Bobcares

Proxmox remote access – Here’s how to secure it

by | Mar 11, 2019

Proxmox allows to create and manage virtual servers easily. It comes with a Web console and command-line tools.

But, what if you need to control virtual machines from remote locations?

Luckily, Proxmox allow remote access. But, that require additional changes in the configuration.

At Bobcares, we often get requests from customers to setup Proxmox as part of our Technical Support Services.

Today, we’ll see how our Support Engineers securely setup Proxmox remote access and fix common issues with it.

 

Why we need remote access in Proxmox?

Usually, Proxmox servers run without a monitor and keyboard after installation. But, to manage the virtual servers, we need to access Proxmox first. That is where the Proxmox remote access helps. It comes with multiple ways of remote access including Web console access on port 8006, via SSH, etc.

 

How to enable Proxmox remote access ?

Again, giving direct access to your Proxmox server can be a security risk. If a hacker can connect to the Proxmox server, he can create problems with all virtual servers in it. Or in other words, this will have a wide impact.

Let’s now see how our Support Engineers effectively setup Proxmox remote access considering all security needs.

 

1. Web console

Firstly, Proxmox provides a web console access on port 8006 of the server. To make this port working, we need to add proper rules in the server firewall. That is why, our Dedicated Engineers add the firewall rules that open port 8006. But, we ensure that the web interface is accessible only to certain trusted IP addresses.

For example, to make web interface accessible from a specific IP xx.xx.xx.xx, we add it as per the format:

iptables -I INPUT -p tcp -s xx.xx.xx.xx --dport 8006 -j ACCEPT

Again, we ensure that the port is open in the router firewall too.

 

2. Via SSH

Another method for Proxmox remote access is via SSH.

In Proxmox, SSH server is installed and available by default. This means, to access the Proxmox VE server, we just start an SSH session from any computer on the same network:

ssh root@<ProxmoxIP>

We, then enter the password that was created at the time of Proxmox installation.

 

3. Via VPN

Similarly, secure Proxmox remote access also works via Virtual Private Network (VPN). This method has wide acceptance due to the additional security features in VPN.

Here, our Security Engineers first setup a VPN server and then allow access to the Proxmox host from that VPN. In this way, we can avoid access to the hypervisor from the internet.

To connect to the Proxmox server, we use a VPN client installed on the remote computer.  Again, since we connect via VPN, we can use additional password for the VPN access too.

 

Common errors and fixes for Proxmox remote access

From our experience in managing Proxmox servers, we often see customers having problems with remote access. Let’s now see how we typically fix them.

 

1. Bad firewall

Usually, a typical reason for problems with Proxmox remote access will be related to firewall.

Recently, a customer reported problems with remote access. He had set proper redirect rules for Proxmox port. However, it was failing and he could not connect.

Here, our Support Engineers first checked the firewall rules on the server and found that they were working. Unfortunately, the Internet Service provider router was causing the problem. So, to fix, we had to work with customer’s ISP and open the necessary ports like 8006, 3128, etc.

 

2. Incorrect Proxmox settings

Similarly, Proxmox settings can also affect remote connection. For example, after creation of Windows virtual machines, remote access can fail due to the selection of bad network device.

To fix this, our Dedicated Engineers first connect to in Proxmox. Then, we ensure that the VM is set to have a network device under the Hardware tab in “Bridged mode“. Further, we go in to the Windows VM and check if the network device is showing up in the Device Manager. Also, we set the correct IP address on the virtual machine.

[Need help in ensuring best security practices for your Proxmox server? We can help you.]

 

Conclusion

In short, Proxmox remote access can be setup with only few steps. But, not using proper security measures can be a serious threat. Today, we saw how our Support Engineers secure Proxmox remote access and fix common errors with it.

PREVENT YOUR SERVER FROM CRASHING!

Never again lose customers to poor server speed! Let us help you.

Our server experts will monitor & maintain your server 24/7 so that it remains lightning fast and secure.

GET STARTED

var google_conversion_label = "owonCMyG5nEQ0aD71QM";

1 Comment

  1. zack

    great very helpful tips to secure proxmox

    Reply

Submit a Comment

Your email address will not be published. Required fields are marked *

Never again lose customers to poor
server speed! Let us help you.

Privacy Preference Center

Necessary

Necessary cookies help make a website usable by enabling basic functions like page navigation and access to secure areas of the website. The website cannot function properly without these cookies.

PHPSESSID - Preserves user session state across page requests.

gdpr[consent_types] - Used to store user consents.

gdpr[allowed_cookies] - Used to store user allowed cookies.

PHPSESSID, gdpr[consent_types], gdpr[allowed_cookies]
PHPSESSID
WHMCSpKDlPzh2chML

Statistics

Statistic cookies help website owners to understand how visitors interact with websites by collecting and reporting information anonymously.

_ga - Preserves user session state across page requests.

_gat - Used by Google Analytics to throttle request rate

_gid - Registers a unique ID that is used to generate statistical data on how you use the website.

smartlookCookie - Used to collect user device and location information of the site visitors to improve the websites User Experience.

_ga, _gat, _gid
_ga, _gat, _gid
smartlookCookie
_clck, _clsk, CLID, ANONCHK, MR, MUID, SM

Marketing

Marketing cookies are used to track visitors across websites. The intention is to display ads that are relevant and engaging for the individual user and thereby more valuable for publishers and third party advertisers.

IDE - Used by Google DoubleClick to register and report the website user's actions after viewing or clicking one of the advertiser's ads with the purpose of measuring the efficacy of an ad and to present targeted ads to the user.

test_cookie - Used to check if the user's browser supports cookies.

1P_JAR - Google cookie. These cookies are used to collect website statistics and track conversion rates.

NID - Registers a unique ID that identifies a returning user's device. The ID is used for serving ads that are most relevant to the user.

DV - Google ad personalisation

_reb2bgeo - The visitor's geographical location

_reb2bloaded - Whether or not the script loaded for the visitor

_reb2bref - The referring URL for the visit

_reb2bsessionID - The visitor's RB2B session ID

_reb2buid - The visitor's RB2B user ID

IDE, test_cookie, 1P_JAR, NID, DV, NID
IDE, test_cookie
1P_JAR, NID, DV
NID
hblid
_reb2bgeo, _reb2bloaded, _reb2bref, _reb2bsessionID, _reb2buid

Security

These are essential site cookies, used by the google reCAPTCHA. These cookies use an unique identifier to verify if a visitor is human or a bot.

SID, APISID, HSID, NID, PREF
SID, APISID, HSID, NID, PREF