Proxmox + opnsense

CorradoD · July 19, 2018, 3:53pm

Hi,

i followed some tutorial but my opnsense on proxmox won't work.
My OVH is configured as follow:
main ip 54.38.195.26
gateway 54.38.195.254
failover ip 137.74.7.20 with mac address 02:00:00:92:26:81

I created 2 bridges in proxmox. vmbr1 has the failover ip

!28|690x76

I created opnsense VM with 2 nic where the WAN has failover mac address

!13|690x114

I installed opnsense and configured the lan with 192.168.1.254 and dhcp from 192.168.1.0 to 100.
I configured WAN with my failover ip/32 and non gateway

I setup gateway from shell:

route add - net 54.38.195.254/32 -iface em0
route add default 54.38.195.254

After that I created nat outbound rule for all from WAN to any port.
But if I ping nothing works

any ideas?

thanks

Corrado

CorradoD · July 21, 2018, 2:45pm

Hi,
I reinstalled proxmox pfsense an ubuntu.

my OVH config with new mac address for failover ip

!06|690x134

my PROXMOX config

— /etc/network/interfaces 2018-07-21 13:48:12.349355450 +0200
+++ /etc/network/interfaces.new 2018-07-21 15:37:57.003200781 +0200
@@ -15,7 +15,9 @@
iface enp3s0 inet manual

auto vmbr1
-iface vmbr1 inet manual
+iface vmbr1 inet static
+ address 137.74.7.20
+ netmask 255.255.255.255
bridge-ports none
bridge-stp off
bridge-fd 0
!42|690x74
my pfsense Config

wan : 137.74.7.20/32 mac: 02:00:00:df:8d:a7
gateway : 54.38.195.254

I setted pfsense from gui following this guide

https://t3chguides.wordpress.com/2016/09/04/setup-pfsense-with-vmware-esxi-6-on-rented-dedicated-server/

I used advanced setting on gateway for setting a non same subnet gateway (instead of shell command).

my pfsense don't ping gateway!

thanks

HendrikV · July 27, 2018, 3:33am

Hi @CorradoD,

Well… the way OVH's network works, ofSense have some "fun" issues, which is the reason I have my "clustered" proxmox clients, all use the vRack interface for the pfSense gateways, which works without the MAC address assignments etc.

a few pointers:

* vmbr0 is in this description the "Internet" facing bridge
* attach eth0 (the internet facing interface of the dedicated server running proxmox) to the vmbr0 bridge
* The proxmox vmbr0 network interface should have the "main" IP that was assigned to your dedicated server, with a netmask of /24 and the gateway the a.b.c.254, that way the proxmox is still reachable (Yes, doing that change I'll advise you get the remote KVM console setup to be able to fix things gone wrong especially as this is a fun thing to break)

Once the above is working properly (ie `ip addr` shows vmbr0 with the dedi's IP address and you can connect to the proxmox WebUI) you may proceed to the next steps:

* attach the pfSense's WAN interface to the vmbr0
Remember to assign that interface the FO IP's mac-address assigned/generated to you by OVH (02:00:00:df:8d:a7 in your screenshot)
* Youll have to start the pfSense installation via the console screen, and f the WAN is your main/starting interface, you'll have to try and force the following on the shell prompt if the "assign ip" menu doesn't allow it:
** assign the IP 137.74.7.20/24 to the WAN interface
** assign the GW as 137.74.7.254 (I've found this sometimes works to just get going…)
else you could try the 137.74.7.254/32 and the dedi/proxmox's gateway, ie. a.b.c.254, haven't do that lately.
* when you assign the IP for the WAN interface for the pfSense, you might find somewhere in the WebUI for pfSense a setting with the later (I recall 2.3.x or 2.4.x only started with it) where it "allows" the strange routing setup, else you'll have to go through some other hoops ;( and that option does safe the day… will need to go a search for it

All the best, I've been having fun times fixing those, but got it working eventually, though I still prefer the vRack method… no forced mac addresses etc. (Just the vRacks doesn't yet support IPv6 ;( )