Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfsense + Haproxy inside Proxmox at Hetzner

    Scheduled Pinned Locked Moved Virtualization
    1 Posts 1 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gnleot
      last edited by gnleot

      Hi all,
      we have 4 dedi server at Hetznet, and it seams impossible to get what we need...
      What Hetzner give us?

      • 4 dedicated server each one with it's own public "MAIN IP" assigned to one interface (eno3) and all cabled to a dedicated 10 gb switch, for internal LAN comunications (eno1).
      • Additional ip (+MAC), additional subnet, Failover IP (yes we have taken everything, but nothing works), we tried every possible combination following they guidelines here, here, here, and many other online stuff.

      What we need?

      • PVE cluster (this works thanks to the VLANs bridged on internal LAN NIC)
      • PfSense to get out correctly (of course) , handle internal lan traffic and route it out
      • HA via pfsync, each node must be able to handle some VIP CARP, assigned to different services (OpenVPN, IpSEC, HAProxy frontend). Regarding this, on Hetzner the only way to get CARP VIP is to use FailoverIP? Quite right?

      I cut other parts of interfaces file.

      auto eno3
iface eno3 inet static
        address  MAIN IP
        netmask  255.255.255.255
        gateway  GW BY Hetzner
        pointopoint GW BY Hetzner

auto vmbr0
iface vmbr0 inet static
        address  MAIN IP	#on pfsense guest VM the Gateway
        netmask  255.255.255.255
        bridge_ports none
        bridge_stp off
        bridge_fd 0
        up route add -host AdditionalIP/32 dev vmbr0  #on pfsense guest VM the WAN IP
        up route add -host FailoverIP/32 dev vmbr0

      In this type of configuration they say to give the guest system (in this case pfsense) as ip address the additional, and as gateway the MAIN IP of server, so i setup on pfsense the AdditionalIP as WAN and MAIN IP as gateway.
      The gateway status is online, but I can't ping outside.

      iface eno3 inet manual

auto vmbr0
iface vmbr0 inet static
        address  AdditionalIP
        netmask  255.255.255.128
        broadcast  BRDC-IP
        network NET-IP
        gateway  GW BY Hetzner
        pointopoint GW BY Hetzner
        bridge_ports eno3
        bridge_stp off
        bridge_fd 0

      With this conf I set on pfsense the MAIN IP as WAN and GW BY Hetzner as gateway, in this way I get out correctly, but from outside I'can't reach the FailoverIP added into pfsense as VIP CARP (because from hetzner FailoverIPs are routed to MainIP, that in this case assigned to a VM)

      Someone who knows how to help me

      Thanks for reading

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.