@johnpoz said in pfsense 2.4.4 not showing additional vNICs on ESXi 6.7: I moved to just the virtual machine manager on my NAS, synology ds918+ it allows me to run the vms I need to play with.. Since I moved my router to hardware (sg4860).. The only use of VMs are really light my unifi controller running on ubuntu as vm, couple other play linux vms. And some windows vms I only fire up when testing something.. 2k16 server, 2k12 server, windows 7, etc.. Only thing that is restrictive is limits you to 4 vswitches if you don't by the pro license, etc. But does what I need it to do.. Moved my pi-hole to actual pi vs a vm, etc.. So far its working out fine - also liking ability to run dockers on the nas as well.. Not exactly sure what VMM is based on for the underlaying tech, maybe its their own sort of build.. Haven't bothered to look that deep into as of yet... But clearly does what I need it to do.. I have run some virtual pfsense on it as well for testing. But its not really type 1, since its a package you added to DSM its type 2. 6.7U1 is not supported by Veeam for example and some other backup software, so no go for anyone on production. I would not agree.. Only those using those softwares and don't follow through with their vendors https://forums.veeam.com/vmware-vsphere-f24/vsphere-6-7-u1-support-t54673.html [UPDATE] October 19th All auto-tests of Update 3a with the workaround enabled have completed successfully, so all base Veeam Backup & Replication functionality is now confirmed to work with vSphere 6.7 U1. I will provide another update once the full regression testing cycle completes. The same contradicts afterwards: Important This is a temporary workaround against the specific error, which will allow the jobs to complete successfully. Overriding VMware API version may potentially cause issues with other Veeam functionality, because we don't know all the specific API changes that made VMware increment the API version. We're working with VMware to obtain these details while continuing to test vSphere 6.7 U1 with the workaround applied.bolded text Never play with backups

I don't even bother backing up pfSense because like I said earlier, it's dead-simple to install fresh and import your config. It might take less time to do that than to restore from a backup.

I believe I may have figured this out or at least improved speeds a lot. I manually set all the mtu speeds to 1500 which is supposed to be the default.

@_neok said in HyperV VLANs inquiry: @CPrat I correct myself. I thought I was wrong. But I didn't... My VM doesn't keep the Trunk configuration in the vNIC when I restart the VM. And although I can apply it with the VM turned on and I have connectivity of my VLAN interfaces again and of course this is not optimal. My HyperV server is 2012 R2. The curious thing is that if I review the configuration of my vNIC with Get-VMNetworkAdapterVlan -VMName firewall01 -VMNetworkAdapterName Trunk_WAN -Verbose | select * This I get: [image: 1541777631606-captura-resized.png] it comes out as if it is well configured with my Trunk and the VLANs that I assigned to it, but I just don't have connectivity on my pfSense until I run (live) again Set-VMNetworkAdapterVlan -VMName firewall01 -VMNetworkAdapterName Trunk_WAN -Trunk -AllowedVlanIdList 0-600 -NativeVlanId 0 I tried VM generation 1 and 2 and I have the same problem. This sounds to me like 2012R2 and 2016 work differently at this point. A real shame... I will try do this on HyperV Server 2016. I will come later y let feedback. Seeya

I'm thinking it may be easier if I replace the ISP router with one I can control more, as I was hoping it wouldn't be as tough as it's being to just present an IP down to the garage and then off I go. Or, maybe throw in a L2 switch and patch it all in and see how that goes :) [image: 1541958858359-home_lab_2.jpg] Cheers.

@swinn you can make it twelve if you want to. 8 standard + 4 legacy but I agree, if you can do vlan trunking stable - it's more flexible

If you enter a network when creating a virtual isolated network in VMM, the host gets automatically the first IP out of it. So if you want it to isolate the vNet also from the host, don't set a network. I use to add an alias included all RFC1918 networks to block devices from any internal access. Consider that you will need an additional pass rule to allow access to pfSense itself if you use it as DNS server for the DMZ.

Thank you all for the help. I managed to solve the issue. Please close the topic solution: delete all the network's interfaces in the virt-manager, create everything and add static ip to the bridge of the LAN NIC :)

I would do it with Vlans. I would use a direct cable from the modem to an esx host. use one nic on that host for a wswitch for internet. The rest i would build as vlans distributed over all esx servers.

Out of the box is 1 network is wan and has a gateway and other is lan then pfsense would nat. And your running the test thru pfsense right.. vm1 is either client/server for iperf and vm2 is the opposite right. Did you switch directions. What speeds do you get then. This thread while old shows link to old blog and also the 1 poster states he sees 8Gbps on esxi.. So you should be see way higher than that I would think. https://forum.netgate.com/topic/111302/pfsense-tuning-for-10-gbit-throughput/6

also i have same problem. after 2.4.4 upgrade 100 mbps internet connection now 8mbsp - 10 mbps with speedtest.. big bug...

Thank you very much for your answers ! You guys @johnpoz and @stephenw10 are awesome ! I'll make some feedback on this topic later on Kevin

If you wish to filter the Ubuntu host as well you will need to remove that NIC fro Ubuntu so only pfSense is getting a public IP. Then add an internal adapter so Ubuntu has an interface in the pfSense LAN subnet. Unless it already does via the shared LAN NIC. Though I've never actually tried that sort of setup in VB. Steve

I think I just sorted it all out! To let pfSense run on Hyper-V hosted on single network adapter Intel NUC with multiple VLANs, and together with virtual machines as well as other local Windows services and programs, I took following steps: Run PowerShell as Administrator Run: Set-VMNetworkAdapterVlan -VMName pfSense -Trunk -AllowedVlanIdList 10-100 -NativeVlanId 1 note: pfSense is the name of Virtual Machine and AllowedVlanIdList covers range of VLANs configured for pfSense. NativeVlanId is left with default ID=1 more about PS command: https://docs.microsoft.com/en-us/powershell/module/hyper-v/set-vmnetworkadaptervlan?view=win10-ps Change Hyper-V Virtual Switch to enable VLAN = 10 (as configured on port 1 of the TP-Link managed switch - see my first post). note: do not enable any VLAN identification on Virtual Network card configured for pfSense. Change for all other virtual machines VLAN to 10 (do not enable VLAN inside virtual machine - leave default VLAN ID = 0) Final VLAN configuration as per component: Intel NUC network card - no change, default config (no VLAN) Hyper-V Virtual Switch - enable VLAN = 10 pfSense virtual machine Network Adapter VLAN disabled every other Hyper-V virtual machine's Network Adapter VLAN = 10 no need to configure or change anything for Docker I'm yet to test this configuration so any comments welcome. Screenshot for reference. [image: 1539058303453-50f60e35-81d1-4887-80d7-2eaccf3b4efa-image-resized.png]

You will have issues if you introduce login/passwords in your VM creations https://azure.microsoft.com/fr-fr/blog/running-freebsd-in-azure/

Yon, thank you so much... I was looking around for an answer everywhere for hours. Noone knew why FreeBSD based machines would always start from scratch. When you manually save the state of your vm hyper-v does it just fine, but when rebooting it sits there till $timeout and then nukes the vm. No idea why this actually happens. But disabling vss did the trick, reboot of host+guest in seconds to previous state!. (hyper-v-server 2016 testbench here)