You are here
Alright, so in the course of a recent update to Jellyfin on 17.1, I updated my setup to split the files off the Jellyfin VM and on to a TKL 17.1 file server.
Great Success.
Setup - All services are hosted on one of three Proxmox servers
Now the problem. The rest of my infrastructure is still TKL 16.1. Everything works from the physical LAN but any user accessing from VPN cannot access/ping the Jellyfin nor can ping the File Server. VPN connections come in on 192.168.10.X or 192.168.11.X.
All the other TKL 16.1 services continue to work fine from VPN connections.
On the off chance the third server (where I was testing the new VMs) had some mystery firewall or network config that was blocking VPN, I backed up the VM and restored it on a proxmox server alongside some of the 16.1 devices. Still no joy.
I can't help but think it is awfully coincidental the two 17.1 devices are the ones pitching a fit. I don't recall anything I did to make the 16.1 devices play nice w/ VPN connections. So what am I missing?
When its been a week and no one has a suggestion
I'm in trouble, aren't I?
Hi Timmy, no you're not in trouble...
Apologies for slow response. I'm just deep in dev mode, trying to get the shiny, new v18.0 release ready... (it's soooo close!).
As for your original question, my guess is something not quite right with your network config. So long as the networking of all servers is the same (i.e. within the same subnet - with the same subnet routing) it should "just work".
Unfortunately, lower level networking is not my strong suit so the first thing I'd be doing is comparing the Proxmox network config between these servers (by default, Proxmox manages networking for LXC guests, but it is possible to change networking within the container, but unless you explicitly configure an override, a restart will reset to Proxmox defaults) . If that appears ok, I'd move on to comparing the contents of /etc/network/interfaces of all servers. In theory they should be consistent, but perhaps not? If that checks out, then I'd net move to 'ping' to see which servers can talk to each other. Hopefully that might highlight where your network is failing.
If none of that helps, please provide a bit more info about how you have your network set up. You note that connections come in via 192.168.10.X or 192.168.11.X but you don't note what the CDIR/netmask is for that/those networks. Also, you didn't note what IP config you are using within the VPN (or perhaps I misunderstood?).
Its the dumbest things that bite you years later
Ooooooo.
I've not toyed with LXC; mine are all pure VMs. But this was the first thing I did compare was network device configurations since, if I had miss-assigned the bridge or something dumb, that would definitely give me trouble.
It was the /etc/network/interface that got me on track to the problem. The original network config was /24 netmask but when experimenting with setting up VPN some time ago, I suppose I had set it to /16 and never changed it back. The old servers w/ the correct /24 set in their static IP worked fine but the new servers were setting up with /16. This was preventing proper network handling from the 192.168.10.X/192.168.11.X VPN addresses to the 192.168.1.X network where those two new servers were concerned.
Yeah I'm not great at networking either. This sort of thing is why I stay away from VLANs and physical topology to separate the home and work networks. I'd forget things otherwise. I had a hell of a time getting VPN going so I was ill-inclined to muck around after it started working.
As a side query - Is confconsole networking pane always reporting the contents /etc/network/interfaces?
Confconsole reports from /etc/network/interfaces
Yes, Confconsole reports from /etc/network/interfaces. If you only have one interface, it will show that. If you have multiple ones, it will allow you to choose which one to configure.
And that totally sounds like something I'd do! Glad you worked it out. :)
Add new comment