I recently ordered an bare metal server with OVHCloud and installed xcp-ng on it. I gave the management IP the default public IP I was given. I went ahead and ordered an public /29 IP block.
The plan is to use pfsense to installed as an VM on xcp-ng. How would I route my public IPs I bought to the pfsense box? I tried adding multiple IP’s to the public facing NIC which is also my management NIC but it wont let me add multiple IP’s.
You don’t assign the IP’s to the interface within XCP-NG you do the assigning inside of pfsense.
I use OVH bare metal as well, but instead use ESXi with a virtual pfSense as my firewall. First thing is make sure you create an ACL for access limiting only traffic from your IP to the mgmt port for XCP-ng.
Once you spin up the VM, then you need to console in and assign the initial IPs. I also spun up a Windows box so I could access the firewall via the web interface to complete the config.
The default gateway that I had to configure on the firewall took some guessing since I was assigned a /32. I used the same gateway address as my ESXi mgmt port and just changed the subnet mask to a /16. Traffic started flowing fine with that config.
Thanks for your help!
ugh… what a pain. I did similarly to what you did and finally got it to work.
But it is the best value for bare metal out there IMO and worth it once you figure it out.
Yes! 100% best bang for the buck.
How did you set up your IP block with pfsense? I bought a /29 ip block and under WAN address I used the second IP in the range and for the gateway I used the default gateway of my host machine dedicated IP (.254). @FredFerrell
I set the WAN netmask to /29 and it doesn’t work but when I set it to a /32 it does work.
OK so I got the /29 to work when I created a virtual mac from OVH and assigned it to NIC and that all works but when I create virtual IP, that’s in my /29 range, the IP doesn’t have any connectivity. I’m assuming it has something to do with the virtual MAC? Is there a way to get around this?
Yes, I did create a virtual MAC for my IP block, but mine is only a /32 so only one IP. Maybe try to create a new interface and assign an additional virtual MAC for that IP with OVH?
Yeah I created a virtual NIC for each IP but unfortunately XCP-NG only allows 7 NICs mac and also pfsense only allows the wan gateway to be assigned to one IP.
You can assign pfsesne multiple WAN IP’s
Thanks @LTS_Tom !
I tried this but the ISP requires the MAC address assigned to the IP to be attached to the VIF in xcp-ng. I cant add multiple MAC addresses to a single VIF.
Can’t you use the same MAC for multiple IP addresses in the OVH portal?
No it doesn’t seems to work like that. You can assigns each IP a virtual MAC address or you have the option of no MAC address.
I use hetzner.
Which just looking at the specs of the OVH the hetzner 1s seem to be better value.
Also I’ve considered trying the XCP setup but couldn’t never figure out the routing issue. All be I was wanting to do it with a 1 ipv4 address and /64 ipv6
I’ve heard good things about their hosting, but they don’t have any US locations for dedicated servers. Also, the best time to buy from OVH US is the week of black Friday. I got mine at half price.
Ohhh. Never thought about Black Friday. Will deffo have a look at there’s this year. I’ve got a hetzner auction for £30. Not really bothered about location. I don’t think OVH does anywhere locally to the UK so that could mean I can’t go with them due to latency