{"id":1683,"date":"2025-08-08T15:13:01","date_gmt":"2025-08-08T13:13:01","guid":{"rendered":"https:\/\/www.shukko.com\/x3\/?p=1683"},"modified":"2025-08-08T15:17:31","modified_gmt":"2025-08-08T13:17:31","slug":"proxmox-a-to-proxmox-b-vxlan-and-use-proxmox-a-24-ips-on-proxmox-b-virtual-machines","status":"publish","type":"post","link":"https:\/\/www.shukko.com\/x3\/2025\/08\/08\/proxmox-a-to-proxmox-b-vxlan-and-use-proxmox-a-24-ips-on-proxmox-b-virtual-machines\/","title":{"rendered":"proxmox A to proxmox B VXLAN and use proxmox A \/24 ip\u2019s on proxmox B Virtual Machines."},"content":{"rendered":"\n<p>Extra: according to chatgtp \ud83d\ude00<br>this also can be achieved using VXLAN setup<br>Below is this VXLAN setup ( did not tried or experiment this &#8211; just for extra information )<\/p>\n\n\n\n<p>Alright \u2014 here\u2019s the VXLAN version of your setup.<br>VXLAN is nice because it uses UDP (default port 4789), which almost always passes through firewalls\/NAT, and it\u2019s still Layer 2 capable like gretap.<\/p>\n\n\n\n<p>Network Recap<br>Provider A (Debian VM) Provider B (Proxmox Node)<br>Public IP: 38.248.1.150 Public IP: 185.17.1.2<br>\/24: 38.248.1.0\/24 (lives in Provider A)<br>\/24 Gateway: 38.248.1.1<br>Goal: VMs in Provider B keep using their old IPs + gateway over the tunnel<\/p>\n\n\n\n<p>On Provider A (Debian VM)<\/p>\n\n\n\n<h1 class=\"wp-block-heading\">Install bridge utilities<\/h1>\n\n\n\n<p>apt install bridge-utils iproute2<\/p>\n\n\n\n<h1 class=\"wp-block-heading\">Create VXLAN interface (ID can be any number, must match both sides)<\/h1>\n\n\n\n<p>ip link add vxlan100 type vxlan id 100 \\<br>dev eth0 \\<br>remote 185.17.1.2 \\<br>dstport 4789 \\<br>local 38.248.1.150 \\<br>ttl 255<\/p>\n\n\n\n<h1 class=\"wp-block-heading\">Bring it up with smaller MTU (VXLAN adds ~50 bytes)<\/h1>\n\n\n\n<p>ip link set vxlan100 up mtu 1450<\/p>\n\n\n\n<h1 class=\"wp-block-heading\">Create a bridge for your public NIC + VXLAN<\/h1>\n\n\n\n<p>brctl addbr br0<br>brctl addif br0 eth0<br>brctl addif br0 vxlan100<\/p>\n\n\n\n<h1 class=\"wp-block-heading\">Move your IP from eth0 to the bridge<\/h1>\n\n\n\n<p>ip addr flush dev eth0<br>ip addr add 38.248.1.150\/24 dev br0<br>ip link set br0 up<br>ip route add default via 38.248.1.1<\/p>\n\n\n\n<p><br>On Provider B (Proxmox Node)<br>Edit \/etc\/network\/interfaces:<\/p>\n\n\n\n<p>auto vxlan100<br>iface vxlan100 inet manual<br>pre-up ip link add vxlan100 type vxlan id 100 \\<br>dev eth0 \\<br>remote 38.248.1.150 \\<br>dstport 4789 \\<br>local 185.17.1.2 \\<br>ttl 255<br>up ip link set vxlan100 up mtu 1450<br>post-down ip link del vxlan100<\/p>\n\n\n\n<p>auto vmbr2<br>iface vmbr2 inet manual<br>bridge_ports vxlan100<br>bridge_stp off<br>bridge_fd 0<\/p>\n\n\n\n<p><br>! Do not assign the \/24 to vmbr2. This bridge is purely for the VMs.<\/p>\n\n\n\n<p>On a Migrated VM in Provider B<br>Same config as if it were still in Provider A:<\/p>\n\n\n\n<p>IP: 38.248.1.152<br>Netmask: 255.255.255.0<br>Gateway: 38.248.1.1<br><\/p>\n\n\n\n<p> Firewall \/ Networking Notes<br>Allow UDP\/4789 in both directions (between 38.248.1.150 \u2194 185.17.1.2).<\/p>\n\n\n\n<p>MTU must be reduced to ~1450 (or lower if path MTU is smaller).<\/p>\n\n\n\n<p>Some providers have \u201canti-MAC spoofing\u201d \u2014 if so, you may need to request that they disable it for the VXLAN tunnel endpoints.<\/p>\n\n\n\n<p>Testing<br>On Provider B:<\/p>\n\n\n\n<p>bridge link show<br>Should show vxlan100 as a port in vmbr2.<\/p>\n\n\n\n<p>From the migrated VM in Provider B:<\/p>\n\n\n\n<p>ping 38.248.1.1<br>If it works, you\u2019ve got transparent L2 connectivity over VXLAN.<\/p>\n\n\n\n<p><strong>GRE vs VXLAN Quick Comparison<br><\/strong>Feature                                     GRE\/gretap          VXLAN<br>Layer 2 capable                         gretap only      Yes<br>Encapsulation                       Protocol 47 (GRE)         UDP<br>Likely to pass firewalls               Lower              Higher<br>Overhead                                ~24 bytes               ~50 bytes<br>MTU impact                            Moderate                Slightly more<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Extra: according to chatgtp \ud83d\ude00this also can be achieved using VXLAN setupBelow is this VXLAN setup ( did not tried or experiment this &#8211; just for extra information ) Alright \u2014 here\u2019s the VXLAN version of your setup.VXLAN is nice because it uses UDP (default port 4789), which almost always passes through firewalls\/NAT, and it\u2019s [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-1683","post","type-post","status-publish","format-standard","hentry","category-kategerisiz"],"_links":{"self":[{"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/posts\/1683","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/comments?post=1683"}],"version-history":[{"count":3,"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/posts\/1683\/revisions"}],"predecessor-version":[{"id":1686,"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/posts\/1683\/revisions\/1686"}],"wp:attachment":[{"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/media?parent=1683"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/categories?post=1683"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.shukko.com\/x3\/wp-json\/wp\/v2\/tags?post=1683"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}