Private networks for VPS on Ubuntu

Private networks allow you to connect multiple VPS servers into a single closed network within the data center. All traffic between them passes through an internal channel without accessing the internet.

This provides enhanced security and significantly higher data exchange speeds compared to the public network.

Activate the private network

1. Log in to your Fornex Dashboard.
2. Go to the section Virtual servers → Private network.
3. Create a new private network or select an existing one.

Private network VPS section on Fornex

4. Add the required VPS servers to the network (they must be in the same location).

Setting up private network for VPS in Fornex

Configure the network interface on VPS

To make the private network work, you need to manually configure the second network interface on each server. The address range is 192.168.1.0/24.

You can use any free IP from this range, except .1 and .255.

Example configuration on Ubuntu 22.04/24.04 (Netplan)

1. Connect to the VPS via SSH and check for the second interface:

ip a

You will see the eth1 interface (or ens7) in DOWN state.

2. Edit the Netplan configuration file (usually /etc/netplan/00-installer-config.yaml):

nano /etc/netplan/00-installer-config.yaml

Example of the full file:

network:
  version: 2
  ethernets:
    eth0:
      addresses:
        - your_public_IP/24
      nameservers:
        addresses:
          - 1.1.1.1
          - 8.8.8.8
      routes:
        - to: default
          via: your_gateway
    eth1:
      addresses:
        - 192.168.1.15/24

On the second server, specify a different IP, for example 192.168.1.10/24.

3. Apply the changes:

netplan try

(The command will prompt you to confirm the changes; if everything works, press Enter. In case of issues, the configuration will roll back after 120 seconds.)

Then:

netplan apply

4. And check the result:

ip a

For example:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host noprefixroute 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 52:54:00:42:e1:d0 brd ff:ff:ff:ff:ff:ff
    altname enp0s3
    altname ens3
    inet 199.68.199.xxx/24 brd 199.68.199.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::5054:ff:fe42:e1d0/64 scope link 
       valid_lft forever preferred_lft forever
4: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 52:54:00:df:0b:0c brd ff:ff:ff:ff:ff:ff
    altname enp0s7
    altname ens7
    inet 192.168.1.15/24 brd 192.168.1.255 scope global eth1
       valid_lft forever preferred_lft forever
    inet6 fe80::5054:ff:fedf:b0c/64 scope link 
       valid_lft forever preferred_lft forever

The eth1 interface should be in UP state with the assigned private IP.

Check the private network operation

From one server, ping the private IP of the second server, specifying the interface:

ping -c 5 -I eth1 192.168.1.10

You should see successful responses with low response time (usually < 1 ms):

root@277946:~# ping -c 5 -I eth1 192.168.1.10
PING 192.168.1.10 (192.168.1.10) from 192.168.1.15 eth1: 56(84) bytes of data.
64 bytes from 192.168.1.10: icmp_seq=1 ttl=64 time=2.59 ms
64 bytes from 192.168.1.10: icmp_seq=2 ttl=64 time=0.490 ms
64 bytes from 192.168.1.10: icmp_seq=3 ttl=64 time=0.611 ms
64 bytes from 192.168.1.10: icmp_seq=4 ttl=64 time=0.585 ms
64 bytes from 192.168.1.10: icmp_seq=5 ttl=64 time=0.466 ms

--- 192.168.1.10 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4071ms
rtt min/avg/max/mdev = 0.466/0.948/2.590/0.822 ms

Now your VPS servers can securely and quickly exchange data within the closed network.