Contact Us

support@onapp.com

U.S: (+1) 888-876-8666

UK: +44 (0) 203-318-5364

Gateway VM/pfSense/Private Networks Integration

Completed

Comments

21 comments

  • Official comment
    Avatar
    Raymond Paxton (Edited )

    OnApp has added the ability to use a Virtual Server as a Gateway in OnApp version 5.3.  You can find more information at https://docs.onapp.com/display/53AG/Virtual+Server+as+a+Gateway

    Comment actions Permalink
  • Avatar
    David Ellsworth

    We spent a few days trying to get our KVM guest to act a router/firewall for other VM's on our OnApp KVM deployment. Only to find out that no matter what we did, we couldn't get the Pfsense VM to act as the router for the VM's and do NAT. This KB article saved a lot of time/effort. This functionality is a complete must and has disrupted a lot of our deployments for enterprise products. We need to be able to create vrouters for certain groups of VM's for a specific purpose, as opposed to buying hardware for each deployment.

    Please consider this!

     

    0
    Comment actions Permalink
  • Avatar
    Will Peters

    Right now we have a rack filled with EdgeRouter Lite's from Ubiquiti definitely a backwards way of doing it. Would love to see real support for this. Onapp was on the cutting edge at one point but the lack of basic features like this and others are starting to have us looking in other directions for other use cases.

    0
    Comment actions Permalink
  • Avatar
    David Barker

    Just to add to the thread, this is a must have feature - We have a number of clients asking to run PFSense instances as a NAT router/firewall within their environments. At the moment we are having to deploy physical firewalls for each requirement which takes up rackspace, burns switch ports and is generally just a pain!

    0
    Comment actions Permalink
  • Avatar
    Craigue Hyland

    This feature is fundamental to anyone considering using Onapp for serious enterprise Cloud / Private Cloud deployments.

    We wasted weeks on this only to realize that no matter what we couldn't deploy pfSense VMs for customers looking to build private clouds.

    Please Onapp, add this functionality as soon as possible because we really don't want to have to move to another platform but will do if we are left with no choice.

    0
    Comment actions Permalink
  • Avatar
    Stuart Haresnape

    Hi

    I just wanted to get back to you to say that we haven't ignored this thread (or any others in the feature request forum). 

    We have had this gateway VM functionality (along with other networking functionality) on the wish list for a while now and understand the use case and importance. You'll understand that everything has a priority and that we can't build it all straight away. We will get around to this, hopefully in 2015 as we are starting to chalk off some long standing feature requests. 

    Regards

    Stuart

    0
    Comment actions Permalink
  • Avatar
    Travis Taylor

    Is there any ETA for this feature yet :) ?

    I would love to see this feature added. We use the WHMCS module and would love to see this work as part of the WHMCS OnAPP integration. It appears to be available to customers who use Hostbill according to this video: https://hostbillapp.com/features/apps/onappv3/private-ip-provisioning.html

    I have posted a request for automated private networks in several different places but have not really seen a response. Here is a link to the post for this feature in the onapp forum if you are interested: https://forum.onapp.com/index.php?threads/automate-private-network-provisioning-onapp.512

    I also started this thread on the matter in the webhostingtalk forums: https://www.webhostingtalk.com/showthread.php?t=1476367&p=9432730&highlight=onapp#post9432730

    0
    Comment actions Permalink
  • Avatar
    Nick Zurku

    This is a major functionality that I can't believe is still missing.

    We're able to use a work-around to get it working, but this should be built in.

    0
    Comment actions Permalink
  • Avatar
    Craigue Hyland

    "We're able to use a work-around to get it working, but this should be built in."

    Hi Nick

    What is your workaround? We haven't been able to find one.

    Thanks

    0
    Comment actions Permalink
  • Avatar
    Nick Zurku

    You need to add this to your iptables on the Hypervisors:

    iptables -A FORWARD -s <ip_vm> -j ACCEPT

    where <ip_vm> is the ip address of VM (or VMs' network) that are trying to hit internet via router in the cloud.

     

    So for example, a customer network on our side would have this on the Hypervisors: iptables -A FORWARD -s 10.0.0.0/24 -j ACCEPT

    0
    Comment actions Permalink
  • Avatar
    Craigue Hyland

    Interesting, i'll give that a go.

    What pfSense template are you guys using?

    0
    Comment actions Permalink
  • Avatar
    Craigue Hyland

    It turns out that iptables is not the biggest problem.

    To get pfSense to work properly as a VM on XEN HVs it is a requirement to disable hardware checksumm offloading on the HV for pfSense vnics

    sudo ethtool -K VMNICID tx off

    This is not persistent across HV reboots or VM migrations though.

    0
    Comment actions Permalink
  • Avatar
    Randal Kohutek

    We just rolled pfSense on a pair of standalone Citrix XenServer 6.5 hypervisors specifically to get around this OnApp ... oversight. Kinda sad we have to use another pair of servers+software to make a firewall/vpn/private-network solution but I digress ...

    Anyways, pfSense 2.2.2 + XenServer 6.5 works *beautifully* - no tweaks needed, 100% out of the box, and able to saturate 1gbe with a quadcore 2ghz older e53xx xeon at ~75% cpu. I also read the many threads about needing to turn off NIC TX offload manually for checksums, but I didn't need to do that. Only "extra" thing I did was install xe-guest-utilities onto pfSense so I could get live migration, memory stats, graceful shutdown/reboots.

    0
    Comment actions Permalink
  • Avatar
    Craigue Hyland
    Randal, similarly we ended up deploying our pfSense VMs on our VMware blades and created vlans for each of our customers.

    Obviously works exceptionally well on VMware but the manual configuration and administration is a headache once you go past a handfull of clients using this setup.

    We need this to be contained within the Onapp environment and as automated as possible with ideally no intervention required by our admins when a customer decides to spin up a pfSense VM as a gateway or firewall appliance.
    0
    Comment actions Permalink
  • Avatar
    Michael Dudli

    Dear Onapp,

    Any update here?

    Michael

     

    0
    Comment actions Permalink
  • Avatar
    Shaun McGuane

    We would like to see this implemented too ... even though its been requested and open for a long tim

    0
    Comment actions Permalink
  • Avatar
    innofield

    +1

    0
    Comment actions Permalink
  • Avatar
    Eyvind Baadnes

    Is there any hope of seeing this anytime in the near future? If not, I guess installing virtual firewalls on our VMware blades are our only option...

    0
    Comment actions Permalink
  • Avatar
    Niclas Alvebratt

    Please, any update?

    0
    Comment actions Permalink
  • Avatar
    Raymond Paxton

    The ability to use a virtual server as a Gateway is planned and we will update when there is further news.

    2
    Comment actions Permalink
  • Avatar
    Randal Kohutek

    YAYAYAY!

    0
    Comment actions Permalink

Please sign in to leave a comment.