From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pve-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
	by lore.proxmox.com (Postfix) with ESMTPS id E8F821FF164
	for <inbox@lore.proxmox.com>; Wed, 23 Oct 2024 11:29:44 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id 34F331AC5E;
	Wed, 23 Oct 2024 11:30:24 +0200 (CEST)
Authentication-Results: oxsus-vadesecure.net;
 auth=pass smtp.auth=4@227832 smtp.mailfrom=cmos@maklee.com;
ARC-Seal: i=1; a=rsa-sha256; d=oxsus-vadesecure.net; s=arc-202309-rsa2048;
 t=1729323327; cv=none;
 b=RtRAFwleStiNnOizXuzb5WZNxbc6HblpFWnJIn93E0hGP8rvJq1fHNZ9JYsxnQ4mhyuzUwMczMXJKRhxfKQvvu+tE2Msn6g88clC7/YxYjl6oLseUYkGDv0/VFSOI9UCOwnCd3byzLEy0UqEJv5eFr/eNuk4cZ7CanV4kPuu0VWotifBcEnIhydc7hrWB0fcrgLktIoTYs8qvV6606Yl13P3thLpRoe6YK0N5EPB/9gS9PJJNaERpO3mSNndwFeA+s0fELnvbSjIPAiucnVx4/tiOrp6LGsPdMseHf/nuGy5WrdwZqdiSQsTyQ1gyKWpSQH+p+tr2nbjGXsZuMBV9g==
ARC-Message-Signature: i=1; a=rsa-sha256; d=oxsus-vadesecure.net;
 s=arc-202309-rsa2048; t=1729323327; c=relaxed/relaxed;
 h=from:reply-to:subject:date:to:cc:resent-date:resent-from:resent-to:resent-cc:in-reply-to:references:list-id:list-help:list-unsubscribe:list-unsubscribe-post:list-subscribe:list-post:list-owner:list-archive;
 bh=hMWEgH34esOQrCczC9JPQkwrpydx0lRzq2UKl/0T1U4=;
 b=Xts+R3lMFh80yFCfs0fcBbmMdyehM+R3ntTMK8QKBtMUFgzy4ediFYp9Ea+JoQ07jLHYTffM6yfYn7fwsO22nAJs/A4NkA4BFwUZFyPyOksAmLogfsUpz8vEfyq8AkUUnQAUmT80EeYaIGRQE3zBQlJD6mqjjK9IS6C0Ydy+MypIannLN25VcOquovtTOzg8qWQWguu0KohFVJLtYqvc3YPbEFI2cgIt3Me5bk6cpok//ghKbYBbbqkm0TbOIZrwihJEkY5sxc42w+wGZcqCv3U3YtIgn4Ofinz8kAUmXSLg1Gu7ik/MOFaLjGdvXMDF+BBKY3WnpEDv74aXZ+nEcQ==
ARC-Authentication-Results: i=1;
DKIM-Signature: v=1; a=rsa-sha256; bh=hMWEgH34esOQrCczC9JPQkwrpydx0lRzq2UKl/
 0T1U4=; c=relaxed/relaxed; d=webcom.xion.oxcs.net; h=from:reply-to:
 subject:date:to:cc:resent-date:resent-from:resent-to:resent-cc:
 in-reply-to:references:list-id:list-help:list-unsubscribe:
 list-unsubscribe-post:list-subscribe:list-post:list-owner:list-archive;
 q=dns/txt; s=mail1; t=1729323327; x=1729928127; b=kJ7UVaaCcfFSCZnowinZ0
 3a58euJAWiHdgEiDq43EqSFaT+BnwCsa7AEGJv2TEG9Cfh1ozqIFoeS7sT1bHmnGAic12Cm
 aMwTxM0W4SUU1x/7EMLWFou111Wf/gvanSGJwFnPGvoTgL6syt9El+2SqOxMXVo1i2N8+hz
 1m+VHTEJ06aQDSWy0CnegNTl0lqhrYIBTWtfDck8uiIqZqtNahFZs8PRNHIwx9Ig0CTTK3n
 5an/3v2sz29Ob1KeS/fYEjfCzIMScI08RRshUZiUMJxX383r4yixhkICHmXOEtF97Wwp0Iy
 MZmPj/u8nV14exh8qCPcIMJD/rL/OranXRP5w==
From: "Christian Moser" <cmos@maklee.com>
To: <pve-devel@lists.proxmox.com>
Date: Sat, 19 Oct 2024 10:35:24 +0300
Message-ID: <009e01db21f9$77ade520$6709af60$@maklee.com>
MIME-Version: 1.0
X-Mailer: Microsoft Outlook 16.0
Thread-Index: Adsh+MCJ6deS3lhKS1euh0xUiDJc1Q==
Content-Language: en-us
X-MS-TNEF-Correlator: 000000002DC488676618AF43BD85023538C0EABAE4E87400
X-SPAM-LEVEL: Spam detection results:  0
 ARC_SIGNED              0.001 Message has a ARC signature
 ARC_VALID               0.001 Message has a valid ARC signature
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DKIM_SIGNED               0.1 Message has a DKIM or DK signature,
 not necessarily valid
 DKIM_VALID -0.1 Message has at least one valid DKIM or DK signature
 DMARC_MISSING             0.1 Missing DMARC policy
 FORGED_SPF_HELO             1 -
 RCVD_IN_MSPIKE_H3       0.001 Good reputation (+3)
 RCVD_IN_MSPIKE_WL       0.001 Mailspike good senders
 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
 Validity was blocked. See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
 RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
 Validity was blocked. See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
 RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
 Validity was blocked. See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
 SPF_HELO_PASS          -0.001 SPF: HELO matches SPF record
 SPF_NONE                0.001 SPF: sender does not publish an SPF Record
 T_FILL_THIS_FORM_SHORT   0.01 Fill in a short form with personal information
 URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See
 http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more
 information. [wireguard.com, zx2c4.com, maklee.com, oxcs.net]
 URIBL_SBL_A 0.1 Contains URL's A record listed in the Spamhaus SBL blocklist
 [86.109.7.149]
X-Mailman-Approved-At: Wed, 23 Oct 2024 11:30:22 +0200
X-Content-Filtered-By: Mailman/MimeDel 2.1.29
Subject: [pve-devel] Unable to connect from Guest VM running on Proxmox to
 connect to internet via wireguard
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
Reply-To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Cc: Christian Moser <cmos@maklee.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: pve-devel-bounces@lists.proxmox.com
Sender: "pve-devel" <pve-devel-bounces@lists.proxmox.com>

Hello,

I have setup wireguard on my Proxmox KVM host system and I have verified the connectivity to the remote internet node (10.10.100.9
in my case). This is working fine.
But I fail to setup a network interface on the Guest VM to allow to connect from the Guest VM to this 10.10.100.9 node.
I have spent a lot of time reading through articles and I have tried setting up interfaces, bridges, port-forwaring etc., but no
luck.
Below is the wireguard info from the KVM host (which has address 192.168.32.70)

Any thoughts? any help or pointers?

thanks very much

/cmos


root@cmos04:~# systemctl status wg-quick@wg0.service
? wg-quick@wg0.service - WireGuard via wg-quick(8) for wg0
     Loaded: loaded (/lib/systemd/system/wg-quick@.service; enabled; preset: enabled)
     Active: active (exited) since Sat 2024-10-19 10:24:41 EEST; 1min 30s ago
       Docs: man:wg-quick(8)
             man:wg(8)
             https://www.wireguard.com/
             https://www.wireguard.com/quickstart/
             https://git.zx2c4.com/wireguard-tools/about/src/man/wg-quick.8
             https://git.zx2c4.com/wireguard-tools/about/src/man/wg.8
    Process: 943 ExecStart=/usr/bin/wg-quick up wg0 (code=exited, status=0/SUCCESS)
   Main PID: 943 (code=exited, status=0/SUCCESS)
        CPU: 92ms

Oct 19 10:24:41 cmos04 wg-quick[991]: [#] resolvconf -a wg0 -m 0 -x
Oct 19 10:24:41 cmos04 wg-quick[943]: [#] ip -4 route add 192.168.100.0/24 dev wg0
Oct 19 10:24:41 cmos04 wg-quick[943]: [#] ip -4 route add 172.27.224.0/24 dev wg0
Oct 19 10:24:41 cmos04 wg-quick[943]: [#] ip -4 route add 172.31.0.0/16 dev wg0
Oct 19 10:24:41 cmos04 wg-quick[943]: [#] ip -4 route add 172.30.0.0/16 dev wg0
Oct 19 10:24:41 cmos04 wg-quick[943]: [#] ip -4 route add 172.20.0.0/16 dev wg0
Oct 19 10:24:41 cmos04 wg-quick[943]: [#] ip -4 route add 172.16.0.0/16 dev wg0
Oct 19 10:24:41 cmos04 wg-quick[943]: [#] ip -4 route add 10.11.0.0/16 dev wg0
Oct 19 10:24:41 cmos04 wg-quick[943]: [#] ip -4 route add 10.10.0.0/16 dev wg0
Oct 19 10:24:41 cmos04 systemd[1]: Finished wg-quick@wg0.service - WireGuard via wg-quick(8) for wg0.

root@cmos04:~# wg show
interface: wg0
  public key: 4OWslSpjJXX7tHMHw6IQ/tHG+mjIyd+dfC9xLIfzsG4=
  private key: (hidden)
  listening port: 59096

peer: X9C7S5N5leYM40lCvKNbQ4URDuK0ZU1+m0HcTvZHPgM=
  preshared key: (hidden)
  endpoint: 148.51.229.45:51820
  allowed ips: 172.30.0.0/16, 172.31.0.0/16, 10.10.0.0/16, 10.11.0.0/16, 172.16.0.0/16, 172.20.0.0/16, 172.27.224.0/24,
192.168.100.0/24
  latest handshake: 1 minute, 34 seconds ago
  transfer: 1.14 KiB received, 1.62 KiB sent
  persistent keepalive: every 25 seconds

root@cmos04:~# telnet 10.10.100.9
Trying 10.10.100.9...
Connected to 10.10.100.9.
Escape character is '^]'.


LOBSTA (XVMS) (HP rx2800 i4  (2.13GHz/24.0MB))

                Unauthorized access prohibited.

Username: *EXIT*
Error reading command input
Connection closed by foreign host.
root@cmos04:~#

root@cmos04:~# cat /etc/network/interfaces
auto lo
iface lo inet loopback

iface enp3s0 inet manual

auto vmbr0
iface vmbr0 inet static
        address 192.168.32.70/24
        gateway 192.168.32.1
        bridge-ports enp3s0
        bridge-stp off
        bridge-fd 0

iface wlo1 inet manual

source /etc/network/interfaces.d/*
root@cmos04:~#


_______________________________________________________
Christian Moser
Mobile:    +358-40-5022105			
Email:      cmos@maklee.com
URL:       www.maklee.com

_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel