XCP-NG Management with no networking

Hello, I am trying to figure out how I want to configure my server for colocation. I will receive the IPs directly to the server - I am not using a physical firewall/router in front of it. I plan on running pfSense as to handle my networking - the IPs will go straight to the pfSense WAN interface via the physical NIC on the server. My VMs will be behind the pfSense VM on a virtual interface on XCP-NG. That’s the easy part. No problems there I’ve done it before.

My problem comes when I want to manage the host itself - Xen Orchestra has to communicate with XOA(in this instance XOA will live behind pfSense on the virtual LAN.) With both IPs passing through to pfSense, the physical host itself will not have any networking, so how is it going to communicate with XOA?

With ESXi I could add a management interface on the pfSense LAN and access it through pfSense no issue at all. Even though the host itself did not have network access, the management interface listening on the pfSense LAN allowed me to still access the ESXi UI. The pfSense VM auto started so I would always have access to the host. Is there anything similar for XCP-NG?

Am I going to have to burn one of my 2 IPs for the host itself?

You can create a private IP attached to an interface XCP-NG and then have XO also have a private IP also going to that same interface, then another IP on the LAN side of pfsense so you can get to XO.

I can’t seem to bind a private IP to the host itself - it will only bind to the physical adapter. What did work for me is using the built in “host internal management network”. This interface is bound to the host with 169.254.0.1. On my XO I also added that interface and set a static IP 169.254.0.2 and I was able to add the host.

Ahh I think I figured out what Tom was saying - in XO I added a new private network on the host. Then I used XCPNG Center and was able to make the management interface on that private network. Assigned it a static IP, then also assigned that interface to XO with a different IP. They were able to ping each other and I was able to add the host.

1 Like