Chapter 6.2: Put Proxmox behind ClearOS

In ClearOS click on the menu Network -> Settings -> IP settings

Edit the ens19 network interface and click on Update:

Role: Hot LAN
Connection type: Static
IP address: 192.168.170.1
Netmask: 255.255.255.0

Now the widget should look like this

Click on Network -> Infrastructure -> DHCP Server and check if the subnet for ens19 192.168.170.0 looks like this. You should’t need to edit anything.

Click on Network -> Infrastructure -> SSH Server and click on Allow connections

Now generate a very strong ClearOS password for the root user, it’s time to change it. ClearOS will always be exposed to internet, so choose a very very strong password.

Warning

If you do not choose very very strong passwords, specially for ClearOS, your hosting system will be vulnerable to attacks.

Click on Root -> User profile and change the ClearOS root password

Now we need to edit the OpenVPN configuration. To do so open a new terminal window and log into ClearOS as root with this command. Remember to use the password that you just updated, not the old one.

ssh root@[ClearOS IP address]

Type this command to edit the OpenVPN configuration file:

nano /etc/openvpn/clients.conf

You need to add a line to access Proxmox and one for each site that will be hosted by your system. For the moment this lines allow up to 6 internet sites.

push “route 192.168.170.0 255.255.255.0”
push “route 192.168.180.0 255.255.255.0”
push “route 192.168.181.0 255.255.255.0”
push “route 192.168.182.0 255.255.255.0”
push “route 192.168.183.0 255.255.255.0”
push “route 192.168.184.0 255.255.255.0”
push “route 192.168.185.0 255.255.255.0”

The file now should look exactly like this except for the domain name:

Go back to ClearOS and stop the OpenVPN service. Then start it again.

Warning

The next steps of this chapter are extremely crucial, so follow them very carefully. Misconfiguring something now may require advanced techniques to connect back to Proxmox. Since now on triple check everything you do till the end of the chapter.

Warning

Be sure that your OpenVPN connection is working. To test it activate the OpenVPN connection and connect to ClearOS using the address https://10.8.0.1:81
If it’s working you should be ok.

Warning

Remember, again, misconfiguring something now may require advanced techniques to connect back to Proxmox.

Go to Proxmox, click on the Proxmox server in the left sidebar, then Network and double click on the vmbr0 IP address

Delete everything but don’t touch the Bridge ports: eth0 field, type ClearOS in the Comment field, then click OK

Warning

Triple check that you did not change the Bridge ports: eth0 field

Double click on the vmbr1 IP address field

Insert this settings:

IP address: 192.168.170.100
Subnet mask: 255.255.255.0
Gateway:192.168.170.1
Comment: Proxmox

Click on the ClearOS VM, then click on Options, then double click on the Start at boot field, select it and hit OK

Warning

Triple check that you did select start at boot

Double click on the Start/Shutdown order field, configure ClearOS to be the first VM to boot and hit OK

Now click on the ClearOS VM, then Network and triple check that your IP settings look exactly like this. Then, click on Restart

Warning

Remember, if you made a mistake in the last steps you will require advanced techniques to connect back to Proxmox.

If you are absolutely sure that everything is correctly configured hit Yes

Warning

Since now on you will be able to connect to Proxmox only when the OpenVPN connection is active. ClearOS will act as a shield and will protect Proxmox from undesired connections.

The Proxmox server will reboot, then it will automatically start the ClearOS virtual machine, so wait 3 or 4 of minutes. Afterwards you should be able to connect to Proxmox from this address only when the OpenVPN connection is active:

https://192.168.170.100:8006

Confirm the security exception and log into Proxmox