Must-Have OpenWrt Router Setup For Your Proxmox

Подписаться 264 тыс.

Просмотров 39 тыс.

50% 1

Installing OpenWrt on proxmox pve as a lxc container and running vpn.
○○○ LINKS ○○○
PIA Link ► novaspirit.com/QuHfY
linux containers ►images.linuxcontainers.org/im...
○○○ SHOP ○○○
Novaspirit Shop ► teespring.com/stores/novaspir...
Amazon Store ► amzn.to/2AYs3dI
0:00 intro
0:57 create network bridge
1:53 Download Openwrt Image
2:48 Install Openwrt LXC RootFS
5:07 tun passthrough
6:07 Allow openwrt webgui access
8:27 Setup LAN Interface
10:06 Setting up VPN
14:43 Testing VPN Connection
15:10 port forwarding on openwrt
16:43 Conclusion
○○○ SUPPORT ○○○
💗 Patreon ► goo.gl/xpgbzB
○○○ SOCIAL ○○○
🎮 Twitch ► / novaspirit
🎮 Pandemic Playground ► / @pandemicplayground
▶️ novaspirit tv ► goo.gl/uokXYr
🎮 Novaspirit Gaming ► / @novaspiritgaming
🐤 Twitter ► / novaspirittech
👾 Discord chat ► / discord
FB Group Novaspirit ► / novasspirittech
○○○ Send Me Stuff ○○○
Don Hui
PO BOX 765
Farmingville, NY 11738
○○○ Music ○○○
From Epidemic Sounds
patreon @ / novaspirittech
Tweet me: @ / novaspirittech
facebook: @ / novaspirittech
Instagram @ / novaspirittech
DISCLAIMER: This video and description contains affiliate links, which means that if you click on one of the product links, I’ll receive a small commission.

Наука

Опубликовано:

16 июн 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 131

@joevrolijk 6 месяцев назад

My man! Very nice video. Easy to follow.. Exactly what I needed. Thanks for this! I ran into the issue "Error: bridge 'vmbr1' does not exist". when starting up openwrt. For all the people having the same issue: The solution is to click on the 'Apply Configuration' button when creating a new Linux Bridge @ 1.37min into the video Subscribed to the channel!

@kmi3c 5 месяцев назад

Thank you kind Sir! Just save my time! 👌

@gregorywilliams4998 5 месяцев назад

Thank you@@kmi3c

@aprendainformaticagratis 3 месяца назад

Thanks for the tip, because of that missing "apply configuration" my container was not booting.

@tudorroman4372 2 месяца назад

There are not enough Like buttons for me to press !!!

@SlickNickTexas 24 дня назад

This is the answer.

@shabadabadoo4326 Месяц назад

@8:13 -- you skippped something. You have to run 'fw4 reload' after opening the port(s), and really should have opened 443 as well. You also skipped applying the configuration when creating vrbm1(someone else pointed that out in the comments, or I probably wouldn't have figured that one out)

@vapedragon983 26 дней назад

Thanks, that saved me some time

@sander-s 6 месяцев назад

Two days ago I gave up on installing OpenWRT in LXC. With your instructions I now did manage to get it running. Thanks!

@monnierobinson9210 6 месяцев назад

Nice detailed video. Currently running a complex docker stack doing the same thing with VPN and ARR utilities. Since I already have a Proxmox server, this looks much more manageable. Will set this up this weekend and test.

@SylvainMougenot 22 дня назад

Great tudo, helped me a lot. Thanks to you I was able to automate the creation of this "route via VPN" feature on proxmox with Ansible and Terraform.

@chrisumali9841 6 месяцев назад

Thanks for the demo and info, awesome video, have a great day

@74cmonty 2 месяца назад

THX for sharing this. I think it makes sense to define a dedicted host NIC and assign this to the LXC running OpenWRT as WAN with passthrough device.

@rickhendricks6458 5 месяцев назад

Great video! Love running this as a container. I struggled with opening up the webui via the wan interface, but found this openwrt forum post from jwmullally to be helpful. Literally copy paste from the container's command line and profit. This works from a clean install: uci add firewall rule uci set firewall.@rule[-1].name='Allow-Admin' uci set firewall.@rule[-1].enabled='true' uci set firewall.@rule[-1].src='wan' uci set firewall.@rule[-1].proto='tcp' uci set firewall.@rule[-1].dest_port='22 80 443' uci set firewall.@rule[-1].target='ACCEPT' uci commit firewall service firewall restart

@TheKunalParwani 5 месяцев назад

This worked!

@MatiasPajaro 5 месяцев назад

Worked perfectly 👍👍

@The101damnations 3 месяца назад

Worked for me! Thanks

@ishqem 15 дней назад

this solved everything thank you, i am able to gui now

@haydenc2742 6 месяцев назад

Good stuff...it could also be your home router as well...multi-port nics can be pass-thru to another container Pretty cool! Keep em coming!!!!

@tvojejbabkydedko 6 месяцев назад

or just make separated linux bridges

@bradnoyes7955 5 месяцев назад

I cannot start the container, fails with Error: "lxc_create_network_priv: 3427 No such device - Failed to create network device" but I can't find any information on this error. Which device 'doesn't exist'? EDIT: Ah you have to click "Apply Configuration" in the Network menu after creating vmbr1.

@shabadabadoo4326 Месяц назад

Thanks man, this helped me a ton!

@dunderstr 4 месяца назад

Hi @NovaspiritTech Thank you for the wonderful content as always. Regarding the network adapters issue, it was because you forgot to apply the network interface changes (Network bridge vmbr0) after adding the bridge. have a great day.

@dm1i 6 месяцев назад

PIA supports WireGuard as OpenWrt also does. It is much faster and easier to configure. There is no reason to use OpenVPN today except where WireGuard is not supported yet.

@NovaspiritTech 6 месяцев назад

Wireguard on pia seems to be limited to 10mbs while I'm able to achieve 20mbs with openvpn. Not sure why so I stuck with using openvpn instead

@dm1i 6 месяцев назад

@@NovaspiritTech Quite a strange move from PIA. WireGuard users require less computing power from servers, they should prioritize them. But in this case you obviously have no choice.

@ronm6585 6 месяцев назад

Thanks Don.

@stevenhughes1254 5 месяцев назад

### inside openwrt LXC - to allow network access to web interface # install nano to make life pleasant!! opkg update opkg install nano nano /etc/config/firewall config rule option src wan option dest_port 80 option proto tcp option target ACCEPT ## Save and reboot

@tehrealjono 3 месяца назад

Don’t know why but this got it working for me. Thanks man

@proof.120 3 месяца назад

this was my solution aswell. thank you

@SlickNickTexas 23 дня назад

Pin this. I spent hours debugging the issue and this fixed it.

@SlickNickTexas 22 дня назад

I think what I missed was just not doing a reboot.

@Javi.Ramirez3 5 месяцев назад

Hi Novaspirit, Great video! I use ProtonVPN and am curious if the OpenWRT setup is similar. Are there any extra packages needed to integrate ProtonVPN with OpenWRT?

@james62370 6 месяцев назад

Great info. Any fail safe or a way to confirm if your vpn disconnects to auto reconnect?

@ewenchan1239 6 месяцев назад

That last statement that you made about running ONE VM, which runs Docker, and then running your services and applications via that ONE IP address is probably THE BEST explanation as to why you might want to run the Docker (application) containers inside of a VM vs. running multiple containers, where each container runs its own, individual service. Thank you!!! I appreciate this. I never realised this.

@kitsunesuzuka1029 6 месяцев назад

Or maybe if it's possible to run those dockers in a container instead of a vm to really squeeze the size and resources than a vm

@ewenchan1239 6 месяцев назад

@@kitsunesuzuka1029 That's a possibility as well. I haven't tested that yet.

@MarkConstable 6 месяцев назад

Great video, but you should zoom in your browser for Proxmox demos by at least 125%. Not all of us have 20/20 eyesight.

@arva1kes 5 месяцев назад

There is option to open as separate window so it will be fullscreen.

@UmangPatel1995 5 месяцев назад

Amazing video series on proxmox. thank you for these helpful videos. Question: How can we put just prawlarr behind the VPN and let other containers running directly ? When I tried this way, I am not able to get other prawlarr to talk/detect other containers. I am using RDT client so I don't need that behind VPN as I am getting direct downloads. Any suggestion or help will be highly appreciated.

@Lunolux 6 месяцев назад

thx for the video

@dsb2 5 месяцев назад

A few things I had to do differently to get it working (also using PIA): 1. Don’t add the “dhcp option DNS” entries in the config file. 2. Under network>interfaces change tun0 to unmanaged and choose device: eth adapter tun0 3. Edit lan interface firewall settings to assign it to the lan zone

@boot487 5 месяцев назад

This worked perfectly! Thank you!

@gregorywilliams4998 5 месяцев назад

Thank you. It worked for me as well. @@boot487

@RuiCardona2k 5 месяцев назад

"3. Edit lan interface firewall settings to assign it to the lan zone " You mean add tun0 to the lan=>wan entry in the firewall?

@dsb2 5 месяцев назад

@@RuiCardona2k no in Network>Interfaces edit the lan interface, under firewall settings click the drop down menu to assign the lan interface to the lan firewall zone. This will allow traffic on your lan interface

@RuiCardona2k 5 месяцев назад

@@dsb2 Gotcha, that's already what it defaults to for me. Though no matter what I do even though I can connect to the VPN I just can't seem to access the test http server through the VPN

@shawnholthus5770 4 месяца назад

Do you have a document or a link to go to follow the directions you are mentioning in this video?

@bps3374 2 месяца назад

Hey as always great work here. Now my specific question. Does your LXC container run under Proxmox without hardware accelerated kvm virtualization? The standard lxc templates all run without any problems on my VPS server. I know this is a special question, I tried to build DietPi there as a container. Unfortunately without success =\

@hotrodhunk7389 6 месяцев назад

I've been thinking about doing this to put some services on different vlans... Didn't get a managed switch yet.

@fbifido2 6 месяцев назад

would it not be more secure to just use nginx proxy manager, and not put holes into the firewall?

@TheStebbi112 4 месяца назад

How would you go about moving media from the servers that are behind the virtual router to a physical NAS that's on your actual network then? 🤔

@hew34 25 дней назад

Can you explain what you are doing/why when for the tunnel? tunnel to/from what? surely if you have 2 network interfaces that's all you need? Even if not what do all the parameters mean exactly?

@paulb122 5 месяцев назад

Make a wireguard client video

@autoentropy 2 месяца назад

I have been trying to figure out a way to run a wireguard client on proxmox, and filter all traffic through openwrt/pia for weeks. End goal would be to connect to wireguard proxmox ct, have that connection all go through openwrt/pia. So far I have wireguard and openwrt/pia setup, wireguard ct runs traffic through openwrt/pia, but I am unable to connect to wireguard client remotely.

@InsaiyanTech 6 месяцев назад

Could you do a opnsense video on this been wanting try it

@paullee107 19 дней назад

This one is great!! Followed up till I press start VPN, and it doesn't start. I did modify the dhcp line - is 'dhcp-option DNS 10.0.0.241' correct??? I think it is ..

@olive8604 3 месяца назад

is there any benefit to setting up openwrt in proxmox if i already have a vpn setup on my home router going into the server?

@demanuDJ 3 месяца назад

Nice video but I'm still thinking about security issues of running OpenWrt as LXC containers instead of full VM as an edge device...

@ferferrara 4 месяца назад

Can I do the same, passing through openWRT, with a real computer as you did with the lxc container? Basically, I wanna use the openwrt lxc as a real router.

@hozefaali5801 4 дня назад

I have a 5G broadband modem which supports wifi 6 but doesn't really have a good customisation options, I'm thinking of following this approach by installing open-wrt to use the customisation options and route the traffic back to the modem to use the internet. is that achievable.

@matuschoma1003 2 месяца назад

whats the correct way of updating to newer version?

@KoljaMineralka Месяц назад

Can you make a separate video on networks how to separate your vms?

@drbyte2009 6 месяцев назад

This is a great video! I have one question, how do you update it to a newer version? I also notice in the logs, that i get TLS error: TLS Handshake failed and TLS Error: TLS key negotiation failed to occur within 60 seconds..... Any idea what might cause this

@drbyte2009 6 месяцев назад

I found my mistake, i took the wrong bridge in proxmox.... i'am also running Sophos XG as a VM and picked that bridge, should also work, but need to figure that out first

@user-ug1eo4xb7z 6 месяцев назад

I assume, with a bit of tinkering, you could use a different VPN provider. I'll give it try with the one I'm subscribed to.

@ASSASSINTwentyFour 4 месяца назад

Hey, great video as always. I got this set up and running but after a few days I found that the IP to access the openWRT UI changed. I set the wan interface to static which partially solved the issue but none of my other containers can access the internet. Any ideas? Cheers

@james62370 Месяц назад

Were you ever able to get it to work with a static IP address?

@sickjuicy 4 месяца назад

Is there a Way to make a Split tunnel for it, so I can use the router but dont want to have a device over the vpn?

@robertpool2157 5 месяцев назад

I have no internet access after setting up the LAN interface 9:20. Please help!

@autoentropy 2 месяца назад

Followed this and it worked. A few things I had to do differently to get it working (also using PIA): 1. Don’t add the “dhcp option DNS” entries in the config file. 2. Under network>interfaces change tun0 to unmanaged and choose device: eth adapter tun0 3. Edit lan interface firewall settings to assign it to the lan zone

@Riyazatron 3 месяца назад

Hi there. My wifi card can run in AP mode. How can i make openwrt make use of that? Im not 100% sure if i need to run it as a LXC container or a VM. Im comfortable installing openwrt butnakeays failed to log into gui until you told me why, the firewall rules. I appreciate thst tip! Just need the WiFi to work. My setup is a bit different. My router/firewall is OPNsense and i just purely need OpenWRT as an AP. I could always get use other AP points in roaming and mesh. Would probably use batman in openwrt but i would love to be able to use the WiFi card as an AP

@nicksparrow2428 5 месяцев назад

I've got a bit of an odd situation on my end, and I haven't been able to find a solution to it. I'm running a cluster of 4 nodes with a CEPH pool to allow for HA. I've put together the openwrt router on node 2, any CTs put in node 2 and connected to vmbr1 work perfectly, no issues. However, obviously when trying to run a CT on another node I won't be able to connected to that router. I hope I'm just missing something simple, but any ideas would be appreciated.

@james62370 Месяц назад

Were you able to find a solution for this?

@NigkonuN 5 месяцев назад

Hey I'm having a problem with Setting LAN Interface. The container I used to test does not get the ip address I given it through the openwrt Network>Interface (time stamp 9:11). Any help would be great! thank you

@autoentropy 2 месяца назад

Followed this and it worked A few things I had to do differently to get it working (also using PIA): 1. Don’t add the “dhcp option DNS” entries in the config file. 2. Under network>interfaces change tun0 to unmanaged and choose device: eth adapter tun0 3. Edit lan interface firewall settings to assign it to the lan zone

@Gregtoddtheoriginal 4 месяца назад

This might be a "dumb" or "obvious" question, but I'm new to the stuff so, bear w/ me! Does this "open my network" to the big bad internet? I'm trying to maintain locked-down security as best as I can, running anything "outward" via Cloudflare. Because this is in a CT in Proxmox, does this create a vulnerability in my network elsewhere, or just for anything on this vlan?

@RaduRadonys 21 день назад

Your physical router (the main entry to your network) is the one that decides what is open to the big bad internet. If you don't have any ports open in your physical router you're fine.

@PolarrCloud 5 месяцев назад

having troubles getting internet access through the vmbr1 adapter. in OpenWRT i see packets and data flowing through eth1 but nothing will show in the active dhcp leases section. if anyone has any pointers it would be very helpful. Thanks!

@dewey7085 2 месяца назад

im having a similar issue, did you ever figure it out?

@CrazyTheDe 2 месяца назад

Did you figure anything out? Having the same issue atm

@CrazyTheDe 2 месяца назад

Adding another reply that fixed it for me: Go to the Interface you set, hit edit and go to the firewall tab. Set the lan zone. This made it so I could get an IPv4 on the services using the vmbr1 bridge

@neonpc 5 месяцев назад

How can I change the default IP to the openwrt access and change it to a custom static ip?

@james62370 Месяц назад

Were you able to get this to work with a static IP?

@petrut_u3137 3 месяца назад

Hello! very nice video and amazing tutorials. I did this setup, but I have a problem, i use Nord VPN as my provider, and each time I turn on the VPN connection, I cannot access my virtual router through the designated ip... from LAN. I have a VM attached to that router, and from there is working. can anyone help me to figure this out, why is this happening? As soon I stop the VPN connection, I can access my router from LAN..

@Skunk_Works 5 дней назад

I’m having the exact same issue. Did you ever find a resolution?

@garytomlinson3305 3 месяца назад

How do i pass though smb?

@cwalton00 27 дней назад

Just visiting this and adding the DNS options should be dhcp-option DNS X.X.X.X you have dhcp option DNS X.X.X.X as the text. Just a heads up for anyone else struggling to get the vpn started

@javsanchez722 24 дня назад

Thanks a lot!

@SlickNickTexas 23 дня назад

This was also huge. Not sure how it worked on video but this fixed my issue.

@io-zy6xk 20 дней назад

Thanks so much! I wonder how it worked for him? huh

@paulmaydaynight9925 15 дней назад

aparently in 8.2.2 the /etc/config/firewall file doesn't exist on a clean install, how to access openwrt now,stumped... I'm trying to access/use my spare real Ethernet ports 1x10Gb as the openwrt wan/to the real existing lan-wan, + 2x5Gb ports, & 2x2.5Gb ports in this machine aka a 6 port openwrt router including the mboard port

@matthewmichael1273 3 месяца назад

I have a strange issue where once the VPN is enabled I lose HTTP access to the OpenWRT UI. I can get it back by disabling the tun0 via console, breaking the PIA connection. Are there additional rules required to retain my HTTP access via the WAN IP?

@asc3nd 14 дней назад

I have the same issue. Did you find a solution?

@Skunk_Works 5 дней назад

I am also having this issue. I assume a firewall issue since I can access via other VMs. Anyone have a solution?

@TheZawadziak 6 месяцев назад

What Linux are you working on?

@NovaspiritTech 6 месяцев назад

I'm on debian

@RufusCubano 4 месяца назад

If I add the lxc to the vmbr1 the vpn works and still have internet, but....how do you access the service if the previous local ip+port does not work anymore? Only works when I change back the vmbr1 to vmbr0

@RufusCubano 4 месяца назад

Reply to myself for those on the same situation: I have added the vmbr0 with th local ip and local ip access, and asign a static ip, and now I can access the service internaly while having public ip from the vpn

@CyKoSyS Месяц назад

@@RufusCubano THANK YOU! This had my head spinning for days. I watched Dons video a dozen times, literally frame by frame to see what I had missed. I too could not access any of the service portals after assigning vmbr1. I could not figure out how Don was able to access the portals with the 192.xx addy when the lxc container had a 10.50.xx address. Yes, I forwarded the port number to the internal 10.50.xx addy, but the fact remains the container still had a different IP! I could hit any container if I opened my test VM on vmbr1 by using the 10.50.xx IP, but not with the 192.xx IP. It took me a few tries to understand what you had done, but I finally figured it out. I added a new network to the service lxc, in this case, I named it 'deluge' I forced the same MAC that my Opensense reported, I tied it to Bridge vmbr0, gave it the same static IP I assigned it in my Opensense with a /24 CDIR, left the gateway BLANK. It worked. I get a VPN address and can access the services using the IPs I statically assigned in my Opensense. I also deleted the PORT FORWARDING entries, as they're no longer needed.

@Jibril239 3 дня назад

Does anybody else have the problem that the VPN tunnel doesn't automatically reconnects? While my ISP Router renews it's public IP address at night my vpn tries to reconnect but fails(timeout). I have to manually restart it...

@NetBandit70 6 месяцев назад

I wish OPNsense would migrate to Linux

@iuhere 6 месяцев назад

true, wish the same

@user-ol1tx9bw5l 4 месяца назад

Do you know how passthrough PCIe M.2 WIFI card to LXC OpenWRT ? If your are the awnser you'r my god !!!

@james62370 Месяц назад

Were you able to find an answer for this?

@GroovyGrovesy 6 месяцев назад

Why not use the TTeck OpenWRT VM script rather than create it yourself???

@powdersnow88 2 месяца назад

it didn't work for me

@kiptanoi4422 2 месяца назад

When I follow this video, and are about to start my CT, to config the firewall, I do get this error: failed waiting for client: timed out TASK ERROR: command '/usr/bin/termproxy 5900 --path /vms/100 --perm VM.Console -- /usr/bin/dtach -A /var/run/dtach/vzctlconsole100 -r winch -z lxc-console -n 100 -e -1' failed: exit code 1.. Any ide what that can be? And how I fix that?

@vapedragon983 26 дней назад

I've got the same issue