Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

IP Tunneling from OVH to Hetzner
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

IP Tunneling from OVH to Hetzner

ZreindZreind Member
edited April 2023 in Help

Hello,

I have 2 servers.
First one is the vps bought from ovh and have /29.
Second one is the bare metal i bought from Hetzner.

If you have ever noticed the IP prices on Hetzner, you wouldn't use it.

I want to use this /29 subnet or even 1-2 IP's to use it in my Hetzner server.
The main problem is, i have some vpses on dedicated and want to give this ips to them without doing anything on them (just adjusting hypervisor)

I use KVM and tried to do it with ZeroTier, WireGuard etc. but still not working.

I don't know much about networking so please help me like a helping a noob :dizzy:

Comments

  • comXyzcomXyz Member

    I think what you should search is "GRE tunnel between two Linux servers".
    I did it long time ago and it worked, but I don't remeber the details.

  • ehabehab Member

    wireguard

    Thanked by 2darkimmortal sliix
  • ZreindZreind Member

    @ehab said:
    wireguard

    i know wireguard think but dont know how to do it with hypervisor bridge and details :confused:

  • tjntjn Member

    If you can tell us more about what you have setup on the Hetzner side, we can probably advise you better :)

  • ZreindZreind Member

    @tjn said:
    If you can tell us more about what you have setup on the Hetzner side, we can probably advise you better :)

    there is just qemu kvm and a nat bridge for nat vps

  • NeoonNeoon Community Contributor, Veteran

    People tried that before, It won't work stable, especially under DDoS.
    Your Tunnel just gets dropped or slowed below usable speeds.

    Thanked by 1MrH
  • ZreindZreind Member

    @Neoon said:
    People tried that before, It won't work stable, especially under DDoS.
    Your Tunnel just gets dropped or slowed below usable speeds.

    I want to learn it only. Also we need only 1 ip to host a machine not for a big production. I see you own microlxc and the free kvm thing. Can you help me a bit to do it with zerotier or wireguard? (gre is not safe)

  • RickBakkrRickBakkr Member, Patron Provider, LIR

    The means of transport, albeit GRE, Wireguard, … shouldn’t really affect the basic concept of what you like to achieve.

    1. Get a point to point tunnel set up between both sides
    2. Route OVH IPs over tunnel
    3. Route OVH IPs on Hetzner side to bridge
    4. Configure ip rule/vrf to have outgoing traffic return over tunnel back to OVH
    5. Done.
  • zenoczzenocz Member
    edited May 2023

    any vpn works on layer3 will be ok,I used it connecting vultr to bwh for years.

  • FlorinMarianFlorinMarian Member, Host Rep

    I have done this several times with the method below and it works with (Proxmox/Debian/Ubuntu) and the idea behind it is simple.
    The VM receives a private IP and at the hypervisor level you map a certain private IP address to a certain public IP address.

    I warn you that you cannot pass the security layers of the OVH and the speeds will be deplorable, especially when you do speedtests.

    =========================================================
Source of IP addresses:
=========================================================
sudo modprobe ip_gre
lsmod | grep gre

sudo bash -c 'cat >> /etc/network/interfaces' <<- EOL
auto gre1
iface gre1 inet static
    address 172.16.0.1
    netmask 255.255.255.0

    pre-up ip link add gre1 type gretap local 5.183.170.160 remote 65.109.64.177 ttl 255
    post-down ip link del gre1 
EOL


Important:
1. OVH: Ne asigurăm că nu există o adresă MAC pentru această adresă IP
2. Adăugăm adresa IP ca alias:
    ip addr add 162.19.129.221/32 dev vmbr0
3. Mapăm adresele IP interne cu cele publice:
    iptables -t nat -I PREROUTING -d 162.19.129.221 -j DNAT --to-destination 172.16.0.3
    iptables -t nat -I POSTROUTING -o vmbr0 -j MASQUERADE


=========================================================




=========================================================
Who uses those IP addresses:
=========================================================
sudo modprobe ip_gre
lsmod | grep gre

sudo bash -c 'cat >> /etc/network/interfaces' <<- EOL
auto vmbr0
iface vmbr0 inet manual
    address 172.16.0.2/24
    gateway 172.16.0.1

    pre-up ip link add gre1 type gretap local 65.109.64.177 remote 5.183.170.160 ttl 255
    pre-up ip link set gre1 up

    bridge-ports gre1
    bridge-stp off
    bridge-fd 0

    post-up echo 1 > /proc/sys/net/ipv4/ip_forward

    post-down ip link set gre1 down
    post-down ip link del gre1
EOL

VM config:
172.16.0.3 - 254
Gateway: 172.16.0.1
Netmask: 255.255.255.0

=========================================================
    Thanked by 4ehab Talistech pichulone FrankZ
  • ehabehab Member

    @FlorinMarian said:

    gre sucks a lot of bandwidth. an Idle 2 nodes was eating >1TB over night.

    so unless you have a unlimited then i don't advise gre.

  • kkiskkkkiskk Member

    IPsec VPN may be helpful for you?

  • therawtheraw Member

    cloudflare tunnels?

Sign In or Register to comment.