Enable setup a non "layer2" reachable Gateway on GUI
We are working with pfsense as our default Virtual Router with great success... but there is something still awkward to manage and setup that requires manually editing the XML file. I will explain.
Our provider, OVH, is a big dedicated servers provider in Europe, that allow customers to get public IPs layer2 traffic directly routed (and reaching) to their loaned dedicated server WAN interface.
So, you can loan a RIPE blocks, manage them, and set traffic destinated to your managed public IPs to end at a your dedicated server wich has a completely different IP range (routers, L3 switches and so do care of that on OVH side)
On the hypervisors, you can work with bridged virtual interfaces to the eth0 adapter of the hypervisor, but a very curious address setu has to be set up on every VM (this is documented by OVH, and works like a charm...)
You have to ad a static route to dedicated server gateway through wan interface
then declare such gateway as default gateway
That way, the default gateway can be out of WAN address network range, but still be useable.
The proble is that, when installing pfsense, or on the GUI it is not allowed a gateway out of interface network address.
To circumvert this, people agrees to use this trick on the xml file of pfsense virtual router after <kilstates/>:
<shellcmd>route add 37.xxx.yyy.254/32 -interface em0</shellcmd>
<shellcmd>route add default 37.xxx.yyy.254</shellcmd>
note that the WAN IP for this router is 46.105.xxx.zzz a completelly different subnet than gateway
in this case, the hyervisor (dedicated server that runs or VM pfsense router) IP address is 37.xxx.yyy.138 and has 37.xxx.yyy.254
Once setup on the XML the GUI is happy with it, and we got a bunch of routers handling lots of IP addresses.
But it would be great if this could be done without tricking the XML.
Thank you for your patience and best regards!