Pfsense + Haproxy inside Proxmox at Hetzner



  • Hi all,
    we have 4 dedi server at Hetznet, and it seams impossible to get what we need...
    What Hetzner give us?

    • 4 dedicated server each one with it's own public "MAIN IP" assigned to one interface (eno3) and all cabled to a dedicated 10 gb switch, for internal LAN comunications (eno1).
    • Additional ip (+MAC), additional subnet, Failover IP (yes we have taken everything, but nothing works), we tried every possible combination following they guidelines here, here, here, and many other online stuff.

    What we need?

    • PVE cluster (this works thanks to the VLANs bridged on internal LAN NIC)
    • PfSense to get out correctly (of course) , handle internal lan traffic and route it out
    • HA via pfsync, each node must be able to handle some VIP CARP, assigned to different services (OpenVPN, IpSEC, HAProxy frontend). Regarding this, on Hetzner the only way to get CARP VIP is to use FailoverIP? Quite right?

    I cut other parts of interfaces file.

    auto eno3
    iface eno3 inet static
            address  MAIN IP
            netmask  255.255.255.255
            gateway  GW BY Hetzner
            pointopoint GW BY Hetzner
    
    auto vmbr0
    iface vmbr0 inet static
            address  MAIN IP	#on pfsense guest VM the Gateway
            netmask  255.255.255.255
            bridge_ports none
            bridge_stp off
            bridge_fd 0
            up route add -host AdditionalIP/32 dev vmbr0  #on pfsense guest VM the WAN IP
            up route add -host FailoverIP/32 dev vmbr0
    

    In this type of configuration they say to give the guest system (in this case pfsense) as ip address the additional, and as gateway the MAIN IP of server, so i setup on pfsense the AdditionalIP as WAN and MAIN IP as gateway.
    The gateway status is online, but I can't ping outside.

    iface eno3 inet manual
    
    auto vmbr0
    iface vmbr0 inet static
            address  AdditionalIP
            netmask  255.255.255.128
            broadcast  BRDC-IP
            network NET-IP
            gateway  GW BY Hetzner
            pointopoint GW BY Hetzner
            bridge_ports eno3
            bridge_stp off
            bridge_fd 0
    

    With this conf I set on pfsense the MAIN IP as WAN and GW BY Hetzner as gateway, in this way I get out correctly, but from outside I'can't reach the FailoverIP added into pfsense as VIP CARP (because from hetzner FailoverIPs are routed to MainIP, that in this case assigned to a VM)

    Someone who knows how to help me

    Thanks for reading


Log in to reply