Thank you kind Sir! Just save my time! 👌

Thank you@@kmi3c

Thanks for the tip, because of that missing "apply configuration" my container was not booting.

There are not enough Like buttons for me to press !!!

This is the answer.

Thanks, that saved me some time

thank you! I figured out the config part on my own, then spent 15ish minutes trying to figure out the fw4 reload

Thanks!

Thanks!

omg thank you so much, I was going crazy trying to figure out what I missed

Thanks man, this helped me a ton!

I missed it too - this one should probably be at the top :D

I knew I will find the answer in the comments

Followed this and it worked. A few things I had to do differently to get it working (also using PIA): 1. Don’t add the “dhcp option DNS” entries in the config file. 2. Under network>interfaces change tun0 to unmanaged and choose device: eth adapter tun0 3. Edit lan interface firewall settings to assign it to the lan zone

Thanks a lot!

This was also huge. Not sure how it worked on video but this fixed my issue.

Thanks so much! I wonder how it worked for him? huh

This absolutely needs to be higher up. Without this comment, I would've given up. Thanks @cwalton00.

huge.

Wireguard on pia seems to be limited to 10mbs while I'm able to achieve 20mbs with openvpn. Not sure why so I stuck with using openvpn instead

​@@NovaspiritTech Quite a strange move from PIA. WireGuard users require less computing power from servers, they should prioritize them. But in this case you obviously have no choice.

Or maybe if it's possible to run those dockers in a container instead of a vm to really squeeze the size and resources than a vm

@@kitsunesuzuka1029 That's a possibility as well. I haven't tested that yet.

Followed this and it worked A few things I had to do differently to get it working (also using PIA): 1. Don’t add the “dhcp option DNS” entries in the config file. 2. Under network>interfaces change tun0 to unmanaged and choose device: eth adapter tun0 3. Edit lan interface firewall settings to assign it to the lan zone

In the LAN interface that you created you need to assign it to a firewall group. Return to the interface, and assign the interface to the lan group.

This worked!

Worked perfectly 👍👍

Worked for me! Thanks

this solved everything thank you, i am able to gui now

Dude, thank you, as a complete PVE noob, followed Don's instructions to the letter, refused connection. Copy and pasted this and I'm in!

im having a similar issue, did you ever figure it out?

Did you figure anything out? Having the same issue atm

Adding another reply that fixed it for me: Go to the Interface you set, hit edit and go to the firewall tab. Set the lan zone. This made it so I could get an IPv4 on the services using the vmbr1 bridge

@@CrazyTheDe Huge, that was the trick

or just make separated linux bridges

i have retried on the same server setting up a 2nd lxc and even used the original rootfs file. the common theme i keep seeing is when i create tun0... it shws as "Error: Network device is not present".

@@markdickey7807 I've found the typo. On the Video he missed to type "-" in: dhcp-options DNS 10.0.0.241 so in console log the error occur, author should definetly write consistently the instructions...

@@krysc4d thanks but didn't help - just retried on a new system. i get to the point of starting the PIA. I don't think at this point it is a PIA issue, because it tells me "Tun0" interface doesn't exist back in network interfaces. i restarted the interface and still nothing

@@markdickey7807 did you found a solution? I'm stucked at same point

@@moonfall84 yes - i found a solution. you have to change ownership of tunnel in your pve host. "chown 100000:100000 /dev/net/tun" i just found this solution like YESTERDAY

Were you able to get this to work with a static IP?

Found a solution to that?

This worked perfectly! Thank you!

Thank you. It worked for me as well. @@boot487

"3. Edit lan interface firewall settings to assign it to the lan zone " You mean add tun0 to the lan=>wan entry in the firewall?

@@RuiCardona2k no in Network>Interfaces edit the lan interface, under firewall settings click the drop down menu to assign the lan interface to the lan firewall zone. This will allow traffic on your lan interface

@@dsb2 Gotcha, that's already what it defaults to for me. Though no matter what I do even though I can connect to the VPN I just can't seem to access the test http server through the VPN

Were you able to find a solution for this?

I have the same issue. Did you find a solution?

I am also having this issue. I assume a firewall issue since I can access via other VMs. Anyone have a solution?

I am also having this issue. As soon as I enable the PIA VPN and save, the web interface tanks. I posted on OpenWRT about this, but since this is a fork, they blew me off.

Reply to myself for those on the same situation: I have added the vmbr0 with th local ip and local ip access, and asign a static ip, and now I can access the service internaly while having public ip from the vpn

@@RufusCubano THANK YOU! This had my head spinning for days. I watched Dons video a dozen times, literally frame by frame to see what I had missed. I too could not access any of the service portals after assigning vmbr1. I could not figure out how Don was able to access the portals with the 192.xx addy when the lxc container had a 10.50.xx address. Yes, I forwarded the port number to the internal 10.50.xx addy, but the fact remains the container still had a different IP! I could hit any container if I opened my test VM on vmbr1 by using the 10.50.xx IP, but not with the 192.xx IP. It took me a few tries to understand what you had done, but I finally figured it out. I added a new network to the service lxc, in this case, I named it 'deluge' I forced the same MAC that my Opensense reported, I tied it to Bridge vmbr0, gave it the same static IP I assigned it in my Opensense with a /24 CDIR, left the gateway BLANK. It worked. I get a VPN address and can access the services using the IPs I statically assigned in my Opensense. I also deleted the PORT FORWARDING entries, as they're no longer needed.

Not really as OpenWRT doesn't make any use of hardware offload

I tried to work out a few solutions with ChatGPT. The suggestions, which all failed, were: 1. firewall rules : forwarding 10.50.50.1/24 to 192.168.0.1/24 2. IP Masquarading 3. policy routing It all sounds logical, but it just doesn't work. I probably have a major thinking error somewhere.

Your physical router (the main entry to your network) is the one that decides what is open to the big bad internet. If you don't have any ports open in your physical router you're fine.

How did you manage to get it working? openvpn doesn't start ?

@@alainsoppe6397 I ended up ditching this completely as I couldn't make it work.

There is option to open as separate window so it will be fullscreen.

fixed it for anyone else having the issue login as root

Wanting to do the same, did you figure it out? I was going to recreate the container, but perhaps there's an easier / better way.

I've got the same issue

Same issue here

I deleted the container and remade it with the hostname set to openwrt-lxc and everything worked. I think it’s because I had already installed the tteck OpenWRT VM with that hostname.

Nevermind. Has something to do with being unprivileged. Adding the line: features: nesting=1 above the two lines he tells you to add fixed it for some reason.

I found my mistake, i took the wrong bridge in proxmox.... i'am also running Sophos XG as a VM and picked that bridge, should also work, but need to figure that out first

Hi Did yo get this working?

I have been trying to figure out a way to run a wireguard client on proxmox, and filter all traffic through openwrt/pia for weeks. End goal would be to connect to wireguard proxmox ct, have that connection all go through openwrt/pia. So far I have wireguard and openwrt/pia setup, wireguard ct runs traffic through openwrt/pia, but I am unable to connect to wireguard client remotely.

Good question. I'm guessing we need to create a new container with rootfs tar ball. For full firmware image upgrades, the sysupgrade package is the way to go.

Hi did you manage to get this working?

Yes, it came down to OpenWRT and my PC being on different VLANs. Just needed to create a static route from the PC VLAN to OpenWRTs VLAN. If you want more info I’d be happy to share.

I’m having the exact same issue. Did you ever find a resolution?

Hi Mate, I got mine set on pfsense (proton connected using openvpn) and use openwrt just for the wifi part

Were you able to find an answer for this?

it didn't work for me

I tried it and got to the point of starting the VM. It errored out saying vmbr1 doesn't exist even though I have applied the configuration.

Use Proxmox as the "man in the middle" for the container, it doesn't need to know that that mounted path is from another network; it should work

@@ericdemers7368 I've moved on to Gluetun and OMV, pass through usb to OMV and have it shared on the network with SMB

I'm on debian

Don’t know why but this got it working for me. Thanks man

this was my solution aswell. thank you

Pin this. I spent hours debugging the issue and this fixed it.

I think what I missed was just not doing a reboot.

Thank you Steven

Also, if anyone is using NordVPN, they have a solid guide for this exact process, just search OpenWrt setup with NordVPN

THANKS!

true, wish the same

i think go back into pve network , and click apply configuration ?

@@martinottolangui4667 Thank You! I've spent hours trying to figure that out!