Using XG on OVH dedicated server - General Routing issues

Hi there,

I've got a customer with a dedicated server at OVH, running ESXi.
They wish that a XG protect there virtual servers and managing the traffic.

But this simple setup, a XG and myself failed to accomplish this.

I need to set a host-IP on an interface e.g. and use a route to the servers primary IPs gateway e.g.

This is the official OVH documentation:


Tested with a vUTM and works fine out of the box.....the configuration look like this (and this is everything to configure on the UTM!)

  • Hi,

    please check the driver version you are using. Make sure that the XG interface is pointing at the virtual NIC used for the WAN interface.

    Also you don't need to use routing if your setup is correct, a firewall rule will work.


  • In reply to rfcat_vk:

    Hi Ian,

    could you tell me the steps I need to go through?
    Sure that a FW-rule helps? Are you running a XG at OVH?

  • In reply to Mr.Roboto:

    The problem is the following:



    I can not do the same setup as in UTM.

    To make this work I have to set the zone to something else then WAN and do a interface-route:



    This is now my solution / workaround and the complete steps:

    1. Go to your OVH control panel: Dedicated ->  "IP" and select the dedicated server you want to donate a XG
    2. Select the IP-Network and choose a IP. Click "Add virtual MAC" and enter a name you remember "CustomerXYZ vSFOS"
    3. Copy the created vMAC and paste it into the vNIC for WAN of you virtual machine (set the mode to manual, VM must be powered off!)
    4. Start the XG and connect to it - in my case I need a jump desk (fedora live-disc) because the XG is the first VM on this ESXi.
    5. Create a new zone "WAN_OVH" and select only Admin HTTPS (we make it safe later)
    6. Configure the WAN interface in zone "WAN_OVH" and enter the IP you selected at OVH and a /32 mask
    7. Create a interface route " -> Port B" (or which port your WAN is connected to)
    8. Change the default FW-rule: replace the destination zone with "WAN_OVH"
    9. Enter a DNS and test INternet Access from your Jump-Desk and access to the Admin GUI via the public IP

    I hope there are no side-effects with this?

  • In reply to Mr.Roboto:

    The configured interface-route is not a allowed solution at OVH.



    So again, how to configure this in a XG:

    auto lo eth0
    iface lo inet loopback
    iface eth0 inet static
        address FAILOVER_IP
        broadcast FAILOVER_IP
        post-up route add GATEWAY_IP dev eth0
        post-up route add default gw GATEWAY_IP
        pre-down route del GATEWAY_IP dev eth0
        pre-down route del default gw GATEWAY_IP