Must-Have OpenWrt Router Setup For Your Proxmox

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hey guys what's going on it's Don here from novas Spirit Tech and welcome back to the channel and today we are going to be installing a router inside our proxmox and running it through a VPN so let's get [Music] started now if you guys are looking for a VPN service I do use Pia in this video which is private internet access and I've vouched for them for a very long time I've been using them for almost 9 years now so if you guys are interested in signing up for our VPN use the affiliate link down in the description below because it will help the channel a lot now with that being said let's get started now moving forward for anything that we do specifically like uh installing sonar radar and all this other stuff it's imperative that we are going to do this router setup first now we are actually just running a router inside Pro boox we're not running it through the network so it will be self-contained we're also going to be using it under a container so it's a lot smaller heck you could even run this on about 8 Megs of ram if you wanted to so let's jump to the desktop now there's no easy way to really install this so it's going to be a lot of information at this one time uh mainly because yes it is a container but we have to build it from scratch uh there is no container option in proxmox where you could just download a template and have open wrt now there is a way to run a VM through the helper script that I showed you in two videos ago uh but that's a full VM and that uses a lot more resources than we need so the first thing we need to do before we build this we need to head over into networking and build a second adapter now we're going to create this and just go to Linux bridge and we're going to leave everything blank we don't need anything here we just have to create another adapter this way it actually won't be Associated to anything outside of the router now if you wanted to convert your proxmox into a router and you do have two ethernet ports you can assign this to the second ethernet port to become the land but that's a whole different thing in itself so I'm not going to be going over that now with that second uh network card in created we can now work on our container so I'm going to jump over into shell also open a new tab now you might want to save this link as well so we're going to go over to https images. Linux containers. org images and there we go I'll leave a link down in the description below for this now this website actually contains images that you can just install right into uh proxmox so most of them you can actually go over to your local and CT templates and upload them now the only image that I found that has a problem is open wrt so we have to go through the command line prompt so here I'm going to go over to open wrt find the latest version which is 23 and I'm going to use amd64 head into defaults and then I'm going to pick the latest time or the latest compile and it should be this one 1206 now in here they going to be a file called root FS I'm going to right click and copy the link because this is what we need to grab so I'm going to go back into our shell and W get and paste that image right there now I have one file called root FS so what we need to do now is create the template so from my previous video with jelly fin uh we could create templat using the PCT tool or prox container toolkit so PCT create 10 what number do I have fore 106 106 and we're going to use the root FS image we're going to have to set it unprivileged and put that as one OS type is unmanaged host name is going to be open wrt net D- net0 name and I'm going to call this Etho Z and then we're going to add the second Nick net one name equals Etho 1 and then we're going to install this onto storage and we have uh let's do local lvm so local-lvm once you hit enter it's going to create this template unprivileged mode and you're going to see a number over here at 106 pop up and there we have it open wrt is installed now we can't run it yet because we still need to configure some settings uh mainly the network because we just added Net Zero net one but we need to associate it with something so we're going to go to edit and from here I'm going to change this over to V v0 so ethernet Z will be vbr Z don't worry about this error because we're not done configuring it it's so it's going to keep popping up you see this every time I hit okay it's going to keep popping up then I could close this out and then go to this one hit edit and change this to VB vm1 hit okay and then they shouldn't have any errors now everything is all set up on this end now you can change your resources again this doesn't take much to run you could leave at 512 it doesn't even need more than 100 Megs it's very very low resource so you could just leave it like this and for the root disc 4 gigs might even be too much for this trust me when we put this together but with that being said we're going to head back into our uh shell which is the PV test not the open wrt the PV test we're going to head back into shell and one thing we do need to allocate is our tunnel we're going to Nano into Etc PVE C lxc and then it's 106c config you can see all the configures that we put in here and what we need to do is the lxc stuff lxc C group 2. devices. allow colon C1 colon 200 rwm then the next one is L xc. mount. entry colon space slev slash net and then slash Dev again and slet and then none and then bind and create equal dur this will actually allow it to use use the tunnel interface from the host so I'm going to hit that save and that should be that now we could start our open wrt now and because this is a router operating system and it's only acceptable to local networks to allow access to the website uh there's nothing I could do right now to even enter this website even though I have console access I could do IPA to get the IP information which would be 139 and say I go 1921 16810 5139 nothing will happen it won't connect to it so to resolve this problem is we have to go into the firewall settings manually through the CLI to allow external ad Port so we're going to do Nano actually there's no Nano in this so it's vi/ Etc config firewall and here are all the firewall rules so what I'm going to do is head over to the bottom there's some examples that you could just erase and I am going to do this one uh I for interacting and then I could delete oops all this and then now we could change some of this stuff so the first one says Source what we want to change this is into way uh the source IP uh we don't really need so we could actually delete this because I don't want to lock it down to one IP destination is going to be chain to destination port and this one we're actually going to do 80 or you can do 443 whichever one you want to use uh Proto call we're going to use TCP and Target is going to be accept and once you have this rule in place we're going to be able to access the website to configure open wrt so I'm going to hit Escape colon WQ to save WR and then quit and then now I should be able to hit this website again but at Port 80 so I'm going to do HTTP and then I'm just going to do Port 80 just to make sure and there we go now we have access to um Port 80 or HTTP and authorization required you can just type in anything for the password because it doesn't have a password configured so we do need to set that up so I'm going to go to password configurations and we're going to set up the password for this it could be anything you want and there we go we could dismiss this and then now we have our open wrt and as you can see there's eth0 and then Etho 1 and there's no link to it because I have nothing connected to it yet uh we could actually attach something to it and then you'll start seeing something come up on there if I head over to network interfaces so let's attach something to it so I'm going to add a new interface and I'm going to go over here and do and call this land and over here I am going to choose ethal one and protocol we're going to be static address create interface and from here we have to configure the rest we're going to have a hcp server a start limit of 100 to 150 global settings I'm going to create this as a 10. network so 10.50 50. one I'm going to keep this as the same net mask I'm going to do this just so we have only 256 IPS or 255 IPS and we could hit save now we have our land settings we're going to hit save and apply and there we have our little Network what we can do now is test this out so we have two Debian tests from our last video creating that sdn so I'm going to remove this off the network and change this from our sdn over to vb1 hit okay I don't I don't think I need to restart this it's not grabing new IP so I'm going to reboot this real quick our open wrt as soon as this comes live in the overview you should see a new HTC uh DHCP lease and there we go after the reboot oh I could have just refreshed the connection I got a uh 10.50 50220 Network and in here it's the same thing now I should be able to get internet as well so I should be able to Ping google.com and there we have it now we're not done yet we just set up the router and we allow internal traffic from our VMS to pass through this little open wrt router we set up next thing we need to do is set up vpns so what we need to do is head over to system go over to software we're going to update this list and we are going to need to install a few packages so all we need to do is search for openvpn and we are going to download openvpn op SSL so I'm going to hit install on this all right that seems to be done and then we're going to have to install open well where is it there you go Lucy app openvpn so we're going to install that as well that one will give our the GUI interface the first one is the actual package for the VPN all right now that that is done refresh the site crlr and now we have this little VPN we can go into this area and now we can actually just add our own little vpns in here so since I use private internet access we're going to search for private internet access openvpn doz all right I'm just going to click on the first one for search they do have like default configuration files which is the one I'm going to be using and it's openvpn I'll leave a link down in the description below for this exact file but I just Googled it and I was able to pull it up in here I'll open with Arc pull the location that I need so I'm in New York so I'm going to use us New York drag this over to my downloads folder so now I have this actually I didn't need to open that and then I can go back into my router and create a new connection so what I'm going to call this is Pia and then I'm going to hit browse go to downloads Us New York open and then upload now we have a new one that says Pia and we still have to edit it because we have to use our username and password so first thing we need to do is actually set up DHCP options uh there are couple of DHCP options depending on what your use case scenario for private internet access uh the main ones are 241 and 243 so we're going to do dhtp options DNS 10.0.0 241 one and DHCP options DNS 10.0.0 2 43 now what these two means it basically allows you to stream like Netflix and stuff like that through their VPN if you have their DNS support now as far as the authorized user password here's a tricky one now you see this file right over here called Etc openvpn p. off that's what we need to type in here so Etc openvpn Pia Doo and then down here is where you would actually just put your username password so it would be P1 P whatever it gives you a p username and then right underneath there you would do your password so that's how it should look like obviously you have to replace the stars with your own password but you should have everything up and running now we still can't run this yet until we create a brand new interface called tunnel so I'm going to add a new interface called ton zero and this one is just ton Z I'm creating a brand new one that's why I'm naming it this way hit enter you see ton zero ton Zer and dhcb client create interface we could leave that as it save and now we have this new area called tunnel zero we're going to head into Network go to firewall head over to the bottom where it says W I'm going to edit this and add tunnel into this area so tunnel zero will be added into this covered Network so I'm going to hit save save and apply let's apply all those changes once that is done we can go back into openvpn uh we can make sure this is enabled by default all right so all you have to do now is just hit start if everything worked properly it should say yes and then it'll give you a p ID and that's about it so now we should be tunneling everything through here now I did run into a little bit of an issue that I skipped over uh when editing this file uh the 106 config I actually put a slash here by the Dev that was like this and it's not supposed to have it and that was an issue for me I wasn't able to create the tunnel interface so now that everything is working I'm going to go over to my Deb test and I'm going to do ping Google again okay it pings back so we got internet and if I do a curl do I have that app install curl and if I do curl ifconfig doco I have an one 9196 IP address which is the same IP address you would get from Pia uh using their tunnel which means any VM that is actually associated with VM br1 is now under open wrt now if we want to host anything which we will be like sonar radar delusion all this other stuff under this open wrt uh to make sure that everything is working what I'm going to run is a real quick Python and I'm going to do python 3-m simp actually I think it's HTTP dos server 9000 and there you go I'm going to be hosting this on Port 9000 I have to head over to my open wrrt go into firewall and do a quick port forwarding to that IP address add um test and over here external Port I'm going to do 9,000 internal Port oh well internal IP will be this one 220 and internal port Port would also be 9,000 save save and apply and now that this is hosting Port 9000 I should be able to go to 1921 16810 5139 Port 9000 and there we have it this is our same folder that we are hosting right here and you can see it actually got the HTTP request and that's how you would forward Port what this means is I actually could just use one IP which is one 39 and host a lot of services do Port folding instead of having to remember five different IPS or six different IPS or however many services that we have it's all nested into one so if similar to what we would have in a Docker setup where we have a bridge and a Linux host and we only have one IP and a bunch of ports anyway that is it for setting up open wrt there's a lot of things you could do with this not just what we're doing in this environment but the reason why I chose open wrt in this form factor which is a container it's because it's really really small which I didn't even show you I'm going to jump back into desktop and go over to summary you can see I'm running this and it's only using 8 megabytes of RAM and about 21 megabytes of storage anyway if you guys got any questions about this hit me up down in the comments below and if you guys are new to this channel consider subscribing and also hit that Bell notification icon so you know when the next video is going to be out and I say my ner cave hack till it hearts

Info

Channel: Novaspirit Tech

Views: 11,092

Rating: undefined out of 5

Keywords: novaspirit, tech, proxmox, fresh install proxmox, basic steps, proxmox tips, installing proxmox, how to install proxmox, proxmox iommu, iommu, passthrough, proxmox passthrough disk, proxmox passthrough, disk passthrough, vm template, proxmox template, pve no subscription, openwrt container, openwrt, openwrt router, proxmox openwrt, openwrt lxc, pve lxc openwrt, lxc, pve, vpn, openwrt vpn

Id: 3mPbrunpjpk

Channel Id: undefined

Length: 17min 21sec (1041 seconds)

Published: Sun Dec 10 2023