I have two small hyperv server in two different datacenter.
I was able to set up almost everything but there is still one thing which does not work: accessing internet (or maybe any natted network) from across the bridge.
What is strange is that the destination NAT does work across bridge but not source NAT.
Everything else works just fine, including traffic from/to OpenVPN TUN to/from client across the bridge.
Attached you find a scheme (hope you like it '^_^) and sanitized configs.
I think the problem is some NAT rule missing but don’t know if it is config related or vyos related.
Here you are my findings:
In VYOS1 (left side) i created a source NAT rule to NAT a single server (192.168.50.41) on the right side to exit to internet with masquerade.
I put this rule (190) above the source NAT rule that allow my LAN to go out (200).
Here you are the 190 and 200 rule:
Please not that there is no firewall rule in left side nor in right side (will add them when NAT works properly)
And there are no NAT rule at all on right side, just one OpenVPN TAP interface and a bridge like described before.
How can I fix this NAT problem?
I think I am missing just a little bit but don’t know which one
I think I solved it (at least it is working right now)
I will test if everything works as expected, if it does survive reboots and then post sanitized configs here or in how to.
What I have right now: two servers on two different provider, running HyperV 2016 with replicas working and no need to edit interfaces when migrating VM.
I still don’t know if this solution can scale out or if it would be advisable to run it in production, but I am not running anything too important on it at the moment (just some websites and mail server)
Next I would check if I can improve performance (already acceptable right now) on the bridge link.
Here you are the sanitezed configurations.
Basically I removed eth2, added eth1.50 to the bridge and moved eth1.50 address to the bridge br0.
Issued this configuration on both side vyos.
Working so far: 2 x HyperV + bridge + NAT + VLAN. No matter where a VM is it can browse internet with “remote” gateway
There is room for improvement for sure (for example VLAN scaling).