Monthly Archives: January 2021

Proxmox share volume via NFS

The following command will allow host 192.168.1.10 to have write access and mount this volume remotely, all while identifying changes as ‘root’ – this is helpful for a container data store when you have docker running on a VM in proxmox but want to piggyback from the resilient ZFS storage in proxmox.

 

 

 

 

zfs set sharenfs="[email protected]" gdata/containers

Install TunSafe VPN on Proxmox LXC container

I’m experimenting with TunSafe which is a fork of wireguard that includes traffic obfuscation built-in. Traffic obfuscation is useful to hide VPN traffic from ISP’s network throttling which is done when network packet inspection identifies a tunnel protocol.

You will need a privileged container in proxmox.

Add this to container configuration file

lxc.mount.entry: /dev/net/tun dev/net/tun none bind,create=file


Without this setting on the configuration file of the container tunsafe will not start. Error similar to:
~# systemctl status tunsafe.service
● tunsafe.service - TunSafe service
   Loaded: loaded (/etc/systemd/system/tunsafe.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Sun 2021-01-24 19:22:59 UTC; 26s ago
  Process: 6949 ExecStart=/opt/tunsafe/tunsafe start -d /opt/tunsafe/TunSafe.conf (code=exited, status=1/FAILURE)
 Main PID: 6949 (code=exited, status=1/FAILURE)

Jan 24 19:22:59 tunsafe-gw systemd[1]: Starting TunSafe service...
Jan 24 19:22:59 tunsafe-gw tunsafe[6949]: Loading file: /opt/tunsafe/TunSafe.conf
Jan 24 19:22:59 tunsafe-gw tunsafe[6949]: Started TCP listening socket on port 443
Jan 24 19:22:59 tunsafe-gw tunsafe[6949]: Error opening tun device
Jan 24 19:22:59 tunsafe-gw systemd[1]: tunsafe.service: Main process exited, code=exited, status=1/FAILURE
Jan 24 19:22:59 tunsafe-gw systemd[1]: tunsafe.service: Failed with result 'exit-code'.
Jan 24 19:22:59 tunsafe-gw systemd[1]: Failed to start TunSafe service.