You can now add other tagged vlans in the pfSense on VMX0, and pass them to the C3750.
Remember vlan allow add <Vlanxx> on the Cisco IF.

Hi,

Hyper-V and USB support is pretty close to nothing.

For those experiencing the 'No buffer space available' followed by full NIC failure on the WAN side when running PFsense in hyper-v try the following, it worked for me:

Pfsense Version: 2.4.5-RELEASE-p1

Hyper-V versions tested: Hyper Server 2019 (Core), Windows Server 2019 w/destop experience and hyper-v role, Windows Server 2016 w/desktop experience and hyper-v role

Cable Internet Speed: 200/10

For the USB NIC - I validated it did not matter if it was hooked to USB 3.x or 2.x - same issues occured with the disconnect. Validated there was not any thermal issues, maybe luke warm to the touch (tried 2 differnt adaptors, 2 different chipsets - same issues)

Drivers: Updated every driver and win updates - in the end this did not even matter, but it's still a good idea.
Services running on PFSense: I have pfblockerNg running, dhcp server, snort (non-blocking), dnsbl with the resolver, and I redirect my domain dns queries back to my internal DCs for private AD dns routing.

Avg 24hour cpu/memory usage: 7% / 13% (no change even when the issue was occuring)

Correlating errors: Resolver: 'No buffer space available' - Gateways: 'dpinger WAN_DHCP 1.2.3.4: Alarm latency 10331us stddev 2932us loss 21%' [this triggered the default gateway action and causes the issue with hyper-v nic comms]

Fix for me:

Make sure you have the Hyper-v host's performance options set to high performance. If you are using a USB NIC on the WAN side also make sure to disable the 'USB selective suspend' setting (advanced settings --> usb settings).

Recommend turning VMQ off in hyper-v and the NIC settings (if available). I cannot see this being needed with Pfsense and might be tricky to get working correctly (if at all) If you have a more advanced scenario where you need to deal with vRSS mapping the VMQs to distribute the packet load across cpus then maybe it's worth diving into.

This was the key for me with Hyper-v: In PFSense make sure to turn off the Gateway Monitoring Action here: System --> Routing --> Gateways --> Edit --> check the box 'Disable Gateway Monitoring Action'. Without this I would get around 20-24 hours max before the gateway alarm action would kick off (probably from junk latency on the cable network providers side), suspend the Nic and then it would never come back -- had to reboot then everything worked fine for another 20-24 hours.

Note: I've tried proxmox and esxi and did not experience this issue so it appears to be Hyper-v specific.

And how does ESXi 7.0 install relate to pfSense ?
You ought to do a better 1'st post.

Btw: 7.0 removed the linux subsystem , rendering ALL realtek-drivers useless.

/Bingo

SOLVED:

I wish I knew why for those that follow after. I changed a few things at once so I'm not sure if one of or combination of them was responsible or the fix.

I turned off TCP/IP on the WAN NIC. I rebooted the modem and router at the same time with cables connected.

Well, the next thing I would check via Google searches is whether or not there are any outstanding bugs in ESXi with regards to IGMP. The fact it works when you enable NIC pass-through really does seem to point to the vSwitch as the most likely culprit. Might also be the virtual NIC, though. Try searching for hits on the VMXNET3 driver and multicast.

@kiokoman you save me man!
Now its ok

samba ok

Oww, Thank you for help friends!

Great

Douglas

@kiokoman said in Internet provider by Microtik - PFsense - virtualbox (samba share connection):

try if you can access with
smb://server.localdomain.local/share_folder_name
if you can,
you are probably missing

dns-search localdomain.local

this is automatically added on windows but not on Linux
substitute localdomain.local with what you have for your Lan network

Thank you for the answer but my CPU doesn't allow me to use exsi, I can only use vm player or vm workstation.

The fastest way I've tried is the one that
I found on the internet. I mean, I had to buy a usb ethernet adapter and use the vm workstation property so that it can map the usb adapter as its own (vm only) and then the os host (win10) cannot see the adapter so the configuration is simple and clean :)

p.s.
Before purchasing a usb adapter, please check if pfsense / freeBSD supports this hardware / chipset

As an update on the topic, I have updated to 2.4.5-p1 and changed the virtual driver to virtio instead of e1000.
This has greatly improved the stability of the pfSense and the high traffic induced network loss have disappeared.

We still experience some random network loss that are under investigation.

@gusto said in Very slow upload on pfSense in KVM:

Now I need to see if it will be stable.

On a router, LRO, TSO and hardware checksum offload must always be disabled.
These features are good for endpoint devices but not for a router.

There are millions of posts on this forum about this theme:
https://docs.netgate.com/pfsense/en/latest/hardware/tuning-and-troubleshooting-network-cards.html

34967398-51c1-4dd7-9c99-67a14d95de9b-image.png

but even better if you disable it in loader.conf.local, where the other unnecessary functions include EEE, flow control, etc. (so stay protected from FW upgrades)

3cac9ebd-d04a-4095-a48b-e1d8224b48e8-image.png

And these about Realtek:

https://forum.netgate.com/topic/135850/official-realtek-driver-binary-1-95-for-2-4-4-release/76

(A lot of people use this driver and if I know well it's really just that good and / or better solution.)

https://forum.netgate.com/topic/133536/official-realtek-driver-v1-95-binary?_=1600417473785

It's not easy to get it to work well.
You can almost forget about using Suricata and Snort with Realtek.

For me, ESXi and Xen (for web server / VPS) remain eternal love 😉

@Erutan409 I've been running with it for a couple of days and discovered that my pfSense box has significantly increased CPU load, and services behind that particular interface feel throttled.

Again, I'm running on KVM and I don't think it has any such paravirtual time synchronization—I run NTP on the host and have pfSense update from the host ntpd once an hour.

In the meantime, I've managed to break my pfSense install by powering it off at the wrong point, so I'm going to reinstall the latest version from ISO and switch back to PV NICs. I'll update here again if I learn anything.

Edit 2: I think it's either a bug in 2.45-p1 version of pfsense or something really weird is going on. I just switched back to a bare metal installation and it's still happening. Same exact problem....never noticed such a behavior before. Any idea fellas?

This problem was resolved by changing adapter 2 to bridged and selecting 2nd port on the NIC.

@reddychaitu2002 said in Unable to create proxmox VMs internal/external network:

The dedicated server (It has Proxmox OS) has several VMs (Ubuntu server) and each VM should be connected to one subdomain and all subdomains (ex1.example.com, ex2.example.com, etc) must be accessible via the external IP address (17*...**2).

You cannot use 17*...**2 for that, since it is natted to Proxmox. With NAT 1:1 that public can be used by Proxmox only.

Why 1:1??
I know, it was done by the provider, but why? I think you only need the Proxmox management port, this is only one unique port. 1:1 directs any port to the internal IP.

You also have a second public IP as you wrote. What about that?

I assume, you want to use these subdomain for webservers. To redirect one public IP to multiple internal webservers you can use the haproxy package.