JoeCol
Contributor
Contributor

Router-VM on ESXi 5

We signed up for ESXi 5 server in Hetzner.de

We have a problem in configuring the router-VM to enable us us additional subnet.

Hetzner has detailed WIKI with nice examples but is seems we do one little mistake along the way.

Web read carefully - http://wiki.hetzner.de/index.php/VMware_ESXi/en

Here are our details:

Main IP of ESXi - 176.9.151.46 - MAC address of main NIC - 6c:62:6d:b2:ac:60

We received additional IP to route all subnet IPs to this IP.

Additional IP details:

IP: 176.9.151.61

Gateway: 176.9.151.33

Maske: 255.255.255.224

MAC: 00:50:56:00:19:23

New subnet details:

IP: 78.46.235.64 /28

Mask: 255.255.255.240

Broadcast: 78.46.235.79

Useable IP addresses:

78.46.235.65 to 78.46.235.78

We have been told by Hetzner that they have routed subnet IPs to the additional IP - 176.9.151.61

First we created a newvSwitch (called "subnets")

Then we created a new Virtual Machine (we did try with Linux then with Windows 2003)

We prefer configuring the Router-VM on 2003.

We configured IP-Forward via Regedit

eth0 First Card configuration on Rourt-VM (eth0):

Connected to main vSwitch on physical NIC

First we configured MAC address to "Manual" - 00:50:56:00:19:23

TCP/IP configuration:

IP: 78.46.235.78

Mask: 255.255.255.240

Gateway: empty (we also tried all options - the additional IP, the server IP, The main server gateway)

Second card of Router-VM (eth1)

MAC address is on automatic

IP: 78.46.235.65

Mask: 255.255.255.240

Gateway:78.46.235.78

Here are the problems:

1. Router-VM itself is not connected outside.

2. we created a standard VM (Also 2003) connected to the new vSwitch - no connection outside.

Please help - where is our mistake ???

0 Kudos
8 Replies
a_p_
Leadership
Leadership

Discussion moved from VMware Server 1 to VMware ESXi 5

0 Kudos
JohnRM
Contributor
Contributor

In the same exact boat Smiley Happy. Have you found any solutions?

Thanks

0 Kudos
JoeCol
Contributor
Contributor

Yes. I found the solution. It seems a bit confusing in their instructions.

Provide all the details in your case and I will give you the exact configuration.

0 Kudos
scottledeuce
Contributor
Contributor

Hi JoeCool

I'm another one at sea adrift with hetzner and their weird setup,

I though ovh was bad but they seem worse.

Anyway I've followed their wiki pages but they give no info on how to configure the router vm, I know there are many os you could use for it but some basics I could use.

Im working on linux now but if you could let me know your windows setup (or how you are setup) it would be great.

Somehow nice to see I'm the third person this month haveing the same tssue Smiley Happy

0 Kudos
JoeCol
Contributor
Contributor

OK. Since I managed to configure it right, I will help you, using my details as an example.

The main ESXi IP and its NIC MAC address ARE NOT used for subnet configuration.

First you need to create a new vSwitch - let's call it "subnet1"

This part of Hetzner wiki is explain right.

Then you creat a virtual machine to be the Router-VM.

On first NIC of Router-VM - "Network adapter 1" which is connected to "VM Network" (vSwitch0) you configure:

IP is the "Additional IP" with the exact details - IP, Mask, GW.

Add these Hetzter DNS IPs"

213.133.98.98

213.133.99.99

Configure MAC on "Manual" and add the MAC address you got with the "Additional IP".

Now create a second NIC on Router-VM - "Network adapter 2"

Connect this NIC to the second switch - "subnet1" (vSwitch1)

MAC address should be "Automatic"

TCP/IP configuration of this network:

IP sould be the upper USABLE IP - in my example - 78.46.235.78

Mask as you get in your subnet details

Gateway should be empty.

DNS as first NIC

Now you cane create a new Virtual machine in your subnet.

Here are the instructions for new VM configuration:

IP - any of your usable IPs in your subnet

Mask - as instructed in your subnet

Gateway - the upper USABLE IP - in my example - 78.46.235.78

DNS as first NIC

Same goes to all your VMs under this subnet.

If you need and get a second subnet:

First, make sure with Hetzner that they route the second subnet to the same "Additional IP"

Then create a second vSwitch call it "subnet2" (vSwitch2)

Then creat a third NIC in your Router-VM

Same concept as the first one - MAC on automatic - connected to "subnet2"

All othe instructions - same as first subnet.

Hope this will help. Enjoy it.

0 Kudos
renecd
Contributor
Contributor

I'm having the same problem, and Hetzner is no help, they simply say "we dont support vsphere"....  I've followed the instructions on their wiki page combined with this, but can't get the routing to work.

These are the IP addresses I got from Hetzner:

Main server IP :

xxx.xxx.116.98

"Single IP", i.e. the IP that should be used for the routervm:

IP: x.x.116.122

Gateway: x.x.116.97

Netmask: 255.255.255.224

MAC: xx:xx:xx:xx:0F:2F

"Subnet"

Subnet: xx.xx.229.128 /29

Netmask: 255.255.255.248

Broadcast: xx.xx.229.135

Usable IP addresses: xx.xx.229.129 to xx.xx.229.134

I've created the switch as explained:

1.PNG

I've created the routervm based on Centos 6.6 minimal with the two NIC's such as explained.

2.PNG

In this routervm I configured network as follows:

# pwd

/etc/sysconfig/network-scripts

# cat ifcfg-eth0

DEVICE=eth0

BOOTPROTO=static

ONBOOT=yes

HWADDR=xx:xx:xx:00:0F:2F

IPADDR=x.x.116.122

NETMASK=255.255.255.224

# cat route-eth0

ADDRESS0=0.0.0.0

NETMASK0=0.0.0.0

GATEWAY0=x.x.116.97

# cat ifcfg-eth1

DEVICE=eth1

BOOTPROTO=static

ONBOOT=yes

IPADDR=x.x.229.128

NETMASK=255.255.255.248

# route -v

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

x.x.229.128   *               255.255.255.248 U     0      0        0 eth1

x.x.116.96    *               255.255.255.224 U     0      0        0 eth0

link-local      *               255.255.0.0     U     1002   0        0 eth0

link-local      *               255.255.0.0     U     1003   0        0 eth1

default         static.97.116.x 0.0.0.0         UG    0      0        0 eth0

#

I can ping this routervm from the internet and it can ping out, i.e. at least eth0 and routing seems to have been set up correct

I then created a testvm, still based on Centos 6.6. minimal, and with the next IP i the allocated range:

# pwd

/etc/sysconfig/network-scripts

# cat ifcfg-eth0

DEVICE=eth0

BOOTPROTO=static

ONBOOT=yes

IPADDR=x.x.229.129

NETMASK=255.255.255.248

# cat route-eth0

ADDRESS0=0.0.0.0

NETMASK0=0.0.0.0

GATEWAY0=x.x.229.128

# route -v

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

x.x.229.128   *               255.255.255.248 U     0      0        0 eth1

link-local      *               255.255.0.0     U     1002   0        0 eth0

#

So, I think everything is set up as explained, yet the pinging it from anywhere throws a "Destination Host Unreachable" and pinging anything from it "connect: Network is unreachable".


I realize this is an old thread, but it's the most promising thread I've been able to find about this problem on the Internet, and it's already halfway there, so I hope someone will jump in and fill the gaps to help me understand how to do this,  Already pulled out most of my hair.

0 Kudos
beth22
Enthusiast
Enthusiast

Did this work eventually?

Thanks,

0 Kudos
CShawn
Contributor
Contributor

Adding a Subnet to my existing Hetzner server was very frustrating. I had no problem setting up a second IP and NATing into a private subnet. If you can do that, then getting around the confusing parts of different sources of information is the hard part. Mixing in directions for IPv6 also makes it hard to decipher where parts apply to IPv4. Making one change in any of the four main configuration areas can cause you to chase your tail for hours!  This post provided another set of clues that helped me slowly figure out what I was doing wrong, so even though this post is old, I felt obligated to try to help here. *** BOLD will be things you have to do ***. The rest is trying to make sense of it all.

The main four configuration areas:

  1. Hetzner
  2. ESXi6 Host
  3. Firewall VM Guest
  4. Linux or Windows VM Guest

Hetzner:

I assume you have a server and you have ESXi installed with the default vSwitch. Your host has an IP and you have a second IP from Hetzner that you have assigned a MAC address.

pastedImage_1.png

X.X.197.230 is the main ESXi IP for the host. x.x.197.251 is my production setup and is used on a VM firewall to NAT to a private LAN. It is the production side, so I did not want to mess up my current setup, just add a new subnet.  For this doc, we will be using the x.x.197.222 IP to route our new /29 subnet x.x.208.176.

Let us look at the email and robot screens from Hetzner:

Email:

Dear Mr

Below you will find the IP subnet added to your server #123456, and statically routed on the IP x.x.197.222.

Subnet:

x.x.208.176 /29

Netmask:

255.255.255.248

Broadcast:

x.x.208.183

Usable IP addresses:

x.x.208.177 to x.x.208.182

Instructions for configuring additional IP addresses can be found in our wiki:
http://wiki.hetzner.de/index.php/Zusaetzliche_IP-Adressen/en

If you have any questions or requests, please send us a support request via your Robot administration interface (https://robot.your-server.de).
Please log in to the Robot using your master login and click on "Requests" in the menu on the left. There you can select your server and the request type, or simply send a general request.
We shall reply to your support request as soon as we can.

Best regards

Your Hetzner Online Team

Robot Screen:

pastedImage_3.png

We now have our new subnet details and which IP it will be routed out of. Other than their technical notes mentioned in other posts, that is about all of the help you will get from them. I made a cross reference from the example Subnet to my Subnet. I suggest you do the same, makes it easier when it is using your data!

Subnet Details:

x.x.208.176/29 (255.255.255.248)
Netmask: 255.255.255.248
Gateway: x.x.197.222

1. Assign a separate MAC to your IP in Robot. You will use this in your Firewall VM for x.x.197.222. (Click the Blue Screen/NIC icon.)
pastedImage_5.png
2. Go the firewall section in Hetzner and open it up for your IPs. I am still testing this, but I use my firewall VMs to secure the VMs.

          pastedImage_6.png

We are done with Hetzner.

ESXi6 Host:

pastedImage_8.png

vSwitch0 is the default one created when you install ESX and uses the main server IP of x.x.197.230.
vSwitch1 is my production one that I didn’t want to mess up.
vSwitch2 is the one we are using for the new subnet.

1. Create vSwitch2. Click Add Networking
pastedImage_9.png

2.  Connection Type: Virtual Machine

3.  Network Access: Create a vSphere standard switch

4.  Connection Settings: Subnet (Or any name you want)

5.  Summary should show you Subnet and no adapters. Finish.

That’s it. Leave the ESX host alone now. I know it seems wrong, and believe me I messed it up many times working through this!

Firewall VM Guest

I use IPFire for my VM firewalls: http://www.ipfire.org/ You can use others, such as pfSense but you will need to figure out where to configure it to match.

I will glaze over this since you are probably already familiar with creating VMs. If you need help installing and configuring IPFire, I can help in another post.

1. Create your IPFire VM with two nics. Assign one to your Public network and the other to your Subnet.

2. In ESX, on the public NIC you need to give it the MAC address of your Hetzner Robot MAC you created. *** VERY IMPORTANT. ***
pastedImage_10.png

3. Install IPFire, take note of your MAC addresses, since you will need to match up the NICs with the Red/Green interface assignment part of the installation process. When setting up the Red interface, just use DHCP. It will be easier. You can set It statically later once you see what happens. It should give you IP: x.x.197.222, Mask: 255.255.255.224, Gateway: x.x.197.193, Broadcast: x.x.197.223 matching your second Hetzner IP that your subnet will route out of.

4. Here is where it didn’t make sense to me, since I am so used to NATing. Your Subnet will be assigned to the Green interface. I gave it the last IP of the useable subnet range when setting this up because I was trying to follow the Hetzner document to the letter. I was going insane. I gave it x.x.208.182. I also setup DHCP on the Green interface and gave it the range of x.x.208.177 to x.x.208.181. It is easy to set static assignments in IPFire by MAC addresses, and you can speed up guest installations by using DHCP. You can always set it statically later and change your IPFire DHCP pool.

5. Do any firewall setup you need for your VMs. I allow HTTP/S to a webserver. If you are used to doing NATing, don’t here. Just assign the IP. One thing I have noticed and working through is that you will not be able to PING the subnet unless you open everything up on the firewall. Made me think I had it setup wrong at first! When you use MY IP in a browser it will show the x.x.197.222 second IP address.

Your firewall should be all set and happy.

Linux or Windows VM Guest

Now the guest part will be easy if you set IPFire to use DHCP. When you create your VM, just assign the NIC to your Subnet and it will get an IP in the x.x.208.177 to x.x.208.181 range.

pastedImage_11.png

IP Config from a Windows VM:

pastedImage_12.png

This is my first How-to so it is probably all over the place.  I hope it helps!

0 Kudos