need to forward for the GUI, I then secure this with an encrypted random key. further, you can secure the ssh server by modifying the sshd_config for further hardening.

Hope it helps someone