Proxmox allows to create and manage virtual servers easily. It comes with a Web console and command-line tools.
But, what if you need to control virtual machines from remote locations?
Luckily, Proxmox allow remote access. But, that require additional changes in the configuration.
At Bobcares, we often get requests from customers to setup Proxmox as part of our Technical Support Services.
Today, we’ll see how our Support Engineers securely setup Proxmox remote access and fix common issues with it.
Why we need remote access in Proxmox?
Usually, Proxmox servers run without a monitor and keyboard after installation. But, to manage the virtual servers, we need to access Proxmox first. That is where the Proxmox remote access helps. It comes with multiple ways of remote access including Web console access on port 8006, via SSH, etc.
How to enable Proxmox remote access ?
Again, giving direct access to your Proxmox server can be a security risk. If a hacker can connect to the Proxmox server, he can create problems with all virtual servers in it. Or in other words, this will have a wide impact.
Let’s now see how our Support Engineers effectively setup Proxmox remote access considering all security needs.
1. Web console
Firstly, Proxmox provides a web console access on port 8006 of the server. To make this port working, we need to add proper rules in the server firewall. That is why, our Dedicated Engineers add the firewall rules that open port 8006. But, we ensure that the web interface is accessible only to certain trusted IP addresses.
For example, to make web interface accessible from a specific IP xx.xx.xx.xx, we add it as per the format:
iptables -I INPUT -p tcp -s xx.xx.xx.xx --dport 8006 -j ACCEPT
Again, we ensure that the port is open in the router firewall too.
2. Via SSH
Another method for Proxmox remote access is via SSH.
In Proxmox, SSH server is installed and available by default. This means, to access the Proxmox VE server, we just start an SSH session from any computer on the same network:
ssh root@<ProxmoxIP>
We, then enter the password that was created at the time of Proxmox installation.
3. Via VPN
Similarly, secure Proxmox remote access also works via Virtual Private Network (VPN). This method has wide acceptance due to the additional security features in VPN.
Here, our Security Engineers first setup a VPN server and then allow access to the Proxmox host from that VPN. In this way, we can avoid access to the hypervisor from the internet.
To connect to the Proxmox server, we use a VPN client installed on the remote computer. Again, since we connect via VPN, we can use additional password for the VPN access too.
Common errors and fixes for Proxmox remote access
From our experience in managing Proxmox servers, we often see customers having problems with remote access. Let’s now see how we typically fix them.
1. Bad firewall
Usually, a typical reason for problems with Proxmox remote access will be related to firewall.
Recently, a customer reported problems with remote access. He had set proper redirect rules for Proxmox port. However, it was failing and he could not connect.
Here, our Support Engineers first checked the firewall rules on the server and found that they were working. Unfortunately, the Internet Service provider router was causing the problem. So, to fix, we had to work with customer’s ISP and open the necessary ports like 8006, 3128, etc.
2. Incorrect Proxmox settings
Similarly, Proxmox settings can also affect remote connection. For example, after creation of Windows virtual machines, remote access can fail due to the selection of bad network device.
To fix this, our Dedicated Engineers first connect to in Proxmox. Then, we ensure that the VM is set to have a network device under the Hardware tab in “Bridged mode“. Further, we go in to the Windows VM and check if the network device is showing up in the Device Manager. Also, we set the correct IP address on the virtual machine.
[Need help in ensuring best security practices for your Proxmox server? We can help you.]
Conclusion
In short, Proxmox remote access can be setup with only few steps. But, not using proper security measures can be a serious threat. Today, we saw how our Support Engineers secure Proxmox remote access and fix common errors with it.
great very helpful tips to secure proxmox