LinuxCommandLibrary

qm-mtunnel

Create secure tunnels for Proxmox migrations

TLDR

Command used by qmigrate during data migration from a VM to another host

$ qm mtunnel
copy

SYNOPSIS

qm-mtunnel options

PARAMETERS

--help
    Displays help information.

--port port
    Specifies the port to use for the tunnel. Default is 8006.

--user user
    Specifies the username for SSH authentication.

--host hostname
    Specifies the hostname or IP address of the remote Proxmox Mail Gateway server.

--local-address ipaddress
    Local address to bind to.

--remote-address ipaddress
    Remote address to forward to.

--keyfile path
    Specifies the path to the SSH private key file.

--debug
    Enable debug output.

--daemon
    Run in daemon mode.

DESCRIPTION

The qm-mtunnel command, part of the Proxmox Mail Gateway suite, establishes a secure tunnel for communication with a remote Proxmox Mail Gateway instance. It facilitates encrypted data transfer, enabling secure remote administration, configuration management, and message queuing replication across networks. It is usually used for cluster setup.

The primary use case involves setting up a cluster between two Proxmox Mail Gateway installations across a firewall or network boundary where direct access isn't feasible or secure. By creating a tunnel, administrators can bypass firewall restrictions and implement secure, authenticated communication. This facilitates functions like remote monitoring, configuration synchronization, and message flow control, vital for distributed Proxmox Mail Gateway deployments.

The command relies on SSH to create a secure, authenticated, and encrypted channel. The command simplifies the complexity of manually configuring SSH tunnels for Proxmox Mail Gateway management. Proper usage of this tool requires a functioning SSH installation, including pre-shared keys or password-based authentication for the involved hosts.

CAVEATS

Incorrect usage can lead to security vulnerabilities or communication failures. Ensure SSH is properly configured and the specified user has the necessary permissions. Firewalls may interfere with tunnel establishment; review firewall rules as needed.

The command needs SSH to be properly configured for the tunnel to function. Key-based authentication is highly recommended for security reasons.

EXAMPLE USAGE

To create a tunnel to host 'remote.example.com' with user 'admin' using key based authentication and port 8006, run:
qm-mtunnel --host remote.example.com --user admin --keyfile /root/.ssh/id_rsa

TROUBLESHOOTING

If the tunnel fails to establish, check the following:
1. Ensure SSH is configured correctly on both local and remote machines.
2. Verify that the specified user has the necessary permissions on the remote machine.
3. Check firewall rules on both local and remote networks.
4. Examine the debug output (using the --debug option) for error messages.

HISTORY

The qm-mtunnel command was introduced as part of the Proxmox Mail Gateway suite to simplify the setup and management of secure communication channels between Proxmox Mail Gateway instances, specifically for cluster configurations. It addresses the need for secure remote access and data transfer, eliminating the complexity of manual SSH tunnel setup. Development focused on ease of use and security, making it a critical tool for distributed Proxmox Mail Gateway environments. The command is actively maintained and updated with the Proxmox Mail Gateway releases.

SEE ALSO

ssh(1), sshd(8), qm(1)

Copied to clipboard