Pfsense + Haproxy inside Proxmox at Hetzner
gnleot last edited by gnleot
we have 4 dedi server at Hetznet, and it seams impossible to get what we need...
What Hetzner give us?
- 4 dedicated server each one with it's own public "MAIN IP" assigned to one interface (eno3) and all cabled to a dedicated 10 gb switch, for internal LAN comunications (eno1).
- Additional ip (+MAC), additional subnet, Failover IP (yes we have taken everything, but nothing works), we tried every possible combination following they guidelines here, here, here, and many other online stuff.
What we need?
- PVE cluster (this works thanks to the VLANs bridged on internal LAN NIC)
- PfSense to get out correctly (of course) , handle internal lan traffic and route it out
- HA via pfsync, each node must be able to handle some VIP CARP, assigned to different services (OpenVPN, IpSEC, HAProxy frontend). Regarding this, on Hetzner the only way to get CARP VIP is to use FailoverIP? Quite right?
I cut other parts of interfaces file.
auto eno3 iface eno3 inet static address MAIN IP netmask 255.255.255.255 gateway GW BY Hetzner pointopoint GW BY Hetzner auto vmbr0 iface vmbr0 inet static address MAIN IP #on pfsense guest VM the Gateway netmask 255.255.255.255 bridge_ports none bridge_stp off bridge_fd 0 up route add -host AdditionalIP/32 dev vmbr0 #on pfsense guest VM the WAN IP up route add -host FailoverIP/32 dev vmbr0
In this type of configuration they say to give the guest system (in this case pfsense) as ip address the additional, and as gateway the MAIN IP of server, so i setup on pfsense the AdditionalIP as WAN and MAIN IP as gateway.
The gateway status is online, but I can't ping outside.
iface eno3 inet manual auto vmbr0 iface vmbr0 inet static address AdditionalIP netmask 255.255.255.128 broadcast BRDC-IP network NET-IP gateway GW BY Hetzner pointopoint GW BY Hetzner bridge_ports eno3 bridge_stp off bridge_fd 0
With this conf I set on pfsense the MAIN IP as WAN and GW BY Hetzner as gateway, in this way I get out correctly, but from outside I'can't reach the FailoverIP added into pfsense as VIP CARP (because from hetzner FailoverIPs are routed to MainIP, that in this case assigned to a VM)
Someone who knows how to help me
Thanks for reading