Two totally separate IP's on WAN - how to configure on VULTR



  • This instance is running VULTR. They provide 1-3 IP's. The 1st obviously is the default, and with one IP my pfsense works flawlessly. Adding the second IP does not seem like a trivial task. The second IP is from a completely different subnet.

    1. I add a gateway 108.61.198.1 ("with the option Use non-local gateway through interface specific route.")
    2. I add a new virtual IP 108.61.198.55
    3. I add a new firewall rule to allow ping to this address and I use the newly created gateway in the rule

    At this point I assumed this would work, but no. I try to ping (diagnostics-ping) from this new IP-address and it does not work.

    I have not added any NAT's, I use the default NAT ruleset.

    What am I missing? At this point I'm just trying to get the inbound ping to work, in the end I would like to assign my main IP for OpenVPN only, and use this newly added IP for my servers behind HA-proxy.



  • I'm not looking to do egress failover or balancing as these IP's are in the end behind the same edge routers at VULTR. All the tutorials are about balancing and failover, none discuss inbound traffic.


  • LAYER 8 Netgate

    What is the WAN subnet address and mask? What information (subnet mask, IP address, and gateway) was provided for the additional IP address?



  • Primary:
    45.32.233.228 255.255.254.0 45.32.232.1

    Additional:
    108.61.198.166 255.255.254.0 108.61.198.1



  • Did you end up solving this issue? I have a very similar problem. I'm trying to put a few VULTR VPS's behind a pfSense firewall with multiple WAN IP's.

    Unfortunately I cannot get it to work either.


  • LAYER 8 Netgate

    I think you are going to have to put two interfaces on a switch to give that any prayer of working. That's a really idiotic way to provide multiple IP addresses.



  • @Derelict:

    I think you are going to have to put two interfaces on a switch to give that any prayer of working. That's a really idiotic way to provide multiple IP addresses.

    Hmm, is there anyway to work around this in pfSense. The VULTR documentation includes a FreeBSD example, I'm not sure how much it applies though: https://www.vultr.com/docs/add-secondary-ipv4-address


  • LAYER 8 Netgate

    ifconfig_vtnet0_alias0="1.2.3.5 netmask 255.255.255.0"

    The equivalent to that would be to add that Virtual IP address in Firewall > Virtual IPs

    Type: IP alias
    Interface: WAN
    Address: 1.2.3.5 / 24



  • @Derelict:

    ifconfig_vtnet0_alias0="1.2.3.5 netmask 255.255.255.0"

    The equivalent to that would be to add that Virtual IP address in Firewall > Virtual IPs

    Type: IP alias
    Interface: WAN
    Address: 1.2.3.5 / 24

    This fixed my issue. I had tried an IP alias previously but i had the subnet mask set to /32. Setting it to /24 did the trick! I also didn't do any of the extra Gateway stuff that tsmalmbe suggested.



  • I had my virtual ip set up as /23 and not /24 (because my main ip is also setup as /23 as all of vultr's subnets seem like 23's).

    I now set it up as /24 and it replies to ping's from the internet it seems. I still need to investigate whether this is true or not though. I'm sceptic.



  • Son of a B. With the /24 this actually works.  No additional gateways.

    1. Add virtual ip with /24
    2. Add fw-rule src any, dst new.ip.add.ress type icmp/ping

    Test from the internet, you get an answer.

    Also tested to add the ip as a HAProxy ip, that works as well (need another fw-rule though).


Log in to reply