OpenVPN Container in Proxmox

In diesem Forum können Sie ihre allgemeine Anfragen zu Realisierungswünschen bzw. Machbarkeiten stellen.
Anfragen zu speziellen Produkten stellen Sie bitte direkt in dem jeweiligen Unterforum.
Post Reply
Heerstrass
Posts: 2
Joined: Sun 17. Jan 2016, 11:36

OpenVPN Container in Proxmox

Post by Heerstrass »

Ich habe hier einen Proxmox Server laufen, wo ich eine Debian Container inkl OpenVPN installiert habe.
Das Tun Device ist vorhanden

Im LAN komme ich ich per 192.168.1.5 Port 1194 auf den OpenVPN einloggen.

Habe dann hier mir einem IP6 Portmapper erstellt.
Im Router ist der Port auf die IP6 Adresse weitergeleitet

Komme allerdings dann per Portmapper Adresse nicht auf den VPN

Code: Select all

Wed Dec 25 12:52:24 2019 OpenVPN 2.4.7 x86_64-w64-mingw32 [SSL (OpenSSL)] [LZO] [LZ4] [PKCS11] [AEAD] built on Feb 21 2019
Wed Dec 25 12:52:24 2019 Windows version 6.2 (Windows 8 or greater) 64bit
Wed Dec 25 12:52:24 2019 library versions: OpenSSL 1.1.0j  20 Nov 2018, LZO 2.10
Enter Management Password:
Wed Dec 25 12:52:24 2019 MANAGEMENT: TCP Socket listening on [AF_INET]127.0.0.1:25341
Wed Dec 25 12:52:24 2019 Need hold release from management interface, waiting...
Wed Dec 25 12:52:25 2019 MANAGEMENT: Client connected from [AF_INET]127.0.0.1:25341
Wed Dec 25 12:52:25 2019 MANAGEMENT: CMD 'state on'
Wed Dec 25 12:52:25 2019 MANAGEMENT: CMD 'log all on'
Wed Dec 25 12:52:25 2019 MANAGEMENT: CMD 'echo all on'
Wed Dec 25 12:52:25 2019 MANAGEMENT: CMD 'bytecount 5'
Wed Dec 25 12:52:25 2019 MANAGEMENT: CMD 'hold off'
Wed Dec 25 12:52:25 2019 MANAGEMENT: CMD 'hold release'
Wed Dec 25 12:52:25 2019 Outgoing Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Wed Dec 25 12:52:25 2019 Outgoing Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Wed Dec 25 12:52:25 2019 Incoming Control Channel Encryption: Cipher 'AES-256-CTR' initialized with 256 bit key
Wed Dec 25 12:52:25 2019 Incoming Control Channel Encryption: Using 256 bit message hash 'SHA256' for HMAC authentication
Wed Dec 25 12:52:25 2019 MANAGEMENT: >STATE:1577274745,RESOLVE,,,,,,
Wed Dec 25 12:52:25 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]185.248.148.13:13366
Wed Dec 25 12:52:25 2019 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Dec 25 12:52:25 2019 Attempting to establish TCP connection with [AF_INET]185.248.148.13:13366 [nonblock]
Wed Dec 25 12:52:25 2019 MANAGEMENT: >STATE:1577274745,TCP_CONNECT,,,,,,
Wed Dec 25 12:52:26 2019 TCP connection established with [AF_INET]185.248.148.13:13366
Wed Dec 25 12:52:26 2019 TCP_CLIENT link local: (not bound)
Wed Dec 25 12:52:26 2019 TCP_CLIENT link remote: [AF_INET]185.248.148.13:13366
Wed Dec 25 12:52:26 2019 MANAGEMENT: >STATE:1577274746,WAIT,,,,,,
Wed Dec 25 12:52:28 2019 Connection reset, restarting [-1]
Wed Dec 25 12:52:28 2019 SIGUSR1[soft,connection-reset] received, process restarting
Wed Dec 25 12:52:28 2019 MANAGEMENT: >STATE:1577274748,RECONNECTING,connection-reset,,,,,
Wed Dec 25 12:52:28 2019 Restart pause, 5 second(s)
Wed Dec 25 12:52:33 2019 MANAGEMENT: >STATE:1577274753,RESOLVE,,,,,,
Wed Dec 25 12:52:33 2019 TCP/UDP: Preserving recently used remote address: [AF_INET]185.248.148.13:13366
Wed Dec 25 12:52:33 2019 Socket Buffers: R=[65536->65536] S=[65536->65536]
Wed Dec 25 12:52:33 2019 Attempting to establish TCP connection with [AF_INET]185.248.148.13:13366 [nonblock]
Wed Dec 25 12:52:33 2019 MANAGEMENT: >STATE:1577274753,TCP_CONNECT,,,,,,
Wed Dec 25 12:52:34 2019 TCP connection established with [AF_INET]185.248.148.13:13366
Wed Dec 25 12:52:34 2019 TCP_CLIENT link local: (not bound)
Wed Dec 25 12:52:34 2019 TCP_CLIENT link remote: [AF_INET]185.248.148.13:13366
Wed Dec 25 12:52:34 2019 MANAGEMENT: >STATE:1577274754,WAIT,,,,,,
Wed Dec 25 12:52:36 2019 Connection reset, restarting [-1]
Wed Dec 25 12:52:36 2019 SIGUSR1[soft,connection-reset] received, process restarting
Wed Dec 25 12:52:36 2019 MANAGEMENT: >STATE:1577274756,RECONNECTING,connection-reset,,,,,
Wed Dec 25 12:52:36 2019 Restart pause, 5 second(s)
Im Portmapper wird der Port mir auch als "Nicht Erreichbar" angezeigt.

Wenn ich mir einen Portmapper inkl Weiterleitung auf meinen SSH Dienst lege funktioniert es auch von ausserhalb.

Das ist meine Server.conf

Code: Select all

port 1194
proto tcp
dev tun
user nobody
group nogroup
persist-key
persist-tun
keepalive 10 120
topology subnet
server 10.8.0.0 255.255.255.0
ifconfig-pool-persist ipp.txt
push "dhcp-option DNS 1.0.0.1"
push "dhcp-option DNS 1.1.1.1"
push "redirect-gateway def1 bypass-dhcp"
server-ipv6 fd42:42:42:42::/112
tun-ipv6
push tun-ipv6
push "route-ipv6 2000::/3"
push "redirect-gateway ipv6"
dh none
ecdh-curve prime256v1
tls-crypt tls-crypt.key 0
crl-verify crl.pem
ca ca.crt
cert server_QXIs6JtD1XwGLMy8.crt
key server_QXIs6JtD1XwGLMy8.key
auth SHA256
cipher AES-128-GCM
ncp-ciphers AES-128-GCM
tls-server
tls-version-min 1.2
tls-cipher TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256
status /var/log/openvpn/status.log
verb 3
Jemand eine Idee?
Deutsche Glasfaser ist mein Provider inkl Genesis Router
AndreRose
Posts: 209
Joined: Thu 25. Oct 2018, 09:38

Re: OpenVPN Container in Proxmox

Post by AndreRose »

Hallo,
der Portmapper ermöglicht einen Zugriff von IPv4 auf IPv6 Geräte.
Läuft der Debian Container unter IPv6?

In der server.conf dann bitte "proto tcp6" benutzen
mfg
André Rose
Post Reply