Virtual IP setup with cloud provider



  • Hello! I'm currently using Vultr as a cloud provider. They're very similar to UpCloud, Digital Ocean, etc... using virtio hardware.

    I'm in a situation where I need to add a 2nd WAN address. Upon requesting one I'm given an IP with a /32 as a subnet. Their documentation says to edit the /etc/rc.conf file withthe following in order to use this with a FreeBSD machine:

    I've redacted my actual IP's in < >

    FreeBSD 10.x, FreeBSD 11.x, FreeBSD 12.x
    Populate the /etc/rc.conf file with the following text.

    static_routes="linklocal"
    route_linklocal="-net 169.254.0.0/16 -interface vtnet0"
    ifconfig_vtnet0="inet <main_WANIP> netmask 255.255.255.0"
    defaultrouter="<main_WANGW>"
    ifconfig_vtnet0_alias0="<2nd_WANIP> netmask 255.255.255.255"
    
    
    # Private network: net5beaec50ec2b2
    ifconfig_vtnet1="inet <LANIP> netmask 255.255.0.0 mtu 1450"
    

    When I go into the rc.conf file I'm met with a single commented out line that basically tells me not to put anything in there.

    THIS FILE DOES NOTHING, DO NOT MAKE CONFIG CHANGES HERE

    Is there a way I can achieve whats in the documentation from the web administrator??

    Thanks!


  • Banned



  • @grimson said in Virtual IP setup with cloud provider:

    RTFM: https://docs.netgate.com/pfsense/en/latest/book/firewall/virtual-ip-addresses.html

    I did RTFM. I have a virtual IP configured, bound to the WAN interface with a firewall rule allowing ICMP to it yet it doesnt ping. Your post made assumptions, was condescending, and just 100% unhelpful.



  • @jaredadams said in Virtual IP setup with cloud provider:

    @grimson said in Virtual IP setup with cloud provider:

    RTFM: https://docs.netgate.com/pfsense/en/latest/book/firewall/virtual-ip-addresses.html

    I did RTFM. I have a virtual IP configured, bound to the WAN interface with a firewall rule allowing ICMP to it yet it doesnt ping. Your post made assumptions, was condescending, and just 100% unhelpful.

    i was just about to tell you to prepare yourself to be rudely told to read a manual.


  • LAYER 8 Netgate

    It really is as simple as adding that IP Alias VIP. If (big if) your provider actually configured it correctly.

    Post the output of ifconfig -a

    If you MUST obfuscate public addresses, please do so in a manner that allows us to actually get a picture of the subnetting, gateways, etc. Like change the first three octets and leave the fourth intact.

    If you like, you can post the unredacted output to me in a chat.



  • @isolatedvirus said in Virtual IP setup with cloud provider:

    @jaredadams said in Virtual IP setup with cloud provider:

    @grimson said in Virtual IP setup with cloud provider:

    RTFM: https://docs.netgate.com/pfsense/en/latest/book/firewall/virtual-ip-addresses.html

    I did RTFM. I have a virtual IP configured, bound to the WAN interface with a firewall rule allowing ICMP to it yet it doesnt ping. Your post made assumptions, was condescending, and just 100% unhelpful.

    i was just about to tell you to prepare yourself to be rudely told to read a manual.

    It was pretty rude... The documentation doesnt at all parse out how a configuration in the web administrator might look in a config file. I have no clue if what I'm doing in the webadministrator is the equivilant to what I'm being asked to do by cloud provider.



  • @derelict said in Virtual IP setup with cloud provider:

    It really is as simple as adding that IP Alias VIP. If (big if) your provider actually configured it correctly.

    Post the output of ifconfig -a

    If you MUST obfuscate public addresses, please do so in a manner that allows us to actually get a picture of the subnetting, gateways, etc. Like change the first three octets and leave the fourth intact.

    If you like, you can post the unredacted output to me in a chat.

    Hi thanks! I'll send the info through a chat. Sorry for the delayed response, the forums seem to be going up and down I'm getting 503's.


  • LAYER 8 Netgate

    @jaredadams said in Virtual IP setup with cloud provider:

    The documentation doesnt at all parse out how a configuration in the web administrator might look in a config file.

    Why should it? There are copious FreeBSD manual pages available online.



  • I wasn't at all suggesting it should.

    I'm not overly famailrar with FreeBSD. Reviewing those docs still wouldnt have told me what changes in the webadmin would correlate to specific lines in a config file. A config file that I might add on pfsense directly tells you to not edit.

    I came here for help and support, and all I got was RTFM essentially twice. I havent browsed these forums regularly in a few years, but has it really gone this much to shit around here?


  • LAYER 8 Netgate

    It's not shit.

    Why should active forum posters have to regurgitate what is in the documentation over and over and over again? You were given a direct link to the pertinent section of the docs. Yes, you were told to RTFM. The fine manual is now freely-available. If RTFM offends you to any significant degree you might want to just unplug your WAN.

    Would this have been better:

    http://bfy.tw/MQ7V



  • I'm beginningn to think its just a lack of basic reading comprehension at this point.

    The entire thread has revolved around which what settings in the webadmin would correlate to specific settings in a config file.

    BSD documentation isnt going to tell me how settings in the pfsense web admin will look in a config rile
    pfsense documentation as you so eloquently pointed out doesnt say this either.

    The original post was VERY SPECIFICALLY asking which settings in the webadmin would correlate to the specific settings being requested in the rc.conf config file by my cloud provider. Its right there, black, and white. This is not in the docs!! Telling someone to RTFM is not an answer to the question being asked.

    In short, yes. Considering you have a netgate employee badge on your name, this forum has gone to shit, at the very least this thread has.

    My company actually pays for support for their installs. I've yet to actually have to use that support. Considering the support I'm getting from an employee here on this forum, I'm glad I havent.


  • Netgate Administrator

    Were you able to get the IP running?

    It looks like it should just be added via an IPAlias VIP.

    Is it in the same subnet as the main WAN IP?

    Steve


  • LAYER 8 Netgate

    @stephenw10 said in Virtual IP setup with cloud provider:

    Is it in the same subnet as the main WAN IP?

    Of course not.

    They apparently don't route it or ARP for it.


  • Netgate Administrator

    Hmm, well that makes it...... challenging! 😉

    Steve



  • @stephenw10 said in Virtual IP setup with cloud provider:

    Were you able to get the IP running?

    It looks like it should just be added via an IPAlias VIP.

    Is it in the same subnet as the main WAN IP?

    Steve

    Hi Steve, I actually spoke with Derelict via chat (prior to helpfully being told to RTFM for the 2nd time) and we determined the issue was likely on the cloud provider side. I opened a ticket with them.

    The point of this thread was to make sure that settings I apply in the webadmin would produce the relevant lines in a normal rc.conf file that they were asking for. Upon submitting that ticket the first thing they asked about was the rc.conf file, and I had to explain how its used in pfsense, that we dont edit that file to make these changes.

    As it turns out, it was a discrepancy in their documentation. Their documentation says to reboot the box after adding the virtual IP from the shell which I've done multiple times over the past few days while setting some other things up. The virtual IP was added months ago, just not used. However, the engineer that picked up the ticket instructed me to completely shutdown the VM from within the providers control panel, then start it back up. After that I have connectivity to the virtual IP.

    Turned out to be a simple fix, and perhaps a lesson on why RTFM is not a valid answer for support. It shouldnt be here, and I wouldnt show my users such a poor level of support. Especially for this thread because the answer I was seeking wouldnt be found in any docs. I think we've all been doing this long enough to know there can be gaps or discrepancies s in documentation. I would hope the support team here can actually grasp the question being asked and know if the documentation is at all applicable. You never know when someone on this board is actually one of your paying customers working on his home device instead....


  • Netgate Administrator

    Well, I'm glad you were able to get that up and running.

    Your points are understood.

    Steve



  • @Derelict @jaredadams @Grimson @stephenw10
    @derelict said in Virtual IP setup with cloud provider:

    It's not shit.

    Why should active forum posters have to regurgitate what is in the documentation over and over and over again? You were given a direct link to the pertinent section of the docs. Yes, you were told to RTFM. The fine manual is now freely-available. If RTFM offends you to any significant degree you might want to just unplug your WAN.

    Would this have been better:

    http://bfy.tw/MQ7V

    Regurgitate?
    Maybe don't participate then.

    I'm inclined to agree with OP here. The forums have gone to shit. Why you ask?
    Because an employee who works here in one breath claims it hasn't, and then proceeds to use an acronym with offensive language in it, and instructs OP to 'unplug your WAN' if you feel any offense. Not to mention doubling down on that offensive condescending tone with a lmgtfy link.

    Lets try to remember that sometimes theres a gap in knowledge, sometimes in comprehension, and sometimes in documentation. Reading a manual doesn't solve two of those.



  • @isolatedvirus said in Virtual IP setup with cloud provider:

    @Derelict @jaredadams @Grimson @stephenw10
    @derelict said in Virtual IP setup with cloud provider:

    It's not shit.

    Why should active forum posters have to regurgitate what is in the documentation over and over and over again? You were given a direct link to the pertinent section of the docs. Yes, you were told to RTFM. The fine manual is now freely-available. If RTFM offends you to any significant degree you might want to just unplug your WAN.

    Would this have been better:

    http://bfy.tw/MQ7V

    Regurgitate?
    Maybe don't participate then.

    I'm inclined to agree with OP here. The forums have gone to shit. Why you ask?
    Because an employee who works here in one breath claims it hasn't, and then proceeds to use an acronym with offensive language in it, and instructs OP to 'unplug your WAN' if you feel any offense. Not to mention doubling down on that offensive condescending tone with a lmgtfy link.

    Lets try to remember that sometimes theres a gap in knowledge, sometimes in comprehension, and sometimes in documentation. Reading a manual doesn't solve two of those.

    Its probably the most unprofessional interaction I've had with a public facing representative of a company.

    If I ever told one of my company's users to RTFM and sent them a LMGTFY link, especially after qualifying the user's problem incorrectly, I'd probably be fired. This person's arrogance, stubbornness, rudeness, and overall lack of social skills is what contributes to the negative stigma about IT professional's personalities. He shouldn't be interacting with the public directly. I don't know how Netgate's support is structured, but this person should be a role where maybe a T1 is a proxy between him and the user.

    Do better Netgate.


  • LAYER 8 Netgate

    @jaredadams

    You are 100% correct here. Please accept my apologies. I won't try to make excuses or give explanations because there are none. Not really much more to say than that.

    Glad rebooting the VM got you up and running.


Log in to reply