IPIP subnet tunnel to VyOS with internal network getting IP assignments from the tunnel

Hi!

I had a question regarding communicating from one host (A) to another host (B) running VyOS, both on different networks, using IPIP tunnel for a /24 subnet, so that the traffic to (B) comes from (A) which is DDoS protected.

Is this possible?

Also, can I have virtual machines in the internal network of the VyOS host (B) that use as a gateway the IPIP tunnel through VyOS, so that I can use network addresses (/24 subnet) from (A) in the VMs in (B) through NAT or something?

Thanks.

Hi @Hett1337 ,
VyOS supports IPIP tunnels
https://docs.vyos.io/en/latest/configuration/interfaces/tunnel.html#ipip

Regarding your task
I’m not sure what problem you want to solve. Maybe VXLAN is what you need:
https://docs.vyos.io/en/latest/configuration/interfaces/vxlan.html

1 Like

Hi @Nikolay , thanks for your reply, basically what I want to do is the following:

  1. Machine A, with a /24 subnet of public addresses attached to it, but very small hardware.
  2. Machine B, with only 1 public address, running VyOS inside Virtual Machine in Proxmox. Lot of hardware.

I want to tunnel the /24 subnet from machine A to machine B, and use the addresses in the /24 in the Virtual Machines created in Proxmox in machine B.

Is this possible?

You should try VXLAN:
https://docs.vyos.io/en/latest/configuration/interfaces/vxlan.html

Thanks. So VXLAN on the internal network side of Host B. How do I make it use the public addresses through the IPIP tunnel between Host A and Host B?

I gave you a link to the VyOS-side setup in my last post
Here is a link to examples on the Linux side
https://programmer.help/blogs/practice-vxlan-under-linux.html

How the NAT is handled within the VXLAN to use the /24 public addresses?

VXLAN doesn’t care about NAT. You can treat VXLAN as an unencrypted VPN.
Accordingly, VXLAN+NAT is handled the same way as VPN+NAT