qm-mtunnel
Create secure tunnels for Proxmox migrations
TLDR
Command used by qmigrate during data migration from a VM to another host
SYNOPSIS
qm-mtunnel options
PARAMETERS
--help
Displays help information.
--port port
Specifies the port to use for the tunnel. Default is 8006.
--user user
Specifies the username for SSH authentication.
--host hostname
Specifies the hostname or IP address of the remote Proxmox Mail Gateway server.
--local-address ipaddress
Local address to bind to.
--remote-address ipaddress
Remote address to forward to.
--keyfile path
Specifies the path to the SSH private key file.
--debug
Enable debug output.
--daemon
Run in daemon mode.
DESCRIPTION
The qm-mtunnel command, part of the Proxmox Mail Gateway suite, establishes a secure tunnel for communication with a remote Proxmox Mail Gateway instance. It facilitates encrypted data transfer, enabling secure remote administration, configuration management, and message queuing replication across networks. It is usually used for cluster setup.
The primary use case involves setting up a cluster between two Proxmox Mail Gateway installations across a firewall or network boundary where direct access isn't feasible or secure. By creating a tunnel, administrators can bypass firewall restrictions and implement secure, authenticated communication. This facilitates functions like remote monitoring, configuration synchronization, and message flow control, vital for distributed Proxmox Mail Gateway deployments.
The command relies on SSH to create a secure, authenticated, and encrypted channel. The command simplifies the complexity of manually configuring SSH tunnels for Proxmox Mail Gateway management. Proper usage of this tool requires a functioning SSH installation, including pre-shared keys or password-based authentication for the involved hosts.
CAVEATS
Incorrect usage can lead to security vulnerabilities or communication failures. Ensure SSH is properly configured and the specified user has the necessary permissions. Firewalls may interfere with tunnel establishment; review firewall rules as needed.
The command needs SSH to be properly configured for the tunnel to function. Key-based authentication is highly recommended for security reasons.
EXAMPLE USAGE
To create a tunnel to host 'remote.example.com' with user 'admin' using key based authentication and port 8006, run: qm-mtunnel --host remote.example.com --user admin --keyfile /root/.ssh/id_rsa
TROUBLESHOOTING
If the tunnel fails to establish, check the following:
1. Ensure SSH is configured correctly on both local and remote machines.
2. Verify that the specified user has the necessary permissions on the remote machine.
3. Check firewall rules on both local and remote networks.
4. Examine the debug output (using the --debug
option) for error messages.
HISTORY
The qm-mtunnel command was introduced as part of the Proxmox Mail Gateway suite to simplify the setup and management of secure communication channels between Proxmox Mail Gateway instances, specifically for cluster configurations. It addresses the need for secure remote access and data transfer, eliminating the complexity of manual SSH tunnel setup. Development focused on ease of use and security, making it a critical tool for distributed Proxmox Mail Gateway environments. The command is actively maintained and updated with the Proxmox Mail Gateway releases.