pfSense/ESXi route all VM via GRE TUNNEL
-
Hello everyone!
I was planning to route my specific ESXi VM traffic via different IP from different provider.
Heard that it's possible to do that via GRE Tunnel, But did not found any tutorial on how to do that.I have purchased a low cost vps and wants to use that low-cost-vps IP for OVH ESXi VM via GRE TUNNEL.
If anyone here has idea or any tutorial link please feel free to share or post.
Thanks
-
You plan to run pfSense locally in front of the VM and remotely in OVH?
You can certainly policy route traffic from an internal IP across a tunnel. As long as that tunnel can be routed, so OpenVPN, IPSec VTI mode, Wireguard, GRE etc.
-
-
Thanks,
It was simple. I activated it as default gateway and all my VMs are getting routed via gre tunnel, That's perfect now. -
@IIMKIIVG said in pfSense/ESXi route all VM via GRE TUNNEL:
It was simple. I activated it as default gateway and all my VMs are getting routed via gre tunnel, That's perfect now.
Just so you are aware, a GRE tunnel is not encrypted. If you tunnel across the internet, GRE+IPSec would be a solution.
-
How does it affect in what manners?
I have zero knowledge about this. if you can explain in detail then it will help me.Thanks
-
Hi,
I have got it working by setting that gre tunnel as default gateway. But the problem is all the VMs are routing via that gre tunnel.
I wants to route specific VM only with that gre tunnel, Is that possible?
-
Yes, you need to policy route that specific VM by using a firewall rule with just that VM IP as the source. Then set the gateway there.
Yes, GRE is not encrypted so anything in the route could see the traffic. That often wouldn't matter. If it's https traffic that's encrypted anyway for example.
-
I did it already and it doesn't changes the VM IP.
But when I set the gre tunnel as default gateway it changes all VMs IP. -
Then the rule is not catching the traffic. It has to be in the LAN side ruleset before any other pass rules you might have there.
-
Yeah it's on LAN side and on top. First rule. Still doesn't changes VM IP.
-
-
That should certainly do it. You can see the rule has states and bytes on it.
How are you testing?
-
Yeah that's what I was wondering, But on my windows VM still shows default gateway IP. Not the gre tunnel ip.
Even restarted my VM.
-
Where does it show it? How are you testing?
You may need to clear any existing states. Traffic that was already passing would not be cleared.
-
Speedtest.net
whatismyip.com
whatismyipaddress.com
dnsleaktest.comall shows the deafult gateway IP.
All the rules are cleared except RDP one. -
Cleared all the existing states as well.
Is that firewall bug?Using version:
2.7.2-RELEASE (amd64)Please let me know.
-
Do you have any floating rules?
Is the OPT1_TUNNEL gateway up?
Try checking Diag > States for states from 192.168.1.11.
-
oh my man, These silly mistakes is wasting my time.
The gateway was being considered as offline, So I had to disable gateway monitoring. and it solved the problem.
Thank you so much
