Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Using Virtual IP to move servers

    Scheduled Pinned Locked Moved General pfSense Questions
    6 Posts 2 Posters 712 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • U Offline
      unsichtbarre
      last edited by

      I have a situation where I need to relocate several servers from on-premises to a datacenter in another location. Problem is: all of the devices on-premises that communicate with the servers are hard-coded with the server IP and the devices can not be (reasonably) updated.

      Can I use a Virtual IP on pfSense on-premises to NAT to the servers new IP in the datacenter over an IPsec tunnel?

      For example:
      Server original IP on-premises: LAN 10.0.0.0/24 Server: 10.0.0.100 GW: 10.0.0.1
      pfSense on-premises: 10.0.0.1, Virtual IP: 10.0.0.100
      Server current IP in Datacenter: LAN: 192.168.1.0/24 Server: 192.168.1.100 GW: 192.168.1.1
      pfSense in datacenter: 192.168.1.1

      Do I create the NAT on-premises or in the datacenter? My thought is to create regular NAT in the datacenter 10.0.0.100 > 192.168.1.100. Will this work?

      THX,
      -J

      1 Reply Last reply Reply Quote 0
      • stephenw10S Offline
        stephenw10 Netgate Administrator
        last edited by

        Yes, but your NAT has to be on-premises. You can't have the same subnet at both ends of the IPSec tunnel.

        Also I hope 192.168.1.0/24 is just for an example here. You should really avoid using that in a data center, it's almost certain to conflict with some remote network at some point.

        Steve

        U 1 Reply Last reply Reply Quote 1
        • U Offline
          unsichtbarre @stephenw10
          last edited by

          @stephenw10 Yes, only examples.
          So, I am thinking Virtual IP Proxy ARP. Except the Remote network

          1 Reply Last reply Reply Quote 0
          • stephenw10S Offline
            stephenw10 Netgate Administrator
            last edited by

            You probably could use ProxyARP but I would just use IPAlias unless you have a reason not to.

            U 1 Reply Last reply Reply Quote 0
            • U Offline
              unsichtbarre @stephenw10
              last edited by

              @stephenw10 THX for the responses, very helpful!

              I am having trouble visualizing how an IP Alias would work?

              I need a device (let's say: 10.0.0.101) to "think" it is communicating with a server on the same LAN at 10.0.0.100, where in point of fact that server has been relocated to a datacenter on the other side of an IPsec VPN and the server is now 192.168.1.101 (example only).

              1 Reply Last reply Reply Quote 0
              • stephenw10S Offline
                stephenw10 Netgate Administrator
                last edited by stephenw10

                Right so add an IPAlias at 10.0.0.100 on the pfSense LAN in that subnet.

                Then add a port forward (or 1:1 NAT rule) for 10.0.0.100 to the new IP on the other side of the tunnel.

                Steve

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.