@unf0rg0tt3n said in ISP modem downstairs, pfsense - attic one cable to rule them all?: The modem is in bridge mode; it then only allows 1 device directly connected to it. which is directly connected to the internet. why do I need PPPoE? the device gets a direct "external" ip address. Okay, so you should be able to go with VLAN. Define a VLAN for the WAN network on pfSense and the switch in the ground floor. On pfSense go to Interfaces > Assignments > VLANs > Add. Select the interface which the ground floor switch is connected to and set a VLAN tag. Then go to Interface Assignments and select the newly added VLAN under Network port next to WAN. Open the WAN settings by clicking on it and configure it. However, since you're running pfSense virtualized you may also set up the whole VLAN stuff on Proxmox and provide pfSense an untagged WAN.

ok, since a couple of day's i notice that the server still blacks out and i need to reboot the complete ESXI server. When i only reboot the Pfsense VM it wont work. the second thing that i noticed is when my internet speed is FULLY used. ( i have a 1GB line ) that's when it happens. So i have tried reducing the speed in the newsgroups download but still same problem. So it comes down to this: when i use newsgroups for downloading some files it's going down. so i tought, could it be the network card that i'm using for both WAN and LAN? so i want to add another network card to the ESXI server with 4 ports to try it out. But can i make it so that ALL the 4 ports are available for the LAN network in the same subnet? 10.0.0.1/24. i really like it that way, then i can connect my nas, and both my raspberry to the remaining 3 network ports.

After some hours spent in this problem, finally can solve it. The main problem here is because when you change on EC2 panel to a instance that require enhance networking (and enable it via CLI) from a old one, the AWS system change the network interface names and pfSense can't bring up the network connection and the instance become unavailable. The workaround is: SSH on pfSense instance and start a shell session In this example a use nano as text editor (I'm noob), so it's necessary install via pkg install nano Edit the pfSense config file: nano /cf/conf/config.xml Search (Ctrl + W) for <interfaces> (the complete path is pfsense>system>interfaces) and replace the tag if for both wan/lan interfaces with values ena0 and ena1 respectively. Remember to save using Ctrl + X. Example file: <interfaces> <wan> ... <if>ena0</if> ... </wan> <lan> ... <if>ena1</if> ... </lan> .. </interfaces> Shutdown the instance on EC2 panel (remember to check if termination protection is enabled) Execute this command using aws cli on your local machine to enable enhanced networking: aws ec2 modify-instance-attribute --instance-id I-INSTANCE_ID --ena-support Go to EC2 console, select the instance and change the instance type according your needs on "Actions > Instance Settings > Change Instance Type" (for me is a t3a.medium) Turn on your pfSense instance in EC2 panel and everything will be fine

@Cool_Corona try Hyper-V or Linux KVM, I know pfsense works in those right now. I don't use vmware anywhere myself but you can attempt docs, looks like it should work fine, i used pfsense on it back in the esxi 5.x days: https://docs.netgate.com/pfsense/en/latest/virtualization/virtualizing-pfsense-with-vmware-vsphere-esxi.html

@Cool_Corona said in pfSense 2.4.5 running only 1 CPU core = no problemos. Multiple cores = Grandes problemos.: setting it to 1 core only Believe that's been replicated per https://forum.netgate.com/topic/151819/2-4-5-high-latency-and-packet-loss-not-in-a-vm/79 (despite the title of the thread)

You should assign two interface to your pfSense Hyper VM : A n interface you call "WAN" which should be an real physical interface bound to the VM. The host OS, Windows, should NOT use this interface at all. This interface should be connected to your ISP Router. Your pfSense WAN (DHCP) IP will be something like 192.168.1.x where x is not 1. Create another interface - virtual this time - called LAN, which, if could be bound to a actual second physical network interface so you can "expose" this LAN network to other LAN type devices using a real switch. If you do not have a second NIC, only the host OS Windows could / should be bound to the virtual LAN interface. The LAN should be set up as - why not - 10.10.10.1 (not .2 - that not logic - gateways have .1 or .254, not some IP in the middle of the range, that's more then awkward)). Your Windows host will acquire an 10.10.10.x, where x lies somewhere in your pfSense DHCP server pool you've set up.

@nzkiwi68 With 2.4.5 utterly broken in multi-core virtualized environments, it's hard to say. I won't be able to upgrade my environment until this pfctl issue is fixed, which means waiting another 6-12 months for a 2.4.5-p1. One step forward, one step back.

I see this issue too (lockups, no network for long duration's randomly, overall slowness) on my server 2016 datacenter hyper-v pfsense vms, but not on my windows 10 1909 x64 hyper-v pfsense vms with 2.4.5. doing more tests, reloading the firewall filter does cause the issue on windows 10 1909 hyper-v as well. vm config: gen 2, zfs, 6GB ram, 4x cpu cores assigned. gonna try the same vm in virtual box and see if the issue exists there too. at this point i've seen the issue on 2016 server hyper-v and windows 10 1909.

Thank you Gertjan. I watched the video. In the meantime I have been able to set up my ASUS router with DD-WRT transforming it in a managed switch :) Now, if I am right, I have to connect my fritxbox with 1 port to my Asus (as switch) and tag this with a VLAN for WAN and I will switch off wifi from it and do not connect the other fritzbox ports. I will tag the other ASUS ports as a different VLAN (and also add wifi to the same vlan) to have separated LAN and WAN networks. I will connect my NAS with the virtualised pfSense on one LAN port of my ASUS router. In my virtual pfSense I can set up two different virtual NICs and I have to link them to two different VLAN on pfSense with the same tag I defined in ASUS router. Is this correct? thanks Chris

What do you mean by stop/brake connection? Just trying to get a better picture as to what is happening. What are your KVM NIC settings?

@SoulChild Thanks for the write-up, been looking for something like this. I do have a slightly different setup and would like to get your opinion on how to set it up correctly. I installed a 2-port PCIe NIC card on my server so pfSense would have its own NIC ports....1 for WAN which is connected directly to my modem (we'll call it NIC port A) and 1 for LAN which is connected to port 1 on my managed switch (we'll call this NIC port B). I have the VLANs set as follows for port 1 on my switch....VLAN 1 for default/mgmt [untagged], VLAN 100 for LAN [tagged], VLAN 200 for WLAN [tagged], and VLAN 201 for Guest WLAN [tagged]. I have also setup the VLANs accordingly on pfSense. The devices that are hardwired to the switch are able to get and IP from pfSense and can connect to the internet. I experimented with setting VLANs in OVS using other guides and my VMs were able to get an IP from pfSense as well, however they were not able to connect to the internet (I can ping the VMs from my hardware). I assume it has something to do the with the VLAN settings in OVS (trunking to the switch?). What would your suggestion be on how to properly setup this network? I've scoured all over and have found things that say one thing and another. Looking for something more straightforward. Would my connections be the best way? Or should I go about it your way in the sense of having the modem connected to the managed switch on a VLAN vs having the pfSense NIC WAN port connect to it directly?

@voipuser said in pFsense stops routing every day at random for 7-15 seconds the resumes.: upgraded to 2.4.5 so hopefully the problem dissapears... Well it seems 2.4.5 cleared the problems, not had any disruption yet since: 2 days and 2 hours. So far, much better!