d-bis/proxmox
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4eead3e53fecdb2b7e629bb9f56b22ff92c61d2e
proxmox/reports/status/TUNNEL_ANALYSIS.md
defiQUG cb47cce074 Complete markdown files cleanup and organization 
- Organized 252 files across project
- Root directory: 187 → 2 files (98.9% reduction)
- Moved configuration guides to docs/04-configuration/
- Moved troubleshooting guides to docs/09-troubleshooting/
- Moved quick start guides to docs/01-getting-started/
- Moved reports to reports/ directory
- Archived temporary files
- Generated comprehensive reports and documentation
- Created maintenance scripts and guides

All files organized according to established standards.
2026-01-06 01:46:25 -08:00

7.6 KiB
Raw Blame History

Tunnel Configuration Analysis & Conflict Resolution

Overview

Based on .env file and tunnel configurations, here's a comprehensive analysis of all tunnels, network routing, and conflicts.

Current Network Situation

Your Machine

  • IP: 192.168.1.36/24
  • Network: 192.168.1.0/24
  • Gateway: 192.168.1.1

Proxmox Hosts (Target Network)

  • ml110-01: 192.168.11.10:8006 (Proxmox UI)
  • r630-01: 192.168.11.11:8006 (Proxmox UI)
  • r630-02: 192.168.11.12:8006 (Proxmox UI)
  • r630-03: 192.168.11.13:8006 (Proxmox UI)
  • r630-04: 192.168.11.14:8006 (Proxmox UI)
  • Network: 192.168.11.0/24

Other Services

  • Omada Controller: 192.168.11.8:8043

Problem Identified

Network Segmentation: Your machine (192.168.1.0/24) cannot directly reach Proxmox hosts (192.168.11.0/24) because they are on different network segments.

Solution: Cloudflare Tunnels

Cloudflare tunnels are configured to provide secure access to Proxmox hosts via public hostnames on the d-bis.org domain.

Note: Physical hosts use sankofa.nexus for internal DNS, but Cloudflare tunnels use d-bis.org for public access. See Domain Structure for complete domain usage.

Tunnel Infrastructure

Tunnel Container: VMID 102 on host 192.168.11.12
Container IP: Runs on the 192.168.11.0/24 network (can access all Proxmox hosts)

Configured Tunnels

Tunnel Name Public Hostname Internal Target Status
tunnel-ml110 ml110-01.d-bis.org https://192.168.11.10:8006 Active
tunnel-r630-01 r630-01.d-bis.org https://192.168.11.11:8006 Active
tunnel-r630-02 r630-02.d-bis.org https://192.168.11.12:8006 Healthy

Tunnel Configuration Details

1. ml110-01 Tunnel

  • Tunnel ID: ccd7150a-9881-4b8c-a105-9b4ead6e69a2
  • Public URL: https://ml110-01.d-bis.org
  • Internal Target: https://192.168.11.10:8006
  • Config File: /etc/cloudflared/tunnel-ml110.yml (in VMID 102)
  • Service: cloudflared-ml110.service
  • Metrics Port: 127.0.0.1:9091

2. r630-01 Tunnel

  • Tunnel ID: 4481af8f-b24c-4cd3-bdd5-f562f4c97df4
  • Public URL: https://r630-01.d-bis.org
  • Internal Target: https://192.168.11.11:8006
  • Config File: /etc/cloudflared/tunnel-r630-01.yml (in VMID 102)
  • Service: cloudflared-r630-01.service
  • Metrics Port: 127.0.0.1:9092

3. r630-02 Tunnel

  • Tunnel ID: 0876f12b-64d7-4927-9ab3-94cb6cf48af9
  • Public URL: https://r630-02.d-bis.org
  • Internal Target: https://192.168.11.12:8006
  • Config File: /etc/cloudflared/tunnel-r630-02.yml (in VMID 102)
  • Service: cloudflared-r630-02.service
  • Metrics Port: 127.0.0.1:9093

4. r630-03 Tunnel

  • Tunnel ID: <TUNNEL_ID_R630_03> (to be created)
  • Public URL: https://r630-03.d-bis.org
  • Internal Target: https://192.168.11.13:8006
  • Config File: /etc/cloudflared/tunnel-r630-03.yml (in VMID 102)
  • Service: cloudflared-r630-03.service
  • Metrics Port: 127.0.0.1:9094
  • Status: Configuration files created, tunnel creation pending

5. r630-04 Tunnel

  • Tunnel ID: <TUNNEL_ID_R630_04> (to be created)
  • Public URL: https://r630-04.d-bis.org
  • Internal Target: https://192.168.11.14:8006
  • Config File: /etc/cloudflared/tunnel-r630-04.yml (in VMID 102)
  • Service: cloudflared-r630-04.service
  • Metrics Port: 127.0.0.1:9095
  • Status: Configuration files created, tunnel creation pending

Access Methods

Method 1: Via Cloudflare Tunnel (Recommended)

Since you're on a different network, use the Cloudflare tunnel URLs:

# Access Proxmox UI via tunnel
# Your .env has PROXMOX_HOST=192.168.11.10 (ml110-01)
# Use the tunnel URL instead:

# For ml110-01 (matches your .env PROXMOX_HOST)
https://ml110-01.d-bis.org

# For r630-01
https://r630-01.d-bis.org

# For r630-02
https://r630-02.d-bis.org

# For r630-03 (pending tunnel creation)
https://r630-03.d-bis.org

# For r630-04 (pending tunnel creation)
https://r630-04.d-bis.org

Note: These URLs work from anywhere on the internet, not just your local network!

Method 2: Update list_vms.py to Use Tunnel URLs

You can modify the script to use tunnel URLs when direct connection fails:

# In list_vms.py, add tunnel URL mapping:
TUNNEL_URLS = {
    '192.168.11.10': 'ml110-01.d-bis.org',
    '192.168.11.11': 'r630-01.d-bis.org',
    '192.168.11.12': 'r630-02.d-bis.org',
}

However, the Proxmox API still needs to connect to the internal IP, so this won't work directly.

Method 3: SSH Tunnel (If SSH Access Available)

If you can SSH to a machine on the 192.168.11.0/24 network:

# Create SSH tunnel
ssh -L 8006:192.168.11.10:8006 user@gateway-machine

# Then use localhost
PROXMOX_HOST=localhost python3 list_vms.py

Conflicts & Issues

1. Network Segmentation Conflict

  • Issue: Direct connection from 192.168.1.0/24 to 192.168.11.0/24 not possible
  • Impact: Cannot use list_vms.py directly with internal IPs
  • Solution: Use Cloudflare tunnels or SSH tunnel

2. Port Conflicts

  • No conflicts detected: Each tunnel uses different metrics ports (9091, 9092, 9093)
  • All tunnels target port 8006: This is correct - they route to different hosts

3. Tunnel Container Location

  • Current: VMID 102 on 192.168.11.12
  • Status: Correct location - can access all Proxmox hosts on 192.168.11.0/24

4. .env Configuration

  • PROXMOX_HOST: 192.168.11.10 (ml110-01)
  • Issue: Not reachable from your network
  • Solution: Access via https://ml110-01.d-bis.org (tunnel URL)

Recommended Solutions

Option 1: Use Cloudflare Tunnel for Web Access

Access Proxmox UI via browser:

https://ml110-01.d-bis.org

Option 2: Create SSH Tunnel Script

Create a helper script that sets up SSH tunnel:

#!/bin/bash
# ssh-tunnel-proxmox.sh
ssh -L 8006:192.168.11.10:8006 -N user@192.168.11.10 &
TUNNEL_PID=$!
echo "Tunnel PID: $TUNNEL_PID"
export PROXMOX_HOST=localhost
python3 list_vms.py
kill $TUNNEL_PID

Option 3: Run Script from Proxmox Network

Copy scripts to a machine on 192.168.11.0/24 network and run there.

Option 4: Use Shell Script via SSH

If you have SSH access to Proxmox host:

export PROXMOX_HOST=192.168.11.10
export PROXMOX_USER=root
./list_vms.sh

Tunnel Management Commands

Check Tunnel Status

# SSH to tunnel container host
ssh root@192.168.11.12 "pct exec 102 -- systemctl status cloudflared-*"

Restart Tunnels

ssh root@192.168.11.12 "pct exec 102 -- systemctl restart cloudflared-*"

View Tunnel Logs

ssh root@192.168.11.12 "pct exec 102 -- journalctl -u cloudflared-* -f"

Check Tunnel Health

# Test tunnel URLs
curl -I https://ml110-01.d-bis.org
curl -I https://r630-01.d-bis.org
curl -I https://r630-02.d-bis.org

Configuration Files Location

All tunnel configurations are in VMID 102:

  • Configs: /etc/cloudflared/tunnel-*.yml
  • Credentials: /etc/cloudflared/credentials-*.json
  • Services: /etc/systemd/system/cloudflared-*.service

Summary

Tunnels are configured correctly
No port conflicts
Tunnels provide access from any network
⚠️ Direct API access blocked by network segmentation
Solution: Use Cloudflare tunnel URLs or SSH tunnel

Next Steps

  1. For Web Access: Use https://ml110-01.d-bis.org in browser
  2. For API Access: Set up SSH tunnel or run script from Proxmox network
  3. For Automation: Consider creating a wrapper script that uses tunnels
Reference in New Issue View Git Blame Copy Permalink