Chapter 6.2: Put Proxmox behind ClearOS

In ClearOS click on the menu Network -> Settings -> IP settings

ClearOS IP settings

Edit the ens19 network interface and click on Update:

  • Role: Hot LAN
  • Connection type: Static
  • IP address: 192.168.170.1
  • Netmask: 255.255.255.0
ClearOS ens19
ClearOS ens19 settings

Now the widget should look like this

ClearOS ens19 widget

Click on Network -> Infrastructure -> DHCP Server and check if the subnet for ens19 192.168.170.0 looks like this. You should’t need to edit anything.

ClearOS ens19 subnet
ClearOS ens19 subnet
ClearOS ens19 network

Click on Network -> Infrastructure -> SSH Server and click on Allow connections

ClearOS SSH allow connections

Now generate a very strong ClearOS password for the root user, it’s time to change it. ClearOS will always be exposed to internet, so choose a very very strong password.

Warning

If you do not choose very very strong passwords, specially for ClearOS, your hosting system will be vulnerable to attacks.

Click on Root -> User profile and change the ClearOS root password

ClearOS change root password
ClearOS change root password
ClearOS change root password ok

Now we need to edit the OpenVPN configuration. To do so open a new terminal window and log into ClearOS as root with this command. Remember to use the password that you just updated, not the old one.

ssh root@[ClearOS IP address]

Type this command to edit the OpenVPN configuration file:

nano /etc/openvpn/clients.conf

You need to add a line to access Proxmox and one for each site that will be hosted by your system. For the moment this lines allow up to 6 internet sites.

push “route 192.168.170.0 255.255.255.0”
push “route 192.168.180.0 255.255.255.0”
push “route 192.168.181.0 255.255.255.0”
push “route 192.168.182.0 255.255.255.0”
push “route 192.168.183.0 255.255.255.0”
push “route 192.168.184.0 255.255.255.0”
push “route 192.168.185.0 255.255.255.0”

The file now should look exactly like this except for the domain name:

ClearOS OpenVPN push networks

Go back to ClearOS and stop the OpenVPN service. Then start it again.

ClearOS stop OpenVPN
ClearOS start OpenVPN
Warning

The next steps of this chapter are extremely crucial, so follow them very carefully. Misconfiguring something now may require advanced techniques to connect back to Proxmox. Since now on triple check everything you do till the end of the chapter.

Warning

Be sure that your OpenVPN connection is working. To test it activate the OpenVPN connection and connect to ClearOS using the address https://10.8.0.1:81
If it’s working you should be ok.

Warning

Remember, again, misconfiguring something now may require advanced techniques to connect back to Proxmox.

Go to Proxmox, click on the Proxmox server in the left sidebar, then Network and double click on the vmbr0 IP address

ClearOS vbr0 IP

Delete everything but don’t touch the Bridge ports: eth0 field, type ClearOS in the Comment field, then click OK

Warning

Triple check that you did not change the Bridge ports: eth0 field

Double click on the vmbr1 IP address field

Insert this settings:

  • IP address: 192.168.170.100
  • Subnet mask: 255.255.255.0
  • Gateway:192.168.170.1
  • Comment: Proxmox
ClearOS vmbr1

Click on the ClearOS VM, then click on Options, then double click on the Start at boot field, select it and hit OK

ClearOS start at boot
ClearOS start at boot
Warning

Triple check that you did select start at boot

Double click on the Start/Shutdown order field, configure ClearOS to be the first VM to boot and hit OK

ClearOS boot order
ClearOS boot order

Now click on the ClearOS VM, then Network and triple check that your IP settings look exactly like this. Then, click on Restart

Proxmox triple check
Warning

Remember, if you made a mistake in the last steps you will require advanced techniques to connect back to Proxmox.

If you are absolutely sure that everything is correctly configured hit Yes

Proxmox restart
Warning

Since now on you will be able to connect to Proxmox only when the OpenVPN connection is active. ClearOS will act as a shield and will protect Proxmox from undesired connections.

The Proxmox server will reboot, then it will  automatically start the ClearOS virtual machine, so wait 3 or 4 of minutes. Afterwards you should be able to connect to Proxmox from this address only when the OpenVPN connection is active:

https://192.168.170.100:8006

Confirm the security exception and log into Proxmox

Proxmox confirm security exeption
Proxmox login

It’s time to change the Proxmox password too. To do so click on Datacenter -> Users -> root, then click on Password

Proxmox root password

Type in the new password and press OK

Proxmox password