Tunnel DDoS protected OVH IP to VM’s in other datacenter

If you have some VPS nodes and you like to make DDoS protection available for your VM’s () then you are on the right page!

We are going to route DDoS-protected IPs from OVH (or any other ISP). to our unprotected servers elsewhere, so you can use those IP addresses on your VM.

Things you need to know

  • I use libvirt/kvm to virtualize.
  • I already setup a bridged network for my VM’s and my VM’s are trying to get a network via this bridge. (br0)
  • I do not use any firewall.
  • Please update the linux kernel to the lastest one possible (Windows + GRE routing are not friends on lower kernels).
  • Do NOT use the inbuild libvirt bridge option! But make an own bridge interface because the libvirt one is buggy!!!

First we have to create a GRE tunnel between the 2 servers (The OVH server and the VM host).
I use Centos 7 but you can do this on almost every Linux OS.

Public IPv4 server 1:
Public IPv4 server 2:
IP block I want to use on server 2:
Bridge interface server2: br0

Run this on server 1:

ip tunnel add gre1 mode gre remote local ttl 255
ip link set gre1 up

Run this on server 2:

ip tunnel add gre1 mode gre remote local ttl 255
ip link set gre1 up

Then we need to create a route on server 1 that will route the IP traffic over the GRE tunnel

Run this on server 1:

ip route add dev gre1

The next step is to route data from the GRE tunnel to the bridge and back.

Run this on server 2:

ip rule add from table 666
ip route add default dev gre1 table 666
ip route add dev br0 table 666

The last thing to do is to add the IP the to bridge. This is gonna be the gateway for your VM’s!
Use the second IP of the range!

Run this on server 2:

ip addr add dev br0

You should be able to ping now..

Use the following network config in the adapter of your VM:

IP address:
Mask: (depends on the subnet)

Your VPS will have a working internet connection now! Hope this will help you out…

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button