Join Log in
Score:0
mxwmnn avatar Server

No Connection with Pivpn wireguard lxc Container on a proxmox host

je flag
mxwmnn

Describe the issue

I can't connect to anything. Not the internet nor the local network

Expected behavior

I want if my device is connected to the wireguard vpn to surf the web and to access every device which is connected to the wireguard vpn.

Please describe the steps to replicate the issue

Running bash -c "$(wget -qLO - https://github.com/tteck/Proxmox/raw/main/ct/wireguard.sh)" on the Proxmox Host. initializing it with vmid 105 and the static internal vmbr1 ip to 10.0.0.105/32. Port Forwarding with iptables -t nat -A PREROUTING -i vmbr0 -p udp --dport 51280 -j DNAT --to 10.0.0.105:51820 on the Proxmox Host Adding

lxc.cgroup2.devices.allow: c 10:200 rwm
lxc.mount.entry: /dev/net dev/net none bind,create=dir

to /etc/pve/lxc/105.conf at the EOF chown 100000:100000 /dev/net/tun on the Proxmox Host Shutdown the LXC and Start Adding a client with pivpn add and then generating qr with pivpn -qr trying to connect and seems to work but cant reach anything.

Additional Information: It's a root server. Every port is open. vmbr0 has the eno1 slave and is the connection to the internet with the public ip vmbr1 is the internal lan.

Have you taken any steps towards solving your issue?

Tried pivpn -d, no errors

::: Generating Debug Output
::::            PiVPN debug              ::::
=============================================
::::            Latest commit            ::::
Branch: master
Commit: 4032a55c80f25b51419180eda93f44d579ab79e9
Author: 4s3ti
Date: Wed Mar 29 14:54:19 2023 +0200
Summary: docs(issues): Remove old markdown template
=============================================
::::        Installation settings        ::::
PLAT=Debian
OSCN=bullseye
USING_UFW=0
pivpnforceipv6route=1
IPv4dev=eth0
install_user=root
install_home=/root
VPN=wireguard
pivpnPORT=51820
pivpnDNS1=1.1.1.1
pivpnDNS2=8.8.8.8
pivpnHOST=REDACTED
INPUT_CHAIN_EDITED=0
FORWARD_CHAIN_EDITED=0
INPUT_CHAIN_EDITEDv6=
FORWARD_CHAIN_EDITEDv6=
pivpnPROTO=udp
pivpnMTU=1420
pivpnPERSISTENTKEEPALIVE=25
pivpnDEV=wg0
pivpnNET=10.6.0.0
subnetClass=24
pivpnenableipv6=0
ALLOWED_IPS="0.0.0.0/0, ::0/0"
UNATTUPG=1
INSTALLED_PACKAGES=(git dnsutils grepcidr net-tools bsdmainutils iptables-persistent wireguard-tools qrencode linux-headers-amd64 wireguard-dkms unattended-upgrades)
=============================================
::::  Server configuration shown below   ::::
[Interface]
PrivateKey = server_priv
Address = 10.6.0.1/24
MTU = 1420
ListenPort = 51820
### begin t ###
[Peer]
PublicKey = t_pub
PresharedKey = t_psk
AllowedIPs = 10.6.0.2/32
### end t ###
=============================================
::::  Client configuration shown below   ::::
[Interface]
PrivateKey = t_priv
Address = 10.6.0.2/24
DNS = 1.1.1.1, 8.8.8.8

[Peer]
PublicKey = server_pub
PresharedKey = t_psk
Endpoint = REDACTED:51820
AllowedIPs = 0.0.0.0/0, ::0/0
PersistentKeepalive = 25
=============================================
::::    Recursive list of files in       ::::
::::    /etc/wireguard shown below       ::::
/etc/wireguard:
configs
keys
wg0.conf

/etc/wireguard/configs:
clients.txt
t.conf

/etc/wireguard/keys:
server_priv
server_pub
t_priv
t_psk
t_pub
=============================================
::::            Self check               ::::
:: [OK] IP forwarding is enabled
:: [OK] Iptables MASQUERADE rule set
:: [OK] WireGuard is running
:: [OK] WireGuard is enabled 
(it will automatically start on reboot)
:: [OK] WireGuard is listening on port 51820/udp
=============================================
:::: Having trouble connecting? Take a look at the FAQ:
:::: https://docs.pivpn.io/faq
=============================================
:::: WARNING: This script should have automatically masked sensitive       ::::
:::: information, however, still make sure that PrivateKey, PublicKey      ::::
:::: and PresharedKey are masked before reporting an issue. An example key ::::
:::: that you should NOT see in this log looks like this:                  ::::
:::: YIAoJVsdIeyvXfGGDDadHh6AxsMRymZTnnzZoAb9cxRe                          ::::
=============================================
::::            Debug complete           ::::
::: 
::: Debug output completed above.
::: Copy saved to /tmp/debug.log
:::

did: WireGuard, restart the server with sudo systemctl restart wg-quick@wg0. Run lsmod | grep wireguard and confirm that you get at least this output (numbers don't matter). result:

root@wireguard:~# systemctl restart wg-quick@wg0
root@wireguard:~# lsmod | grep wireguard
wireguard              94208  0
curve25519_x86_64      36864  1 wireguard
libchacha20poly1305    16384  1 wireguard
libcurve25519_generic    49152  2 curve25519_x86_64,wireguard
ip6_udp_tunnel         16384  1 wireguard
udp_tunnel             24576  1 wireguard

did: Check that the current IP address of the interface IPv4dev is the same as IPv4addr. You can see the current IP with ip -f inet address show IPv4dev. result:

root@wireguard:~# ip -f inet address show eth0
2: eth0@if63: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link-netnsid 0
    inet 10.0.0.105/32 brd 10.0.0.105 scope global eth0
       valid_lft forever preferred_lft forever

I also tried here to setup the lxc with 10.0.0.105/24 cidr, didn't worked.

did: Check that the current public IP of your connection is the same as pivpnHOST. To check the current public IP: curl -s https://checkip.amazonaws.com. result: true

did: Packet capture at proxmox host result:

root@PXHOST ~ # tcpdump -n -i eno1 udp port 51820
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on eno1, link-type EN10MB (Ethernet), snapshot length 262144 bytes
20:24:37.247653 IP PUBLIC_IP_FROM_DEVICE.23135 > PUBLIC_IP_FROM_PROXMOXHOST.51820: UDP, length 148
20:24:42.407118 IP PUBLIC_IP_FROM_DEVICE.24914 > PUBLIC_IP_FROM_PROXMOXHOST.51820: UDP, length 148
20:24:47.408793 IP PUBLIC_IP_FROM_DEVICE.3965 > PUBLIC_IP_FROM_PROXMOXHOST.51820: UDP, length 148
20:24:52.417794 IP PUBLIC_IP_FROM_DEVICE.15818 > PUBLIC_IP_FROM_PROXMOXHOST.51820: UDP, length 148
20:24:57.427425 IP PUBLIC_IP_FROM_DEVICE.25774 > PUBLIC_IP_FROM_PROXMOXHOST.51820: UDP, length 148
20:25:02.427643 IP PUBLIC_IP_FROM_DEVICE.10110 > PUBLIC_IP_FROM_PROXMOXHOST.51820: UDP, length 148
20:25:07.436955 IP PUBLIC_IP_FROM_DEVICE.14914 > PUBLIC_IP_FROM_PROXMOXHOST.51820: UDP, length 148
20:25:12.448197 IP PUBLIC_IP_FROM_DEVICE.29891 > PUBLIC_IP_FROM_PROXMOXHOST.51820: UDP, length 148
20:25:17.440071 IP PUBLIC_IP_FROM_DEVICE.7570 > PUBLIC_IP_FROM_PROXMOXHOST.51820: UDP, length 148
20:25:22.460508 IP PUBLIC_IP_FROM_DEVICE.21590 > PUBLIC_IP_FROM_PROXMOXHOST.51820: UDP, length 148

tried to edit /etc/wireguard/wg0.conf and add postup and postdown rules, restart machine reconnect device PostUp : iptables -A FORWARD -i %i -j ACCEPT; iptables -A FORWARD -o %i -j ACCEPT; iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE PostDown: iptables -D FORWARD -i %i -j ACCEPT; iptables -D FORWARD -o %i -j ACCEPT; iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE result: no connection to the internet nor the local network

Screenshots

No response

Where did you run pivpn?

Proxmox LXC Container

Please provide your output from uname -a

Host:

Linux PXHOST 5.19.17-2-pve #1 SMP PREEMPT_DYNAMIC PVE 5.19.17-2 (Sat, 28 Jan 2023 16:40:25  x86_64 GNU/Linux

LXC:

Linux wireguard 5.19.17-2-pve #1 SMP PREEMPT_DYNAMIC PVE 5.19.17-2 (Sat, 28 Jan 2023 16:40:25  x86_64 GNU/Linux

Details about Operative System

HOST:

cat /etc/os-release 
PRETTY_NAME="Debian GNU/Linux 11 (bullseye)"
NAME="Debian GNU/Linux"
VERSION_ID="11"
VERSION="11 (bullseye)"
VERSION_CODENAME=bullseye
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"

LXC:

root@wireguard:~# cat /etc/os-release
PRETTY_NAME="Debian GNU/Linux 11 (bullseye)"
NAME="Debian GNU/Linux"
VERSION_ID="11"
VERSION="11 (bullseye)"
VERSION_CODENAME=bullseye
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"

Installation

✓ Started LXC Container
+ '[' debian == alpine ']'
++ wget -qLO - https://raw.githubusercontent.com/tteck/Proxmox/main/install/wireguard-install.sh
+ lxc-attach -n 105 -- bash -c '#!/usr/bin/env bash

# Copyright (c) 2021-2023 tteck
# Author: tteck (tteckster)
# License: MIT
# https://github.com/tteck/Proxmox/raw/main/LICENSE


Building dependency tree... Done
Reading state information... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
+ apt-get autoclean
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
+ msg_ok Cleaned
+ local msg=Cleaned
+ echo -e '\r\033[K \033[1;92m✓\033[m \033[1;92mCleaned\033[m'
 ✓ Cleaned
+ description
++ pct exec 105 ip a s dev eth0
++ awk '/inet / {print $2}'
++ cut -d/ -f1
+ IP=10.0.0.105
+ pct set 105 -description '# Wireguard LXC
  ### https://tteck.github.io/Proxmox/
  <a href='\''https://ko-fi.com/D1D7EP4GF'\''><img src='\''https://img.shields.io/badge/☕-Buy me a coffee-red'\'' /></a>'
+ msg_ok 'Completed Successfully!\n'
+ local 'msg=Completed Successfully!\n'
+ echo -e '\r\033[K \033[1;92m✓\033[m \033[1;92mCompleted Successfully!\n\033[m'
 ✓ Completed Successfully!```

### Profile / Client creation

pivpn add
Enter a Name for the Client: t
::: Client Keys generated
::: Client config generated
::: Updated server config
::: WireGuard reloaded
======================================================================
::: Done! t.conf successfully created!
::: t.conf was copied to /root/configs for easytransfer.
::: Please use this profile only on one device and create additional
::: profiles for other devices. You can also use pivpn -qr
::: to generate a QR Code you can scan with the mobile app.
======================================================================

### Debug output


::: Generating Debug Output
::::            PiVPN debug              ::::
=============================================
::::            Latest commit            ::::

Branch: master Commit: 4032a55c80f25b51419180eda93f44d579ab79e9 Author: 4s3ti Date: Wed Mar 29 14:54:19 2023 +0200 Summary: docs(issues): Remove old markdown template

:::: Installation settings :::: PLAT=Debian OSCN=bullseye USING_UFW=0 pivpnforceipv6route=1 IPv4dev=eth0 install_user=root install_home=/root VPN=wireguard pivpnPORT=51820 pivpnDNS1=1.1.1.1 pivpnDNS2=8.8.8.8 pivpnHOST=REDACTED INPUT_CHAIN_EDITED=0 FORWARD_CHAIN_EDITED=0 INPUT_CHAIN_EDITEDv6= FORWARD_CHAIN_EDITEDv6= pivpnPROTO=udp pivpnMTU=1420 pivpnPERSISTENTKEEPALIVE=25 pivpnDEV=wg0 pivpnNET=10.6.0.0 subnetClass=24 pivpnenableipv6=0 ALLOWED_IPS="0.0.0.0/0, ::0/0" UNATTUPG=1 INSTALLED_PACKAGES=(git dnsutils grepcidr net-tools bsdmainutils iptables-persistent wireguard-tools qrencode linux-headers-amd64 wireguard-dkms unattended-upgrades)

:::: Server configuration shown below :::: [Interface] PrivateKey = server_priv Address = 10.6.0.1/24 MTU = 1420 ListenPort = 51820

begin t

[Peer] PublicKey = t_pub PresharedKey = t_psk AllowedIPs = 10.6.0.2/32

end t

============================================= :::: Client configuration shown below :::: [Interface] PrivateKey = t_priv Address = 10.6.0.2/24 DNS = 1.1.1.1, 8.8.8.8

[Peer] PublicKey = server_pub PresharedKey = t_psk Endpoint = REDACTED:51820 AllowedIPs = 0.0.0.0/0, ::0/0 PersistentKeepalive = 25

:::: Recursive list of files in :::: :::: /etc/wireguard shown below :::: /etc/wireguard: configs keys wg0.conf

/etc/wireguard/configs: clients.txt t.conf

/etc/wireguard/keys: server_priv server_pub t_priv t_psk t_pub

:::: Self check :::: :: [OK] IP forwarding is enabled :: [OK] Iptables MASQUERADE rule set :: [OK] WireGuard is running :: [OK] WireGuard is enabled (it will automatically start on reboot) :: [OK] WireGuard is listening on port 51820/udp

:::: Having trouble connecting? Take a look at the FAQ: :::: https://docs.pivpn.io/faq

:::: WARNING: This script should have automatically masked sensitive :::: :::: information, however, still make sure that PrivateKey, PublicKey :::: :::: and PresharedKey are masked before reporting an issue. An example key :::: :::: that you should NOT see in this log looks like this: :::: :::: YIAoJVsdIeyvXfGGDDadHh6AxsMRymZTnnzZoAb9cxRe ::::

:::: Debug complete :::: ::: ::: Debug output completed above. ::: Copy saved to /tmp/debug.log :::

600
0 + 0
lxc
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.