Nethserver on Proxmox

bjarnet · July 18, 2018, 12:25am

NethServer Version: 7.4.1708
Module: VPN/Firewall

So I have successfully installed and configured Nethserver with OpenVPN and the Basic Firewall on two physical servers.

I now attempted to install Nethserver virtualized on my Proxmox machine, and seem to be having multiple network related issues.

On Proxmox, I have these two virtual Networks:

auto vmbr1
iface vmbr1 inet manual
	bridge_ports enp4s0
	bridge_stp off
	bridge_fd 0

auto vmbr2
iface vmbr2 inet manual
	bridge_ports enp6s0
	bridge_stp off
	bridge_fd 0

I use these networks to setup two virtual network devices for my Nethserver virtual machine:

Network Device (net0) - virtio=F2:XX:XX:XX:XX, bridge=vmr2
Network Device (net1) - virtio=66:XX:XX:XX:XX, bridge=vmr1

In Nethserver, those network devices provide the Green and Red ports.

I then installed the OpenVPN module and created a road warrior profile.

The first oddity (compared two my other two physical installations) is that I am unable to reach nodes on the Green network through VPN (but the connection to the Nethserver works).

traceroute to 192.168.20.105 (192.168.20.105), 64 hops max, 52 byte packets
1 192.168.110.1 (192.168.110.1) 261.543 ms 19.583 ms 145.094 ms
2 * *^Z
[1]+ Stopped traceroute 192.168.20.105

I subsequently installed the basic firewall, and tried to configure a rule for openvpn, but got the following error message:

I also have a FreeNAS virtual machine on the same Proxmox machine connected the Nethserver Green network. Strangely, FreeNAS is unable to obtain an IP address via DHCP, while a virtual Win10 machine, also connected to the Green network is able to do so…

So now I wonder: Are there any special network related configurations required to run Nethserver with OpenVPN and Shorewall in a virtualized environment?

Any hints would be much appreciated.

m.traeumner · July 18, 2018, 8:26am

Perhaps it helps to create dummy interfaces at nethserver instead creating virtual devices at proxmox.
Please have a look here:

asl · July 18, 2018, 9:01am

Hello @bjarnet I have a similar configuration as you do running on an external provider (root server) as well as running on proxmox. If you have proxmox it’s easier to install a second network card to have red and green interface available. If you run on an external provider you usually only get one hardware interface and need to add a virtual nic to have red and green interface.
You do not need to do anything special on proxmox side!

Verify your network service sttings:

Firewall rules should show this (automatically):

My openvpn settings are theese:
grafik

I’m running the same version of nethserver as you do. I have not seen these shorewall error msg before.
I suggest you try to fix shorewall issuses on command line level before.

m.traeumner · July 18, 2018, 12:40pm

Here is also a Howto for installing nethserver at proxmox:

https://wiki.nethserver.org/doku.php?id=userguide:install_nethserver_on_proxmox_35

But it’s only a general Howto.

bjarnet · July 19, 2018, 2:10am

Hello all - thank you for your assistance!

@asl: I “fixed” the shorewall issues by reinstalling Nethserver from scratch. The automatic firewall rules as per your screenshot are set accordingly.

@m.traeumner: I did review the tutorial, thanks. Regarding the dummy interface, my server has two physical NICs. One (red) is connected to the Internet Router (DHCP), the second (green) is supposed to provide the DHCP/routing for my LAN, which includes both virtual machines and physical machines.

With shorewall fixed, I conducted some further testing, and concluded that the problem is most likley with the virtual Win7 machine on the (green) LAN that I was trying to reach via VPN. From this VM, I can reach Nethserver and, through it, the Internet on red, but the machine cannot ping any other machines on the LAN, nor can it be pinged by any other machines on the LAN, including Nethserver.

An Ubuntu VM on the same LAN does not have this problem and can be reached when I connect to Nethserver via VPN.

This particular Win7 VM was imported from VirtualBox, and I suspect that something is wrong with the Network driver (I chose “e1000”). I might try to install the VirtIO driver to see if that fixes the problem.

So no problem with Nethserver on Proxmox, and likely just a badly configured Win VM.

Thanks again for the support!

m.traeumner · July 19, 2018, 6:53am

Do you have installed an Internet Security at this machine? Sometimes they block the ping. Here are some examples:

bjarnet · July 20, 2018, 1:33am

Problem solved:

I had to switch my bridge to DHCP, so that it will receive an IP address from Nethserver.

iface vmbr2 inet dhcp
        bridge_ports enp6s0
        bridge_stp off
        bridge_fd 0

Now all members of the LAN can ping another.

Thanks again to all for the support.

m.traeumner · July 20, 2018, 7:24am

Can you please mark the answer as solution.