As the title suggests, I'm having issues setting up the networking so that a server can access the internet. Bear with me while I lay out the infrastructure.
All 3 servers are hosted by Hetzner.
The Gateway and Server 1 are cloud servers while Server 2 is a dedicated server connected via vSwitch. Here's some documentation about this setup: Connect Dedicated Servers (vSwitch)
Server 1 and Server 2 should not have a public IP address, and all traffic goes through the gateway.
All port 53 (DNS) requests are routed to the gateway.
I have a working VPN connection from my pc into the private network.
Network 10.1.0.0/16
Static Route 0.0.0.0/0 -> 10.1.0.2
Subnet 10.1.0.0/24
Gateway 10.1.0.2 (pfSense - OpenVpn, DnsResolver)
Server1 (Cloud) 10.1.0.3
Subnet 10.1.1.0/24
Server2 (Dedicated) 10.1.1.3
Server 1
Ubuntu 22.04
- Accessisble via vpn
- Can ping/access 10.1.0.1, 10.1.0.2, 10.1.1.3
- Can ping/access internet
- Can resolve any domain (external and network internal via pfSense DNS Resolver)
ip route
default via 10.1.0.1 dev enp7s0 proto static onlink
10.1.0.0/16 via 10.1.0.1 dev enp7s0 proto dhcp src 10.1.0.3 metric 100
10.1.0.1 dev enp7s0 proto dhcp scope link src 10.1.0.3 metric 100
169.254.169.254 via 10.1.0.1 dev enp7s0 proto dhcp src 10.1.0.3 metric 100
Netplan
network:
version: 2
renderer: networkd
ethernets:
enp7s0:
dhcp4: true
routes:
- to: default
via: 10.1.0.1
nameservers:
addresses:
- 10.1.0.2
- 8.8.4.4
- 8.8.8.8
tracepath -n 10.1.1.3
1?: [LOCALHOST] pmtu 1450
1: 10.1.0.1 2.623ms
1: 10.1.0.1 1.490ms
2: 169.254.255.255 1.934ms asymm 1
3: 10.1.1.3 25.501ms reached
Resume: pmtu 1450 hops 3 back 2
tracepath -n google.com
1?: [LOCALHOST] pmtu 1450
1: 10.1.0.1
1: 10.1.0.1
2: 10.1.0.2
3: 172.31.1.1
Server 2
Ubuntu 22.04
- Accessisble via vpn
- Can ping/access 10.1.0.2, 10.1.0.3
- Can NOT ping 10.1.1.1
- Can NOT ping/access internet
- Can resolve any domain (external and network internal via pfSense DNS Resolver)
ip route
default via 10.1.1.1 dev enp2s0.4000 proto static
10.1.1.0/24 dev enp2s0.4000 proto kernel scope link src 10.1.1.3
netplan
network:
version: 2
renderer: networkd
ethernets:
enp2s0: {}
vlans:
enp2s0.4000:
id: 4000
link: enp2s0
mtu: 1400
addresses:
- 10.1.1.3/24
routes:
- to: default
via: "10.1.1.1"
nameservers:
addresses:
- 10.1.0.2
- 8.8.4.4
- 8.8.8.8
tracepath -n 10.1.0.3
1?: [LOCALHOST] pmtu 1400
1: 10.1.1.1 0.393ms
1: 10.1.1.1 0.364ms
2: 10.1.0.3 25.265ms reached
Resume: pmtu 1400 hops 2 back 3
tracepath -n google.com
1?: [LOCALHOST] pmtu 1400
1: no reply
As you can hopefully see, the issue I have is with the dedicated server (Server 2) which does not seem to be able to connect to it's subnet gateway (10.1.1.1) and beyond, but it can connect to other servers in the private network just fine.
Maybe I'm looking at the wrong thing?