IP Routing for PFSENSE with OVH network and default gateway out of subnet Print

  • OVH, pfsense firewall, gateway, routing, IP failover
  • 4

IP FAILOVER configuration for PFSENSE with OVH network

If you buy a VMware server and an IP block from OVH you will be surprised because the default gateway don't match the IP block and this is a problem for PFSENSE.
Even if this setup is unusual, it is valid and give full satisfaction if you know how to configure your firewall and hosts.

 

It's important to configure pfsense networking as follow:

The default gateway is the ESXI HOST ip with final .254 (XX.XX.XX.254)

- iface em0 is the WAN interface (it can be different depending on your configuration)

- in pfsense GUI, LAN and WAN interface do not have default gateway assigned

- use cmdshell addon to make "permanent" the route to OVH default gateway, cmdshell is an pfsense addon to be downloaded

- add in cmdshell the following commands, if you don't have cmdshell install you can type those commands manually but the configuration will be lost when pfsense is rebooted:

        1. route add -net xx.xx.xx.254/32 -iface em0  (iface em0 = WAN interface)

        2. route add default xx.xx.xx.254   (XX.XX.XX.254 = is the HOST IP address with final .254)


Masquerade source address (hide NAT)

Here is how it should be configured to be able to navigate from the internal network, 192.168.6.x is the LAN addressing

 

UPDATE 03/12/2021 - Method #2

 

1. Open your pfSense's admin interface

2. Navigate to System-> Routing-> Gateways and click Add button

3. Insert all relative parameters of your gateway:

  • Interface - WAN Interface on which you want to install OVH's Failover IP
  • Address Faily - IPv4
  • Name - Gateway Name
  • Gateway - Your gateway IP address depends on ESXi host on which you are configuring pfSense Virutal Machine, so generally it's made up of the first three octets of your server's main IP address, with 254 as the last octet (ex. if your main server's IP address is 123.123.123.178, your gateway is 123.123.123.254)
  • Monitor - Can be used for checking your gateway health




Then click to Display Advanced button and check the Use non-local gateway checkbox



Click on Save button

4. Open your WAN interface (Interfaces -> WAN)

  • IPv4 Configuration Type - Static IPv4
  • IPv4 Address - Your Failover IP
  • IPv4 Upstream Gateway - Select the gateway that you have just created
  • Click on Save button

 


Was this answer helpful?

« Back