| title | excerpt | updated |
|---|---|---|
Sostituzione del OVHgateway (EN) |
Find out how to replace the OVHgateway with another manageable virtual machine |
2022-12-05 |
This guide will explain how to replace the outgoing internet gateway (OVHgateway) with another network operating system that will give you, in addition to internet access, the ability to configure NAT and VPN (Ipsec or SSL VPN).
Warning
OVHcloud provides services for which you are responsible, with regard to their configuration and management. It is therefore your responsibility to ensure that they function correctly.
This guide is designed to assist you in common tasks as much as possible. Nevertheless, we recommend contacting a specialist service provider or reaching out to our community if you experience any issues.
- One Nutanix cluster provided by OVHcloud
- Access to the OVHcloud Control Panel
- Access to your clusters via Prism Central
The OVHgateway uses two network cards by default:
- One on VLAN 0 (base) connected to the internet with an additional OVHcloud IP address.
- One on VLAN 1 (infra) connected to the local administration network with a range of IP addresses, in this example in 192.168.10.0/24.
In our guide, we will replace this gateway with the network operating system pfSense Community edition without software support.
[!primary] It is entirely possible to use this guide to install other network operating systems compatible with AHV.
Download an ISO image for the pfSense installation from this link: Downloading pfSense{.external}.
Using this documentation, add the pfSense ISO image to your Nutanix cluster.
Create a virtual machine with these settings:
- Name:
GW-PFSENSE - Storage1:
100 GB HDD - Storage2:
DVD drive connected to the pfSense ISO file - RAM:
4 GB - CPU:
2 vCPU - Network:
2 network cards, one on VLAN 0 (base) and the other on VLAN 1 (infra)
You can use our guide on virtual machine management to create this virtual machine.
{.thumbnail}
To avoid duplicate IP addresses on the network, stop the OVHgateway virtual machine before starting the new virtual machine on pfSense.
Via Prism Central, click in the top left on the main menu{.action}.
{.thumbnail}
Click VMs{.action}.
{.thumbnail}
Click on the OVHgateway{.action} virtual machine.
{.thumbnail}
From the More{.action} menu at the top, click Soft Shutdown{.action}.
{.thumbnail}
Retrieve information about the OVHcloud gateway network settings.
Log in to the OVHcloud Control Panel, select your Nutanix cluster, and find the information in the IPFO field.
{.thumbnail}
IPFO is a range of 4 addresses. The first and last are reserved, the third is on OVHcloud hardware and serves as an Internet gateway. The only usable IP address is the second address in the range.
During installation, we will reuse this information to assign it to the new GW-PFSENSE virtual machine.
XX.XX.XX.N Reserved network address that appears on the OVHcloud client site
XX.XX.XX.N+1 IP address to be assigned to the GW-PFSENSE virtual machine WAN interface
XX.XX.XX.N+2 Address to be used as a gateway on the GW-PFSENSE VM WAN interface
XX.XX.XX.N+3 Reserved broadcast IP addressFor example, if the IPFO address displayed on the client site is 198.51.100.0/30, use:
- 198.51.100.1 for the WAN interface address.
- 198.51.100.2 for the gateway on the WAN interface.
Go back to virtual machine management in Prism Central and click on GW-PFSENSE{.action}.
{.thumbnail}
Select Power On{.action} from the More{.action} menu.
{.thumbnail}
Click Launch console{.action}.
{.thumbnail}
Review the pfSense licence information and press the Enter{.action} key to accept it.
{.thumbnail}
Choose Install, switch to OK with the Tab{.action} key and press Enter{.action}.
{.thumbnail}
Select Continue with default keymap, go to Select with the Tab{.action} key and press the Enter{.action} key.
{.thumbnail}
Select Auto (ZFS), switch to OK with the Tab{.action} key, and then press the Enter{.action} key.
{.thumbnail}
Go to Select with the Tab{.action} key and press Enter{.action}.
{.thumbnail}
Select Stripe, switch to OK with the Tab{.action} key, and then press Enter{.action}.
{.thumbnail}
Select NUTANIX VDISK with the Space{.action} bar. Then go to OK with the Tab{.action} key and press Enter{.action}.
{.thumbnail}
Go to YES with the Tab{.action} key and press the Enter{.action} key.
{.thumbnail}
Choose NO with the Tab{.action} key and press the Enter{.action} key.
{.thumbnail}
Select Reboot and press the Enter{.action} key.
{.thumbnail}
From Prism Central, go back to GW-PFSENSE virtual machine management and perform the following steps to eject the CDROM.
Click on Soft Shutdown{.action} in the More{.action} menu on the GW-PFSENSE virtual machine to stop this virtual machine.
{.thumbnail}
Click Update{.action}.
{.thumbnail}
Click Next{.action}.
{.thumbnail}
Click the Eject{.action} icon next to the CDROM.
{.thumbnail}
Click Next{.action}.
{.thumbnail}
Click Next{.action}.
{.thumbnail}
Click Save{.action}.
{.thumbnail}
Click Power On{.action} in the More{.action} menu.
{.thumbnail}
Click Launch Console{.action} to continue the installation after startup.
{.thumbnail}
We will configure the pfSense gateway IP addresses as follows:
- WAN interface: Use this part of the Retrieving a public address in the OVHcloud Control Panel guide to assign the IP address and gateway on this interface.
- LAN Interface: 192.168.10.254/24 which is the gateway address of the Nutanix cluster private network followed by the subnet mask.
Accept the licence by pressing the Enter{.action} key.
{.thumbnail}
Type n and press the Enter{.action} key when asked if you need VLANs.
{.thumbnail}
Type vtnet0 as the interface name for the WAN and press Enter{.action}.
{.thumbnail}
Type vtnet1 as the interface name for the LAN and press Enter{.action}.
{.thumbnail}
Confirm the changes by entering y, then press the Enter{.action} key.
{.thumbnail}
Type 2 to choose Set interface(s) IP address and press Enter{.action}.
{.thumbnail}
Select the WAN interface by typing 1 and pressing Enter{.action}.
{.thumbnail}
Type n and press Enter{.action} when prompted to configure the address by DHCP.
{.thumbnail}
Type the public IP address with the mask and press the Enter{.action} key, for example: 198.51.100.1/30.
Then enter the public gateway IP address and press the Enter{.action} key, for example: 198.51.100.2.
{.thumbnail}
Type n and press the Enter{.action} key when the wizard offers you the configuration of the IPv6 address WAN interface via DHCP6.
{.thumbnail}
When requested to revert to HTTP as the webConfigurator protocol, type n and press Enter{.action}.
{.thumbnail}
Press Enter{.action} to validate the registration of the IP address of the WAN.
{.thumbnail}
Type 2 and press the Enter{.action} key to configure IP addresses.
{.thumbnail}
Take option 2 and press the Enter{.action} key to change the LAN IP address.
{.thumbnail}
Type the private IP address followed by the mask 192.168.10.254/24 and press the Enter{.action} key.
{.thumbnail}
Press the Enter{.action} key to not put a gateway on the LAN interface.
{.thumbnail}
Press the Enter{.action} key to disable IPv6 usage.
{.thumbnail}
Type n and press the Enter{.action} key on the DHCP server activation request.
{.thumbnail}
Answer n and press the Enter{.action} key when prompted to revert to HTTP as the webConfigurator protocol.
{.thumbnail}
You can now manage the HTTPS gateway on the private network of the Nutanix cluster.
Press the Enter{.action} key to complete the command line configuration.
{.thumbnail}
Connect to the pfSense Web Console with the URL https://192.168.10.254 from a cluster virtual machine on the AHV LAN: Base.
Enter the following information:
- User account: admin
- Default password: pfsense
Then click SIGN IN{.action}.
{.thumbnail}
From the System{.action} menu, choose User Manager{.action}.
{.thumbnail}
Click the Pen{.action} icon.
{.thumbnail}
Enter and confirm the password to the right of Password.
{.thumbnail}
Confirm the changes by clicking Save{.action} at the bottom of the menu.
{.thumbnail}.
Go to the Firewall{.action} menu and choose Rules{.action}.
{.thumbnail}
Check that you are on the WAN tab, then click the Add{.action} button (at the bottom with the up arrow) to create a firewall rule.
{.thumbnail}
Set these options in the Edit Firewall Rule section:
- Action:
Pass - Interface:
WAN - Address Family:
IPv4 - Protocol:
TCP
Select Single host or alias from the Source drop-down menu and enter the public address that can connect to the pfSense firewall.
{.thumbnail}
Then set these options in the Destination section:
- Destination:
WAN address - Destination Port Range From:
HTTPS - Destination Port Range To:
HTTPS
Click Save{.action}.
{.thumbnail}
Click Apply Changes{.action} to activate the rule.
{.thumbnail}
The pfSense administration interface is then accessible from the Internet, only from the authorised network in HTTPS, here https://198.51.100.1.
We will create a new subnet in VLAN 2 with an address range in 192.168.2.0/24 and a gateway in 192.168.2.254.
Log in to Prism Central to make these changes:
Use the Isolating management machines from production guide to create a new VLAN on your Nutanix cluster with these settings:
- VLAN name:
Production - VLAN number:
2
Your new network must appear in Subnets.
{.thumbnail}
Now that the new subnet has been created, we will add an adapter to the configuration of your GW-PFSENSE virtual machine.
Via the virtual machine management, select your GW-PFSENSE virtual machine, go to the Actions{.action} menu and choose Update{.action}.
{.thumbnail}
Click Next{.action}.
{.thumbnail}
Click Attach to Subnet{.action}.
{.thumbnail}
Choose the Production{.action} subnets and click Save{.action}.
{.thumbnail}
Click Next{.action}.
{.thumbnail}
Click Next{.action}.
{.thumbnail}
Click Save{.action}.
{.thumbnail}
Log in to the pfSense interface in https, with the public address (for example, https://198.51.100.1) in your pfSense administration interface, and follow these instructions:
Go to the Interfaces{.action} menu and click Assignments{.action}.
{.thumbnail}
Click + Add{.action} to the right of Available network ports:.
{.thumbnail}
Click Save{.action}.
{.thumbnail}
In the Interfaces{.action} menu, click OPT1{.action}
{.thumbnail}
Check Enable Interfaces and modify these settings :
- Description :
VLAN2 - IPv4 Address :
192.168.2.254/24
Click Save{.action}.
{.thumbnail}
Click Apply Changes{.action}.
{.thumbnail}
Go to the Firewall menu and click Rules{.action}.
{.thumbnail}
Go to the VLAN2{.action} tab and click the Add{.action} button on the left.
{.thumbnail}
Change these values :
- Protocol :
Any - Source :
VLAN2 net - Destination :
any
Click Save{.action}.
{.thumbnail}
Click Apply Changes{.action}.
{.thumbnail}
Your VLAN 2 is now connected to the Internet.
If you need training or technical assistance to implement our solutions, contact your sales representative or click on this link to get a quote and ask our Professional Services experts for assisting you on your specific use case of your project.
Join our community of users on https://community.ovh.com/en/.