To get the latest lxc templates, just run on your host:
pveupdate
I followed this guide for using Wireguard inside LXC on Proxmox. (Also helpfull)
echo "deb https://deb.debian.org/debian/ unstable main" > /etc/apt/sources.list.d/unstable.list
printf 'Package: *\nPin: release a=unstable\nPin-Priority: 90\n' > /etc/apt/preferences.d/limit-unstable
apt update
apt install wireguard
But as i ran “modprobe wireguard” I just got:
modprobe: FATAL: Module wireguard not found in directory /lib/modules/5.0.15-1-pve
So I ran “dkms autoinstall”… but no success.
Error! Your kernel headers for kernel 5.0.15-1-pve cannot be found.
Please install the linux-headers-5.0.15-1-pve package,
or use the --kernelsourcedir option to tell DKMS where it's located
As I run “apt install pve-headers” it installed new pve-headers but for a different kernel:
pve-headers pve-headers-5.0 pve-headers-5.0.21-1-pve
As expected, “modprobe wireguard” still returned
modprobe: FATAL: Module wireguard not found in directory /lib/modules/5.0.15-1-pve
So i checked my current kernel with “uname –kernel-release” and since my last reboot was about two weeks ago, it was running on 5.0.15-1-pve. So I did a reboot, checked the kernel again and now it was on 5.0.21-1-pve. So I did “dkms autoinstall” again, now with success:
Kernel preparation unnecessary for this kernel. Skipping...
Building module:
cleaning build area...
make -j4 KERNELRELEASE=5.0.21-1-pve -C /lib/modules/5.0.21-1-pve/build M=/var/lib/dkms/wireguard/0.0.20190702/build..........
cleaning build area...
DKMS: build completed.
wireguard.ko:
Running module version sanity check.
- Original module
- No original module exists within this kernel
- Installation
- Installing to /lib/modules/5.0.21-1-pve/updates/dkms/
depmod....
DKMS: install completed.
“modprobe wireguard” now returned no error. I continued the guide with:
echo "wireguard" >> /etc/modules-load.d/modules.conf
Entered my already created Debian 10 container and followed the guide:
echo "deb https://deb.debian.org/debian/ unstable main" > /etc/apt/sources.list.d/unstable-wireguard.list
printf 'Package: *\nPin: release a=unstable\nPin-Priority: 90\n' > /etc/apt/preferences.d/limit-unstable
apt update
apt-get install --no-install-recommends wireguard-tools
ip link add wg0 type wireguard
Edit: To get Wireguard working, I also had to add the TUN device to the containers config, like I did for OpenVPN as well.
You’ll find the config here: /etc/pve/lxc/container_name.conf
lxc.cgroup.devices.allow: c 10:200 rwm
lxc.hook.autodev: sh -c "modprobe tun; cd ${LXC_ROOTFS_MOUNT}/dev; mkdir net; mknod net/tun c 10 200; chmod 0666 net/tun"
Enter your OpenVPN config:
nano /etc/openvpn/server.conf
and add the following line with the local IP of your Pi-hole:
push "dhcp-option DNS 192.168.X.X"
Append the following two lines to the lxc config file on your Proxmox host.
You’ll find the config here: /etc/pve/lxc/container_name.conf
Got this info from here and it works fine.
lxc.cgroup.devices.allow: c 10:200 rwm
lxc.hook.autodev: sh -c "modprobe tun; cd ${LXC_ROOTFS_MOUNT}/dev; mkdir net; mknod net/tun c 10 200; chmod 0666 net/tun"
There is just one line necessary for the openVPN installation.
wget https://git.io/vpn -O openvpn-install.sh && bash openvpn-install.sh
If you want to add another profile, just run the installer again:
bash openvpn-install.sh
Open LXC config file in your favorite editor. In this case the container name is 101:
nano /etc/pve/lxc/101.conf
Append a single line for each mountpoint you want to add. The first mountpoint is “mp0”, the second “mp1” and so on.
mp0: /data/music,mp=/mnt/nfs/music
First the source (my zpool “data”, folowing the dataset name “music”), after that the destination inside the container beginning “mp=”.