In fact my provider is Online, not OVH, but the goal (and method) is the same.
I have a physical machine that run under ProxMox.
a vm act as firewall for each other VM connected on a virtual lan.
At the beginning, we used Pfsense for that.
The firewall need to have a virtual mac address provided by the hoster (Online) for each additionnal IP (ip failover). When you have only one ip failover, all is beautiful and work, even with pfsense. but, if you need more than one ip failover on the same computer, you need to add a net card to your firewall (because 1 IP = 1 mac).
For all ip failover, the default gateway is the default gateway of the physical machine. So you have a gateway on a different subnet of your ipfailover that is the same for each interface. Zentyal Web GUI do not allow to add a gateway that is on a different subnet and do not allow to add static route on an interface (vs gateway). At this time, I haven't found any solution to manage multirouting table from the GUI.
Pfsense work on BSD but is not compilated with the support of multi routing table.
so I need a firewall, working under linux, using iproute2 (for support of multi routing table), with Web GUI, OpenVPN support and CA Authoritory.
After a lot of search, I discover Zentyal and decide to test it.