@lipesmile:

In this case I have two internet network I need 2 one for each, but I need a another card for LAN network ?

If you LAN network needs its own port, then yes. If not, then no.

Well, then let me put it in simpler terms: pfSense doesn't 'read' it's IP anywhere else, other can the config file, or DHCP. Data is never flowing the other way around.

Since you seem to want to preconfigure pfSense boxes, it would probably be better to simply provision the config file instead of trying to use the Hyper-V network interface's uncommon facility to push IP addresses onto machines. I guess they made that for Windows, because on every other OS, it's not supposed to work that way.

You can probably script the following:

MAC adresses for any of the interfaces you want to configure IP addresses for any of the interfaces (identified by their MAC) you want to configure Put them into a proper pfSense configuration XML Put that XML inside a pfSense image Boot the image

What you really shouldn't do:

Hack a script together that reads the IP from the interface and then puts it into the config file

this is because it completely contradicts the pfSense architecture, not a single component will work well, and all of it will work against you. This is because pfSense as a network system is designed to be the authority on what IP goes where. As soon as you try to invert that, you're going to run into problems.

pfSense does have a read-config-on-boot option, it has had such functionality for a long time. All you would need to do is script the XML modification and inserting the file into the VM.

Does any other protocol work? Like SSH and FTP. If not, you probably have a sum offload issue, this is described in the post at the top of the page.

The LAN has em1 but no address (this is fine because I don't have the other end of the ethernet connected to anything yet like a psychical switch yet…

You connect to WebGUI via LAN, and your LAN NIC doesn't have an IP address so you'll never get there.

Give the LAN NIC a static IP address on a different network than the WAN (perhaps 192.168.2.1/24 or 10.0.0.1/24) and then use that LAN IP as the gateway for your LAN clients.  Your LAN clients will also have to be on the same network to use pfSense LAN as their gateway, so if your NIC is going to be at 10.0.0.1 (for example) then your LAN clients will also have to have an IP address in the 10.0.0.0 network as well.

So again how many network devices - 500 kids doesn't tell us much..

So 17 AP, I assume those are rb951-2n devices so 2012 time frame.. They are only 2.4ghz N devices..  They are very cheap even when they came out.. You rented them for how long?  And they are just 1 large layer 2 all as AP on the same network?  With possible client count of 500?

As to proxy you can still filter on url with proxy without having to mitm the ssl traffic..

So are you going to deploy new wifi or use those old 2.4ghz N 1x1 - max wifi bandwdith is 72 PHY.. That is shared with all the clients on the AP… who that must freaking scream performance with all the broadcast traffic going on as well if 500 nodes are all on at the same time on the same layer 2..

What is the internet speed?

I find it highly unlikely that some isp gateway has a /16 mask.. Default networks on all of those devices are almost always 192.168.0/24 or 192.16.1/24 –- always /24

If you want to use it as a switch/AP sure go ahead but your setup is still makes no sense.  Your going to have to port forward if you want anything outside your esxi host to talk to any vms behind pfsense.  Why would you not just leverage pfsense vm as your router/firewall for your whole network?

@CSylvain:

After several tests, it is the Kernel problematic, replacing the /boot/kernel by FreeBSD 10.3, it works !
The question is who is involved ?

Because the Kernel from pfSense includes mostly the modules, which is not the case of FreeBSD which is compiled individually and place in /boot/kernel.
I looked if modules were missing, and everything is present :

............................................. 2    3 0xffffffff819bd000 6d370    vboxdrv.ko (/boot/modules/vboxdrv.ko) Contains modules: Id Name 1 vboxdrv 3    1 0xffffffff81c11000 3831    ng_socket.ko (/boot/kernel/ng_socket.ko) Contains modules: Id Name 484 ng_socket 4    3 0xffffffff81c15000 ba02    netgraph.ko (/boot/kernel/netgraph.ko) Contains modules: Id Name 483 netgraph 5    2 0xffffffff81c21000 29b2    vboxnetflt.ko (/boot/modules/vboxnetflt.ko) Contains modules: Id Name 485 ng_vboxnetflt 6    1 0xffffffff81c24000 4123    ng_ether.ko (/boot/kernel/ng_ether.ko) Contains modules: Id Name 486 ng_ether 7    1 0xffffffff81c29000 3f64    vboxnetadp.ko (/boot/modules/vboxnetadp.ko) Contains modules: Id Name 487 vboxnetadp

Is it because everything is integrated, for this to be a problem ?

I discover every day FreeBSD I'll see if I can make for a pfSense Kernel with non-integrated modules.

Dear CSylvain,

Unfortunately it is very hard to access forums from my country India, as pfsense forums are blocked, i don't know why, but you are bang on, i was following the forum before your first comment very aggressively but once the forum didn't respond well, there was no choice to dig in deep myself, a lot of research led me to kldstat and yes since everything is integrated into kernel itself, i started playing with kernel options, and stripped all the kernel options to find out that it was working then, then i used Binary search algorithm to find out the culprit and it worked and removing NETGRAPH_SOCKET made things working from the kernel configuration, and building the ISO worked.

But still lot lot lot of thanks, for taking the pain for working this out, also i never knew that just re-building the kernel can make things work out, loads loads and loads of thanks mate, for doing so much for me, i know somebody hardly would do so much without any incentive, i just cant thank you much for this.

Thanks,
Anand

@LEXmono:

So after talking to my VPS provider more found out its not a second NIC I need to configure, but an IP Alias. Did it inside the pfSense GUI and all is working.

Glad to hear that you solved your problem

I tried this again and for the life of me, I can't convince hyper-v to dismount the CD with the vm running. The "none" setting can be changed, but as soon as it's applied, there is an error. I tried to dismount the CD during the shutdown phase of the reboot. Any later and it's already booting again from the CD.

FWIW, windows 10 handles this in a very elegant way. Even if the VM is set to boot from the CD, immediately when it boots, there is a message, "press any key to boot from the CD". Otherwise, it boots from the IDE.

UPDATE: I tried again. This time, I applied the "none" setting after the reboot started, during the short interval when the screen is completely black. It worked.

CD.PNG_thumb
CD.PNG

Hi.

Try using the virtio driver, this will help a lot.

On your proxmox use the virtio driver.

net0: virtio=xx:xx:xx:xx:xx:xx,bridge=vmbr0
net1: virtio=xx:xx:xx:xx:xx:xx,bridge=vmbr1

PS! It's still a lot more CPU consuming , compared to running linux under kvm.

I can confirm this problem. Also drove me nuts for a couple hours. C'est la vie

Thanks in advance

Piers

pfSense 2.3.2 (from 2.3.1 OVA)
ESXi 6.0.0 Build 3620759
HPE BL460c G6

Thx for your statement and good to know. I assumed there will be a lot of releases in-between like with 2.2 version.

thanks!  wasnt sure if anything was needed from virtualization perspective.

Setting both to 0 means you can't filter anything involving that bridge, which is highly undesirable.

Don't assign the tap interface in the GUI, try using an earlyshellcmd to create the tap interface and and then a regular shellcmd to addm it to the bridge.

Both types of shellcmd entries can be editing using the shellcmd package.

We have three NICs. One for the WAN, one for the LAN and one is used to connect to the management interface of the modem. There are virtual switches on the WAN and LAN NICs plus an internal switch that's not connected to either NIC. The WAN switch is not shared with the OS. The LAN switch is shared with the OS. This allows there to be more than one instance of pfsense for testing. VMs can either connect to the LAN switch or with the internal switch (for testing).

Okay, i may have found the issue, though it should be solved in a driver update, but the issues seems to be the same i'm experiencing.
It relates to VMQ on networkcards.

Here is the article i found about it: http://www.aidanfinn.com/?p=16876

I will let you know if it solves my problem.

Thanks for pointing me in the right direction. The pfsense ISO's were corrupted on upload. It took me about 8 tries from more than a few different machines to get on to upload and have the same sha hash. I'm not sure what's causing it because other ISO's have uploaded without problems.

@kapara:

Jul 16 00:39:53 kernel calcru: runtime went backwards from 8791 usec to 4441 usec for pid 321 (devd)
Jul 16 00:39:53 kernel calcru: runtime went backwards from 1889 usec to 966 usec for pid 321 (devd)

Those are generally harmless, but there is a fix in 2.3.2 from Microsoft that makes it go away.

@kapara:

Jul 16 00:54:25 charon 08[CFG] <13> received proposals: IKE:BLOWFISH_CBC_128/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Jul 16 00:54:25 charon 08[CFG] <13> configured proposals: IKE:3DES_CBC/HMAC_SHA1_96/PRF_HMAC_SHA1/MODP_1024
Jul 16 00:54:25 charon 08[IKE] <13> received proposals inacceptable

Right there - your config doesn't match. Blowfish on one side, 3DES on the other.