@sschaub:

@zehle:

Solved using Microsoft loopback adapter and then disabling tcp/ip v4 and v6 over the wan

I am trying to do a similar setup, and I don't see how the loopback adapter comes into play.

Ok, never mind. I think what is needed is to follow the instructions in the linked article to install the loopback adapter. Then, use internet connection sharing to share the loopback adapter with the Ad-hoc network.

FreeBSD 10 is NOT certified/supported on ESXi 5.1

Refer to:

https://forum.pfsense.org/index.php?topic=113220.0

Sounds like a shitty job to me, working with old shit day in and day out ;)

That your smb has hardware that is so old they can only run version that came out 5 years ago, again much suck working with such crap…  Sure they are big spendings and pay the big bugs out for support working with such old shit..

I can fire up windows 3.1 on a vm as well.. Doesn't mean something should be doing...

You need to add an additional nic to the pfSense vm.

http://itpro.outsidesys.com/2015/02/19/home-lab-with-pfsense-workstation/

Yes, the issue still persists, maybe is not related to KVM/ESXi.

I have request a support ticket, But It still test internal.

I hope it can be fixed this year….

Not sure what I can tell you, I run pfsense as virtual on esxi6 latest build.. And not having any issues with reservations and or dhcp..

I would assume you have issue with the mac.  What I normally do it just let my client get an IP from the normal pool, and then just convert that to static.  This way I never have any issues with any typo's on the mac, etc.

So what happens when you turn off the static only, and let it get a lease.  You clearly have a pool setup with 26 addresses.  Your not trying to setup an address inside that pool are you? It shouldn't even let you try that.  Static/Reservations have to be outside the pool.

The 5.5 build is u1 but the same problem existed on ESXi 6 as well.  I have not tried v11 hardware yet.

I don't mind using v8, I don't need to run more than two NICs anyway.  The high versions will allow you to run many more NIC cards.  This will be important though when I replace our 5510s with pfSense and using CARP.

-Walt

I have the exact same setup, but in production.  And yes you are correct.  Just make sure your VMkernel has management checked with dhcp enabled if you want pfSense to assign it an ip.  After you do that, then you could remove the VMkernel from vmk0

No ;) i really can not think of use case where it makes sense to passthru unless esxi has no driver for nic and vm does and u dont have time to switch out nic that vmware supports

If u did that u should plan on changing to different nic or get with vmware for driver

Yeah maybe the vmx3 doesn't work with your physical hardware..

Thanks KOM.

I will update!!

It's possible, and works fine in most cases, with one caveat: If the NICs are different, then state synchronization will not work properly*.

The number of interfaces and assignment order must be identical, but otherwise the hardware can be different.

States are interface-bound and carry the NIC driver name/instances, such as igb1. If you make laggs (even one-interface laggs) so an interface appears as lagg0 or lagg1 on both, then it can work, but that's not ideal.

you would have to create this transit network either on another interface connected to your esxi host where you have your pfsense wan from your 10 router or with the use of a vlan.

" The computers in the 10 subnet and the pfsense are effectively all connected to the same switch."

You can not do it that way without issues with asynchronous routing..  Which is not good for anything ;)

You have 2 solutions here, either NAT at pfsense so the network behind pfsense is hidden and looks like everything is on the 10 when talking to 10 devices and when going out the internet through the 10 router.. Ie everything behind pfsense looks like it is pfsense wan IP in the 10 network.

Or if your not going to nat and have a downstream router, then you need to use a transit network or you would have to create host routing on all devices wanting to talk to stuff behind pfsense..  Ie a workstation on the 10 that wanted to talk to a 192 device behind pfsense would have to have a route to pfsense wan IP for taking to the 192 network.

Also when your not natting on pfsense your going to have to let your 10 router to also nat this 192 network to its public IP for internet.

The simple solution for you would be to just let pfsense nat.  For you to get to stuff behind pfsense then you would need to create port forwards on pfsense and if wanting to get to them from internet, you would have to create forwards on your 10 router to forward to pfsense wan IP.

The more robust solution would be not to nat and just use a transit network, and setup outbound natting on your 10 router for any networks you place behind your now downstream router pfsense.

If your goal is to be able to just plop pfsense on any esxi host that might be in different networks then nat is the way to go.

I choose to not passthrough in the same situation. The main reason being that it creates a virtual lan allowing me to easily see what is going on on my internet connection before pfsense. Goal god be simply debugging or running ids/idp.
In short keeping the flexibility for any future test/improvment…

https://drive.google.com/open?id=0B7QyEupT1XZLTjZleG1scktKUW8

@heper:

https://redmine.pfsense.org/issues/6296

This is almost certainly the cause.

Don't switch to e1000, that won't make it any better, it's best to be on vmxnet3.

i did not test traffic shaper since i don't use it in my environement

For VLAN, the only thing you can't do is a trunk on Virtual NICs.
You will have to create a separate network on your XenServer (XenCenter Networking tab) for each VLAN.
Then, add a network card to your PFSense for each VLAN (Each network created earlier).
After that, you can create trunk using the NICs of you XenServer (XenCenter NICs tab).
You can also do a trunk with a LAGG under XenServer for more network performance depending of your setup.
Don't forget to configure your switch accordingly.

That'S the way i'm able to make VLANs for in a clear manner with the logic of XenServer.

EDIT: working with and without Xen-toolson PFSense

yeah, I think the "magic setting" I had to activate last time I installed a new ISO image in a VM was pressing "I" to install and then getting up and making some waffles until the webgui was loaded on the IP it said it was