> For the complete documentation index, see [llms.txt](https://docs.tcpshield.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.tcpshield.com/vxlan/sentry-tunnel-for-fivem-gta-online.md).
# Sentry Tunnel for FiveM/GTA Online
In this guide, I will walk you through the process of setting up a Sentry Tunnel for a FiveM server running on Windows 11, using the txAdmin panel. **Notes**: **Sentry Tunnel/VXLAN requires a Linux Server.** Hence, I will also include instructions for setting up a Linux proxy in front of the Windows server.
If you're already running your FiveM server on a Linux OS, simply skip the proxy creation step.
## 1. Verify that the server is running:
In my example, the server is running and reachable on `103.120.39.17:30120`
## 2. Tunnel Creation
Follow the Sentry Tunnel General Setup [guide](https://docs.tcpshield.com/vxlan/sentry-tunnel-general-setup#id-1.-tunnel-creation).
#### **2.1 FOR LINUX SERVER**:
Ensure both the backend port (`30120`) and the VXLAN port (`34251`) are open and accepting connections. You can refer to this [guide](https://docs.tcpshield.com/vxlan/pages/tNANL6U2oTTO0aX4rw6H#id-4.-whitelist-vxlan-and-backend-ports) for further instructions.
Copy and run the setup script located at the bottom of the page. Verify the tunnel creation by running the following command:
```
ip -s link show vxlan_
```
If the tunnel was successfully created, you will see output similar to this:
```python
root@admin:~# ip -s link show vxlan_47
418: vxlan_47: mtu 1450 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/ether 12:cc:cb:ab:1f:e8 brd ff:ff:ff:ff:ff:ff
RX: bytes packets errors dropped missed mcast
341644143 2036858 0 0 0 0
TX: bytes packets errors dropped carrier collsns
53378176 387353 0 0 0 0
```
At this point, you should be able to ping the private IP address:
```python
root@admin:~# ping 172.18.128.2
PING 172.18.128.2 (172.18.128.2) 56(84) bytes of data.
64 bytes from 172.18.128.2: icmp_seq=1 ttl=64 time=51.6 ms
64 bytes from 172.18.128.2: icmp_seq=2 ttl=64 time=50.9 ms
64 bytes from 172.18.128.2: icmp_seq=3 ttl=64 time=50.0 ms
64 bytes from 172.18.128.2: icmp_seq=4 ttl=64 time=50.0 ms
```
Finally, proceed to **Step 4** to complete the setup.
#### **2.2 FOR WINDOWS SERVER**: Head to step 3 to create your NGINX Proxy.
## 3. NGNIX Proxy Creation
{% hint style="warning" %}
Skip this step if you already have a Linux server.
{% endhint %}
*This goes without saying that the endpoint IP address of your VXLAN tunnel should be the Linux's server IP.*
Since the VXLAN tunnel can only be created on a Linux server, as a Windows user, you will need access to a Linux server. We recommend using a reputable hosting provider. In this example, the proxy IP address is **`108.61.149.182`**.
Navigate to your `nginx.conf` file, which can be found at one of these locations:
* `/usr/local/nginx/conf/nginx.conf`
* `/etc/nginx/nginx.conf` n
Use your preferred editor (e.g., `nano`), and add the following configuration:
(*It goes without saying that you should replace the corresponding IP addresses to match your own*).
```python
stream {
upstream backend {
server 108.61.149.182:30120; # your proxy IP address
}
server {
listen 104.234.6.128:30120; # your VXLAN tunnel public IP
proxy_pass 103.120.39.17:30120; # your backend IP address
}
server {
listen 104.234.6.128:30120 udp reuseport;
proxy_pass 103.120.39.17:30120;
}
}
```
Reload your NGINX server: `service nginx reload`
Now, return to **Step 2** and run the setup script. Follow the instructions for the Linux server.
## 4. Update the config file
In your server.cfg file, change it to something similar to **this example**:
```python
set sv_forceIndirectListing true
set sv_proxyIPRanges "104.234.6.128/32"
set sv_endpoints "104.234.6.128:30120"
```
{% hint style="danger" %}
For Pterodactyl user you might need to have `set sv_forceIndirectListing false` to avoid an issue with serverlist query:
{% code overflow="wrap" expandable="true" %}
```
Server list query returned an error … The SSL connection could not be established … Connection reset by peer
```
{% endcode %}
{% endhint %}
You might want to also specify the UDP endpoint for your server:
```coffee
endpoint_add_udp 104.234.6.128:30120
```
{% hint style="warning" %}
If you are using a domain, make sure it's pointing to the VXLAN public IP address, which in this case is `104.234.6.128`
{% endhint %}
And that should be pretty much everything you have to do.
---
# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.
## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://docs.tcpshield.com/vxlan/sentry-tunnel-for-fivem-gta-online.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.