Tunnel GRE from linux server to pfsens
-
Hello,
Im trying to create a GRE tunnel from linux server and connect it with my pfsense, so i can use the ip in my VM running on proxmox.
The tunnel GRE is already created and pingable from each end, the real issue is the VM won't getting internet.Im using BuyVM, tunnel GRE is using "unprotected IP" and i've ordered one protected IP /32 so i can use it in to my VM.
They have one guide with instructions how to create a tunnel GRE, but it only mention Server A to B, and i can't figured out how use the ip in pfsense > VM .Im using this configuration in other provider and it works, but i already installed one pfsense in buyvm end and not working.
-
So you're trying to forward traffic across the tunnel to pfSense and then to the Proxmnox VM?
What works so far? The GRE tunnel is up? You can ping across it both ways from using the private IPs?
Have you setup forwarding from the VPS over the tunnel? If you ping the public IP does that arrive at pfSense?
-
So you're trying to forward traffic across the tunnel to pfSense and then to the Proxmnox VM?
Exactly, in pfsense i wan't to manage wich server is using the ip.
The tunnel GRE is up and pingable:(From linux server)
(From pfsense)
Commands i've used in linux:
Config in pfsense:
-
NAT (Already tried with and without this rule:
-
Rules (VLAN 201):
-
Rules GRE Tunnel:
In windows VM im using to test, i've specified the ipv4 i want to use and /24 netmask with gateway of that ipv4.
Thanks in advance for your help.
-
-
Also im receiving traffic from that ip:
To awnser all your questions:
I can ping it:
-
Hmm, so you have disabled outbound NAT entirely.
That 198.x.x.x IP address is the single public IP the VPS has been assigned?
It looks like you're trying to use that on the VM directly which is not how this can work. The VPS has that IP and forwards traffic coming into it to the VM across the tunnel. The VM itself has some private IP that you assign it.
If you want to use a public IP at the Proxmox end directly you would need a separate subnet that provider routes to you via the VPS IP.
-
That 198.x.x.x IP address is the single public IP the VPS has been assigned?
Negative, the VM have one ip and that 198.x.x.x is the Additional IP.
It looks like you're trying to use that on the VM directly which is not how this can work. The VPS has that IP and forwards traffic coming into it to the VM across the tunnel. The VM itself has some private IP that you assign it.
If you want to use a public IP at the Proxmox end directly you would need a separate subnet that provider routes to you via the VPS IP.
I've this setup working with other provider, i can use their ip in my VM directly. What is the alternative i have to use this ip in my vm ? I don't wan't use NAT, because some apps might verify ip of NIC.
-
@Jsetive said in Tunnel GRE from linux server to pfsens:
the VM have one ip and that 198.x.x.x is the Additional IP.
You mean the VPS has one IP and the 198.x.x.x IP is additional? Is it in the same subnet?
Is your other setup also using pfSense?
-
You mean the VPS has one IP and the 198.x.x.x IP is additional? Is it in the same subnet?
Yes correct:
Is your other setup also using pfSense?
I don't understood clear what you've asked.
In my other provider i have one pfsense in their end, i've tried here as well but i can't put it work with same configuration, with iptables was the closer i got.
In my end i use the same pfsense, if you check again my prints you can see other GRE tunnel. -
@Jsetive said in Tunnel GRE from linux server to pfsens:
You mean the VPS has one IP and the 198.x.x.x IP is additional? Is it in the same subnet?
Yes correct:Mmm, it looks like it's not in the same subnet.
In which case you might be able to route it across the tunnel.
The first test I would do here is to add that IP as a IPAlias VIP in pfSense on localhost and make sure that works as expected when pinged from something external.
-
In which case you might be able to route it across the tunnel.
With iptables, i guess is how it is right now, right ? Im not expert in this matter.
The first test I would do here is to add that IP as a IPAlias VIP in pfSense on localhost and make sure that works as expected when pinged from something external.
Wich interface i use?
I used WAN and VLAN201, it seems still pingable -
Well I suggested adding it on localhost but it should respond from any interface on pfSense. Adding it on VLAN201 should be fine.
Ok so you can ping that from some external address and see pings come back from pfSense? I would want to confirm that in Diag > States.
If so then you should be able to route that IP to an internal VM in pfSense. Just add a static route to it.
-
Well I suggested adding it on localhost but it should respond from any interface on pfSense. Adding it on VLAN201 should be fine.
State:
If so then you should be able to route that IP to an internal VM in pfSense. Just add a static route to it.
-
So 198.x.x.140 is the provided IP used in the alias?
You only have that one IP as I understand it? You can't use the full /24 that contains it. You have to use some other subnet there and add the single IP as a VIP on the VM instead of pfSense.
Unless the Provider are routing the full /24 to you. Which seems very unlikely!
-
So 198.x.x.140 is the provided IP used in the alias?
Yes
You only have that one IP as I understand it? You can't use the full /24 that contains it. You have to use some other subnet there and add the single IP as a VIP on the VM instead of pfSense.
Yes
/24 is showned in route because the gateway/ip of interface VLAN 201 is gateway of that ip: 198.x.x.1/24
What is the alternative i have to be able to use the IP directly in VM?
-
@Jsetive said in Tunnel GRE from linux server to pfsens:
the gateway/ip of interface VLAN 201 is gateway of that ip: 198.x.x.1/24
You can't use that it's not your IP address, the provider is likely already using that upstream.
You can only use a full public subnet on VLAN201 if the provider is routing it to you and that is only going to happen if you're paying them for it. Otherwise use a private subnet there and route the public IP to the private IP on the VM. Add the public IP as a VIP on the VM.
-
Sorry if i don't understand, but it seems in the above topics, they are able to use in VM directly:
https://forum.netgate.com/topic/173892/gre-tunnel-to-protect-ip
https://forum.netgate.com/topic/189477/the-curl-command-is-not-working-correctly -
There they are using an IP that is in the same subnet as the VPS public IP. That means they cannot route it and have to bridge the interfaces at both ends to create a single layer 2 segment.
So there they used OpenVPN in TAP mode a bridged it.You don't need to do that because your additional IP is not in the same subnet. You can just route it to the VM directly. But you still need to use a private subnet between pfSense and the VM to route it across.
-
Hello,
How can i create that route to GRE.
If i use VLAN 201 - 10.0.201.0/24
I need to configure the ip as alias and made nat translation ? Just that? -
You can use NAT and put the IPAlias on the firewall.
Or you can put the public IP on the VM directly as a virtual IP and route to it in pfSense. Which is what I thought you are trying to achieve.
-
Or you can put the public IP on the VM directly as a virtual IP and route to it in pfSense. Which is what I thought you are trying to achieve.
You mean configure 198.x.x.x directly in VM and some how route in pfsense? How should i do that?
