> For the complete documentation index, see [llms.txt](https://docs.tcpshield.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.tcpshield.com/vxlan/sentry-tunnel-for-fivem-gta-online.md).

# Sentry Tunnel for FiveM/GTA Online

In this guide, I will walk you through the process of setting up a Sentry Tunnel for a FiveM server running on Windows 11, using the txAdmin panel. **Notes**: **Sentry Tunnel/VXLAN requires a Linux Server.** Hence, I will also include instructions for setting up a Linux proxy in front of the Windows server.

If you're already running your FiveM server on a Linux OS, simply skip the proxy creation step.

## 1. Verify that the server is running:

In my example, the server is running  and reachable on `103.120.39.17:30120`&#x20;

<figure><img src="/files/jYzHOuzZRlY8PDcjLSJ3" alt=""><figcaption></figcaption></figure>

## 2. Tunnel Creation

Follow the Sentry Tunnel General Setup [guide](https://docs.tcpshield.com/vxlan/sentry-tunnel-general-setup#id-1.-tunnel-creation).

#### <mark style="color:green;">**2.1 FOR LINUX SERVER**</mark>:&#x20;

Ensure both the backend port (`30120`) and the VXLAN port (`34251`) are open and accepting connections. You can refer to this [guide](https://docs.tcpshield.com/vxlan/pages/tNANL6U2oTTO0aX4rw6H#id-4.-whitelist-vxlan-and-backend-ports) for further instructions.

Copy and run the setup script located at the bottom of the page. Verify the tunnel creation by running the following command:&#x20;

```
ip -s link show vxlan_<id> 
```

If the tunnel was successfully created, you will see output similar to this:

```python
root@admin:~# ip -s link show vxlan_47
418: vxlan_47: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/ether 12:cc:cb:ab:1f:e8 brd ff:ff:ff:ff:ff:ff
    RX: bytes  packets  errors  dropped missed  mcast
    341644143  2036858  0       0       0      0
    TX: bytes  packets  errors  dropped carrier collsns
    53378176   387353   0       0       0      0
```

At this point, you should be able to ping the private IP address:

```python
root@admin:~# ping 172.18.128.2
PING 172.18.128.2 (172.18.128.2) 56(84) bytes of data.
64 bytes from 172.18.128.2: icmp_seq=1 ttl=64 time=51.6 ms
64 bytes from 172.18.128.2: icmp_seq=2 ttl=64 time=50.9 ms
64 bytes from 172.18.128.2: icmp_seq=3 ttl=64 time=50.0 ms
64 bytes from 172.18.128.2: icmp_seq=4 ttl=64 time=50.0 ms
```

Finally, proceed to **Step 4** to complete the setup.

#### <mark style="color:orange;">**2.2 FOR WINDOWS SERVER**</mark>: Head to step 3 to create your NGINX Proxy.

## 3. NGNIX Proxy Creation

{% hint style="warning" %}
Skip this step if you already have a Linux server.&#x20;
{% endhint %}

*This goes without saying that the endpoint IP address of your VXLAN tunnel should be the Linux's server IP.*

Since the VXLAN tunnel can only be created on a Linux server, as a Windows user, you will need access to a Linux server. We recommend using a reputable hosting provider. In this example, the proxy IP address is <mark style="color:blue;">**`108.61.149.182`**</mark>.

Navigate to your `nginx.conf` file, which can be found at one of these locations:

* `/usr/local/nginx/conf/nginx.conf`
* `/etc/nginx/nginx.conf` n

Use your preferred editor (e.g., `nano`), and add the following configuration:

(*It goes without saying that you should replace the corresponding IP addresses to match your own*).

```python
stream {
    upstream backend {
        server 108.61.149.182:30120; # your proxy IP address
    }
    server {
		listen 104.234.6.128:30120; # your VXLAN tunnel public IP
		proxy_pass 103.120.39.17:30120; # your backend IP address
	}
	server {
		listen 104.234.6.128:30120 udp reuseport;
		proxy_pass 103.120.39.17:30120;
	}
}
```

Reload your NGINX server: `service nginx reload`&#x20;

Now, return to **Step 2** and run the setup script. Follow the instructions for the Linux server.

## 4. Update the config file

In your server.cfg file, change it to something similar to **this example**:

```python
set sv_forceIndirectListing true
set sv_proxyIPRanges "104.234.6.128/32" 
set sv_endpoints "104.234.6.128:30120"
```

{% hint style="danger" %}
For Pterodactyl user you might need to have `set sv_forceIndirectListing false`  to avoid an issue with serverlist query:&#x20;

{% code overflow="wrap" expandable="true" %}

```
Server list query returned an error … The SSL connection could not be established … Connection reset by peer
```

{% endcode %}
{% endhint %}

You might want to also specify the UDP endpoint for your server:

```coffee
endpoint_add_udp 104.234.6.128:30120
```

{% hint style="warning" %}
If you are using a domain, make sure it's pointing to the VXLAN public IP address, which in this case is `104.234.6.128`&#x20;
{% endhint %}

And that should be pretty much everything you have to do.
