10.0.0.0/8
172.16.0.0/12
192.168.0.0/16

-Rico

@unsunghero The sort answer is unfortunately, NO.
pf is an enterprise grade firewall solution. It is never meant to be a plug and play box. It can do many complicated things, but then its like driving a racing car.
You have more things to do apart from the steering wheel and the gas pedal.
Here is a great reference for all things pfsense
https://www.netgate.com/docs/pfsense/book/
It will answer all your questions, but then you need to invest some time and effort.

@rico said in 1&1 IONOS Cloud Server - Routing Socket - Network is Unreachable:

Glad you have it working now.
I would not open Management Port 80 and 443 to the whole Internet. Maybe you could lock it down to only a few Source IPs in your Firewall Rules.
The best Solution is to use some VPN.

-Rico

Thanks Rico - I have a static IP so locked it down just down just to this one.

Thanks again 👍

David

This isn't directly related to your probably but you probably don't want to use a VM as a time source as the VM and the Hyper-V host tend to fight about the time...possibly the cause of the jumps you mention.

https://blogs.msdn.microsoft.com/virtual_pc_guy/2010/11/19/time-synchronization-in-hyper-v/
"...the rate at which the time in a virtual machine drifts is affected by the total system load of the Hyper-V server. More virtual machines doing more stuff means time drifts faster."

Aside from that 2.4.4 upgraded FreeBSD so you might look into the NIC settings on the host. I am not really pointing to you anything specific but maybe there were driver changes in FreeBSD related to Hyper-V NICs.

Oh, how about this bit in the blog post for 2.4.4-p1? "Fixed issues with Hyper-V hn(4) network interfaces and IPv6 as well as issues with ALTQ."

@vkappas

Can you share an working image of pfsense that can be uploaded to Azure, i have been trying to do this for quite some time.
I was able to upload and get it started, im stuck with HTTP referer error.

@netblues Thank so much for your detailed feedback here, is great to see high bandwidth under iperf test, for me. 😃
It's outstanding all my thinks! 😮
Now 🍗 I'm hurry to do my iperf result too. And I also happy to try with my bare hardware! Hmmm 🦄

See you soon, regards.

Interested in knowing what you are testing with? Iperf?
Did you find a solution or at least a root cause?

Correct, but I need to restart pfsense ...
Thanks.

The CPU is: Intel Celeron J1900
Confirm no AES-NI support.

Just doing the same process, had any success?

@_neok said in vNICs degraded - Hyper-V Server 2016:

I'm running pfSense 2.4.4-RELEASE (amd64) on Hyper-V Server 2016 in a generation 2 VM. The server is recently updated. The administration console, in the tab "Network Functions" informs me that the status of my vNICs is "Degraded (Integration services update required)".
I'm not sure if this is simply because I'm using the latest versions of both pfSense and Hyper-V.
Does anyone know if there are updates of the integration services for my VM and if there are, how to install them?

I really appreciate your help and experience.

PD. I haven't found any performance problems.

Best regards,
Gabriel

It's for the reason I imagined.

https://social.technet.microsoft.com/Forums/en-US/06796c00-547a-4856-8e3f-2800d2653096/vnics-degraded-hyperv-server-2016?forum=winserverhyperv

@johnpoz said in pfsense 2.4.4 not showing additional vNICs on ESXi 6.7:

I moved to just the virtual machine manager on my NAS, synology ds918+ it allows me to run the vms I need to play with.. Since I moved my router to hardware (sg4860).. The only use of VMs are really light my unifi controller running on ubuntu as vm, couple other play linux vms. And some windows vms I only fire up when testing something.. 2k16 server, 2k12 server, windows 7, etc..

Only thing that is restrictive is limits you to 4 vswitches if you don't by the pro license, etc. But does what I need it to do.. Moved my pi-hole to actual pi vs a vm, etc..

So far its working out fine - also liking ability to run dockers on the nas as well.. Not exactly sure what VMM is based on for the underlaying tech, maybe its their own sort of build.. Haven't bothered to look that deep into as of yet... But clearly does what I need it to do.. I have run some virtual pfsense on it as well for testing. But its not really type 1, since its a package you added to DSM its type 2.

6.7U1 is not supported by Veeam for example and some other backup software, so no go for anyone on production.

I would not agree.. Only those using those softwares and don't follow through with their vendors
https://forums.veeam.com/vmware-vsphere-f24/vsphere-6-7-u1-support-t54673.html
[UPDATE] October 19th
All auto-tests of Update 3a with the workaround enabled have completed successfully, so all base Veeam Backup & Replication functionality is now confirmed to work with vSphere 6.7 U1. I will provide another update once the full regression testing cycle completes.

The same contradicts afterwards:

Important
This is a temporary workaround against the specific error, which will allow the jobs to complete successfully. Overriding VMware API version may potentially cause issues with other Veeam functionality, because we don't know all the specific API changes that made VMware increment the API version. We're working with VMware to obtain these details while continuing to test vSphere 6.7 U1 with the workaround applied.bolded text

Never play with backups

I don't even bother backing up pfSense because like I said earlier, it's dead-simple to install fresh and import your config. It might take less time to do that than to restore from a backup.

I believe I may have figured this out or at least improved speeds a lot. I manually set all the mtu speeds to 1500 which is supposed to be the default.

@_neok said in HyperV VLANs inquiry:

@CPrat I correct myself. I thought I was wrong. But I didn't...
My VM doesn't keep the Trunk configuration in the vNIC when I restart the VM. And although I can apply it with the VM turned on and I have connectivity of my VLAN interfaces again and of course this is not optimal. My HyperV server is 2012 R2.
The curious thing is that if I review the configuration of my vNIC with

Get-VMNetworkAdapterVlan -VMName firewall01 -VMNetworkAdapterName Trunk_WAN -Verbose | select *

This I get:
0_1541777631702_Captura.PNG
it comes out as if it is well configured with my Trunk and the VLANs that I assigned to it, but I just don't have connectivity on my pfSense until I run (live) again

Set-VMNetworkAdapterVlan -VMName firewall01 -VMNetworkAdapterName Trunk_WAN -Trunk -AllowedVlanIdList 0-600 -NativeVlanId 0

I tried VM generation 1 and 2 and I have the same problem. This sounds to me like 2012R2 and 2016 work differently at this point.
A real shame...

I will try do this on HyperV Server 2016.
I will come later y let feedback.
Seeya

I'm thinking it may be easier if I replace the ISP router with one I can control more, as I was hoping it wouldn't be as tough as it's being to just present an IP down to the garage and then off I go.

Or, maybe throw in a L2 switch and patch it all in and see how that goes :)

0_1541958856367_Home_Lab_2.JPG

Cheers.

@swinn you can make it twelve if you want to. 8 standard + 4 legacy but I agree, if you can do vlan trunking stable - it's more flexible

If you enter a network when creating a virtual isolated network in VMM, the host gets automatically the first IP out of it. So if you want it to isolate the vNet also from the host, don't set a network.

I use to add an alias included all RFC1918 networks to block devices from any internal access.
Consider that you will need an additional pass rule to allow access to pfSense itself if you use it as DNS server for the DMZ.