@gjaltemba thx for your response.

I finally solve it, i'm using this script:

#!/bin/bash

Setup network namespace with veth pair, start xterm in it nsterm ns0 veth0 10.0.0 yellow 24

if [[ $EUID -ne 0 ]]; then
echo "This script must be run as root" 1>&2
exit 1
fi

NS=${1:-ns0}
DEV=${2:-veth0}
DEV_A=${DEV}a
DEV_B=${DEV}b
ADDR=${3-:10.0.0}
ADDR_A=${ADDR}.254
ADDR_B=${ADDR}.1
MASK=${5:-24}
COL=${4:-yellow}

echo ns=$NS dev=$DEV col=$COL mask=$MASK

ip netns add $NS
ip link add $DEV_A type veth peer name $DEV_B netns $NS
ip addr add $ADDR_A/$MASK dev $DEV_A
ip link set ${DEV}a up
ip netns exec $NS ip addr add $ADDR_B/$MASK dev $DEV_B
ip netns exec $NS ip link set ${DEV}b up
ip netns exec $NS ip route add default via $ADDR_A dev $DEV_B
ip netns exec $NS su -c "xterm -bg $COL &" USER

When i do "dhclient veth0a" i receive ip address from pfsense, and i can finally route all traffic throught pfsense

Hi! how did yoi fixed this? I'm facing the same problem.
Thanks

@stephenw10

yes im really sure about that, i can ping from my windows machine to 192.168.1.1 (lan interface virtual).
I dont configure any routing or port forwards just add a firewall rule to allow all traffic in all interface (wan and lan)
yes Pfsense are respondig. were i can find that state table?

@Derelict can you help me please

Hi, tnx for your response.

Solved.

My problem was a Realtek NIC bug, disabled all items in windows (system - advanced settings from hardware list) i dont remember english name.

All disabled except Flow Control, now i have same download / upload speeds :-)

@Derelict:

If CARP won't work neither will VRRP. They use essentially the same network functions, including the same multicast address etc.

Not sure what you are seeing on XenServer 7 but CARP works just fine in XenServer 6.

Hmm… this and other threads https://forum.pfsense.org/index.php?topic=122588.0
Suggest that they function differently. Where as CARP uses a multicast MAC VRRP uses a single virtual unicast MAC?
Either way, I can confirm that the keepalived vrrp implementation works in my environment so I'm hopeful that freevrrp will work as well.

Are/Were you using OVS on XenServer6? The  network switch default backend is bridge mode..

@vc6SfV8:

Following back up on this - I successfully installed pfSense today on Linode.

Follow the directions here: https://www.linode.com/docs/tools-reference/custom-kernels-distros/install-freebsd-on-linode

In step 5, replace the curl command with the following:

curl -k https://nyifiles.pfsense.org/mirror/downloads/pfSense-CE-memstick-serial-2.3.1-RELEASE-amd64.img.gz | gunzip | dd of=/dev/sda

Everything else works beautifully. :)

Ryan

Hi, I followed your tips however during during the botting of Installer Profile I am getting this error

"Cannot Direct Disk boot a disk with no MBR: Linode Configuration Profile problems detected. "

Any ideas on how to solve this?

Thank you.

Awesome, great to hear that the pesky vmware tools message is going to disappear. I should be carrying out the upgrade soon after backing up my ESXi host.

It's quite interesting that Jim uses ESXi… Maybe that's why it's been so stable for me  ::) ::) ::)

Is there any suggestion for this?

It depends. If it's something where performance doesn't really matter (like my lab) I find it easier to just install, boot to single user, add hw.xen.disable_pv_nics=1 to /boot/loader.conf.local, reboot, and configure the re NICs.

My understanding is that the console is only accessible via your 'very secure' vultr username & password?

So while it's a potential risk, it shouldn't be a major problem during setup & provisioning.

But definitely appreciate the link for securing this.

Do you have any feedback on pfsense on Vultr, long-term?

I am running symmetric gig and not using pci-pass through with no issues. I am using a 7 year old Xeon thats barely supported by ESXI anymore, and allowed the VM to have 4 vcpu's. This is probably close to your newer i5. When I am fully saturating the link i get 30-40% useage. Your milage may vary as well depending on what network card your using. I'm using a server grade dual intel NIC that handles just about everything on board.

The only real reason anymore to allow anything to use passthrough is using some storage software. When you virtualize storage devices they like to have full control over the bare metal devices, networking not so much.

@johnpoz:

Yes or you need to use vlan to break them out - you have 3 ports groups on the same vswitch0.. Unless you create tags for these port groups or setup them to 4095 and set the tags before the traffic hits the pfsense you have placed all of those networks on the same layer 2.

I have moved away from esxi.. Just recently wiped that box.. I have hardware pfsense now and just running the few vms I Need on my synology nas.

You can do it with port groups on the same vswitch if you set the tags correctly on your physical network.  But its more complex setup.

He is right. Unless you are really good with esxi just make different vswitches.

1. Leave your vmk on vswitch0 (this is for mgmt)
2. Make a new vswitch, call it WAN, assign a NIC to it and make a port group called WAN.
3. Make a new vswitch, call it LAN and assign it a NIC, make new port group called LAN.
4. Plug your modem into the WAN NIC, plug your inside switch or whatever into the LAN NIC, and your good.

I had to restart my modem for the WAN interface to pull a public IP, once it does I've never had a problem since (including using ipv6 if your ISP supports this)