I get redirected to a different domain and can not view your configuration.
So, i (and potentially others) can not help you with your configuration so far.
I personally dont like the Tutorial of Server-Verstehen.de, especially because (at least in ealier versions) it tries to create a greTAP interface (instead of an gretun), which is completly wrong in this scenario.
For troubleshouting purposes, it would be good to know, if you are using the hetzner firewall.
It supports gre and if activated, you have to allow incoming gre traffic from the noez server endpoint.
If the proxmox firewall is enabled, you have to allow incoming traffic there too. Outgoing traffic is allowed by default on proxmox servers.
Another useful piece of information would be the type of your ips. Did you ordered a subnet or multiple single ips. What do you want to do? Do you want to use these ips on the host? Do you want to nat them? Do you want to ROUTE the ips to virtual machines or containers?
My setup is the following:
The GRE-Tunnel gets terminated on the proxmox server.
ALL ips get routed to a bridge on the host. My Containers and vms are connected to that bridge.
I use my main IP address from hetzner as a gateway ip for my containers.
Since the mtu is reduced (by the gre tunnel) containers addapt the mtu by default. VMs must be configured.
Since my main IP is outside of the subnet (every /32 is outside of another /32), i can not specify the gateway during installations of vms (the installer restricts this). So i have to configure the connection afterwards. And packages like resolvconf must be installed afterwards too. Which leds me to the situation, that i always have to resolve deb.debian.org manually.
As you can see, every configuration has its advantages and disadvantages. And your exact scenario must be descriped.
Hello @iamlouchou
Thanks for using the tutorial i can you help with your problem:
set the mtu 1476 on e.g. gre1 and vmbrX
ip rule add from yourIPv4fromNoez/32 or /28, /29 etc. table 20
Either the individual or subnet must be defined here.
ip route add yourIPv4fromNoez/32 or /28, /29 etc. dev vmbrX
vmbrX => your vmbr0,1,2 etc. bridge from linux to virtualise.
to save IP addresses, simply take a „to“ simulated gateway address and convert it locally on your computer:
e.g. ip addr add yourIPv4fromNoez/32 dev vmbrX
ip route add default via internalGREclient/30 dev gre1 table 20
Here for the network configuration /etc/network/interfaces:
nano /etc/network/interfaces => and add the following:
auto vmbr1
iface vmbr1 inet static
address yourIPv4fromNoez/32
bridge-ports none
bridge-stp off
bridge-fd 0
post-up /root/mygre.sh
now I’ll write a short post-up script for you:
#!/bin/bash
ip route add default via internalGREclient/30 dev gre1 table 20
ip rule add from yourIPv4fromNoez/32 table 20
# add more rules for more ipv4 from gre tunnel noez.de
ip route add yourIPv4fromNoez/32 dev vmbr1
# ... add more ips to the vmbr1 ...
ip link set vmbr1 mtu 1476
ip link set gre1 mtu 1476
and now save the file here: /root/mygre.sh
Give Permissions: chmod 777 /root/mygre.sh
Hello
Okay i see a minimal problem:
in the configuration /etc/network/interface:
add the address: 5.230.227.1/32
this is the „simulated“ gateway
And please set the address 5.230.227.1 not in table 20
all antoher ip addresses can be routed via ip rule add from ip/32 table 20
Can you send me a screenshot of a ping via 192.168.4.1?
The 192.168.4.1 is the internal gre gateway from noez.
Oh and set the gre connection in mygre.sh on line 2:
sudo ip link add gre1 type gre local HetznerIP remote NoezGREIP ttl 255
# paste here the /30 internal subnet from noez gre tunnel
sudo ip addr add 192.168.4.2/30 dev gre1
sudo ip link set gre1 up
Technically possible but noez.de requires different ipv4 or ipv6 addresses per gre tunnel. In any case, you could route several ipv6 addresses from the /64 to the main interface and specify them differently at noez.de.
e.g. 1000:1000:1001::1/64
for gre tunnel two: route 1000:1000:1001::2/64 to eth0 etc.
But these are example addresses that only serve as examples.
You can find the ipv6 data in the hetzner overview.
ip addr add ipv6/128 dev main interface
with this command you can add a single ipv6 address from your /64 hetzner subnet to the main vps interface and order a new gre tunnel on it
You can use „iptables -A INPUT -i [INTERFACE] -s [YOUR REMOTE SERVER] -d [YOUR SERVER] -p gre -j ACCEPT“. This rule only allows gre traffic from a specific ip on a specific interface to a specific ip.
Do you allow forwarding traffic between your main interface and your gre2 interface on your vps (104.244.76.163)?
For UFW you can use the „ufw route allow“ command.
For iptables you can use the „iptables -A FORWARD -i [MAIN INTERFACE] -o [GRE INTERFACE] -j ACCEPT“ command. The second rule is exactly like the first one, except that -i and -o are swapped.
Do you allow routing on your vps (104.244.76.163)?
„net.ipv4.ip_forward“ must be activated on the vps too.
