Sentry Tunnel for FiveM/GTA Online

VXLAN Setup for FiveM server

In this guide, I will walk you through the process of setting up a Sentry Tunnel for a FiveM server running on Windows 11, using the txAdmin panel. Notes: Sentry Tunnel/VXLAN requires a Linux Server. Hence, I will also include instructions for setting up a Linux proxy in front of the Windows server.

If you're already running your FiveM server on a Linux OS, simply skip the proxy creation step.

1. Verify that the server is running:

In my example, the server is running and reachable on 103.120.39.17:30120

2. Tunnel Creation

Follow the Sentry Tunnel General Setup guide.

2.1 FOR LINUX SERVER:

Ensure both the backend port (30120) and the VXLAN port (34251) are open and accepting connections. You can refer to this guide for further instructions.

Copy and run the setup script located at the bottom of the page. Verify the tunnel creation by running the following command:

ip -s link show vxlan_<id>

If the tunnel was successfully created, you will see output similar to this:

root@admin:~# ip -s link show vxlan_47
418: vxlan_47: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/ether 12:cc:cb:ab:1f:e8 brd ff:ff:ff:ff:ff:ff
    RX: bytes  packets  errors  dropped missed  mcast
    341644143  2036858  0       0       0      0
    TX: bytes  packets  errors  dropped carrier collsns
    53378176   387353   0       0       0      0

At this point, you should be able to ping the private IP address:

root@admin:~# ping 172.18.128.2
PING 172.18.128.2 (172.18.128.2) 56(84) bytes of data.
64 bytes from 172.18.128.2: icmp_seq=1 ttl=64 time=51.6 ms
64 bytes from 172.18.128.2: icmp_seq=2 ttl=64 time=50.9 ms
64 bytes from 172.18.128.2: icmp_seq=3 ttl=64 time=50.0 ms
64 bytes from 172.18.128.2: icmp_seq=4 ttl=64 time=50.0 ms

Finally, proceed to Step 4 to complete the setup.

2.2 FOR WINDOWS SERVER: Head to step 3 to create your NGINX Proxy.

3. NGNIX Proxy Creation

Skip this step if you already have a Linux server.

This goes without saying that the endpoint IP address of your VXLAN tunnel should be the Linux's server IP.

Since the VXLAN tunnel can only be created on a Linux server, as a Windows user, you will need access to a Linux server. We recommend using a reputable hosting provider. In this example, the proxy IP address is 108.61.149.182.

Navigate to your nginx.conf file, which can be found at one of these locations:

/usr/local/nginx/conf/nginx.conf
/etc/nginx/nginx.conf n

Use your preferred editor (e.g., nano), and add the following configuration:

(It goes without saying that you should replace the corresponding IP addresses to match your own).

stream {
    upstream backend {
        server 108.61.149.182:30120; # your proxy IP address
    }
    server {
		listen 104.234.6.128:30120; # your VXLAN tunnel public IP
		proxy_pass 103.120.39.17:30120; # your backend IP address
	}
	server {
		listen 104.234.6.128:30120 udp reuseport;
		proxy_pass 103.120.39.17:30120;
	}
}

Reload your NGINX server: service nginx reload

Now, return to Step 2 and run the setup script. Follow the instructions for the Linux server.

4. Update the config file

In your server.cfg file, change it to something similar to this example:

set sv_forceIndirectListing true
set sv_proxyIPRanges "104.234.6.128/32" 
set sv_endpoints "104.234.6.128:30120"

For Pterodactyl user you might need to have set sv_forceIndirectListing false to avoid an issue with serverlist query:

Server list query returned an error … The SSL connection could not be established … Connection reset by peer

You might want to also specify the UDP endpoint for your server:

endpoint_add_udp 104.234.6.128:30120

If you are using a domain, make sure it's pointing to the VXLAN public IP address, which in this case is 104.234.6.128

And that should be pretty much everything you have to do.

PreviousSentry Tunnel for Bedrock/Geyser/PocketMine/VoiceChat NextCommon issues and Debugging

Last updated 14 days ago

Was this helpful?