New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
pfSense/ESXi route all VM via GRE TUNNEL
Hello everyone!
I was planning to route my specific ESXi VM traffic via different IP from different provider.
Heard that it's possible to do that via GRE Tunnel, But did not found any tutorial on how to do that.
I have purchased a low cost vps and wants to use that low-cost-vps IP for OVH ESXi VM via GRE TUNNEL.
If anyone here has idea or any tutorial link please feel free to share or post.
Thanks
This discussion has been closed.
Comments
https://community.hetzner.com/tutorials/linux-setup-gre-tunnel
If that low cost vps is more than 2.5 euros/month its better to buy gre tunnel from noez.de or novahosting but they are more expensive than noez
its actually 12 euros Biennially from dasabo.
ovh additional ip costs me like $2/month. It's way cheaper and we get new vps as well.
Add a gre device on OPNSese, activate it and set it as default gateway. I use GRE the other way arround with OPNSense, to basically encapsule NATed traffic (to maintain the original IP headers)
I've been testing this recently using Wireguard on Vyos on a VPS tunneling to/from Opnsense locally, routing IPs or subnets right through the wireguard tunnel and then setting a 1:1 binat rule and setting the local VM IP gateway to be the Vyos end of the wireguard tunnel, sort of PBR and defining the IP in that rule for outbound to 0.0.0.0/0. Then Vyos just needed to have proxy-arp enabled.
IDK if this is the BEST move but this is what I figured out because GRE + dynamic IP from ISP wasn't seemingly stable and wireguard was performant, GRE over wireguard was unstable. Only real thing I ran into was MSS clamping on the opnsense side and proxy-arp on the vyos side. I've not tried internally on the opnsense side of this assigning IPs directly to VMs as 1:1 NAT and PBR seemed to work for me...so far.
This is with a VPS and a routed /29 subnet. I also tested with additional /32 IP addresses on a VPS and that worked too.
I'm not doing it for any particular reason, moreso wanted to see if I could do it.
Exactly the same way I did with pfSense, added gre device.
curl --interface gre0 - works well.
But when I activate it as default gateway, The VM internet doesn't works.
Actually it helped me, I removed all my existing gre tunnel rules on pfsense and it worked.
Thanks
The problem in setting the GRE as default gateway is all the VMs are routing via that GRE Tunnel.
How can I target specific VM only to route via GRE Tunnel and not all the VMs?
Create a gateway for the gre interface.
Create a firewall rule in pfsense and set the gateway manually. (Somewhere down on the rules page, you should find this setting. I only use OPNsense, so no screenshot for you - sorry)
Yeah I got it done. Thanks.
Mods please close the thread
I think it should be moved to 'Help' categories. Thread closure requested.
Moved thread from General to Help
Closed thread